Example of Mutual Trust Operations
Scenario
This section guides you to enable unidirectional password-free mutual trust when Oozie nodes are used to execute shell scripts of external nodes through SSH jobs.
Prerequisites
You have installed Oozie, and it can communicate with external nodes (nodes connected using SSH).
Procedure
- Ensure that the user used for SSH connection exists on the external node, and the user directory ~/.ssh exists.
- Log in to the Oozie node as user omm and run the ssh-keygen -t rsa command to generate public and private keys.
- Run the cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys statement to add the public key to the authorized_keys file.
- Upload the id_rsa.pub file to an existing directory, for example, /opt/, on the external node as user root.
scp ~/.ssh/id_rsa.pub root@IP address of the external node:/opt/id_rsa.pub
- Log in to the external node where the shell is located and go to the directory described in 4. The id_rsa.pub file can be found.
Run the cat id_rsa.pub >> ~/.ssh/authorized_keys statement to add the public key to the authorized_keys file of the shell user.
- Change the permission on the directory.
chmod 700 ~/.ssh
chmod 600 /opt/id_rsa.pub
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.