Accessing the Oozie server with the Oozie Client

The Oozie client is a command-line utility that interacts with the Oozie server using the Oozie web-services API.

Use the /usr/bin/oozie script to run the Oozie client.
For example, if you want to invoke the client on the same machine where the Oozie server is running:
```
$ oozie admin -oozie https://<oozie_server>:11443/oozie -status
System mode: NORMAL
```
To make it convenient to use this utility, set the environment variable OOZIE_URL to point to the URL of the Oozie server. Then you can skip the -oozie option.
For example, if you want to invoke the client on the same machine where the Oozie server is running, set the OOZIE_URL to https://<oozie_server>:11443/oozie.
```
$ export OOZIE_URL=https://<oozie_server>:11443/oozie
$ oozie admin -version
Oozie server build version: 4.0.0-cdh5.0.0
```
important
If Oozie is configured with Kerberos Security enabled:
- You must have a Kerberos session running. For example, you can start a session by running the kinit command.
- Do not use localhost.
As with every service that uses Kerberos, Oozie has a Kerberos principal in the form <SERVICE>/<HOSTNAME>@<REALM>. In a Kerberos configuration, you must use the <HOSTNAME> value in the Kerberos principal to specify the Oozie server; for example, if the <HOSTNAME> in the principal is myoozieserver.mydomain.com, set OOZIE_URL as follows:
```
export OOZIE_URL=https://myoozieserver.mydomain.com:11443/oozie
```
If you use an alternate hostname or the IP address of the service, Oozie will not work properly.

If you want to access Oozie client through Knox:

export OOZIE_URL=https://<knox_host>:<knox_port>/gateway/cdp-proxy-api/oozie

When you access Oozie client through Knox, you need to specify a username and password in the command line as Knox needs it:

export OOZIE_URL=https://<knox_host>:<knox_port>/gateway/cdp-proxy-api/oozie
oozie admin -version -auth BASIC -username <username> -password <password>

When the Oozie server has SSL enabled, the Oozie client does not automatically set the necessary trust-store properties to form a connection. You can set these properties using the following methods:
- Add them as system properties immediately after the oozie command. For instance:
```
oozie \
    "-Djavax.net.ssl.trustStore={trustStorePath}" \
    "-Djavax.net.ssl.trustStorePassword={trustStorePassword}" \
    "-Djavax.net.ssl.trustStoreType={trustStoreType}" \
    {oozieCommand} \
    -oozie "{oozieUrl}" \
    ...
```
- You can also set these properties by defining the OOZIE_CLIENT_OPTS environment variable before running the Oozie command. For instance:
```
export OOZIE_CLIENT_OPTS="-Djavax.net.ssl.trustStore={trustStorePath} -Djavax.net.ssl.trustStorePassword={trustStorePassword} -Djavax.net.ssl.trustStoreType={trustStoreType}"
```
- If you prefer, you can also utilize the -insecure argument with the Oozie command line to prevent the client from validating the certificates:
```
oozie \
    {oozieCommand} \
    -oozie "{oozieUrl}" \
    -insecure \
    ...
```