[jira] [Updated] (KNOX-2915) Knox should update topologies before deploying them

Thu, 08 Jun 2023 06:06:05 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sandor Molnar updated KNOX-2915:
--------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> Knox should update topologies before deploying them
> ---------------------------------------------------
>
>                 Key: KNOX-2915
>                 URL: https://issues.apache.org/jira/browse/KNOX-2915
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 2.0.0, 1.6.0, 1.6.1
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Critical
>             Fix For: 2.1.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> During the gateway startup, Knox executes the following steps (among others) 
> in this order:
>  # reloads/redeploys topologies
>  # triggers descriptors reload to trigger service discovery (see KNOX-2301)
> The problem with this approach is, that in the case of dynamic Kerberos 
> settings (variable keytab path and principal name), Knox may deploy a 
> topology with old settings that are no longer valid, and only a couple of 
> seconds later (in my test environment it was between 10-20 seconds for a 
> particular topology) it redeploys the topology with up-to-date configuration. 
> This might be irrelevant if that topology is not used in that small time 
> window, however, there is a chance that Knox will fail to serve the request 
> with an error message similar to this:
> {noformat}
> 2023-06-06 19:33:00,756 9ee494e4-4ede-4a81-962e-77334bfd80b8 ERROR 
> knox.gateway (AbstractGatewayFilter.java:doFilter(60)) - Failed to execute 
> filter: javax.servlet.ServletException: javax.servlet.ServletException: 
> javax.servlet.ServletException: Keytab does not exist: 
> /$DYNAMIC_KEYTAB_PATH//knox.keytab
> 2023-06-06 19:33:00,757 9ee494e4-4ede-4a81-962e-77334bfd80b8 ERROR 
> knox.gateway (GatewayFilter.java:doFilter(197)) - Gateway processing failed: 
> javax.servlet.ServletException: javax.servlet.ServletException: 
> javax.servlet.ServletException: Keytab does not exist: 
> /$DYNAMIC_KEYTAB_PATH//knox.keytab
> javax.servlet.ServletException: javax.servlet.ServletException: 
> javax.servlet.ServletException: Keytab does not exist: 
> /$DYNAMIC_KEYTAB_PATH/knox.keytab 
>  {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to