[ZEPPELIN-1210] Run interpreter per user

[jongyoul]

What is this PR for?

Enabling each user to run same interpreter.

What type of PR is it?

[Improvement]

What is the Jira issue?

https://issues.apache.org/jira/browse/ZEPPELIN-1210

How should this be tested?

1. Enable shiro to use authentication mode
2. Check per user in your interpreter tab
3. Run different paragraphs with different users
   1. Run %spark sc.version, you will see the two res0: ... in your paragraphs

Screenshots (if appropriate)

Questions:

• Does the licenses files need update? No
• Is there breaking changes for older versions? No
• Does this needs documentation? No

[echarles]

Quickly went through the changes, but not sure to get it.
In which way is this related to the various intepreter modes we already have?
In which way is this related to ZEPPELIN-1000 (Multiple simultaneous users on a single WEB server)?

[prabhjyotsingh]

I think you should revert this file.

[jongyoul]

@prabhjyotsingh It's not affected actually because the default option for security is none. It would be affected if /** = authc is activated but there's no test for it.

[jongyoul]

@echarles For now, Zeppelin supports per note option but doesn't do per user. If two different users log in Zeppelin and want to use same spark interpreter with same note, they cannot run a paragraph simultaneously. This PR enable that feature. Concerning ZEPPELIN-1000, I don't know the meaning of the management of single user exactly. AFAIK, Zeppelin manages multiple users at the same time. Could you please describe in details? I think you'd better answer the moon's statement.

[jongyoul]

https://travis-ci.org/apache/zeppelin/builds/150661771

[bzz]

@jongyoul this looks very interesting! Could you plz help me to understand - does this changes mean for Zeepelin to run a new separate interpreter process for every user and schedulle only his jobs to be executed there?

[zjffdu]

@jongyoul Does that mean the login user is the process owner ? Because it matters for security reason.
e.g.

• For spark interpreter, it would be better to launch the yarn app as the user who login in zeppelin.
• For shell interpreter, it would be better to launch the shell as the user who login in zeppelin. Otherwise it is pretty dangerous. The user can delete all the files owner by others.

BTW, could you write a simple design doc, as the PR is pretty large, not easy to review without a design doc.

[jongyoul]

@bzz If different users run a same interpreter with 'isolated', Zeppelin runs multiple process for that interpreters, and with 'scoped', Zeppelin runs a single process for it but the users feel like a separate process because Zeppelin interpreter use different class loader per user. For instance, if some users use SparkInterpreter with 'isolated' and 'scoped', all users look like running each SparkInterpreter.

[jongyoul]

@zjffdu This is a first step for resolving security issues. For the next step, I'll pass some properties for identifying user. BTW, InterpreterContext includes user information, actually, thus it might not be a big change. :-)

[sourav-mazumder]

@jongyoul
I suggest while we enable this feature we also enable that user can access only the data what he/she is authorized to.

For example if there is a folder/table in HDFS/FileServer/Hive which user is trying to access he/she should not be able to access that unless he/she is authorized for the same.

To enable this, while starting the spark-submit, Zepplein needs to ensure that it is started with the current user mode (the Shiro user).

Regards,
Sourav

[zjffdu]

@sourav-mazumder 's suggestion is about another point of multiple user support, this is might not be a trivial task to implement in this PR. I think we have a discussion about the multiple-user support for zeppelin in the mail list recently. There's lots of works to do, I will create a umbrella ticket for that so that we can have a more clear whole picture of that.

[zjffdu]

Create umbrella ticket for multiple user support.
https://issues.apache.org/jira/browse/ZEPPELIN-1337

[jongyoul]

Merging if there's no more discussion

[Leemoonsoo]

@jongyoul Thanks for the great work. I tested this PR a bit and it works as expected. However, when i remove a Note, (with "perNote" checked), i think removal of Interpreter Process (isolated mode) or Interpreter Instance (scoped mode) related to that Note is expected. However this PR does not remove them.

The same interpreter process/instance removal should happen when user unbind interpreter setting from Note.

Could you check these cases?

[jongyoul]

@Leemoonsoo Thanks for the review. I'll check that.

[jongyoul]

@Leemoonsoo I've fixed it. Check it please. This is because remoteProcess doesn't destroy correctly.

[zjffdu]

@jongyoul I don't see the per user in the interpreter page. Do I miss anything ?

[jongyoul]

It looks looks like a browser cache issue. Can you clean cache and try it
again?

On Friday, 2 September 2016, Jeff Zhang notifications@github.com wrote:

@jongyoul https://github.com/jongyoul I don't see the per user in the
interpreter page. Do I miss anything ?
[image: image]
https://cloud.githubusercontent.com/assets/164491/18191192/03daf4ba-70fb-11e6-9753-03a81a4bbd75.png

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#1265 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/ADcfltXnJyMjMfmsoNqDPfBlE5pOO4Z3ks5ql470gaJpZM4Jauiv
.

이종열, Jongyoul Lee, 李宗烈
http://madeng.net

[zjffdu]

Thanks @jongyoul after clean cache, I can see the per user. But unfortunately, two users still share the same interpreter. Here's what I see. I use yarn-client mode and only see one yarn app is launched.

[cloverhearts]

Tested.
I was tested for spark, jdbc, markdown, file and other interpreters.
It's working well. (per user/ per note/ globally)

[zjffdu]

@jongyoul my mistake, it works now.

[jongyoul]

@cloverhearts Thank you!!

[jongyoul]

CI become green and @cloverhearts tested almost cases. Merging if there's no more discussion.