You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandor Molnar (Jira)" <ji...@apache.org> on 2023/06/08 10:53:00 UTC

[jira] [Created] (KNOX-2915) Knox should update topologies before deploying them

Sandor Molnar created KNOX-2915:
-----------------------------------

             Summary: Knox should update topologies before deploying them
                 Key: KNOX-2915
                 URL: https://issues.apache.org/jira/browse/KNOX-2915
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.6.0, 2.0.0, 1.6.1
            Reporter: Sandor Molnar
            Assignee: Sandor Molnar
             Fix For: 2.1.0


During the gateway startup, Knox executes the following steps (among others) in this order:
 # reloads/redeploys topologies
 # triggers descriptors reload to trigger service discovery (see KNOX-2301)

The problem with this approach is, that in the case of dynamic Kerberos settings (variable keytab path and principal name), Knox may deploy a topology with old settings that are no longer valid, and only a couple of seconds later (in my test environment it was between 10-20 seconds for a particular topology) it redeploys the topology with up-to-date configuration. This might be irrelevant if that topology is not used in that small time window, however, there is a chance that Knox will fail to serve the request with an error message similar to this:
{noformat}
2023-06-06 19:33:00,756 9ee494e4-4ede-4a81-962e-77334bfd80b8 ERROR knox.gateway (AbstractGatewayFilter.java:doFilter(60)) - Failed to execute filter: javax.servlet.ServletException: javax.servlet.ServletException: javax.servlet.ServletException: Keytab does not exist: /$DYNAMIC_KEYTAB_PATH//knox.keytab
2023-06-06 19:33:00,757 9ee494e4-4ede-4a81-962e-77334bfd80b8 ERROR knox.gateway (GatewayFilter.java:doFilter(197)) - Gateway processing failed: javax.servlet.ServletException: javax.servlet.ServletException: javax.servlet.ServletException: Keytab does not exist: /$DYNAMIC_KEYTAB_PATH//knox.keytab
javax.servlet.ServletException: javax.servlet.ServletException: javax.servlet.ServletException: Keytab does not exist: /$DYNAMIC_KEYTAB_PATH/knox.keytab 
 {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)