2.3.6. oozie-site.xml

To the oozie-site.xml file, you must add the following information:

Table 13.8. oozie-site.xml

Property Name	Property Value	Description
oozie.service.AuthorizationService.security.enabled	`true`	Specifies whether security (user name/admin role) is enabled or not. If it is disabled any user can manage the Oozie system and manage any job.
oozie.service.HadoopAccessorService.kerberos.enabled	`true`	Indicates if Oozie is configured to use Kerberos
local.realm	EXAMPLE.COM	Kerberos Realm used by Oozie and Hadoop. Using 'local.realm' to be aligned with Hadoop configuration.
oozie.service.HadoopAccessorService.keytab.file	`/etc/security/keytabs/oozie.service.keytab`	The keytab for the Oozie service principal.
oozie.service.HadoopAccessorService.kerberos.principal	$OOZIE_PRINCIPAL/_HOST@EXAMPLE.COM	Kerberos principal for Oozie service
oozie.authentication.type	kerberos
oozie.authentication.kerberos.principal	HTTP/_HOST@EXAMPLE.COM	Whitelisted job tracker for Oozie service
oozie.authentication.kerberos.keytab	`/etc/security/keytabs/spnego.service.keytab`	Location of the Oozie user keytab file.
oozie.service.HadoopAccessorService.nameNode.whitelist
oozie.authentication.kerberos.name.rules	RULE:[2:$1@$0]([jt]t@.EXAMPLE.COM)s/./$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.EXAMPLE.COM)s/./$HDFS_USER/ RULE:[2:$1@$0](hm@.EXAMPLE.COM)s/./$HBASE_USER/ RULE:[2:$1@$0](rs@.EXAMPLE.COM)s/./$HBASE_USER/ DEFAULT	The mapping from Kerberos principal names to local service user names. See Creating Mappings Between Principals and UNIX Usernames for more information.

The XML for these entries:

<property>
    <name>oozie.service.AuthorizationService.security.enabled</name>
    <value>true</value>
    <description>Specifies whether security (user name/admin role) is enabled or not. 
           If it is disabled any user can manage the Oozie system and manage any job.</description>
</property>

<property>
    <name>oozie.service.HadoopAccessorService.kerberos.enabled</name>
    <value>true</value>
    <description>Indicates if Oozie is configured to use Kerberos</description>
</property>

<property>
    <name>local.realm </name>
    <value>EXAMPLE.COM </value>
    <description>Kerberos Realm used by Oozie and Hadoop. Using 'local.realm' to be 
           aligned with Hadoop configuration</description>
</property>

<property>
    <name>oozie.service.HadoopAccessorService.keytab.file </name>
    <value>/etc/security/keytabs/oozie.service.keytab</value>
    <description>The keytab for the Oozie service principal.</description>
</property>

<property>
    <name>oozie.service.HadoopAccessorService.kerberos.principal</name>
    <value>$OOZIE_PRINCIPAL/_HOSTl@EXAMPLE.COM </value>
    <description>Kerberos principal for Oozie service</description>
</property>

<property>
    <name>oozie.authentication.type</name>
    <value>kerberos</value>
    <description>Authentication type</description>
</property>


<property>
    <name>oozie.authentication.kerberos.principal</name>
    <value>$HTTP_USER/_HOST@EXAMPLE.COM</value>
    <description>Whitelisted job tracker for Oozie service</description>
</property>

<property>
    <name> oozie.authentication.kerberos.keytab</name>
    <value>/etc/security/keytabs/spnego.service.keytab</value>
    <description>Location of the Oozie user keytab file.</description>
</property>

<property>
    <name>oozie.service.HadoopAccessorService.nameNode.whitelist</name>
    <value/>
    <description/>
</property>

<property>
    <name>oozie.authentication.kerberos.name.rules</name>
    <value><value>        
        RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/        
        RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/        
        RULE:[2:$1@$0](hm@.*EXAMPLE.COM)s/.*/$HBASE_USER/        
        RULE:[2:$1@$0](rs@.*EXAMPLE.COM)s/.*/$HBASE_USER/        
        DEFAULT</value> 
    <description>The mapping from Kerberos principal names to local service user names.</description>
</property>

Legal notices