Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

New Contributor

To enable user impersonation I have performed below steps:

1. Added below property inzeppelin_env_content through Ambari.

export ZEPPELIN_IMPERSONATE_CMD='sudo -H -u ${ZEPPELIN_IMPERSONATE_USER} bash -c '

2. Enable user impersonate in the sh interpreter. (The interpreter is set per user in isolated mode)

Below is the log for the same.

java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at org.apache.thrift.transport.TSocket.open(TSocket.java:182) at org.apache.zeppelin.interpreter.remote.ClientFactory.create(ClientFactory.java:51) at org.apache.zeppelin.interpreter.remote.ClientFactory.create(ClientFactory.java:37) at org.apache.commons.pool2.BasePooledObjectFactory.makeObject(BasePooledObjectFactory.java:60) at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861) at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435) at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363) at org.apache.zeppelin.interpreter.remote.RemoteInterpreterProcess.getClient(RemoteInterpreterProcess.java:90) at org.apache.zeppelin.interpreter.remote.RemoteInterpreter.init(RemoteInterpreter.java:211) at org.apache.zeppelin.interpreter.remote.RemoteInterpreter.getFormType(RemoteInterpreter.java:377) at org.apache.zeppelin.interpreter.LazyOpenInterpreter.getFormType(LazyOpenInterpreter.java:105) at org.apache.zeppelin.notebook.Paragraph.jobRun(Paragraph.java:387) at org.apache.zeppelin.scheduler.Job.run(Job.java:175) at org.apache.zeppelin.scheduler.RemoteScheduler$JobRunner.run(RemoteScheduler.java:329) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

5 REPLIES 5

Re: When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

New Contributor

Can you ensure that passwordless ssh is setup between zeppelin user and user who use sh interpreter then restart Zeppelin?

Re: When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

New Contributor

Is it necessary to set passwordless ssh. Because in the doc it is mentioned either to set password less ssh or set this property.

Do we require both?

Highlighted

Re: When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

New Contributor

@Akash Mendiratta Zeppelin server process forks a new process with web frontend user as effective user. As zeppelin is not an admin account, it has to rely on passwordless ssh to create process with web-front end user. Without passwordless ssh, zeppelin cannot fork a new process and it opens an interpreter port causing connection refused error in web UI. The details ca be found in the following pull requests: https://github.com/apache/zeppelin/pull/1322 https://github.com/apache/zeppelin/pull/1554

Re: When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

@Akash Mendiratta No, you don't need a passwordless SSH. I think you are missing step-4 and step-5 in following description

It works for me with following steps

1) Enabled user impersonate for sh interpreter via Zeppelin interpreter GUI
2) Enabled shiro.ini authentication (in my case for trial purpose, simply added a few users which are present on the cluster in [users] section)
3) Added export ZEPPELIN_IMPERSONATE_CMD='sudo -H -u ${ZEPPELIN_IMPERSONATE_USER} bash -c ' in zeppelin-env.sh

4) Added 'zeppelin' user in the sudoers list :

  • For centos 6 : On zeppelin server node, i did sudo visudo
  • added line zeppelin ALL=(ALL) NOPASSWD: ALL

5) Also I had a kerberos enabled cluster, so make sure that zeppelin.server.kerberos.keytab has permissions for users that you created in step-2

Now I logged into zeppelin as the user created in step-2 and run

%sh

whoami

Then it will show the currently logged in user as the result of this paragraph

Re: When ever I enable User impersonation in Zeppelin it gives me Connection Refused error.

New Contributor

i followed the above steps and it throws the following error but my cluster is kerberos disabled and Apache Ranger Authorization is enabled .

java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at org.apache.thrift.transport.TSocket.open(TSocket.java:182) at org.apache.zeppelin.interpreter.remote.ClientFactory.create(ClientFactory.java:51) at org.apache.zeppelin.interpreter.remote.ClientFactory.create(ClientFactory.java:37) at org.apache.commons.pool2.BasePooledObjectFactory.makeObject(BasePooledObjectFactory.java:60) at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861) at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435) at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363) at org.apache.zeppelin.interpreter.remote.RemoteInterpreterProcess.getClient(RemoteInterpreterProcess.java:90) at org.apache.zeppelin.interpreter.remote.RemoteInterpreter.init(RemoteInterpreter.java:211) at org.apache.zeppelin.interpreter.remote.RemoteInterpreter.getFormType(RemoteInterpreter.java:377) at org.apache.zeppelin.interpreter.LazyOpenInterpreter.getFormType(LazyOpenInterpreter.java:105) at org.apache.zeppelin.notebook.Paragraph.jobRun(Paragraph.java:387) at org.apache.zeppelin.scheduler.Job.run(Job.java:175) at org.apache.zeppelin.scheduler.RemoteScheduler$JobRunner.run(RemoteScheduler.java:329) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

is their any different approach please let know to enable impersonate.

Thank you

Don't have an account?
Coming from Hortonworks? Activate your account here