You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Hongwei Lu (Jira)" <ji...@apache.org> on 2022/11/02 03:03:00 UTC

[jira] [Created] (ZEPPELIN-5841) if I have not config proxyuser in core-site.xml, zeppelin prompt me " User: admin is not allowed to impersonate admin"

Hongwei Lu created ZEPPELIN-5841:
------------------------------------

             Summary: if I have not config proxyuser in core-site.xml, zeppelin prompt me " User: admin is not allowed to impersonate admin" 
                 Key: ZEPPELIN-5841
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5841
             Project: Zeppelin
          Issue Type: Bug
          Components: interpreter-launcher
    Affects Versions: 0.10.1
            Reporter: Hongwei Lu


mysql core-site.xml like below

{code:java}
 <property>
        <name>hadoop.proxyuser.HTTP.hosts</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.HTTP.groups</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.zeppelin.hosts</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.zeppelin.groups</name>
        <value>*</value>
    </property>
    <property>
      <name>hadoop.proxyuser.zeppelin.users</name>
      <value>*</value>
    </property>
    <property>
      <name>hadoop.proxyuser.hive.groups</name>
      <value>zeppelin</value>
    </property>
    <property>
        <name>hadoop.proxyuser.zhangfei.hosts</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.zhangfei.groups</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.luhongwei.hosts</name>
        <value>*</value>
    </property>
    <property>
        <name>hadoop.proxyuser.luhongwei.groups</name>
        <value>*</value>
    </property>

{code}

when I login with luhongwei or zhangfei,zeppelin will launch interpreter which luhongwei or zhangfei like below shows


{code:java}
[yarn@hadoop-180-98 ~]$ yarn app -list
2022-11-02 10:57:24,237 INFO client.ConfiguredRMFailoverProxyProvider: Failing over to rm2
Total number of applications (application-types: [], states: [SUBMITTED, ACCEPTED, RUNNING] and tags: []):2
                Application-Id	    Application-Name	    Application-Type	      User	     Queue	             State	       Final-State	       Progress	                       Tracking-URL
application_1667356423565_0002	            zeppelin	               SPARK	 luhongwei	   default	           RUNNING	         UNDEFINED	            10%	http://hadoop-180-91.testhadoop.com:42129
application_1667356423565_0001	            zeppelin	               SPARK	  zhangfei	   default	           RUNNING	         UNDEFINED	            10%	http://hadoop-180-98.testhadoop.com:36249

{code}

but I login with other user , zeppelin throw 
{code:java}
2022-11-02 10:47:54,697 INFO client.ConfiguredRMFailoverProxyProvider: Failing over to rm2
Exception in thread "main" org.apache.spark.SparkException: ERROR: org.apache.hadoop.security.authorize.AuthorizationException: User: admin is not allowed to impersonate admin{code}

I have set spark interpreter to per user in isolated with user impersonate enabled.

Need I set proxyuser for each zeppelin user? It will affect a lot.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)