Configuring SSL for Oozie
Before You Begin
- Keystores for Oozie must be readable by the oozie user. This could be a copy of the Hadoop services' keystore with permissions 0440 and owned by the oozie group.
- Truststores must have permissions 0444 (that is, readable by all).
- Specify absolute paths to the keystore and truststore files. These settings apply to all hosts on which daemon roles of the Oozie service run. Therefore, the paths you choose must be valid on all hosts.
- In case there is a DataNode and an Oozie server running on the same host, they can use the same certificate.
Procedure
The steps for configuring and enabling Hadoop SSL for Oozie are as
follows:
- Open the Cloudera Manager Admin Console and navigate to the Oozie service.
- Click Configuration.
- In the Search field, type SSL to show the Oozie SSL properties (found under the Service-Wide > Security category).
- Edit the following SSL properties according to your cluster
configuration.
Table 1. Oozie SSL PropertiesProperty Description Use SSL Check this field to enable SSL for Oozie. Oozie SSL Keystore File Location of the keystore file on the local file system. Oozie SSL Keystore Password Password for the keystore. - Click Save Changes.
- Restart the Oozie service.
<< Configuring SSL for HBase | Configuring SSL for Hue >> | |