Oozie configuration for SSH action

00-OozieConfigSSHAction

# The following documentation details configuring an application ID to execute a SSH action

# In the illustration-
# edge node=cdh-sn03
# oozie server=cdh-mn01
# applicaiton ID=akhanolk


# ==========================================
# 1.  On edge node, as application ID
# GENERATE SSH KEY FOR APPLICATION ID
# (One time activity for ID)
# ==========================================

ssh-keygen -t dsa


# ==========================================
# 2.  On oozie server, as root
# CHECK IF OOZIE HAS A HOME DIR
# ==========================================

ls -l /home
	total 4
	drwx------. 5 akhanolk akhanolk 4096 Jul  1 19:05 akhanolk

# Oozie does not exist

# ==========================================
# 3.  On oozie server, as root
# CREATE OOZIE HOME
# (One time activity)
# ==========================================

mkdir /home/oozie
chown oozie:oozie /home/oozie

ls -l /home
	total 8
	drwx------. 5 akhanolk akhanolk 4096 Jul  1 19:05 akhanolk
	drwxr-xr-x  2 oozie    oozie    4096 Jul  1 19:51 oozie


grep oozie /etc/passwd
	oozie:x:487:485:Oozie User:/var/lib/oozie:/bin/false

#This below will not work as oozie is not set up as bash user
su - oozie

id
	uid=0(root) gid=0(root) groups=0(root)

# ==========================================
# 4.  On oozie server, as root
# MAKE oozie USER, A BASH USER
# (One time activity)
# ==========================================

# Edit /etc/passwd file to make oozie user a bash user
# Replace the false in /bin/false with /bin/bash
# After the change, verify change with -


grep oozie /etc/passwd
	oozie:x:487:485:Oozie User:/var/lib/oozie:/bin/bash

# Now that oozie is a bash user, you can su as oozie
su - oozie

id
	uid=487(oozie) gid=485(oozie) groups=485(oozie)


# ==========================================
# 5.  On oozie server, as root
# GENERATE SSH KEY FOR oozie USER
# (One time activity)
# ==========================================

su - oozie

ssh-keygen -t dsa
	Generating public/private dsa key pair.
	Enter file in which to save the key (/var/lib/oozie/.ssh/id_dsa): 
	Enter passphrase (empty for no passphrase): 
	Enter same passphrase again: 
	Your identification has been saved in /var/lib/oozie/.ssh/id_dsa.
	Your public key has been saved in /var/lib/oozie/.ssh/id_dsa.pub.
	The key fingerprint is:
	42:75:d4:26:48:94:aa:f9:56:09:e2:d6:7a:11:3e:de oozie@cdh-mn01


more id_dsa.pub


# ==========================================
# 6.  On edge node, as application ID
# ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS
# (One time activity for the ID)
# ==========================================

cd ~/.ssh
vi authorized_keys
# Paste the oozie user's public key to the file, save and exit

# ==========================================
# 6.  On edge node, as application ID
# Set permissions to .ssh directory and authorized_keys file
# (One time activity for the ID)
# ==========================================

cd ~
chmod 700 .ssh
chmod 400 .ssh/authorized_keys

# ==========================================
# 7.  On oozie server, loggied in as root
# su as Oozie, then -
# TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID
# ==========================================

su - oozie

ssh akhanolk@cdh-sn03

# This should work, if set up right

Somehow didn't work for me. Not able to perform passwordless ssh. Do we need oozie group? I have oozie user as part of admin group.

Hi,

Worked file for me.
One small fix, no need "Step 3"(create home dir for oozie). Unless you want to change the default "/var/lib/oozie/".

Thanks,
Obaid