Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Zeppelin interpreters disappear when security is enabled

Labels:
avatar
author-rank terje
New Contributor

Created on ‎09-01-2016 03:50 PM - edited ‎08-19-2019 02:19 AM

Hi,

when enabling security in the zeppelin configuration through Ambari 2.4 in hdp 2.5 (i.e. setting anonymous to false and using "/** = authc" ) the interpreters mysteriously disappear from the web gui. Ref. pictures before and after:

7257-zeppelin-anon.png

and after security is turned on:

7258-zeppelin.png

Note: I have not enabled Kerberos - is this the problem?

Otherwise thoroughly enjoying the new version of HDP 🙂

Terry

4,798 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank slachterman
Guru

Created ‎11-11-2016 09:44 PM

Please see the below working shiro.ini.

Uncommenting the sessionManager and securityManager lines, as below, and ensuring that the [roles] block was included, resolved the issue for me with the interpreters not displaying in the UI after enabling authentication.

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

shiro.ini:

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = CN={0},OU=standard,OU=Users,ou=enterprise,dc=vds,dc=logon
#ldapRealm.contextFactory.url = ldaps://ProdIZvds.8389.corporate.ge.com:636
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = authc
#/** = authc
/**=authc

Thanks to @Ancil McBarnett for his guidance.

View solution in original post

3,857 Views
0
5 REPLIES 5

avatar
author-rank terje
New Contributor

Created ‎09-01-2016 04:11 PM

Solved!

running: /usr/hdp/2.5.0.0-1245/zeppelin/bin/install-interpreter.sh --all

gave me back the interpreters (plus a few community ones)

3,857 Views

avatar
author-rank jay1ram2
Contributor

Created ‎11-08-2016 05:44 PM

I tried running the command that @Terje Berg-Hansen suggested. I ran it as user "Zeppelin" on the node where Zeppelin is installed but it did not make any difference. Here is another thread that talks about the same topic. This issue is still unresolved.

https://community.hortonworks.com/questions/58454/hdp-25-zeppelin-06-ldap-interpreters-are-not-shown...

3,857 Views
0 Kudos

avatar
author-rank slachterman
Guru

Created ‎11-11-2016 09:44 PM

Please see the below working shiro.ini.

Uncommenting the sessionManager and securityManager lines, as below, and ensuring that the [roles] block was included, resolved the issue for me with the interpreters not displaying in the UI after enabling authentication.

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

shiro.ini:

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = CN={0},OU=standard,OU=Users,ou=enterprise,dc=vds,dc=logon
#ldapRealm.contextFactory.url = ldaps://ProdIZvds.8389.corporate.ge.com:636
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = authc
#/** = authc
/**=authc

Thanks to @Ancil McBarnett for his guidance.

3,858 Views
0

avatar
author-rank abajwa author-rank
Guru

Created ‎11-11-2016 09:46 PM

thanks @slachterman! this resolved the problem for me

3,857 Views
0 Kudos

avatar
author-rank jay1ram2
Contributor

Created ‎11-11-2016 10:04 PM

Awesome! This worked for me. The timing could have not been better. I was working on setting up Zeppelin with OpenLDAP and livy today (HDP 2.5) and this was one of the issue I had to solve.

Thank you!

3,857 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements