Configure system users
Adjust the system user or group for each LiveData Migrator service to suit your environment.
Data Migrator 1.20 changed Hive Migrator user configuration. If upgrading to 1.21, and authenticating with Hive through a Kerberos principal that doesn't map to the hive
user, ensure there's a valid proxy user setting in core-site.xml
. Otherwise metadata migrations will fail. See the known issue for more information.
Defaults
The default system users and groups for each service are as follows:
Service | Default system user | Default system group |
---|---|---|
livedata-migrator | hdfs | hdfs |
livedata-migrator-data-agent | hdfs | hdfs |
livedata-ui | hdfs | hdfs |
hivemigrator | hive | hadoop |
hivemigrator-remote-server | hive | hadoop |
If you assign a customer user and group during installation, the above default system users and groups will be overwritten.
Running a service as a different user or group
You can run a service your own custom user or group, allowing precise control over privileges are provided. However, this is only appropriate in environments not running Kerberos:
Customer service users without Kerberos
Don't run Data Migrator without Kerberos in production environments. We recommend running without Kerberos for internal testing only.
Customer service users with Kerberos
On a kerberized cluster, the principal set in the Kerberos keytab determines the identity used to grant access to the source and target. As a result, you don't need to run services using a privileged user. You can set up a custom user with fewer privileges to increase cluster security.
Follow the steps below, depending on which service user/group you want to change.
Data Migrator and WANdisco UI
Adjust the system user or group in the service configuration.
Only do this step if running a Linux distribution with systemd
Create an override service file for the following services:Data Migratorsystemctl edit livedata-migrator
Data Transfer Agentsystemctl edit livedata-migrator-data-agent
WANdisco UIsystemctl edit livedata-ui
In the text editor that opens automatically, override the
User
andGroup
variables with your preferred user and group:Example[Service]
User=<user>
Group=<group>Update the values for
USERNAME
andGROUPNAME
in the configuration file for the following services:Data Migrator/etc/wandisco/livedata-migrator/vars.env
Data Transfer Agent/etc/wandisco/livedata-migrator-data-agent/vars.env
WANdisco UI/etc/wandisco/ui/vars.env
Change ownership of the related directories to the new system user/group:
Data Migratorchown -R <user>:<group> /opt/wandisco/livedata-migrator /etc/wandisco/livedata-migrator /var/log/wandisco/livedata-migrator /var/run/livedata-migrator
Data Transfer Agentchown -R <user>:<group> /opt/wandisco/livedata-migrator-data-agent /etc/wandisco/livedata-migrator-data-agent /var/log/wandisco/livedata-migrator-data-agent /var/run/livedata-migrator-data-agent
WANdisco UIchown -R <user>:<group> /opt/wandisco/ui /etc/wandisco/ui /var/log/wandisco/ui /var/run/livedata-ui /var/log/wandisco/audit
After you've made changes, restart the services:
Hive Migrator and Hive Migrator remote server
Adjust the system user or group in the service configuration.
Only do this step if running a Linux distribution with systemd
Create an override service file for the following services:Hive Migratorsystemctl edit hivemigrator
Hive Migrator remote serversystemctl edit hivemigrator-remote-server
In the text editor that opens automatically, override the
User
andGroup
variables with your preferred user and group:Example[Service]
User=<user>
Group=<group>Update the values for
HIVE_MIGRATOR_SERVER_USER
andHIVE_MIGRATOR_SERVER_GROUP
in the configuration file for the following services:Hive Migrator/etc/wandisco/hivemigrator/vars.sh
Hive Migrator remote server/etc/wandisco/hivemigrator-remote-server/vars.sh
Change ownership of the related directories to the new system user/group:
Hive Migratorchown -R <user>:<group> /opt/wandisco/hivemigrator /etc/wandisco/hivemigrator /var/log/wandisco/hivemigrator /var/run/hivemigrator
Hive Migrator remote serverchown -R <user>:<group> /opt/wandisco/hivemigrator-remote-server /etc/wandisco/hivemigrator-remote-server /var/log/wandisco/hivemigrator-remote-server /var/run/hivemigrator-remote-server
Once you've finished making changes, restart the corresponding services: