Create the DLM Engine service user
Follow these steps to configure DLM Engine service user:
- You must configure user. Grant privileges to this user to enable replication of data, metadata, and Ranger policies.
- If your principal user database is LDAP/AD, create ‘DLM Engine service’ user in your LDAP/AD setup.
Set up the ‘DLM Engine service’ user as HDFS superuser so that DLM can access
HDFS files for replication.
If the hadoop group mapping is set to LDAP,
(hadoop.security.group.mapping=org.apache.hadoop.security.LdapGroupsMapping), ‘DLM Engine service’ user should belong to the HDFS superusergroup
(value of dfs.permissions.superusergroup).
- You can assign HDFS superusergroup to ‘DLM Engine service’ user in LDAP. or
This can also be set up with static hadoop group mapping
config hadoop.user.group.static.mapping.overrides=DLM Engine service=<HDFS superusergroup>).
Refresh the hadoop group mapping.
hdfs dfsadmin -refreshSuperUserGroupsConfiguration hdfs dfsadmin -refreshUserToGroupsMappings
Verify that ‘DLM Engine service’ was added as a user to the HDFS superuser
hdfs groups <DLM Engine service user>
The output should display HDFS or the value of
dfs.permissions.superusergroup configas one of the groups.
- The ‘DLM Engine service’ user requires some set up in Ranger. If the Ranger usersync is set to LDAP/AD, ensure that ‘DLM Engine service’ user is created in your LDAP/AD setup. Privileges for this user in Ranger will be automatically set up as part of DLM Engine service start.