[
https://issues.apache.org/jira/browse/SENTRY-427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14138643#comment-14138643
]
Prasad Mujumdar commented on SENTRY-427:
----------------------------------------
Thanks for putting out the design doc!
Here are a few comment/suggestions -
- Sequence ID: Could you please add some details on how this global counter
will be used ?
- Regarding the transactions, I guess the example given could very well be
applicable to a single Sentry server with multiple concurrent client (eg two
different users from Hive). As you mentioned in the document, with many-to-many
relationship, locking a Sentry object like role is equivalent to locking the
mapping table rows for that object. I am not sure whether optimistic
transactions in JDO can solve that.. The pessimistic (transaction isolation
level set to serialized) would solve that but could be a huge performance
penalty.
Another option could be to implement a rudimentary lock manager via ZooKeeper
to lock logical sentry objects like roles and privileges. This is what Hive
does to handle table locking to support concurrent DDL/DML and queries.
- Audit Log support
IMO it should be okay to have separate audit logs for each Sentry service. The
downstream consumer of the audit log should be able to extract it from multiple
sources. We are already introducing ZK as requirement, to add Flume/Kafka and
HDFS dependency on top of that would make things too hard to setup and deploy.
> High availability for the SENTRY service
> ----------------------------------------
>
> Key: SENTRY-427
> URL: https://issues.apache.org/jira/browse/SENTRY-427
> Project: Sentry
> Issue Type: New Feature
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Attachments: SENTRY_HA_Design.pdf
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
