Try to fix the roles attributes.
This commit is contained in:
parent
df811ed440
commit
6942ecd077
|
@ -22,7 +22,7 @@ cdh_zeppelin_ldap_group_obj_class: groupofnames
|
|||
cdh_zeppelin_group_template: "cn={0},ou=Groups,dc=mycompany,dc=com"
|
||||
cdh_zeppelin_group_search_filter: '(memberUid={0})'
|
||||
cdh_zeppelin_ldap_nested_groups: 'false'
|
||||
cdh_zeppelin_ldap_roles_by_group: 'cdh_hadoop: userrole, cdh_admin: adminrole'
|
||||
cdh_zeppelin_ldap_roles_by_group: 'cdh_hadoop: user, cdh_admin: admin'
|
||||
cdh_zeppelin_ldap_bind_u: zeppelin
|
||||
#cdh_zeppelin_ldap_bind_pwd: "use a vault file"
|
||||
|
||||
|
@ -31,11 +31,12 @@ cdh_zeppelin_ldap_member_attr: member
|
|||
cdh_zeppelin_ldap_group: zeppelin_hadoop
|
||||
cdh_zeppelin_ldap_url: 'ldap://ldap.test.com:389'
|
||||
cdh_zeppelin_secure_urls: True
|
||||
cdh_zeppelin_secure_roles: 'authc, roles[admin]'
|
||||
cdh_zeppelin_secure_roles: 'roles[user,admin]'
|
||||
cdh_zeppelin_local_api_user: False
|
||||
cdh_zeppelin_local_api_username: zeppelin-api
|
||||
cdh_zeppelin_local_api_grouprole: '{{ cdh_zeppelin_local_api_username }}: user'
|
||||
#cdh_zeppelin_local_api_userpwd: 'use a vault'
|
||||
cdh_zeppelin_secure_interpreter_api_roles: 'authc, roles[user,admin,api_user]'
|
||||
cdh_zeppelin_secure_interpreter_api_roles: 'roles[user,admin,api_user]'
|
||||
|
||||
http_port: '{{ zeppelin_http_port }}'
|
||||
https_port: '{{ zeppelin_https_port }}'
|
||||
|
|
|
@ -25,13 +25,13 @@
|
|||
file: dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/local-repo owner={{ cdh_zeppelin_user }} group={{ cdh_zeppelin_group }} state=directory
|
||||
|
||||
- name: Install the zeppelin configuration files
|
||||
template: src={{ item }} dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/conf/{{ item }} owner=root group={{ cdh_zeppelin_group }} mode=0440
|
||||
template: src={{ item }}.j2 dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/conf/{{ item }} owner=root group={{ cdh_zeppelin_group }} mode=0440
|
||||
with_items: '{{ cdh_zeppelin_conf_files }}'
|
||||
notify: Restart zeppelin
|
||||
tags: [ 'cdh', 'zeppelin', 'zeppelin_conf' ]
|
||||
|
||||
- name: Install the zeppelin systemd startup script
|
||||
template: src=zeppelin_systemd.service dest=/etc/systemd/system/zeppelin.service
|
||||
template: src=zeppelin_systemd.service.j2 dest=/etc/systemd/system/zeppelin.service
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
|
||||
- name: Ensure that the zeppelin service is enabled and running
|
||||
|
|
|
@ -75,22 +75,13 @@ ldapRealm.contextFactory.systemPassword = {{ cdh_zeppelin_ldap_bind_pwd }}
|
|||
{% if cdh_zeppelin_local_api_user %}
|
||||
pamRealm=org.apache.zeppelin.realm.PamRealm
|
||||
pamRealm.service=sshd
|
||||
pamRealm.rolesByGroup = {{ cdh_zeppelin_local_api_grouprole }}
|
||||
securityManager.realms = $pamRealm, $ldapRealm
|
||||
{% else %}
|
||||
securityManager.realms = $ldapRealm
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
### A sample PAM configuration
|
||||
#pamRealm=org.apache.zeppelin.realm.PamRealm
|
||||
#pamRealm.service=sshd
|
||||
|
||||
### A sample for configuring ZeppelinHub Realm
|
||||
#zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm
|
||||
## Url of ZeppelinHub
|
||||
#zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com
|
||||
#securityManager.realms = $zeppelinHubRealm
|
||||
|
||||
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
|
||||
securityManager.sessionManager = $sessionManager
|
||||
|
||||
|
@ -113,9 +104,9 @@ shiro.loginUrl = /api/login
|
|||
|
||||
[roles]
|
||||
admin = *
|
||||
user = *
|
||||
#user = *
|
||||
{% if cdh_zeppelin_local_api_user %}
|
||||
api_role = {{ cdh_zeppelin_local_api_username }}
|
||||
api_role = *
|
||||
{% endif %}
|
||||
|
||||
[urls]
|
Loading…
Reference in New Issue