Last active
May 24, 2018 18:04
-
-
Save airawat/34f0907e01e922800558bfc790b1287b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| B5b. Configure Oozie SSH action | |
| Sometimes, you may need to execute jobs on a specific node - instead of any cluster node. | |
| For this you need oozie service user to be able to connect to the node of choice as your workflow user. | |
| # The following documentation details configuring an application ID to execute a SSH action | |
| # In the illustration- | |
| # edge node=cdh-en01 | |
| # oozie server=cdh-mn01 | |
| # applicaiton ID=akhanolk | |
| # ========================================== | |
| # 1. On edge node, as application ID | |
| # GENERATE SSH KEY FOR APPLICATION ID | |
| # (One time activity for ID) | |
| # ========================================== | |
| ssh-keygen -t dsa | |
| # ========================================== | |
| # 2. On oozie server, as root | |
| # CHECK IF OOZIE HAS A HOME DIR | |
| # ========================================== | |
| [root@cdh-mn-2b4cb552 ~]# ls -l /home | |
| total 0 | |
| drwx------ 4 akhanolk akhanolk 151 Jul 27 21:34 akhanolk | |
| # Oozie does not exist | |
| # ========================================== | |
| # 3. On oozie server, as root | |
| # CREATE OOZIE HOME | |
| # (One time activity) | |
| # ========================================== | |
| mkdir /home/oozie | |
| chown -R oozie:oozie /home/oozie | |
| # Informational | |
| grep oozie /etc/passwd | |
| oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/false | |
| # ========================================== | |
| # 4. On oozie server, as root | |
| # MAKE oozie USER, A BASH USER, if not already | |
| # (One time activity) | |
| # ========================================== | |
| # Edit /etc/passwd file to make oozie user a bash user | |
| # Replace the false in /bin/false with /bin/bash | |
| # After the change, verify change with - | |
| grep oozie /etc/passwd | |
| oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/bash | |
| # Now that oozie is a bash user, you can su as oozie | |
| su - oozie | |
| id | |
| uid=982(oozie) gid=979(oozie) groups=979(oozie) | |
| # ========================================== | |
| # 5. On oozie server, as root | |
| # GENERATE SSH KEY FOR oozie USER | |
| # (One time activity) | |
| # ========================================== | |
| su - oozie | |
| ssh-keygen -t dsa | |
| #use defaults & save | |
| #capture public key to clipboard | |
| more id_dsa.pub | |
| # ========================================== | |
| # 6. On edge node, as application ID | |
| # ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS | |
| # (One time activity for the ID) | |
| # ========================================== | |
| cd ~/.ssh | |
| vi authorized_keys | |
| # Paste the oozie user's public key to the file, save and exit | |
| # ========================================== | |
| # 7. On edge node, as application ID | |
| # Set permissions to .ssh directory and authorized_keys file | |
| # (One time activity for the ID) | |
| # ========================================== | |
| cd ~ | |
| chmod 700 .ssh | |
| chmod 400 .ssh/authorized_keys | |
| # ========================================== | |
| # 8. On oozie server, loggied in as root | |
| # su as Oozie, then - | |
| # TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID | |
| # ========================================== | |
| su - oozie | |
| ssh akhanolk@cdh-en01 | |
| # This should work, if set up right |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment