Zeppelin notebooks on HDInsight with Enterprise Security Package












1















I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.



From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.



Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.



ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.



To add an admin user, add a section as below, as per Apache Shiro documentation:



[users]
myuser mypassword, admin


These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.










share|improve this question





























    1















    I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.



    From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.



    Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.



    ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.



    To add an admin user, add a section as below, as per Apache Shiro documentation:



    [users]
    myuser mypassword, admin


    These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.










    share|improve this question



























      1












      1








      1








      I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.



      From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.



      Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.



      ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.



      To add an admin user, add a section as below, as per Apache Shiro documentation:



      [users]
      myuser mypassword, admin


      These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.










      share|improve this question
















      I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.



      From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.



      Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.



      ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.



      To add an admin user, add a section as below, as per Apache Shiro documentation:



      [users]
      myuser mypassword, admin


      These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.







      apache-spark hadoop shiro apache-zeppelin hdinsight






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 21 '18 at 0:45







      Paul Lambert

















      asked Nov 19 '18 at 22:11









      Paul LambertPaul Lambert

      35029




      35029
























          1 Answer
          1






          active

          oldest

          votes


















          0














          You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.






          share|improve this answer
























          • Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

            – Paul Lambert
            Nov 20 '18 at 6:09











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383377%2fzeppelin-notebooks-on-hdinsight-with-enterprise-security-package%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.






          share|improve this answer
























          • Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

            – Paul Lambert
            Nov 20 '18 at 6:09
















          0














          You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.






          share|improve this answer
























          • Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

            – Paul Lambert
            Nov 20 '18 at 6:09














          0












          0








          0







          You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.






          share|improve this answer













          You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 19 '18 at 22:27









          Ashish ThapliyalAshish Thapliyal

          764




          764













          • Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

            – Paul Lambert
            Nov 20 '18 at 6:09



















          • Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

            – Paul Lambert
            Nov 20 '18 at 6:09

















          Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

          – Paul Lambert
          Nov 20 '18 at 6:09





          Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?

          – Paul Lambert
          Nov 20 '18 at 6:09




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383377%2fzeppelin-notebooks-on-hdinsight-with-enterprise-security-package%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Guess what letter conforming each word

          Port of Spain

          Run scheduled task as local user group (not BUILTIN)