You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by "Marton Elek (Jira)" <ji...@apache.org> on 2020/01/16 08:59:00 UTC

[jira] [Created] (HDDS-2895) Generate only the required keytabs for docker based secure tests

Marton Elek created HDDS-2895:
---------------------------------

             Summary: Generate only the required keytabs for docker based secure tests
                 Key: HDDS-2895
                 URL: https://issues.apache.org/jira/browse/HDDS-2895
             Project: Hadoop Distributed Data Store
          Issue Type: Improvement
            Reporter: Marton Elek


We have acceptance tests with the help of docker/docker-compose where we generate the keytab files on the fly with the help of a lightweight (unsecure) REST endpoint.

But this generation can be very slow especially when the DNS is slow. When I start a VPN the secure cluster can't be started in the 90 sec period. (>100 keytabs are generated and one keytab generation is ~5 sec).

The solutions is to generate only the *required* keystabs in each of the containers.

Instead of request all the possible keytabs in the *generic* docker-config:
{code:java}
KERBEROS_KEYTABS=dn om scm HTTP testuser testuser2 s3g {code}
We can defined the required keytabs per service (in docker-compose.yaml)
{code:java}
environment:
  KERBEROS_KEYTABS=scm HTTP{code}
With this approach ~20 keytab file will be generated instead of >100 and the secure tests will be significant faster.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: ozone-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: ozone-issues-help@hadoop.apache.org