This is the documentation for CDH 5.0.x. Documentation for other versions is available at Cloudera Documentation.

Configuring Oozie HA with Kerberos

In CDH 5, you can configure multiple active Oozie servers against the same database, providing high availability for Oozie. For instructions on setting up Oozie HA, see About Oozie High Availability

Let's assume you have three hosts running Oozie servers, host1.example.com, host2.example.com, host3.example.com and the Load Balancer running on oozie.example.com. The Load Balancer directs traffic to the Oozie servers: host1, host2 and host3. For such a configuration, assuming your Kerberos realm is EXAMPLE.COM, create the following Kerberos principals:
  • oozie/host1.example.com@EXAMPLE.COM
  • oozie/host2.example.com@EXAMPLE.COM
  • oozie/host3.example.com@EXAMPLE.COM
  • HTTP/oozie.example.com@EXAMPLE.COM

On each of the hosts, host1, host2 and host3, create a keytab file with its corresponding oozie and HTTP principals from the list above. Make sure you are using the same HTTP principal in all three keytab files.

Edit the following property in the Oozie server configuration file, oozie-site.xml:
<property>
<name>oozie.authentication.kerberos.principal</name>
<value>HTTP/oozie.example.com@EXAMPLE.COM</value>
</property>
Change the value of OOZIE_BASE_URL in oozie-env.sh to point to the Load Balancer.
export OOZIE_BASE_URL=http://oozie.example.com:11000/oozie
Page generated September 3, 2015.