Modified: zeppelin/site/docs/0.8.0-SNAPSHOT/search_data.json URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.0-SNAPSHOT/search_data.json?rev=1798613&r1=1798612&r2=1798613&view=diff ============================================================================== --- zeppelin/site/docs/0.8.0-SNAPSHOT/search_data.json (original) +++ zeppelin/site/docs/0.8.0-SNAPSHOT/search_data.json Tue Jun 13 16:55:32 2017 @@ -93,7 +93,7 @@ "/displaysystem/basicdisplaysystem.html": { "title": "Basic Display System in Apache Zeppelin", - "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Basic Display System in Apache ZeppelinTextBy default, Apache Zeppelin prints interpreter response as a plain text using text display system.You can explicitly say you&#39;re using text display system.HtmlWith %html directive, Zeppelin treats your output as HTMLMathematical expressionsHTML display system automatically formats mathematical expression using MathJax. You can use( INLINE EXPRESSION ) and $$ EXPRESSION $$ to format. For exampleTableIf you have data that row separated by n (newline) and column separated by t (tab) with first row as header row, for exampleYou can simply use %table display system to leverage Zeppelin&#39;s built in visualization.If table contents start with %html, it is interpreted as an HTML.Note : Display system is backend independent.", + "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Basic Display System in Apache ZeppelinTextBy default, Apache Zeppelin prints interpreter response as a plain text using text display system.You can explicitly say you&#39;re using text display system.HtmlWith %html directive, Zeppelin treats your output as HTMLMathematical expressionsHTML display system automatically formats mathematical expression using MathJax. You can use( INLINE EXPRESSION ) and $$ EXPRESSION $$ to format. For exampleTableIf you have data that row separated by n (newline) and column separated by t (tab) with first row as header row, for exampleYou can simply use %table display system to leverage Zeppelin&#39;s built in visualization.If table contents start with %html, it is interpreted as an HTML.Note : Display system is backend independent.NetworkWith the %network directive, Zeppelin treats your output as a graph. Zeppelin can leverage the Property Graph Model.What is the Labelled Property Graph Model?A Property Graph is a graph that has these elements:a set of verticeseach vertex has a unique identifier.each vertex has a set of outgoing edges.each vertex has a set of incoming edges.each vertex has a collection of properties defined by a map from key to valuea set of edgeseach edge has a unique identifier.each edge has an outgoing tail vertex.each edge has an incoming head vertex.each edge has a label that denotes the type of relationship between its two vertices.each edge has a collection of properties defined by a map from key to value.A Labelled Property Graph is a Property Graph where the nodes can be tagged with labels representing their different roles in the graph modelWhat are the APIs?The new NETWORK visualization is based on json with the following params:&quot;nodes&quot; (mandatory): list of nodes of the graph every node can have the following params:&quot;id&quot; (mandatory): the id of the node (must be unique);&quot;label&quot;: the main Label of the node;&quot;labels&quot;: the list of the labels of the node;&quot;data&quot;: the data attached to the node;&quot;edges&quot;: list of the edges of the graph;&quot;id&quot; (mandatory): the id of the edge (must be unique);&quot;source&quot; (mandatory): the id of source node of the edge;&quot;target&quot; (mandatory): the id of target node of the edge;&quot;label&quot;: the main type of the edge;&quot;data&qu ot;: the data attached to the edge;&quot;labels&quot;: a map (K, V) where K is the node label and V is the color of the node;&quot;directed&quot;: (true/false, default false) wich tells if is directed graph or not;&quot;types&quot;: a distinct list of the edge types of the graphIf you click on a node or edge on the bottom of the paragraph you find a list of entity propertiesThis kind of graph can be easily flatten in order to support other visualization formats provided by Zeppelin.How to use it?An example of a simple graph%sparkprint(s&quot;&quot;&quot;%network { &quot;nodes&quot;: [ {&quot;id&quot;: 1}, {&quot;id&quot;: 2}, {&quot;id&quot;: 3} ], &quot;edges&quot;: [ {&quot;source&quot;: 1, &quot;target&quot;: 2, &quot;id&quot; : 1}, {&quot;source&quot;: 2, &quot;target&quot;: 3, &quot;id&quot; : 2}, {&qu ot;source&quot;: 1, &quot;target&quot;: 2, &quot;id&quot; : 3}, {&quot;source&quot;: 1, &quot;target&quot;: 2, &quot;id&quot; : 4}, {&quot;source&quot;: 2, &quot;target&quot;: 1, &quot;id&quot; : 5}, {&quot;source&quot;: 2, &quot;target&quot;: 1, &quot;id&quot; : 6} ]}&quot;&quot;&quot;)that will look like:A little more complex graph:%sparkprint(s&quot;&quot;&quot;%network { &quot;nodes&quot;: [{&quot;id&quot;: 1, &quot;label&quot;: &quot;User&quot;, &quot;data&quot;: {&quot;fullName&quot;:&quot;Andrea Santurbano&quot;}},{&quot;id&quot;: 2, &quot;label&quot;: &quot;User&quot;, &quot;data&quot;: {&quot;fullName&quot;:&quot;Lee Moon Soo&quot;}},{&quot;id&quot;: 3, &quot;label&quot;: &quot;Project&quot;, &quot;data& amp;quot;: {&quot;name&quot;:&quot;Zeppelin&quot;}}], &quot;edges&quot;: [{&quot;source&quot;: 2, &quot;target&quot;: 1, &quot;id&quot; : 1, &quot;label&quot;: &quot;HELPS&quot;},{&quot;source&quot;: 2, &quot;target&quot;: 3, &quot;id&quot; : 2, &quot;label&quot;: &quot;CREATE&quot;},{&quot;source&quot;: 1, &quot;target&quot;: 3, &quot;id&quot; : 3, &quot;label&quot;: &quot;CONTRIBUTE_TO&quot;, &quot;data&quot;: {&quot;oldPR&quot;: &quot;https://github.com/apache/zeppelin/pull/1582&quot;}}], &quot;labels&quot;: {&quot;User&quot;: &quot;#8BC34A&quot;, &quot;Project&quot;: &quot;#3071A9&quot;}, &quot;directed&quot;: true, &quot;types&quot;: [&quot;HELPS&quot;, &quot;CREATE&quot;, &quot;CONTRIBUTE_TO&quot;]}&quot;&quot;&am p;quot;)that will look like:", "url": " /displaysystem/basicdisplaysystem.html", "group": "display", "excerpt": "There are 3 basic display systems in Apache Zeppelin. By default, Zeppelin prints interpreter responce as a plain text using text display system. With %html directive, Zeppelin treats your output as HTML. You can also simply use %table display system..." @@ -138,7 +138,7 @@ "/install/configuration.html": { "title": "Apache Zeppelin Configuration", - "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Apache Zeppelin ConfigurationZeppelin PropertiesThere are two locations you can configure Apache Zeppelin.Environment variables can be defined conf/zeppelin-env.sh(confzeppelin-env.cmd for Windows).Java properties can ba defined in conf/zeppelin-site.xml.If both are defined, then the environment variables will take priority.Mouse hover on each property and click then you can get a link for that. zeppelin-env.sh zeppelin-si te.xml Default value Description ZEPPELIN_PORT zeppelin.server.port 8080 Zeppelin server port Note: Please make sure you're not using the same port with Zeppelin web application development port (default: 9000). ZEPPELIN_SSL_PORT zeppelin.server.ssl.port 8443 Zeppelin Server ssl port (used when ssl environment/property is set to true) ZEPPELIN_MEM N/A -Xmx1024m -XX:MaxPermSize=512m JVM mem options ZEPPELIN_INTP_MEM N/A ZEPPELIN_MEM JVM mem options for interpreter process ZEPPELIN_JAVA_OPTS N/A JVM options ZEPPELIN_ALLOWED_ORIGINS zeppelin.server.allowed.origins * Enables a way to specify a ',' separated list of allowed origins for REST and websockets. e.g. http://localhost:8080 N/A zeppelin.anonymous.allowed true The anonymous user is allowed by default. ZEPPELIN_SERVER_CONTEXT_PATH zeppelin.server.context.path / Context pa th of the web application ZEPPELIN_SSL zeppelin.ssl false ZEPPELIN_SSL_CLIENT_AUTH zeppelin.ssl.client.auth false ZEPPELIN_SSL_KEYSTORE_PATH zeppelin.ssl.keystore.path keystore ZEPPELIN_SSL_KEYSTORE_TYPE zeppelin.ssl.keystore.type JKS ZEPPELIN_SSL_KEYSTORE_PASSWORD zeppelin.ssl.keystore.password ZEPPELIN_SSL_KEY_MANAGER_PASSWORD zeppelin.ssl.key.manager.password ZEPPELIN_SSL_TRUSTSTORE_PATH zeppelin.ssl.truststore.path ZEPPELIN_SSL_TRUSTSTORE_TYPE zeppelin.ssl.truststore.type ZEPPELIN_SSL_TRUSTSTORE_PASSWORD zeppelin.ssl.truststore.password ZEPPELIN_NOTEBOOK_HOMESCREEN zeppelin.notebook.homescreen Display note IDs on the Apache Zeppelin homescreen e.g. 2A94M5J1Z ZEPPELIN_NOTEBOOK_HOMESCREEN_HIDE zeppelin.notebook.homescreen.hide false Hide the note ID set by ZEPPELIN_NOTEBOOK_HOMESCREEN on the A pache Zeppelin homescreen. For the further information, please read Customize your Zeppelin homepage. ZEPPELIN_WAR_TEMPDIR zeppelin.war.tempdir webapps Location of the jetty temporary directory ZEPPELIN_NOTEBOOK_DIR zeppelin.notebook.dir notebook The root directory where notebook directories are saved ZEPPELIN_NOTEBOOK_S3_BUCKET zeppelin.notebook.s3.bucket zeppelin S3 Bucket where notebook files will be saved ZEPPELIN_NOTEBOOK_S3_USER zeppelin.notebook.s3.user user User name of an S3 buckete.g. bucket/user/notebook/2A94M5J1Z/note.json ZEPPELIN_NOTEBOOK_S3_ENDPOINT zeppelin.notebook.s3.endpoint s3.amazonaws.com Endpoint for the bucket ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID zeppelin.notebook.s3.kmsKeyID AWS KMS Key ID to use for encrypting data in S3 (optional) ZEPPELIN_NOTEBOOK_S3_EMP zeppelin.notebook.s3.encryptionMaterialsProvider Class name of a custom S3 encryption materials provider implementation to use for encrypting data in S3 (optional) ZEPPELIN_NOTEBOOK_S3_SSE zeppelin.notebook.s3.sse false Save notebooks to S3 with server-side encryption enabled ZEPPELIN_NOTEBOOK_AZURE_CONNECTION_STRING zeppelin.notebook.azure.connectionString The Azure storage account connection stringe.g. DefaultEndpointsProtocol=https;AccountName=&lt;accountName&gt;;AccountKey=&lt;accountKey&gt; ZEPPELIN_NOTEBOOK_AZURE_SHARE zeppelin.notebook.azure.share zeppelin Azure Share where the notebook files will be saved ZEPPELIN_NOTEBOOK_AZURE_USER zeppelin.notebook.azure.user user Optional user name of an Azure file sharee.g. share/user/notebook/2A94M5J1Z/note.json ZEPPELIN_NOTEBOOK_STORAGE zeppelin.notebook.storage org.apache.zeppelin.notebook.repo.GitNotebookRepo Comma separated list of notebook storage locations ZEPPELIN_NOTEBOOK_ONE_WAY_SYNC zeppelin.notebook.one.way.sync false If there are multiple notebook storage locations, should we treat the first one as the only source of truth? ZEPPELIN_NOTEBOOK_PUBLIC zeppelin.notebook.public true Make notebook public (set only owners) by default when created/imported. If set to false will add user to readers and writers as well, making it private and invisible to other users unless permissions are granted. ZEPPELIN_INTERPRETERS zeppelin.interpreters org.apache.zeppelin.spark.SparkInterpreter,org.apache.zeppelin.spark.PySparkInterpreter,org.apache.zeppelin.spark.SparkSqlInterpreter,org.apache.zeppelin.spark.DepInterpreter,org.apache.zeppelin.markdown.Markdown,org.apache.zeppelin.shell.ShellInterpreter, ... Comma separated interpreter configurations [Class] NOTE: This property is deprecated since Zeppelin-0.6.0 and will not be supported from Zeppelin-0.7.0. ZEPPELIN_INTERPRETER_DIR zeppelin.interpreter.dir interpreter Interpreter di rectory ZEPPELIN_INTERPRETER_DEP_MVNREPO zeppelin.interpreter.dep.mvnRepo http://repo1.maven.org/maven2/ Remote principal repository for interpreter's additional dependency loading ZEPPELIN_INTERPRETER_OUTPUT_LIMIT zeppelin.interpreter.output.limit 102400 Output message from interpreter exceeding the limit will be truncated ZEPPELIN_INTERPRETER_CONNECT_TIMEOUT zeppelin.interpreter.connect.timeout 30000 Output message from interpreter exceeding the limit will be truncated ZEPPELIN_DEP_LOCALREPO zeppelin.dep.localrepo local-repo Local repository for dependency loader.ex)visualiztion modules of npm. ZEPPELIN_HELIUM_NPM_REGISTRY zeppelin.helium.npm.registry http://registry.npmjs.org/ Remote Npm registry for Helium dependency loader ZEPPELIN_WEBSOCKET_MAX_TEXT_MESSAGE_SIZE zeppelin.websocket.max.text.message.size 1024000 Size(in characters) of the maximum text message that can be received by websocket. ZEPPELIN_SERVER_DEFAULT_DIR_ALLOWED zeppelin.server.default.dir.allowed false Enable directory listings on server. SSL ConfigurationEnabling SSL requires a few configuration changes. First, you need to create certificates and then update necessary configurations to enable server side SSL and/or client side certificate authentication.Creating and configuring the CertificatesInformation how about to generate certificates and a keystore can be found here.A condensed example can be found in the top answer to this StackOverflow post.The keystore holds the private key and certificate on the server end. The trustore holds the trusted client certificates. Be sure that the path and password for these two stores are correctly configured in the password fields below. They can be obfuscated using the Jetty password tool. After Maven pulls in all the dependency to build Zeppelin, one of the Jetty jars contain the Password tool. Invoke this command from the Zeppelin home build directory with the appropriate version, user, and password.java -cp ./zeppelin-server/target/lib/jetty-all-server-&lt;version&gt;.jar org.eclipse.jetty.util.security.Password &lt;user&gt; &lt;password&gt;If you are using a self-signed, a certificate signed by an untrusted CA, or if client authentication is enabled, then the client must have a browser create exceptions for both the normal HTTPS port and WebSocket port. This can by done by trying to establish an HTTPS connection to both ports in a browser (e.g. if the ports are 443 and 8443, then visit https://127.0.0.1:443 and https://127.0.0.1:8443). This step can be skipped if the server certificate is signed by a trusted CA and client auth is disabled.Configuring server side SSLThe following properties needs to be updated in the zeppelin-site.xml in order to enable server side SSL.&lt;property&gt; &lt;name&gt;zeppelin.server.ssl.port&lt;/name&gt; &lt;value&gt;84 43&lt;/value&gt; &lt;description&gt;Server ssl port. (used when ssl property is set to true)&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl&lt;/name&gt; &lt;value&gt;true&lt;/value&gt; &lt;description&gt;Should SSL be used by the servers?&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.path&lt;/name&gt; &lt;value&gt;keystore&lt;/value&gt; &lt;description&gt;Path to keystore relative to Zeppelin configuration directory&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.type&lt;/name&gt; &lt;value&gt;JKS&lt;/value&gt; &lt;description&gt;The format of the given keystore (e.g. JKS or PKCS12)&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.password&lt;/name&gt; &lt;value&gt;change me&lt;/value&gt; &lt;description&gt;Keystore password. Can be obfuscated by the Jetty Password tool&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.key.manager.password&lt;/name&gt; &lt;value&gt;change me&lt;/value&gt; &lt;description&gt;Key Manager password. Defaults to keystore password. Can be obfuscated.&lt;/description&gt;&lt;/property&gt;Enabling client side certificate authenticationThe following properties needs to be updated in the zeppelin-site.xml in order to enable client side certificate authentication.&lt;property&gt; &lt;name&gt;zeppelin.server.ssl.port&lt;/name&gt; &lt;value&gt;8443&lt;/value&gt; &lt;description&gt;Server ssl port. (used when ssl property is set to true)&lt;/description &gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.client.auth&lt;/name&gt; &lt;value&gt;true&lt;/value&gt; &lt;description&gt;Should client authentication be used for SSL connections?&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.truststore.path&lt;/name&gt; &lt;value&gt;truststore&lt;/value&gt; &lt;description&gt;Path to truststore relative to Zeppelin configuration directory. Defaults to the keystore path&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.truststore.type&lt;/name&gt; &lt;value&gt;JKS&lt;/value&gt; &lt;description&gt;The format of the given truststore (e.g. JKS or PKCS12). Defaults to the same type as the keystore type&lt;/description&gt;&lt;/property&gt;&lt;property&gt; & lt;name&gt;zeppelin.ssl.truststore.password&lt;/name&gt; &lt;value&gt;change me&lt;/value&gt; &lt;description&gt;Truststore password. Can be obfuscated by the Jetty Password tool. Defaults to the keystore password&lt;/description&gt;&lt;/property&gt;Obfuscating Passwords using the Jetty Password ToolSecurity best practices advise to not use plain text passwords and Jetty provides a password tool to help obfuscating the passwords used to access the KeyStore and TrustStore.The Password tool documentation can be found here.After using the tool:java -cp $ZEPPELIN_HOME/zeppelin-server/target/lib/jetty-util-9.2.15.v20160210.jar org.eclipse.jetty.util.security.Password password2016-12-15 10:46:47.931:INFO::main: Logging initialized @101mspasswordOBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1vMD5:5f4dcc3b5aa765d61d8327deb882cf99update your configuration with the obfuscated password :&lt;property&gt; &lt;name&gt;z eppelin.ssl.keystore.password&lt;/name&gt; &lt;value&gt;OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v&lt;/value&gt; &lt;description&gt;Keystore password. Can be obfuscated by the Jetty Password tool&lt;/description&gt;&lt;/property&gt;Note: After updating these configurations, Zeppelin server needs to be restarted.", + "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Apache Zeppelin ConfigurationZeppelin PropertiesThere are two locations you can configure Apache Zeppelin.Environment variables can be defined conf/zeppelin-env.sh(confzeppelin-env.cmd for Windows).Java properties can ba defined in conf/zeppelin-site.xml.If both are defined, then the environment variables will take priority.Mouse hover on each property and click then you can get a link for that. zeppelin-env.sh zeppelin-si te.xml Default value Description ZEPPELIN_PORT zeppelin.server.port 8080 Zeppelin server port Note: Please make sure you're not using the same port with Zeppelin web application development port (default: 9000). ZEPPELIN_SSL_PORT zeppelin.server.ssl.port 8443 Zeppelin Server ssl port (used when ssl environment/property is set to true) ZEPPELIN_MEM N/A -Xmx1024m -XX:MaxPermSize=512m JVM mem options ZEPPELIN_INTP_MEM N/A ZEPPELIN_MEM JVM mem options for interpreter process ZEPPELIN_JAVA_OPTS N/A JVM options ZEPPELIN_ALLOWED_ORIGINS zeppelin.server.allowed.origins * Enables a way to specify a ',' separated list of allowed origins for REST and websockets. e.g. http://localhost:8080 N/A zeppelin.anonymous.allowed true The anonymous user is allowed by default. ZEPPELIN_SERVER_CONTEXT_PATH zeppelin.server.context.path / Context pa th of the web application ZEPPELIN_SSL zeppelin.ssl false ZEPPELIN_SSL_CLIENT_AUTH zeppelin.ssl.client.auth false ZEPPELIN_SSL_KEYSTORE_PATH zeppelin.ssl.keystore.path keystore ZEPPELIN_SSL_KEYSTORE_TYPE zeppelin.ssl.keystore.type JKS ZEPPELIN_SSL_KEYSTORE_PASSWORD zeppelin.ssl.keystore.password ZEPPELIN_SSL_KEY_MANAGER_PASSWORD zeppelin.ssl.key.manager.password ZEPPELIN_SSL_TRUSTSTORE_PATH zeppelin.ssl.truststore.path ZEPPELIN_SSL_TRUSTSTORE_TYPE zeppelin.ssl.truststore.type ZEPPELIN_SSL_TRUSTSTORE_PASSWORD zeppelin.ssl.truststore.password ZEPPELIN_NOTEBOOK_HOMESCREEN zeppelin.notebook.homescreen Display note IDs on the Apache Zeppelin homescreen e.g. 2A94M5J1Z ZEPPELIN_NOTEBOOK_HOMESCREEN_HIDE zeppelin.notebook.homescreen.hide false Hide the note ID set by ZEPPELIN_NOTEBOOK_HOMESCREEN on the A pache Zeppelin homescreen. For the further information, please read Customize your Zeppelin homepage. ZEPPELIN_WAR_TEMPDIR zeppelin.war.tempdir webapps Location of the jetty temporary directory ZEPPELIN_NOTEBOOK_DIR zeppelin.notebook.dir notebook The root directory where notebook directories are saved ZEPPELIN_NOTEBOOK_S3_BUCKET zeppelin.notebook.s3.bucket zeppelin S3 Bucket where notebook files will be saved ZEPPELIN_NOTEBOOK_S3_USER zeppelin.notebook.s3.user user User name of an S3 buckete.g. bucket/user/notebook/2A94M5J1Z/note.json ZEPPELIN_NOTEBOOK_S3_ENDPOINT zeppelin.notebook.s3.endpoint s3.amazonaws.com Endpoint for the bucket ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID zeppelin.notebook.s3.kmsKeyID AWS KMS Key ID to use for encrypting data in S3 (optional) ZEPPELIN_NOTEBOOK_S3_EMP zeppelin.notebook.s3.encryptionMaterialsProvider Class name of a custom S3 encryption materials provider implementation to use for encrypting data in S3 (optional) ZEPPELIN_NOTEBOOK_S3_SSE zeppelin.notebook.s3.sse false Save notebooks to S3 with server-side encryption enabled ZEPPELIN_NOTEBOOK_AZURE_CONNECTION_STRING zeppelin.notebook.azure.connectionString The Azure storage account connection stringe.g. DefaultEndpointsProtocol=https;AccountName=&lt;accountName&gt;;AccountKey=&lt;accountKey&gt; ZEPPELIN_NOTEBOOK_AZURE_SHARE zeppelin.notebook.azure.share zeppelin Azure Share where the notebook files will be saved ZEPPELIN_NOTEBOOK_AZURE_USER zeppelin.notebook.azure.user user Optional user name of an Azure file sharee.g. share/user/notebook/2A94M5J1Z/note.json ZEPPELIN_NOTEBOOK_STORAGE zeppelin.notebook.storage org.apache.zeppelin.notebook.repo.GitNotebookRepo Comma separated list of notebook storage locations ZEPPELIN_NOTEBOOK_ONE_WAY_SYNC zeppelin.notebook.one.way.sync false If there are multiple notebook storage locations, should we treat the first one as the only source of truth? ZEPPELIN_NOTEBOOK_PUBLIC zeppelin.notebook.public true Make notebook public (set only owners) by default when created/imported. If set to false will add user to readers and writers as well, making it private and invisible to other users unless permissions are granted. ZEPPELIN_INTERPRETERS zeppelin.interpreters org.apache.zeppelin.spark.SparkInterpreter,org.apache.zeppelin.spark.PySparkInterpreter,org.apache.zeppelin.spark.SparkSqlInterpreter,org.apache.zeppelin.spark.DepInterpreter,org.apache.zeppelin.markdown.Markdown,org.apache.zeppelin.shell.ShellInterpreter, ... Comma separated interpreter configurations [Class] NOTE: This property is deprecated since Zeppelin-0.6.0 and will not be supported from Zeppelin-0.7.0. ZEPPELIN_INTERPRETER_DIR zeppelin.interpreter.dir interpreter Interpreter di rectory ZEPPELIN_INTERPRETER_DEP_MVNREPO zeppelin.interpreter.dep.mvnRepo http://repo1.maven.org/maven2/ Remote principal repository for interpreter's additional dependency loading ZEPPELIN_INTERPRETER_OUTPUT_LIMIT zeppelin.interpreter.output.limit 102400 Output message from interpreter exceeding the limit will be truncated ZEPPELIN_INTERPRETER_CONNECT_TIMEOUT zeppelin.interpreter.connect.timeout 30000 Output message from interpreter exceeding the limit will be truncated ZEPPELIN_DEP_LOCALREPO zeppelin.dep.localrepo local-repo Local repository for dependency loader.ex)visualiztion modules of npm. ZEPPELIN_HELIUM_NODE_INSTALLER_URL zeppelin.helium.node.installer.url https://nodejs.org/dist/ Remote Node installer url for Helium dependency loader ZEPPELIN_HELIUM_NPM_INSTALLER_URL zeppelin.helium.npm.installer.url http://registry.npmjs.org/ Remote Npm installer url for Helium dependency l oader ZEPPELIN_HELIUM_YARNPKG_INSTALLER_URL zeppelin.helium.yarnpkg.installer.url https://github.com/yarnpkg/yarn/releases/download/ Remote Yarn package installer url for Helium dependency loader ZEPPELIN_WEBSOCKET_MAX_TEXT_MESSAGE_SIZE zeppelin.websocket.max.text.message.size 1024000 Size(in characters) of the maximum text message that can be received by websocket. ZEPPELIN_SERVER_DEFAULT_DIR_ALLOWED zeppelin.server.default.dir.allowed false Enable directory listings on server. SSL ConfigurationEnabling SSL requires a few configuration changes. First, you need to create certificates and then update necessary configurations to enable server side SSL and/or client side certificate authentication.Creating and configuring the CertificatesInformation how about to generate certificates and a keystore can be found here.A condensed example can be found in the top answer to this StackOverflow post.The keystore holds the private key and certif icate on the server end. The trustore holds the trusted client certificates. Be sure that the path and password for these two stores are correctly configured in the password fields below. They can be obfuscated using the Jetty password tool. After Maven pulls in all the dependency to build Zeppelin, one of the Jetty jars contain the Password tool. Invoke this command from the Zeppelin home build directory with the appropriate version, user, and password.java -cp ./zeppelin-server/target/lib/jetty-all-server-&lt;version&gt;.jar org.eclipse.jetty.util.security.Password &lt;user&gt; &lt;password&gt;If you are using a self-signed, a certificate signed by an untrusted CA, or if client authentication is enabled, then the client must have a browser create exceptions for both the normal HTTPS port and WebSocket port. This can by done by trying to establish an HTTPS connection to both ports in a browser (e.g. if the ports are 443 and 8443, then visit https://127.0.0.1 :443 and https://127.0.0.1:8443). This step can be skipped if the server certificate is signed by a trusted CA and client auth is disabled.Configuring server side SSLThe following properties needs to be updated in the zeppelin-site.xml in order to enable server side SSL.&lt;property&gt; &lt;name&gt;zeppelin.server.ssl.port&lt;/name&gt; &lt;value&gt;8443&lt;/value&gt; &lt;description&gt;Server ssl port. (used when ssl property is set to true)&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl&lt;/name&gt; &lt;value&gt;true&lt;/value&gt; &lt;description&gt;Should SSL be used by the servers?&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.path&lt;/name&gt; &lt;value&gt;keystore&lt;/value&gt; &lt;description&gt;Path to keystore relative to Zeppelin configuration directory&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.type&lt;/name&gt; &lt;value&gt;JKS&lt;/value&gt; &lt;description&gt;The format of the given keystore (e.g. JKS or PKCS12)&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.password&lt;/name&gt; &lt;value&gt;change me&lt;/value&gt; &lt;description&gt;Keystore password. Can be obfuscated by the Jetty Password tool&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.key.manager.password&lt;/name&gt; &lt;value&gt;change me&lt;/value&gt; &lt;description&gt;Key Manager password. Defaults to keystore password. Can be obfuscated.&lt;/description&gt;&lt;/property&gt;Enabling client side certificate authenticationThe following properties needs to be updated in the zeppelin-site.xml in order to enable client side certificate authentication.&lt;property&gt; &lt;name&gt;zeppelin.server.ssl.port&lt;/name&gt; &lt;value&gt;8443&lt;/value&gt; &lt;description&gt;Server ssl port. (used when ssl property is set to true)&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.client.auth&lt;/name&gt; &lt;value&gt;true&lt;/value&gt; &lt;description&gt;Should client authentication be used for SSL connections?&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.truststore.path&lt;/name&gt; &lt;value&gt;truststore&lt;/value&gt; &lt;description&gt;Path to truststore relative to Zeppelin configuration directory. Defaults to the keystore path&lt;/description& gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.truststore.type&lt;/name&gt; &lt;value&gt;JKS&lt;/value&gt; &lt;description&gt;The format of the given truststore (e.g. JKS or PKCS12). Defaults to the same type as the keystore type&lt;/description&gt;&lt;/property&gt;&lt;property&gt; &lt;name&gt;zeppelin.ssl.truststore.password&lt;/name&gt; &lt;value&gt;change me&lt;/value&gt; &lt;description&gt;Truststore password. Can be obfuscated by the Jetty Password tool. Defaults to the keystore password&lt;/description&gt;&lt;/property&gt;Obfuscating Passwords using the Jetty Password ToolSecurity best practices advise to not use plain text passwords and Jetty provides a password tool to help obfuscating the passwords used to access the KeyStore and TrustStore.The Password tool documentation can be found here.After using the tool:java -cp $ZEPPELIN_HOME/zeppelin-server/target/lib/jetty-util-9.2.15.v20160210.jar org.eclipse.jetty.util.security.Password password2016-12-15 10:46:47.931:INFO::main: Logging initialized @101mspasswordOBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1vMD5:5f4dcc3b5aa765d61d8327deb882cf99update your configuration with the obfuscated password :&lt;property&gt; &lt;name&gt;zeppelin.ssl.keystore.password&lt;/name&gt; &lt;value&gt;OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v&lt;/value&gt; &lt;description&gt;Keystore password. Can be obfuscated by the Jetty Password tool&lt;/description&gt;&lt;/property&gt;Note: After updating these configurations, Zeppelin server needs to be restarted.", "url": " /install/configuration.html", "group": "install", "excerpt": "This page will guide you to configure Apache Zeppelin using either environment variables or Java properties. Also, you can configure SSL for Zeppelin." @@ -347,7 +347,7 @@ "/interpreter/jdbc.html": { "title": "Generic JDBC Interpreter for Apache Zeppelin", - "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Generic JDBC Interpreter for Apache ZeppelinOverviewJDBC interpreter lets you create a JDBC connection to any data sources seamlessly.Inserts, Updates, and Upserts are applied immediately after running each statement.By now, it has been tested with: Postgresql - JDBC Driver Mysql - JDBC Driver MariaDB - JDBC Driver Redshift - JDBC Driver Apac he Hive - JDBC Driver Apache Phoenix itself is a JDBC driver Apache Drill - JDBC Driver Apache Tajo - JDBC Driver If you are using other databases not in the above list, please feel free to share your use case. It would be helpful to improve the functionality of JDBC interpreter.Create a new JDBC InterpreterFirst, click + Create button at the top-right corner in the interpreter setting page.Fill Interpreter name field with whatever you want to use as the alias(e.g. mysql, mysql2, hive, redshift, and etc..). Please note that this alias will be used as %interpreter_name to call the interpreter in the paragraph. Then select jdbc as an Interpreter group. The default driver of JDBC interpreter is set as PostgreSQL. It means Zeppelin includes PostgreSQL driver jar in itself.So you don&#39;t need to add any dependencies(e.g. the artifact name or path for PostgreSQL driver jar) for PostgreSQL connection.The JDBC interpreter p roperties are defined by default like below. Name Default Value Description common.max_count 1000 The maximun number of SQL result to display default.driver org.postgresql.Driver JDBC Driver Name default.password The JDBC user password default.url jdbc:postgresql://localhost:5432/ The URL for JDBC default.user gpadmin The JDBC user name default.precode Some SQL which executes every time after initialization of the interpreter (see [Binding mode](../manual/interpreters.md#interpreter-binding-mode)) default.completer.schemaFilters Сomma separated schema (schema = catalog = database) filters to get metadata for completions. Supports '%' symbol is equivalent to any set of characters. (ex. prod_v_%,public%,info) If you want to connect other databases such as Mysql, Redshift and Hive, you need to edit the property values.You can also use Credential for JDBC authentication.I f default.user and default.password properties are deleted(using X button) for database connection in the interpreter setting page,the JDBC interpreter will get the account information from Credential.The below example is for Mysql connection.The last step is Dependency Setting. Since Zeppelin only includes PostgreSQL driver jar by default, you need to add each driver&#39;s maven coordinates or JDBC driver&#39;s jar file path for the other databases.That&#39;s it. You can find more JDBC connection setting examples(Mysql, MariaDB, Redshift, Apache Hive, Apache Phoenix, and Apache Tajo) in this section.More propertiesThere are more JDBC interpreter properties you can specify like below. Property Name Description common.max_result Max number of SQL result to display to prevent the browser overload. This is common properties for all connections zeppelin.jdbc.auth.type Types of authentications' methods supported are SIMPLE, and KERBEROS zeppelin.jdbc.principal The principal name to load from the keytab zeppelin.jdbc.keytab.location The path to the keytab file zeppelin.jdbc.auth.kerberos.proxy.enable When auth type is Kerberos, enable/disable Kerberos proxy with the login user to get the connection. Default value is true. default.jceks.file jceks store path (e.g: jceks://file/tmp/zeppelin.jceks) default.jceks.credentialKey jceks credential key You can also add more properties by using this method.For example, if a connection needs a schema parameter, it would have to add the property as follows: name value default.schema schema_name Binding JDBC interpter to notebookTo bind the interpreters created in the interpreter setting page, click the gear icon at the top-right corner.Select(blue) or deselect(white) the interpreter buttons depending on your use cases.If you need to use more than one interpreter in the notebook, activate several buttons.Don& ;#39;t forget to click Save button, or you will face Interpreter *** is not found error.How to useRun the paragraph with JDBC interpreterTo test whether your databases and Zeppelin are successfully connected or not, type %jdbc_interpreter_name(e.g. %mysql) at the top of the paragraph and run show databases.%jdbc_interpreter_nameshow databasesIf the paragraph is FINISHED without any errors, a new paragraph will be automatically added after the previous one with %jdbc_interpreter_name.So you don&#39;t need to type this prefix in every paragraphs&#39; header.Apply Zeppelin Dynamic FormsYou can leverage Zeppelin Dynamic Form inside your queries. You can use both the text input and select form parametrization features.%jdbc_interpreter_nameSELECT name, country, performerFROM demo.performersWHERE name=&#39;{{performer=Sheryl Crow|Doof|Fanfarlo|Los Paranoia}}&#39;Usage precodeYou can set precode for each data source. Code runs once while opening the connection.PropertiesAn example settings of interpreter for the two data sources, each of which has its precode parameter. Property Name Value default.driver org.postgresql.Driver default.password 1 default.url jdbc:postgresql://localhost:5432/ default.user postgres default.precode set search_path='test_path' mysql.driver com.mysql.jdbc.Driver mysql.password 1 mysql.url jdbc:mysql://localhost:3306/ mysql.user root mysql.precode set @v=12 UsageTest of execution precode for each data source.%jdbcshow search_pathReturns value of search_path which is set in the default.precode.%jdbc(mysql)select @vReturns value of v which is set in the mysql.precode.ExamplesHere are some examples you can refer to. Including the below connectors, you can connect every databases as long as it can be configured with it&#39;s JDBC driver.PostgresProperties Name Value default.driver org.postgres ql.Driver default.url jdbc:postgresql://localhost:5432/ default.user mysql_user default.password mysql_password Postgres JDBC Driver DocsDependencies Artifact Excludes org.postgresql:postgresql:9.4.1211 Maven Repository: org.postgresql:postgresqlMysqlProperties Name Value default.driver com.mysql.jdbc.Driver default.url jdbc:mysql://localhost:3306/ default.user mysql_user default.password mysql_password Mysql JDBC Driver DocsDependencies Artifact Excludes mysql:mysql-connector-java:5.1.38 Maven Repository: mysql:mysql-connector-javaMariaDBProperties Name Value default.driver org.mariadb.jdbc.Driver default.url jdbc:mariadb://localhost:3306 default.user mariadb_user default.password mariadb_password MariaDB JDBC Driver DocsDependencies Artifact Excludes org.mariadb.jdbc:mariadb-java-client:1.5.4 Ma ven Repository: org.mariadb.jdbc:mariadb-java-clientRedshiftProperties Name Value default.driver com.amazon.redshift.jdbc42.Driver default.url jdbc:redshift://your-redshift-instance-address.redshift.amazonaws.com:5439/your-database default.user redshift_user default.password redshift_password AWS Redshift JDBC Driver DocsDependencies Artifact Excludes com.amazonaws:aws-java-sdk-redshift:1.11.51 Maven Repository: com.amazonaws:aws-java-sdk-redshiftApache HiveProperties Name Value default.driver org.apache.hive.jdbc.HiveDriver default.url jdbc:hive2://localhost:10000 default.user hive_user default.password hive_password default.proxy.user.property Example value: hive.server2.proxy.user Apache Hive 1 JDBC Driver DocsApache Hive 2 JDBC Driver DocsDependencies Artifact Excludes org.apache.hive:hive-jdbc:0.14.0 org.apache.hadoop:hadoop-c ommon:2.6.0 Maven Repository : org.apache.hive:hive-jdbcImpersonationWhen Zeppelin server is running with authentication enabled, then the interpreter can utilize Hive&#39;s user proxy feature i.e. send extra parameter for creating and running a session (&quot;hive.server2.proxy.user=&quot;: &quot;${loggedInUser}&quot;). This is particularly useful when multiple users are sharing a notebook.To enable this set following:zeppelin.jdbc.auth.type as SIMPLE or KERBEROS (if required) in the interpreter setting.${prefix}.proxy.user.property as hive.server2.proxy.userSample configuration Name Value hive.driver org.apache.hive.jdbc.HiveDriver hive.password hive.url jdbc:hive2://hive-server-host:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2 hive.proxy.user.property hive.server2.proxy.user zeppelin.jdbc.auth.type SIMPLE Apache PhoenixPhoenix supports thick and thin connection types:Thick client is faster, but must connect directly to ZooKeeper and HBase RegionServers.Thin client has fewer dependencies and connects through a Phoenix Query Server instance.Use the appropriate default.driver, default.url, and the dependency artifact for your connection type.Thick client connectionProperties Name Value default.driver org.apache.phoenix.jdbc.PhoenixDriver default.url jdbc:phoenix:localhost:2181:/hbase-unsecure default.user phoenix_user default.password phoenix_password Dependencies Artifact Excludes org.apache.phoenix:phoenix-core:4.4.0-HBase-1.0 Maven Repository: org.apache.phoenix:phoenix-coreThin client connectionProperties Name Value default.driver org.apache.phoenix.queryserver.client.Driver default.url jdbc:phoenix:thin:url=http://localhost:8765;serialization=PROTOBUF default.user phoenix_user default.password phoenix_password DependenciesBefore Addi ng one of the below dependencies, check the Phoenix version first. Artifact Excludes Description org.apache.phoenix:phoenix-server-client:4.7.0-HBase-1.1 For Phoenix 4.7 org.apache.phoenix:phoenix-queryserver-client:4.8.0-HBase-1.2 For Phoenix 4.8+ Maven Repository: org.apache.phoenix:phoenix-queryserver-clientApache TajoProperties Name Value default.driver org.apache.tajo.jdbc.TajoDriver default.url jdbc:tajo://localhost:26002/default Apache Tajo JDBC Driver DocsDependencies Artifact Excludes org.apache.tajo:tajo-jdbc:0.11.0 Maven Repository: org.apache.tajo:tajo-jdbcBug reportingIf you find a bug using JDBC interpreter, please create a JIRA ticket.", + "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Generic JDBC Interpreter for Apache ZeppelinOverviewJDBC interpreter lets you create a JDBC connection to any data sources seamlessly.Inserts, Updates, and Upserts are applied immediately after running each statement.By now, it has been tested with: Postgresql - JDBC Driver Mysql - JDBC Driver MariaDB - JDBC Driver Redshift - JDBC Driver Apac he Hive - JDBC Driver Apache Phoenix itself is a JDBC driver Apache Drill - JDBC Driver Apache Tajo - JDBC Driver If you are using other databases not in the above list, please feel free to share your use case. It would be helpful to improve the functionality of JDBC interpreter.Create a new JDBC InterpreterFirst, click + Create button at the top-right corner in the interpreter setting page.Fill Interpreter name field with whatever you want to use as the alias(e.g. mysql, mysql2, hive, redshift, and etc..). Please note that this alias will be used as %interpreter_name to call the interpreter in the paragraph. Then select jdbc as an Interpreter group. The default driver of JDBC interpreter is set as PostgreSQL. It means Zeppelin includes PostgreSQL driver jar in itself.So you don&#39;t need to add any dependencies(e.g. the artifact name or path for PostgreSQL driver jar) for PostgreSQL connection.The JDBC interpreter p roperties are defined by default like below. Name Default Value Description common.max_count 1000 The maximun number of SQL result to display default.driver org.postgresql.Driver JDBC Driver Name default.password The JDBC user password default.url jdbc:postgresql://localhost:5432/ The URL for JDBC default.user gpadmin The JDBC user name default.precode Some SQL which executes every time after initialization of the interpreter (see [Binding mode](../manual/interpreters.md#interpreter-binding-mode)) default.completer.schemaFilters Сomma separated schema (schema = catalog = database) filters to get metadata for completions. Supports '%' symbol is equivalent to any set of characters. (ex. prod_v_%,public%,info) default.completer.ttlInSeconds 120 Time to live sql completer in seconds (-1 to update everytime, 0 to disable update) default.splitQueries f alse Each query is executed apart and returns the result If you want to connect other databases such as Mysql, Redshift and Hive, you need to edit the property values.You can also use Credential for JDBC authentication.If default.user and default.password properties are deleted(using X button) for database connection in the interpreter setting page,the JDBC interpreter will get the account information from Credential.The below example is for Mysql connection.The last step is Dependency Setting. Since Zeppelin only includes PostgreSQL driver jar by default, you need to add each driver&#39;s maven coordinates or JDBC driver&#39;s jar file path for the other databases.That&#39;s it. You can find more JDBC connection setting examples(Mysql, MariaDB, Redshift, Apache Hive, Apache Phoenix, and Apache Tajo) in this section.More propertiesThere are more JDBC interpreter properties you can specify like below. Property Name Description common.max_result Max n umber of SQL result to display to prevent the browser overload. This is common properties for all connections zeppelin.jdbc.auth.type Types of authentications' methods supported are SIMPLE, and KERBEROS zeppelin.jdbc.principal The principal name to load from the keytab zeppelin.jdbc.keytab.location The path to the keytab file zeppelin.jdbc.auth.kerberos.proxy.enable When auth type is Kerberos, enable/disable Kerberos proxy with the login user to get the connection. Default value is true. default.jceks.file jceks store path (e.g: jceks://file/tmp/zeppelin.jceks) default.jceks.credentialKey jceks credential key You can also add more properties by using this method.For example, if a connection needs a schema parameter, it would have to add the property as follows: name value default.schema schema_name Binding JDBC interpter to notebookTo bind the interpreters created in the interpreter setting page , click the gear icon at the top-right corner.Select(blue) or deselect(white) the interpreter buttons depending on your use cases.If you need to use more than one interpreter in the notebook, activate several buttons.Don&#39;t forget to click Save button, or you will face Interpreter *** is not found error.How to useRun the paragraph with JDBC interpreterTo test whether your databases and Zeppelin are successfully connected or not, type %jdbc_interpreter_name(e.g. %mysql) at the top of the paragraph and run show databases.%jdbc_interpreter_nameshow databasesIf the paragraph is FINISHED without any errors, a new paragraph will be automatically added after the previous one with %jdbc_interpreter_name.So you don&#39;t need to type this prefix in every paragraphs&#39; header.Apply Zeppelin Dynamic FormsYou can leverage Zeppelin Dynamic Form inside your queries. You can use both the text input and select form parametrization features.%jdbc_interpreter_nameSELECT name, country , performerFROM demo.performersWHERE name=&#39;{{performer=Sheryl Crow|Doof|Fanfarlo|Los Paranoia}}&#39;Usage precodeYou can set precode for each data source. Code runs once while opening the connection.PropertiesAn example settings of interpreter for the two data sources, each of which has its precode parameter. Property Name Value default.driver org.postgresql.Driver default.password 1 default.url jdbc:postgresql://localhost:5432/ default.user postgres default.precode set search_path='test_path' mysql.driver com.mysql.jdbc.Driver mysql.password 1 mysql.url jdbc:mysql://localhost:3306/ mysql.user root mysql.precode set @v=12 UsageTest of execution precode for each data source.%jdbcshow search_pathReturns value of search_path which is set in the default.precode.%jdbc(mysql)select @vReturns value of v which is set in the mysql.precode.ExamplesHere are some exam ples you can refer to. Including the below connectors, you can connect every databases as long as it can be configured with it&#39;s JDBC driver.PostgresProperties Name Value default.driver org.postgresql.Driver default.url jdbc:postgresql://localhost:5432/ default.user mysql_user default.password mysql_password Postgres JDBC Driver DocsDependencies Artifact Excludes org.postgresql:postgresql:9.4.1211 Maven Repository: org.postgresql:postgresqlMysqlProperties Name Value default.driver com.mysql.jdbc.Driver default.url jdbc:mysql://localhost:3306/ default.user mysql_user default.password mysql_password Mysql JDBC Driver DocsDependencies Artifact Excludes mysql:mysql-connector-java:5.1.38 Maven Repository: mysql:mysql-connector-javaMariaDBProperties Name Value default.driver org.mariadb.jdbc.Driver default.url jdbc:ma riadb://localhost:3306 default.user mariadb_user default.password mariadb_password MariaDB JDBC Driver DocsDependencies Artifact Excludes org.mariadb.jdbc:mariadb-java-client:1.5.4 Maven Repository: org.mariadb.jdbc:mariadb-java-clientRedshiftProperties Name Value default.driver com.amazon.redshift.jdbc42.Driver default.url jdbc:redshift://your-redshift-instance-address.redshift.amazonaws.com:5439/your-database default.user redshift_user default.password redshift_password AWS Redshift JDBC Driver DocsDependencies Artifact Excludes com.amazonaws:aws-java-sdk-redshift:1.11.51 Maven Repository: com.amazonaws:aws-java-sdk-redshiftApache HiveProperties Name Value default.driver org.apache.hive.jdbc.HiveDriver default.url jdbc:hive2://localhost:10000 default.user hive_user default.password hive_password default.proxy.user.prop erty Example value: hive.server2.proxy.user Apache Hive 1 JDBC Driver DocsApache Hive 2 JDBC Driver DocsDependencies Artifact Excludes org.apache.hive:hive-jdbc:0.14.0 org.apache.hadoop:hadoop-common:2.6.0 Maven Repository : org.apache.hive:hive-jdbcImpersonationWhen Zeppelin server is running with authentication enabled, then the interpreter can utilize Hive&#39;s user proxy feature i.e. send extra parameter for creating and running a session (&quot;hive.server2.proxy.user=&quot;: &quot;${loggedInUser}&quot;). This is particularly useful when multiple users are sharing a notebook.To enable this set following:zeppelin.jdbc.auth.type as SIMPLE or KERBEROS (if required) in the interpreter setting.${prefix}.proxy.user.property as hive.server2.proxy.userSample configuration Name Value hive.driver org.apache.hive.jdbc.HiveDriver hive.password hive.url jdbc:hive2://hive-server-host:2181/;serviceD iscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2 hive.proxy.user.property hive.server2.proxy.user zeppelin.jdbc.auth.type SIMPLE Apache PhoenixPhoenix supports thick and thin connection types:Thick client is faster, but must connect directly to ZooKeeper and HBase RegionServers.Thin client has fewer dependencies and connects through a Phoenix Query Server instance.Use the appropriate default.driver, default.url, and the dependency artifact for your connection type.Thick client connectionProperties Name Value default.driver org.apache.phoenix.jdbc.PhoenixDriver default.url jdbc:phoenix:localhost:2181:/hbase-unsecure default.user phoenix_user default.password phoenix_password Dependencies Artifact Excludes org.apache.phoenix:phoenix-core:4.4.0-HBase-1.0 Maven Repository: org.apache.phoenix:phoenix-coreThin client connectionProperties Name Value default.driver org.apache.pho enix.queryserver.client.Driver default.url jdbc:phoenix:thin:url=http://localhost:8765;serialization=PROTOBUF default.user phoenix_user default.password phoenix_password DependenciesBefore Adding one of the below dependencies, check the Phoenix version first. Artifact Excludes Description org.apache.phoenix:phoenix-server-client:4.7.0-HBase-1.1 For Phoenix 4.7 org.apache.phoenix:phoenix-queryserver-client:4.8.0-HBase-1.2 For Phoenix 4.8+ Maven Repository: org.apache.phoenix:phoenix-queryserver-clientApache TajoProperties Name Value default.driver org.apache.tajo.jdbc.TajoDriver default.url jdbc:tajo://localhost:26002/default Apache Tajo JDBC Driver DocsDependencies Artifact Excludes org.apache.tajo:tajo-jdbc:0.11.0 Maven Repository: org.apache.tajo:tajo-jdbcBug reportingIf you find a bug using JDBC interpreter, please create a JIRA ticket.", "url": " /interpreter/jdbc.html", "group": "interpreter", "excerpt": "Generic JDBC Interpreter lets you create a JDBC connection to any data source. You can use Postgres, MySql, MariaDB, Redshift, Apache Hive, Apache Phoenix, Apache Drill and Apache Tajo using JDBC interpreter." @@ -634,7 +634,7 @@ "/rest-api/rest-configuration.html": { "title": "Apache Zeppelin Configuration REST API", - "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Apache Zeppelin Configuration REST APIOverviewApache Zeppelin provides several REST APIs for interaction and remote activation of zeppelin functionality.All REST APIs are available starting with the following endpoint http://[zeppelin-server]:[zeppelin-port]/api. Note that Apache Zeppelin REST APIs receive or return JSON objects, it is recommended for you to install some JSON viewers such as JSONView.If you work with Apache Zeppeli n and find a need for an additional REST API, please file an issue or send us an email.nd a need for an additional REST API, please file an issue or send us mail.Configuration REST API listList all key/value pair of configurations Description This GET method return all key/value pair of configurations on the server. Note: For security reason, some pairs would not be shown. URL http://[zeppelin-server]:[zeppelin-port]/api/configurations/all Success code 200 Fail code 500 sample JSON response { &quot;status&quot;: &quot;OK&quot;, &quot;message&quot;: &quot;&quot;, &quot;body&quot;: { &quot;zeppelin.war.tempdir&quot;: &quot;webapps&quot;, &quot;zeppelin.notebook.homescreen.hide&quot;: &quot;false&quot;, &quot;zeppelin.interpreter.remoterunner&quot;: &quot;bin/interpreter.sh&q uot;, &quot;zeppelin.notebook.s3.user&quot;: &quot;user&quot;, &quot;zeppelin.server.port&quot;: &quot;8089&quot;, &quot;zeppelin.dep.localrepo&quot;: &quot;local-repo&quot;, &quot;zeppelin.ssl.truststore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.keystore.path&quot;: &quot;keystore&quot;, &quot;zeppelin.notebook.s3.bucket&quot;: &quot;zeppelin&quot;, &quot;zeppelin.server.addr&quot;: &quot;0.0.0.0&quot;, &quot;zeppelin.ssl.client.auth&quot;: &quot;false&quot;, &quot;zeppelin.server.context.path&quot;: &quot;/&quot;, &quot;zeppelin.ssl.keystore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.truststore.path&quot;: &quot;truststore&quot;, &quot;zeppelin.interpreters&quot;: &quot;org.apache.zeppelin.spark.SparkInterpreter,org.apache.zeppelin.spark.PySparkInter preter,org.apache.zeppelin.spark.SparkRInterpreter,org.apache.zeppelin.spark.SparkSqlInterpreter,org.apache.zeppelin.spark.DepInterpreter,org.apache.zeppelin.markdown.Markdown,org.apache.zeppelin.angular.AngularInterpreter,org.apache.zeppelin.shell.ShellInterpreter,org.apache.zeppelin.flink.FlinkInterpreter,org.apache.zeppelin.lens.LensInterpreter,org.apache.zeppelin.ignite.IgniteInterpreter,org.apache.zeppelin.ignite.IgniteSqlInterpreter,org.apache.zeppelin.cassandra.CassandraInterpreter,org.apache.zeppelin.geode.GeodeOqlInterpreter,org.apache.zeppelin.kylin.KylinInterpreter,org.apache.zeppelin.elasticsearch.ElasticsearchInterpreter,org.apache.zeppelin.scalding.ScaldingInterpreter&quot;, &quot;zeppelin.ssl&quot;: &quot;false&quot;, &quot;zeppelin.notebook.autoInterpreterBinding&quot;: &quot;true&quot;, &quot;zeppelin.notebook.homescreen&quot;: &quot;&quot;, &quot;zeppelin.notebook.storage&quot;: &quot;org.a pache.zeppelin.notebook.repo.VFSNotebookRepo&quot;, &quot;zeppelin.interpreter.connect.timeout&quot;: &quot;30000&quot;, &quot;zeppelin.anonymous.allowed&quot;: &quot;true&quot;, &quot;zeppelin.server.allowed.origins&quot;:&quot;*&quot;, &quot;zeppelin.encoding&quot;: &quot;UTF-8&quot; }} List all prefix matched key/value pair of configurations Description This GET method return all prefix matched key/value pair of configurations on the server. Note: For security reason, some pairs would not be shown. URL http://[zeppelin-server]:[zeppelin-port]/api/configurations/prefix/[prefix] Success code 200 Fail code 500 sample JSON response { &quot;status&quot;: &quot;OK&quot;, &quot;message&quot;: &quot;&quot;, &quot;body&quot;: { &quot;zeppelin.ssl.keyst ore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.truststore.path&quot;: &quot;truststore&quot;, &quot;zeppelin.ssl.truststore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.keystore.path&quot;: &quot;keystore&quot;, &quot;zeppelin.ssl&quot;: &quot;false&quot;, &quot;zeppelin.ssl.client.auth&quot;: &quot;false&quot; }} ", + "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Apache Zeppelin Configuration REST APIOverviewApache Zeppelin provides several REST APIs for interaction and remote activation of zeppelin functionality.All REST APIs are available starting with the following endpoint http://[zeppelin-server]:[zeppelin-port]/api. Note that Apache Zeppelin REST APIs receive or return JSON objects, it is recommended for you to install some JSON viewers such as JSONView.If you work with Apache Zeppeli n and find a need for an additional REST API, please file an issue or send us an email.Configuration REST API listList all key/value pair of configurations Description This GET method return all key/value pair of configurations on the server. Note: For security reason, some pairs would not be shown. URL http://[zeppelin-server]:[zeppelin-port]/api/configurations/all Success code 200 Fail code 500 sample JSON response { &quot;status&quot;: &quot;OK&quot;, &quot;message&quot;: &quot;&quot;, &quot;body&quot;: { &quot;zeppelin.war.tempdir&quot;: &quot;webapps&quot;, &quot;zeppelin.notebook.homescreen.hide&quot;: &quot;false&quot;, &quot;zeppelin.interpreter.remoterunner&quot;: &quot;bin/interpreter.sh&quot;, &quot;zeppelin.notebook.s3.user&quot;: &quot;user& quot;, &quot;zeppelin.server.port&quot;: &quot;8089&quot;, &quot;zeppelin.dep.localrepo&quot;: &quot;local-repo&quot;, &quot;zeppelin.ssl.truststore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.keystore.path&quot;: &quot;keystore&quot;, &quot;zeppelin.notebook.s3.bucket&quot;: &quot;zeppelin&quot;, &quot;zeppelin.server.addr&quot;: &quot;0.0.0.0&quot;, &quot;zeppelin.ssl.client.auth&quot;: &quot;false&quot;, &quot;zeppelin.server.context.path&quot;: &quot;/&quot;, &quot;zeppelin.ssl.keystore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.truststore.path&quot;: &quot;truststore&quot;, &quot;zeppelin.interpreters&quot;: &quot;org.apache.zeppelin.spark.SparkInterpreter,org.apache.zeppelin.spark.PySparkInterpreter,org.apache.zeppelin.spark.SparkRInterpreter,org.apache.zeppelin.spar k.SparkSqlInterpreter,org.apache.zeppelin.spark.DepInterpreter,org.apache.zeppelin.markdown.Markdown,org.apache.zeppelin.angular.AngularInterpreter,org.apache.zeppelin.shell.ShellInterpreter,org.apache.zeppelin.flink.FlinkInterpreter,org.apache.zeppelin.lens.LensInterpreter,org.apache.zeppelin.ignite.IgniteInterpreter,org.apache.zeppelin.ignite.IgniteSqlInterpreter,org.apache.zeppelin.cassandra.CassandraInterpreter,org.apache.zeppelin.geode.GeodeOqlInterpreter,org.apache.zeppelin.kylin.KylinInterpreter,org.apache.zeppelin.elasticsearch.ElasticsearchInterpreter,org.apache.zeppelin.scalding.ScaldingInterpreter&quot;, &quot;zeppelin.ssl&quot;: &quot;false&quot;, &quot;zeppelin.notebook.autoInterpreterBinding&quot;: &quot;true&quot;, &quot;zeppelin.notebook.homescreen&quot;: &quot;&quot;, &quot;zeppelin.notebook.storage&quot;: &quot;org.apache.zeppelin.notebook.repo.VFSNotebookRepo&quot;, &quot;zeppel in.interpreter.connect.timeout&quot;: &quot;30000&quot;, &quot;zeppelin.anonymous.allowed&quot;: &quot;true&quot;, &quot;zeppelin.server.allowed.origins&quot;:&quot;*&quot;, &quot;zeppelin.encoding&quot;: &quot;UTF-8&quot; }} List all prefix matched key/value pair of configurations Description This GET method return all prefix matched key/value pair of configurations on the server. Note: For security reason, some pairs would not be shown. URL http://[zeppelin-server]:[zeppelin-port]/api/configurations/prefix/[prefix] Success code 200 Fail code 500 sample JSON response { &quot;status&quot;: &quot;OK&quot;, &quot;message&quot;: &quot;&quot;, &quot;body&quot;: { &quot;zeppelin.ssl.keystore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.trus tstore.path&quot;: &quot;truststore&quot;, &quot;zeppelin.ssl.truststore.type&quot;: &quot;JKS&quot;, &quot;zeppelin.ssl.keystore.path&quot;: &quot;keystore&quot;, &quot;zeppelin.ssl&quot;: &quot;false&quot;, &quot;zeppelin.ssl.client.auth&quot;: &quot;false&quot; }} ", "url": " /rest-api/rest-configuration.html", "group": "rest-api", "excerpt": "This page contains Apache Zeppelin Configuration REST API information." @@ -697,6 +697,17 @@ , + + "/rest-api/rest-zeppelin-server.html": { + "title": "Apache Zeppelin Server REST API", + "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->Apache Zeppelin Server REST APIOverviewApache Zeppelin provides several REST APIs for interaction and remote activation of zeppelin functionality.All REST APIs are available starting with the following endpoint http://[zeppelin-server]:[zeppelin-port]/api. Note that Apache Zeppelin REST APIs receive or return JSON objects, it is recommended for you to install some JSON viewers such as JSONView.If you work with Apache Zeppelin and f ind a need for an additional REST API, please file an issue or send us an email.Zeppelin Server REST API listChange the log level of Zeppelin Server Description This PUT method is used to update the root logger&#39;s log level of the server. URL http://[zeppelin-server]:[zeppelin-port]/api/log/level/&lt;LOG_LEVEL&gt; Success code 200 Fail code 406 sample JSON response { &quot;status&quot;: &quot;OK&quot;} sample error JSON response { &quot;status&quot;:&quot;NOT_ACCEPTABLE&quot;, &quot;message&quot;:&quot;Please check LOG level specified. Valid values: DEBUG, ERROR, FATAL, INFO, TRACE, WARN&quot;} ", + "url": " /rest-api/rest-zeppelin-server.html", + "group": "rest-api", + "excerpt": "This page contains Apache Zeppelin Server REST API information." + } + , + + @@ -724,6 +735,17 @@ + "/security/helium_authorization.html": { + "title": "Helium Authorization in Apache Zeppelin", + "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->{% include JB/setup %}# Helium Authorization in Apache Zeppelin## How to configure proxies?Set **http_proxy** and **https_proxy** env variables to allow connection to npm registry behind a corporate firewall.", + "url": " /security/helium_authorization.html", + "group": "security", + "excerpt": "Apache Zeppelin supports Helium plugins which fetch required installer packages from remote registry/repositories" + } + , + + + "/security/notebook_authorization.html": { "title": "Notebook Authorization in Apache Zeppelin", "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->{% include JB/setup %}# Zeppelin Notebook Authorization## OverviewWe assume that there is an **Shiro Authentication** component that associates a user string and a set of group strings with every NotebookSocket.If you don't set the authentication components yet, please check [Shiro authentication for Apache Zeppelin](./shiroauthentication.html) first.## Authorization SettingYou can set Zeppelin notebook permissions in each note books. Of course only **notebook owners** can change this configuration.Just click **Lock icon** and open the permission setting page in your notebook.As you can see, each Zeppelin notebooks has 3 entities :* Owners ( users or groups )* Readers ( users or groups )* Writers ( users or groups )Fill out the each forms with comma seperated **users** and **groups** configured in `conf/shiro.ini` file.If the form is empty (*), it means that any users can perform that operation.If someone who doesn't have **read** permission is trying to access the notebook or someone who doesn't have **write** permission is trying to edit the notebook, Zeppelin will ask to login or block the user.## Separate notebook workspaces (public vs. private)By default, the authorization rights allow other users to see the newly created note, meaning the workspace is `public`. This behavior is controllable and can be set through either `ZEPPELIN_NOTEBOOK_PUBLIC` variable in `conf/zeppelin-env.sh`, or through `zeppelin.notebook.public` property in `conf/zeppelin-site.xml`. Thus, in order to make newly created note appear only in your `private` workspace by default, you can set either `ZEPPELIN_NOTEBOOK_PUBLIC` to `false` in your `conf/zeppelin-env.sh` as follows:```export ZEPPELIN_NOTEBOOK_PUBLIC="false"```or set `zeppelin.notebook.public` property to `false` in `conf/zeppelin-site.xml` as follows:``` zeppelin.notebook.public false Make notebook public by default when created, private otherwise```Behind the scenes, when you create a new note only the `owners` field is filled with current user, leaving `readers` and `writers` fields empty. All the notes with at least one empty authorization field are considered to be in `public` workspace. Thus when setting `zeppelin.notebook.public` (or corresponding `ZEPPELIN_NOTEBOOK_PUBLIC`) to false, newly created notes have `readers` and `writers` fields filled with current user, making note appear as in `private` workspace.## How it w orksIn this section, we will explain the detail about how the notebook authorization works in backend side.### NotebookServerThe [NotebookServer](https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java) classifies every notebook operations into three categories: **Read**, **Write**, **Manage**.Before executing a notebook operation, it checks if the user and the groups associated with the `NotebookSocket` have permissions.For example, before executing a **Read** operation, it checks if the user and the groups have at least one entity that belongs to the **Reader** entities.### Notebook REST API callZeppelin executes a [REST API call](https://github.com/apache/zeppelin/blob/master/zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java) for the notebook permission information.In the backend side, Zeppelin gets the user information for the connection and allows the operation if the users and groupsa ssociated with the current user have at least one entity that belongs to owner entities for the notebook.", @@ -737,7 +759,7 @@ "/security/shiroauthentication.html": { "title": "Apache Shiro Authentication for Apache Zeppelin", - "content" : "<!--Licensed under the Apache License, Version 2.0 (the "License");you may not use this file except in compliance with the License.You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License.-->{% include JB/setup %}# Apache Shiro authentication for Apache Zeppelin## Overview[Apache Shiro](http://shiro.apache.org/) is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. In this documentation, we will explain step by step how Shiro works for Zeppelin notebook authentication.When you connect to Apache Zeppelin, you will be asked to enter your c redentials. Once you logged in, then you have access to all notes including other user's notes.## Security SetupYou can setup **Zeppelin notebook authentication** in some simple steps.### 1. Enable ShiroBy default in `conf`, you will find `shiro.ini.template`, this file is used as an example and it is strongly recommendedto create a `shiro.ini` file by doing the following command line```bashcp conf/shiro.ini.template conf/shiro.ini```For the further information about `shiro.ini` file format, please refer to [Shiro Configuration](http://shiro.apache.org/configuration.html#Configuration-INISections).### 2. Secure the Websocket channelSet to property **zeppelin.anonymous.allowed** to **false** in `conf/zeppelin-site.xml`. If you don't have this file yet, just copy `conf/zeppelin-site.xml.template` to `conf/zeppelin-site.xml`.### 3. Start Zeppelin```bin/zeppelin-daemon.sh start (or restart)```Then you can browse Zeppelin at [http://localhost:8080](http://localhost:8080).### 4. LoginFinally, you can login using one of the below **username/password** combinations.```[users]admin = password1, adminuser1 = password2, role1, role2user2 = password3, role3user3 = password4, role2```You can set the roles for each users next to the password.## Groups and permissions (optional)In case you want to leverage user groups and permissions, use one of the following configuration for LDAP or AD under `[main]` segment in `shiro.ini`.```activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealmactiveDirectoryRealm.systemUsername = userNameAactiveDirectoryRealm.systemPassword = passwordAactiveDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COMactiveDirectoryRealm.url = ldap://ldap.test.com:389activeDirectoryRealm.groupRolesMap = "CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1"activeDirectoryRealm.authorizationCachingEnabled = falseactiveDirectoryRealm.principalSuffix = @corp.company.netldapRealm = org.apac he.zeppelin.server.LdapGroupRealm# search base for ldap groups (only relevant for LdapGroupRealm):ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COMldapRealm.contextFactory.url = ldap://ldap.test.com:389ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COMldapRealm.contextFactory.authenticationMechanism = simple```also define roles/groups that you want to have in system, like below;```[roles]admin = *hr = *finance = *group1 = *```## Configure Realm (optional)Realms are responsible for authentication and authorization in Apache Zeppelin. By default, Apache Zeppelin uses [IniRealm](https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/text/IniRealm.html) (users and groups are configurable in `conf/shiro.ini` file under `[user]` and `[group]` section). You can also leverage Shiro Realms like [JndiLdapRealm](https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/ldap/JndiLdapRealm.html), [JdbcRealm](https://shiro.apache.org/s tatic/latest/apidocs/org/apache/shiro/realm/jdbc/JdbcRealm.html) or create [our own](https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/AuthorizingRealm.html).To learn more about Apache Shiro Realm, please check [this documentation](http://shiro.apache.org/realm.html).We also provide community custom Realms.### Active Directory```activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealmactiveDirectoryRealm.systemUsername = userNameAactiveDirectoryRealm.systemPassword = passwordAactiveDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceksactiveDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COMactiveDirectoryRealm.url = ldap://ldap.test.com:389activeDirectoryRealm.groupRolesMap = "CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1"activeDirectoryRealm.authorizationCachingEnabled = falseactiveDirectoryRealm.principalSuffix = @corp.company.net```Also instead of s pecifying systemPassword in clear text in shiro.ini administrator can choose to specify the same in "hadoop credential".Create a keystore file using the hadoop credential commandline, for this the hadoop commons should be in the classpath`hadoop credential create activeDirectoryRealm.systempassword -provider jceks://file/user/zeppelin/conf/zeppelin.jceks`Change the following values in the Shiro.ini file, and uncomment the line:`activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks`### LDAP```ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm# search base for ldap groups (only relevant for LdapGroupRealm):ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COMldapRealm.contextFactory.url = ldap://ldap.test.com:389ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COMldapRealm.contextFactory.authenticationMechanism = simple```### PAM[PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) aut hentication support allows the reuse of existing authentication moduls on the host where Zeppelin is running. On a typical system modules are configured per service for example sshd, passwd, etc. under `/etc/pam.d/`. You caneither reuse one of these services or create your own for Zeppelin. Activiting PAM authentication requires two parameters: 1. realm: The Shiro realm being used 2. service: The service configured under `/etc/pam.d/` to be used. The name here needs to be the same as the file name under `/etc/pam.d/` ```[main] pamRealm=org.apache.zeppelin.realm.PamRealm pamRealm.service=sshd```### ZeppelinHub[ZeppelinHub](https://www.zeppelinhub.com) is a service that synchronize your Apache Zeppelin notebooks and enables you to collaborate easily.To enable login with your ZeppelinHub credential, apply the following change in `conf/shiro.ini` under `[main]` section.```### A sample for configuring ZeppelinHub RealmzeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm## Url of ZeppelinHubzeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.comsecurityManager.realms = $zeppelinHubRealm```> Note: ZeppelinHub is not releated to Apache Zeppelin project.## Secure your Zeppelin information (optional)By default, anyone who defined in `[users]` can share **Interpreter Setting**, **Credential** and **Configuration** information in Apache Zeppelin.Sometimes you might want to hide these information for your use case.Since Shiro provides **url-based security**, you can hide the information by commenting or uncommenting these below lines in `conf/shiro.ini`.```[urls]/api/interpreter/** = authc, roles[admin]/api/configurations/** = authc, roles[admin]/api/credential/** = authc, roles[admin]```In this case, only who have `admin` role can see **Interpreter Setting**, **Credential** and **Configuration** information.If you want to grant this permission to other users, you can change **roles[ ]** as you defined at `[users]` section.> **NOTE :** All of the above configurations are defined in the `conf/shiro.ini` file.## Other authentication methods- [HTTP Basic Authentication using NGINX](./authentication.html)",
[... 5 lines stripped ...] Modified: zeppelin/site/docs/0.8.0-SNAPSHOT/security/authentication.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.0-SNAPSHOT/security/authentication.html?rev=1798613&r1=1798612&r2=1798613&view=diff ============================================================================== --- zeppelin/site/docs/0.8.0-SNAPSHOT/security/authentication.html (original) +++ zeppelin/site/docs/0.8.0-SNAPSHOT/security/authentication.html Tue Jun 13 16:55:32 2017 @@ -135,6 +135,7 @@ <li><a href="/docs/0.8.0-SNAPSHOT/displaysystem/basicdisplaysystem.html#text">Text</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/displaysystem/basicdisplaysystem.html#html">Html</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/displaysystem/basicdisplaysystem.html#table">Table</a></li> + <li><a href="/docs/0.8.0-SNAPSHOT/displaysystem/basicdisplaysystem.html#network">Network</a></li> <li role="separator" class="divider"></li> <li class="title"><span><b>Angular API</b><span></li> <li><a href="/docs/0.8.0-SNAPSHOT/displaysystem/back-end-angular.html">Angular (backend API)</a></li> @@ -152,6 +153,7 @@ <li><a href="/docs/0.8.0-SNAPSHOT/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li> <li role="separator" class="divider"></li> <li class="title"><span><b>REST API</b><span></li> + <li><a href="/docs/0.8.0-SNAPSHOT/rest-api/rest-zeppelin-server.html">Zeppelin Server API</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/rest-api/rest-interpreter.html">Interpreter API</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/rest-api/rest-notebook.html">Notebook API</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/rest-api/rest-notebookRepo.html">Notebook Repository API</a></li> @@ -163,6 +165,7 @@ <li><a href="/docs/0.8.0-SNAPSHOT/security/shiroauthentication.html">Shiro Authentication</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/security/notebook_authorization.html">Notebook Authorization</a></li> <li><a href="/docs/0.8.0-SNAPSHOT/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.8.0-SNAPSHOT/security/helium_authorization.html">Helium Authorization</a></li> <li role="separator" class="divider"></li> <li class="title"><span><b>Helium Framework (Experimental)</b></span></li> <li><a href="/docs/0.8.0-SNAPSHOT/development/writingzeppelinapplication.html">Writing Zeppelin Application</a></li>
