You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Marton Elek (Jira)" <ji...@apache.org> on 2020/01/16 08:59:00 UTC
[jira] [Created] (HDDS-2895) Generate only the required keytabs for
docker based secure tests
Marton Elek created HDDS-2895:
---------------------------------
Summary: Generate only the required keytabs for docker based secure tests
Key: HDDS-2895
URL: https://issues.apache.org/jira/browse/HDDS-2895
Project: Hadoop Distributed Data Store
Issue Type: Improvement
Reporter: Marton Elek
We have acceptance tests with the help of docker/docker-compose where we generate the keytab files on the fly with the help of a lightweight (unsecure) REST endpoint.
But this generation can be very slow especially when the DNS is slow. When I start a VPN the secure cluster can't be started in the 90 sec period. (>100 keytabs are generated and one keytab generation is ~5 sec).
The solutions is to generate only the *required* keystabs in each of the containers.
Instead of request all the possible keytabs in the *generic* docker-config:
{code:java}
KERBEROS_KEYTABS=dn om scm HTTP testuser testuser2 s3g {code}
We can defined the required keytabs per service (in docker-compose.yaml)
{code:java}
environment:
KERBEROS_KEYTABS=scm HTTP{code}
With this approach ~20 keytab file will be generated instead of >100 and the secure tests will be significant faster.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org