Configuration parameters

Enable https

Enables a port for connection to ADQM via HTTPS

Enabled

HTTPS port

Port for connections via HTTPS

8443

Enable tcp secure

Enables a TCP port for SSL-encrypted connection

Enabled

TCP secure port

TCP port for SSL-encrypted connections

9440

Disable protocols

Protocols that are not allowed to be used

 — 

Certificate file

Path to the server SSL certificate file in the PEM format

/etc/clickhouse-server/server.crt

Private key file

Path to the file with the private key of the server SSL certificate

/etc/clickhouse-server/server.key

Certificate authority file

Path to the CA certificate file

/etc/clickhouse-server/ca.crt

Client certificate verification mode

Method of checking user SSL certificates signed by the CA certificate (the path to the CA certificate file should be specified in Certificate authority file). Possible values: none, relaxed, strict, once

Disabled

gRPC port

Port for client connections via gRPC

9100

Enable SSL

Enables SSL for secure communication with clients via gRPC

Disabled

SSL certificate file

Path to the file with the SSL certificate (in the PEM format) for connections via gRPC. Used only if SSL is enabled

/etc/clickhouse-server/grpc_ssl_cert_file.crt

SSL private key file

Path to the file with the secret key of the SSL certificate for connections via gRPC. Used only if SSL is enabled

/etc/clickhouse-server/grpc_ssl_key_file.key

Client auth required

Indicates whether the server should request a client for a certificate. If enabled, Certificate authority file should be specified

Disabled

Certificate authority file

Path to the file with the trusted CA certificate (in the PEM format) used to verify client certificates. Used only if Client auth required is enabled

 — 

Compression algorithm

Compression algorithm needed to minimize traffic. Possible values: none, deflate, gzip, stream_gzip

deflate

Compression level

Level of traffic compression. Possible values: none, low, medium, high

medium

Send message size limits

Size limit for sent messages (in bytes). If -1, message size is unlimited

-1

Receive message size limits

Size limit for received messages (in bytes). If -1, message size is unlimited

-1

Verbose logs

Specifies whether detailed logs are saved

Disabled

LDAP hostname

LDAP server hostname or IP. This parameter is mandatory and cannot be empty

localhost

LDAP port

LDAP server port. Default is 636 if Enable TLS is set to yes, otherwise — 389

636

DN prefix

Prefix used to construct the DN to bind to. Effectively, the resulting DN will be constructed as the auth_dn_prefix + escape(user_name) + auth_dn_suffix string

uid=

DN suffix

Suffix used to construct the DN to bind to. Effectively, the resulting DN will be constructed as the auth_dn_prefix + escape(user_name) + auth_dn_suffix string. Note, that this implies that auth_dn_suffix should usually have comma as its first non-space character

,ou=users,dc=example,dc=com

Enable TLS

no

TLS min version

Minimum version of the SSL/TLS protocol. Accepted values are: ssl2, ssl3, tls1.0, tls1.1, tls1.2

tls1.2

TLS require cert

SSL/TLS peer certificate verification behavior. Accepted values are: never, allow, try, demand

demand

TLS cert file

Path to the certificate file

/path/to/tls_cert_file

TLS key file

Path to the certificate key file

/path/to/tls_key_file

CA cert file

Path to the CA certificate file

/path/to/tls_ca_cert_file

path to CA certificates

Path to the directory containing CA certificates

/path/to/tls_ca_cert_dir

Cipher suite

Allowed cipher suite

 — 

Enable RBAC

Activates role-based access control

Disabled

Default role

Default role for all authenticated users

default

Base DN

Base DN to look for in LDAP tree

ou=Groups,dc=ad,dc=ranger-test

Search filter

Search filter to look for in LDAP tree with the {user_name}, {bind_dn}, and {user_dn} patterns

(&(objectClass=groupOfNames)(member={bind_dn}))

Attribute

Attribute to look for in LDAP tree

cn

Role prefix

Attribute value prefix to look for in LDAP tree

adqm_

Kafka Properties

In this field, specify parameters of the Kafka table engine. For example: <debug>all</debug> <auto_offset_reset>latest</auto_offset_reset> <compression_type>snappy</compression_type>. The field is required

 — 

System

Coordination system for data replication and distributed DDL queries execution. Possible values: Zookeeper, Clickhouse_keeper (integrated), Clickhouse_keeper (allocated)

Zookeeper

Number of nodes in cluster

Number of nodes in a cluster to be used for ClickHouse Keeper

1

Enable IPv6

Allows you to disable IPv6 if your hosts do not support this protocol

Enabled

TCP port

Port for a client to connect

2129

Log storage path

Path to coordination logs

/var/lib/clickhouse-keeper/coordination/log

Snapshot storage path

Path to coordination snapshots

/var/lib/clickhouse-keeper/coordination/snapshots

Operation timeout ms

Timeout for a single client operation (in milliseconds)

10000

Session timeout ms

Timeout for a client session (in milliseconds)

30000

Snapshot distance

Specifies how often ClickHouse Keeper will create new snapshots (in the number of records in logs)

100000

Raft logs level

Coordination logging level (trace, debug, and so on)

error

Rotate log storage interval

Number of log records to store in a single file

10000

Port

Port where a server listens for RAFT connections

9444

root_path

Znode that is used as the root for znodes used by the ClickHouse server

/clickhouse

Distributed DDL path

In this ZK-path ClickHouse posts DDL tasks. Otherwise, make sure there are no intersections in the configuration with other clusters

/clickhouse/task_queue/ddl

root_path

Znode that is used as the root for znodes used by the ClickHouse server

/clickhouse

Distributed DDL zookeeper path

In this ZK-path ClickHouse posts DDL tasks. If this CH-cluster is the only one who uses ZooKeeper — don’t wory about this setting. Otherwise, make sure there are no intersections in the configuration with other clusters

/clickhouse/task_queue/ddl

zk_hosts

Comma-separated locations of all servers in the ensemble, the ports on which they communicate. For example, host1.mydomain.com:2181,host2.mydomain.com:2181,host3.mydomain.com:2181. The field is required

 — 

Max connections

Maximum number of incoming connections

4096

Max concurrent queries

Maximum number of simultaneously processed requests

100

Max concurrent threads

Maximum number of query processing threads allowed to run all queries (excluding threads for retrieving data from remote servers). If the limit is reached, at least one thread will still be allocated to execute a query. If the parameter value is 0, there are no restrictions

0

Max server memory usage

Limits total RAM usage by the ClickHouse server (in bytes). If the parameter value is 0, the amount of RAM is not restricted

0

Max thread pool size

Limits the number of threads in the Global Thread pool that ClickHouse uses to process queries (if there are no idle threads to process a query, then a new thread is created in the pool)

10000

Enable http

Enables a port for HTTP connection

Enabled

ClickHouse http port

Port for client or proxy connections

8123

Enable tcp

Enables a port for connections via the Native protocol (ClickHouse TCP protocol)

Enabled

ClickHouse tcp port

Port for TCP connections

9000

Listen host

Restriction on hosts that requests can come from. Consider possible absence of IPv6 on a target host and use e.g. 0.0.0.0 in this case

::

Data path

Path to the directory containing data

/var/lib/clickhouse/

Log path

Path to the directory containing log files

/var/log/clickhouse-server/

Temp path

Path to temporary data for processing large queries

/var/lib/clickhouse/tmp/

User files path

Directory with user files. Used in the file() table function

/var/lib/clickhouse/user_files/

Access control path

Path to a folder where a ClickHouse server stores user and role configurations created by SQL commands

/var/lib/clickhouse/access/

Replication factor

The number of shards multiplied by replication factor is the total number of nodes in the ADQM physical cluster. Cluster topology and macros are generated once and not altered by any further cluster reconfiguration. For more information, read Distributed Table Engine

Cluster Configuration

Allows you to add cluster configuration parameters

 — 

Default cluster topology

Enable secure intra-cluster communication

Specifies whether secure protocols only (HTTPS, TCP) are used for data exchange between ClickHouse servers. If you activate this option, enable SSL and turn on Enable TCP secure

Disabled

Interserver protocol’s port

Port for exchanging data between ClickHouse servers over the interserver protocol

9009

Interserver http name

Username for authenthication between replicas

 — 

Interserver http password

Password for authenthication between replicas

 — 

Shard secret

Cluster secret to validate distributed queries on shards

 — 

security

Used Kerberos module

 — 

keytab

Path to the keytab file

 — 

reinit_frequency

Kerberos reinitialization frequency

3600

principal

Principal — unique name for a client that is allowed to authenticate with Kerberos

 — 

Logging level

Verbosity level of messages written to a log file. Possible values: trace, debug, information, notice, warning, error, critical, fatal, none

trace

Log file size, MB

Log file size (in MB). Once a file reaches the specified size, ADQM archives and renames it, and creates a new log file in its place

1000

Log files count

Number of archived log files that ADQM stores

10

Database

Name of the system database the queries will be logged in

system

Flush interval, milliseconds

Interval for flushing data from the buffer in memory to a table

7500

TTL, days

Lifetime of logs (in days)

30

query_log

Information about executed queries (for example, query start time, duration of query processing, error messages). This is a commonly used log and it is turned on if the checkbox is selected. To disable it, set log_queries = 0 for a session or query

Disabled

trace_log

Stack traces collected by the sampling query profiler. Useful for deep performance analysis. The log is turned on if the checkbox is selected

Disabled

query_views_log

Information about dependent views executed when running queries (for example, view type, duration of view execution). This is an advanced log and it is turned off by default (even if the checkbox is selected). To enable it, set log_query_views = 1 for a session or query

Disabled

query_thread_log

Information about threads that execute queries (for example, thread name, thread start time, duration of query processing). This is an advanced log and it is turned off by default (even if the checkbox is selected). To enable it, set log_query_threads = 1 for a session or query

Disabled

part_log

Information about events related to data parts of MergeTree tables (for example, adding or merging data). This is an advanced log. It is turned on if the checkbox is selected and it is not controlled at the session level

Disabled

crash_log

Information about stack traces for fatal errors. This is an advanced log. It is turned on if the checkbox is selected and it is not controlled at the session level

Disabled

metric_log

Indicates whether the history of metric values from the system.metrics and system.events tables is recorded in the system.metric_log table

Disabled

asynchronous_metric_log

Indicates whether the history of metric values from the system.asynchronous_metrics table is recorded in the system.asynchronous_metric_log table

Disabled

default_profile_settings

Allows you to add default profile settings

Access Management

SQL-driven access control and account management for a default user

Enabled

Default user password

Password for a default user

 — 

Default user IP

User can connect to ClickHouse server only from the specified IP address or a subnetwork. Examples: 192.168.0.0/16, 2001:DB8::/32

 — 

Default user host

User host can be specified as FQDN. For example, mysite.com

 — 

Default user host_regexp

You can use pcre regular expressions when specifying user hosts. For example, .+*+\.mysite\.com

 — 

Allow plaintext password

Allows or forbids using plaintext passwords for user profiles

Enabled

Allow NO_password

Allows or forbids creating users with no passwords

Enabled

Allow Implicit_NO_password

In combination with Allow NO_password, forbids creating a user with no password unless IDENTIFIED WITH no_password is explicitly specified

Enabled

Length of password

Minimum length of a password. Default is 0 — password length is unlimited

0

Include Upper-case

Indicates whether a password should contain at least one uppercase character

Disabled

Include Lower-case

Indicates whether a password should contain at least one lowercase character

Disabled

Include Number

Indicates whether a password should contain at least one numeric character

Disabled

Include special symbols

Indicates whether a password should contain at least one special character

Disabled

Advanced parameters (name/value)

Configuration parameters for ClickHouse’s advanced.xml file

 — 

Disks

List of disks in the local file system that can be used for storing table data

 — 

Recursively create directories

Specifies whether directories for local disks should be automatically created if they do not exist

Enabled

S3 disks

List of external S3 disks that can be used for storing table data

 — 

Encrypted disks

List of encrypted disks to be created over disks of other types (local, S3, cache)

 — 

Recursively create directories

Specifies whether directories for encrypted disks should be automatically created if they do not exist

Enabled

Cache disks

List of cache disks to be created over external disks that store data

 — 

Recursively create directories

Specifies whether directories for cache disks should be automatically created if they do not exist

Enabled

Policies

List of storage policies that can be assigned to tables

 — 

Minimum part size

Minimum size of a data part (in bytes)

10000000000

Minimum part size ratio

Ratio of the minimum size of a data part to the table size

0.01

Method

Compression method. Possible values: LZ4, LZ4HC, ZSTD

LZ4

Level

9

jdbc bridge log path

Path to the directory containing log files

/var/log/clickhouse-jdbc-bridge/

datasource.json

Data source for the JDBC Bridge

server.json

Server configuration for the JDBC Bridge

"{\n \"requestTimeout\": 5000,\n \"queryTimeout\": 60000,\n \"configScanPeriod\": 5000,\n \"repositories\": [\n {\n \"entity\": \"ru.yandex.clickhouse.jdbcbridge.core.NamedDataSource\",\n \"repository\": \"ru.yandex.clickhouse.jdbcbridge.impl.JsonFileRepository\"\n },\n {\n \"entity\": \"ru.yandex.clickhouse.jdbcbridge.core.NamedSchema\",\n \"repository\": \"ru.yandex.clickhouse.jdbcbridge.impl.JsonFileRepository\"\n },\n {\n \"entity\": \"ru.yandex.clickhouse.jdbcbridge.core.NamedQuery\",\n \"repository\": \"ru.yandex.clickhouse.jdbcbridge.impl.JsonFileRepository\"\n }\n ],\n \"extensions\": [\n {\n \"class\": \"ru.yandex.clickhouse.jdbcbridge.impl.JdbcDataSource\"\n },\n {\n \"class\": \"ru.yandex.clickhouse.jdbcbridge.impl.ConfigDataSource\"\n },\n {\n \"class\": \"ru.yandex.clickhouse.jdbcbridge.impl.ScriptDataSource\"\n }\n ]\n}\n"

AES-128 GCM-SIV key

Key for the AES-128 encryption algorithm as a 32-character hex-encoded string. For example, 00112233445566778899AABBCCDDEEFF

 — 

AES-128 GCM-SIV nonce

Nonce for the AES-128 encryption algorithm as a 24-character hex-encoded string. For example, ABCDEFABCDEFABCDEFABCDEF

 — 

AES-256 GCM-SIV key

Key for the AES-256 encryption algorithm as a 64-character hex-encoded string. For example, 00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF

 — 

AES-256 GCM-SIV nonce

Nonce for the AES-256 encryption algorithm as a 24-character hex-encoded string. For example, ABCDEFABCDEFABCDEFABCDEF

 — 

Time zone

Time zone used for conversions between the String and DateTime formats (for example, when values from DateTime fields are output to text format, or when strings are converted to DateTime values). If the parameter value is System, ADQM uses the timezone parameter value set in the ADQM server configuration or in the operation system settings at the moment of the ADQM server start

System

Default database

Default database

default

Default profile

Default settings profile. Settings profiles are located in the file specified in the user_config parameter

default

Auto Core Dump Service

Indicates whether an automatic core dump is enabled. To enable or disable an automatic core dump, use the corresponding action of the ADQMDB service

Disabled

Enable HTTP

Enables listening for HTTP requests

Enabled

HTTP listen port

Port to listen for HTTP requests

9090

HTTP allowed networks

List of networks from which HTTP access is allowed. Each item may contain IP address or IP subnet mask. The 127.0.0.1 value is added to configuration by default. Chproxy tries detecting the most obvious configuration errors such as allowed_networks: ["0.0.0.0/0"]

 — 

Enable HTTPS

Enables listening for HTTPS requests

Disabled

HTTPS listen port

Port to listen for HTTPS requests

8543

HTTPS allowed networks

List of networks from which HTTPS access is allowed. Each item may contain IP address or IP subnet mask. The 127.0.0.1 value is added to configuration by default. Chproxy tries detecting the most obvious configuration errors such as allowed_networks: ["0.0.0.0/0"]

 — 

Certificate file

Path to the server SSL certificate file in the PEM format

/etc/chproxy/server.crt

Private key file

Path to the file with the private key of the server SSL certificate

/etc/chproxy/server.key

List of user names

List of values used as prefixes in names of wildcarded users that look like prefix_* patterns

 — 

Interval

Interval for checking all cluster nodes for availability

5s

Timeout

Timeout of wait response from cluster nodes

5s

connect

ZooKeeper connection string used by other services or clusters. It is generated automatically

 — 

dataDir

Location where ZooKeeper stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database. It is specified as the dataDir parameter in the zoo.cfg configuration file

/var/lib/zookeeper

admin.serverPort

AdminServer port. An embedded Jetty server that provides an HTTP interface to the four letter word commands

58080

clientPort

Port to listen for client connections, i.e. the port that clients attempt to connect to

2181

tickTime

Length of a single tick (in milliseconds) which is the basic time unit used by ZooKeeper to regulate heartbeats and timeouts

2000

initLimit

Amount of time (in ticks) to allow followers to connect and sync to a leader. Increase this value as needed, if the amount of data managed by ZooKeeper is large

5

syncLimit

Amount of time (in ticks) to allow followers to sync with ZooKeeper. If followers fall too far behind a leader, they will be dropped

2

maxClientCnxns

Limits the number of concurrent connections that a single client, identified by IP address, may make to a single member of the ZooKeeper ensemble

0

autopurge.snapRetainCount

Retains the specified number of the most recent snapshots and the corresponding transaction logs in dataDir and dataLogDir respectively, and deletes the rest. The minimum value is 3

3

autopurge.purgeInterval

Time interval (in hours) for which the purge task has to be triggered. Set a positive integer to enable the auto purging

24

Add key,value

In this field, you can define additional parameters that are not displayed in ADCM UI, but are allowed in the zoo.cfg configuration file

 — 

ZOO_LOG_DIR

Directory to store the logs

/var/log/zookeeper

ZOOPIDFILE

Directory to store the ZooKeeper process ID

/var/run/zookeeper/zookeeper_server.pid

SERVER_JVMFLAGS

Sets different JVM parameters (for example, parameters related to garbage collection)

-Xmx1024m

JAVA

Path to Java

$JAVA_HOME/bin/java

ZOO_LOG4J_PROP

Sets the log4j logging level and which log appenders to turn on. If you turn on the CONSOLE log appender, logs go to stdout. If you turn on ROLLINGFILE, zookeeper.log file is created, rotated, and expired

INFO, CONSOLE, ROLLINGFILE

Listen host

Restriction on hosts from which requests can come. Consider possible absence of IPv6 on a target host and use 0.0.0.0 in this case

::

Enable IPv6

Allows you to disable IPv6 if your hosts do not support this protocol

Активен

TCP port

Port for a client to connect

2129

Log storage path

Path to coordination logs

/var/lib/clickhouse-keeper/coordination/log

Snapshot storage path

Path to coordination snapshots

/var/lib/clickhouse-keeper/coordination/snapshots

root_path

Znode that is used as a root for znodes used by the ClickHouse server

/clickhouse

Distributed DDL path

ZK-path to which ClickHouse posts DDL tasks. Otherwise, make sure there are no intersections in the configuration with other clusters

/clickhouse/task_queue/ddl

Operation timeout ms

Timeout for a single client operation (in milliseconds)

10000

Session timeout ms

Timeout for a client session (in milliseconds)

30000

Snapshot distance

Specifies how often ClickHouse Keeper will create new snapshots (in the number of records in logs)

100000

Raft logs level

Coordination logging level (trace, debug, and so on)

error

Rotate log storage interval

Number of log records to store in a single file

10000

Port

Port where a server listens for RAFT connections

9444

Log level

Logging level (trace, debug, information, warning, or error)

Trace

Log path

Path to the directory containing log files

/var/log/clickhouse-keeper/

Log file size

Log file size (in MB). Once a file reaches the specified size, ADQM archives and renames it, and creates a new log file in its place

1000

Log file count

Number of archived log files that ADQM stores

5

Clickhouse listen port

Port to listen for ClickHouse server metrics in the Prometheus format

9363

Clickhouse endpoint

Endpoint to retrieve ClickHouse server metrics

/metrics

Zookeeper listen port

Port to listen for Zookeeper service metrics in the Prometheus format

9020

Clickhouse Keeper listen port

Port to listen for Clickhousekeeper service metrics in the Prometheus format

9010

Clickhouse Keeper endpoint

Endpoint to retrieve metrics of the Clickhousekeeper service

/metrics

listen_address

Address to access the Prometheus web interface

0.0.0.0:9092

scrape_interval

Specifies how frequently to scrape targets

1m

scrape_timeout

Specifies how long to wait until a scrape request times out

10s

grafana_password

Password of a Grafana user (admprom_grafana) to connect to Prometheus

 — 

Prometheus users to login/logout to Prometheus

User credentials for logging into the Prometheus web interface

 — 

Grafana administrator’s password

Password of a Grafana administrator user

 — 

Grafana listen port

Port to access the Grafana web interface

3000

listen_address

Address to access Pushgateway Web API

0.0.0.0:9091

Listen port

Port to listen for a host’s system metrics in the Prometheus format

9100

Metrics endpoint

Endpoint to retrieve system metrics

/metrics