| <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" ><generator uri="https://jekyllrb.com/" version="4.1.1">Jekyll</generator><link href="/feed.xml" rel="self" type="application/atom+xml" /><link href="/" rel="alternate" type="text/html" /><updated>2021-01-28T14:27:14-08:00</updated><id>/feed.xml</id><entry><title type="html">Optimized joins &amp; filtering with Bloom filter predicate in Kudu</title><link href="/2021/01/15/bloom-filter-predicate.html" rel="alternate" type="text/html" title="Optimized joins &amp; filtering with Bloom filter predicate in Kudu" /><published>2021-01-15T00:00:00-08:00</published><updated>2021-01-15T00:00:00-08:00</updated><id>/2021/01/15/bloom-filter-predicate</id><content type="html" xml:base="/2021/01/15/bloom-filter-predicate.html"><p>Note: This is a cross-post from the Cloudera Engineering Blog |
| <a href="https://blog.cloudera.com/optimized-joins-filtering-with-bloom-filter-predicate-in-kudu/">Optimized joins &amp; filtering with Bloom filter predicate in Kudu</a></p> |
| |
| <p>Cloudera’s CDP Runtime version 7.1.5 maps to Apache Kudu 1.13 and upcoming Apache Impala 4.0</p> |
| |
| <h2 id="introduction">Introduction</h2> |
| <p>In database systems one of the most effective ways to improve performance is to avoid doing |
| unnecessary work, such as network transfers and reading data from disk. One of the ways Apache |
| Kudu achieves this is by supporting column predicates with scanners. Pushing down column predicate |
| filters to Kudu allows for optimized execution by skipping reading column values for filtered out |
| rows and reducing network IO between a client, like the distributed query engine Apache Impala, and |
| Kudu. See the documentation on |
| <a href="https://docs.cloudera.com/runtime/latest/impala-reference/topics/impala-runtime-filtering.html">runtime filtering in Impala</a> |
| for details.</p> |
| |
| <p>CDP Runtime 7.1.5 and CDP Public Cloud added support for Bloom filter column predicate pushdown in |
| Kudu and the associated integration in Impala.</p> |
| |
| <!--more--> |
| |
| <h2 id="bloom-filter">Bloom filter</h2> |
| <p>A Bloom filter is a space-efficient probabilistic data structure used to test set membership with a |
| possibility of false positive matches. In database systems these are used to determine whether a |
| set of data can be ignored when only a subset of the records are required. See the |
| <a href="https://en.wikipedia.org/wiki/Bloom_filter">wikipedia page</a> for more details.</p> |
| |
| <p>The implementation used in Kudu is a space, hash, and cache efficient block-based Bloom filter from |
| <a href="https://www.cs.amherst.edu/~ccmcgeoch/cs34/papers/cacheefficientbloomfilters-jea.pdf">“Cache-, Hash- and Space-Efficient Bloom Filters”</a> |
| by Putze et al. This Bloom filter was taken from the implementation in Impala and further enhanced. |
| The block based Bloom filter is designed to fit in CPU cache, and it allows SIMD operations using |
| AVX2, when available, for efficient lookup and insertion.</p> |
| |
| <p>Consider the case of a broadcast hash join between a small table and a big table where predicate |
| push down is not available. This typically involves following steps:</p> |
| <ol> |
| <li>Read the entire small table and construct a hash table from it.</li> |
| <li>Broadcast the generated hash table to all worker nodes.</li> |
| <li>On the worker nodes start fetching and iterating on slices of the big table, check whether the |
| key in the big table exists in the hash table, and only return the matched rows.</li> |
| </ol> |
| |
| <p>Step 3 is the heaviest since it involves reading the entire big table, and could involve heavy |
| network IO if the worker and the nodes hosting the big table are not on the same server.</p> |
| |
| <p>Before 7.1.5, Impala supported pushing down only the Minimum/Maximum (MIN_MAX) runtime filter to |
| Kudu which filters out values not within the specified bounds. In addition to the MIN_MAX runtime |
| filter, Impala in CDP 7.1.5+ now supports pushing down a runtime Bloom filter to Kudu. With the |
| newly introduced Bloom filter predicate support in Kudu, Impala can use this feature to perform |
| drastically more efficient joins for data stored in Kudu. |
| Performance |
| As in the scenario described above, we ran a Impala query which joins a big table stored on Kudu |
| and a small table stored as Parquet on HDFS. The small table was created using Parquet on HDFS to |
| isolate the new feature, but could also be stored in Kudu just the same. We ran the queries first |
| using only the MIN_MAX filter and then using both the MIN_MAX and BLOOM filter |
| (ALL runtime filters). For comparison, we created the same big table in Parquet on HDFS. Using |
| Parquet on HDFS is a great baseline for comparison because Impala already supports both MIN_MAX and |
| BLOOM filters for Parquet on HDFS.</p> |
| |
| <h2 id="setup">Setup</h2> |
| <p>The following test was performed on a 6 node cluster with CDP Runtime 7.1.5.</p> |
| |
| <p>Hardware Configuration: |
| <code class="language-plaintext highlighter-rouge">Dell PowerEdge R430, 20c/40t Xeon e5-2630 v4 @ 2.2Ghz, 128GB RAM, 4-2TB HDDs with 1 for WAL and 3 |
| for data directories.</code></p> |
| |
| <h3 id="schema">Schema:</h3> |
| <ul> |
| <li>Big table consists of 260 million rows with randomly generated data hash partitioned by primary |
| key across 20 partitions on Kudu. The Kudu table was explicitly rebalanced to ensure a balanced |
| layout after the load.</li> |
| <li>Small table consists of 2000 rows of top 1000 and bottom 1000 keys from the big table stored as |
| Parquet on HDFS. This prevents the MIN_MAX filters from doing any filtering on the big table as |
| all rows would fall under the range bounds of the MIN_MAX filters.</li> |
| <li>COMPUTE STATS were run on all tables to help gather information about the table metadata and help |
| Impala optimize the query plan.</li> |
| <li>All queries were run 10 times and the mean query runtime is depicted below.</li> |
| </ul> |
| |
| <h2 id="join-queries">Join Queries</h2> |
| <p>For join queries, we saw performance improvements of 3X to 5X in Kudu with Bloom filter predicate |
| pushdown. We expect to see even better performance multiples with larger data sizes and more |
| selective queries.</p> |
| |
| <p>Compared to Parquet on HDFS, Kudu performance is now better by around 17-33%.</p> |
| |
| <p><img src="/img/bloom-filter-join-queries.png" alt="png" class="img-responsive" /></p> |
| |
| <h2 id="update-query">Update Query</h2> |
| <p>For an update query that basically upserts the entire small table into the existing big table, we |
| saw 15X improvement. This is primarily due to the increased query performance when selecting the |
| rows to update.</p> |
| |
| <p><img src="/img/bloom-filter-update-query.png" alt="png" class="img-responsive" /></p> |
| |
| <p>See references section below for details on the table schema, loading process, and queries that were |
| run.</p> |
| |
| <h2 id="tpc-h">TPC-H</h2> |
| <p>We also ran the TPC-H benchmark on a single node cluster with a scale factor of 30 and saw |
| performance improvements in the range of 19% to 31% with different block cache capacity settings.</p> |
| |
| <p>Kudu automatically disables Bloom filter predicates that are not effectively filtering data to avoid |
| any performance penalties from the new feature. During development of the feature, query 9 in the |
| TPCH benchmark (TPCH-Q9) exhibited regression of 50-96%. On further investigation, the time required |
| to scan the rows from Kudu increased by up to 2X. When investigating this regression we found that |
| the Bloom filter predicate that was pushed down was filtering out less than 10% of the rows, leading |
| to increased CPU usage in Kudu which outweighed the benefit of the filter. To resolve the regression |
| we added a heuristic in Kudu wherein if a Bloom filter predicate is not filtering out a sufficient |
| percentage of rows then it’s disabled automatically for the remainder of the scan. This is safe |
| because Bloom filters can return false positives and hence false matches returned to the client are |
| expected to be filtered out using other deterministic filters.</p> |
| |
| <h2 id="feature-availability">Feature Availability</h2> |
| <p>Users querying Kudu using Impala will have the feature enabled by default from CDP 7.1.5 onward |
| and CDP Public Cloud. We highly recommend users upgrade to get this performance enhancement and many |
| other performance enhancements in the release. For custom applications that use the Kudu client API |
| directly, the Kudu C++ client also has the Bloom filter predicate available from CDP 7.1.5 onward. |
| The Kudu Java client does not have the Bloom filter predicate available yet, |
| <a href="https://issues.apache.org/jira/browse/KUDU-3221">KUDU-3221</a>.</p> |
| |
| <h2 id="references">References:</h2> |
| <ul> |
| <li>Performance testing related schema and queries: |
| <a href="https://gist.github.com/bbhavsar/006df9c40b4b0528e297fac29824ceb4">https://gist.github.com/bbhavsar/006df9c40b4b0528e297fac29824ceb4</a></li> |
| <li>Kudu C++ client documentation: |
| <a href="https://kudu.apache.org/cpp-client-api/classkudu_1_1client_1_1KuduTable.html#a356e8d0d10491d4d8540adefac86be94">https://kudu.apache.org/cpp-client-api/classkudu_1_1client_1_1KuduTable.html#a356e8d0d10491d4d8540adefac86be94</a></li> |
| <li>Example code to create and pass Bloom filter predicate: |
| <a href="https://github.com/apache/kudu/blob/master/src/kudu/client/predicate-test.cc#L1416">https://github.com/apache/kudu/blob/master/src/kudu/client/predicate-test.cc#L1416</a></li> |
| <li>Block based Bloom filter: |
| <a href="https://github.com/apache/kudu/blob/master/src/kudu/util/block_bloom_filter.h#L51">https://github.com/apache/kudu/blob/master/src/kudu/util/block_bloom_filter.h#L51</a></li> |
| </ul> |
| |
| <h2 id="acknowledgement">Acknowledgement</h2> |
| <p>This feature was implemented jointly by Bankim Bhavsar and Wenzhe Zhou with guidance and feedback |
| from Tim Armstrong, Adar Dembo, Thomas Tauber-Marshall, Andrew Wong, and Grant Henke. We are also |
| grateful for our customers especially Mauricio Aristizabal from Impact for providing us valuable |
| feedback and benchmarks.</p></content><author><name>Bankim Bhavsar</name></author><summary type="html">Note: This is a cross-post from the Cloudera Engineering Blog Optimized joins &amp; filtering with Bloom filter predicate in Kudu Cloudera’s CDP Runtime version 7.1.5 maps to Apache Kudu 1.13 and upcoming Apache Impala 4.0 Introduction In database systems one of the most effective ways to improve performance is to avoid doing unnecessary work, such as network transfers and reading data from disk. One of the ways Apache Kudu achieves this is by supporting column predicates with scanners. Pushing down column predicate filters to Kudu allows for optimized execution by skipping reading column values for filtered out rows and reducing network IO between a client, like the distributed query engine Apache Impala, and Kudu. See the documentation on runtime filtering in Impala for details. CDP Runtime 7.1.5 and CDP Public Cloud added support for Bloom filter column predicate pushdown in Kudu and the associated integration in Impala.</summary></entry><entry><title type="html">Apache Kudu 1.13.0 released</title><link href="/2020/09/21/apache-kudu-1-13-0-release.html" rel="alternate" type="text/html" title="Apache Kudu 1.13.0 released" /><published>2020-09-21T00:00:00-07:00</published><updated>2020-09-21T00:00:00-07:00</updated><id>/2020/09/21/apache-kudu-1-13-0-release</id><content type="html" xml:base="/2020/09/21/apache-kudu-1-13-0-release.html"><p>The Apache Kudu team is happy to announce the release of Kudu 1.13.0!</p> |
| |
| <p>The new release adds several new features and improvements, including the |
| following:</p> |
| |
| <!--more--> |
| |
| <ul> |
| <li>Added table ownership support. All newly created tables are automatically |
| owned by the user creating them. It is also possible to change the owner by |
| altering the table. You can also assign privileges to table owners via Apache |
| Ranger.</li> |
| <li>An experimental feature is added to Kudu that allows it to automatically |
| rebalance tablet replicas among tablet servers. The background task can be |
| enabled by setting the <code class="language-plaintext highlighter-rouge">--auto_rebalancing_enabled</code> flag on the Kudu masters. |
| Before starting auto-rebalancing on an existing cluster, the CLI rebalancer |
| tool should be run first.</li> |
| <li>Bloom filter column predicate pushdown has been added to allow optimized |
| execution of filters which match on a set of column values with a |
| false-positive rate. Support for Impala queries utilizing Bloom filter |
| predicate is available yielding performance improvements of 19% to 30% in TPC-H |
| benchmarks and around 41% improvement for distributed joins across large |
| tables. Support for Spark is not yet available.</li> |
| <li>ARM-based architectures are now supported.</li> |
| </ul> |
| |
| <p>The above is just a list of the highlights, for a more complete list of new |
| features, improvements and fixes please refer to the <a href="/releases/1.13.0/docs/release_notes.html">release |
| notes</a>.</p> |
| |
| <p>The Apache Kudu project only publishes source code releases. To build Kudu |
| 1.13.0, follow these steps:</p> |
| |
| <ul> |
| <li>Download the Kudu <a href="/releases/1.13.0">1.13.0 source release</a></li> |
| <li>Follow the instructions in the documentation to build Kudu <a href="/releases/1.13.0/docs/installation.html#build_from_source">1.13.0 from |
| source</a></li> |
| </ul> |
| |
| <p>For your convenience, binary JAR files for the Kudu Java client library, Spark |
| DataSource, Flume sink, and other Java integrations are published to the ASF |
| Maven repository and are <a href="https://search.maven.org/search?q=g:org.apache.kudu%20AND%20v:1.13.0">now |
| available</a>.</p> |
| |
| <p>The Python client source is also available on |
| <a href="https://pypi.org/project/kudu-python/">PyPI</a>.</p> |
| |
| <p>Additionally, experimental Docker images are published to |
| <a href="https://hub.docker.com/r/apache/kudu">Docker Hub</a>, including for AArch64-based |
| architectures (ARM).</p></content><author><name>Attila Bukor</name></author><summary type="html">The Apache Kudu team is happy to announce the release of Kudu 1.13.0! The new release adds several new features and improvements, including the following:</summary></entry><entry><title type="html">Fine-Grained Authorization with Apache Kudu and Apache Ranger</title><link href="/2020/08/11/fine-grained-authz-ranger.html" rel="alternate" type="text/html" title="Fine-Grained Authorization with Apache Kudu and Apache Ranger" /><published>2020-08-11T00:00:00-07:00</published><updated>2020-08-11T00:00:00-07:00</updated><id>/2020/08/11/fine-grained-authz-ranger</id><content type="html" xml:base="/2020/08/11/fine-grained-authz-ranger.html"><p>When Apache Kudu was first released in September 2016, it didn’t support any |
| kind of authorization. Anyone who could access the cluster could do anything |
| they wanted. To remedy this, coarse-grained authorization was added along with |
| authentication in Kudu 1.3.0. This meant allowing only certain users to access |
| Kudu, but those who were allowed access could still do whatever they wanted. The |
| only way to achieve finer-grained access control was to limit access to Apache |
| Impala where access control <a href="/2019/04/22/fine-grained-authorization-with-apache-kudu-and-impala.html">could be enforced</a> by |
| fine-grained policies in Apache Sentry. This method limited how Kudu could be |
| accessed, so we saw a need to implement fine-grained access control in a way |
| that wouldn’t limit access to Impala only.</p> |
| |
| <p>Kudu 1.10.0 integrated with Apache Sentry to enable finer-grained authorization |
| policies. This integration was rather short-lived as it was deprecated in Kudu |
| 1.12.0 and will be completely removed in Kudu 1.13.0.</p> |
| |
| <p>Most recently, since 1.12.0 Kudu supports fine-grained authorization by |
| integrating with Apache Ranger 2.1 and later. In this post, we’ll cover how this |
| works and how to set it up.</p> |
| |
| <!--more--> |
| |
| <h2 id="how-it-works">How it works</h2> |
| |
| <p>Ranger supports a wide range of software across the Apache Hadoop ecosystem, but |
| unlike Sentry, it doesn’t depend on any of them for fine-grained authorization, |
| making it an ideal choice for Kudu.</p> |
| |
| <p>Ranger consists of an Admin server that has a web UI and a REST API where admins |
| can create policies. The policies are stored in a database (supported database |
| systems are Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and SQL Anywhere) |
| and are periodically fetched and cached by the Ranger plugin that runs on the |
| Kudu Masters. The Ranger plugin is responsible for authorizing the requests |
| against the cached policies. At the time of writing this post, the Ranger plugin |
| base is available only in Java, as most Hadoop ecosystem projects, including |
| Ranger, are written in Java.</p> |
| |
| <p>Unlike Sentry’s client which we reimplemented in C++, the Ranger plugin is a fat |
| client that handles the evaluation of the policies (which are much richer and |
| more complex than Sentry policies) locally, so we decided not to reimplement it |
| in C++.</p> |
| |
| <p>Each Kudu Master spawns a JVM child process that is effectively a wrapper around |
| the Ranger plugin and communicates with it via named pipes.</p> |
| |
| <h2 id="prerequisites">Prerequisites</h2> |
| |
| <p>This post assumes the Admin Tool of a compatible Ranger version is |
| <a href="https://ranger.apache.org/quick_start_guide.html">installed</a> on a host that is |
| reachable by both you and by all Kudu Master servers.</p> |
| |
| <p><em>Note</em>: At the time of writing this post, Ranger 2.0 is the most recent release |
| which does NOT support Kudu yet. Ranger 2.1 will be the first version that |
| supports Kudu. If you wish to use Kudu with Ranger before this is released, you |
| either need to build Ranger from the <code class="language-plaintext highlighter-rouge">master</code> branch or use a distribution that |
| has already backported the relevant bits |
| (<a href="https://issues.apache.org/jira/browse/RANGER-2684">RANGER-2684</a>: |
| 0b23df7801062cc7836f2e162e1775101898add4).</p> |
| |
| <p>To enable Ranger integration in Kudu, Java 8 or later has to be available on the |
| Master servers.</p> |
| |
| <p>You can build the Ranger subprocess by navigating to the <code class="language-plaintext highlighter-rouge">java/</code> inside the Kudu |
| source directory, then running the below command:</p> |
| |
| <figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nv">$ </span>./gradlew :kudu-subprocess:jar</code></pre></figure> |
| |
| <p>This will build the subprocess JAR which you can find in the |
| <code class="language-plaintext highlighter-rouge">kudu-subprocess/build/libs</code> directory.</p> |
| |
| <h2 id="setting-up-kudu-with-ranger">Setting up Kudu with Ranger</h2> |
| |
| <p>The first step is to add Kudu in Ranger Admin and set <code class="language-plaintext highlighter-rouge">tag.download.auth.users</code> |
| and <code class="language-plaintext highlighter-rouge">policy.download.auth.users</code> to the user or service principal name running |
| the Kudu process (typically <code class="language-plaintext highlighter-rouge">kudu</code>). The former is for downloading tag-based |
| policies which Kudu doesn’t currently support, so this is only for forward |
| compatibility and can be safely omitted.</p> |
| |
| <p><img src="/img/blog-ranger/create-service.png" alt="create-service" class="img-responsive" /></p> |
| |
| <p>Next, you’ll have to configure the Ranger plugin. As it’s written in Java and is |
| part of the Hadoop ecosystem, it expects to find a <code class="language-plaintext highlighter-rouge">core-site.xml</code> in its |
| classpath that at a minimum configures the authentication types (simple or |
| Kerberos) and the group mapping. If your Kudu is co-located with a Hadoop |
| cluster, you can simply use your Hadoop’s <code class="language-plaintext highlighter-rouge">core-site.xml</code> and it should work. |
| Otherwise, you can use the below sample <code class="language-plaintext highlighter-rouge">core-site.xml</code> assuming you have |
| Kerberos enabled and shell-based groups mapping works for you:</p> |
| |
| <figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt">&lt;configuration&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>hadoop.security.authentication<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>kerberos<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>hadoop.security.group.mapping<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>org.apache.hadoop.security.ShellBasedUnixGroupsMapping<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;/configuration&gt;</span></code></pre></figure> |
| |
| <p>In addition to the <code class="language-plaintext highlighter-rouge">core-site.xml</code> file, you’ll also need a |
| <code class="language-plaintext highlighter-rouge">ranger-kudu-security.xml</code> in the same directory that looks like this:</p> |
| |
| <figure class="highlight"><pre><code class="language-xml" data-lang="xml"><span class="nt">&lt;configuration&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>ranger.plugin.kudu.policy.cache.dir<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>/path/to/policy/cache/<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>ranger.plugin.kudu.service.name<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>kudu<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>ranger.plugin.kudu.policy.rest.url<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>http://ranger-admin:6080<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>ranger.plugin.kudu.policy.source.impl<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>org.apache.ranger.admin.client.RangerAdminRESTClient<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>ranger.plugin.kudu.policy.pollIntervalMs<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>30000<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;property&gt;</span> |
| <span class="nt">&lt;name&gt;</span>ranger.plugin.kudu.access.cluster.name<span class="nt">&lt;/name&gt;</span> |
| <span class="nt">&lt;value&gt;</span>Cluster 1<span class="nt">&lt;/value&gt;</span> |
| <span class="nt">&lt;/property&gt;</span> |
| <span class="nt">&lt;/configuration&gt;</span></code></pre></figure> |
| |
| <ul> |
| <li><code class="language-plaintext highlighter-rouge">ranger.plugin.kudu.policy.cache.dir</code> - A directory that is writable by the |
| user running the Master process where the plugin will cache the policies it |
| fetches from Ranger Admin.</li> |
| <li><code class="language-plaintext highlighter-rouge">ranger.plugin.kudu.service.name</code> - This needs to be set to whatever the |
| service name was set to on Ranger Admin.</li> |
| <li><code class="language-plaintext highlighter-rouge">ranger.plugin.kudu.policiy.rest.url</code> - The URL of the Ranger Admin REST API.</li> |
| <li><code class="language-plaintext highlighter-rouge">ranger.plugin.kudu.policy.source.impl</code> - This should always be |
| <code class="language-plaintext highlighter-rouge">org.apache.ranger.admin.client.RangerAdminRESTClient</code>.</li> |
| <li><code class="language-plaintext highlighter-rouge">ranger.plugin.kudu.policy.pollIntervalMs</code> - This is the interval at which the |
| plugin will fetch policies from the Ranger Admin.</li> |
| <li><code class="language-plaintext highlighter-rouge">ranger.plugin.kudu.access.cluster.name</code> - The name of the cluster.</li> |
| </ul> |
| |
| <p><em>Note</em>: This is a minimal config. For more options refer to the <a href="https://cwiki.apache.org/confluence/display/RANGER/Index">Ranger |
| documentation</a></p> |
| |
| <p>Once these files are created, you need to point Kudu Masters to the directory |
| containing them with the <code class="language-plaintext highlighter-rouge">-ranger_config_path</code> flag. In addition, |
| <code class="language-plaintext highlighter-rouge">-ranger_jar_path</code> and <code class="language-plaintext highlighter-rouge">-ranger_java_path</code> should be configured. The Java path |
| defaults to <code class="language-plaintext highlighter-rouge">$JAVA_HOME/bin/java</code> if <code class="language-plaintext highlighter-rouge">$JAVA_HOME</code> is set and falls back to |
| <code class="language-plaintext highlighter-rouge">java</code> in <code class="language-plaintext highlighter-rouge">$PATH</code> if not. The JAR path defaults to <code class="language-plaintext highlighter-rouge">kudu-subprocess.jar</code> in the |
| directory containing the <code class="language-plaintext highlighter-rouge">kudu-master</code> binary.</p> |
| |
| <p>As the last step, you need to set <code class="language-plaintext highlighter-rouge">-tserver_enforce_access_control</code> to <code class="language-plaintext highlighter-rouge">true</code> on |
| the Tablet Servers to make sure access control is respected across the cluster.</p> |
| |
| <h2 id="creating-policies">Creating policies</h2> |
| |
| <p>After setting up the integration it’s time to create some policies, as now only |
| trusted users are allowed to perform any action, everyone else is locked out.</p> |
| |
| <p>To create your first policy, log in to Ranger Admin, click on the Kudu service |
| you created in the first step of setup, then on the “Add New Policy” button in |
| the top right corner. You’ll need to name the policy and set the resource it |
| will apply to. Kudu doesn’t support databases, but with Ranger integration |
| enabled, it will treat the part of the table name before the first period as the |
| database name, or default to “default” if the table name doesn’t contain a |
| period (configurable with the <code class="language-plaintext highlighter-rouge">-ranger_default_database</code> flag on the |
| <code class="language-plaintext highlighter-rouge">kudu-master</code>).</p> |
| |
| <p>There is no implicit hierarchy in the resources, which means that granting |
| privileges on <code class="language-plaintext highlighter-rouge">db=foo</code> won’t imply privileges on <code class="language-plaintext highlighter-rouge">foo.bar</code>. To create a policy |
| that applies to all tables and all columns in the <code class="language-plaintext highlighter-rouge">foo</code> database you need to |
| create a policy for <code class="language-plaintext highlighter-rouge">db=foo-&gt;tbl=*-&gt;col=*</code>.</p> |
| |
| <p><img src="/img/blog-ranger/create-policy.png" alt="create-policy" class="img-responsive" /></p> |
| |
| <p>For a list of the required privileges to perform operations please refer to our |
| <a href="/docs/security.html#policy-for-kudu-masters">documentation</a>.</p> |
| |
| <h2 id="table-ownership">Table ownership</h2> |
| |
| <p>Kudu 1.13 will introduce table ownership, which enhances the authorization |
| experience when Ranger integration is enabled. Tables are automatically owned by |
| the users creating the table and it’s possible to change the owner as a part of |
| an alter table operation.</p> |
| |
| <p>Ranger supports granting privileges to the table owners via a special <code class="language-plaintext highlighter-rouge">{OWNER}</code> |
| user. You can, for example, grant the <code class="language-plaintext highlighter-rouge">ALL</code> privilege and delegate admin (this |
| is required to change the owner of a table) to <code class="language-plaintext highlighter-rouge">{OWNER}</code> on |
| <code class="language-plaintext highlighter-rouge">db=*-&gt;table=*-&gt;column=*</code>. This way your users will be able to perform any |
| actions on the tables they created without having to explicitly assign |
| privileges per table. They will, of course, need to be granted the <code class="language-plaintext highlighter-rouge">CREATE</code> |
| privilege on <code class="language-plaintext highlighter-rouge">db=*</code> or on a specific database to actually be able to create |
| their own tables.</p> |
| |
| <p><img src="/img/blog-ranger/allow-conditions.png" alt="allow-conditions" class="img-responsive" /></p> |
| |
| <h2 id="conclusion">Conclusion</h2> |
| |
| <p>In this post we’ve covered how to set up and use the newest Kudu integration, |
| Apache Ranger, and a sneak peek into the table ownership feature. Please try |
| them out if you have a chance, and let us know what you think on our <a href="mailto:user@kudu.apache.org">mailing |
| list</a> or <a href="https://getkudu.slack.com">Slack</a>. If you |
| run into any issues, feel free to reach out to us on either platform, or open a |
| <a href="https://issues.apache.org/jira/projects/KUDU">bug report</a>.</p></content><author><name>Attila Bukor</name></author><summary type="html">When Apache Kudu was first released in September 2016, it didn’t support any kind of authorization. Anyone who could access the cluster could do anything they wanted. To remedy this, coarse-grained authorization was added along with authentication in Kudu 1.3.0. This meant allowing only certain users to access Kudu, but those who were allowed access could still do whatever they wanted. The only way to achieve finer-grained access control was to limit access to Apache Impala where access control could be enforced by fine-grained policies in Apache Sentry. This method limited how Kudu could be accessed, so we saw a need to implement fine-grained access control in a way that wouldn’t limit access to Impala only. Kudu 1.10.0 integrated with Apache Sentry to enable finer-grained authorization policies. This integration was rather short-lived as it was deprecated in Kudu 1.12.0 and will be completely removed in Kudu 1.13.0. Most recently, since 1.12.0 Kudu supports fine-grained authorization by integrating with Apache Ranger 2.1 and later. In this post, we’ll cover how this works and how to set it up.</summary></entry><entry><title type="html">Building Near Real-time Big Data Lake</title><link href="/2020/07/30/building-near-real-time-big-data-lake.html" rel="alternate" type="text/html" title="Building Near Real-time Big Data Lake" /><published>2020-07-30T00:00:00-07:00</published><updated>2020-07-30T00:00:00-07:00</updated><id>/2020/07/30/building-near-real-time-big-data-lake</id><content type="html" xml:base="/2020/07/30/building-near-real-time-big-data-lake.html"><p>Note: This is a cross-post from the Boris Tyukin’s personal blog <a href="https://boristyukin.com/building-near-real-time-big-data-lake-part-2/">Building Near Real-time Big Data Lake: Part 2</a></p> |
| |
| <p>This is the second part of the series. In <a href="https://boristyukin.com/building-near-real-time-big-data-lake-part-i/">Part 1</a> |
| I wrote about our use-case for the Data Lake architecture and shared our success story.</p> |
| |
| <!--more--> |
| <h2 id="requirements">Requirements</h2> |
| <p>Before we embarked on our journey, we had identified high-level requirements and guiding principles. |
| It is crucial to think it through to envision who and how will use your Data Lake. Identify your |
| first three projects to keep them while you are building the Data Lake.</p> |
| |
| <p>The best way is to start a few smaller proof-of-concept projects: play with various distributed |
| engines and tools, run tons of benchmarks, and learn from others, who implemented a similar solution |
| successfully. Do not forget to learn from others’ mistakes too.</p> |
| |
| <p>We had settled on these 7 guiding principles before we started looking at technology and architecture:</p> |
| <ol> |
| <li>Scale-out, not scale-up.</li> |
| <li>Design for resiliency and availability.</li> |
| <li>Support both real-time and batch ingestion into a Data Lake.</li> |
| <li>Enable both ad-hoc exploratory analysis as well as interactive queries.</li> |
| <li>Replicate in near real-time 300+ Cerner Millennium tables from 3 remote-hosted Cerner Oracle RAC |
| instances with average latency less than 10 seconds (time between a change made in Cerner EHR system |
| by clinicians and data ingested and ready for consumption in Data Lake).</li> |
| <li>Have robust logging and monitoring processes to ensure reliability of the pipeline and to simplify |
| troubleshooting.</li> |
| <li>Reduce manual work greatly and ease the ongoing support.</li> |
| </ol> |
| |
| <p>We decided to embrace the benefits and scalability of Big Data technology. In fact, it was a pretty |
| easy sell as our leadership was tired of constantly buying expensive software and hardware from |
| big-name vendors and not being able to scale-out to support an avalanche of new projects and requests.</p> |
| |
| <p>We started looking at Change Data Capture (CDC) products to mine and ship database logs from Oracle.</p> |
| |
| <p>We knew we had to implement a metadata- or code-as-configuration driven solution to manage hundreds |
| of tables, without expanding our team.</p> |
| |
| <p>We needed a flexible orchestration and scheduling tool, designed with real-time workloads in mind.</p> |
| |
| <p>Finally, we engaged our and Cerner’s leadership early, as it would take time to hash out all the |
| details, and to make their DBAs confident that we were not going to break their production systems |
| by streaming 1000s of messages every second 24x7. In fact, one of the goals was to relieve production |
| systems from analytical workloads.</p> |
| <h2 id="platform-selection">Platform selection</h2> |
| <p>First off, we had to decide on the actual platform. After spending 3 months researching, 4 options |
| emerged, given the realities of our organization:</p> |
| <ol> |
| <li>On-premises virtualized cluster, using preferred vendors, recommended by our infrastructure team.</li> |
| <li>On-premises Big Data appliance (bundled hardware and software, optimized for Big Data workloads).</li> |
| <li>Big Data cluster in cloud, managed by ourselves (IaaS model, which just means renting a bunch of |
| VMs and running Cloudera or Hortonworks Big Data distribution).</li> |
| <li>A fully managed cloud data platform and native cloud data warehouse (Snowflake, Google BigQuery, |
| Amazon Redshift, and etc.)</li> |
| </ol> |
| |
| <p>Each option had a long list of pros and cons, but ultimately we went with option 2. The price was |
| really attractive, it was a capital expense (our finance people rightfully hate subscriptions), the |
| best performance, security, and control.</p> |
| |
| <p>It was in 2017 when we made a decision. While we could not provision cluster resources and add nodes |
| with a click of button and we learned that software and hardware upgrades were a real chore, it was |
| still very much worth that as we’ve saved a 7 number figure for the organization to get the |
| performance we needed.</p> |
| |
| <p>Owning hardware also made a lot of sense for us as we could not forecast our needs far enough in the |
| future and we could get a really powerful 6 node cluster for a fraction the cost that we would end |
| up paying in subscription fees in the next 12 months. Of course, it did help that we already had a |
| state-of-the-art data center and people managing it.</p> |
| |
| <p>Fully-managed or serverless architecture was not really an option back then, but if you asked me |
| today, this would be the first thing I would look at if I had to build a data lake today |
| (definitely check AWS Lake Formation, AWS Athena, Amazon Redshift, Azure Synapse, Snowflake and |
| Google BigQuery).</p> |
| |
| <p>Your organization, goals, projects and situation could be very different and you should definitely |
| evaluate cloud solutions, especially in 2020 when prices are decreasing, cloud providers are |
| extremely competitive and there are new attractive pricing options with 3 year commitment. Make sure |
| you understand the cost and billing model. Or, hire a company (there are plenty now), that will |
| explain your cloud bills before you get a horrifying check.</p> |
| |
| <p>Some of the things to consider:</p> |
| |
| <ol> |
| <li>Existing data center infrastructure and access to people, supporting it.</li> |
| <li>Integration with current tools (BI, ETL, Advanced Analytics etc.) Do they stay on-premises or can |
| be moved into cloud to avoid networking lags or charges for data egress?</li> |
| <li>Total ownership cost and cost to performance ratio.</li> |
| <li>Do you really need elasticity? This is the first thing that cloud advocates are preaching but |
| think if and how this applies to you.</li> |
| <li>Is time-to-market so crucial for you, or you can wait a few months to build Big Data |
| infrastructure on-premises to save some money and get much better performance and control of |
| physical hardware?</li> |
| <li>Are you okay with locking yourself in to vendor’s solution XYZ? This is an especially crucial |
| question if you are selecting a fully managed platform.</li> |
| <li>Can you easily change your cloud provider? Or can you even afford to put all your trust and faith |
| in a single cloud provider?</li> |
| </ol> |
| |
| <p>Do your homework, spend a lot of time reading and talking to other people (engineers and architects, |
| not sales reps), and make sure you understand what you are signing up for.</p> |
| |
| <p>And remember, there is no magic! You still need to architect, design, build, support, test, and make |
| good choices and use common sense. No matter what your favorite vendor tells you. You might save |
| time by spinning up a cluster in minutes, but you still need people to manage all that. You still |
| need great architects and engineers to realize benefits from all that hot new tech.</p> |
| |
| <h2 id="building-blocks">Building blocks</h2> |
| |
| <p>Once we agreed on the platform of our choice, powered by Cloudera Enterprise Data Hub, we started |
| prototyping and benchmarking various engines and tools that came with it. We looked at other |
| open-source projects, as nothing really prevents you from installing and using any open-source |
| product you desire and trust. One of these products for us was Apache NiFi, which proved to be a |
| tremendous value.</p> |
| |
| <p>After a lot of trials and errors, we decided on this architecture:</p> |
| |
| <p><img src="https://boristyukin.com/content/images/pipelinearchitecture.png" width="100%" /></p> |
| |
| <p>One of the toughest challenges we faced right away was the fact that most of the Big Data data |
| engines were not designed to support mutable data but rather immutable append-only data. All the |
| workarounds we had tried did not work for us and no matter what we did with partitioning strategy, |
| we just needed a simple ability to update and delete data, not only insert. Anyone who worked with |
| RDBMS or legacy columnar databases takes this capability for granted, but surprisingly it is a very |
| difficult task in Big Data world.</p> |
| |
| <p>We considered Apache HBase, but the performance of analytics-style ETL and interactive queries was |
| really bad. We were blown away by Apache Impala’s performance on HDFS as no matter what we threw at |
| Impala, it was hundreds of times faster…but we could not update data in place.</p> |
| |
| <p>At about the same time, Cloudera released and open-sourced Apache Kudu project that became part of |
| its official distribution. We got very excited about it (refer to our benchmarks <a href="http://boristyukin.com/benchmarking-apache-kudu-vs-apache-impala/">here</a>), and decided |
| to proceed with Kudu as a storage engine, while using Apache Impala as SQL query engine. One of the |
| ambitious goals of Apache Kudu is to cut the need for the infamous <a href="https://en.wikipedia.org/wiki/Lambda_architecture">Lambda architecture</a>.</p> |
| |
| <p>After talking to 7 vendors and playing with our top picks, we selected a Change Data Capture product |
| (Oracle GoldenGate for Big Data edition). It deserves a separate post but let’s just say it was the |
| only product out of 7, that was able to handle complexities of the source Oracle RAC systems and |
| offer great performance without the need to install any agents or software on the actual production |
| database. Other solutions had a very long list of limitations for Oracle systems, make sure to read |
| and understand these limitations.</p> |
| |
| <p>Our homegrown tool <a href="http://boristyukin.com/how-to-ingest-a-large-number-of-tables-into-a-big-data-lake-or-why-i-built-metazoo/">MetaZoo</a> |
| has been instrumental to bring order and peace, and that’s why it earned |
| its own blog post!</p> |
| |
| <h2 id="how-it-works">How it works</h2> |
| <p>Initial ingest is pretty typical - we use Sqoop to extract data from Cerner Oracle databases, and |
| NiFi helps orchestrate initial load for hundreds of tables. Actually, this NiFi flow below can |
| handle initial ingest of hundreds of tables!</p> |
| |
| <p><img src="https://boristyukin.com/content/images/nifi_initial.png" width="100%" /></p> |
| |
| <p>Our secret sauce though is <a href="http://boristyukin.com/how-to-ingest-a-large-number-of-tables-into-a-big-data-lake-or-why-i-built-metazoo/">MetaZoo</a>. |
| MetaZoo generates optimal parameters for Sqoop (such as a number of mappers, split-by column, and so |
| forth), generates DDLs for staging and final tables, and SQL commands to transform data before they |
| land in the Data Lake. MetaZoo also provides control tables to record status of every table.</p> |
| |
| <p>The throughput of Sqoop is nothing but amazing. Gone are the days when we had to ask Cerner to dump |
| tables on a hard-drive and ship it by snail mail (do not ask how much it cost us!). And we like how |
| YARN queues help to limit the load on production databases.</p> |
| |
| <p>To give you one example, a few years ago it took us 4 weeks to reload <code class="language-plaintext highlighter-rouge">clinical_event</code> table from |
| Cerner using Informatica into our local Oracle database. With Sqoop and Big Data, it was done in 11 |
| hours!</p> |
| |
| <p>This is what happens during the initial ingest.</p> |
| |
| <p>First, MetaZoo gathers relevant metadata from source system about tables to ingest, and based on |
| that metadata will generate DDL scripts, SQL commands snippets, Sqoop parameters, and more. It will |
| initialize tables in MetaZoo control tables as well.</p> |
| |
| <p>Then NiFi picks a list of tables to ingest from MetaZoo control tables and run the following steps |
| to:</p> |
| |
| <ul> |
| <li>Execute and wait for Sqoop to finish.</li> |
| <li>Apply some basic rules to map data types to the corresponding data types in the lake. We convert |
| timestamps to a proper time zone as well. While you do not want to do any heavy processing or or any |
| data modeling in Data Lake and keep data closer to raw format as much as you can, some light |
| processing upfront goes a long way and make it easier for analysts and developers to use these |
| tables later.</li> |
| <li>Load processed data into final tables after some basic validation.</li> |
| <li>Compute Impala statistics.</li> |
| <li>Set initial ingest status to completed in MetaZoo control tables so it is ready for real-time |
| streaming.</li> |
| </ul> |
| |
| <p>Before we kick off the initial ingest process, we start Oracle GoldenGate extracts and replicats |
| (that’s the actual term) to begin capturing changes from a database and send them into Kafka. Every |
| message, depending on database operation type and GoldenGate configuration, might have before/after |
| table row values, operation type and database commit transaction time (it only extracts changes for |
| committed transactions). Once the initial ingest is finished, and because GoldenGate continues |
| sending changes since the moment we started, we can now start real-time ingest flow in NiFi.</p> |
| |
| <p>A side benefit of decoupling GoldenGate from Kafka and NiFi and Kudu is to make this process |
| resilient to failures. This allows us as well to bring one of these systems down for maintenance |
| without much impact.</p> |
| |
| <p>Below is the NiFi flow than handles real-time streaming from Oracle/GoldenGate/Kafka and persists |
| data into Kudu:</p> |
| |
| <p><img src="https://boristyukin.com/content/images/nifi_rt.png" width="100%" /></p> |
| |
| <ol> |
| <li>NiFi flow consumes Kafka messages, produced by GoldenGate. Every table from every domain has |
| its own Kafka topic. Topics have only one partition to preserve the original order of messages.</li> |
| <li>New messages are queued in NiFi, using a simple First-In-First-Out pattern and grouped by a |
| table. It is important to ensure the order of messages but still process tables concurrently.</li> |
| <li>Messages are transformed, using the same basic rules we apply during the initial ingest.</li> |
| <li>Finally, messages are persisted into Kudu. Some of them represent INSERT type operation, which |
| results in brand new rows added to Kudu tables. Other messages are UPDATE and DELETE operations. |
| And we have to deal with an exotic PK_UPDATE operation, when a primary key was changed for some |
| reason in the source system (e.g. PK=111 was renamed to 222). We had to write a custom Kudu client |
| to handle all these cases using Java Kudu API that was fun to use. NiFi allowed us to write custom |
| processors and integrate that custom Kudu code directly into our flow.</li> |
| <li>Useful metrics are stored in a separate Kudu table. We collect number of messages processed, |
| operation type (insert, update, delete or primary key update), latency, important timestamps. |
| Using this data, we can optimize and tweak the performance of the pipeline, and to monitor it by |
| visualizing data on a dashboard.</li> |
| </ol> |
| |
| <p>The entire flow handles 900+ tables today (as we capture 300 tables from 3 Cerner domains).</p> |
| |
| <p>We process ~2,000 messages per second or 125MM messages per day. GoldenGate accumulates 150Gb worth |
| of database changes per day. In Kudu, we store over 120B rows of data.</p> |
| |
| <p>Our average latency is 6 seconds and the pipeline is running 24x7.</p> |
| |
| <h2 id="user-experience">User experience</h2> |
| <p>I am biased, but I think this is a game-changer for analysts, BI developers, or any data people. |
| What they get is an ability to access near real-time production data, with all the benefits and |
| scalability of Big Data technology.</p> |
| |
| <p>Here, I run a query in Impala to count patients, admitted to our hospitals within the last 7 days, |
| who are still in the hospitals (not discharged yet):</p> |
| |
| <p><img src="https://boristyukin.com/content/images/query1.png" alt="query 1" /></p> |
| |
| <p>Then 5 seconds later I run the same query again to see numbers changed - more patients got admitted |
| and discharged:</p> |
| |
| <p><img src="https://boristyukin.com/content/images/query2.png" alt="query 2" />]</p> |
| |
| <p>This query below counts certain clinical events in the 20B row Kudu table (which is updated in near |
| real-time). While it takes 28 seconds to finish, this query would never even finish I ran it against |
| our Oracle database. It found 13.7B events:</p> |
| |
| <p><img src="https://boristyukin.com/content/images/query3.png" alt="query 3" /></p> |
| |
| <h2 id="credits">Credits</h2> |
| <p>Apache Impala, Apache Kudu and Apache NiFi were the pillars of our real-time pipeline. Back in 2017, |
| Impala was already a rock solid battle-tested project, while NiFi and Kudu were relatively new. We |
| did have some reservations about using them and were concerned about support if/when we needed it |
| (and we did need it a few times).</p> |
| |
| <p>We were amazed by all the help, dedication, knowledge sharing, friendliness, and openness of Impala, |
| NiFi and Kudu developers. Huge thank you to all of you who helped us alone the way. You guys are |
| amazing and you are building fantastic products!</p> |
| |
| <p>To be continued…</p></content><author><name>Boris Tyukin</name></author><summary type="html">Note: This is a cross-post from the Boris Tyukin’s personal blog Building Near Real-time Big Data Lake: Part 2 This is the second part of the series. In Part 1 I wrote about our use-case for the Data Lake architecture and shared our success story.</summary></entry><entry><title type="html">Apache Kudu 1.12.0 released</title><link href="/2020/05/18/apache-kudu-1-12-0-release.html" rel="alternate" type="text/html" title="Apache Kudu 1.12.0 released" /><published>2020-05-18T00:00:00-07:00</published><updated>2020-05-18T00:00:00-07:00</updated><id>/2020/05/18/apache-kudu-1-12-0-release</id><content type="html" xml:base="/2020/05/18/apache-kudu-1-12-0-release.html"><p>The Apache Kudu team is happy to announce the release of Kudu 1.12.0!</p> |
| |
| <p>The new release adds several new features and improvements, including the |
| following:</p> |
| |
| <!--more--> |
| |
| <ul> |
| <li>Kudu now supports native fine-grained authorization via integration with |
| Apache Ranger. Kudu may now enforce access control policies defined for |
| Kudu tables and columns stored in Ranger. See the |
| <a href="/releases/1.12.0/docs/security.html#fine_grained_authz">authorization documentation</a> |
| for more details.</li> |
| <li>Kudu’s web UI now supports proxying via Apache Knox. Kudu may be deployed |
| in a firewalled state behind a Knox Gateway which will forward HTTP requests |
| and responses between clients and the Kudu web UI.</li> |
| <li>Kudu’s web UI now supports HTTP keep-alive. Operations that access multiple |
| URLs will now reuse a single HTTP connection, improving their performance.</li> |
| <li>The <code class="language-plaintext highlighter-rouge">kudu tserver quiesce</code> tool is added to quiesce tablet servers. While a |
| tablet server is quiescing, it will stop hosting tablet leaders and stop |
| serving new scan requests. This can be used to orchestrate a rolling restart |
| without stopping on-going Kudu workloads.</li> |
| <li>Introduced <code class="language-plaintext highlighter-rouge">auto</code> time source for HybridClock timestamps. With |
| <code class="language-plaintext highlighter-rouge">--time_source=auto</code> in AWS and GCE cloud environments, Kudu masters and |
| tablet servers use the built-in NTP client synchronized with dedicated NTP |
| servers available via host-only networks. With <code class="language-plaintext highlighter-rouge">--time_source=auto</code> in |
| environments other than AWS/GCE, Kudu masters and tablet servers rely on |
| their local machine’s clock synchronized by NTP. The default setting for |
| the HybridClock time source (<code class="language-plaintext highlighter-rouge">--time_source=system</code>) is backward-compatible, |
| requiring the local machine’s clock to be synchronized by the kernel’s NTP |
| discipline.</li> |
| <li>The <code class="language-plaintext highlighter-rouge">kudu cluster rebalance</code> tool now supports moving replicas away from |
| specific tablet servers by supplying the <code class="language-plaintext highlighter-rouge">--ignored_tservers</code> and |
| <code class="language-plaintext highlighter-rouge">--move_replicas_from_ignored_tservers</code> arguments (see |
| <a href="https://issues.apache.org/jira/browse/KUDU-2914">KUDU-2914</a> for more |
| details).</li> |
| <li>Write Ahead Log file segments and index chunks are now managed by Kudu’s file |
| cache. With that, all long-lived file descriptors used by Kudu are managed by |
| the file cache, and there’s no longer a need for capacity planning of file |
| descriptor usage.</li> |
| </ul> |
| |
| <p>The above is just a list of the highlights, for a more complete list of new |
| features, improvements and fixes please refer to the <a href="/releases/1.12.0/docs/release_notes.html">release |
| notes</a>.</p> |
| |
| <p>The Apache Kudu project only publishes source code releases. To build Kudu |
| 1.12.0, follow these steps:</p> |
| |
| <ul> |
| <li>Download the Kudu <a href="/releases/1.12.0">1.12.0 source release</a></li> |
| <li>Follow the instructions in the documentation to build Kudu <a href="/releases/1.12.0/docs/installation.html#build_from_source">1.12.0 from |
| source</a></li> |
| </ul> |
| |
| <p>For your convenience, binary JAR files for the Kudu Java client library, Spark |
| DataSource, Flume sink, and other Java integrations are published to the ASF |
| Maven repository and are <a href="https://search.maven.org/search?q=g:org.apache.kudu%20AND%20v:1.12.0">now |
| available</a>.</p> |
| |
| <p>The Python client source is also available on |
| <a href="https://pypi.org/project/kudu-python/">PyPI</a>.</p> |
| |
| <p>Additionally, experimental Docker images are published to |
| <a href="https://hub.docker.com/r/apache/kudu">Docker Hub</a>.</p></content><author><name>Hao Hao</name></author><summary type="html">The Apache Kudu team is happy to announce the release of Kudu 1.12.0! The new release adds several new features and improvements, including the following:</summary></entry><entry><title type="html">Apache Kudu 1.10.1 released</title><link href="/2019/11/20/apache-kudu-1-10-1-release.html" rel="alternate" type="text/html" title="Apache Kudu 1.10.1 released" /><published>2019-11-20T00:00:00-08:00</published><updated>2019-11-20T00:00:00-08:00</updated><id>/2019/11/20/apache-kudu-1-10-1-release</id><content type="html" xml:base="/2019/11/20/apache-kudu-1-10-1-release.html"><p>The Apache Kudu team is happy to announce the release of Kudu 1.10.1!</p> |
| |
| <p>Apache Kudu 1.10.1 is a bug fix release which fixes critical issues discovered |
| in Apache Kudu 1.10.0. In particular, this fixes a licensing issue with |
| distributing libnuma library with the kudu-binary JAR artifact. Users of |
| Kudu 1.10.0 are encouraged to upgrade to 1.10.1 as soon as possible. See the |
| <a href="/releases/1.10.1/docs/release_notes.html">release notes</a> for details.</p> |
| |
| <!--more--> |
| |
| <p>The Apache Kudu project only publishes source code releases. To build Kudu |
| 1.10.1, follow these steps:</p> |
| |
| <ul> |
| <li>Download the Kudu <a href="/releases/1.10.1">1.10.1 source release</a></li> |
| <li>Follow the instructions in the documentation to build Kudu <a href="/releases/1.10.1/docs/installation.html#build_from_source">1.10.1 from |
| source</a></li> |
| </ul> |
| |
| <p>For your convenience, binary JAR files for the Kudu Java client library, Spark |
| DataSource, Flume sink, and other Java integrations are published to the ASF |
| Maven repository and are <a href="https://search.maven.org/search?q=g:org.apache.kudu%20AND%20v:1.10.1">now |
| available</a>.</p> |
| |
| <p>The Python client source is also available on |
| <a href="https://pypi.org/project/kudu-python/">PyPI</a>.</p></content><author><name>Alexey Serbin</name></author><summary type="html">The Apache Kudu team is happy to announce the release of Kudu 1.10.1! Apache Kudu 1.10.1 is a bug fix release which fixes critical issues discovered in Apache Kudu 1.10.0. In particular, this fixes a licensing issue with distributing libnuma library with the kudu-binary JAR artifact. Users of Kudu 1.10.0 are encouraged to upgrade to 1.10.1 as soon as possible. See the release notes for details.</summary></entry><entry><title type="html">Apache Kudu 1.11.1 released</title><link href="/2019/11/20/apache-kudu-1-11-1-release.html" rel="alternate" type="text/html" title="Apache Kudu 1.11.1 released" /><published>2019-11-20T00:00:00-08:00</published><updated>2019-11-20T00:00:00-08:00</updated><id>/2019/11/20/apache-kudu-1-11-1-release</id><content type="html" xml:base="/2019/11/20/apache-kudu-1-11-1-release.html"><p>The Apache Kudu team is happy to announce the release of Kudu 1.11.1!</p> |
| |
| <p>This release contains a fix which addresses a critical issue discovered in |
| 1.10.0 and 1.11.0 and adds several new features and improvements since 1.10.0.</p> |
| |
| <!--more--> |
| |
| <p>Apache Kudu 1.11.1 is a bug fix release which fixes critical issues discovered |
| in Apache Kudu 1.11.0. In particular, this release fixes a licensing issue with |
| distributing libnuma library with the kudu-binary JAR artifact. Users of |
| Kudu 1.11.0 are encouraged to upgrade to 1.11.1 as soon as possible.</p> |
| |
| <p>Apache Kudu 1.11.1 adds several new features and improvements since |
| Apache Kudu 1.10.0, including the following:</p> |
| |
| <ul> |
| <li>Kudu now supports putting tablet servers into maintenance mode: while in this |
| mode, the tablet server’s replicas will not be re-replicated if the server |
| fails. Administrative CLI are added to orchestrate tablet server maintenance |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2069">KUDU-2069</a>).</li> |
| <li>Kudu now has a built-in NTP client which maintains the internal wallclock |
| time used for generation of HybridTime timestamps. When enabled, system clock |
| synchronization for nodes running Kudu is no longer necessary, |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2935">KUDU-2935</a>).</li> |
| <li>Aggregated table statistics are now available to Kudu clients. This allows |
| for various query optimizations. For example, Spark now uses it to perform |
| join optimizations |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2797">KUDU-2797</a> and |
| <a href="https://issues.apache.org/jira/browse/KUDU-2721">KUDU-2721</a>).</li> |
| <li>The kudu CLI tool now supports creating and dropping range partitions |
| for a table |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2881">KUDU-2881</a>).</li> |
| <li>The kudu CLI tool now supports altering and dropping table columns.</li> |
| <li>The kudu CLI tool now supports getting and setting extra configuration |
| properties for a table |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2514">KUDU-2514</a>).</li> |
| </ul> |
| |
| <p>See the <a href="/releases/1.11.1/docs/release_notes.html">release notes</a> for details.</p> |
| |
| <p>The Apache Kudu project only publishes source code releases. To build Kudu |
| 1.11.1, follow these steps:</p> |
| |
| <ul> |
| <li>Download the Kudu <a href="/releases/1.11.1">1.11.1 source release</a></li> |
| <li>Follow the instructions in the documentation to build Kudu <a href="/releases/1.11.1/docs/installation.html#build_from_source">1.11.1 from |
| source</a></li> |
| </ul> |
| |
| <p>For your convenience, binary JAR files for the Kudu Java client library, Spark |
| DataSource, Flume sink, and other Java integrations are published to the ASF |
| Maven repository and are <a href="https://search.maven.org/search?q=g:org.apache.kudu%20AND%20v:1.11.1">now |
| available</a>.</p> |
| |
| <p>The Python client source is also available on |
| <a href="https://pypi.org/project/kudu-python/">PyPI</a>.</p> |
| |
| <p>Additionally experimental Docker images are published to |
| <a href="https://hub.docker.com/r/apache/kudu">Docker Hub</a>.</p></content><author><name>Alexey Serbin</name></author><summary type="html">The Apache Kudu team is happy to announce the release of Kudu 1.11.1! This release contains a fix which addresses a critical issue discovered in 1.10.0 and 1.11.0 and adds several new features and improvements since 1.10.0.</summary></entry><entry><title type="html">Apache Kudu 1.10.0 Released</title><link href="/2019/07/09/apache-kudu-1-10-0-release.html" rel="alternate" type="text/html" title="Apache Kudu 1.10.0 Released" /><published>2019-07-09T00:00:00-07:00</published><updated>2019-07-09T00:00:00-07:00</updated><id>/2019/07/09/apache-kudu-1-10-0-release</id><content type="html" xml:base="/2019/07/09/apache-kudu-1-10-0-release.html"><p>The Apache Kudu team is happy to announce the release of Kudu 1.10.0!</p> |
| |
| <p>The new release adds several new features and improvements, including the |
| following:</p> |
| |
| <!--more--> |
| |
| <ul> |
| <li>Kudu now supports both full and incremental table backups via a job |
| implemented using Apache Spark. Additionally it supports restoring |
| tables from full and incremental backups via a restore job implemented using |
| Apache Spark. See the |
| <a href="/releases/1.10.0/docs/administration.html#backup">backup documentation</a> |
| for more details.</li> |
| <li>Kudu can now synchronize its internal catalog with the Apache Hive Metastore, |
| automatically updating Hive Metastore table entries upon table creation, |
| deletion, and alterations in Kudu. See the |
| <a href="/releases/1.10.0/docs/hive_metastore.html#metadata_sync">HMS synchronization documentation</a> |
| for more details.</li> |
| <li>Kudu now supports native fine-grained authorization via integration with |
| Apache Sentry. Kudu may now enforce access control policies defined for Kudu |
| tables and columns, as well as policies defined on Hive servers and databases |
| that may store Kudu tables. See the |
| <a href="/releases/1.10.0/docs/security.html#fine_grained_authz">authorization documentation</a> |
| for more details.</li> |
| <li>Kudu’s web UI now supports SPNEGO, a protocol for securing HTTP requests with |
| Kerberos by passing negotiation through HTTP headers. To enable, set the |
| <code class="language-plaintext highlighter-rouge">--webserver_require_spnego</code> command line flag.</li> |
| <li>Column comments can now be stored in Kudu tables, and can be updated using |
| the AlterTable API |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-1711">KUDU-1711</a>).</li> |
| <li>The performance of mutations (i.e. UPDATE, DELETE, and re-INSERT) to |
| not-yet-flushed Kudu data has been significantly optimized |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2826">KUDU-2826</a> and |
| <a href="https://github.com/apache/kudu/commit/f9f9526d3">f9f9526d3</a>).</li> |
| <li>Predicate performance for primitive columns and IS NULL and IS NOT NULL |
| has been optimized |
| (see <a href="https://issues.apache.org/jira/browse/KUDU-2846">KUDU-2846</a>).</li> |
| </ul> |
| |
| <p>The above is just a list of the highlights, for a more complete list of new |
| features, improvements and fixes please refer to the <a href="/releases/1.10.0/docs/release_notes.html">release |
| notes</a>.</p> |
| |
| <p>The Apache Kudu project only publishes source code releases. To build Kudu |
| 1.10.0, follow these steps:</p> |
| |
| <ul> |
| <li>Download the Kudu <a href="/releases/1.10.0">1.10.0 source release</a></li> |
| <li>Follow the instructions in the documentation to build Kudu <a href="/releases/1.10.0/docs/installation.html#build_from_source">1.10.0 from |
| source</a></li> |
| </ul> |
| |
| <p>For your convenience, binary JAR files for the Kudu Java client library, Spark |
| DataSource, Flume sink, and other Java integrations are published to the ASF |
| Maven repository and are <a href="https://search.maven.org/search?q=g:org.apache.kudu%20AND%20v:1.10.0">now |
| available</a>.</p> |
| |
| <p>The Python client source is also available on |
| <a href="https://pypi.org/project/kudu-python/">PyPI</a>.</p> |
| |
| <p>Additionally experimental Docker images are published to |
| <a href="https://hub.docker.com/r/apache/kudu">Docker Hub</a>.</p></content><author><name>Grant Henke</name></author><summary type="html">The Apache Kudu team is happy to announce the release of Kudu 1.10.0! The new release adds several new features and improvements, including the following:</summary></entry><entry><title type="html">Location Awareness in Kudu</title><link href="/2019/04/30/location-awareness.html" rel="alternate" type="text/html" title="Location Awareness in Kudu" /><published>2019-04-30T00:00:00-07:00</published><updated>2019-04-30T00:00:00-07:00</updated><id>/2019/04/30/location-awareness</id><content type="html" xml:base="/2019/04/30/location-awareness.html"><p>This post is about location awareness in Kudu. It gives an overview |
| of the following:</p> |
| <ul> |
| <li>principles of the design</li> |
| <li>restrictions of the current implementation</li> |
| <li>potential future enhancements and extensions</li> |
| </ul> |
| |
| <!--more--> |
| |
| <h1 id="introduction">Introduction</h1> |
| <p>Kudu supports location awareness starting with the 1.9.0 release. The |
| initial implementation of location awareness in Kudu is built to satisfy the |
| following requirement:</p> |
| |
| <ul> |
| <li>In a Kudu cluster consisting of multiple servers spread over several racks, |
| place the replicas of a tablet in such a way that the tablet stays available |
| even if all the servers in a single rack become unavailable.</li> |
| </ul> |
| |
| <p>A rack failure can occur when a hardware component shared among servers in the |
| rack, such as a network switch or power supply, fails. More generally, |
| replace ‘rack’ with any other aggregation of nodes (e.g., chassis, site, |
| cloud availability zone, etc.) where some or all nodes in an aggregate become |
| unavailable in case of a failure. This even applies to a datacenter if the |
| network latency between datacenters is low. This is why we call the feature |
| <em>location awareness</em> and not <em>rack awareness</em>.</p> |
| |
| <h1 id="locations-in-kudu">Locations in Kudu</h1> |
| <p>In Kudu, a location is defined by a string that begins with a slash (<code class="language-plaintext highlighter-rouge">/</code>) and |
| consists of slash-separated tokens each of which contains only characters from |
| the set <code class="language-plaintext highlighter-rouge">[a-zA-Z0-9_-.]</code>. The components of the location string hierarchy |
| should correspond to the physical or cloud-defined hierarchy of the deployed |
| cluster, e.g. <code class="language-plaintext highlighter-rouge">/data-center-0/rack-09</code> or <code class="language-plaintext highlighter-rouge">/region-0/availability-zone-01</code>.</p> |
| |
| <p>The design choice of using hierarchical paths for location strings is |
| partially influenced by HDFS. The intention was to make it possible using |
| the same locations as for existing HDFS nodes, because it’s common to deploy |
| Kudu alongside HDFS. In addition, the hierarchical structure of location |
| strings allows for interpretation of those in terms of common ancestry and |
| relative proximity. As of now, Kudu does not exploit the hierarchical |
| structure of the location except for the client’s logic to find the closest |
| tablet server. However, we plan to leverage the hierarchical structure |
| in future releases.</p> |
| |
| <h1 id="defining-and-assigning-locations">Defining and assigning locations</h1> |
| <p>Kudu masters assign locations to tablet servers and clients.</p> |
| |
| <p>Every Kudu master runs the location assignment procedure to assign a location |
| to a tablet server when it registers. To determine the location for a tablet |
| server, the master invokes an executable that takes the IP address or hostname |
| of the tablet server and outputs the corresponding location string for the |
| specified IP address or hostname. If the executable exits with non-zero exit |
| status, that’s interpreted as an error and masters add corresponding error |
| message about that into their logs. In case of tablet server registrations |
| such outcome is deemed as a registration failure and the corresponding tablet |
| server is not added into the master’s registry. The latter renders the tablet |
| server unusable to Kudu clients since non-registered tablet servers are not |
| discoverable to Kudu clients via <code class="language-plaintext highlighter-rouge">GetTableLocations</code> RPC.</p> |
| |
| <p>The master associates the produced location string with the registered tablet |
| server and keeps it until the tablet server re-registers, which only occurs |
| if the master or tablet server restarts. Masters use the assigned location |
| information internally to make replica placement decisions, trying to place |
| replicas evenly across locations and to keep tablets available in case all |
| tablet servers in a single location fail (see |
| <a href="https://s.apache.org/location-awareness-design">the design document</a> |
| for details). In addition, masters provide connected clients with |
| the information on the client’s assigned location, so the clients can make |
| informed decisions when they attempt to read from the closest tablet server. |
| Kudu tablet servers themselves are location agnostic, at least for now, |
| so the assigned location is not reported back to a registered tablet server.</p> |
| |
| <h1 id="the-location-aware-placement-policy-for-tablet-replicas-in-kudu">The location-aware placement policy for tablet replicas in Kudu</h1> |
| <p>While placing replicas of tablets in location-aware cluster, Kudu uses a best |
| effort approach to adhere to the following principle:</p> |
| <ul> |
| <li>Spread replicas across locations so that the failure of tablet servers |
| in one location does not make tablets unavailable.</li> |
| </ul> |
| |
| <p>That’s referred to as the <em>replica placement policy</em> or just <em>placement policy</em>. |
| In Kudu, both the initial placement of tablet replicas and the automatic |
| re-replication are governed by that policy. As of now, that’s the only |
| replica placement policy available in Kudu. The placement policy isn’t |
| customizable and doesn’t have any configurable parameters.</p> |
| |
| <h1 id="automatic-re-replication-and-placement-policy">Automatic re-replication and placement policy</h1> |
| <p>By design, keeping the target replication factor for tablets has higher |
| priority than conforming to the replica placement policy. In other words, |
| when bringing up tablet replicas to replace failed ones, Kudu uses a best-effort |
| approach with regard to conforming to the constraints of the placement policy. |
| Essentially, that means that if there isn’t a way to place a replica to conform |
| with the placement policy, the system places the replica anyway. The resulting |
| violation of the placement policy can be addressed later on when unreachable |
| tablet servers become available again or the misconfiguration is addressed. |
| As of now, to fix the resulting placement policy violations it’s necessary |
| to run the CLI rebalancer tool manually (see below for details), |
| but in future releases that might be done <a href="https://issues.apache.org/jira/browse/KUDU-2780">automatically in background</a>.</p> |
| |
| <h1 id="an-example-of-location-aware-rebalancing">An example of location-aware rebalancing</h1> |
| <p>This section illustrates what happens during each phase of the location-aware |
| rebalancing process.</p> |
| |
| <p>In the diagrams below, the larger outer boxes denote locations, and the |
| smaller inner ones denote tablet servers. As for the real-world objects behind |
| locations in this example, one might think of server racks with a shared power |
| supply or a shared network switch. It’s assumed that no more than one tablet |
| server is run at each node (i.e. machine) in a rack.</p> |
| |
| <p>The first phase of the rebalancing process is about detecting violations and |
| reinstating the placement policy in the cluster. In the diagram below, there |
| are three locations defined: <code class="language-plaintext highlighter-rouge">/L0</code>, <code class="language-plaintext highlighter-rouge">/L1</code>, <code class="language-plaintext highlighter-rouge">/L2</code>. Each location has two tablet |
| servers. Table <code class="language-plaintext highlighter-rouge">A</code> has the replication factor of three (RF=3) and consists of |
| four tablets: <code class="language-plaintext highlighter-rouge">A0</code>, <code class="language-plaintext highlighter-rouge">A1</code>, <code class="language-plaintext highlighter-rouge">A2</code>, <code class="language-plaintext highlighter-rouge">A3</code>. Table <code class="language-plaintext highlighter-rouge">B</code> has replication factor of five |
| (RF=5) and consists of three tablets: <code class="language-plaintext highlighter-rouge">B0</code>, <code class="language-plaintext highlighter-rouge">B1</code>, <code class="language-plaintext highlighter-rouge">B2</code>.</p> |
| |
| <p>The distribution of the replicas for tablet <code class="language-plaintext highlighter-rouge">A0</code> violates the placement policy. |
| Why? Because replicas <code class="language-plaintext highlighter-rouge">A0.0</code> and <code class="language-plaintext highlighter-rouge">A0.1</code> constitute the majority of replicas |
| (two out of three) and reside in the same location <code class="language-plaintext highlighter-rouge">/L0</code>.</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> /L0 /L1 /L2 |
| +-------------------+ +-------------------+ +-------------------+ |
| | TS0 TS1 | | TS2 TS3 | | TS4 TS5 | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| | | A0.0 | | A0.1 | | | | A0.2 | | | | | | | | | | |
| | | | | A1.0 | | | | A1.1 | | | | | | A1.2 | | | | |
| | | | | A2.0 | | | | A2.1 | | | | | | A2.2 | | | | |
| | | | | A3.0 | | | | A3.1 | | | | | | A3.2 | | | | |
| | | B0.0 | | B0.1 | | | | B0.2 | | B0.3 | | | | B0.4 | | | | |
| | | B1.0 | | B1.1 | | | | B1.2 | | B1.3 | | | | B1.4 | | | | |
| | | B2.0 | | B2.1 | | | | B2.2 | | B2.3 | | | | B2.4 | | | | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| +-------------------+ +-------------------+ +-------------------+ |
| </code></pre></div></div> |
| |
| <p>The location-aware rebalancer should initiate movement either of <code class="language-plaintext highlighter-rouge">T0.0</code> or |
| <code class="language-plaintext highlighter-rouge">T0.1</code> from <code class="language-plaintext highlighter-rouge">/L0</code> to other location, so the resulting replica distribution would |
| <em>not</em> contain the majority of replicas in any single location. In addition to |
| that, the rebalancer tool tries to evenly spread the load across all locations |
| and tablet servers within each location. The latter narrows down the list |
| of the candidate replicas to move: <code class="language-plaintext highlighter-rouge">A0.1</code> is the best candidate to move from |
| location <code class="language-plaintext highlighter-rouge">/L0</code>, so location <code class="language-plaintext highlighter-rouge">/L0</code> would not contain the majority of replicas |
| for tablet <code class="language-plaintext highlighter-rouge">A0</code>. The same principle dictates the target location and the target |
| tablet server to receive <code class="language-plaintext highlighter-rouge">A0.1</code>: that should be tablet server <code class="language-plaintext highlighter-rouge">TS5</code> in the |
| location <code class="language-plaintext highlighter-rouge">/L2</code>. The result distribution of the tablet replicas after the move |
| is represented in the diagram below.</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> /L0 /L1 /L2 |
| +-------------------+ +-------------------+ +-------------------+ |
| | TS0 TS1 | | TS2 TS3 | | TS4 TS5 | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| | | A0.0 | | | | | | A0.2 | | | | | | | | A0.1 | | |
| | | | | A1.0 | | | | A1.1 | | | | | | A1.2 | | | | |
| | | | | A2.0 | | | | A2.1 | | | | | | A2.2 | | | | |
| | | | | A3.0 | | | | A3.1 | | | | | | A3.2 | | | | |
| | | B0.0 | | B0.1 | | | | B0.2 | | B0.3 | | | | B0.4 | | | | |
| | | B1.0 | | B1.1 | | | | B1.2 | | B1.3 | | | | B1.4 | | | | |
| | | B2.0 | | B2.1 | | | | B2.2 | | B2.3 | | | | B2.4 | | | | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| +-------------------+ +-------------------+ +-------------------+ |
| </code></pre></div></div> |
| |
| <p>The second phase of the location-aware rebalancing is about moving tablet |
| replicas across locations to make the locations’ load more balanced. For the |
| number <code class="language-plaintext highlighter-rouge">S</code> of tablet servers in a location and the total number <code class="language-plaintext highlighter-rouge">R</code> of replicas |
| in the location, the <em>load of the location</em> is defined as <code class="language-plaintext highlighter-rouge">R/S</code>.</p> |
| |
| <p>At this stage all violations of the placement policy are already rectified. The |
| rebalancer tool doesn’t attempt to make any moves which would violate the |
| placement policy.</p> |
| |
| <p>The load of the locations in the diagram above:</p> |
| <ul> |
| <li><code class="language-plaintext highlighter-rouge">/L0</code>: 1/5</li> |
| <li><code class="language-plaintext highlighter-rouge">/L1</code>: 1/5</li> |
| <li><code class="language-plaintext highlighter-rouge">/L2</code>: 2/7</li> |
| </ul> |
| |
| <p>A possible distribution of the tablet replicas after the second phase is |
| represented below. The result load of the locations:</p> |
| <ul> |
| <li><code class="language-plaintext highlighter-rouge">/L0</code>: 2/9</li> |
| <li><code class="language-plaintext highlighter-rouge">/L1</code>: 2/9</li> |
| <li><code class="language-plaintext highlighter-rouge">/L2</code>: 2/9</li> |
| </ul> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> /L0 /L1 /L2 |
| +-------------------+ +-------------------+ +-------------------+ |
| | TS0 TS1 | | TS2 TS3 | | TS4 TS5 | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| | | A0.0 | | | | | | A0.2 | | | | | | | | A0.1 | | |
| | | | | A1.0 | | | | A1.1 | | | | | | A1.2 | | | | |
| | | | | A2.0 | | | | A2.1 | | | | | | A2.2 | | | | |
| | | | | A3.0 | | | | A3.1 | | | | | | A3.2 | | | | |
| | | B0.0 | | | | | | B0.2 | | B0.3 | | | | B0.4 | | B0.1 | | |
| | | B1.0 | | B1.1 | | | | | | B1.3 | | | | B1.4 | | B2.2 | | |
| | | B2.0 | | B2.1 | | | | B2.2 | | B2.3 | | | | B2.4 | | | | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| +-------------------+ +-------------------+ +-------------------+ |
| </code></pre></div></div> |
| |
| <p>The third phase of the location-aware rebalancing is about moving tablet |
| replicas within each location to make the distribution of replicas even, |
| both per-table and per-server.</p> |
| |
| <p>See below for a possible replicas’ distribution in the example scenario |
| after the third phase of the location-aware rebalancing successfully completes.</p> |
| |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> /L0 /L1 /L2 |
| +-------------------+ +-------------------+ +-------------------+ |
| | TS0 TS1 | | TS2 TS3 | | TS4 TS5 | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| | | A0.0 | | | | | | | | A0.2 | | | | | | A0.1 | | |
| | | | | A1.0 | | | | A1.1 | | | | | | A1.2 | | | | |
| | | | | A2.0 | | | | A2.1 | | | | | | A2.2 | | | | |
| | | | | A3.0 | | | | A3.1 | | | | | | A3.2 | | | | |
| | | B0.0 | | | | | | B0.2 | | B0.3 | | | | B0.4 | | B0.1 | | |
| | | B1.0 | | B1.1 | | | | | | B1.3 | | | | B1.4 | | B1.2 | | |
| | | B2.0 | | B2.1 | | | | B2.2 | | B2.3 | | | | | | B2.4 | | |
| | +------+ +------+ | | +------+ +------+ | | +------+ +------+ | |
| +-------------------+ +-------------------+ +-------------------+ |
| </code></pre></div></div> |
| |
| <h1 id="how-to-make-a-kudu-cluster-location-aware">How to make a Kudu cluster location-aware</h1> |
| <p>To make a Kudu cluster location-aware, it’s necessary to set the |
| <code class="language-plaintext highlighter-rouge">--location_mapping_cmd</code> flag for Kudu master(s) and make the corresponding |
| executable (binary or a script) available at the nodes where Kudu masters run. |
| In case of multiple masters, it’s important to make sure that the location |
| mappings stay the same regardless of the node where the location assignment |
| command is running.</p> |
| |
| <p>It’s recommended to have at least three locations defined in a Kudu |
| cluster so that no location contains a majority of tablet replicas. |
| With two locations or less it’s not possible to spread replicas |
| of tablets with replication factor of three and higher such that no location |
| contains a majority of replicas.</p> |
| |
| <p>For example, running a Kudu cluster in a single datacenter <code class="language-plaintext highlighter-rouge">dc0</code>, assign |
| location <code class="language-plaintext highlighter-rouge">/dc0/rack0</code> to tablet servers running at machines in the rack <code class="language-plaintext highlighter-rouge">rack0</code>, |
| <code class="language-plaintext highlighter-rouge">/dc0/rack1</code> to tablet servers running at machines in the rack <code class="language-plaintext highlighter-rouge">rack1</code>, |
| and <code class="language-plaintext highlighter-rouge">/dc0/rack2</code> to tablet servers running at machines in the rack <code class="language-plaintext highlighter-rouge">rack2</code>. |
| In a similar way, when running in cloud, assign location <code class="language-plaintext highlighter-rouge">/regionA/az0</code> |
| to tablet servers running in availability zone <code class="language-plaintext highlighter-rouge">az0</code> of region <code class="language-plaintext highlighter-rouge">regionA</code>, |
| and <code class="language-plaintext highlighter-rouge">/regionA/az1</code> to tablet servers running in zone <code class="language-plaintext highlighter-rouge">az1</code> of the same region.</p> |
| |
| <h1 id="an-example-of-location-assignment-script-for-kudu">An example of location assignment script for Kudu</h1> |
| <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>#!/bin/sh |
| # |
| # It's assumed a Kudu cluster consists of nodes with IPv4 addresses in the |
| # private 192.168.100.0/32 subnet. The nodes are hosted in racks, where |
| # each rack can contain at most 32 nodes. This results in 8 locations, |
| # one location per rack. |
| # |
| # This example script maps IP addresses into locations assuming that RPC |
| # endpoints of tablet servers are specified via IPv4 addresses. If tablet |
| # servers' RPC endpoints are specified using DNS hostnames (and that's how |
| # it's done by default), the script should consume DNS hostname instead of |
| # an IP address as an input parameter. Check the `--rpc_bind_addresses` and |
| # `--rpc_advertised_addresses` command line flags of kudu-tserver for details. |
| # |
| # DISCLAIMER: |
| # This is an example Bourne shell script for Kudu location assignment. Please |
| # note it's just a toy script created with illustrative-only purpose. |
| # The error handling and the input validation are minimalistic. Also, the |
| # network topology choice, supportability and capacity planning aspects of |
| # this script might be sub-optimal if applied as-is for real-world use cases. |
| |
| set -e |
| |
| if [ $# -ne 1 ]; then |
| echo "usage: $0 &lt;ip_address&gt;" |
| exit 1 |
| fi |
| |
| ip_address=$1 |
| shift |
| |
| suffix=${ip_address##192.168.100.} |
| if [ -z "${suffix##*.*}" ]; then |
| # An IP address from a non-controlled subnet: maps into the 'other' location. |
| echo "/other" |
| exit 0 |
| fi |
| |
| # The mapping of the IP addresses |
| if [ -z "$suffix" -o $suffix -lt 0 -o $suffix -gt 255 ]; then |
| echo "ERROR: '$ip_address' is not a valid IPv4 address" |
| exit 2 |
| fi |
| |
| if [ $suffix -eq 0 -o $suffix -eq 255 ]; then |
| echo "ERROR: '$ip_address' is a 0xffffff00 IPv4 subnet address" |
| exit 3 |
| fi |
| |
| if [ $suffix -lt 32 ]; then |
| echo "/dc0/rack00" |
| elif [ $suffix -ge 32 -a $suffix -lt 64 ]; then |
| echo "/dc0/rack01" |
| elif [ $suffix -ge 64 -a $suffix -lt 96 ]; then |
| echo "/dc0/rack02" |
| elif [ $suffix -ge 96 -a $suffix -lt 128 ]; then |
| echo "/dc0/rack03" |
| elif [ $suffix -ge 128 -a $suffix -lt 160 ]; then |
| echo "/dc0/rack04" |
| elif [ $suffix -ge 160 -a $suffix -lt 192 ]; then |
| echo "/dc0/rack05" |
| elif [ $suffix -ge 192 -a $suffix -lt 224 ]; then |
| echo "/dc0/rack06" |
| else |
| echo "/dc0/rack07" |
| fi |
| </code></pre></div></div> |
| |
| <h1 id="reinstating-the-placement-policy-in-a-location-aware-kudu-cluster">Reinstating the placement policy in a location-aware Kudu cluster</h1> |
| <p>As explained earlier, even if the initial placement of tablet replicas conforms |
| to the placement policy, the cluster might get to a point where there are not |
| enough tablet servers to place a new or a replacement replica. Ideally, such |
| situations should be handled automatically: once there are enough tablet servers |
| in the cluster or the misconfiguration is fixed, the placement policy should |
| be reinstated. Currently, it’s possible to reinstate the placement policy using |
| the <code class="language-plaintext highlighter-rouge">kudu</code> CLI tool:</p> |
| |
| <p><code class="language-plaintext highlighter-rouge">sudo -u kudu kudu cluster rebalance &lt;master_rpc_endpoints&gt;</code></p> |
| |
| <p>In the first phase, the location-aware rebalancing process tries to |
| reestablish the placement policy. If that’s not possible, the tool |
| terminates. Use the <code class="language-plaintext highlighter-rouge">--disable_policy_fixer</code> flag to skip this phase and |
| continue to the cross-location rebalancing phase.</p> |
| |
| <p>The second phase is cross-location rebalancing, i.e. moving tablet replicas |
| between different locations in attempt to spread tablet replicas among |
| locations evenly, equalizing the loads of locations throughout the cluster. |
| If the benefits of spreading the load among locations do not justify the cost |
| of the cross-location replica movement, the tool can be instructed to skip the |
| second phase of the location-aware rebalancing. Use the |
| <code class="language-plaintext highlighter-rouge">--disable_cross_location_rebalancing</code> command line flag for that.</p> |
| |
| <p>The third phase is intra-location rebalancing, i.e. balancing the distribution |
| of tablet replicas within each location as if each location is a cluster on its |
| own. Use the <code class="language-plaintext highlighter-rouge">--disable_intra_location_rebalancing</code> flag to skip this phase.</p> |
| |
| <h1 id="future-work">Future work</h1> |
| <p>Having a CLI tool to reinstate placement policy is nice, but it would be great |
| to run the location-aware rebalancing in background, automatically reinstating |
| the placement policy and making tablet replica distribution even |
| across a Kudu cluster.</p> |
| |
| <p>In addition to that, there is a idea to make it possible to have |
| multiple customizable placement policies in the system. As of now, there is |
| a request to implement so-called ‘table pinning’, i.e. make it possible |
| to specify placement policy where replicas of tablets of particular tables |
| are placed only at nodes within the specified locations. The table pinning |
| request is tracked by KUDU-2604 in Apache JIRA, see |
| <a href="https://issues.apache.org/jira/browse/KUDU-2604">KUDU-2604</a>.</p> |
| |
| <h1 id="references">References</h1> |
| <p>[1] Location awareness in Kudu: <a href="https://github.com/apache/kudu/blob/master/docs/design-docs/location-awareness.md">design document</a></p> |
| |
| <p>[2] A proposal for Kudu tablet server labeling: <a href="https://issues.apache.org/jira/browse/KUDU-2604">KUDU-2604</a></p> |
| |
| <p>[3] Further improvement: <a href="https://issues.apache.org/jira/browse/KUDU-2780">automatic cluster rebalancing</a>.</p></content><author><name>Alexey Serbin</name></author><summary type="html">This post is about location awareness in Kudu. It gives an overview of the following: principles of the design restrictions of the current implementation potential future enhancements and extensions</summary></entry><entry><title type="html">Fine-Grained Authorization with Apache Kudu and Impala</title><link href="/2019/04/22/fine-grained-authorization-with-apache-kudu-and-impala.html" rel="alternate" type="text/html" title="Fine-Grained Authorization with Apache Kudu and Impala" /><published>2019-04-22T00:00:00-07:00</published><updated>2019-04-22T00:00:00-07:00</updated><id>/2019/04/22/fine-grained-authorization-with-apache-kudu-and-impala</id><content type="html" xml:base="/2019/04/22/fine-grained-authorization-with-apache-kudu-and-impala.html"><p>Note: This is a cross-post from the Cloudera Engineering Blog |
| <a href="https://blog.cloudera.com/blog/2019/04/fine-grained-authorization-with-apache-kudu-and-impala/">Fine-Grained Authorization with Apache Kudu and Impala</a></p> |
| |
| <p>Apache Impala supports fine-grained authorization via Apache Sentry on all of the tables it |
| manages including Apache Kudu tables. Given Impala is a very common way to access the data stored |
| in Kudu, this capability allows users deploying Impala and Kudu to fully secure the Kudu data in |
| multi-tenant clusters even though Kudu does not yet have native fine-grained authorization of its |
| own. This solution works because Kudu natively supports coarse-grained (all or nothing) |
| authorization which enables blocking all access to Kudu directly except for the impala user and |
| an optional whitelist of other trusted users. This post will describe how to use Apache Impala’s |
| fine-grained authorization support along with Apache Kudu’s coarse-grained authorization to |
| achieve a secure multi-tenant deployment.</p> |
| |
| <!--more--> |
| |
| <h2 id="sample-workflow">Sample Workflow</h2> |
| |
| <p>The examples in this post enable a workflow that uses Apache Spark to ingest data directly into |
| Kudu and Impala to run analytic queries on that data. The Spark job, run as the <code class="language-plaintext highlighter-rouge">etl_service</code> user, |
| is permitted to access the Kudu data via coarse-grained authorization. Even though this gives |
| access to all the data in Kudu, the <code class="language-plaintext highlighter-rouge">etl_service</code> user is only used for scheduled jobs or by an |
| administrator. All queries on the data, from a wide array of users, will use Impala and leverage |
| Impala’s fine-grained authorization. Impala’s |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_grant.html"><code class="language-plaintext highlighter-rouge">GRANT</code> statements</a> |
| allow you to flexibly control the privileges on the Kudu storage tables. Impala’s fine-grained |
| privileges along with support for |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_select.html"><code class="language-plaintext highlighter-rouge">SELECT</code></a>, |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_insert.html"><code class="language-plaintext highlighter-rouge">INSERT</code></a>, |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_update.html"><code class="language-plaintext highlighter-rouge">UPDATE</code></a>, |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_upsert.html"><code class="language-plaintext highlighter-rouge">UPSERT</code></a>, |
| and <a href="https://impala.apache.org/docs/build/html/topics/impala_delete.html"><code class="language-plaintext highlighter-rouge">DELETE</code></a> |
| statements, allow you to finely control who can read and write data to your Kudu tables while |
| using Impala. Below is a diagram showing the workflow described:</p> |
| |
| <p><img src="/img/fine-grained-authorization-with-apache-kudu.png" alt="png" class="img-responsive" /></p> |
| |
| <p><em>Note</em>: The examples below assume that Authorization has already been configured for Kudu, Impala, |
| and Spark. For help configuring authorization see the Cloudera |
| <a href="https://www.cloudera.com/documentation/enterprise/latest/topics/sg_auth_overview.html">authorization documentation</a>.</p> |
| |
| <h2 id="configuring-kudus-coarse-grained-authorization">Configuring Kudu’s Coarse-Grained Authorization</h2> |
| |
| <p>Kudu supports coarse-grained authorization of client requests based on the authenticated client |
| Kerberos principal. The two levels of access which can be configured are:</p> |
| |
| <ul> |
| <li><em>Superuser</em> – principals authorized as a superuser are able to perform certain administrative |
| functionality such as using the kudu command line tool to diagnose or repair cluster issues.</li> |
| <li><em>User</em> – principals authorized as a user are able to access and modify all data in the Kudu |
| cluster. This includes the ability to create, drop, and alter tables as well as read, insert, |
| update, and delete data.</li> |
| </ul> |
| |
| <p>Access levels are granted using whitelist-style Access Control Lists (ACLs), one for each of the |
| two levels. Each access control list either specifies a comma-separated list of users, or may be |
| set to <code class="language-plaintext highlighter-rouge">*</code> to indicate that all authenticated users are able to gain access at the specified level.</p> |
| |
| <p><em>Note</em>: The default value for the User ACL is <code class="language-plaintext highlighter-rouge">*</code>, which allows all users access to the cluster.</p> |
| |
| <h3 id="example-configuration">Example Configuration</h3> |
| |
| <p>The first and most important step is to remove the default ACL of <code class="language-plaintext highlighter-rouge">*</code> from Kudu’s |
| <a href="https://kudu.apache.org/docs/configuration_reference.html#kudu-master_user_acl"><code class="language-plaintext highlighter-rouge">–user_acl</code> configuration</a>. |
| This will ensure only the users you list will have access to the Kudu cluster. Then, to allow the |
| Impala service to access all of the data in Kudu, the Impala service user, usually impala, should |
| be added to the Kudu <code class="language-plaintext highlighter-rouge">–user_acl</code> configuration. Any user that is not using Impala will also need |
| to be added to this list. For example, an Apache Spark job might be used to load data directly |
| into Kudu. Generally, a single user is used to run scheduled jobs of applications that do not |
| support fine-grained authorization on their own. For this example, that user is <code class="language-plaintext highlighter-rouge">etl_service</code>. The |
| full <code class="language-plaintext highlighter-rouge">–user_acl</code> configuration is:</p> |
| |
| <figure class="highlight"><pre><code class="language-bash" data-lang="bash"><span class="nt">--user_acl</span><span class="o">=</span>impala,etl_service</code></pre></figure> |
| |
| <p>For more details see the Kudu |
| <a href="https://kudu.apache.org/docs/security.html#_coarse_grained_authorization">authorization documentation</a>.</p> |
| |
| <h2 id="using-impalas-fine-grained-authorization">Using Impala’s Fine-Grained Authorization</h2> |
| |
| <p>Follow Impala’s |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_authorization.html">authorization documentation</a> |
| to configure fine-grained authorization. Once configured, you can use Impala’s |
| <a href="https://impala.apache.org/docs/build/html/topics/impala_grant.html"><code class="language-plaintext highlighter-rouge">GRANT</code> statements</a> |
| to control the privileges of Kudu tables. These fine-grained privileges can be set at the database, |
| table and column level. Additionally you can individually control <code class="language-plaintext highlighter-rouge">SELECT</code>, <code class="language-plaintext highlighter-rouge">INSERT</code>, <code class="language-plaintext highlighter-rouge">CREATE</code>, |
| <code class="language-plaintext highlighter-rouge">ALTER</code>, and <code class="language-plaintext highlighter-rouge">DROP</code> privileges.</p> |
| |
| <p><em>Note</em>: A user needs the <code class="language-plaintext highlighter-rouge">ALL</code> privilege in order to run <code class="language-plaintext highlighter-rouge">DELETE</code>, <code class="language-plaintext highlighter-rouge">UPDATE</code>, or <code class="language-plaintext highlighter-rouge">UPSERT</code> |
| statements against a Kudu table.</p> |
| |
| <p>Below is a brief example with a couple tables stored in Kudu:</p> |
| |
| <figure class="highlight"><pre><code class="language-sql" data-lang="sql"><span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">messages</span> |
| <span class="p">(</span> |
| <span class="n">name</span> <span class="n">STRING</span><span class="p">,</span> |
| <span class="nb">time</span> <span class="nb">TIMESTAMP</span><span class="p">,</span> |
| <span class="n">message</span> <span class="n">STRING</span><span class="p">,</span> |
| <span class="k">PRIMARY</span> <span class="k">KEY</span><span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="nb">time</span><span class="p">)</span> |
| <span class="p">)</span> |
| <span class="n">PARTITION</span> <span class="k">BY</span> <span class="n">HASH</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="n">PARTITIONS</span> <span class="mi">4</span> |
| <span class="n">STORED</span> <span class="k">AS</span> <span class="n">KUDU</span><span class="p">;</span> |
| <span class="k">GRANT</span> <span class="k">ALL</span> <span class="k">ON</span> <span class="k">TABLE</span> <span class="n">messages</span> <span class="k">TO</span> <span class="n">userA</span><span class="p">;</span> |
| |
| <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">metrics</span> |
| <span class="p">(</span> |
| <span class="k">host</span> <span class="n">STRING</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> |
| <span class="n">metric</span> <span class="n">STRING</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> |
| <span class="nb">time</span> <span class="n">INT64</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> |
| <span class="n">value</span> <span class="nb">DOUBLE</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> |
| <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="p">(</span><span class="k">host</span><span class="p">,</span> <span class="n">metric</span><span class="p">,</span> <span class="nb">time</span><span class="p">)</span> |
| <span class="p">)</span> |
| <span class="n">PARTITION</span> <span class="k">BY</span> <span class="n">HASH</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="n">PARTITIONS</span> <span class="mi">4</span> |
| <span class="n">STORED</span> <span class="k">AS</span> <span class="n">KUDU</span><span class="p">;</span> |
| <span class="k">GRANT</span> <span class="k">ALL</span> <span class="k">ON</span> <span class="k">TABLE</span> <span class="n">messages</span> <span class="k">TO</span> <span class="n">userB</span><span class="p">;</span></code></pre></figure> |
| |
| <h2 id="conclusion">Conclusion</h2> |
| |
| <p>This brief example that combines Kudu’s coarse-grained authorization and Impala’s fine-grained |
| authorization should enable you to meet the security needs of your data workflow today. The |
| pattern described here can be applied to other services and workflows using Kudu as well. For |
| greater authorization flexibility, you can look forward to the near future when Kudu supports |
| native fine-grained authorization on its own. The Apache Kudu contributors understand the |
| importance of native fine-grained authorization and they are working on integrations with |
| Apache Sentry and Apache Ranger.</p></content><author><name>Grant Henke</name></author><summary type="html">Note: This is a cross-post from the Cloudera Engineering Blog Fine-Grained Authorization with Apache Kudu and Impala Apache Impala supports fine-grained authorization via Apache Sentry on all of the tables it manages including Apache Kudu tables. Given Impala is a very common way to access the data stored in Kudu, this capability allows users deploying Impala and Kudu to fully secure the Kudu data in multi-tenant clusters even though Kudu does not yet have native fine-grained authorization of its own. This solution works because Kudu natively supports coarse-grained (all or nothing) authorization which enables blocking all access to Kudu directly except for the impala user and an optional whitelist of other trusted users. This post will describe how to use Apache Impala’s fine-grained authorization support along with Apache Kudu’s coarse-grained authorization to achieve a secure multi-tenant deployment.</summary></entry></feed> |
