hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Chauhan (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-2467) HA Support for Metastore Server
Date Fri, 18 Nov 2011 18:18:52 GMT

    [ https://issues.apache.org/jira/browse/HIVE-2467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13153016#comment-13153016
] 

Ashutosh Chauhan commented on HIVE-2467:
----------------------------------------

@Ed,
* ZK is optional for storing tokens. If someone believes ZK doesn't serve them appropriately
for this purpose then they can implement TokenStore interface and use that implementation
for storing tokens.
* Assumption is that ZK's api will be backward compatible. So, there will be minimal changes
(if at all) required in this code to take advantage of kerberized ZK.  
                
> HA Support for Metastore Server 
> --------------------------------
>
>                 Key: HIVE-2467
>                 URL: https://issues.apache.org/jira/browse/HIVE-2467
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore, Security, Server Infrastructure
>    Affects Versions: 0.8.0, 0.9.0
>            Reporter: Thomas Weise
>            Assignee: Thomas Weise
>             Fix For: 0.9.0
>
>         Attachments: HIVE-2467.2.patch, HIVE-2467.patch
>
>
> We require HA deployment for metastore server for HCatalog:
> * Multiple server instances run behind VIP
> * Database provides HA
> Metastore server instances will need to be able to share any state required for VIP outside
RDBMS. As of Hive 0.8 affected conversational state that needs to support VIP/HA setup is
limited to current delegation tokens. Is this correct?
> We are planning to use ZooKeeper to share current delegation tokens and master keys between
nodes of the VIP. ZK is already (optionally) used by Hive for concurrency control. Access
to ZK would be limited on the network level or in the future, when ZooKeeper supports security,
through Kerberos, similar to NN access.
> Currently Hive taps into Hadoop core security delegation token support through extension
of
> org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
> A solution could amend the Hive specific extension to support:
> * Pluggable delegation token and master key store (ZooKeeper as alternative for in-memory
AbstractDelegationTokenSecretManager)
> * Delegation token retrieval from token store when not found in memory (wrap/extend retrievePassword(...))
> * Cancellation of token in token store
> * Purging of expired tokens from token store
> http://www.mail-archive.com/hcatalog-user@incubator.apache.org/msg00053.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message