Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Done
-
None
-
None
Description
We have acceptance tests with the help of docker/docker-compose where we generate the keytab files on the fly with the help of a lightweight (unsecure) REST endpoint.
But this generation can be very slow especially when the DNS is slow. When I start a VPN the secure cluster can't be started in the 90 sec period. (>100 keytabs are generated and one keytab generation is ~5 sec).
The solutions is to generate only the required keystabs in each of the containers.
Instead of request all the possible keytabs in the generic docker-config:
KERBEROS_KEYTABS=dn om scm HTTP testuser testuser2 s3g
We can defined the required keytabs per service (in docker-compose.yaml)
environment: KERBEROS_KEYTABS=scm HTTP
With this approach ~20 keytab file will be generated instead of >100 and the secure tests will be significant faster.
Attachments
Issue Links
- links to