[jira] [Commented] (HIVE-2467) HA Support for Metastore Server

Wed, 30 Nov 2011 09:52:04 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-2467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13160178#comment-13160178
 ] 

Thomas Weise commented on HIVE-2467:
------------------------------------

All unit tests pass with the patch.

                
> HA Support for Metastore Server 
> --------------------------------
>
>                 Key: HIVE-2467
>                 URL: https://issues.apache.org/jira/browse/HIVE-2467
>             Project: Hive
>          Issue Type: Improvement
>          Components: Metastore, Security, Server Infrastructure
>    Affects Versions: 0.8.0, 0.9.0
>            Reporter: Thomas Weise
>            Assignee: Thomas Weise
>             Fix For: 0.9.0
>
>         Attachments: HIVE-2467.2.patch, HIVE-2467.patch
>
>
> We require HA deployment for metastore server for HCatalog:
> * Multiple server instances run behind VIP
> * Database provides HA
> Metastore server instances will need to be able to share any state required 
> for VIP outside RDBMS. As of Hive 0.8 affected conversational state that 
> needs to support VIP/HA setup is limited to current delegation tokens. Is 
> this correct?
> We are planning to use ZooKeeper to share current delegation tokens and 
> master keys between nodes of the VIP. ZK is already (optionally) used by Hive 
> for concurrency control. Access to ZK would be limited on the network level 
> or in the future, when ZooKeeper supports security, through Kerberos, similar 
> to NN access.
> Currently Hive taps into Hadoop core security delegation token support 
> through extension of
> org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
> A solution could amend the Hive specific extension to support:
> * Pluggable delegation token and master key store (ZooKeeper as alternative 
> for in-memory AbstractDelegationTokenSecretManager)
> * Delegation token retrieval from token store when not found in memory 
> (wrap/extend retrievePassword(...))
> * Cancellation of token in token store
> * Purging of expired tokens from token store
> http://www.mail-archive.com/hcatalog-user@incubator.apache.org/msg00053.html

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to