This is an automated email from the ASF dual-hosted git repository.
jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 906b911 [ZEPPELIN-5406] Add detailed explanation for Impersonate on
LDAP & Kerberized environments
906b911 is described below
commit 906b911e6248ad1685c22cdd8cb5a9dd23865d50
Author: sangrho.lee <sangrho....@linecorp.com>
AuthorDate: Tue Jun 8 13:17:58 2021 +0900
[ZEPPELIN-5406] Add detailed explanation for Impersonate on LDAP &
Kerberized environments
### What is this PR for?
For detailed explanation for how to impersonate on LDAP & Kerberized
environments.
### What type of PR is it?
[Documentation]
### Todos
* [ ] - Task
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-5406
### How should this be tested?
This is about documents update so that the test is not needed.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? Yes
* Does this needs documentation? Yes
Author: sangrho.lee <sangrho....@linecorp.com>
Closes #4132 from Sangrho/add_detailed_explanation_for_impersonate and
squashes the following commits:
ebde044ee [sangrho.lee] [ZEPPELIN-5406] Add explanation for Impersonate on
LDAP & Kerberized_environments
---
docs/usage/interpreter/user_impersonation.md | 61 +++++++++++++++++++++++++++-
1 file changed, 59 insertions(+), 2 deletions(-)
diff --git a/docs/usage/interpreter/user_impersonation.md
b/docs/usage/interpreter/user_impersonation.md
index 28e2814..722f89f 100644
--- a/docs/usage/interpreter/user_impersonation.md
+++ b/docs/usage/interpreter/user_impersonation.md
@@ -2,7 +2,7 @@
layout: page
title: "Impersonation"
description: "Set up zeppelin interpreter process as web front end user."
-group: usage/interpreter
+group: usage/interpreter
---
<!--
Licensed under the Apache License, Version 2.0 (the "License");
@@ -25,6 +25,8 @@ User impersonation enables to run zeppelin interpreter
process as a web frontend
## Setup
+### Linux User
+
#### 1. Enable Shiro auth in `conf/shiro.ini`
```
@@ -59,7 +61,7 @@ bin/zeppelin-daemon restart
bin\zeppelin.cmd
```
-#### 5. Configure impersonation for interpreter
+#### 5. Configure impersonation for interpreter
<div class="row">
<div class="col-md-12" >
@@ -82,3 +84,58 @@ whoami
```
Note that usage of "User Impersonate" option will enable Spark interpreter to
use `--proxy-user` option with current user by default. If you want to disable
`--proxy-user` option, then refer to `ZEPPELIN_IMPERSONATE_SPARK_PROXY_USER`
variable in `conf/zeppelin-env.sh`
+
+
+### LDAP User with kerberized HDFS
+
+#### 1. Set the user(zeppelin) to be enable to set proxyuser in `core-site.xml`
+```bash
+<property>
+ <name>hadoop.proxyuser.zeppelin.groups</name>
+ <value>*</value>
+</property>
+<property>
+ <name>hadoop.proxyuser.zeppelin.users</name>
+ <value>*</value>
+</property>
+<property>
+ <name>hadoop.proxyuser.zeppelin.hosts</name>
+ <value>*</value>
+</property>
+```
+#### 2. Set the group to be enable to connect Hive metastore in 'core-site.xml'
+```bash
+<property>
+ <name>hadoop.proxyuser.hive.groups</name>
+ <value>zeppelin</value>
+</property>
+```
+
+#### 3. Enable Kerberos setting in `zeppelin-site.xml`
+```bash
+<property>
+ <name>zeppelin.server.kerberos.keytab</name>
+ <value>zeppelin.keytab</value>
+</property>
+
+<property>
+ <name>zeppelin.server.kerberos.principal</name>
+ <value>zeppelin@principal</value>
+</property>
+```
+#### 4. Restart zeppelin server.
+
+```bash
+# for OSX, linux
+bin/zeppelin-daemon restart
+
+# for windows
+bin\zeppelin.cmd
+```
+
+#### 5. Configure impersonation for interpreter
+Option
+
+The interpreter will be instantiated *Per User* in *isolated* process
+
+*User impersonate*
