Failover Recovery Configuration
In a standard installation of Privitar that uses Kerberos to authenticate with the Hadoop cluster, a single Principal is defined.
However, in an environment with an overall Failover strategy for a Hadoop cluster using Kerberos authentication, it is possible to setup Privitar to be part of this. In this case, two instances of Privitar are installed:
One instance is defined as the current Hot instance running on one machine.
The other instance is defined as the backup Cold instance running on another machine.
In the event of the Hot instance failing, the Cold instance takes over.
Both instances point to the same configuration database, but they will use different Principals (Primary or Secondary) to authenticate with the Hadoop cluster.
Note
Privitar does not incorporate the functionality to switch between the two instances. It is assumed that switching to the secondary machine is enabled as part of the overall Failover strategy.
The Primary and Secondary principals are defined in the Authentication tab of the Hadoop Cluster Config dialog box:
The table below provides an example of a Failover recovery setup, with two instances of Privitar running on separate machines. (Machine names are examples.)
Instance | Machine name | Principal to Use | Principal Settings (Primary/Secondary) |
|---|---|---|---|
1 (Hot) | host-001.realm.com | PRIMARY | privitar/host-001.realm.com@REALM.COM |
privitar/host-002.realm.com@REALM.COM | |||
2 (Cold) | host-001.realm.com | SECONDARY | privitar/host-001.realm.com@REALM.COM |
privitar/host-002.realm.com@REALM.COM |
In the above example, the Hot instance will use the Kerberos Primary principal for authentication:
privitar/host-001.realm.com@REALM.COM)
The Cold instance will use the Kerberos Secondary principal for authentication:
privitar/host-002.realm.com@REALM.COM
For more information on configuring more than one instance of Privitar, contact your system administrator.