We require HA deployment for metastore server for HCatalog:
- Multiple server instances run behind VIP
- Database provides HA
Metastore server instances will need to be able to share any state required for VIP outside RDBMS. As of Hive 0.8 affected conversational state that needs to support VIP/HA setup is limited to current delegation tokens. Is this correct?
We are planning to use ZooKeeper to share current delegation tokens and master keys between nodes of the VIP. ZK is already (optionally) used by Hive for concurrency control. Access to ZK would be limited on the network level or in the future, when ZooKeeper supports security, through Kerberos, similar to NN access.
Currently Hive taps into Hadoop core security delegation token support through extension of
A solution could amend the Hive specific extension to support:
- Pluggable delegation token and master key store (ZooKeeper as alternative for in-memory AbstractDelegationTokenSecretManager)
- Delegation token retrieval from token store when not found in memory (wrap/extend retrievePassword(...))
- Cancellation of token in token store
- Purging of expired tokens from token store