[baremetal & friends] Clean up keepalived script warnings

[cybertron]

Currently we see two ugly messages in the keepalived logs when
starting the service:

WARNING - default user 'keepalived_script' for script execution does
not exist - please create.

and

SECURITY VIOLATION - scripts are being executed but script_security
not enabled.

This patch adds the enable_script_security and script_user options to
our keepalived.conf to suppress those messages.

- Description for the changelog
Add configuration options to clean up keepalived warnings.

[cybertron]

/cc @mandre @rgolangh @patrickdillon

This should be functionally identical so I'd be shocked if it breaks anything, but it wouldn't be the first time that happened. :-)

[kikisdeliveryservice]

@cybertron as an fyi metal-ipi & scaleup haven't been passing, ovn occasionally passes, so if you don't want to block on them we can skip.

one retest for the road though :)

/retest

[celebdor]

/lgtm
Thanks. I'll be glad to lose those bothering warnings

[cybertron]

@cybertron as an fyi metal-ipi & scaleup haven't been passing, ovn occasionally passes, so if you don't want to block on them we can skip.

There's no rush to get this in. I'm pretty sure these aren't causing any functional problems, they just look ugly in the logs and I wanted to eliminate them as part of the debugging for keepalived 2.0. Once #1909 goes in the metal job should start passing and I can rebase this to pull it in.

[cybertron]

Oh, like the new title too. :-)

[mandre]

/retest
/test e2e-openstack
/test e2e-ovirt
/test e2e-vsphere

[cybertron]

/test e2e-gcp-upgrade

I'm not seeing a lot of passes for ovirt and vsphere lately, so I doubt their failures are related.

[kikisdeliveryservice]

AFAICT the vpshere job is dead and the ovirt job is semi-dead so those don't have to pass, I can approve and let the bot retest it until it merges for us.. If @mandre also lgtm (the openstack test did pass!)

[mandre]

/lgtm
keepalived logs no longer show the warnings.

https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_machine-config-operator/1911/pull-ci-openshift-machine-config-operator-master-e2e-openstack/1281225860501737472/artifacts/e2e-openstack/pods/openshift-openstack-infra_keepalived-v39rs6kn-bbcf1-6hnwt-master-0_keepalived.log

[kikisdeliveryservice]

/skip

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: celebdor, cybertron, kikisdeliveryservice, mandre

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [kikisdeliveryservice]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kikisdeliveryservice]

Ok approved, let's go baremetal & friends!

[openshift-ci-robot]

@cybertron: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-ovirt	406392f	link	/test e2e-ovirt
ci/prow/e2e-vsphere	406392f	link	/test e2e-vsphere

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.