Oozie UI - stanislawbartkowski/hdpwiredencryption GitHub Wiki

Enable Oozie UI for SSL

Making Oozie UI listening on a secure port is simple and straightforward.

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/configuring-wire-encryption/content/enable_ssl_on_oozie.html

Prepare keystore

Use CA-signed keystore or create a self-signed certificate. The trustore should be located on the node hosting Oozie server.

/etc/oozie/conf keytool -genkey -alias hbase -keyalg RSA -keysize 1024 -keystore keystore-ui.jks chown oozie:hadoop keystore-ui.jks chmod 440 keystore-ui.jks

Verify that password is valid.

keytool -list -keystore keystore-ui.jks

Enter keystore password:  
Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

cert, 2020-10-05, PrivateKeyEntry, 
Certificate fingerprint (SHA1): 9E:01:C8:73:41:17:6E:7E:50:E9:CE:CB:F8:CA:23:03:FC:4C:25:FC

Enable Oozie war file listening on secure port

Important: Oozie server should be stopped.

/usr/hdp/current/oozie-server/bin/oozie-setup.sh prepare-war -secure

Configure

Ambari->Oozie->Configs->Advanced Advanced oozie-env -> oozie-env template. Include in the template body.

............
# ---- SECURE ---
export OOZIE_HTTPS_KEYSTORE_FILE="/etc/oozie/conf/keystore-ui.jks"
export OOZIE_HTTPS_KEYSTORE_PASS=secret
.............

Restart Oozie server.

Verify

Launch Oozie console using secure HTTP : https://:11443/oozie