hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thomas Weise (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-2467) HA Support for Metastore Server
Date Fri, 11 Nov 2011 21:32:51 GMT

    [ https://issues.apache.org/jira/browse/HIVE-2467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13148752#comment-13148752
] 

Thomas Weise commented on HIVE-2467:
------------------------------------

That is correct. The ZooKeeper installation that will be used for this purpose will have to
be secured on layer 3 until we have security available in ZK (which is also coming). We are
aware of and consider this a limitation that will be addressed by ZK security, not by the
client using ZK.

                
> HA Support for Metastore Server 
> --------------------------------
>
>                 Key: HIVE-2467
>                 URL: https://issues.apache.org/jira/browse/HIVE-2467
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore, Security, Server Infrastructure
>    Affects Versions: 0.8.0, 0.9.0
>            Reporter: Thomas Weise
>            Assignee: Thomas Weise
>             Fix For: 0.9.0
>
>         Attachments: HIVE-2467.patch
>
>
> We require HA deployment for metastore server for HCatalog:
> * Multiple server instances run behind VIP
> * Database provides HA
> Metastore server instances will need to be able to share any state required for VIP outside
RDBMS. As of Hive 0.8 affected conversational state that needs to support VIP/HA setup is
limited to current delegation tokens. Is this correct?
> We are planning to use ZooKeeper to share current delegation tokens and master keys between
nodes of the VIP. ZK is already (optionally) used by Hive for concurrency control. Access
to ZK would be limited on the network level or in the future, when ZooKeeper supports security,
through Kerberos, similar to NN access.
> Currently Hive taps into Hadoop core security delegation token support through extension
of
> org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
> A solution could amend the Hive specific extension to support:
> * Pluggable delegation token and master key store (ZooKeeper as alternative for in-memory
AbstractDelegationTokenSecretManager)
> * Delegation token retrieval from token store when not found in memory (wrap/extend retrievePassword(...))
> * Cancellation of token in token store
> * Purging of expired tokens from token store
> http://www.mail-archive.com/hcatalog-user@incubator.apache.org/msg00053.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message