Apache Zeppelin Component Guide
Also available as:
PDF
loading table of contents...

Getting Started

Prerequisites

To use LDAP or Active Directory (AD) as the identity store, LDAP or AD must be installed and running on your cluster. You will need LDAP or AD coordinates to configure them for use with Zeppelin. In addition, the associated user accounts must be defined on your Zeppelin nodes.

Configuring Security on an Ambari-Managed Cluster

If your cluster is managed by Ambari, navigate to the Configs tab and edit settings in the "Advanced zeppelin-env", "Advanced zeppelin-config", "zeppelin-log4j-properties" and "zeppelin-shiro-ini" sections, as described in following subsections.

Changes to shiro_ini_content require restarting the Zeppelin server. Ambari indicates this with a warning, and offers a menu option to restart Zeppelin.

Configuring Security on a Cluster Not Managed by Ambari

If your cluster is not managed by Ambari:

  1. Locate the shiro.ini template file in the Zeppelin /conf folder:

    /usr/hdp/current/zeppelin-server/conf/shiro.ini.template.

  2. Copy the template file as shiro.ini:

    /usr/hdp/current/zeppelin-server/conf/shiro.ini

  3. Edit shiro.ini file contents, as described in the following subsections.

  4. After editing the shiro.ini file, restart the Zeppelin server:

    ./bin/zeppelin-daemon.sh restart

shiro.ini Structure

The shiro_ini_content property (Ambari) and shiro.ini file (non-Ambari) contain several sections for configuring authentication:

  • [main], which contains definitions for LDAP or Active Directory objects and properties.

  • [users], which can be used to specify user accounts and passwords for simple deployments that do not require secure passwords, and require only a small number of statically-defined accounts.

  • [roles], for defining roles associated with access control.

  • [urls], for configuring URL-based security. For Zepplin, the [urls] section is used to specify authentication method and define access control filters.

For more information about Shiro configuration and processing, see Apache Shiro Configuration.