metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anandsubbu <...@git.apache.org>
Subject [GitHub] metron pull request #888: METRON-1389: Zeppelin notebook import does not wor...
Date Wed, 10 Jan 2018 05:24:24 GMT
Github user anandsubbu commented on a diff in the pull request:

    https://github.com/apache/metron/pull/888#discussion_r160591890
  
    --- Diff: metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/indexing_master.py
---
    @@ -150,12 +151,36 @@ def zeppelin_notebook_import(self, env):
             env.set_params(params)
     
             Logger.info(ambari_format('Searching for Zeppelin Notebooks in {metron_config_zeppelin_path}'))
    +
    +        # With Ambari 2.5+, Zeppelin server is enabled to work with Shiro authentication,
which requires user/password
    +        # for authentication (see https://zeppelin.apache.org/docs/0.6.0/security/shiroauthentication.html
for details).
    +        ses = requests.session()
    +
    +        # Check if authentication is enabled on the Zeppelin server
    +        try:
    +            conn = ses.get(ambari_format('http://{zeppelin_server_url}/api/login'))
    +
    +            # Establish connection if authentication is enabled
    +            try:
    +                # The following credentials are created at install time by Ambari at
/etc/zeppelin/conf/shiro.ini
    +                # when Shiro auth is enabled on the Zeppelin server
    +                zeppelin_payload = {'userName': 'admin', 'password' : 'admin'}
    --- End diff --
    
    Hi @cestella , thanks for taking a look. The Zeppelin auth credentials are not related
to ambari credentials. They are as defined in `/etc/zeppelin/conf/shiro.ini` on the Zeppelin
host, which is set up by default during stack deploy time.
    
    Here's a snippet:
    ```
    [root@hcpca-1 ~]# cat /etc/zeppelin/conf/shiro.ini
    
    [users]
    # List of users with their password allowed to access Zeppelin.
    # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
    admin = admin, admin
    <snip>
    ```
    
    When I created the pull request, I considered the option of reading `shiro.ini` file and
parsing for the credentials. I did not pursue that further since I wanted to address the immediate
need of ability to import notebook on an out-of-the-box Metron cluster. I understand that
a thorough way would be to handle the [different INI settings](http://shiro.apache.org/configuration.html#Configuration-INISections)
provided by shiro, and could potentially be the scope of another pull request. 
    
    Please let me know if it makes sense.


---

Mime
View raw message