Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Zeppelin interpreters disappear when security is enabled

Labels:
avatar
author-rank terje
New Contributor

Created on ‎09-01-2016 03:50 PM - edited ‎08-19-2019 02:19 AM

Hi,

when enabling security in the zeppelin configuration through Ambari 2.4 in hdp 2.5 (i.e. setting anonymous to false and using "/** = authc" ) the interpreters mysteriously disappear from the web gui. Ref. pictures before and after:

7257-zeppelin-anon.png

and after security is turned on:

7258-zeppelin.png

Note: I have not enabled Kerberos - is this the problem?

Otherwise thoroughly enjoying the new version of HDP 🙂

Terry

4,422 Views
1 ACCEPTED SOLUTION

avatar
author-rank slachterman
Guru

Created ‎11-11-2016 09:44 PM

Please see the below working shiro.ini.

Uncommenting the sessionManager and securityManager lines, as below, and ensuring that the [roles] block was included, resolved the issue for me with the interpreters not displaying in the UI after enabling authentication.

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

shiro.ini:

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = CN={0},OU=standard,OU=Users,ou=enterprise,dc=vds,dc=logon
#ldapRealm.contextFactory.url = ldaps://ProdIZvds.8389.corporate.ge.com:636
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = authc
#/** = authc
/**=authc

Thanks to @Ancil McBarnett for his guidance.

View solution in original post

3,481 Views
5 REPLIES 5

avatar
author-rank terje
New Contributor

Created ‎09-01-2016 04:11 PM

Solved!

running: /usr/hdp/2.5.0.0-1245/zeppelin/bin/install-interpreter.sh --all

gave me back the interpreters (plus a few community ones)

3,481 Views

avatar
author-rank jay1ram2
Contributor

Created ‎11-08-2016 05:44 PM

I tried running the command that @Terje Berg-Hansen suggested. I ran it as user "Zeppelin" on the node where Zeppelin is installed but it did not make any difference. Here is another thread that talks about the same topic. This issue is still unresolved.

https://community.hortonworks.com/questions/58454/hdp-25-zeppelin-06-ldap-interpreters-are-not-shown...

3,481 Views
0 Kudos

avatar
author-rank slachterman
Guru

Created ‎11-11-2016 09:44 PM

Please see the below working shiro.ini.

Uncommenting the sessionManager and securityManager lines, as below, and ensuring that the [roles] block was included, resolved the issue for me with the interpreters not displaying in the UI after enabling authentication.

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

shiro.ini:

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = CN={0},OU=standard,OU=Users,ou=enterprise,dc=vds,dc=logon
#ldapRealm.contextFactory.url = ldaps://ProdIZvds.8389.corporate.ge.com:636
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = authc
#/** = authc
/**=authc

Thanks to @Ancil McBarnett for his guidance.

3,482 Views

avatar
author-rank abajwa author-rank
Guru

Created ‎11-11-2016 09:46 PM

thanks @slachterman! this resolved the problem for me

3,481 Views
0 Kudos

avatar
author-rank jay1ram2
Contributor

Created ‎11-11-2016 10:04 PM

Awesome! This worked for me. The timing could have not been better. I was working on setting up Zeppelin with OpenLDAP and livy today (HDP 2.5) and this was one of the issue I had to solve.

Thank you!

3,481 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements