Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/16388 )
Change subject: KUDU-3187: Enhance the HMS plugin to check if synchronization is enabled ...................................................................... Patch Set 8: (1 comment) http://gerrit.cloudera.org:8080/#/c/16388/8//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/16388/8//COMMIT_MSG@25 PS8, Line 25: the Kudu client runs in the plugin and communicates : with the cluster For the Kerberos-enabled case I'm curious how the expiration of authn credentials is handled there. IIRC, Kudu client itself doesn't have provisions to renew Kerberos tickets nor it accepts a keytab. It's assumed that a Kudu client re-uses creds from the Kerberos cache (which is supposed to be initialized externally by other actors). So, the concern here is that when Kerberos creds in the cache expire, this unexpectedly stops working. And if so, would it create some problems in the consistency of catalog data on its own. For example, something that would require a manual intervention to restore the consistency. Did you try to run this if using very short-lived kerberos tickets? I guess that's something about setting 'ticket_lifetime' and 'renew_lifetime' to few minutes in krb5.conf -- To view, visit http://gerrit.cloudera.org:8080/16388 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ib3588d72af1bb499202b47fca50a08876e13ea37 Gerrit-Change-Number: 16388 Gerrit-PatchSet: 8 Gerrit-Owner: Grant Henke <granthe...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Grant Henke <granthe...@apache.org> Gerrit-Reviewer: Greg Solovyev <gsolov...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Thu, 24 Sep 2020 18:58:54 +0000 Gerrit-HasComments: Yes