elek commented on pull request #1:
URL:
https://github.com/apache/ozone-docker-testkrb5/pull/1#issuecomment-796569758
> Shouldn't it be possible to seamlessly use a different image? How will
image update work (eg. when a new principal is needed)? Are there any steps I
missed?
Good question. There are two required steps for getting kerberos keytab:
1. Generating the key
2. exporting the key to an extrenal keytabs
In the existing solution both are handled by the golang rest app
**runtime**. (Therefore the startup of secure servers are quite slow...
Partially improved in HDDS-2895).
With the new approach the generation happens in container build time, and
the export should happen once when the docker image version is updated (and
exported keytabs are committed)
It means that you must update the keytabs for each new image built. If you
create new image, please execute the `generate-keytab` command from the sample
branch. But after exporting the keytabs first all subsequent runs will be
slower as don't require any more keytab generation / export...
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ozone.apache.org
For additional commands, e-mail: dev-h...@ozone.apache.org
