Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Oozie configuration for SSH action
# The following documentation details configuring an application ID to execute a SSH action
# In the illustration-
# edge node=cdh-sn03
# oozie server=cdh-mn01
# applicaiton ID=akhanolk
# ==========================================
# 1. On edge node, as application ID
# GENERATE SSH KEY FOR APPLICATION ID
# (One time activity for ID)
# ==========================================
ssh-keygen -t dsa
# ==========================================
# 2. On oozie server, as root
# CHECK IF OOZIE HAS A HOME DIR
# ==========================================
ls -l /home
total 4
drwx------. 5 akhanolk akhanolk 4096 Jul 1 19:05 akhanolk
# Oozie does not exist
# ==========================================
# 3. On oozie server, as root
# CREATE OOZIE HOME
# (One time activity)
# ==========================================
mkdir /home/oozie
chown oozie:oozie /home/oozie
ls -l /home
total 8
drwx------. 5 akhanolk akhanolk 4096 Jul 1 19:05 akhanolk
drwxr-xr-x 2 oozie oozie 4096 Jul 1 19:51 oozie
grep oozie /etc/passwd
oozie:x:487:485:Oozie User:/var/lib/oozie:/bin/false
#This below will not work as oozie is not set up as bash user
su - oozie
id
uid=0(root) gid=0(root) groups=0(root)
# ==========================================
# 4. On oozie server, as root
# MAKE oozie USER, A BASH USER
# (One time activity)
# ==========================================
# Edit /etc/passwd file to make oozie user a bash user
# Replace the false in /bin/false with /bin/bash
# After the change, verify change with -
grep oozie /etc/passwd
oozie:x:487:485:Oozie User:/var/lib/oozie:/bin/bash
# Now that oozie is a bash user, you can su as oozie
su - oozie
id
uid=487(oozie) gid=485(oozie) groups=485(oozie)
# ==========================================
# 5. On oozie server, as root
# GENERATE SSH KEY FOR oozie USER
# (One time activity)
# ==========================================
su - oozie
ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/var/lib/oozie/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/oozie/.ssh/id_dsa.
Your public key has been saved in /var/lib/oozie/.ssh/id_dsa.pub.
The key fingerprint is:
42:75:d4:26:48:94:aa:f9:56:09:e2:d6:7a:11:3e:de oozie@cdh-mn01
more id_dsa.pub
# ==========================================
# 6. On edge node, as application ID
# ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS
# (One time activity for the ID)
# ==========================================
cd ~/.ssh
vi authorized_keys
# Paste the oozie user's public key to the file, save and exit
# ==========================================
# 6. On edge node, as application ID
# Set permissions to .ssh directory and authorized_keys file
# (One time activity for the ID)
# ==========================================
cd ~
chmod 700 .ssh
chmod 400 .ssh/authorized_keys
# ==========================================
# 7. On oozie server, loggied in as root
# su as Oozie, then -
# TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID
# ==========================================
su - oozie
ssh akhanolk@cdh-sn03
# This should work, if set up right
@grajeev

This comment has been minimized.

Copy link

commented Sep 5, 2015

Somehow didn't work for me. Not able to perform passwordless ssh. Do we need oozie group? I have oozie user as part of admin group.

@obaidcuet

This comment has been minimized.

Copy link

commented Feb 16, 2016

Hi,

Worked file for me.
One small fix, no need "Step 3"(create home dir for oozie). Unless you want to change the default "/var/lib/oozie/".

Thanks,
Obaid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.