Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Zeppelin interpreters disappear when security is enabled

Solved Go to solution

Zeppelin interpreters disappear when security is enabled

New Contributor

Hi,

when enabling security in the zeppelin configuration through Ambari 2.4 in hdp 2.5 (i.e. setting anonymous to false and using "/** = authc" ) the interpreters mysteriously disappear from the web gui. Ref. pictures before and after:

7257-zeppelin-anon.png

and after security is turned on:

7258-zeppelin.png

Note: I have not enabled Kerberos - is this the problem?

Otherwise thoroughly enjoying the new version of HDP

Terry

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Zeppelin interpreters disappear when security is enabled

Please see the below working shiro.ini.

Uncommenting the sessionManager and securityManager lines, as below, and ensuring that the [roles] block was included, resolved the issue for me with the interpreters not displaying in the UI after enabling authentication.

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

shiro.ini:

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = CN={0},OU=standard,OU=Users,ou=enterprise,dc=vds,dc=logon
#ldapRealm.contextFactory.url = ldaps://ProdIZvds.8389.corporate.ge.com:636
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = authc
#/** = authc
/**=authc

Thanks to @Ancil McBarnett for his guidance.

5 REPLIES 5

Re: Zeppelin interpreters disappear when security is enabled

New Contributor

Solved!

running: /usr/hdp/2.5.0.0-1245/zeppelin/bin/install-interpreter.sh --all

gave me back the interpreters (plus a few community ones)

Re: Zeppelin interpreters disappear when security is enabled

New Contributor

I tried running the command that @Terje Berg-Hansen suggested. I ran it as user "Zeppelin" on the node where Zeppelin is installed but it did not make any difference. Here is another thread that talks about the same topic. This issue is still unresolved.

https://community.hortonworks.com/questions/58454/hdp-25-zeppelin-06-ldap-interpreters-are-not-shown...

Re: Zeppelin interpreters disappear when security is enabled

Please see the below working shiro.ini.

Uncommenting the sessionManager and securityManager lines, as below, and ensuring that the [roles] block was included, resolved the issue for me with the interpreters not displaying in the UI after enabling authentication.

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000

shiro.ini:

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1, admin
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = CN={0},OU=standard,OU=Users,ou=enterprise,dc=vds,dc=logon
#ldapRealm.contextFactory.url = ldaps://ProdIZvds.8389.corporate.ge.com:636
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = authc
#/** = authc
/**=authc

Thanks to @Ancil McBarnett for his guidance.

Highlighted

Re: Zeppelin interpreters disappear when security is enabled

thanks @slachterman! this resolved the problem for me

Re: Zeppelin interpreters disappear when security is enabled

New Contributor

Awesome! This worked for me. The timing could have not been better. I was working on setting up Zeppelin with OpenLDAP and livy today (HDP 2.5) and this was one of the issue I had to solve.

Thank you!