Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Oozie configuration for SSH action
# The following documentation details configuring an application ID to execute a SSH action
# In the illustration-
# edge node=cdh-sn03
# oozie server=cdh-mn01
# applicaiton ID=akhanolk
# ==========================================
# 1. On edge node, as application ID
# GENERATE SSH KEY FOR APPLICATION ID
# (One time activity for ID)
# ==========================================
ssh-keygen -t dsa
# ==========================================
# 2. On oozie server, as root
# CHECK IF OOZIE HAS A HOME DIR
# ==========================================
ls -l /home
total 4
drwx------. 5 akhanolk akhanolk 4096 Jul 1 19:05 akhanolk
# Oozie does not exist
# ==========================================
# 3. On oozie server, as root
# CREATE OOZIE HOME
# (One time activity)
# ==========================================
mkdir /home/oozie
chown oozie:oozie /home/oozie
ls -l /home
total 8
drwx------. 5 akhanolk akhanolk 4096 Jul 1 19:05 akhanolk
drwxr-xr-x 2 oozie oozie 4096 Jul 1 19:51 oozie
grep oozie /etc/passwd
oozie:x:487:485:Oozie User:/var/lib/oozie:/bin/false
#This below will not work as oozie is not set up as bash user
su - oozie
id
uid=0(root) gid=0(root) groups=0(root)
# ==========================================
# 4. On oozie server, as root
# MAKE oozie USER, A BASH USER
# (One time activity)
# ==========================================
# Edit /etc/passwd file to make oozie user a bash user
# Replace the false in /bin/false with /bin/bash
# After the change, verify change with -
grep oozie /etc/passwd
oozie:x:487:485:Oozie User:/var/lib/oozie:/bin/bash
# Now that oozie is a bash user, you can su as oozie
su - oozie
id
uid=487(oozie) gid=485(oozie) groups=485(oozie)
# ==========================================
# 5. On oozie server, as root
# GENERATE SSH KEY FOR oozie USER
# (One time activity)
# ==========================================
su - oozie
ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/var/lib/oozie/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/oozie/.ssh/id_dsa.
Your public key has been saved in /var/lib/oozie/.ssh/id_dsa.pub.
The key fingerprint is:
42:75:d4:26:48:94:aa:f9:56:09:e2:d6:7a:11:3e:de oozie@cdh-mn01
more id_dsa.pub
# ==========================================
# 6. On edge node, as application ID
# ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS
# (One time activity for the ID)
# ==========================================
cd ~/.ssh
vi authorized_keys
# Paste the oozie user's public key to the file, save and exit
# ==========================================
# 6. On edge node, as application ID
# Set permissions to .ssh directory and authorized_keys file
# (One time activity for the ID)
# ==========================================
cd ~
chmod 700 .ssh
chmod 400 .ssh/authorized_keys
# ==========================================
# 7. On oozie server, loggied in as root
# su as Oozie, then -
# TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID
# ==========================================
su - oozie
ssh akhanolk@cdh-sn03
# This should work, if set up right
@grajeev

This comment has been minimized.

Copy link

@grajeev grajeev commented Sep 5, 2015

Somehow didn't work for me. Not able to perform passwordless ssh. Do we need oozie group? I have oozie user as part of admin group.

@obaidcuet

This comment has been minimized.

Copy link

@obaidcuet obaidcuet commented Feb 16, 2016

Hi,

Worked file for me.
One small fix, no need "Step 3"(create home dir for oozie). Unless you want to change the default "/var/lib/oozie/".

Thanks,
Obaid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.