[
https://issues.apache.org/jira/browse/KNOX-2915?focusedWorklogId=864660&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-864660
]
ASF GitHub Bot logged work on KNOX-2915:
----------------------------------------
Author: ASF GitHub Bot
Created on: 09/Jun/23 10:29
Start Date: 09/Jun/23 10:29
Worklog Time Spent: 10m
Work Description: smolnar82 opened a new pull request, #761:
URL: https://github.com/apache/knox/pull/761
## What changes were proposed in this pull request?
This is a follow-up to #760 which removed the `reloadDescriptors()` call but
tests indicated we still need that.
## How was this patch tested?
Manual testing.
Issue Time Tracking
-------------------
Worklog Id: (was: 864660)
Time Spent: 0.5h (was: 20m)
> Knox should update topologies before deploying them
> ---------------------------------------------------
>
> Key: KNOX-2915
> URL: https://issues.apache.org/jira/browse/KNOX-2915
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 2.0.0, 1.6.0, 1.6.1
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.1.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> During the gateway startup, Knox executes the following steps (among others)
> in this order:
> # reloads/redeploys topologies
> # triggers descriptors reload to trigger service discovery (see KNOX-2301)
> The problem with this approach is, that in the case of dynamic Kerberos
> settings (variable keytab path and principal name), Knox may deploy a
> topology with old settings that are no longer valid, and only a couple of
> seconds later (in my test environment it was between 10-20 seconds for a
> particular topology) it redeploys the topology with up-to-date configuration.
> This might be irrelevant if that topology is not used in that small time
> window, however, there is a chance that Knox will fail to serve the request
> with an error message similar to this:
> {noformat}
> 2023-06-06 19:33:00,756 9ee494e4-4ede-4a81-962e-77334bfd80b8 ERROR
> knox.gateway (AbstractGatewayFilter.java:doFilter(60)) - Failed to execute
> filter: javax.servlet.ServletException: javax.servlet.ServletException:
> javax.servlet.ServletException: Keytab does not exist:
> /$DYNAMIC_KEYTAB_PATH//knox.keytab
> 2023-06-06 19:33:00,757 9ee494e4-4ede-4a81-962e-77334bfd80b8 ERROR
> knox.gateway (GatewayFilter.java:doFilter(197)) - Gateway processing failed:
> javax.servlet.ServletException: javax.servlet.ServletException:
> javax.servlet.ServletException: Keytab does not exist:
> /$DYNAMIC_KEYTAB_PATH//knox.keytab
> javax.servlet.ServletException: javax.servlet.ServletException:
> javax.servlet.ServletException: Keytab does not exist:
> /$DYNAMIC_KEYTAB_PATH/knox.keytab
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
