Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Today ozonesecure compose clusters (and ozonesecure-ha and ozonesecure-mr) use an adhoc keytab issuer. The issuer is download during the image creation and uses a third party go lang application to create the keytabs on-demand.
As discussed earlier, it would be faster to use a dedicated, pre-built container image which includes the pre-created keytabs instead of issuing them on-the fly (keytab generation is slow + container creation is slow)
For each of the tagged images we can export to current keytabs to hadoop-ozone/dist/src/main/compose/ which can be mounted to to compose clusters.
It makes the overall acceptance test faster (instead of creating keytab, which is quite slow, we can start the cluster immediately). And we don't need to depend on an external utility app.
Pre-created keytabs are also more similar to production environment...
First test using the apache/ozone-testkrb5 from HDDS-4938
The time between starting test.sh script and first robot test:
master: 3:30 (01:43:08 --01:46:38)
this patch: 2:10 (12:59:29 13:02:39)
(note: there are some variances between different builds, and in general the patch build was a slower one. It can be even faster).
~
Attachments
Issue Links
- links to