[GitHub] metron pull request #888: METRON-1389: Zeppelin notebook import does not wor...

Tue, 09 Jan 2018 21:25:05 -0800 

Github user anandsubbu commented on a diff in the pull request:

    https://github.com/apache/metron/pull/888#discussion_r160591890
  
    --- Diff: 
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/indexing_master.py
 ---
    @@ -150,12 +151,36 @@ def zeppelin_notebook_import(self, env):
             env.set_params(params)
     
             Logger.info(ambari_format('Searching for Zeppelin Notebooks in 
{metron_config_zeppelin_path}'))
    +
    +        # With Ambari 2.5+, Zeppelin server is enabled to work with Shiro 
authentication, which requires user/password
    +        # for authentication (see 
https://zeppelin.apache.org/docs/0.6.0/security/shiroauthentication.html for 
details).
    +        ses = requests.session()
    +
    +        # Check if authentication is enabled on the Zeppelin server
    +        try:
    +            conn = 
ses.get(ambari_format('http://{zeppelin_server_url}/api/login'))
    +
    +            # Establish connection if authentication is enabled
    +            try:
    +                # The following credentials are created at install time by 
Ambari at /etc/zeppelin/conf/shiro.ini
    +                # when Shiro auth is enabled on the Zeppelin server
    +                zeppelin_payload = {'userName': 'admin', 'password' : 
'admin'}
    --- End diff --
    
    Hi @cestella , thanks for taking a look. The Zeppelin auth credentials are 
not related to ambari credentials. They are as defined in 
`/etc/zeppelin/conf/shiro.ini` on the Zeppelin host, which is set up by default 
during stack deploy time.
    
    Here's a snippet:
    ```
    [root@hcpca-1 ~]# cat /etc/zeppelin/conf/shiro.ini
    
    [users]
    # List of users with their password allowed to access Zeppelin.
    # To use a different strategy (LDAP / Database / ...) check the shiro doc 
at http://shiro.apache.org/configuration.html#Configuration-INISections
    admin = admin, admin
    <snip>
    ```
    
    When I created the pull request, I considered the option of reading 
`shiro.ini` file and parsing for the credentials. I did not pursue that further 
since I wanted to address the immediate need of ability to import notebook on 
an out-of-the-box Metron cluster. I understand that a thorough way would be to 
handle the [different INI 
settings](http://shiro.apache.org/configuration.html#Configuration-INISections) 
provided by shiro, and could potentially be the scope of another pull request. 
    
    Please let me know if it makes sense.


---

Reply via email to