hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan (Commented) (JIRA)" <>
Subject [jira] [Commented] (HIVE-2467) HA Support for Metastore Server
Date Fri, 18 Nov 2011 18:50:51 GMT


Ashutosh Chauhan commented on HIVE-2467:

Now that there are no users of {{DelegationTokenSecretManager}}, I think cleaner way to organize
this code is to merge {{DelegationTokenSecretManager}} and {{TokenStoreDelegationSecretManager}}
and just call it DelegationTokenSecretManager. Also, {{TokenStore}} instead of being contained
within a class, I think should exist independently of it.
> HA Support for Metastore Server 
> --------------------------------
>                 Key: HIVE-2467
>                 URL:
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore, Security, Server Infrastructure
>    Affects Versions: 0.8.0, 0.9.0
>            Reporter: Thomas Weise
>            Assignee: Thomas Weise
>             Fix For: 0.9.0
>         Attachments: HIVE-2467.2.patch, HIVE-2467.patch
> We require HA deployment for metastore server for HCatalog:
> * Multiple server instances run behind VIP
> * Database provides HA
> Metastore server instances will need to be able to share any state required for VIP outside
RDBMS. As of Hive 0.8 affected conversational state that needs to support VIP/HA setup is
limited to current delegation tokens. Is this correct?
> We are planning to use ZooKeeper to share current delegation tokens and master keys between
nodes of the VIP. ZK is already (optionally) used by Hive for concurrency control. Access
to ZK would be limited on the network level or in the future, when ZooKeeper supports security,
through Kerberos, similar to NN access.
> Currently Hive taps into Hadoop core security delegation token support through extension
> A solution could amend the Hive specific extension to support:
> * Pluggable delegation token and master key store (ZooKeeper as alternative for in-memory
> * Delegation token retrieval from token store when not found in memory (wrap/extend retrievePassword(...))
> * Cancellation of token in token store
> * Purging of expired tokens from token store

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message