Apache Zeppelin Component Guide
Also available as:
PDF

Configure Zeppelin for a Kerberos-Enabled Cluster

The Zeppelin daemon needs a Kerberos account and keytab to run in a Kerberized cluster.

After configuring Kerberos for Zeppelin in Ambari, you can find all related settings on the Zeppelin Interpreter settings page, as shown in the following image for the %spark interpreter. If you configured Kerberos from Ambari, no further action is needed. Changes in values for keytabs and principals are managed by Ambari, and if Kerberos is disabled, Ambari deletes keytab and principal values.

For clusters not managed by Ambari, note that every interpreter that supports Kerberos has two configuration properties: keytab and principal. In addition, the Shell interpreter (%sh) has a property for specifying authentication method: zeppelin.shell.auth.type. Set authentication method to KERBEROS for a Kerberos-enabled cluster; otherwise the value should be empty.

The following table lists properties used for keytabs and principals, for each associated interpreter.

InterpreterKeytab PropertyPrincipal Property
%jdbczeppelin.jdbc.keytab.locationzeppelin.jdbc.principal
%livyzeppelin.livy.keytabzeppelin.livy.principal
%shzeppelin.shell.keytab.locationzeppelin.shell.principal
%sparkspark.yarn.keytabspark.yarn.principal