Today while checking logs for neutron in cloudnet2001-dev.codfw.wmnet, I found this warning related to keepalived:
Jan 21 12:52:54 cloudnet2001-dev sudo[16516]: neutron : TTY=unknown ; PWD=/var/lib/neutron ; USER=root ; COMMAND=/usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf ip netns exec qrouter-5712e22e-134a-40d3-a75a-1c9b441717ad keepalived -P -f /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad/keepalived.conf -p /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad.pid -r /var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad.pid-vrrp Jan 21 12:52:54 cloudnet2001-dev sudo[16516]: pam_unix(sudo:session): session opened for user root by (uid=0) Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: Starting Keepalived v1.3.2 (12/03,2016) Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: WARNING - default user 'keepalived_script' for script execution does not exist - please create. Jan 21 12:52:54 cloudnet2001-dev Keepalived[16521]: Opening file '/var/lib/neutron/ha_confs/5712e22e-134a-40d3-a75a-1c9b441717ad/keepalived.conf'. Jan 21 12:52:54 cloudnet2001-dev Keepalived[16523]: Starting VRRP child process, pid=16524
I searched for this same warning in eqiad1 (cloudnet1003 and cloudnet1004) and couldn't find anything.
We don't seem to declare this user in puppet. Not sure if that's really required, since keepalived is being executed as root in the neutron netns.