Updated on 2022-12-09 GMT+08:00

Example of Mutual Trust Operations

Scenario

This section guides you to enable unidirectional password-free mutual trust when Oozie nodes are used to execute shell scripts of external nodes through SSH jobs.

Prerequisites

You have installed Oozie, and it can communicate with external nodes (nodes connected using SSH).

Procedure

  1. Ensure that the user used for SSH connection exists on the external node, and the user directory ~/.ssh exists.
  2. Log in to the node where Oozie is located as user omm and check whether the ~/.ssh/id_rsa.pub file exists.

    • If yes, go to 3.
    • If no, run the following command to generate a public-private key pair:

      ssh-keygen -t rsa

  3. Log in to the node where the Oozie instance resides as user omm and run the following command to configure mutual trust:

    ssh-copy-id -i ~/.ssh/id_rsa.pub User who runs SSH tasks@IP address of the node where SSH tasks run

    You need to enter the password of the user who runs SSH tasks as prompted.

    • The user of the node where Shell resides (external node) must have the permission to execute shell scripts and access all directories and files involved in the Shell scripts.
    • If there are multiple Oozie nodes, perform 2 to 3 on all Oozie nodes.

  4. Log in to other Oozie nodes as user omm and repeat 2 to 3.