In VyOS 1.3.0-epa3 and latest 1.4 version, when adding health script checks in VRRP, error occurs.
Simplified config for vrrp:
set high-availability vrrp group Test health-check script '/config/scripts/vrrp-check.sh' set high-availability vrrp group Test interface 'eth3' set high-availability vrrp group Test priority '250' set high-availability vrrp group Test virtual-address '10.0.0.1/24' set high-availability vrrp group Test vrid '91'
In journalctl:
Dec 01 22:40:17 R01Master Keepalived_vrrp[3436]: Unsafe permissions found for script '/config/scripts/vrrp-check.sh' - disabling. Dec 01 22:40:17 R01Master Keepalived_vrrp[3436]: Disabling track script healthcheck_Test due to insecure
Relevant content of /run/keepalived/keepalived.conf:
global_defs { dynamic_interfaces script_user root # Don't run scripts configured to be run as root if any part of the path # is writable by a non-root user. enable_script_security
Workaround: after commenting line with enable_script_security and restarting vrrp, in journalctl we can see:
Dec 01 22:45:05 R01Master Keepalived_vrrp[4003]: Unsafe permissions found for script '/config/scripts/vrrp-check.sh'. Dec 01 22:45:05 R01Master Keepalived_vrrp[4003]: SECURITY VIOLATION - scripts are being executed but script_security not enabled. There are insecure scripts.