Prerequisites for configuring TLS/SSL for Oozie
There are certain prerequisites that must be fulfilled for configuring TLS/SSL for Oozie.
- Keystores for Oozie must be readable by the
oozie
user. This can be a copy of the Hadoop services' keystore with permissions set to0440
and owned by theoozie
group. - Truststores must have permissions set to
0444
, which means that all users can read them. - Specify absolute paths to the keystore and truststore files. These settings apply to all hosts on which daemon roles of the Oozie service run so the paths you choose must be valid on all hosts.
- If there is a DataNode and an Oozie server running on the same host, they can use the same certificate.