Hi all, I was able to get nginx working for basic authentication. I used docker containers for private networking so that the zeppelin ports aren't open to the public.
https://github.com/rnowling/zeppelin-authentication The problem right now is that nginx requires authenticating twice -- for the two ports, I'm assuming. If anyone has ideas for how to fix that, please let me know! RJ On Mon, Mar 30, 2015 at 9:03 AM, Ram Venkatesh <[email protected]> wrote: > I agree - have also been thinking about the same problem in the context > of running zeppelin against a secure kerberized hadoop cluster. > > There are a couple concerns here: > 1. authentication, both for the zeppelin server and for interpreters that > need it > 2. isolating the code for different users from each other - for example by > running an interpreter for each user > 3. sharing interpreters across note evaluations - this is likely an issue > even without multiple users but multiple tabs for the same user. It is > already taken care of by the interpreter scheduler (by returning a FIFO or > parallel scheduler with the specified max concurrency option), is this > correct? > > Thanks! > Ram > > On Mar 30, 2015, at 6:35 AM, RJ Nowling <[email protected]> wrote: > > Since this may be an oft-requested feature, I'll go ahead and create a > JIRA to document the interest. > > On Mon, Mar 30, 2015 at 8:33 AM, Corneau Damien <[email protected]> > wrote: > >> Actually the branch wasn't merged in the end >> >> On Mon, Mar 30, 2015 at 10:31 PM, RJ Nowling <[email protected]> wrote: >> >>> Is there documentation for the simple authentication? >>> >>> We'll be creating separate unix users for each zeppelin instance with >>> appropriate file system permissions. >>> >>> On Fri, Mar 27, 2015 at 9:39 PM, Corneau Damien <[email protected]> >>> wrote: >>> >>>> If I remember well, we merged some kind of simple authentication in >>>> Zeppelin. But it should be more about accessing the instance than having >>>> multiple users. One way could be launching multiple zeppelin instances, I >>>> think Kevin is doing something similar. >>>> >>>> One thing to realize however is that it doesnt create separation at the >>>> data layer >>>> On Mar 28, 2015 1:53 AM, "RJ Nowling" <[email protected]> wrote: >>>> >>>>> I'll report back if I'm successful with the approach I've mentioned. >>>>> >>>>> On Fri, Mar 27, 2015 at 11:51 AM, RJ Nowling <[email protected]> >>>>> wrote: >>>>> >>>>>> A search of the user list suggests that Zeppelin can support a >>>>>> separate SparkContext for each notebook but the user who tried it ran >>>>>> into >>>>>> issues. >>>>>> >>>>>> On Fri, Mar 27, 2015 at 11:32 AM, Denny Lee <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> I haven't done this myself but was recently starting to do research >>>>>>> on doing this. Perhaps this blog post may be of help: >>>>>>> http://nginx.com/blog/websocket-nginx/ ? >>>>>>> >>>>>>> On Fri, Mar 27, 2015 at 9:24 AM Silvio Fiorito < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> I haven’t tried this myself yet but something I’ve been thinking >>>>>>>> as well. Will the nginx reverse proxy support web sockets as well? >>>>>>>> >>>>>>>> Ideally we’d have isolated SparkContexts so users aren’t >>>>>>>> trampling over each other. Honestly I think it’d be good to have the >>>>>>>> option >>>>>>>> of starting a new SparkContext per notebook as well or using the model >>>>>>>> Databricks has where you “attach” a notebook to a cluster. >>>>>>>> >>>>>>>> From: RJ Nowling >>>>>>>> Reply-To: "[email protected]" >>>>>>>> Date: Friday, March 27, 2015 at 12:19 PM >>>>>>>> To: "[email protected]" >>>>>>>> Subject: Multi-user approach >>>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> I'm looking into ways to support multiple users with Zeppelin. I >>>>>>>> want to provide isolation between users. >>>>>>>> >>>>>>>> I'm considering the following approach: >>>>>>>> * Run Zeppelin under each user's account with its own set of ports >>>>>>>> * Use nginx as a reverse proxy for providing authentication >>>>>>>> >>>>>>>> Has anyone done anything similar? Any better alternatives? >>>>>>>> >>>>>>>> Thanks! >>>>>>>> RJ >>>>>>>> >>>>>>> >>>>>> >>>>> >>> >> > >
