That¹s right.
On 4/9/14, 7:03 PM, "bowen zhang" <bowenzhang...@yahoo.com> wrote:
>Do you need to add "cred" into action in workflow.xml? Like, instead of
>having "<action name="pig-node">", you need "<action name="pig-node"
>cred="hcatauth">"
>bowen
>
>
>On Wednesday, April 9, 2014 6:13 PM, Mona Chitnis <chit...@yahoo-inc.com>
>wrote:
>
>Hello Bowen,
>
>1) In the oozie action, you would need to add <credentials> tag with the
>following properties and specify type hcat. Then the HCatCredentialHelper
>class would be invoked for accessing tables through HCatalog.
>
><credential name='hcatauth' type='hcat'>
> <property>
> <name>hcat.metastore.uri</name>
> <value>${HCAT_URI}</value>
> </property>
> <property>
> <name>hcat.metastore.principal</name>
> <value>${HCAT_PRINCIPAL}</value>
> </property>
></credential>
>
>2) For the messaging medium between Oozie and HCatalog (if you are
>utilizing notifications), you¹d need to setup separate authentication
>mechanisms for Oozie and HCatalog to authenticate with the message broker
>and for Oozie workflows to be able to consume messages meant only for
>that user. In Yahoo, we use an internal Certificate Authority based
>mechanism. I haven¹t tried to setup secure Oozie with something like
>secure ActiveMQ yet.
>
>3) hive-site.xml is included in Oozie classpath. This has the
>security-oriented properties enabled
>E.g.
>
><property>
>
> <name>hive.security.authorization.enabled</name>
>
> <value>true</value>
>
> <description>Perform authorization checks on the client</description>
>
></property>
>
>If I¹ve missed out something, other dev¹s please comment.
>
>‹
>Mona
>
>
>On 4/9/14, 5:50 PM, "bowen zhang"
><bowenzhang...@yahoo.com<mailto:bowenzhang...@yahoo.com>> wrote:
>
>Hi all,
>I am wondering whether we have docs for oozie-hcat integration in secure
>mode. Because I assume we should need more configs for secure mode. Can
>anyone from yahoo comment on this?
>
>Bowen
