adoroszlai opened a new pull request, #7498: URL: https://github.com/apache/ozone/pull/7498
## What changes were proposed in this pull request? Kerberos-enabled acceptance tests in Ozone use the `ozone-testkrb5` Docker image as KDC. Keytab files are exported from the KDC at development time, running `update-keytabs.sh`, then added to Git. Ozone services access these via volume mounted in each container. Multi-arch Docker images present a problem: keytab generation uses a specific platform variant of the image (depending on the architecture of the computer `update-keytabs.sh` is run on). Keytabs work only with that variant. Therefore Keytabs pre-generated with the amd64 image do not work with arm64 one: ``` failure to login: for principal: scm/[email protected] from keytab /etc/security/keytabs/scm.keytab javax.security.auth.login.LoginException: Checksum failed ``` This PR proposes to defer keytab export to the time when tests start the Docker Compose cluster. This ensures both use the same variant of the `ozone-testkrb5` image. Pre-generated keytabs are no longer needed, removed from the repo. https://issues.apache.org/jira/browse/HDDS-11810 ## How was this patch tested? Tested on amd64 locally and in CI: https://github.com/adoroszlai/ozone/actions/runs/12058615470 @ChenSammi tested it on arm64. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
