vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1830.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

24 lines
4.7 KiB
HTML
Raw Blame History

<a name="mrs_01_1830"></a><a name="mrs_01_1830"></a>
<h1 class="topictitle1">Example of Mutual Trust Operations</h1>
<div id="body1591347175451"><div class="section" id="mrs_01_1830__s6b7922d8fee84bc2b1b3c1f7f6031d2e"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1830__a63525d62d2c14df192e26aa51d73a108">This section guides you to enable unidirectional password-free mutual trust when Oozie nodes are used to execute shell scripts of external nodes through SSH jobs.</p>
</div>
<div class="section" id="mrs_01_1830__s05a583c060ef46b7b900c533dbbceb4b"><h4 class="sectiontitle">Prerequisites</h4><p id="mrs_01_1830__a617cd2b628bf4d038ca8387f880863f1">You have installed Oozie, and it can communicate with external nodes (nodes connected using SSH).</p>
</div>
<div class="section" id="mrs_01_1830__sc6d878be4cf04431ace78ebe89ea3a46"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1830__o67a7de77625645f69f017dbedae33213"><li id="mrs_01_1830__l8c161d8dbc944a019599145938d15030"><span>Ensure that the user used for SSH connection exists on the external node, and the user directory <span class="filepath" id="mrs_01_1830__filepath1474019433308"><b>~/.ssh</b></span> exists.</span></li><li id="mrs_01_1830__l96d21b37b10243138833bdb06d4c78ef"><a name="mrs_01_1830__l96d21b37b10243138833bdb06d4c78ef"></a><a name="l96d21b37b10243138833bdb06d4c78ef"></a><span>Log in to the Oozie node as user <strong id="mrs_01_1830__b7619266252938">omm</strong> and run the <strong id="mrs_01_1830__b140770365852938">ssh-keygen -t rsa</strong> command to generate public and private keys.</span></li><li id="mrs_01_1830__l743471d5b1b94637863dd3a218e51ee5"><span>Run the <strong id="mrs_01_1830__b173914115552938">cat ~/.ssh/id_rsa.pub &gt;&gt; ~/.ssh/authorized_keys</strong> statement to add the public key to the <span class="filepath" id="mrs_01_1830__filepath1373852373317"><b>authorized_keys</b></span> file.</span></li><li id="mrs_01_1830__li19793111323111"><a name="mrs_01_1830__li19793111323111"></a><a name="li19793111323111"></a><span>Upload the <strong id="mrs_01_1830__b267924872514">id_rsa.pub</strong> file to an existing directory, for example, <strong id="mrs_01_1830__b13478165162520">/opt/</strong>, on the external node as user <strong id="mrs_01_1830__b640113543255">root</strong>.</span><p><p id="mrs_01_1830__p19520101619318"><strong id="mrs_01_1830__b1134413112619">scp ~/.ssh/id_rsa.pub root@</strong><em id="mrs_01_1830__i166811617192620">IP address of the external node</em><strong id="mrs_01_1830__b4995142052610">:/opt/id_rsa.pub</strong></p>
</p></li><li id="mrs_01_1830__l3474ff88b5b74df88b592efa8f416f61"><span>Log in to the external node where the shell is located and go to the directory described in <a href="#mrs_01_1830__li19793111323111">4</a>. The <span class="filepath" id="mrs_01_1830__filepath113499583210"><b>id_rsa.pub</b></span> file can be found.</span><p><p id="mrs_01_1830__ab2910a3223f94b5ab60e28f2c9c014a7">Run the <strong id="mrs_01_1830__b196242090352938">cat id_rsa.pub &gt;&gt; ~/.ssh/authorized_keys</strong> statement to add the public key to the <span class="filepath" id="mrs_01_1830__filepath18573122643311"><b>authorized_keys</b></span> file of the shell user.</p>
</p></li><li id="mrs_01_1830__la002c4226a504afaa899314ea2c1c67e"><a name="mrs_01_1830__la002c4226a504afaa899314ea2c1c67e"></a><a name="la002c4226a504afaa899314ea2c1c67e"></a><span>Change the permission on the directory.</span><p><p id="mrs_01_1830__a8a6f8157ad914cf5bf3ff80f7dd778f6"><strong id="mrs_01_1830__a6eef33955b6c4975aa4a3374fe376680">chmod 700 ~/.ssh</strong></p>
<p id="mrs_01_1830__a15305e0b081740a2a28507c7dc16705b"><strong id="mrs_01_1830__adf1148daa7794e22842943971492b2c0">chmod 600 /opt/id_rsa.pub</strong></p>
<div class="p" id="mrs_01_1830__aaca38692b90046c09ebbf9d090075e05"><strong id="mrs_01_1830__a861023b529774854ae45404d712538d3">chmod 600 ~/.ssh/authorized_keys</strong><div class="note" id="mrs_01_1830__ncc563539fa2143c7b14fc044d42a8322"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="mrs_01_1830__u88a00b7ee98841ba98731c4ff719775a"><li id="mrs_01_1830__l5b37454f6860435c899183f61bc68a7c">The user of the node where shell resides (external node) has the permission to execute shell scripts and access all directories and files involved in the Shell scripts.</li><li id="mrs_01_1830__le85ebaaf8dfa4e5ca3186a95a27892d8">If Oozie has multiple nodes, perform <a href="#mrs_01_1830__l96d21b37b10243138833bdb06d4c78ef">2</a> to <a href="#mrs_01_1830__la002c4226a504afaa899314ea2c1c67e">6</a> on all Oozie nodes.</li></ul>
</div></div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1819.html">Submitting a Workflow Job</a></div>
</div>
</div>
View Git Blame Copy Permalink