Create the DLM Engine service user

Follow these steps to configure DLM Engine service user:

1. You must configure DLM engine service user as ‘beacon’. Grant privileges to this user to enable replication of data, metadata and ranger policies.
2. If your principal user database is LDAP/AD, create ‘beacon’ user in your LDAP/AD setup.
3. Set up the ‘beacon’ user as HDFS superuser so that DLM can access HDFS files for replication.
   If the hadoop group mapping is set to LDAP, (hadoop.security.group.mapping=org.apache.hadoop.security.LdapGroupsMapping), ‘beacon’ user should belong to the HDFS superusergroup (value of dfs.permissions.superusergroup).
   1. You can assign HDFS superusergroup to ‘beacon’ user in LDAP. or
   2. This can also be setup with static hadoop group mapping (config hadoop.user.group.static.mapping.overrides=beacon=<HDFS superusergroup>).
   3. Refresh the hadoop group mapping.

      
      hdfs dfsadmin -refreshSuperUserGroupsConfiguration
      hdfs dfsadmin -refreshUserToGroupsMappings
      

4. Verify that ‘beacon’ was added as a user to the HDFS superuser group.
   hdfs groups beacon

   The output should display HDFS or the value of dfs.permissions.superusergroup config as one of the groups.

5. The ‘beacon’ user requires some setup in Ranger. If the Ranger usersync is set to LDAP/AD, ensure that ‘beacon’ user is created in your LDAP/AD setup. Privileges for this ‘beacon’ user in Ranger will be automatically set up as part of DLM engine service start.