[
https://issues.apache.org/jira/browse/HIVE-2467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13164268#comment-13164268
]
Hudson commented on HIVE-2467:
------------------------------
Integrated in Hive-trunk-h0.21 #1129 (See
[https://builds.apache.org/job/Hive-trunk-h0.21/1129/])
HIVE-2467 : HA Support for Metastore Server (Thomas Weise via Ashutosh
Chauhan)
hashutosh :
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1211275
Files :
* /hive/trunk/shims/ivy.xml
*
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
*
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/MemoryTokenStore.java
*
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/TokenStoreDelegationTokenSecretManager.java
*
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/ZooKeeperTokenStore.java
* /hive/trunk/shims/src/0.20S/java/org/apache/hadoop/security
* /hive/trunk/shims/src/0.20S/java/org/apache/hadoop/security/token
* /hive/trunk/shims/src/0.20S/java/org/apache/hadoop/security/token/delegation
*
/hive/trunk/shims/src/0.20S/java/org/apache/hadoop/security/token/delegation/HiveDelegationTokenSupport.java
*
/hive/trunk/shims/src/test/org/apache/hadoop/hive/thrift/TestHadoop20SAuthBridge.java
> HA Support for Metastore Server
> --------------------------------
>
> Key: HIVE-2467
> URL: https://issues.apache.org/jira/browse/HIVE-2467
> Project: Hive
> Issue Type: Improvement
> Components: Metastore, Security, Server Infrastructure
> Affects Versions: 0.8.0, 0.9.0
> Reporter: Thomas Weise
> Assignee: Thomas Weise
> Fix For: 0.9.0
>
> Attachments: HIVE-2467.2.patch, HIVE-2467.patch
>
>
> We require HA deployment for metastore server for HCatalog:
> * Multiple server instances run behind VIP
> * Database provides HA
> Metastore server instances will need to be able to share any state required
> for VIP outside RDBMS. As of Hive 0.8 affected conversational state that
> needs to support VIP/HA setup is limited to current delegation tokens. Is
> this correct?
> We are planning to use ZooKeeper to share current delegation tokens and
> master keys between nodes of the VIP. ZK is already (optionally) used by Hive
> for concurrency control. Access to ZK would be limited on the network level
> or in the future, when ZooKeeper supports security, through Kerberos, similar
> to NN access.
> Currently Hive taps into Hadoop core security delegation token support
> through extension of
> org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager<TokenIdent>
> A solution could amend the Hive specific extension to support:
> * Pluggable delegation token and master key store (ZooKeeper as alternative
> for in-memory AbstractDelegationTokenSecretManager)
> * Delegation token retrieval from token store when not found in memory
> (wrap/extend retrievePassword(...))
> * Cancellation of token in token store
> * Purging of expired tokens from token store
> http://www.mail-archive.com/hcatalog-user@incubator.apache.org/msg00053.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
