Execute healthchecks as root

Some containers doesn't have the "default" user set to root (which is
good). This lead to healthcheck_port() function to return a message
because the non-root user isn't allowed to call "ss" command as itself.

Ensuring we're running the healthchecks as root will also allow to stop
duplicating some commands, making them faster and smaller for the
system.

This was discovered and discussed on Red Hat bugzilla first, then ported
to Launchpad.

Change-Id: I2e49d4dd5b385237f4f79929c70365424f6fa22d
Closes-Bug: 1860569
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1778881
(cherry picked from commit 3012fe75aa)

paunch/tests/test_utils_systemd.py

@@ -122,7 +122,7 @@ class TestUtilsSystemd(base.TestCase):
         unit = open(sysd_unit_f, 'rt').read()
 
         self.assertIn('Requisite=tripleo_my_app.service', unit)
-        self.assertIn('ExecStart=/usr/bin/podman exec my_app '
+        self.assertIn('ExecStart=/usr/bin/podman exec --user root my_app '
                       '/openstack/healthcheck', unit)
         mock_chmod.assert_has_calls([mock.call(sysd_unit_f, 420)])
 
@@ -137,7 +137,7 @@ class TestUtilsSystemd(base.TestCase):
 
         systemd.healthcheck_create(container, tempdir, test=check)
         unit = open(sysd_unit_f, 'rt').read()
-        self.assertIn('ExecStart=/usr/bin/podman exec my_app '
+        self.assertIn('ExecStart=/usr/bin/podman exec --user root my_app '
                       '/foo/bar baz', unit)
 
     @mock.patch('subprocess.check_call', autospec=True)

paunch/utils/systemd.py

@@ -193,7 +193,7 @@ After=paunch-container-shutdown.service %(service)s.service
 Requisite=%(service)s.service
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/podman exec %(name)s %(test)s
+ExecStart=/usr/bin/podman exec --user root %(name)s %(test)s
 SyslogIdentifier=healthcheck_%(name)s
 [Install]
 WantedBy=multi-user.target