[
https://issues.apache.org/jira/browse/HDDS-1019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16777228#comment-16777228
]
Xiaoyu Yao commented on HDDS-1019:
----------------------------------
Thanks [~elek] for the detailed reviews. My response inline
One small suggestion:
{quote}bq. Can we remove the line?
{quote}
{code:java}
echo 'setup finished
{code}
Done.
{quote}bq. We need a set +e/set -e for checking the availability of the KDC
service:
{quote}
Fixed.
{quote} $CONF_DIR is confusing (for me). I would use something like $KEYTAB_DIR
instead. And I think the default could be /etc/security/keytabs (Now we have a
hard dependency that the $CONF_DIR should be set for a secure environment. I
think it's better to use a default value in starter.sh)
{quote}
Different deployment may require different keytab locations. Agree with the
name is confusing. How about allowing customize KEYTAB_DIR from docker-config?
If no value passed in, we will just use the default.
{quote}4. I would use the apache/hadoop-runner as a base image for the krb5
image to use exactly the same mit kerberos (I noticed an error that the keytab
versions are different before this change).
5. For centos the max_renewable_life is required in the krb5.conf.
{quote}
Can we handle the kdc base image change in a separate ticket, want to spend
some time on the issue you mentioned above?
> Use apache/hadoop-runner image to test ozone secure cluster
> -----------------------------------------------------------
>
> Key: HDDS-1019
> URL: https://issues.apache.org/jira/browse/HDDS-1019
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Reporter: Elek, Marton
> Assignee: Xiaoyu Yao
> Priority: Critical
> Attachments: HDDS-1019-docker-hadoop-runner.01.patch,
> HDDS-1019-docker-hadoop-runner.02.patch, HDDS-1019-trunk.01.patch
>
>
> As of now the secure ozone cluster uses a custom image which is not based on
> the apache/hadoop-runner image. There are multiple problems with that:
> 1. multiple script files which are maintained in the docker-hadoop-runner
> branch are copied and duplicated in
> hadoop-ozone/dist/src/main/compose/ozonesecure/docker-image/runner/scripts
> 2. The user of the image is root. It creates
> core-site.xml/hdfs-site.xml/ozone-site.xml which root user which prevents to
> run all the default smoke tests
> 3. To build the base image with each build takes more time
> I propose to check what is missing from the apache/hadoop-ozone base image,
> add it and use that one.
> I marked it critical because 2): it breaks the run of the the acceptance test
> suit.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
