[
https://issues.apache.org/jira/browse/HIVE-2467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13151690#comment-13151690
]
Thomas Weise commented on HIVE-2467:
------------------------------------
@Ashutosh:
I will file JIRA to incorporate relevant changes to Hadoop trunk so the next
shim version (.23 and later) can use it from there (without the various
"tricks" to make this work for .20). I would suggest to address the TokenStore
first class interface as part of that patch?
The logic that puts tokens into the cache and removes them immediately is
necessary due to field/method visibility issues in the Hadoop code. All that
won't be needed when we prepare a Hadoop patch. I added a few comments in the
code.
> HA Support for Metastore Server
> --------------------------------
>
> Key: HIVE-2467
> URL: https://issues.apache.org/jira/browse/HIVE-2467
> Project: Hive
> Issue Type: Improvement
> Components: Metastore, Security, Server Infrastructure
> Affects Versions: 0.8.0, 0.9.0
> Reporter: Thomas Weise
> Assignee: Thomas Weise
> Fix For: 0.9.0
>
> Attachments: HIVE-2467.2.patch, HIVE-2467.patch
>
>
> We require HA deployment for metastore server for HCatalog:
> * Multiple server instances run behind VIP
> * Database provides HA
> Metastore server instances will need to be able to share any state required
> for VIP outside RDBMS. As of Hive 0.8 affected conversational state that
> needs to support VIP/HA setup is limited to current delegation tokens. Is
> this correct?
> We are planning to use ZooKeeper to share current delegation tokens and
> master keys between nodes of the VIP. ZK is already (optionally) used by Hive
> for concurrency control. Access to ZK would be limited on the network level
> or in the future, when ZooKeeper supports security, through Kerberos, similar
> to NN access.
> Currently Hive taps into Hadoop core security delegation token support
> through extension of
> org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
> A solution could amend the Hive specific extension to support:
> * Pluggable delegation token and master key store (ZooKeeper as alternative
> for in-memory AbstractDelegationTokenSecretManager)
> * Delegation token retrieval from token store when not found in memory
> (wrap/extend retrievePassword(...))
> * Cancellation of token in token store
> * Purging of expired tokens from token store
> http://www.mail-archive.com/hcatalog-user@incubator.apache.org/msg00053.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
