airawat · May 24, 2018 18:04
diff --git a/Oozie-SSHConfig-Azure b/Oozie-SSHConfig-Azure
 B5b. Configure Oozie SSH action
 Sometimes, you may need to execute jobs on a specific node - instead of any cluster node.
 For this you need oozie service user to be able to connect to the node of choice as your workflow user.
 # The following documentation details configuring an application ID to execute a SSH action

 # In the illustration-
 # edge node=cdh-en01
 # oozie server=cdh-mn01
 # applicaiton ID=akhanolk

 # ==========================================
 # 1. On edge node, as application ID
 # GENERATE SSH KEY FOR APPLICATION ID
 # (One time activity for ID)
 # ==========================================
 ssh-keygen -t dsa

 # ==========================================
 # 2. On oozie server, as root
 # CHECK IF OOZIE HAS A HOME DIR
 # ==========================================
 [root@cdh-mn-2b4cb552 ~]# ls -l /home
 total 0
 drwx------ 4 akhanolk akhanolk 151 Jul 27 21:34 akhanolk
 # Oozie does not exist

 # ==========================================
 # 3. On oozie server, as root
 # CREATE OOZIE HOME
 # (One time activity)
 # ==========================================
 mkdir /home/oozie
 chown -R oozie:oozie /home/oozie

 # Informational
 grep oozie /etc/passwd
 oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/false

 # ==========================================
 # 4. On oozie server, as root
 # MAKE oozie USER, A BASH USER, if not already
 # (One time activity)
 # ==========================================
 # Edit /etc/passwd file to make oozie user a bash user
 # Replace the false in /bin/false with /bin/bash
 # After the change, verify change with -

 grep oozie /etc/passwd
 oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/bash
 # Now that oozie is a bash user, you can su as oozie
 su - oozie
 id
 uid=982(oozie) gid=979(oozie) groups=979(oozie)

 # ==========================================
 # 5. On oozie server, as root
 # GENERATE SSH KEY FOR oozie USER
 # (One time activity)
 # ==========================================
 su - oozie
 ssh-keygen -t dsa
 #use defaults & save

 #capture public key to clipboard
 more id_dsa.pub

 # ==========================================
 # 6. On edge node, as application ID
 # ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS
 # (One time activity for the ID)
 # ==========================================
 cd ~/.ssh
 vi authorized_keys
 # Paste the oozie user's public key to the file, save and exit

 # ==========================================
 # 7. On edge node, as application ID
 # Set permissions to .ssh directory and authorized_keys file
 # (One time activity for the ID)
 # ==========================================
 cd ~
 chmod 700 .ssh
 chmod 400 .ssh/authorized_keys

 # ==========================================
 # 8. On oozie server, loggied in as root
 # su as Oozie, then -
 # TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID
 # ==========================================
 su - oozie
 ssh akhanolk@cdh-en01
 # This should work, if set up right
	B5b. Configure Oozie SSH action
	Sometimes, you may need to execute jobs on a specific node - instead of any cluster node.
	For this you need oozie service user to be able to connect to the node of choice as your workflow user.
	# The following documentation details configuring an application ID to execute a SSH action

	# In the illustration-
	# edge node=cdh-en01
	# oozie server=cdh-mn01
	# applicaiton ID=akhanolk

	# ==========================================
	# 1. On edge node, as application ID
	# GENERATE SSH KEY FOR APPLICATION ID
	# (One time activity for ID)
	# ==========================================
	ssh-keygen -t dsa

	# ==========================================
	# 2. On oozie server, as root
	# CHECK IF OOZIE HAS A HOME DIR
	# ==========================================
	[root@cdh-mn-2b4cb552 ~]# ls -l /home
	total 0
	drwx------ 4 akhanolk akhanolk 151 Jul 27 21:34 akhanolk
	# Oozie does not exist

	# ==========================================
	# 3. On oozie server, as root
	# CREATE OOZIE HOME
	# (One time activity)
	# ==========================================
	mkdir /home/oozie
	chown -R oozie:oozie /home/oozie

	# Informational
	grep oozie /etc/passwd
	oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/false

	# ==========================================
	# 4. On oozie server, as root
	# MAKE oozie USER, A BASH USER, if not already
	# (One time activity)
	# ==========================================
	# Edit /etc/passwd file to make oozie user a bash user
	# Replace the false in /bin/false with /bin/bash
	# After the change, verify change with -

	grep oozie /etc/passwd
	oozie:x:982:979:Oozie User:/var/lib/oozie:/bin/bash
	# Now that oozie is a bash user, you can su as oozie
	su - oozie
	id
	uid=982(oozie) gid=979(oozie) groups=979(oozie)

	# ==========================================
	# 5. On oozie server, as root
	# GENERATE SSH KEY FOR oozie USER
	# (One time activity)
	# ==========================================
	su - oozie
	ssh-keygen -t dsa
	#use defaults & save

	#capture public key to clipboard
	more id_dsa.pub

	# ==========================================
	# 6. On edge node, as application ID
	# ADD oozie USER'S PUBLIC KEY TO AUTHORIZED KEYS
	# (One time activity for the ID)
	# ==========================================
	cd ~/.ssh
	vi authorized_keys
	# Paste the oozie user's public key to the file, save and exit

	# ==========================================
	# 7. On edge node, as application ID
	# Set permissions to .ssh directory and authorized_keys file
	# (One time activity for the ID)
	# ==========================================
	cd ~
	chmod 700 .ssh
	chmod 400 .ssh/authorized_keys

	# ==========================================
	# 8. On oozie server, loggied in as root
	# su as Oozie, then -
	# TEST PASSWORDLESS SSH TO EDGE NODE AS APPLICATION ID
	# ==========================================
	su - oozie
	ssh akhanolk@cdh-en01
	# This should work, if set up right