oozie-site.xml
To the oozie-site.xml file, add the following information:
Table 27.11. oozie-site.xml Property Settings
Property Name | Property Value | Description |
---|---|---|
oozie.service.AuthorizationService. security.enabled | true | Specifies whether security (user name/admin role) is enabled or not. If it is disabled any user can manage the Oozie system and manage any job. |
oozie.service.HadoopAccessorService. kerberos.enabled | true | Indicates if Oozie is configured to use Kerberos. |
local.realm | EXAMPLE.COM | Kerberos Realm used by Oozie and Hadoop. Using local.realm to be aligned with Hadoop configuration. |
oozie.service.HadoopAccessorService. keytab.file | /etc/security/keytabs/oozie.service.keytab | The keytab for the Oozie service principal. |
oozie.service.HadoopAccessorService. kerberos.principaloozie/ _HOSTl@EXAMPLE.COM | oozie/_HOSTl@EXAMPLE.COM | Kerberos principal for Oozie service. |
oozie.authentication.type | kerberos | |
oozie.authentication.kerberos. principal | HTTP/_HOST@EXAMPLE.COM | Whitelisted job tracker for Oozie service. |
oozie.authentication.kerberos.keytab | /etc/security/keytabs/spnego.service.keytab | Location of the Oozie user keytab file. |
oozie.service.HadoopAccessorService. nameNode.whitelist | ||
oozie.authentication.kerberos. name.rules | RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/mapred/ RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](hm@.*EXAMPLE.COM)s/.*/hbase/ RULE:[2:$1@$0](rs@.*EXAMPLE.COM)s/.*/hbase/ DEFAULT | The mapping from Kerberos principal names to local OS user names. See Creating Mappings Between Principals and UNIX Usernames for more information. |
oozie.service.ProxyUserService. proxyuser.knox.groups | users | Grant proxy privileges to the knox user. Note only required when using a Knox Gateway. |
oozie.service.ProxyUserService. proxyuser.knox.hosts | $knox_host_FQDN | Identifies the Knox Gateway. Note only required when using a Knox Gateway. |