Added: zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html?rev=1867691&view=auto ============================================================================== --- zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html (added) +++ zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html Sun Sep 29 07:08:10 2019 @@ -0,0 +1,553 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.8.0 Documentation: Apache Shiro Authentication for Apache Zeppelin</title> + <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. This document explains step by step how Shiro can be used for Zeppelin notebook authentication."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.8.0/assets/themes//css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js"></script> + <script src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.8.0/assets/themes//js/docs.js"></script> + <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script> + <script src="/docs/0.8.0/assets/themes//js/toc.js"></script> + <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script> + <script src="/docs/0.8.0/assets/themes//js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.8.0/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.8.0/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container navbar-container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org"> + <img src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" + style="margin-top: -2px;" alt="I'm zeppelin"> + <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span> + <a class="navbar-brand-version" href="/docs/0.8.0" + style="font-size: 15px; color: white;"> 0.8.0 + </a> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span>Getting Started</span></li> + <li><a href="/docs/0.8.0/quickstart/install.html">Install</a></li> + <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore UI</a></li> + <li><a href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with Zeppelin</a></li> + <li><a href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li> + <li><a href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with Zeppelin</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Usage<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Dynamic Form</span></li> + <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What is Dynamic Form?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Display System</span></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#network">Network Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display using Backend API</a></li> + <li><a href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display using Frontend API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Interpreter</span></li> + <li><a href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter Binding Mode</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User Impersonation</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency Management</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/installation.html">Installing Interpreters</a></li> + <!--<li><a href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter Loading (Experimental)</a></li>--> + <li><a href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Other Features</span></li> + <li><a href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing Paragraphs</a></li> + <li><a href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized Mode</a></li> + <li><a href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing Zeppelin Homepage</a></li> + <li><a href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook Actions</a></li> + <li><a href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron Scheduler</a></li> + <li><a href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin Context</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>REST API</span></li> + <li><a href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium API</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Setup<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Basics</span></li> + <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user Support</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Deployment</span></li> + <!--<li><a href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for Zeppelin</a></li>--> + <li><a href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark Cluster Mode: Standalone</a></li> + <li><a href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark Cluster Mode: YARN</a></li> + <li><a href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark Cluster Mode: Mesos</a></li> + <li><a href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with Flink, Spark Cluster</a></li> + <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin on CDH</a></li> + <li><a href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM: Vagrant</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Security</span></li> + <li><a href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth using NGINX</a></li> + <li><a href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security Headers</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Notebook Storage</span></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Operation</span></li> + <li><a href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li> + <li><a href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li> + <li><a href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li> + <li><a href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble Shooting</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Interpreters</span></li> + <li><a href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li> + <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.8.0/interpreter/python.html">Python</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li> + <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li> + <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li> + <li><a href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span>Extending Zeppelin</span></li> + <li><a href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing Zeppelin Interpreter</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Helium (Experimental)</span></li> + <li><a href="/docs/0.8.0/development/helium/overview.html">Overview</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium Application</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium Spell</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing Helium Visualization: Basics</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing Helium Visualization: Transformation</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Contributing to Zeppelin</span></li> + <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful Developer Tools</a></li> + <li><a href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to Contribute (code)</a></li> + <li><a href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How to Contribute (website)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>External Resources</span></li> + <li><a target="_blank" href="">Mailing List</a></li> + <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li> + <li><a target="_blank" href="">Stackoverflow Questions about Zeppelin</a></li> + </ul> + </li> + <li> + <a href="/docs/0.8.0/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Apache Shiro Authentication for Apache Zeppelin"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Apache Shiro authentication for Apache Zeppelin</h1> + +<div id="toc"></div> + +<h2>Overview</h2> + +<p><a href="http://shiro.apache.org/">Apache Shiro</a> is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. In this documentation, we will explain step by step how Shiro works for Zeppelin notebook authentication.</p> + +<p>When you connect to Apache Zeppelin, you will be asked to enter your credentials. Once you logged in, then you have access to all notes including other user's notes.</p> + +<h2>Security Setup</h2> + +<p>You can setup <strong>Zeppelin notebook authentication</strong> in some simple steps.</p> + +<h3>1. Enable Shiro</h3> + +<p>By default in <code>conf</code>, you will find <code>shiro.ini.template</code>, this file is used as an example and it is strongly recommended +to create a <code>shiro.ini</code> file by doing the following command line</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span>cp conf/shiro.ini.template conf/shiro.ini +</code></pre></div> +<p>For the further information about <code>shiro.ini</code> file format, please refer to <a href="http://shiro.apache.org/configuration.html#Configuration-INISections">Shiro Configuration</a>.</p> + +<h3>2. Secure the Websocket channel</h3> + +<p>Set to property <strong>zeppelin.anonymous.allowed</strong> to <strong>false</strong> in <code>conf/zeppelin-site.xml</code>. If you don't have this file yet, just copy <code>conf/zeppelin-site.xml.template</code> to <code>conf/zeppelin-site.xml</code>.</p> + +<h3>3. Start Zeppelin</h3> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span>bin/zeppelin-daemon.sh start <span class="c1">#(or restart)</span> +</code></pre></div> +<p>Then you can browse Zeppelin at <a href="http://localhost:8080">http://localhost:8080</a>.</p> + +<h3>4. Login</h3> + +<p>Finally, you can login using one of the below <strong>username/password</strong> combinations.</p> + +<p><center><img src="/docs/0.8.0/assets/themes/zeppelin/img/docs-img/zeppelin-login.png"></center></p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[users] + +admin = password1, admin +user1 = password2, role1, role2 +user2 = password3, role3 +user3 = password4, role2 +</code></pre></div> +<p>You can set the roles for each users next to the password.</p> + +<h2>Groups and permissions (optional)</h2> + +<p>In case you want to leverage user groups and permissions, use one of the following configuration for LDAP or AD under <code>[main]</code> segment in <code>shiro.ini</code>.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm +activeDirectoryRealm.systemUsername = userNameA +activeDirectoryRealm.systemPassword = passwordA +activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM +activeDirectoryRealm.url = ldap://ldap.test.com:389 +activeDirectoryRealm.groupRolesMap = "CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1" +activeDirectoryRealm.authorizationCachingEnabled = false +activeDirectoryRealm.principalSuffix = @corp.company.net + +ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm +# search base for ldap groups (only relevant for LdapGroupRealm): +ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM +ldapRealm.contextFactory.url = ldap://ldap.test.com:389 +ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM +ldapRealm.contextFactory.authenticationMechanism = simple +</code></pre></div> +<p>also define roles/groups that you want to have in system, like below;</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[roles] +admin = * +hr = * +finance = * +group1 = * +</code></pre></div> +<h2>Configure Realm (optional)</h2> + +<p>Realms are responsible for authentication and authorization in Apache Zeppelin. By default, Apache Zeppelin uses <a href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/text/IniRealm.html">IniRealm</a> (users and groups are configurable in <code>conf/shiro.ini</code> file under <code>[user]</code> and <code>[group]</code> section). You can also leverage Shiro Realms like <a href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/ldap/JndiLdapRealm.html">JndiLdapRealm</a>, <a href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/jdbc/JdbcRealm.html">JdbcRealm</a> or create <a href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/AuthorizingRealm.html">our own</a>. +To learn more about Apache Shiro Realm, please check <a href="http://shiro.apache.org/realm.html">this documentation</a>.</p> + +<p>We also provide community custom Realms.</p> + +<p><strong>Note</strong>: When using any of the below realms the default + password-based (IniRealm) authentication needs to be disabled.</p> + +<h3>Active Directory</h3> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm +activeDirectoryRealm.systemUsername = userNameA +activeDirectoryRealm.systemPassword = passwordA +activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks +activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM +activeDirectoryRealm.url = ldap://ldap.test.com:389 +activeDirectoryRealm.groupRolesMap = "CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1" +activeDirectoryRealm.authorizationCachingEnabled = false +activeDirectoryRealm.principalSuffix = @corp.company.net +</code></pre></div> +<p>Also instead of specifying systemPassword in clear text in shiro.ini administrator can choose to specify the same in "hadoop credential". +Create a keystore file using the hadoop credential commandline, for this the hadoop commons should be in the classpath +<code>hadoop credential create activeDirectoryRealm.systempassword -provider jceks://file/user/zeppelin/conf/zeppelin.jceks</code></p> + +<p>Change the following values in the Shiro.ini file, and uncomment the line: +<code>activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks</code></p> + +<h3>LDAP</h3> + +<p>Two options exist for configuring an LDAP Realm. The simpler to use is the LdapGroupRealm. How ever it has limited +flexibility with mapping of ldap groups to users and for authorization for user groups. A sample configuration file for +this realm is given below.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm +# search base for ldap groups (only relevant for LdapGroupRealm): +ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM +ldapRealm.contextFactory.url = ldap://ldap.test.com:389 +ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM +ldapRealm.contextFactory.authenticationMechanism = simple +</code></pre></div> +<p>The other more flexible option is to use the LdapRealm. It allows for mapping of ldapgroups to roles and also allows for + role/group based authentication into the zeppelin server. Sample configuration for this realm is given below.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[main] +ldapRealm=org.apache.zeppelin.realm.LdapRealm + +ldapRealm.contextFactory.authenticationMechanism=simple +ldapRealm.contextFactory.url=ldap://localhost:33389 +ldapRealm.userDnTemplate=uid={0},ou=people,dc=hadoop,dc=apache,dc=org +# Ability to set ldap paging Size if needed default is 100 +ldapRealm.pagingSize = 200 +ldapRealm.authorizationEnabled=true +ldapRealm.contextFactory.systemAuthenticationMechanism=simple +ldapRealm.searchBase=dc=hadoop,dc=apache,dc=org +ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org +ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org +ldapRealm.groupObjectClass=groupofnames +# Allow userSearchAttribute to be customized +ldapRealm.userSearchAttributeName = sAMAccountName +ldapRealm.memberAttribute=member +# force usernames returned from ldap to lowercase useful for AD +ldapRealm.userLowerCase = true +# ability set searchScopes subtree (default), one, base +ldapRealm.userSearchScope = subtree; +ldapRealm.groupSearchScope = subtree; +ldapRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=hadoop,dc=apache,dc=org +ldapRealm.contextFactory.systemUsername=uid=guest,ou=people,dc=hadoop,dc=apache,dc=org +ldapRealm.contextFactory.systemPassword=S{ALIAS=ldcSystemPassword} +# enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN operator +ldapRealm.groupSearchEnableMatchingRuleInChain = true +# optional mapping from physical groups to logical application roles +ldapRealm.rolesByGroup = LDN_USERS: user_role, NYK_USERS: user_role, HKG_USERS: user_role, GLOBAL_ADMIN: admin_role +# optional list of roles that are allowed to authenticate. Incase not present all groups are allowed to authenticate (login). +# This changes nothing for url specific permissions that will continue to work as specified in [urls]. +ldapRealm.allowedRolesForAuthentication = admin_role,user_role +ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = * +securityManager.sessionManager = $sessionManager +securityManager.realms = $ldapRealm +</code></pre></div> +<p>Also instead of specifying systemPassword in clear text in <code>shiro.ini</code> administrator can choose to specify the same in "hadoop credential". +Create a keystore file using the hadoop credential command line: +<code> +hadoop credential create ldapRealm.systemPassword -provider jceks://file/user/zeppelin/conf/zeppelin.jceks +</code></p> + +<p>Add the following line in the <code>shiro.ini</code> file: +<code> +ldapRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks +</code></p> + +<h3>PAM</h3> + +<p><a href="https://en.wikipedia.org/wiki/Pluggable_authentication_module">PAM</a> authentication support allows the reuse of existing authentication +moduls on the host where Zeppelin is running. On a typical system modules are configured per service for example sshd, passwd, etc. under <code>/etc/pam.d/</code>. You can +either reuse one of these services or create your own for Zeppelin. Activiting PAM authentication requires two parameters: + 1. realm: The Shiro realm being used + 2. service: The service configured under <code>/etc/pam.d/</code> to be used. The name here needs to be the same as the file name under <code>/etc/pam.d/</code></p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[main] + pamRealm=org.apache.zeppelin.realm.PamRealm + pamRealm.service=sshd +</code></pre></div> +<h3>ZeppelinHub</h3> + +<p><a href="https://www.zeppelinhub.com">ZeppelinHub</a> is a service that synchronize your Apache Zeppelin notebooks and enables you to collaborate easily.</p> + +<p>To enable login with your ZeppelinHub credential, apply the following change in <code>conf/shiro.ini</code> under <code>[main]</code> section.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>### A sample for configuring ZeppelinHub Realm +zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm +## Url of ZeppelinHub +zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com +securityManager.realms = $zeppelinHubRealm +</code></pre></div> +<blockquote> +<p>Note: ZeppelinHub is not releated to Apache Zeppelin project.</p> +</blockquote> + +<h3>Knox SSO</h3> + +<p><a href="https://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration">KnoxSSO</a> provides an abstraction for integrating any number of authentication systems and SSO solutions and enables participating web applications to scale to those solutions more easily. Without the token exchange capabilities offered by KnoxSSO each component UI would need to integrate with each desired solution on its own.</p> + +<p>To enable this, apply the following change in <code>conf/shiro.ini</code> under <code>[main]</code> section.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>### A sample for configuring Knox JWT Realm +knoxJwtRealm = org.apache.zeppelin.realm.jwt.KnoxJwtRealm +## Domain of Knox SSO +knoxJwtRealm.providerUrl = https://domain.example.com/ +## Url for login +knoxJwtRealm.login = gateway/knoxsso/knoxauth/login.html +## Url for logout +knoxJwtRealm.logout = gateway/knoxssout/api/v1/webssout +knoxJwtRealm.redirectParam = originalUrl +knoxJwtRealm.cookieName = hadoop-jwt +knoxJwtRealm.publicKeyPath = /etc/zeppelin/conf/knox-sso.pem +knoxJwtRealm.groupPrincipalMapping = group.principal.mapping +knoxJwtRealm.principalMapping = principal.mapping +# This is required if KNOX SSO is enabled, to check if "knoxJwtRealm.cookieName" cookie was expired/deleted. +authc = org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter +</code></pre></div> +<h2>Secure Cookie for Zeppelin Sessions (optional)</h2> + +<p>Zeppelin can be configured to set <code>HttpOnly</code> flag in the session cookie. With this configuration, Zeppelin cookies can +not be accessed via client side scripts thus preventing majority of Cross-site scripting (XSS) attacks.</p> + +<p>To enable secure cookie support via Shiro, add the following lines in <code>conf/shiro.ini</code> under <code>[main]</code> section, after +defining a <code>sessionManager</code>.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>cookie = org.apache.shiro.web.servlet.SimpleCookie +cookie.name = JSESSIONID +cookie.secure = true +cookie.httpOnly = true +sessionManager.sessionIdCookie = $cookie +</code></pre></div> +<h2>Secure your Zeppelin information (optional)</h2> + +<p>By default, anyone who defined in <code>[users]</code> can share <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information in Apache Zeppelin. +Sometimes you might want to hide these information for your use case. +Since Shiro provides <strong>url-based security</strong>, you can hide the information by commenting or uncommenting these below lines in <code>conf/shiro.ini</code>.</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[urls] + +/api/interpreter/** = authc, roles[admin] +/api/configurations/** = authc, roles[admin] +/api/credential/** = authc, roles[admin] +</code></pre></div> +<p>In this case, only who have <code>admin</code> role can see <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information. +If you want to grant this permission to other users, you can change <strong>roles[ ]</strong> as you defined at <code>[users]</code> section.</p> + +<h3>Apply multiple roles in Shiro configuration</h3> + +<p>By default, Shiro will allow access to a URL if only user is part of "<strong>all the roles</strong>" defined like this:</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[urls] + +/api/interpreter/** = authc, roles[admin, role1] +</code></pre></div> +<h3>Apply multiple roles or user in Shiro configuration</h3> + +<p>If there is a need that user with "<strong>any of the defined roles or user itself</strong>" should be allowed, then following Shiro configuration can be used:</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>[main] +anyofrolesuser = org.apache.zeppelin.utils.AnyOfRolesUserAuthorizationFilter + +[urls] + +/api/interpreter/** = authc, anyofrolesuser[admin, user1] +/api/configurations/** = authc, roles[admin] +/api/credential/** = authc, roles[admin] +</code></pre></div> +<p><br/></p> + +<blockquote> +<p><strong>NOTE :</strong> All of the above configurations are defined in the <code>conf/shiro.ini</code> file.</p> +</blockquote> + +<h2>Other authentication methods</h2> + +<ul> +<li><a href="./authentication_nginx.html">HTTP Basic Authentication using NGINX</a></li> +</ul> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2019 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> +
Propchange: zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html ------------------------------------------------------------------------------ svn:executable = * Added: zeppelin/site/docs/0.8.2/setup/storage/storage.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/storage/storage.html?rev=1867691&view=auto ============================================================================== --- zeppelin/site/docs/0.8.2/setup/storage/storage.html (added) +++ zeppelin/site/docs/0.8.2/setup/storage/storage.html Sun Sep 29 07:08:10 2019 @@ -0,0 +1,681 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.8.0 Documentation: Notebook Storage for Apache Zeppelin</title> + <meta name="description" content="Apache Zeppelin has a pluggable notebook storage mechanism controlled by zeppelin.notebook.storage configuration option with multiple implementations.""> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.8.0/assets/themes//css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js"></script> + <script src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.8.0/assets/themes//js/docs.js"></script> + <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script> + <script src="/docs/0.8.0/assets/themes//js/toc.js"></script> + <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script> + <script src="/docs/0.8.0/assets/themes//js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.8.0/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.8.0/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container navbar-container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org"> + <img src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" + style="margin-top: -2px;" alt="I'm zeppelin"> + <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span> + <a class="navbar-brand-version" href="/docs/0.8.0" + style="font-size: 15px; color: white;"> 0.8.0 + </a> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span>Getting Started</span></li> + <li><a href="/docs/0.8.0/quickstart/install.html">Install</a></li> + <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore UI</a></li> + <li><a href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with Zeppelin</a></li> + <li><a href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li> + <li><a href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with Zeppelin</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Usage<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Dynamic Form</span></li> + <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What is Dynamic Form?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Display System</span></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/basic.html#network">Network Display</a></li> + <li><a href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display using Backend API</a></li> + <li><a href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display using Frontend API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Interpreter</span></li> + <li><a href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter Binding Mode</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User Impersonation</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency Management</a></li> + <li><a href="/docs/0.8.0/usage/interpreter/installation.html">Installing Interpreters</a></li> + <!--<li><a href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter Loading (Experimental)</a></li>--> + <li><a href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Other Features</span></li> + <li><a href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing Paragraphs</a></li> + <li><a href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized Mode</a></li> + <li><a href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing Zeppelin Homepage</a></li> + <li><a href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook Actions</a></li> + <li><a href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron Scheduler</a></li> + <li><a href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin Context</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>REST API</span></li> + <li><a href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li> + <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium API</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Setup<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Basics</span></li> + <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user Support</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Deployment</span></li> + <!--<li><a href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for Zeppelin</a></li>--> + <li><a href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark Cluster Mode: Standalone</a></li> + <li><a href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark Cluster Mode: YARN</a></li> + <li><a href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark Cluster Mode: Mesos</a></li> + <li><a href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with Flink, Spark Cluster</a></li> + <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin on CDH</a></li> + <li><a href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM: Vagrant</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Security</span></li> + <li><a href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth using NGINX</a></li> + <li><a href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security Headers</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Notebook Storage</span></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li><a href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Operation</span></li> + <li><a href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li> + <li><a href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li> + <li><a href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li> + <li><a href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble Shooting</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Interpreters</span></li> + <li><a href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li> + <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.8.0/interpreter/python.html">Python</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li> + <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li> + <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li> + <li><a href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span>Extending Zeppelin</span></li> + <li><a href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing Zeppelin Interpreter</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Helium (Experimental)</span></li> + <li><a href="/docs/0.8.0/development/helium/overview.html">Overview</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium Application</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium Spell</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing Helium Visualization: Basics</a></li> + <li><a href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing Helium Visualization: Transformation</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Contributing to Zeppelin</span></li> + <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful Developer Tools</a></li> + <li><a href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to Contribute (code)</a></li> + <li><a href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How to Contribute (website)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>External Resources</span></li> + <li><a target="_blank" href="">Mailing List</a></li> + <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li> + <li><a target="_blank" href="">Stackoverflow Questions about Zeppelin</a></li> + </ul> + </li> + <li> + <a href="/docs/0.8.0/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Notebook Storage for Apache Zeppelin"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Notebook storage options for Apache Zeppelin</h1> + +<div id="toc"></div> + +<h2>Overview</h2> + +<p>Apache Zeppelin has a pluggable notebook storage mechanism controlled by <code>zeppelin.notebook.storage</code> configuration option with multiple implementations. +There are few notebook storage systems available for a use out of the box:</p> + +<ul> +<li>(default) use local file system and version it using local Git repository - <code>GitNotebookRepo</code></li> +<li>all notes are saved in the notebook folder in your local File System - <code>VFSNotebookRepo</code></li> +<li>all notes are saved in the notebook folder in hadoop compatible file system - <code>FileSystemNotebookRepo</code></li> +<li>storage using Amazon S3 service - <code>S3NotebookRepo</code></li> +<li>storage using Azure service - <code>AzureNotebookRepo</code></li> +<li>storage using Google Cloud Storage - <code>GCSNotebookRepo</code></li> +<li>storage using MongoDB - <code>MongoNotebookRepo</code></li> +<li>storage using GitHub - <code>GitHubNotebookRepo</code></li> +</ul> + +<p>Multiple storage systems can be used at the same time by providing a comma-separated list of the class-names in the configuration. +By default, only first two of them will be automatically kept in sync by Zeppelin.</p> + +<p></br></p> + +<h2>Notebook Storage in local Git repository <a name="Git"></a></h2> + +<p>To enable versioning for all your local notebooks though a standard Git repository - uncomment the next property in <code>zeppelin-site.xml</code> in order to use GitNotebookRepo class:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p></br></p> + +<h2>Notebook Storage in hadoop compatible file system repository <a name="Hdfs"></a></h2> + +<p>Notes may be stored in hadoop compatible file system such as hdfs, so that multiple Zeppelin instances can share the same notes. It supports all the versions of hadoop 2.x. If you use <code>FileSystemNotebookRepo</code>, then <code>zeppelin.notebook.dir</code> is the path on the hadoop compatible file system. And you need to specify <code>HADOOP_CONF_DIR</code> in <code>zeppelin-env.sh</code> so that zeppelin can find the right hadoop configuration files. +If your hadoop cluster is kerberized, then you need to specify <code>zeppelin.server.kerberos.keytab</code> and <code>zeppelin.server.kerberos.principal</code></p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.FileSystemNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>hadoop compatible file system notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p></br></p> + +<h2>Notebook Storage in S3 <a name="S3"></a></h2> + +<p>Notebooks may be stored in S3, and optionally encrypted. The <a href="https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html"><code>DefaultAWSCredentialsProviderChain</code></a> credentials provider is used for credentials and checks the following:</p> + +<ul> +<li>The <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code> environment variables</li> +<li>The <code>aws.accessKeyId</code> and <code>aws.secretKey</code> Java System properties</li> +<li>Credential profiles file at the default location (<code>~/.aws/credentials</code>) used by the AWS CLI</li> +<li>Instance profile credentials delivered through the Amazon EC2 metadata service</li> +</ul> + +<p></br> +The following folder structure will be created in S3:</p> +<div class="highlight"><pre><code class="language-text" data-lang="text"><span></span>s3://bucket_name/username/notebook-id/ +</code></pre></div> +<p>Configure by setting environment variables in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_S3_BUCKET</span><span class="o">=</span>bucket_name +<span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_S3_USER</span><span class="o">=</span>username +</code></pre></div> +<p>Or using the file <strong>zeppelin-site.xml</strong> uncomment and complete the S3 settings:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.s3.bucket<span class="nt"></name></span> + <span class="nt"><value></span>bucket_name<span class="nt"></value></span> + <span class="nt"><description></span>bucket name for notebook storage<span class="nt"></description></span> +<span class="nt"></property></span> +<span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.s3.user<span class="nt"></name></span> + <span class="nt"><value></span>username<span class="nt"></value></span> + <span class="nt"><description></span>user name for s3 folder structure<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Uncomment the next property for use S3NotebookRepo class:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.S3NotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Comment out the next property to disable local git notebook storage (the default):</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>versioned notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<h3>Data Encryption in S3</h3> + +<h4>AWS KMS encryption keys</h4> + +<p>To use an <a href="https://aws.amazon.com/kms/">AWS KMS</a> encryption key to encrypt notebooks, set the following environment variable in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID</span><span class="o">=</span>kms-key-id +</code></pre></div> +<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.s3.kmsKeyID<span class="nt"></name></span> + <span class="nt"><value></span>AWS-KMS-Key-UUID<span class="nt"></value></span> + <span class="nt"><description></span>AWS KMS key ID used to encrypt notebook data in S3<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>In order to set custom KMS key region, set the following environment variable in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_S3_KMS_KEY_REGION</span><span class="o">=</span>kms-key-region +</code></pre></div> +<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.s3.kmsKeyRegion<span class="nt"></name></span> + <span class="nt"><value></span>target-region<span class="nt"></value></span> + <span class="nt"><description></span>AWS KMS key region in your AWS account<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Format of <code>target-region</code> is described in more details <a href="http://docs.aws.amazon.com/general/latest/gr/rande.html#kms_region">here</a> in second <code>Region</code> column (e.g. <code>us-east-1</code>).</p> + +<h4>Custom Encryption Materials Provider class</h4> + +<p>You may use a custom <a href="https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/model/EncryptionMaterialsProvider.html"><code>EncryptionMaterialsProvider</code></a> class as long as it is available in the classpath and able to initialize itself from system properties or another mechanism. To use this, set the following environment variable in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_S3_EMP</span><span class="o">=</span>class-name +</code></pre></div> +<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.s3.encryptionMaterialsProvider<span class="nt"></name></span> + <span class="nt"><value></span>provider implementation class name<span class="nt"></value></span> + <span class="nt"><description></span>Custom encryption materials provider used to encrypt notebook data in S3<span class="nt"></description></span> +</code></pre></div> +<h4>Enable server-side encryption</h4> + +<p>To request server-side encryption of notebooks, set the following environment variable in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_S3_SSE</span><span class="o">=</span><span class="nb">true</span> +</code></pre></div> +<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.s3.sse<span class="nt"></name></span> + <span class="nt"><value></span>true<span class="nt"></value></span> + <span class="nt"><description></span>Server-side encryption enabled for notebooks<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p></br></p> + +<h2>Notebook Storage in Azure <a name="Azure"></a></h2> + +<p>Using <code>AzureNotebookRepo</code> you can connect your Zeppelin with your Azure account for notebook storage.</p> + +<p>First of all, input your <code>AccountName</code>, <code>AccountKey</code>, and <code>Share Name</code> in the file <strong>zeppelin-site.xml</strong> by commenting out and completing the next properties:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.azure.connectionString<span class="nt"></name></span> + <span class="nt"><value></span>DefaultEndpointsProtocol=https;AccountName=<span class="nt"><accountName></span>;AccountKey=<span class="nt"><accountKey></value></span> + <span class="nt"><description></span>Azure account credentials<span class="nt"></description></span> +<span class="nt"></property></span> + +<span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.azure.share<span class="nt"></name></span> + <span class="nt"><value></span>zeppelin<span class="nt"></value></span> + <span class="nt"><description></span>share name for notebook storage<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Secondly, you can initialize <code>AzureNotebookRepo</code> class in the file <strong>zeppelin-site.xml</strong> by commenting the next property:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>versioned notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>and commenting out:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.AzureNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>In case you want to use simultaneously your local git storage with Azure storage use the following property instead:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo, apache.zeppelin.notebook.repo.AzureNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Optionally, you can specify Azure folder structure name in the file <strong>zeppelin-site.xml</strong> by commenting out the next property:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span> <span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.azure.user<span class="nt"></name></span> + <span class="nt"><value></span>user<span class="nt"></value></span> + <span class="nt"><description></span>optional user name for Azure folder structure<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p></br></p> + +<h2>Notebook Storage in Google Cloud Storage<a name="GCS"></a></h2> + +<p>Using <code>GCSNotebookRepo</code> you can connect Zeppelin with Google Cloud Storage using <a href="https://cloud.google.com/docs/authentication/production">Application Default Credentials</a>.</p> + +<p>First, choose a GCS path under which to store notebooks.</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.gcs.dir<span class="nt"></name></span> + <span class="nt"><value></value></span> + <span class="nt"><description></span> + A GCS path in the form gs://bucketname/path/to/dir. + Notes are stored at {zeppelin.notebook.gcs.dir}/{notebook-id}/note.json + <span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Then, initialize the <code>GCSNotebookRepo</code> class in the file <strong>zeppelin-site.xml</strong> by commenting the next property:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>versioned notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>and commenting out:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GCSNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Or, if you want to simultaneously use your local git storage with GCS, use the following property instead:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo,org.apache.zeppelin.notebook.repo.GCSNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<h3>Google Cloud API Authentication</h3> + +<p>Note: On Google App Engine, Google Cloud Shell, and Google Compute Engine, these +steps are not necessary, as build-in credentials are used by default.</p> + +<p>For more information, see <a href="https://cloud.google.com/docs/authentication/production">Application Default Credentials</a></p> + +<h4>Using gcloud auth application-default login</h4> + +<p>See the <a href="https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login">gcloud docs</a></p> + +<p>As the user running the zeppelin daemon, run:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span>gcloud auth application-default login +</code></pre></div> +<p>You can also use <code>--scopes</code> to restrict access to specific Google APIs, such as +Cloud Storage and BigQuery.</p> + +<h4>Using service account key files</h4> + +<p>Alternatively, to use a <a href="https://cloud.google.com/compute/docs/access/service-accounts">service account</a> +for authentication with GCS, you will need a JSON service account key file.</p> + +<ol> +<li>Navigate to the <a href="https://console.cloud.google.com/iam-admin/serviceaccounts/project">service accounts page</a></li> +<li>Click <code>CREATE SERVICE ACCOUNT</code></li> +<li>Select at least <code>Storage -> Storage Object Admin</code>. Note that this is +<strong>different</strong> than <code>Storage Admin</code>.</li> +<li>If you are also using the BigQuery Interpreter, add the appropriate +permissions (e.g. <code>Bigquery -> Bigquery Data Viewer and BigQuery User</code>)</li> +<li>Name your service account, and select "Furnish a new private key" to download +a <code>.json</code> file. Click "Create".</li> +<li>Move the downloaded file to a location of your choice (e.g. +<code>/path/to/my/key.json</code>), and give it appropriate permissions. Ensure at +least the user running the zeppelin daemon can read it.</li> +</ol> + +<p>Then, point <code>GOOGLE_APPLICATION_CREDENTIALS</code> at your new key file in <strong>zeppelin-env.sh</strong>. For example:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">GOOGLE_APPLICATION_CREDENTIALS</span><span class="o">=</span>/path/to/my/key.json +</code></pre></div> +<p></br></p> + +<h2>Notebook Storage in ZeppelinHub <a name="ZeppelinHub"></a></h2> + +<p>ZeppelinHub storage layer allows out of the box connection of Zeppelin instance with your ZeppelinHub account. First of all, you need to either comment out the following property in <strong>zeppelin-site.xml</strong>:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="c"><!-- For connecting your Zeppelin with ZeppelinHub --></span> +<span class="c"><!--</span> +<span class="c"><property></span> +<span class="c"> <name>zeppelin.notebook.storage</name></span> +<span class="c"> <value>org.apache.zeppelin.notebook.repo.GitNotebookRepo, org.apache.zeppelin.notebook.repo.zeppelinhub.ZeppelinHubRepo</value></span> +<span class="c"> <description>two notebook persistence layers (local + ZeppelinHub)</description></span> +<span class="c"></property></span> +<span class="c">--></span> +</code></pre></div> +<p>or set the environment variable in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_STORAGE</span><span class="o">=</span><span class="s2">"org.apache.zeppelin.notebook.repo.GitNotebookRepo, org.apache.zeppelin.notebook.repo.zeppelinhub.ZeppelinHubRepo"</span> +</code></pre></div> +<p>Secondly, you need to set the environment variables in the file <strong>zeppelin-env.sh</strong>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELINHUB_API_TOKEN</span><span class="o">=</span>ZeppelinHub token +<span class="nb">export</span> <span class="nv">ZEPPELINHUB_API_ADDRESS</span><span class="o">=</span>address of ZeppelinHub service <span class="o">(</span>e.g. https://www.zeppelinhub.com<span class="o">)</span> +</code></pre></div> +<p>You can get more information on generating <code>token</code> and using authentication on the corresponding <a href="http://help.zeppelinhub.com/zeppelin_integration/#add-a-new-zeppelin-instance-and-generate-a-token">help page</a>.</p> + +<h2>Notebook Storage in MongoDB <a name="MongoDB"></a></h2> + +<p>Using <code>MongoNotebookRepo</code>, you can store your notebook in <a href="https://www.mongodb.com/">MongoDB</a>.</p> + +<h3>Why MongoDB?</h3> + +<ul> +<li><strong><a href="https://en.wikipedia.org/wiki/High_availability">High Availability (HA)</a></strong> by a <a href="https://docs.mongodb.com/manual/reference/glossary/#term-replica-set">replica set</a></li> +<li>Seperation of storage from server</li> +</ul> + +<h3>How to use</h3> + +<p>You can use MongoDB as notebook storage by editting <code>zeppelin-env.sh</code> or <code>zeppelin-site.xml</code>.</p> + +<h4>(Method 1) by editting <code>zeppelin-env.sh</code></h4> + +<p>Add a line below to <code>$ZEPPELIN_HOME/conf/zeppelin-env.sh</code>:</p> +<div class="highlight"><pre><code class="language-bash" data-lang="bash"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_STORAGE</span><span class="o">=</span>org.apache.zeppelin.notebook.repo.MongoNotebookRepo +</code></pre></div> +<blockquote> +<p><em>NOTE:</em> The default MongoDB connection URI is <code>mongodb://localhost</code></p> +</blockquote> + +<h4>(Method 2) by editting <code>zeppelin-site.xml</code></h4> + +<p>Or, <strong>uncomment</strong> lines below at <code>$ZEPPELIN_HOME/conf/zeppelin-site.xml</code>:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.MongoNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>And <strong>comment</strong> lines below:</p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span class="nt"></value></span> + <span class="nt"><description></span>versioned notebook persistence layer implementation<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<h3>Configurable Options</h3> + +<p>You can configure options below in <code>zeppelin-env.sh</code>.</p> + +<ul> +<li><code>ZEPPELIN_NOTEBOOK_MONGO_URI</code> <a href="https://docs.mongodb.com/manual/reference/connection-string/">MongoDB connection URI</a> used to connect to a MongoDB database server</li> +<li><code>ZEPPELIN_NOTEBOOK_MONGO_DATABASE</code> Database name</li> +<li><code>ZEPPELIN_NOTEBOOK_MONGO_COLLECTION</code> Collection name</li> +<li><code>ZEPPELIN_NOTEBOOK_MONGO_AUTOIMPORT</code> If <code>true</code>, import local notes (refer to description below for details)</li> +</ul> + +<p>Or, you can configure them in <code>zeppelin-site.xml</code>. Corresponding option names as follows:</p> + +<ul> +<li><code>zeppelin.notebook.mongo.uri</code></li> +<li><code>zeppelin.notebook.mongo.database</code></li> +<li><code>zeppelin.notebook.mongo.collection</code></li> +<li><code>zeppelin.notebook.mongo.autoimport</code></li> +</ul> + +<h4>Example configurations in <code>zeppelin-env.sh</code></h4> +<div class="highlight"><pre><code class="language-sh" data-lang="sh"><span></span><span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_MONGO_URI</span><span class="o">=</span>mongodb://db1.example.com:27017 +<span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_MONGO_DATABASE</span><span class="o">=</span>myfancy +<span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_MONGO_COLLECTION</span><span class="o">=</span>notebook +<span class="nb">export</span> <span class="nv">ZEPPELIN_NOTEBOOK_MONGO_AUTOIMPORT</span><span class="o">=</span><span class="nb">true</span> +</code></pre></div> +<h4>Import your local notes automatically</h4> + +<p>By setting <code>ZEPPELIN_NOTEBOOK_MONGO_AUTOIMPORT</code> as <code>true</code> (default <code>false</code>), you can import your local notes automatically when Zeppelin daemon starts up. This feature is for easy migration from local file system storage to MongoDB storage. A note with ID already existing in the collection will not be imported.</p> + +<h2>Notebook Storage in GitHub</h2> + +<p>To enable GitHub tracking, uncomment the following properties in <code>zeppelin-site.xml</code></p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.git.remote.url<span class="nt"></name></span> + <span class="nt"><value></value></span> + <span class="nt"><description></span>remote Git repository URL<span class="nt"></description></span> +<span class="nt"></property></span> + +<span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.git.remote.username<span class="nt"></name></span> + <span class="nt"><value></span>token<span class="nt"></value></span> + <span class="nt"><description></span>remote Git repository username<span class="nt"></description></span> +<span class="nt"></property></span> + +<span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.git.remote.access-token<span class="nt"></name></span> + <span class="nt"><value></value></span> + <span class="nt"><description></span>remote Git repository password<span class="nt"></description></span> +<span class="nt"></property></span> + +<span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.git.remote.origin<span class="nt"></name></span> + <span class="nt"><value></span>origin<span class="nt"></value></span> + <span class="nt"><description></span>Git repository remote<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>And set the <code>zeppelin.notebook.storage</code> propery to <code>org.apache.zeppelin.notebook.repo.GitHubNotebookRepo</code></p> +<div class="highlight"><pre><code class="language-xml" data-lang="xml"><span></span><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.notebook.storage<span class="nt"></name></span> + <span class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitHubNotebookRepo<span class="nt"></value></span> +<span class="nt"></property></span> +</code></pre></div> +<p>The access token could be obtained by following the steps on this link https://github.com/settings/tokens.</p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2019 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> + Propchange: zeppelin/site/docs/0.8.2/setup/storage/storage.html ------------------------------------------------------------------------------ svn:executable = *