Try to fix the roles attributes.

2021-11-12 19:10:22 +01:00 · 2021-11-12 19:10:22 +01:00 · 6942ecd077
parent df811ed440
commit 6942ecd077
7 changed files with 9 additions and 17 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -22,7 +22,7 @@ cdh_zeppelin_ldap_group_obj_class: groupofnames
 cdh_zeppelin_group_template: "cn={0},ou=Groups,dc=mycompany,dc=com"
 cdh_zeppelin_group_search_filter: '(memberUid={0})'
 cdh_zeppelin_ldap_nested_groups: 'false'
-cdh_zeppelin_ldap_roles_by_group: 'cdh_hadoop: userrole, cdh_admin: adminrole'
+cdh_zeppelin_ldap_roles_by_group: 'cdh_hadoop: user, cdh_admin: admin'
 cdh_zeppelin_ldap_bind_u: zeppelin
 #cdh_zeppelin_ldap_bind_pwd: "use a vault file"

@ -31,11 +31,12 @@ cdh_zeppelin_ldap_member_attr: member
 cdh_zeppelin_ldap_group: zeppelin_hadoop
 cdh_zeppelin_ldap_url: 'ldap://ldap.test.com:389'
 cdh_zeppelin_secure_urls: True
-cdh_zeppelin_secure_roles: 'authc, roles[admin]'
+cdh_zeppelin_secure_roles: 'roles[user,admin]'
 cdh_zeppelin_local_api_user: False
 cdh_zeppelin_local_api_username: zeppelin-api
+cdh_zeppelin_local_api_grouprole: '{{ cdh_zeppelin_local_api_username }}: user'
 #cdh_zeppelin_local_api_userpwd: 'use a vault'
-cdh_zeppelin_secure_interpreter_api_roles: 'authc, roles[user,admin,api_user]'
+cdh_zeppelin_secure_interpreter_api_roles: 'roles[user,admin,api_user]'

 http_port: '{{ zeppelin_http_port }}'
 https_port: '{{ zeppelin_https_port }}'
--- a/tasks/zeppelin.yml
+++ b/tasks/zeppelin.yml
@ -25,13 +25,13 @@
    file: dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/local-repo  owner={{ cdh_zeppelin_user }} group={{ cdh_zeppelin_group }} state=directory

  - name: Install the zeppelin configuration files
-    template: src={{ item }} dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/conf/{{ item }} owner=root group={{ cdh_zeppelin_group }} mode=0440
+    template: src={{ item }}.j2 dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/conf/{{ item }} owner=root group={{ cdh_zeppelin_group }} mode=0440
    with_items: '{{ cdh_zeppelin_conf_files }}'
    notify: Restart zeppelin
    tags: [ 'cdh', 'zeppelin', 'zeppelin_conf' ]

  - name: Install the zeppelin systemd startup script
-    template: src=zeppelin_systemd.service dest=/etc/systemd/system/zeppelin.service
+    template: src=zeppelin_systemd.service.j2 dest=/etc/systemd/system/zeppelin.service
    when: ansible_service_mgr == 'systemd'

  - name: Ensure that the zeppelin service is enabled and running
--- a/templates/shiro.ini.j2
+++ b/templates/shiro.ini.j2
@ -75,22 +75,13 @@ ldapRealm.contextFactory.systemPassword = {{ cdh_zeppelin_ldap_bind_pwd }}
 {% if cdh_zeppelin_local_api_user %}
 pamRealm=org.apache.zeppelin.realm.PamRealm
 pamRealm.service=sshd
+pamRealm.rolesByGroup = {{ cdh_zeppelin_local_api_grouprole }}
 securityManager.realms = $pamRealm, $ldapRealm
 {% else %}
 securityManager.realms = $ldapRealm
 {% endif %}
 {% endif %}

-### A sample PAM configuration
-#pamRealm=org.apache.zeppelin.realm.PamRealm
-#pamRealm.service=sshd
-
-### A sample for configuring ZeppelinHub Realm
-#zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm
-## Url of ZeppelinHub
-#zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com
-#securityManager.realms = $zeppelinHubRealm
-
 sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 securityManager.sessionManager = $sessionManager

@ -113,9 +104,9 @@ shiro.loginUrl = /api/login

 [roles]
 admin = *
-user = *
+#user = *
 {% if cdh_zeppelin_local_api_user %}
-api_role = {{ cdh_zeppelin_local_api_username }}
+api_role = *
 {% endif %}

 [urls]
--- a/templates/zeppelin-env.sh.j2
+++ b/templates/zeppelin-env.sh.j2
--- a/templates/zeppelin-site.xml.j2
+++ b/templates/zeppelin-site.xml.j2
--- a/templates/zeppelin_systemd.service.j2
+++ b/templates/zeppelin_systemd.service.j2
--- a/templates/zeppelin_upstart.conf.j2
+++ b/templates/zeppelin_upstart.conf.j2