incubator-hcatalog-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Weise <...@yahoo-inc.com>
Subject Re: HCatalog HA deployment
Date Thu, 01 Sep 2011 20:38:35 GMT
I assume it is the delegation token support added in 0.7 that needs to be looked at?

https://issues.apache.org/jira/browse/HIVE-1696


On Sep 1, 2011, at 12:45 PM, Thomas Weise wrote:

Alan,

Can you explain a bit more where and why security tokens are kept on the Thrift server?

The communication to the metastore server through Thrift/SASL would use Kerberos, is it correct
that this part is stateless, i.e. the next call going to another instance would repeat the
Kerberos authentication and no state needs to be tracked for the API access?

Is the token tracking related to authentication of the Thrift metastore server to other services?

Thomas


On Sep 1, 2011, at 10:40 AM, Alan Gates wrote:

The Thrift server that HCatalog uses to service metastore requests is the other SPOF in HCat.
 In unsecure mode it does not track state and so starting two servers and putting them behind
a VIP should be fine.  However, to my knowledge no one has tested this setup and if you are
thinking of using it you should test it before you buy hardware, make installation plans,
etc.

In secure mode some of the security tokens are kept on the Thrift servers, and thus you cannot
use a VIP server in a round robin fashion.  If you could set it up such that the same client
went to the same server for the duration of their kerberos tickets then I think it would work
(again, test this, as no one has as far as I know).  In this scenario fail over would not
be seamless for users who were talking to the failed server.  They would get authentication
errors when they failed over and would be forced to restart.

Alan.

On Aug 31, 2011, at 7:11 PM, Thomas Weise wrote:

Hello,

I'm looking into HA support for hcatalog. We are going to have HA support at the metastore
RDBMS level. Beyond that, which areas of the server need to be looked at to accomplish failover
running multiple hcatalog servers with a VIP?

What state outside the database is maintained by hcatalog that needs to be available to other
instances to accomplish a VIP based failover in secure deployment?

Thanks!
Thomas






Mime
View raw message