You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Marton Elek (Jira)" <ji...@apache.org> on 2021/05/31 08:29:00 UTC

[jira] [Resolved] (HDDS-5123) Use the pre-created apache/ozone-testkrb5 image during secure acceptance tests

     [ https://issues.apache.org/jira/browse/HDDS-5123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Marton Elek resolved HDDS-5123.
-------------------------------
    Fix Version/s: 1.2.0
       Resolution: Fixed

> Use the pre-created apache/ozone-testkrb5 image during secure acceptance tests
> ------------------------------------------------------------------------------
>
>                 Key: HDDS-5123
>                 URL: https://issues.apache.org/jira/browse/HDDS-5123
>             Project: Apache Ozone
>          Issue Type: Improvement
>            Reporter: Marton Elek
>            Assignee: Marton Elek
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.2.0
>
>
> Today ozonesecure compose clusters (and ozonesecure-ha and ozonesecure-mr) use an adhoc keytab issuer. The issuer is download during the image creation and uses a third party go lang application to create the keytabs on-demand.
> As discussed earlier, it would be faster to use a dedicated, pre-built container image which includes the pre-created keytabs instead of issuing them on-the fly (keytab generation is slow + container creation is slow)
> For each of the tagged images we can export to current keytabs to hadoop-ozone/dist/src/main/compose/ which can be mounted to to compose clusters.
> It makes the overall acceptance test faster (instead of creating keytab, which is quite slow, we can start the cluster immediately). And we don't need to depend on an external utility app.
> Pre-created keytabs are also more similar to production environment...
> First test using the apache/ozone-testkrb5 from HDDS-4938
> The time between starting test.sh script and first robot test:
> master: 3:30 (01:43:08 --01:46:38)
> this patch: 2:10 (12:59:29 13:02:39)
> (note: there are some variances between different builds, and in general the patch build was a slower one. It can be even faster).
> ~



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org