incubator-hcatalog-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Weise <...@yahoo-inc.com>
Subject Re: HCatalog HA deployment
Date Thu, 01 Sep 2011 19:45:17 GMT
Alan,

Can you explain a bit more where and why security tokens are kept on the Thrift server?

The communication to the metastore server through Thrift/SASL would use Kerberos, is it correct
that this part is stateless, i.e. the next call going to another instance would repeat the
Kerberos authentication and no state needs to be tracked for the API access?

Is the token tracking related to authentication of the Thrift metastore server to other services?


Thomas


On Sep 1, 2011, at 10:40 AM, Alan Gates wrote:

> The Thrift server that HCatalog uses to service metastore requests is the other SPOF
in HCat.  In unsecure mode it does not track state and so starting two servers and putting
them behind a VIP should be fine.  However, to my knowledge no one has tested this setup and
if you are thinking of using it you should test it before you buy hardware, make installation
plans, etc.
> 
> In secure mode some of the security tokens are kept on the Thrift servers, and thus you
cannot use a VIP server in a round robin fashion.  If you could set it up such that the same
client went to the same server for the duration of their kerberos tickets then I think it
would work (again, test this, as no one has as far as I know).  In this scenario fail over
would not be seamless for users who were talking to the failed server.  They would get authentication
errors when they failed over and would be forced to restart.
> 
> Alan.
> 
> On Aug 31, 2011, at 7:11 PM, Thomas Weise wrote:
> 
>> Hello,
>> 
>> I'm looking into HA support for hcatalog. We are going to have HA support at the
metastore RDBMS level. Beyond that, which areas of the server need to be looked at to accomplish
failover running multiple hcatalog servers with a VIP?
>> 
>> What state outside the database is maintained by hcatalog that needs to be available
to other instances to accomplish a VIP based failover in secure deployment?
>> 
>> Thanks!
>> Thomas
>> 
>> 
> 


Mime
View raw message