Create the DLM Engine service user
Follow these steps to configure DLM Engine service user:
- You must configure DLM Engine service user as ‘beacon’. Grant privileges to this user to enable replication of data, metadata and ranger policies.
- If your principal user database is LDAP/AD, create ‘beacon’ user in your LDAP/AD setup.
Set up the ‘beacon’ user as HDFS superuser so that DLM can access HDFS files
If the hadoop group mapping is set to LDAP,
(hadoop.security.group.mapping=org.apache.hadoop.security.LdapGroupsMapping), ‘beacon’ user should belong to the HDFS superusergroup
(value of dfs.permissions.superusergroup).
- You can assign HDFS superusergroup to ‘beacon’ user in LDAP. or
This can also be setup with static hadoop group mapping (
config hadoop.user.group.static.mapping.overrides=beacon=<HDFS superusergroup>).
Refresh the hadoop group mapping.
hdfs dfsadmin -refreshSuperUserGroupsConfiguration hdfs dfsadmin -refreshUserToGroupsMappings
Verify that ‘beacon’ was added as a user to the HDFS superuser group.
hdfs groups beacon
The output should display HDFS or the value of
dfs.permissions.superusergroup configas one of the groups.
- The ‘beacon’ user requires some setup in Ranger. If the Ranger usersync is set to LDAP/AD, ensure that ‘beacon’ user is created in your LDAP/AD setup. Privileges for this ‘beacon’ user in Ranger will be automatically set up as part of DLM Engine service start.