ENVIRONMENT and SETUP
I did test the below solution with
To configure this environment, follow up the steps defined for HDP 2.5 (Zeppelin 0.6) - https://community.hortonworks.com/articles/81069/how-to-enable-user-impersonation-for-sh-interprete....
As the Zeppelin UI -> Interpreter window has changed, follow this up.
I. Default config looks like below:
II. Do the following change:
- edit the interpreter
- change The interpreter will be instantiated from Globally to Per User and shared to isolated
- then you will be able to see and select User Impersonate check-box
- also remove
III. Changed config looks like below:
After Saving the changes and running below as admin
This will not work in a kerberized cluster (at least with SSSD using LDAP + MIT Kerberos) because the user impersonation in Zeppelin is implemented by doing a "sudo su - <user>" to the requested user.
In this case the whoami above will work ok, but If you try to execute any command involving the Hadoop cluster, for example "hdfs dfs", it will fail because your user doen't have the required Kerberos ticket obtained with "kinit".
The "kinit" is done automatically when you login in the console or by using ssh and providing the use's password (the Linux host will contact Kerberos server and get the ticket). But when using "su" from root or "sudo su" from a user in the sudoers, you are not providing the user's password and for this reason you have to execute kinit an provide the user's password manually to get the Kerberos ticket. This is not posible with Zeppelin because it doesn't provides an interactive console.