Zeppelin notebooks on HDInsight with Enterprise Security Package
I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.
From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.
Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.
ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.
To add an admin user, add a section as below, as per Apache Shiro documentation:
[users]
myuser mypassword, admin
These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.
apache-spark hadoop shiro apache-zeppelin hdinsight
add a comment |
I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.
From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.
Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.
ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.
To add an admin user, add a section as below, as per Apache Shiro documentation:
[users]
myuser mypassword, admin
These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.
apache-spark hadoop shiro apache-zeppelin hdinsight
add a comment |
I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.
From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.
Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.
ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.
To add an admin user, add a section as below, as per Apache Shiro documentation:
[users]
myuser mypassword, admin
These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.
apache-spark hadoop shiro apache-zeppelin hdinsight
I set up an HDInsight Spark cluster with the Enterprise Security Package (for multi-user access via Active Directory). Via the Azure portal, I used the link to go to a Zeppelin notebook (to run Spark SQL queries). This brings me to a login page for the notebook. Unfortunately, it's not clear what usernames/passwords are to be used. Neither local Ambari users nor synced AD users seem to work.
From some web searching, I gather that Zeppelin uses Apache Shiro to implement access control. However, I haven't found documentation as to which existing usernames/passwords to use or how to create new usernames/passwords.
Has anyone found a way to run Zeppelin notebooks on HDInsight with ESP? Thanks for any lifelines.
ETA: I was able to add a Zeppelin user by logging into the HDInsight head node (ssh) and editing /etc/zeppelin/conf/shiro.ini. This file also shows the AD setup that ESP produced.
To add an admin user, add a section as below, as per Apache Shiro documentation:
[users]
myuser mypassword, admin
These credentials should now be usable for logging into the Zeppelin portal. I also restarted the Zeppelin daemon, but don't know if it's necessary.
apache-spark hadoop shiro apache-zeppelin hdinsight
apache-spark hadoop shiro apache-zeppelin hdinsight
edited Nov 21 '18 at 0:45
Paul Lambert
asked Nov 19 '18 at 22:11
Paul LambertPaul Lambert
35029
35029
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383377%2fzeppelin-notebooks-on-hdinsight-with-enterprise-security-package%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
add a comment |
You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
add a comment |
You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.
You will need to use your domain credentials in order to log in to Zeppelin. If you are still facing issues, please open a support case and we will look into this.
answered Nov 19 '18 at 22:27
Ashish ThapliyalAshish Thapliyal
764
764
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
add a comment |
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
Would these be the synced AD users? I have tried, but with no luck. Is there any way to get a list of the users who have access (e.g., maybe somewhere on the HDInsight head node, where I can log in with SSH)? Any particular format to the credentials (e.g., DOMAINusername, just username, username@full.domain.path.com, etc.)?
– Paul Lambert
Nov 20 '18 at 6:09
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383377%2fzeppelin-notebooks-on-hdinsight-with-enterprise-security-package%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown