From bbd760b82e90bea970ce7a56abcc8d8e894610fa Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 21 Jul 2020 19:14:51 +0200 Subject: [PATCH] Move zeppelin into its own role. --- README.md | 33 ++- defaults/main.yml | 44 +++- handlers/main.yml | 3 +- meta/main.yml | 67 ++---- tasks/main.yml | 3 +- tasks/zeppelin.yml | 46 ++++ templates/shiro.ini | 122 ++++++++++ templates/zeppelin-env.sh | 43 ++++ templates/zeppelin-site.xml | 360 +++++++++++++++++++++++++++++ templates/zeppelin_systemd.service | 12 + templates/zeppelin_upstart.conf | 23 ++ vars/main.yml | 31 ++- 12 files changed, 717 insertions(+), 70 deletions(-) create mode 100644 tasks/zeppelin.yml create mode 100644 templates/shiro.ini create mode 100644 templates/zeppelin-env.sh create mode 100644 templates/zeppelin-site.xml create mode 100644 templates/zeppelin_systemd.service create mode 100644 templates/zeppelin_upstart.conf diff --git a/README.md b/README.md index 3637db8..e833f74 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,28 @@ Role Name ========= -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. +A role that installs the Zeppelin Notebook, Role Variables -------------- -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. +The most important variables are listed below: + +``` yaml +cdh_zeppelin_node: False +cdh_zeppelin_version: 0.8.2 +https_allowed_hosts: + - '0.0.0.0/0' + +cdh_zeppelin_ldap_auth: False +# See the defaults file for the whole LDAP variables +``` Dependencies ------------ -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } +* openjdk +* nginx License ------- @@ -35,4 +32,4 @@ EUPL-1.2 Author Information ------------------ -An optional section for the role authors to include contact information, or a website (HTML is not allowed). +Andrea Dell'Amico, diff --git a/defaults/main.yml b/defaults/main.yml index 95d3c70..71381d5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,2 +1,44 @@ --- -# defaults file for ansible-role-template \ No newline at end of file +cdh_zeppelin_node: False +cdh_zeppelin_version: 0.8.2 +cdh_zeppelin_home: /srv/zeppelin +cdh_zeppelin_work_dirs: + - '{{ cdh_zeppelin_home }}/notebook' + - '{{ cdh_zeppelin_home }}/log' + - '{{ cdh_zeppelin_home }}/run' + - '{{ cdh_zeppelin_home }}/base_tmp/tmp' + +cdh_zeppelin_conf_files: + - zeppelin-env.sh + - shiro.ini + - zeppelin-site.xml +cdh_zeppelin_ldap_auth: False +cdh_zeppelin_notebook_public: 'false' +cdh_zeppelin_dedicated_node: False +cdh_zeppelin_use_spark2: '{{ cdh_spark2_enabled }}' + +cdh_impala_load_balancer: False + +cdh_zeppelin_ldap_enabled: False +cdh_zeppelin_ldap_advanced_config: True +cdh_zeppelin_ldap_starttls: 'true' +cdh_zeppelin_search_bind_authentication: 'false' +cdh_zeppelin_username_pattern: "uid={0},ou=People,dc=mycompany,dc=com" +cdh_zeppelin_ldap_search_base: "dc=mycompany,dc=com" +cdh_zeppelin_ldap_users_base: "ou=People,dc=mycompany,dc=com" +cdh_zeppelin_user_objectclass: posixUser +cdh_zeppelin_ldap_group_base: "ou=Groups,dc=mycompany,dc=com" +cdh_zeppelin_ldap_group_obj_class: groupofnames +cdh_zeppelin_group_template: "cn={0},ou=Groups,dc=mycompany,dc=com" +cdh_zeppelin_group_search_filter: '(memberUid={0})' +cdh_zeppelin_ldap_nested_groups: 'false' +cdh_zeppelin_ldap_roles_by_group: 'cdh_hadoop: userrole, cdh_admin: adminrole' +cdh_zeppelin_ldap_bind_u: zeppelin +#cdh_zeppelin_ldap_bind_pwd: "use a vault file" + +cdh_zeppelin_ldap_user_attr: uid +cdh_zeppelin_ldap_member_attr: member +cdh_zeppelin_ldap_group: zeppelin_hadoop +cdh_zeppelin_ldap_url: 'ldap://ldap.test.com:389' +cdh_zeppelin_secure_urls: True +cdh_zeppelin_secure_roles: 'authc, roles[adminrole]' diff --git a/handlers/main.yml b/handlers/main.yml index 27474e0..97ae3c2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,3 @@ --- -# handlers file for ansible-role-template \ No newline at end of file +- name: Restart zeppelin + service: name=zeppelin state=restarted diff --git a/meta/main.yml b/meta/main.yml index 1126a5e..5450120 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,61 +1,32 @@ galaxy_info: - author: your name - description: your description + author: Andrea Dell'Amico + description: Systems Architect company: ISTI-CNR - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning - # Some suggested licenses: - # - BSD (default) - # - MIT - # - GPLv2 - # - GPLv3 - # - Apache - # - CC-BY - license: EUPL-1.2 + license: EUPL 1.2+ min_ansible_version: 2.8 - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # Optionally specify the branch Galaxy will use when accessing the GitHub - # repo for this role. During role install, if no tags are available, - # Galaxy will use this branch. During import Galaxy will access files on - # this branch. If Travis integration is configured, only notifications for this - # branch will be accepted. Otherwise, in all cases, the repo's default branch - # (usually master) will be used. - #github_branch: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. # To view available platforms and versions (or releases), visit: # https://galaxy.ansible.com/api/v1/platforms/ # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 + platforms: + - name: Ubuntu + versions: + - bionic - galaxy_tags: [] - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. - -dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. + galaxy_tags: + - hadoop + - bigdata +dependencies: + - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git + version: master + name: openjdk + state: latest + - src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-nginx.git + version: master + name: nginx + state: latest diff --git a/tasks/main.yml b/tasks/main.yml index 53c6cae..f4422f7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,3 @@ --- -# tasks file for ansible-role-template \ No newline at end of file +- import_tasks: zeppelin.yml + when: cdh_zeppelin_node diff --git a/tasks/zeppelin.yml b/tasks/zeppelin.yml new file mode 100644 index 0000000..1104406 --- /dev/null +++ b/tasks/zeppelin.yml @@ -0,0 +1,46 @@ +--- +- block: + - name: Create a user that will run the zeppelin service + user: name={{ cdh_zeppelin_user }} home={{ cdh_zeppelin_home }} createhome=no shell=/usr/sbin/nologin system=yes + + - name: Create the zeppelin home directory + file: dest={{ cdh_zeppelin_home }} state=directory mode=0755 + + - name: Create the zeppelin data directories + file: dest={{ item }} state=directory owner={{ cdh_zeppelin_user }} group={{ cdh_zeppelin_group }} + with_items: '{{ cdh_zeppelin_work_dirs }}' + + - name: Download zeppelin + get_url: url={{ cdh_zeppelin_download_url }} dest=/srv/{{ chd_zeppelin_archive }} + + - name: Unpack the zeppelin distribution + unarchive: remote_src=yes src=/srv/{{ chd_zeppelin_archive }} dest={{ cdh_zeppelin_home }} owner=root group=root + args: + creates: '{{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}' + + - name: zeppelin wants to write into the conf directory + file: dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/conf owner={{ cdh_zeppelin_user }} group={{ cdh_zeppelin_group }} + + - name: Install the zeppelin configuration files + template: src={{ item }} dest={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/conf/{{ item }} owner=root group={{ cdh_zeppelin_group }} mode=0440 + with_items: '{{ cdh_zeppelin_conf_files }}' + notify: Restart zeppelin + tags: [ 'cdh', 'zeppelin', 'zeppelin_conf' ] + + - name: Install the zeppelin upstart startup script + template: src=zeppelin_upstart.conf dest=/etc/init/zeppelin.conf + when: ansible_service_mgr != 'systemd' + + - name: Install the zeppelin systemd startup script + template: src=zeppelin_systemd.service dest=/etc/systemd/system/zeppelin.service + when: ansible_service_mgr == 'systemd' + + - name: Ensure that the zeppelin service is enabled and running + service: name=zeppelin state=started enabled=yes + + - name: Ensure that apache2 installed by CDM is stopped and disabled + service: name=apache2 state=stopped enabled=no + ignore_errors: True + notify: Restart nginx + + tags: [ 'cdh', 'zeppelin' ] diff --git a/templates/shiro.ini b/templates/shiro.ini new file mode 100644 index 0000000..f870532 --- /dev/null +++ b/templates/shiro.ini @@ -0,0 +1,122 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +[users] +# List of users with their password allowed to access Zeppelin. +# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections +{% if not cdh_zeppelin_ldap_enabled %} +admin = {{ cdh_zeppelin_admin_password | default('admin') }}, admin +{% endif %} +# Sample LDAP configuration, for user Authentication, currently tested for single Realm +[main] +{% if cdh_zeppelin_ldap_enabled %} +{% if cdh_zeppelin_ldap_advanced_config %} +ldapRealm = org.apache.zeppelin.realm.LdapRealm +ldapRealm.contextFactory.url = {{ cdh_zeppelin_ldap_url }} +ldapRealm.contextFactory.authenticationMechanism=simple +ldapRealm.contextFactory.systemUsername = {{ cdh_zeppelin_ldap_bind_u }} +ldapRealm.contextFactory.systemPassword = {{ cdh_zeppelin_ldap_bind_pwd }} +ldapRealm.authorizationEnabled = true +#ldapRealm.userDnTemplate = {{ cdh_zeppelin_username_pattern }} +# Ability to set ldap paging Size if needed default is 100 +#ldapRealm.pagingSize = 200 +#ldapRealm.searchBase = {{ cdh_zeppelin_ldap_search_base }} +ldapRealm.userSearchBase = {{ cdh_zeppelin_ldap_users_base }} +ldapRealm.userObjectClass = {{ cdh_zeppelin_user_objectclass }} +ldapRealm.groupSearchBase = {{ cdh_zeppelin_ldap_group_base }} +ldapRealm.groupObjectClass = {{ cdh_zeppelin_ldap_group_obj_class }} +ldapRealm.groupSearchFilter = '{{ cdh_zeppelin_group_search_filter }}' +# Allow userSearchAttribute to be customized +ldapRealm.userSearchAttributeName = {{ cdh_zeppelin_ldap_user_attr }} +ldapRealm.memberAttribute = {{ cdh_zeppelin_ldap_member_attr }} +# force usernames returned from ldap to lowercase useful for AD +#ldapRealm.userLowerCase = true +#ldapRealm.memberAttributeValueTemplate = {{cdh_zeppelin_group_template}} +# enable support for nested groups using the LDAPMATCHINGRULEINCHAIN operator +#ldapRealm.groupSearchEnableMatchingRuleInChain = {{ cdh_zeppelin_ldap_nested_groups }} +# optional mapping from physical groups to logical application roles +ldapRealm.rolesByGroup = {{ cdh_zeppelin_ldap_roles_by_group }} +# optional list of roles that are allowed to authenticate. In case not present all groups are allowed to authenticate (login). +# This changes nothing for url specific permissions that will continue to work as specified in [urls]. +#ldapRealm.allowedRolesForAuthentication = adminrole,userrole +#ldapRealm.permissionsByRole = userrole = *:ToDoItem::*, adminrole = * +{% else %} +### A sample for configuring LDAP Directory Realm +ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm +## search base for ldap groups (only relevant for LdapGroupRealm): +ldapRealm.contextFactory.environment[ldap.searchBase] = {{ cdh_zeppelin_ldap_search_base }} +ldapRealm.contextFactory.url = {{ cdh_zeppelin_ldap_url }} +ldapRealm.userDnTemplate = {{ cdh_zeppelin_username_pattern }} +ldapRealm.contextFactory.authenticationMechanism = simple +{% endif %} +securityManager.realms = $ldapRealm +{% endif %} + +### A sample PAM configuration +#pamRealm=org.apache.zeppelin.realm.PamRealm +#pamRealm.service=sshd + +### A sample for configuring ZeppelinHub Realm +#zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm +## Url of ZeppelinHub +#zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com +#securityManager.realms = $zeppelinHubRealm + +sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager + +### If caching of user is required then uncomment below lines +#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager +#securityManager.cacheManager = $cacheManager + +### Enables 'HttpOnly' flag in Zeppelin cookies +cookie = org.apache.shiro.web.servlet.SimpleCookie +cookie.name = JSESSIONID +cookie.httpOnly = true +### Uncomment the below line only when Zeppelin is running over HTTPS +cookie.secure = true +sessionManager.sessionIdCookie = $cookie + +securityManager.sessionManager = $sessionManager +# 86,400,000 milliseconds = 24 hour +securityManager.sessionManager.globalSessionTimeout = 86400000 +shiro.loginUrl = /api/login + +[roles] +admin = * +user = * + +[urls] +# This section is used for url-based security. +# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. +# anon means the access is anonymous. +# authc means Form based Auth Security +# To enfore security, comment the line below and uncomment the next one +/api/version = anon +{% if not cdh_zeppelin_secure_urls %} +/** = anon +{% else %} +{% if cdh_zeppelin_ldap_advanced_config %} +/api/interpreter/setting/restart/** = authc +/api/interpreter/** = {{ cdh_zeppelin_secure_roles }} +/api/configurations/** = {{ cdh_zeppelin_secure_roles }} +/api/credential/** = {{ cdh_zeppelin_secure_roles }} +/** = authc +{% else %} +/** = authc +{% endif %} +{% endif %} + diff --git a/templates/zeppelin-env.sh b/templates/zeppelin-env.sh new file mode 100644 index 0000000..8d6cdaf --- /dev/null +++ b/templates/zeppelin-env.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +export ZEPPELIN_LOG_DIR="{{ cdh_zeppelin_home }}/log" +export ZEPPELIN_PID_DIR="{{ cdh_zeppelin_home }}/run" +export ZEPPELIN_WAR_TEMPDIR="{{ cdh_zeppelin_home }}/base_tmp/tmp" +export ZEPPELIN_NOTEBOOK_DIR="{{ cdh_zeppelin_home }}/notebook" + +export ZEPPELIN_MEM="-Xms4096m -Xmx4096m" +export ZEPPELIN_INTP_MEM="-Xms4096m -Xmx4096m" + +{% if cdh_zeppelin_use_spark2 %} +export SPARK_HOME=/opt/cloudera/parcels/SPARK2-2.2.0.cloudera2-1.cdh5.12.0.p0.232957/lib/spark2 +{% else %} +# export MASTER= # Spark master url. eg. spark://master_addr:7077. Leave empty if you want to use local mode. +export SPARK_HOME=/opt/cloudera/parcels/CDH-5.9.3-1.cdh5.9.3.p0.4/lib/spark +{% endif %} +export DEFAULT_HADOOP_HOME=/opt/cloudera/parcels/CDH-5.9.3-1.cdh5.9.3.p0.4/lib/hadoop +export SPARK_JAR_HDFS_PATH=${SPARK_JAR_HDFS_PATH:-''} +export SPARK_LAUNCH_WITH_SCALA=0 +export SPARK_LIBRARY_PATH=${SPARK_HOME}/lib +export SCALA_LIBRARY_PATH=${SPARK_HOME}/lib + +SPARK_PYTHON_PATH="" +if [ -n "$SPARK_PYTHON_PATH" ]; then + export PYTHONPATH="$PYTHONPATH:$SPARK_PYTHON_PATH" +fi + +export HADOOP_HOME=${HADOOP_HOME:-$DEFAULT_HADOOP_HOME} + +if [ -n "$HADOOP_HOME" ]; then + LD_LIBRARY_PATH=$LD_LIBRARY_PATH:${HADOOP_HOME}/lib/native +fi + +SPARK_EXTRA_LIB_PATH="" +if [ -n "$SPARK_EXTRA_LIB_PATH" ]; then + LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SPARK_EXTRA_LIB_PATH +fi + +export LD_LIBRARY_PATH + +HADOOP_CONF_DIR=${HADOOP_CONF_DIR:-$SPARK_CONF_DIR/yarn-conf} +HIVE_CONF_DIR=${HIVE_CONF_DIR:-/etc/hive/conf} +export MASTER=yarn-client diff --git a/templates/zeppelin-site.xml b/templates/zeppelin-site.xml new file mode 100644 index 0000000..aaf5f0e --- /dev/null +++ b/templates/zeppelin-site.xml @@ -0,0 +1,360 @@ + + + + + + + + zeppelin.server.addr + 0.0.0.0 + Server address + + + + zeppelin.server.port + 8080 + Server port. + + + + zeppelin.server.ssl.port + 8443 + Server ssl port. (used when ssl property is set to true) + + + + zeppelin.server.context.path + / + Context Path of the Web Application + + + + zeppelin.war.tempdir + webapps + Location of jetty temporary directory + + + + zeppelin.notebook.dir + notebook + path or URI for notebook persist + + + + zeppelin.notebook.homescreen + + id of notebook to be displayed in homescreen. ex) 2A94M5J1Z Empty value displays default home screen + + + + zeppelin.notebook.homescreen.hide + false + hide homescreen notebook from list when this value set to true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + zeppelin.notebook.storage + org.apache.zeppelin.notebook.repo.GitNotebookRepo + versioned notebook persistence layer implementation + + + + zeppelin.notebook.one.way.sync + false + If there are multiple notebook storages, should we treat the first one as the only source of truth? + + + + zeppelin.interpreter.dir + interpreter + Interpreter implementation base directory + + + + zeppelin.interpreter.localRepo + local-repo + Local repository for interpreter's additional dependency loading + + + + zeppelin.interpreter.dep.mvnRepo + http://repo1.maven.org/maven2/ + Remote principal repository for interpreter's additional dependency loading + + + + zeppelin.dep.localrepo + local-repo + Local repository for dependency loader + + + + zeppelin.helium.npm.registry + http://registry.npmjs.org/ + Remote Npm registry for Helium dependency loader + + + + zeppelin.interpreters + org.apache.zeppelin.spark.SparkInterpreter,org.apache.zeppelin.spark.PySparkInterpreter,org.apache.zeppelin.rinterpreter.RRepl,org.apache.zeppelin.rinterpreter.KnitR,org.apache.zeppelin.spark.SparkRInterpreter,org.apache.zeppelin.spark.SparkSqlInterpreter,org.apache.zeppelin.spark.DepInterpreter,org.apache.zeppelin.markdown.Markdown,org.apache.zeppelin.angular.AngularInterpreter,org.apache.zeppelin.shell.ShellInterpreter,org.apache.zeppelin.file.HDFSFileInterpreter,org.apache.zeppelin.flink.FlinkInterpreter,,org.apache.zeppelin.python.PythonInterpreter,org.apache.zeppelin.python.PythonInterpreterPandasSql,org.apache.zeppelin.python.PythonCondaInterpreter,org.apache.zeppelin.python.PythonDockerInterpreter,org.apache.zeppelin.lens.LensInterpreter,org.apache.zeppelin.ignite.IgniteInterpreter,org.apache.zeppelin.ignite.IgniteSqlInterpreter,org.apache.zeppelin.cassandra.CassandraInterpreter,org.apache.zeppelin.geode.GeodeOqlInterpreter,org.apache.zeppelin.postgresql.PostgreSqlInterpreter,org.apache.zeppelin.jdbc.JDBCInterpreter,org.apache.zeppelin.kylin.KylinInterpreter,org.apache.zeppelin.elasticsearch.ElasticsearchInterpreter,org.apache.zeppelin.scalding.ScaldingInterpreter,org.apache.zeppelin.alluxio.AlluxioInterpreter,org.apache.zeppelin.hbase.HbaseInterpreter,org.apache.zeppelin.livy.LivySparkInterpreter,org.apache.zeppelin.livy.LivyPySparkInterpreter,org.apache.zeppelin.livy.LivyPySpark3Interpreter,org.apache.zeppelin.livy.LivySparkRInterpreter,org.apache.zeppelin.livy.LivySparkSQLInterpreter,org.apache.zeppelin.bigquery.BigQueryInterpreter,org.apache.zeppelin.beam.BeamInterpreter,org.apache.zeppelin.pig.PigInterpreter,org.apache.zeppelin.pig.PigQueryInterpreter,org.apache.zeppelin.scio.ScioInterpreter + Comma separated interpreter configurations. First interpreter become a default + + + + zeppelin.interpreter.group.order + spark,md,angular,sh,livy,alluxio,file,psql,flink,python,ignite,lens,cassandra,geode,kylin,elasticsearch,scalding,jdbc,hbase,bigquery,beam + + + + + zeppelin.interpreter.connect.timeout + 30000 + Interpreter process connect timeout in msec. + + + + zeppelin.interpreter.output.limit + 102400 + Output message from interpreter exceeding the limit will be truncated + + + + zeppelin.ssl + false + Should SSL be used by the servers? + + + + zeppelin.ssl.client.auth + false + Should client authentication be used for SSL connections? + + + + zeppelin.ssl.keystore.path + keystore + Path to keystore relative to Zeppelin configuration directory + + + + zeppelin.ssl.keystore.type + JKS + The format of the given keystore (e.g. JKS or PKCS12) + + + + zeppelin.ssl.keystore.password + change me + Keystore password. Can be obfuscated by the Jetty Password tool + + + + + + zeppelin.ssl.truststore.path + truststore + Path to truststore relative to Zeppelin configuration directory. Defaults to the keystore path + + + + zeppelin.ssl.truststore.type + JKS + The format of the given truststore (e.g. JKS or PKCS12). Defaults to the same type as the keystore type + + + + + + zeppelin.server.allowed.origins + * + Allowed sources for REST and WebSocket requests (i.e. http://onehost:8080,http://otherhost.com). If you leave * you are vulnerable to https://issues.apache.org/jira/browse/ZEPPELIN-173 + + + + zeppelin.anonymous.allowed + true + Anonymous user allowed by default + + + + zeppelin.notebook.public + {{ cdh_zeppelin_notebook_public }} + Make notebook public by default when created, private otherwise + + + + zeppelin.websocket.max.text.message.size + 1024000 + Size in characters of the maximum text message to be received by websocket. Defaults to 1024000 + + + + zeppelin.server.default.dir.allowed + false + Enable directory listings on server. + + + + + + + + diff --git a/templates/zeppelin_systemd.service b/templates/zeppelin_systemd.service new file mode 100644 index 0000000..68b09de --- /dev/null +++ b/templates/zeppelin_systemd.service @@ -0,0 +1,12 @@ +[Unit] +Description=Zeppelin +After=network.target + +[Service] +Type=simple + +User={{ cdh_zeppelin_user }} +Group={{ cdh_zeppelin_group }} + +WorkingDirectory={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }} +ExecStart={{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }}/bin/zeppelin-daemon.sh upstart diff --git a/templates/zeppelin_upstart.conf b/templates/zeppelin_upstart.conf new file mode 100644 index 0000000..9207f1a --- /dev/null +++ b/templates/zeppelin_upstart.conf @@ -0,0 +1,23 @@ +description "Zeppelin" + +start on (local-filesystems and net-device-up IFACE!=lo) +stop on shutdown + +# Respawn the process on unexpected termination +respawn + +# respawn the job up to 7 times within a 5 second period. +# If the job exceeds these values, it will be stopped and marked as failed. +respawn limit 7 5 + +# Run unprivileged +setuid {{ cdh_zeppelin_user }} +setgid {{ cdh_zeppelin_group }} + +pre-start script + mkdir -p /srv/zeppelin/base_tmp/tmp +end script + +# zeppelin was installed in /usr/share/zeppelin in this example +chdir {{ cdh_zeppelin_home }}/{{ cdh_zeppelin_dir }} +exec bin/zeppelin-daemon.sh upstart diff --git a/vars/main.yml b/vars/main.yml index 3808477..ab2a926 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,31 @@ --- -# vars file for ansible-role-template \ No newline at end of file +letsencrypt_acme_install: True +http_port: 80 +https_port: 443 + +nginx_use_common_virthost: True +nginx_virthosts: + - virthost_name: '{{ ansible_fqdn }}' + listen: '{{ http_port }}' + server_name: '{{ ansible_fqdn }}' + ssl_enabled: True + ssl_only: True + ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}' + root: /usr/share/nginx/html/ + server_tokens: 'off' + proxy_standard_setup: True + locations: + - location: / + target: http://localhost:{{ cdh_zeppelin_http_port }}/ + websockets: True + +openjdk_pkgs: + - jre + - jdk + +cdh_zeppelin_dir: 'zeppelin-{{ cdh_zeppelin_version }}-bin-all' +chd_zeppelin_archive: '{{ cdh_zeppelin_dir }}.tgz' +cdh_zeppelin_download_url: 'http://mirror.nohup.it/apache/zeppelin/zeppelin-{{ cdh_zeppelin_version }}/{{ chd_zeppelin_archive }}' +cdh_zeppelin_user: zeppelin +cdh_zeppelin_group: '{{ cdh_zeppelin_user }}' +cdh_zeppelin_http_port: 8080