This is the documentation for CDH 5.0.x. Documentation for other versions is available at Cloudera Documentation.
Configuring Oozie HA with Kerberos
In CDH 5, you can configure multiple active Oozie servers against the same database, providing high availability for Oozie. For instructions on setting up Oozie HA, see About Oozie High Availability
Let's assume you have three hosts running Oozie servers, host1.example.com, host2.example.com, host3.example.com and the Load Balancer running on
oozie.example.com. The Load Balancer
directs traffic to the Oozie servers: host1, host2 and host3. For such a configuration,
assuming your Kerberos realm is EXAMPLE.COM,
create the following Kerberos principals:
- oozie/host1.example.com@EXAMPLE.COM
- oozie/host2.example.com@EXAMPLE.COM
- oozie/host3.example.com@EXAMPLE.COM
- HTTP/oozie.example.com@EXAMPLE.COM
On each of the hosts, host1, host2 and host3, create a keytab file with its corresponding oozie and HTTP principals from the list above. Make sure you are using the same HTTP principal in all three keytab files.
Edit the following property in the Oozie server configuration file,
oozie-site.xml:
<property> <name>oozie.authentication.kerberos.principal</name> <value>HTTP/oozie.example.com@EXAMPLE.COM</value> </property>
Change the value of OOZIE_BASE_URL in oozie-env.sh to
point to the Load
Balancer.
export OOZIE_BASE_URL=http://oozie.example.com:11000/oozie
| << Configuring the Oozie Server to Support Kerberos Security | Configuring Oozie to use SSL (HTTPS) >> | |