Updated on 2022-11-18 GMT+08:00

Example of Mutual Trust Operations

Scenario

This section guides you to enable unidirectional password-free mutual trust when Oozie nodes are used to execute shell scripts of external nodes through SSH jobs.

Prerequisites

You have installed Oozie, and it can communicate with external nodes (nodes connected using SSH).

Procedure

  1. Ensure that the user used for SSH connection exists on the external node, and the user directory ~/.ssh exists.
  2. Log in to the Oozie node as user omm and run the ssh-keygen -t rsa command to generate public and private keys.
  3. Run the cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys statement to add the public key to the authorized_keys file.
  4. Upload the id_rsa.pub file to an existing directory, for example, /opt/, on the external node as user root.

    scp ~/.ssh/id_rsa.pub root@IP address of the external node:/opt/id_rsa.pub

  5. Log in to the external node where the shell is located and go to the directory described in 4. The id_rsa.pub file can be found.

    Run the cat id_rsa.pub >> ~/.ssh/authorized_keys statement to add the public key to the authorized_keys file of the shell user.

  6. Change the permission on the directory.

    chmod 700 ~/.ssh

    chmod 600 /opt/id_rsa.pub

    chmod 600 ~/.ssh/authorized_keys
    • The user of the node where shell resides (external node) has the permission to execute shell scripts and access all directories and files involved in the Shell scripts.
    • If Oozie has multiple nodes, perform 2 to 6 on all Oozie nodes.