You need to enable Hive Delegation Token Store implementation as the first step in
configuring HiveServer high availability using a load balancer. You also need to understand
the interaction between Oozie and HS2 with regard to the delegation token.
Oozie needs this implementation for secure HiveServer high availability (HA).
Otherwise, the Oozie server can get a delegation token from one HS2 server, but the
actual query might run against another HS2 server, which does not recognize the HS2
delegation token.
-
In Cloudera Manager, click .
-
Take one of the following actions:
- If you have a cluster secured by Kerberos, search for Hive Delegation Token
Store, which specifies storage for the Kerberos token as described below.
- If you have an unsecured cluster, skip the next step.
-
Select
org.apache.hadoop.hive.thrift.DBTokenStore
, and save the
change.
Storage for the Kerberos delegation token is defined by the
hive.cluster.delegation.token.store.class
property. The available
choices are Zookeeper, the Metastore, and memory. Cloudera recommends using the
database by setting the
org.apache.hadoop.hive.thrift.DBTokenStore
property. Do not
use the MemoryTokenStore. This can cause failures because one HS2 does not
recognize the delegation token issued by another.
-
Add HiveServer (HS2) roles as described in the next topic.