Added: zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html
URL:
http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html?rev=1867691&view=auto
==============================================================================
--- zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html (added)
+++ zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html Sun Sep
29 07:08:10 2019
@@ -0,0 +1,553 @@
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>Apache Zeppelin 0.8.0 Documentation: Apache Shiro Authentication
for Apache Zeppelin</title>
+ <meta name="description" content="Apache Shiro is a powerful and
easy-to-use Java security framework that performs authentication,
authorization, cryptography, and session management. This document explains
step by step how Shiro can be used for Zeppelin notebook authentication.">
+ <meta name="author" content="The Apache Software Foundation">
+
+ <!-- Enable responsive viewport -->
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script>
+ <![endif]-->
+
+ <link
href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
rel="stylesheet">
+
+ <!-- Le styles -->
+ <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css"
rel="stylesheet">
+ <link href="/docs/0.8.0/assets/themes//css/style.css?body=1"
rel="stylesheet" type="text/css">
+ <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet"
type="text/css" media="screen" />
+ <!-- Le fav and touch icons -->
+ <!-- Update these with your own images
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
+ <link rel="apple-touch-icon" sizes="72x72"
href="images/apple-touch-icon-72x72.png">
+ <link rel="apple-touch-icon" sizes="114x114"
href="images/apple-touch-icon-114x114.png">
+ -->
+
+ <!-- Js -->
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script>
+ <script
src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/docs.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/toc.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/search.js"></script>
+
+ <!-- atom & rss feed -->
+ <link href="/docs/0.8.0/atom.xml" type="application/atom+xml"
rel="alternate" title="Sitewide ATOM Feed">
+ <link href="/docs/0.8.0/rss.xml" type="application/rss+xml"
rel="alternate" title="Sitewide RSS Feed">
+ </head>
+
+ <body>
+
+ <div id="menu" class="navbar navbar-inverse navbar-fixed-top"
role="navigation">
+ <div class="container navbar-container">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse"
data-target=".navbar-collapse">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <div class="navbar-brand">
+ <a class="navbar-brand-main" href="http://zeppelin.apache.org";>
+ <img
src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50"
+ style="margin-top: -2px;" alt="I'm zeppelin">
+ <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span>
+ <a class="navbar-brand-version" href="/docs/0.8.0"
+ style="font-size: 15px; color: white;"> 0.8.0
+ </a>
+ </a>
+ </div>
+ </div>
+ <nav class="navbar-collapse collapse" role="navigation">
+ <ul class="nav navbar-nav">
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick
Start <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="title"><span>Getting Started</span></li>
+ <li><a
href="/docs/0.8.0/quickstart/install.html">Install</a></li>
+ <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore
UI</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with
Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with
Zeppelin</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Usage<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Dynamic Form</span></li>
+ <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What
is Dynamic Form?</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Display System</span></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#network">Network
Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display
using Backend API</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display
using Frontend API</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Interpreter</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter
Binding Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User
Impersonation</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency
Management</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/installation.html">Installing
Interpreters</a></li>
+ <!--<li><a
href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter
Loading (Experimental)</a></li>-->
+ <li><a
href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks
(Experimental)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Other Features</span></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing
Paragraphs</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized
Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing
Zeppelin Homepage</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook
Actions</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron
Scheduler</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin
Context</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>REST API</span></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li>
+ <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium
API</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Setup<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Basics</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user
Support</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Deployment</span></li>
+ <!--<li><a
href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for
Zeppelin</a></li>-->
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark
Cluster Mode: Standalone</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark
Cluster Mode: YARN</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark
Cluster Mode: Mesos</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with
Flink, Spark Cluster</a></li>
+ <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin
on CDH</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM:
Vagrant</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Security</span></li>
+ <li><a
href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth
using NGINX</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro
Authentication</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security
Headers</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Notebook Storage</span></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB
Storage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Operation</span></li>
+ <li><a
href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble
Shooting</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Interpreter <b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Interpreters</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li>
+ <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/python.html">Python</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li>
+ <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li>
+ <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li>
+ <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li>
+ <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li>
+ <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li>
+ <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li>
+ <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li>
+ <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li>
+ <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">More<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu" style="right: 0; left:
auto;">
+ <li class="title"><span>Extending Zeppelin</span></li>
+ <li><a
href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing
Zeppelin Interpreter</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Helium (Experimental)</span></li>
+ <li><a
href="/docs/0.8.0/development/helium/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium
Application</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium
Spell</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing
Helium Visualization: Basics</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing
Helium Visualization: Transformation</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Contributing to Zeppelin</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful
Developer Tools</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to
Contribute (code)</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How
to Contribute (website)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>External Resources</span></li>
+ <li><a target="_blank" href="">Mailing List</a></li>
+ <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li>
+ <li><a target="_blank" href="">Stackoverflow Questions about
Zeppelin</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="/docs/0.8.0/search.html" class="nav-search-link">
+ <span class="fa fa-search nav-search-icon"></span>
+ </a>
+ </li>
+ </ul>
+ </nav><!--/.navbar-collapse -->
+ </div>
+ </div>
+
+
+
+ <div class="content">
+
+<!--<div class="hero-unit Apache Shiro Authentication for Apache Zeppelin">
+ <h1></h1>
+</div>
+-->
+
+<div class="row">
+ <div class="col-md-12">
+ <!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<h1>Apache Shiro authentication for Apache Zeppelin</h1>
+
+<div id="toc"></div>
+
+<h2>Overview</h2>
+
+<p><a href="http://shiro.apache.org/";>Apache Shiro</a> is a powerful and
easy-to-use Java security framework that performs authentication,
authorization, cryptography, and session management. In this documentation, we
will explain step by step how Shiro works for Zeppelin notebook
authentication.</p>
+
+<p>When you connect to Apache Zeppelin, you will be asked to enter your
credentials. Once you logged in, then you have access to all notes including
other user's notes.</p>
+
+<h2>Security Setup</h2>
+
+<p>You can setup <strong>Zeppelin notebook authentication</strong> in some
simple steps.</p>
+
+<h3>1. Enable Shiro</h3>
+
+<p>By default in <code>conf</code>, you will find
<code>shiro.ini.template</code>, this file is used as an example and it is
strongly recommended
+to create a <code>shiro.ini</code> file by doing the following command line</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span>cp conf/shiro.ini.template conf/shiro.ini
+</code></pre></div>
+<p>For the further information about <code>shiro.ini</code> file format,
please refer to <a
href="http://shiro.apache.org/configuration.html#Configuration-INISections";>Shiro
Configuration</a>.</p>
+
+<h3>2. Secure the Websocket channel</h3>
+
+<p>Set to property <strong>zeppelin.anonymous.allowed</strong> to
<strong>false</strong> in <code>conf/zeppelin-site.xml</code>. If you don't
have this file yet, just copy <code>conf/zeppelin-site.xml.template</code> to
<code>conf/zeppelin-site.xml</code>.</p>
+
+<h3>3. Start Zeppelin</h3>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span>bin/zeppelin-daemon.sh start <span
class="c1">#(or restart)</span>
+</code></pre></div>
+<p>Then you can browse Zeppelin at <a
href="http://localhost:8080";>http://localhost:8080</a>.</p>
+
+<h3>4. Login</h3>
+
+<p>Finally, you can login using one of the below
<strong>username/password</strong> combinations.</p>
+
+<p><center><img
src="/docs/0.8.0/assets/themes/zeppelin/img/docs-img/zeppelin-login.png"></center></p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[users]
+
+admin = password1, admin
+user1 = password2, role1, role2
+user2 = password3, role3
+user3 = password4, role2
+</code></pre></div>
+<p>You can set the roles for each users next to the password.</p>
+
+<h2>Groups and permissions (optional)</h2>
+
+<p>In case you want to leverage user groups and permissions, use one of the
following configuration for LDAP or AD under <code>[main]</code> segment in
<code>shiro.ini</code>.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>activeDirectoryRealm =
org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
+activeDirectoryRealm.systemUsername = userNameA
+activeDirectoryRealm.systemPassword = passwordA
+activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM
+activeDirectoryRealm.url = ldap://ldap.test.com:389
+activeDirectoryRealm.groupRolesMap =
"CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1"
+activeDirectoryRealm.authorizationCachingEnabled = false
+activeDirectoryRealm.principalSuffix = @corp.company.net
+
+ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm
+# search base for ldap groups (only relevant for LdapGroupRealm):
+ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM
+ldapRealm.contextFactory.url = ldap://ldap.test.com:389
+ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM
+ldapRealm.contextFactory.authenticationMechanism = simple
+</code></pre></div>
+<p>also define roles/groups that you want to have in system, like below;</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[roles]
+admin = *
+hr = *
+finance = *
+group1 = *
+</code></pre></div>
+<h2>Configure Realm (optional)</h2>
+
+<p>Realms are responsible for authentication and authorization in Apache
Zeppelin. By default, Apache Zeppelin uses <a
href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/text/IniRealm.html";>IniRealm</a>
(users and groups are configurable in <code>conf/shiro.ini</code> file under
<code>[user]</code> and <code>[group]</code> section). You can also leverage
Shiro Realms like <a
href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/ldap/JndiLdapRealm.html";>JndiLdapRealm</a>,
<a
href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/jdbc/JdbcRealm.html";>JdbcRealm</a>
or create <a
href="https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/realm/AuthorizingRealm.html";>our
own</a>.
+To learn more about Apache Shiro Realm, please check <a
href="http://shiro.apache.org/realm.html";>this documentation</a>.</p>
+
+<p>We also provide community custom Realms.</p>
+
+<p><strong>Note</strong>: When using any of the below realms the default
+ password-based (IniRealm) authentication needs to be disabled.</p>
+
+<h3>Active Directory</h3>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>activeDirectoryRealm =
org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
+activeDirectoryRealm.systemUsername = userNameA
+activeDirectoryRealm.systemPassword = passwordA
+activeDirectoryRealm.hadoopSecurityCredentialPath =
jceks://file/user/zeppelin/conf/zeppelin.jceks
+activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM
+activeDirectoryRealm.url = ldap://ldap.test.com:389
+activeDirectoryRealm.groupRolesMap =
"CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1"
+activeDirectoryRealm.authorizationCachingEnabled = false
+activeDirectoryRealm.principalSuffix = @corp.company.net
+</code></pre></div>
+<p>Also instead of specifying systemPassword in clear text in shiro.ini
administrator can choose to specify the same in "hadoop credential".
+Create a keystore file using the hadoop credential commandline, for this the
hadoop commons should be in the classpath
+<code>hadoop credential create activeDirectoryRealm.systempassword -provider
jceks://file/user/zeppelin/conf/zeppelin.jceks</code></p>
+
+<p>Change the following values in the Shiro.ini file, and uncomment the line:
+<code>activeDirectoryRealm.hadoopSecurityCredentialPath =
jceks://file/user/zeppelin/conf/zeppelin.jceks</code></p>
+
+<h3>LDAP</h3>
+
+<p>Two options exist for configuring an LDAP Realm. The simpler to use is the
LdapGroupRealm. How ever it has limited
+flexibility with mapping of ldap groups to users and for authorization for
user groups. A sample configuration file for
+this realm is given below.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>ldapRealm =
org.apache.zeppelin.realm.LdapGroupRealm
+# search base for ldap groups (only relevant for LdapGroupRealm):
+ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM
+ldapRealm.contextFactory.url = ldap://ldap.test.com:389
+ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM
+ldapRealm.contextFactory.authenticationMechanism = simple
+</code></pre></div>
+<p>The other more flexible option is to use the LdapRealm. It allows for
mapping of ldapgroups to roles and also allows for
+ role/group based authentication into the zeppelin server. Sample
configuration for this realm is given below.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[main]
+ldapRealm=org.apache.zeppelin.realm.LdapRealm
+
+ldapRealm.contextFactory.authenticationMechanism=simple
+ldapRealm.contextFactory.url=ldap://localhost:33389
+ldapRealm.userDnTemplate=uid={0},ou=people,dc=hadoop,dc=apache,dc=org
+# Ability to set ldap paging Size if needed default is 100
+ldapRealm.pagingSize = 200
+ldapRealm.authorizationEnabled=true
+ldapRealm.contextFactory.systemAuthenticationMechanism=simple
+ldapRealm.searchBase=dc=hadoop,dc=apache,dc=org
+ldapRealm.userSearchBase = dc=hadoop,dc=apache,dc=org
+ldapRealm.groupSearchBase = ou=groups,dc=hadoop,dc=apache,dc=org
+ldapRealm.groupObjectClass=groupofnames
+# Allow userSearchAttribute to be customized
+ldapRealm.userSearchAttributeName = sAMAccountName
+ldapRealm.memberAttribute=member
+# force usernames returned from ldap to lowercase useful for AD
+ldapRealm.userLowerCase = true
+# ability set searchScopes subtree (default), one, base
+ldapRealm.userSearchScope = subtree;
+ldapRealm.groupSearchScope = subtree;
+ldapRealm.memberAttributeValueTemplate=cn={0},ou=people,dc=hadoop,dc=apache,dc=org
+ldapRealm.contextFactory.systemUsername=uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
+ldapRealm.contextFactory.systemPassword=S{ALIAS=ldcSystemPassword}
+# enable support for nested groups using the LDAP_MATCHING_RULE_IN_CHAIN
operator
+ldapRealm.groupSearchEnableMatchingRuleInChain = true
+# optional mapping from physical groups to logical application roles
+ldapRealm.rolesByGroup = LDN_USERS: user_role, NYK_USERS: user_role,
HKG_USERS: user_role, GLOBAL_ADMIN: admin_role
+# optional list of roles that are allowed to authenticate. Incase not present
all groups are allowed to authenticate (login).
+# This changes nothing for url specific permissions that will continue to work
as specified in [urls].
+ldapRealm.allowedRolesForAuthentication = admin_role,user_role
+ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*;
admin_role = *
+securityManager.sessionManager = $sessionManager
+securityManager.realms = $ldapRealm
+</code></pre></div>
+<p>Also instead of specifying systemPassword in clear text in
<code>shiro.ini</code> administrator can choose to specify the same in
"hadoop credential".
+Create a keystore file using the hadoop credential command line:
+<code>
+hadoop credential create ldapRealm.systemPassword -provider
jceks://file/user/zeppelin/conf/zeppelin.jceks
+</code></p>
+
+<p>Add the following line in the <code>shiro.ini</code> file:
+<code>
+ldapRealm.hadoopSecurityCredentialPath =
jceks://file/user/zeppelin/conf/zeppelin.jceks
+</code></p>
+
+<h3>PAM</h3>
+
+<p><a
href="https://en.wikipedia.org/wiki/Pluggable_authentication_module";>PAM</a>
authentication support allows the reuse of existing authentication
+moduls on the host where Zeppelin is running. On a typical system modules are
configured per service for example sshd, passwd, etc. under
<code>/etc/pam.d/</code>. You can
+either reuse one of these services or create your own for Zeppelin. Activiting
PAM authentication requires two parameters:
+ 1. realm: The Shiro realm being used
+ 2. service: The service configured under <code>/etc/pam.d/</code> to be used.
The name here needs to be the same as the file name under
<code>/etc/pam.d/</code></p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[main]
+ pamRealm=org.apache.zeppelin.realm.PamRealm
+ pamRealm.service=sshd
+</code></pre></div>
+<h3>ZeppelinHub</h3>
+
+<p><a href="https://www.zeppelinhub.com";>ZeppelinHub</a> is a service that
synchronize your Apache Zeppelin notebooks and enables you to collaborate
easily.</p>
+
+<p>To enable login with your ZeppelinHub credential, apply the following
change in <code>conf/shiro.ini</code> under <code>[main]</code> section.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>### A sample for configuring ZeppelinHub Realm
+zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm
+## Url of ZeppelinHub
+zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com
+securityManager.realms = $zeppelinHubRealm
+</code></pre></div>
+<blockquote>
+<p>Note: ZeppelinHub is not releated to Apache Zeppelin project.</p>
+</blockquote>
+
+<h3>Knox SSO</h3>
+
+<p><a
href="https://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration";>KnoxSSO</a>
provides an abstraction for integrating any number of authentication systems
and SSO solutions and enables participating web applications to scale to those
solutions more easily. Without the token exchange capabilities offered by
KnoxSSO each component UI would need to integrate with each desired solution on
its own.</p>
+
+<p>To enable this, apply the following change in <code>conf/shiro.ini</code>
under <code>[main]</code> section.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>### A sample for configuring Knox JWT Realm
+knoxJwtRealm = org.apache.zeppelin.realm.jwt.KnoxJwtRealm
+## Domain of Knox SSO
+knoxJwtRealm.providerUrl = https://domain.example.com/
+## Url for login
+knoxJwtRealm.login = gateway/knoxsso/knoxauth/login.html
+## Url for logout
+knoxJwtRealm.logout = gateway/knoxssout/api/v1/webssout
+knoxJwtRealm.redirectParam = originalUrl
+knoxJwtRealm.cookieName = hadoop-jwt
+knoxJwtRealm.publicKeyPath = /etc/zeppelin/conf/knox-sso.pem
+knoxJwtRealm.groupPrincipalMapping = group.principal.mapping
+knoxJwtRealm.principalMapping = principal.mapping
+# This is required if KNOX SSO is enabled, to check if
"knoxJwtRealm.cookieName" cookie was expired/deleted.
+authc = org.apache.zeppelin.realm.jwt.KnoxAuthenticationFilter
+</code></pre></div>
+<h2>Secure Cookie for Zeppelin Sessions (optional)</h2>
+
+<p>Zeppelin can be configured to set <code>HttpOnly</code> flag in the session
cookie. With this configuration, Zeppelin cookies can
+not be accessed via client side scripts thus preventing majority of Cross-site
scripting (XSS) attacks.</p>
+
+<p>To enable secure cookie support via Shiro, add the following lines in
<code>conf/shiro.ini</code> under <code>[main]</code> section, after
+defining a <code>sessionManager</code>.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>cookie = org.apache.shiro.web.servlet.SimpleCookie
+cookie.name = JSESSIONID
+cookie.secure = true
+cookie.httpOnly = true
+sessionManager.sessionIdCookie = $cookie
+</code></pre></div>
+<h2>Secure your Zeppelin information (optional)</h2>
+
+<p>By default, anyone who defined in <code>[users]</code> can share
<strong>Interpreter Setting</strong>, <strong>Credential</strong> and
<strong>Configuration</strong> information in Apache Zeppelin.
+Sometimes you might want to hide these information for your use case.
+Since Shiro provides <strong>url-based security</strong>, you can hide the
information by commenting or uncommenting these below lines in
<code>conf/shiro.ini</code>.</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[urls]
+
+/api/interpreter/** = authc, roles[admin]
+/api/configurations/** = authc, roles[admin]
+/api/credential/** = authc, roles[admin]
+</code></pre></div>
+<p>In this case, only who have <code>admin</code> role can see
<strong>Interpreter Setting</strong>, <strong>Credential</strong> and
<strong>Configuration</strong> information.
+If you want to grant this permission to other users, you can change
<strong>roles[ ]</strong> as you defined at <code>[users]</code> section.</p>
+
+<h3>Apply multiple roles in Shiro configuration</h3>
+
+<p>By default, Shiro will allow access to a URL if only user is part of
"<strong>all the roles</strong>" defined like this:</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[urls]
+
+/api/interpreter/** = authc, roles[admin, role1]
+</code></pre></div>
+<h3>Apply multiple roles or user in Shiro configuration</h3>
+
+<p>If there is a need that user with "<strong>any of the defined roles or
user itself</strong>" should be allowed, then following Shiro
configuration can be used:</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>[main]
+anyofrolesuser = org.apache.zeppelin.utils.AnyOfRolesUserAuthorizationFilter
+
+[urls]
+
+/api/interpreter/** = authc, anyofrolesuser[admin, user1]
+/api/configurations/** = authc, roles[admin]
+/api/credential/** = authc, roles[admin]
+</code></pre></div>
+<p><br/></p>
+
+<blockquote>
+<p><strong>NOTE :</strong> All of the above configurations are defined in the
<code>conf/shiro.ini</code> file.</p>
+</blockquote>
+
+<h2>Other authentication methods</h2>
+
+<ul>
+<li><a href="./authentication_nginx.html">HTTP Basic Authentication using
NGINX</a></li>
+</ul>
+
+ </div>
+</div>
+
+
+ <hr>
+ <footer>
+ <!-- <p>© 2019 The Apache Software Foundation</p>-->
+ </footer>
+ </div>
+
+
+
+
+ <script type="text/javascript">
+ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
+
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+ })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+ ga('create', 'UA-45176241-5', 'zeppelin.apache.org');
+ ga('require', 'linkid', 'linkid.js');
+ ga('send', 'pageview');
+
+</script>
+
+
+
+ </body>
+</html>
+
Propchange: zeppelin/site/docs/0.8.2/setup/security/shiro_authentication.html
------------------------------------------------------------------------------
svn:executable = *
Added: zeppelin/site/docs/0.8.2/setup/storage/storage.html
URL:
http://svn.apache.org/viewvc/zeppelin/site/docs/0.8.2/setup/storage/storage.html?rev=1867691&view=auto
==============================================================================
--- zeppelin/site/docs/0.8.2/setup/storage/storage.html (added)
+++ zeppelin/site/docs/0.8.2/setup/storage/storage.html Sun Sep 29 07:08:10 2019
@@ -0,0 +1,681 @@
+
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>Apache Zeppelin 0.8.0 Documentation: Notebook Storage for Apache
Zeppelin</title>
+ <meta name="description" content="Apache Zeppelin has a pluggable notebook
storage mechanism controlled by zeppelin.notebook.storage configuration option
with multiple implementations."">
+ <meta name="author" content="The Apache Software Foundation">
+
+ <!-- Enable responsive viewport -->
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <!-- Le HTML5 shim, for IE6-8 support of HTML elements -->
+ <!--[if lt IE 9]>
+ <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script>
+ <![endif]-->
+
+ <link
href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
rel="stylesheet">
+
+ <!-- Le styles -->
+ <link href="/docs/0.8.0/assets/themes//bootstrap/css/bootstrap.css"
rel="stylesheet">
+ <link href="/docs/0.8.0/assets/themes//css/style.css?body=1"
rel="stylesheet" type="text/css">
+ <link href="/docs/0.8.0/assets/themes//css/syntax.css" rel="stylesheet"
type="text/css" media="screen" />
+ <!-- Le fav and touch icons -->
+ <!-- Update these with your own images
+ <link rel="shortcut icon" href="images/favicon.ico">
+ <link rel="apple-touch-icon" href="images/apple-touch-icon.png">
+ <link rel="apple-touch-icon" sizes="72x72"
href="images/apple-touch-icon-72x72.png">
+ <link rel="apple-touch-icon" sizes="114x114"
href="images/apple-touch-icon-114x114.png">
+ -->
+
+ <!-- Js -->
+ <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script>
+ <script
src="/docs/0.8.0/assets/themes//bootstrap/js/bootstrap.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/docs.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/anchor.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/toc.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/lunr.min.js"></script>
+ <script src="/docs/0.8.0/assets/themes//js/search.js"></script>
+
+ <!-- atom & rss feed -->
+ <link href="/docs/0.8.0/atom.xml" type="application/atom+xml"
rel="alternate" title="Sitewide ATOM Feed">
+ <link href="/docs/0.8.0/rss.xml" type="application/rss+xml"
rel="alternate" title="Sitewide RSS Feed">
+ </head>
+
+ <body>
+
+ <div id="menu" class="navbar navbar-inverse navbar-fixed-top"
role="navigation">
+ <div class="container navbar-container">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse"
data-target=".navbar-collapse">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <div class="navbar-brand">
+ <a class="navbar-brand-main" href="http://zeppelin.apache.org";>
+ <img
src="/docs/0.8.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50"
+ style="margin-top: -2px;" alt="I'm zeppelin">
+ <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span>
+ <a class="navbar-brand-version" href="/docs/0.8.0"
+ style="font-size: 15px; color: white;"> 0.8.0
+ </a>
+ </a>
+ </div>
+ </div>
+ <nav class="navbar-collapse collapse" role="navigation">
+ <ul class="nav navbar-nav">
+ <li>
+ <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick
Start <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="title"><span>Getting Started</span></li>
+ <li><a
href="/docs/0.8.0/quickstart/install.html">Install</a></li>
+ <li><a href="/docs/0.8.0/quickstart/explore_ui.html">Explore
UI</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/tutorial.html">Tutorial</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/quickstart/spark_with_zeppelin.html">Spark with
Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/quickstart/python_with_zeppelin.html">Python with
Zeppelin</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Usage<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Dynamic Form</span></li>
+ <li><a href="/docs/0.8.0/usage/dynamic_form/intro.html">What
is Dynamic Form?</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Display System</span></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#text">Text Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#html">HTML Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#table">Table Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/basic.html#network">Network
Display</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_backend.html">Angular Display
using Backend API</a></li>
+ <li><a
href="/docs/0.8.0/usage/display_system/angular_frontend.html">Angular Display
using Frontend API</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Interpreter</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/interpreter_binding_mode.html">Interpreter
Binding Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/user_impersonation.html">User
Impersonation</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/dependency_management.html">Dependency
Management</a></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/installation.html">Installing
Interpreters</a></li>
+ <!--<li><a
href="/docs/0.8.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter
Loading (Experimental)</a></li>-->
+ <li><a
href="/docs/0.8.0/usage/interpreter/execution_hooks.html">Execution Hooks
(Experimental)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Other Features</span></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/publishing_paragraphs.html">Publishing
Paragraphs</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/personalized_mode.html">Personalized
Mode</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/customizing_homepage.html">Customizing
Zeppelin Homepage</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/notebook_actions.html">Notebook
Actions</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/cron_scheduler.html">Cron
Scheduler</a></li>
+ <li><a
href="/docs/0.8.0/usage/other_features/zeppelin_context.html">Zeppelin
Context</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>REST API</span></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/interpreter.html">Interpreter API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/zeppelin_server.html">Zeppelin Server
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook.html">Notebook API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/notebook_repository.html">Notebook Repository
API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/configuration.html">Configuration API</a></li>
+ <li><a
href="/docs/0.8.0/usage/rest_api/credential.html">Credential API</a></li>
+ <li><a href="/docs/0.8.0/usage/rest_api/helium.html">Helium
API</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Setup<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Basics</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/setup/basics/multi_user_support.html">Multi-user
Support</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Deployment</span></li>
+ <!--<li><a
href="/docs/0.8.0/setup/deployment/docker.html">Docker Image for
Zeppelin</a></li>-->
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark
Cluster Mode: Standalone</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark
Cluster Mode: YARN</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark
Cluster Mode: Mesos</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with
Flink, Spark Cluster</a></li>
+ <li><a href="/docs/0.8.0/setup/deployment/cdh.html">Zeppelin
on CDH</a></li>
+ <li><a
href="/docs/0.8.0/setup/deployment/virtual_machine.html">Zeppelin on VM:
Vagrant</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Security</span></li>
+ <li><a
href="/docs/0.8.0/setup/security/authentication_nginx.html">HTTP Basic Auth
using NGINX</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/shiro_authentication.html">Shiro
Authentication</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/notebook_authorization.html">Notebook
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/datasource_authorization.html">Data Source
Authorization</a></li>
+ <li><a
href="/docs/0.8.0/setup/security/http_security_headers.html">HTTP Security
Headers</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Notebook Storage</span></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-s3">S3
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-azure">Azure
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub
Storage</a></li>
+ <li><a
href="/docs/0.8.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB
Storage</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Operation</span></li>
+ <li><a
href="/docs/0.8.0/setup/operation/configuration.html">Configuration</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/proxy_setting.html">Proxy Setting</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/upgrading.html">Upgrading</a></li>
+ <li><a
href="/docs/0.8.0/setup/operation/trouble_shooting.html">Trouble
Shooting</a></li>
+ </ul>
+ </li>
+
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">Interpreter <b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu">
+ <li class="title"><span>Interpreters</span></li>
+ <li><a
href="/docs/0.8.0/usage/interpreter/overview.html">Overview</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a href="/docs/0.8.0/interpreter/spark.html">Spark</a></li>
+ <li><a href="/docs/0.8.0/interpreter/jdbc.html">JDBC</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/python.html">Python</a></li>
+ <li role="separator" class="divider"></li>
+ <li><a
href="/docs/0.8.0/interpreter/alluxio.html">Alluxio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/beam.html">Beam</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/bigquery.html">BigQuery</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/cassandra.html">Cassandra</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/elasticsearch.html">Elasticsearch</a></li>
+ <li><a href="/docs/0.8.0/interpreter/flink.html">Flink</a></li>
+ <li><a href="/docs/0.8.0/interpreter/geode.html">Geode</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/groovy.html">Groovy</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hbase.html">HBase</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hdfs.html">HDFS</a></li>
+ <li><a href="/docs/0.8.0/interpreter/hive.html">Hive</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/ignite.html">Ignite</a></li>
+ <li><a href="/docs/0.8.0/interpreter/kylin.html">Kylin</a></li>
+ <li><a href="/docs/0.8.0/interpreter/lens.html">Lens</a></li>
+ <li><a href="/docs/0.8.0/interpreter/livy.html">Livy</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/markdown.html">Markdown</a></li>
+ <li><a href="/docs/0.8.0/interpreter/neo4j.html">Neo4j</a></li>
+ <li><a href="/docs/0.8.0/interpreter/pig.html">Pig</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li>
+ <li><a href="/docs/0.8.0/interpreter/r.html">R</a></li>
+ <li><a
href="/docs/0.8.0/interpreter/scalding.html">Scalding</a></li>
+ <li><a href="/docs/0.8.0/interpreter/scio.html">Scio</a></li>
+ <li><a href="/docs/0.8.0/interpreter/shell.html">Shell</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="#" data-toggle="dropdown"
class="dropdown-toggle">More<b class="caret"></b></a>
+ <ul class="dropdown-menu scrollable-menu" style="right: 0; left:
auto;">
+ <li class="title"><span>Extending Zeppelin</span></li>
+ <li><a
href="/docs/0.8.0/development/writing_zeppelin_interpreter.html">Writing
Zeppelin Interpreter</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Helium (Experimental)</span></li>
+ <li><a
href="/docs/0.8.0/development/helium/overview.html">Overview</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_application.html">Writing Helium
Application</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_spell.html">Writing Helium
Spell</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_basic.html">Writing
Helium Visualization: Basics</a></li>
+ <li><a
href="/docs/0.8.0/development/helium/writing_visualization_transformation.html">Writing
Helium Visualization: Transformation</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>Contributing to Zeppelin</span></li>
+ <li><a href="/docs/0.8.0/setup/basics/how_to_build.html">How
to Build Zeppelin</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/useful_developer_tools.html">Useful
Developer Tools</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_code.html">How to
Contribute (code)</a></li>
+ <li><a
href="/docs/0.8.0/development/contribution/how_to_contribute_website.html">How
to Contribute (website)</a></li>
+ <li role="separator" class="divider"></li>
+ <li class="title"><span>External Resources</span></li>
+ <li><a target="_blank" href="">Mailing List</a></li>
+ <li><a target="_blank" href="">Apache Zeppelin Wiki</a></li>
+ <li><a target="_blank" href="">Stackoverflow Questions about
Zeppelin</a></li>
+ </ul>
+ </li>
+ <li>
+ <a href="/docs/0.8.0/search.html" class="nav-search-link">
+ <span class="fa fa-search nav-search-icon"></span>
+ </a>
+ </li>
+ </ul>
+ </nav><!--/.navbar-collapse -->
+ </div>
+ </div>
+
+
+
+ <div class="content">
+
+<!--<div class="hero-unit Notebook Storage for Apache Zeppelin">
+ <h1></h1>
+</div>
+-->
+
+<div class="row">
+ <div class="col-md-12">
+ <!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<h1>Notebook storage options for Apache Zeppelin</h1>
+
+<div id="toc"></div>
+
+<h2>Overview</h2>
+
+<p>Apache Zeppelin has a pluggable notebook storage mechanism controlled by
<code>zeppelin.notebook.storage</code> configuration option with multiple
implementations.
+There are few notebook storage systems available for a use out of the box:</p>
+
+<ul>
+<li>(default) use local file system and version it using local Git repository
- <code>GitNotebookRepo</code></li>
+<li>all notes are saved in the notebook folder in your local File System -
<code>VFSNotebookRepo</code></li>
+<li>all notes are saved in the notebook folder in hadoop compatible file
system - <code>FileSystemNotebookRepo</code></li>
+<li>storage using Amazon S3 service - <code>S3NotebookRepo</code></li>
+<li>storage using Azure service - <code>AzureNotebookRepo</code></li>
+<li>storage using Google Cloud Storage - <code>GCSNotebookRepo</code></li>
+<li>storage using MongoDB - <code>MongoNotebookRepo</code></li>
+<li>storage using GitHub - <code>GitHubNotebookRepo</code></li>
+</ul>
+
+<p>Multiple storage systems can be used at the same time by providing a
comma-separated list of the class-names in the configuration.
+By default, only first two of them will be automatically kept in sync by
Zeppelin.</p>
+
+<p></br></p>
+
+<h2>Notebook Storage in local Git repository <a name="Git"></a></h2>
+
+<p>To enable versioning for all your local notebooks though a standard Git
repository - uncomment the next property in <code>zeppelin-site.xml</code> in
order to use GitNotebookRepo class:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p></br></p>
+
+<h2>Notebook Storage in hadoop compatible file system repository <a
name="Hdfs"></a></h2>
+
+<p>Notes may be stored in hadoop compatible file system such as hdfs, so that
multiple Zeppelin instances can share the same notes. It supports all the
versions of hadoop 2.x. If you use <code>FileSystemNotebookRepo</code>, then
<code>zeppelin.notebook.dir</code> is the path on the hadoop compatible file
system. And you need to specify <code>HADOOP_CONF_DIR</code> in
<code>zeppelin-env.sh</code> so that zeppelin can find the right hadoop
configuration files.
+If your hadoop cluster is kerberized, then you need to specify
<code>zeppelin.server.kerberos.keytab</code> and
<code>zeppelin.server.kerberos.principal</code></p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.FileSystemNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>hadoop compatible file system
notebook persistence layer implementation<span
class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p></br></p>
+
+<h2>Notebook Storage in S3 <a name="S3"></a></h2>
+
+<p>Notebooks may be stored in S3, and optionally encrypted. The <a
href="https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html";><code>DefaultAWSCredentialsProviderChain</code></a>
credentials provider is used for credentials and checks the following:</p>
+
+<ul>
+<li>The <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code>
environment variables</li>
+<li>The <code>aws.accessKeyId</code> and <code>aws.secretKey</code> Java
System properties</li>
+<li>Credential profiles file at the default location
(<code>~/.aws/credentials</code>) used by the AWS CLI</li>
+<li>Instance profile credentials delivered through the Amazon EC2 metadata
service</li>
+</ul>
+
+<p></br>
+The following folder structure will be created in S3:</p>
+<div class="highlight"><pre><code class="language-text"
data-lang="text"><span></span>s3://bucket_name/username/notebook-id/
+</code></pre></div>
+<p>Configure by setting environment variables in the file
<strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_S3_BUCKET</span><span class="o">=</span>bucket_name
+<span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_S3_USER</span><span class="o">=</span>username
+</code></pre></div>
+<p>Or using the file <strong>zeppelin-site.xml</strong> uncomment and complete
the S3 settings:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.s3.bucket<span
class="nt"></name></span>
+ <span class="nt"><value></span>bucket_name<span
class="nt"></value></span>
+ <span class="nt"><description></span>bucket name for notebook
storage<span class="nt"></description></span>
+<span class="nt"></property></span>
+<span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.s3.user<span
class="nt"></name></span>
+ <span class="nt"><value></span>username<span
class="nt"></value></span>
+ <span class="nt"><description></span>user name for s3 folder
structure<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Uncomment the next property for use S3NotebookRepo class:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.S3NotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Comment out the next property to disable local git notebook storage (the
default):</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>versioned notebook persistence
layer implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<h3>Data Encryption in S3</h3>
+
+<h4>AWS KMS encryption keys</h4>
+
+<p>To use an <a href="https://aws.amazon.com/kms/";>AWS KMS</a> encryption key
to encrypt notebooks, set the following environment variable in the file
<strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_S3_KMS_KEY_ID</span><span
class="o">=</span>kms-key-id
+</code></pre></div>
+<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.s3.kmsKeyID<span
class="nt"></name></span>
+ <span class="nt"><value></span>AWS-KMS-Key-UUID<span
class="nt"></value></span>
+ <span class="nt"><description></span>AWS KMS key ID used to encrypt
notebook data in S3<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>In order to set custom KMS key region, set the following environment
variable in the file <strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_S3_KMS_KEY_REGION</span><span
class="o">=</span>kms-key-region
+</code></pre></div>
+<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.s3.kmsKeyRegion<span
class="nt"></name></span>
+ <span class="nt"><value></span>target-region<span
class="nt"></value></span>
+ <span class="nt"><description></span>AWS KMS key region in your AWS
account<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Format of <code>target-region</code> is described in more details <a
href="http://docs.aws.amazon.com/general/latest/gr/rande.html#kms_region";>here</a>
in second <code>Region</code> column (e.g. <code>us-east-1</code>).</p>
+
+<h4>Custom Encryption Materials Provider class</h4>
+
+<p>You may use a custom <a
href="https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/model/EncryptionMaterialsProvider.html";><code>EncryptionMaterialsProvider</code></a>
class as long as it is available in the classpath and able to initialize
itself from system properties or another mechanism. To use this, set the
following environment variable in the file <strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_S3_EMP</span><span class="o">=</span>class-name
+</code></pre></div>
+<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span
class="nt"><name></span>zeppelin.notebook.s3.encryptionMaterialsProvider<span
class="nt"></name></span>
+ <span class="nt"><value></span>provider implementation class name<span
class="nt"></value></span>
+ <span class="nt"><description></span>Custom encryption materials
provider used to encrypt notebook data in S3<span
class="nt"></description></span>
+</code></pre></div>
+<h4>Enable server-side encryption</h4>
+
+<p>To request server-side encryption of notebooks, set the following
environment variable in the file <strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_S3_SSE</span><span class="o">=</span><span
class="nb">true</span>
+</code></pre></div>
+<p>Or using the following setting in <strong>zeppelin-site.xml</strong>:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.s3.sse<span
class="nt"></name></span>
+ <span class="nt"><value></span>true<span
class="nt"></value></span>
+ <span class="nt"><description></span>Server-side encryption enabled
for notebooks<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p></br></p>
+
+<h2>Notebook Storage in Azure <a name="Azure"></a></h2>
+
+<p>Using <code>AzureNotebookRepo</code> you can connect your Zeppelin with
your Azure account for notebook storage.</p>
+
+<p>First of all, input your <code>AccountName</code>, <code>AccountKey</code>,
and <code>Share Name</code> in the file <strong>zeppelin-site.xml</strong> by
commenting out and completing the next properties:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span
class="nt"><name></span>zeppelin.notebook.azure.connectionString<span
class="nt"></name></span>
+ <span
class="nt"><value></span>DefaultEndpointsProtocol=https;AccountName=<span
class="nt"><accountName></span>;AccountKey=<span
class="nt"><accountKey></value></span>
+ <span class="nt"><description></span>Azure account credentials<span
class="nt"></description></span>
+<span class="nt"></property></span>
+
+<span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.azure.share<span
class="nt"></name></span>
+ <span class="nt"><value></span>zeppelin<span
class="nt"></value></span>
+ <span class="nt"><description></span>share name for notebook
storage<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Secondly, you can initialize <code>AzureNotebookRepo</code> class in the
file <strong>zeppelin-site.xml</strong> by commenting the next property:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>versioned notebook persistence
layer implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>and commenting out:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.AzureNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>In case you want to use simultaneously your local git storage with Azure
storage use the following property instead:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo,
apache.zeppelin.notebook.repo.AzureNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Optionally, you can specify Azure folder structure name in the file
<strong>zeppelin-site.xml</strong> by commenting out the next property:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span> <span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.azure.user<span
class="nt"></name></span>
+ <span class="nt"><value></span>user<span
class="nt"></value></span>
+ <span class="nt"><description></span>optional user name for Azure
folder structure<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p></br></p>
+
+<h2>Notebook Storage in Google Cloud Storage<a name="GCS"></a></h2>
+
+<p>Using <code>GCSNotebookRepo</code> you can connect Zeppelin with Google
Cloud Storage using <a
href="https://cloud.google.com/docs/authentication/production";>Application
Default Credentials</a>.</p>
+
+<p>First, choose a GCS path under which to store notebooks.</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.gcs.dir<span
class="nt"></name></span>
+ <span class="nt"><value></value></span>
+ <span class="nt"><description></span>
+ A GCS path in the form gs://bucketname/path/to/dir.
+ Notes are stored at {zeppelin.notebook.gcs.dir}/{notebook-id}/note.json
+ <span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Then, initialize the <code>GCSNotebookRepo</code> class in the file
<strong>zeppelin-site.xml</strong> by commenting the next property:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>versioned notebook persistence
layer implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>and commenting out:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GCSNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>Or, if you want to simultaneously use your local git storage with GCS, use
the following property instead:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo,org.apache.zeppelin.notebook.repo.GCSNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<h3>Google Cloud API Authentication</h3>
+
+<p>Note: On Google App Engine, Google Cloud Shell, and Google Compute Engine,
these
+steps are not necessary, as build-in credentials are used by default.</p>
+
+<p>For more information, see <a
href="https://cloud.google.com/docs/authentication/production";>Application
Default Credentials</a></p>
+
+<h4>Using gcloud auth application-default login</h4>
+
+<p>See the <a
href="https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login";>gcloud
docs</a></p>
+
+<p>As the user running the zeppelin daemon, run:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span>gcloud auth application-default login
+</code></pre></div>
+<p>You can also use <code>--scopes</code> to restrict access to specific
Google APIs, such as
+Cloud Storage and BigQuery.</p>
+
+<h4>Using service account key files</h4>
+
+<p>Alternatively, to use a <a
href="https://cloud.google.com/compute/docs/access/service-accounts";>service
account</a>
+for authentication with GCS, you will need a JSON service account key file.</p>
+
+<ol>
+<li>Navigate to the <a
href="https://console.cloud.google.com/iam-admin/serviceaccounts/project";>service
accounts page</a></li>
+<li>Click <code>CREATE SERVICE ACCOUNT</code></li>
+<li>Select at least <code>Storage -> Storage Object Admin</code>. Note that
this is
+<strong>different</strong> than <code>Storage Admin</code>.</li>
+<li>If you are also using the BigQuery Interpreter, add the appropriate
+permissions (e.g. <code>Bigquery -> Bigquery Data Viewer and BigQuery
User</code>)</li>
+<li>Name your service account, and select "Furnish a new private
key" to download
+a <code>.json</code> file. Click "Create".</li>
+<li>Move the downloaded file to a location of your choice (e.g.
+<code>/path/to/my/key.json</code>), and give it appropriate permissions.
Ensure at
+least the user running the zeppelin daemon can read it.</li>
+</ol>
+
+<p>Then, point <code>GOOGLE_APPLICATION_CREDENTIALS</code> at your new key
file in <strong>zeppelin-env.sh</strong>. For example:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">GOOGLE_APPLICATION_CREDENTIALS</span><span
class="o">=</span>/path/to/my/key.json
+</code></pre></div>
+<p></br></p>
+
+<h2>Notebook Storage in ZeppelinHub <a name="ZeppelinHub"></a></h2>
+
+<p>ZeppelinHub storage layer allows out of the box connection of Zeppelin
instance with your ZeppelinHub account. First of all, you need to either
comment out the following property in <strong>zeppelin-site.xml</strong>:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="c"><!-- For connecting your
Zeppelin with ZeppelinHub --></span>
+<span class="c"><!--</span>
+<span class="c"><property></span>
+<span class="c"> <name>zeppelin.notebook.storage</name></span>
+<span class="c">
<value>org.apache.zeppelin.notebook.repo.GitNotebookRepo,
org.apache.zeppelin.notebook.repo.zeppelinhub.ZeppelinHubRepo</value></span>
+<span class="c"> <description>two notebook persistence layers (local +
ZeppelinHub)</description></span>
+<span class="c"></property></span>
+<span class="c">--></span>
+</code></pre></div>
+<p>or set the environment variable in the file
<strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_STORAGE</span><span class="o">=</span><span
class="s2">"org.apache.zeppelin.notebook.repo.GitNotebookRepo,
org.apache.zeppelin.notebook.repo.zeppelinhub.ZeppelinHubRepo"</span>
+</code></pre></div>
+<p>Secondly, you need to set the environment variables in the file
<strong>zeppelin-env.sh</strong>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELINHUB_API_TOKEN</span><span class="o">=</span>ZeppelinHub token
+<span class="nb">export</span> <span
class="nv">ZEPPELINHUB_API_ADDRESS</span><span class="o">=</span>address of
ZeppelinHub service <span class="o">(</span>e.g.
https://www.zeppelinhub.com<span class="o">)</span>
+</code></pre></div>
+<p>You can get more information on generating <code>token</code> and using
authentication on the corresponding <a
href="http://help.zeppelinhub.com/zeppelin_integration/#add-a-new-zeppelin-instance-and-generate-a-token";>help
page</a>.</p>
+
+<h2>Notebook Storage in MongoDB <a name="MongoDB"></a></h2>
+
+<p>Using <code>MongoNotebookRepo</code>, you can store your notebook in <a
href="https://www.mongodb.com/";>MongoDB</a>.</p>
+
+<h3>Why MongoDB?</h3>
+
+<ul>
+<li><strong><a href="https://en.wikipedia.org/wiki/High_availability";>High
Availability (HA)</a></strong> by a <a
href="https://docs.mongodb.com/manual/reference/glossary/#term-replica-set";>replica
set</a></li>
+<li>Seperation of storage from server</li>
+</ul>
+
+<h3>How to use</h3>
+
+<p>You can use MongoDB as notebook storage by editting
<code>zeppelin-env.sh</code> or <code>zeppelin-site.xml</code>.</p>
+
+<h4>(Method 1) by editting <code>zeppelin-env.sh</code></h4>
+
+<p>Add a line below to <code>$ZEPPELIN_HOME/conf/zeppelin-env.sh</code>:</p>
+<div class="highlight"><pre><code class="language-bash"
data-lang="bash"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_STORAGE</span><span
class="o">=</span>org.apache.zeppelin.notebook.repo.MongoNotebookRepo
+</code></pre></div>
+<blockquote>
+<p><em>NOTE:</em> The default MongoDB connection URI is
<code>mongodb://localhost</code></p>
+</blockquote>
+
+<h4>(Method 2) by editting <code>zeppelin-site.xml</code></h4>
+
+<p>Or, <strong>uncomment</strong> lines below at
<code>$ZEPPELIN_HOME/conf/zeppelin-site.xml</code>:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.MongoNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>notebook persistence layer
implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>And <strong>comment</strong> lines below:</p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitNotebookRepo<span
class="nt"></value></span>
+ <span class="nt"><description></span>versioned notebook persistence
layer implementation<span class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<h3>Configurable Options</h3>
+
+<p>You can configure options below in <code>zeppelin-env.sh</code>.</p>
+
+<ul>
+<li><code>ZEPPELIN_NOTEBOOK_MONGO_URI</code> <a
href="https://docs.mongodb.com/manual/reference/connection-string/";>MongoDB
connection URI</a> used to connect to a MongoDB database server</li>
+<li><code>ZEPPELIN_NOTEBOOK_MONGO_DATABASE</code> Database name</li>
+<li><code>ZEPPELIN_NOTEBOOK_MONGO_COLLECTION</code> Collection name</li>
+<li><code>ZEPPELIN_NOTEBOOK_MONGO_AUTOIMPORT</code> If <code>true</code>,
import local notes (refer to description below for details)</li>
+</ul>
+
+<p>Or, you can configure them in <code>zeppelin-site.xml</code>. Corresponding
option names as follows:</p>
+
+<ul>
+<li><code>zeppelin.notebook.mongo.uri</code></li>
+<li><code>zeppelin.notebook.mongo.database</code></li>
+<li><code>zeppelin.notebook.mongo.collection</code></li>
+<li><code>zeppelin.notebook.mongo.autoimport</code></li>
+</ul>
+
+<h4>Example configurations in <code>zeppelin-env.sh</code></h4>
+<div class="highlight"><pre><code class="language-sh"
data-lang="sh"><span></span><span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_MONGO_URI</span><span
class="o">=</span>mongodb://db1.example.com:27017
+<span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_MONGO_DATABASE</span><span
class="o">=</span>myfancy
+<span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_MONGO_COLLECTION</span><span
class="o">=</span>notebook
+<span class="nb">export</span> <span
class="nv">ZEPPELIN_NOTEBOOK_MONGO_AUTOIMPORT</span><span
class="o">=</span><span class="nb">true</span>
+</code></pre></div>
+<h4>Import your local notes automatically</h4>
+
+<p>By setting <code>ZEPPELIN_NOTEBOOK_MONGO_AUTOIMPORT</code> as
<code>true</code> (default <code>false</code>), you can import your local notes
automatically when Zeppelin daemon starts up. This feature is for easy
migration from local file system storage to MongoDB storage. A note with ID
already existing in the collection will not be imported.</p>
+
+<h2>Notebook Storage in GitHub</h2>
+
+<p>To enable GitHub tracking, uncomment the following properties in
<code>zeppelin-site.xml</code></p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.git.remote.url<span
class="nt"></name></span>
+ <span class="nt"><value></value></span>
+ <span class="nt"><description></span>remote Git repository URL<span
class="nt"></description></span>
+<span class="nt"></property></span>
+
+<span class="nt"><property></span>
+ <span
class="nt"><name></span>zeppelin.notebook.git.remote.username<span
class="nt"></name></span>
+ <span class="nt"><value></span>token<span
class="nt"></value></span>
+ <span class="nt"><description></span>remote Git repository
username<span class="nt"></description></span>
+<span class="nt"></property></span>
+
+<span class="nt"><property></span>
+ <span
class="nt"><name></span>zeppelin.notebook.git.remote.access-token<span
class="nt"></name></span>
+ <span class="nt"><value></value></span>
+ <span class="nt"><description></span>remote Git repository
password<span class="nt"></description></span>
+<span class="nt"></property></span>
+
+<span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.git.remote.origin<span
class="nt"></name></span>
+ <span class="nt"><value></span>origin<span
class="nt"></value></span>
+ <span class="nt"><description></span>Git repository remote<span
class="nt"></description></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>And set the <code>zeppelin.notebook.storage</code> propery to
<code>org.apache.zeppelin.notebook.repo.GitHubNotebookRepo</code></p>
+<div class="highlight"><pre><code class="language-xml"
data-lang="xml"><span></span><span class="nt"><property></span>
+ <span class="nt"><name></span>zeppelin.notebook.storage<span
class="nt"></name></span>
+ <span
class="nt"><value></span>org.apache.zeppelin.notebook.repo.GitHubNotebookRepo<span
class="nt"></value></span>
+<span class="nt"></property></span>
+</code></pre></div>
+<p>The access token could be obtained by following the steps on this link
https://github.com/settings/tokens.</p>
+
+ </div>
+</div>
+
+
+ <hr>
+ <footer>
+ <!-- <p>© 2019 The Apache Software Foundation</p>-->
+ </footer>
+ </div>
+
+
+
+
+ <script type="text/javascript">
+ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
+
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+ })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+ ga('create', 'UA-45176241-5', 'zeppelin.apache.org');
+ ga('require', 'linkid', 'linkid.js');
+ ga('send', 'pageview');
+
+</script>
+
+
+
+ </body>
+</html>
+
Propchange: zeppelin/site/docs/0.8.2/setup/storage/storage.html
------------------------------------------------------------------------------
svn:executable = *
