Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
B5b. Configure Oozie SSH action
Sometimes, you may need to execute jobs on a specific node - instead of any cluster node.
For this you need oozie service user to be able to connect to the node of choice as your workflow user.
# The following documentation details configuring an application ID to execute a SSH action
# In the illustration-
# edge node=cdh-en01
# oozie server=cdh-mn01
# applicaiton ID=akhanolk
# ==========================================
# 1. On edge node, as application ID
# GENERATE SSH KEY FOR APPLICATION ID
# (One time activity for ID)
# ==========================================
ssh-keygen -t dsa
# ==========================================
# 2. On oozie server, as root
# CHECK IF OOZIE HAS A HOME DIR
# ==========================================
[root@cdh-mn-2b4cb552 ~]# ls -l /home
total 0
drwx------ 4 akhanolk akhanolk 151 Jul 27 21:34 akhanolk
# Oozie does not exist
# ==========================================
# 3. On oozie server, as root
# CREATE OOZIE HOME
# (One time activity)
# ==========================================
mkdir /home/oozie
chown -R oozie:oozie /home/oozie
# Informational
grep oozie /etc/passwd
oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/false
# ==========================================
# 4. On oozie server, as root
# MAKE oozie USER, A BASH USER, if not already
# (One time activity)
# ==========================================
# Edit /etc/passwd file to make oozie user a bash user
# Replace the false in /bin/false with /bin/bash
# After the change, verify change with -
grep oozie /etc/passwd
oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/bash
# Now that oozie is a bash user, you can su as oozie
su - oozie
id
uid=982(oozie) gid=979(oozie) groups=979(oozie)
# ==========================================
# 5. On oozie server, as root
# GENERATE SSH KEY FOR oozie USER
# (One time activity)
# ==========================================
su - oozie
ssh-keygen -t dsa
#use defaults & save
#capture public key to clipboard
more id_dsa.pub
# ==========================================
# 6. On edge node, as application ID
# ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS
# (One time activity for the ID)
# ==========================================
cd ~/.ssh
vi authorized_keys
# Paste the oozie user's public key to the file, save and exit
# ==========================================
# 7. On edge node, as application ID
# Set permissions to .ssh directory and authorized_keys file
# (One time activity for the ID)
# ==========================================
cd ~
chmod 700 .ssh
chmod 400 .ssh/authorized_keys
# ==========================================
# 8. On oozie server, loggied in as root
# su as Oozie, then -
# TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID
# ==========================================
su - oozie
ssh akhanolk@cdh-en01
# This should work, if set up right
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.