Configuration parameters
This article describes the parameters that can be configured for ADQM services via ADCM. To read about the configuring process, refer to the relevant article: Online installation or Offline installation.
NOTE
Some of the parameters become visible in the ADCM UI after the Show advanced flag being set.
|
ADQMDB
NOTE
|
Parameter | Description | Default value |
---|---|---|
Enable https |
Enables a port for connection to ADQM via HTTPS |
Enabled |
HTTPS port |
Port for connections via HTTPS |
8443 |
Enable tcp secure |
Enables a TCP port for SSL-encrypted connection |
Enabled |
TCP secure port |
TCP port for SSL-encrypted connections |
9440 |
Disable protocols |
Protocols that are not allowed to be used |
— |
Certificate file |
Path to the server SSL certificate file in the PEM format |
/etc/clickhouse-server/server.crt |
Private key file |
Path to the file with the private key of the server SSL certificate |
/etc/clickhouse-server/server.key |
Certificate authority file |
Path to the CA certificate file |
/etc/clickhouse-server/ca.crt |
Client certificate verification mode |
Method of checking user SSL certificates signed by the CA certificate (the path to the CA certificate file should be specified in Certificate authority file). Possible values: |
Disabled |
NOTE
To access the configuration parameters, activate the Enable gRPC option. |
Parameter | Description | Default value |
---|---|---|
gRPC port |
Port for client connections via gRPC |
9100 |
Enable SSL |
Enables SSL for secure communication with clients via gRPC |
Disabled |
SSL certificate file |
Path to the file with the SSL certificate (in the PEM format) for connections via gRPC. Used only if SSL is enabled |
/etc/clickhouse-server/grpc_ssl_cert_file.crt |
SSL private key file |
Path to the file with the secret key of the SSL certificate for connections via gRPC. Used only if SSL is enabled |
/etc/clickhouse-server/grpc_ssl_key_file.key |
Client auth required |
Indicates whether the server should request a client for a certificate. If enabled, Certificate authority file should be specified |
Disabled |
Certificate authority file |
Path to the file with the trusted CA certificate (in the PEM format) used to verify client certificates. Used only if Client auth required is enabled |
— |
Compression algorithm |
Compression algorithm needed to minimize traffic. Possible values: |
deflate |
Compression level |
Level of traffic compression. Possible values: |
medium |
Send message size limits |
Size limit for sent messages (in bytes). If |
-1 |
Receive message size limits |
Size limit for received messages (in bytes). If |
-1 |
Verbose logs |
Specifies whether detailed logs are saved |
Disabled |
NOTE
|
Parameter | Description | Default value |
---|---|---|
name |
Name of the LDAP server connection configuration |
default |
ldap_hostname |
LDAP server hostname or IP |
localhost |
ldap_port |
LDAP server port. Default is |
636 |
bind_dn |
Template used to construct the DN to bind to. The resulting DN will be constructed by replacing all |
uid={user_name},ou=users,dc=example,dc=com |
base_dn |
The distinguished name (DN) of the directory object from which to search for entries. Example: |
— |
search_filter |
Template used to construct the user search filter for the LDAP search. The resulting filter will be created by replacing all |
— |
enable_tls |
Flag to trigger the use of secure connection to the LDAP server. The following values are available:
|
no |
tls_minimum_protocol_version |
Minimum version of the SSL/TLS protocol. Accepted values are: |
— |
tls_require_cert |
SSL/TLS peer certificate verification behavior. Accepted values are: |
— |
tls_cert_file |
Path to the certificate file |
— |
tls_key_file |
Path to the certificate key file |
— |
tls_ca_cert_file |
Path to the CA certificate file |
— |
tls_ca_cert_dir |
Path to the directory containing CA certificates |
— |
tls_cipher_suite |
Allowed cipher suite |
— |
rbac_enable |
Activates role-based access control |
Disabled |
rbac_default_role |
Default role for all authenticated users |
default |
rbac_base_dn |
Base path to start search for groups with a user |
ou=Groups,dc=ad,dc=local |
rbac_scope |
Scope of the LDAP search. Possible values: |
— |
rbac_search_filter |
LDAP search filter to identify groups to select for mapping users. The resulting filter will be constructed by replacing all |
(&(objectClass=groupOfNames)(member={bind_dn})) |
rbac_attribute |
Attribute to look for in LDAP tree |
cn |
rbac_role_prefix |
Attribute value prefix to look for in LDAP tree |
— |
NOTE
To access the configuration parameters, activate the Kafka engine option. |
Parameter | Description | Default value |
---|---|---|
Kafka Properties |
In this field, specify parameters of the Kafka table engine. For example: |
— |
Parameter | Description | Default value |
---|---|---|
System |
Coordination system for data replication and distributed DDL queries execution. Possible values: |
Zookeeper |
NOTE
To access the configuration parameters, activate the Clickhouse Keepe (integrated) option. |
Parameter | Description | Default value |
---|---|---|
Number of nodes in cluster |
Number of nodes in a cluster to be used for ClickHouse Keeper |
1 |
Enable IPv6 |
Allows you to disable IPv6 if your hosts do not support this protocol |
Enabled |
TCP port |
Port for a client to connect |
2129 |
Log storage path |
Path to coordination logs |
/var/lib/clickhouse-keeper/coordination/log |
Snapshot storage path |
Path to coordination snapshots |
/var/lib/clickhouse-keeper/coordination/snapshots |
Operation timeout ms |
Timeout for a single client operation (in milliseconds) |
10000 |
Session timeout ms |
Timeout for a client session (in milliseconds) |
30000 |
Snapshot distance |
Specifies how often ClickHouse Keeper will create new snapshots (in the number of records in logs) |
100000 |
Raft logs level |
Coordination logging level ( |
error |
Rotate log storage interval |
Number of log records to store in a single file |
10000 |
Port |
Port where a server listens for RAFT connections |
9444 |
root_path |
Znode that is used as the root for znodes used by the ClickHouse server |
/clickhouse |
Distributed DDL path |
In this ZK-path ClickHouse posts DDL tasks. Otherwise, make sure there are no intersections in the configuration with other clusters |
/clickhouse/task_queue/ddl |
Parameter | Description | Default value |
---|---|---|
root_path |
Znode that is used as the root for znodes used by the ClickHouse server |
/clickhouse |
Distributed DDL zookeeper path |
In this ZK-path ClickHouse posts DDL tasks. If this CH-cluster is the only one who uses ZooKeeper — don’t wory about this setting. Otherwise, make sure there are no intersections in the configuration with other clusters |
/clickhouse/task_queue/ddl |
NOTE
To access the configuration parameters, activate External zookeeper. |
Parameter | Description | Default value |
---|---|---|
zk_hosts |
Comma-separated locations of all servers in the ensemble, the ports on which they communicate. For example, |
— |
Parameter | Description | Default value |
---|---|---|
Max connections |
Maximum number of incoming connections |
4096 |
Max concurrent queries |
Maximum number of simultaneously processed requests |
100 |
Max concurrent threads |
Maximum number of query processing threads allowed to run all queries (excluding threads for retrieving data from remote servers). If the limit is reached, at least one thread will still be allocated to execute a query. If the parameter value is |
0 |
Max server memory usage |
Limits total RAM usage by the ClickHouse server (in bytes). If the parameter value is |
0 |
Max thread pool size |
Limits the number of threads in the Global Thread pool that ClickHouse uses to process queries (if there are no idle threads to process a query, then a new thread is created in the pool) |
10000 |
Parameter | Description | Default value |
---|---|---|
Enable http |
Enables a port for HTTP connection |
Enabled |
ClickHouse http port |
Port for client or proxy connections |
8123 |
Enable tcp |
Enables a port for connections via the Native protocol (ClickHouse TCP protocol) |
Enabled |
ClickHouse tcp port |
Port for TCP connections |
9000 |
Listen host |
Restriction on hosts that requests can come from. Consider possible absence of IPv6 on a target host and use e.g. |
:: |
Parameter | Description | Default value |
---|---|---|
Data path |
Path to the directory containing data |
/var/lib/clickhouse/ |
Log path |
Path to the directory containing log files |
/var/log/clickhouse-server/ |
Temp path |
Path to temporary data for processing large queries |
/var/lib/clickhouse/tmp/ |
User files path |
Directory with user files. Used in the |
/var/lib/clickhouse/user_files/ |
Access control path |
Path to a folder where a ClickHouse server stores user and role configurations created by SQL commands |
/var/lib/clickhouse/access/ |
NOTE
Specifics of using cluster configuration parameters are described in the Configure logical clusters in the ADCM interface article. |
Parameter | Description | Default value |
---|---|---|
Replication factor |
The number of shards multiplied by |
Cluster Configuration |
Allows you to add cluster configuration parameters |
— |
Default cluster topology |
NOTE
To access the configuration parameters, activate Intra-cluster communication security. |
Parameter | Description | Default value |
---|---|---|
Enable secure intra-cluster communication |
Specifies whether secure protocols only (HTTPS, TCP) are used for data exchange between ClickHouse servers. If you activate this option, enable SSL and turn on Enable TCP secure |
Disabled |
Interserver protocol’s port |
Port for exchanging data between ClickHouse servers over the interserver protocol |
9009 |
Interserver http name |
Username for authenthication between replicas |
— |
Interserver http password |
Password for authenthication between replicas |
— |
Shard secret |
Cluster secret to validate distributed queries on shards |
— |
Parameter | Description | Default value |
---|---|---|
security |
Used Kerberos module |
— |
keytab |
Path to the keytab file |
— |
reinit_frequency |
Kerberos reinitialization frequency |
3600 |
principal |
Principal — unique name for a client that is allowed to authenticate with Kerberos |
— |
NOTE
The Logging article provides general information about logs that ADQM maintains and writes to files or system tables. |
Parameter | Description | Default value |
---|---|---|
Logging level |
Verbosity level of messages written to a log file. Possible values: |
trace |
Log file size, MB |
Log file size (in MB). Once a file reaches the specified size, ADQM archives and renames it, and creates a new log file in its place |
1000 |
Log files count |
Number of archived log files that ADQM stores |
10 |
Database |
Name of the system database the queries will be logged in |
system |
Flush interval, milliseconds |
Interval for flushing data from the buffer in memory to a table |
7500 |
TTL, days |
Lifetime of logs (in days) |
30 |
query_log |
Information about executed queries (for example, query start time, duration of query processing, error messages). This is a commonly used log and it is turned on if the checkbox is selected. To disable it, set |
Disabled |
trace_log |
Stack traces collected by the sampling query profiler. Useful for deep performance analysis. The log is turned on if the checkbox is selected |
Disabled |
query_views_log |
Information about dependent views executed when running queries (for example, view type, duration of view execution). This is an advanced log and it is turned off by default (even if the checkbox is selected). To enable it, set |
Disabled |
query_thread_log |
Information about threads that execute queries (for example, thread name, thread start time, duration of query processing). This is an advanced log and it is turned off by default (even if the checkbox is selected). To enable it, set |
Disabled |
part_log |
Information about events related to data parts of MergeTree tables (for example, adding or merging data). This is an advanced log. It is turned on if the checkbox is selected and it is not controlled at the session level |
Disabled |
crash_log |
Information about stack traces for fatal errors. This is an advanced log. It is turned on if the checkbox is selected and it is not controlled at the session level |
Disabled |
metric_log |
Indicates whether the history of metric values from the |
Disabled |
asynchronous_metric_log |
Indicates whether the history of metric values from the |
Disabled |
asynchronous_insert_log |
Information about asynchronous inserts, including results of queries in fire-and-forget mode |
Disabled |
Parameter | Description | Default value |
---|---|---|
default_profile_settings |
Allows you to add default profile settings |
max_memory_usage : 10000000000 use_uncompressed_cache : 0 |
Access Management |
SQL-driven access control and account management for a default user |
Enabled |
Default user password |
Password for a default user |
— |
Default user IP |
User can connect to ClickHouse server only from the specified IP address or a subnetwork. Examples: |
— |
Default user host |
User host can be specified as FQDN. For example, |
— |
Default user host_regexp |
You can use pcre regular expressions when specifying user hosts. For example, |
— |
Parameter | Description | Default value |
---|---|---|
Allow plaintext password |
Allows or forbids using plaintext passwords for user profiles |
Enabled |
Allow NO_password |
Allows or forbids creating users with no passwords |
Enabled |
Allow Implicit_NO_password |
In combination with Allow NO_password, forbids creating a user with no password unless IDENTIFIED WITH no_password is explicitly specified |
Enabled |
Length of password |
Minimum length of a password. Default is |
0 |
Include Upper-case |
Indicates whether a password should contain at least one uppercase character |
Disabled |
Include Lower-case |
Indicates whether a password should contain at least one lowercase character |
Disabled |
Include Number |
Indicates whether a password should contain at least one numeric character |
Disabled |
Include special symbols |
Indicates whether a password should contain at least one special character |
Disabled |
Parameter | Description | Default value |
---|---|---|
Advanced parameters (name/value) |
Configuration parameters for ClickHouse’s advanced.xml file |
— |
NOTE
|
Parameter | Description | Default value |
---|---|---|
Disks |
List of disks in the local file system that can be used for storing table data |
— |
Recursively create directories |
Specifies whether directories for local disks should be automatically created if they do not exist |
Enabled |
NOTE
|
Parameter | Description | Default value |
---|---|---|
S3 disks |
List of external S3 disks that can be used for storing table data |
— |
NOTE
|
Parameter | Description | Default value |
---|---|---|
Encrypted disks |
List of encrypted disks to be created over disks of other types (local, S3, cache) |
— |
Recursively create directories |
Specifies whether directories for encrypted disks should be automatically created if they do not exist |
Enabled |
NOTE
|
Parameter | Description | Default value |
---|---|---|
Cache disks |
List of cache disks to be created over external disks that store data |
— |
Recursively create directories |
Specifies whether directories for cache disks should be automatically created if they do not exist |
Enabled |
NOTE
For detailed information on configuring storage policies for ADQM tables, see the Configure data storages article. |
Parameter | Description | Default value |
---|---|---|
Policies |
List of storage policies that can be assigned to tables |
— |
NOTE
|
Parameter | Description | Default value |
---|---|---|
Minimum part size |
Minimum size of a data part (in bytes) |
10000000000 |
Minimum part size ratio |
Ratio of the minimum size of a data part to the table size |
0.01 |
Method |
Compression method. Possible values: |
LZ4 |
Level |
Compression level. Possible values:
|
9 |
NOTE
For detailed information on ADQM integration with external data sources via the JDBC interface, see the JDBC Bridge article. |
Parameter | Description | Default value |
---|---|---|
jdbc bridge log path |
Path to the directory containing log files |
/var/log/clickhouse-jdbc-bridge/ |
datasource.json |
Data source for the JDBC Bridge |
|
server.json |
Server configuration for the JDBC Bridge |
"{\n \"requestTimeout\": 5000,\n \"queryTimeout\": 60000,\n \"configScanPeriod\": 5000,\n \"repositories\": [\n {\n \"entity\": \"ru.yandex.clickhouse.jdbcbridge.core.NamedDataSource\",\n \"repository\": \"ru.yandex.clickhouse.jdbcbridge.impl.JsonFileRepository\"\n },\n {\n \"entity\": \"ru.yandex.clickhouse.jdbcbridge.core.NamedSchema\",\n \"repository\": \"ru.yandex.clickhouse.jdbcbridge.impl.JsonFileRepository\"\n },\n {\n \"entity\": \"ru.yandex.clickhouse.jdbcbridge.core.NamedQuery\",\n \"repository\": \"ru.yandex.clickhouse.jdbcbridge.impl.JsonFileRepository\"\n }\n ],\n \"extensions\": [\n {\n \"class\": \"ru.yandex.clickhouse.jdbcbridge.impl.JdbcDataSource\"\n },\n {\n \"class\": \"ru.yandex.clickhouse.jdbcbridge.impl.ConfigDataSource\"\n },\n {\n \"class\": \"ru.yandex.clickhouse.jdbcbridge.impl.ScriptDataSource\"\n }\n ]\n}\n" |
Parameter | Description | Default value |
---|---|---|
AES-128 GCM-SIV key |
Key for the AES-128 encryption algorithm as a 32-character hex-encoded string. For example, |
— |
AES-128 GCM-SIV nonce |
Nonce for the AES-128 encryption algorithm as a 24-character hex-encoded string. For example, |
— |
AES-256 GCM-SIV key |
Key for the AES-256 encryption algorithm as a 64-character hex-encoded string. For example, |
— |
AES-256 GCM-SIV nonce |
Nonce for the AES-256 encryption algorithm as a 24-character hex-encoded string. For example, |
— |
Parameter | Description | Default value |
---|---|---|
Time zone |
Time zone used for conversions between the String and DateTime formats (for example, when values from DateTime fields are output to text format, or when strings are converted to DateTime values). If the parameter value is |
System |
Default database |
Default database |
default |
Default profile |
Default settings profile. Settings profiles are located in the file specified in the |
default |
Auto Core Dump Service |
Indicates whether an automatic core dump is enabled. To enable or disable an automatic core dump, use the corresponding action of the ADQMDB service |
Disabled |
Chproxy
Parameter | Description | Default value |
---|---|---|
Enable HTTP |
Enables listening for HTTP requests |
Enabled |
HTTP listen port |
Port to listen for HTTP requests |
9090 |
HTTP allowed networks |
List of networks from which HTTP access is allowed. Each item may contain IP address or IP subnet mask. The |
— |
Enable HTTPS |
Enables listening for HTTPS requests |
Disabled |
HTTPS listen port |
Port to listen for HTTPS requests |
8543 |
HTTPS allowed networks |
List of networks from which HTTPS access is allowed. Each item may contain IP address or IP subnet mask. The |
— |
Certificate file |
Path to the server SSL certificate file in the PEM format |
/etc/chproxy/server.crt |
Private key file |
Path to the file with the private key of the server SSL certificate |
/etc/chproxy/server.key |
Parameter | Description | Default value |
---|---|---|
List of user names |
List of values used as prefixes in names of wildcarded users that look like |
— |
Parameter | Description | Default value |
---|---|---|
Interval |
Interval for checking all cluster nodes for availability |
5s |
Timeout |
Timeout of wait response from cluster nodes |
5s |
Zookeeper
Parameter | Description | Default value |
---|---|---|
connect |
ZooKeeper connection string used by other services or clusters. It is generated automatically |
— |
dataDir |
Location where ZooKeeper stores the in-memory database snapshots and, unless specified otherwise, the transaction log of updates to the database. It is specified as the |
/var/lib/zookeeper |
admin.serverPort |
AdminServer port. An embedded Jetty server that provides an HTTP interface to the four letter word commands |
58080 |
Parameter | Description | Default value |
---|---|---|
clientPort |
Port to listen for client connections, i.e. the port that clients attempt to connect to |
2181 |
tickTime |
Length of a single tick (in milliseconds) which is the basic time unit used by ZooKeeper to regulate heartbeats and timeouts |
2000 |
initLimit |
Amount of time (in ticks) to allow followers to connect and sync to a leader. Increase this value as needed, if the amount of data managed by ZooKeeper is large |
5 |
syncLimit |
Amount of time (in ticks) to allow followers to sync with ZooKeeper. If followers fall too far behind a leader, they will be dropped |
2 |
maxClientCnxns |
Limits the number of concurrent connections that a single client, identified by IP address, may make to a single member of the ZooKeeper ensemble |
0 |
autopurge.snapRetainCount |
Retains the specified number of the most recent snapshots and the corresponding transaction logs in dataDir and dataLogDir respectively, and deletes the rest. The minimum value is |
3 |
autopurge.purgeInterval |
Time interval (in hours) for which the purge task has to be triggered. Set a positive integer to enable the auto purging |
24 |
Add key,value |
In this field, you can define additional parameters that are not displayed in ADCM UI, but are allowed in the zoo.cfg configuration file |
— |
Parameter | Description | Default value |
---|---|---|
ZOO_LOG_DIR |
Directory to store the logs |
/var/log/zookeeper |
ZOOPIDFILE |
Directory to store the ZooKeeper process ID |
/var/run/zookeeper/zookeeper_server.pid |
SERVER_JVMFLAGS |
Sets different JVM parameters (for example, parameters related to garbage collection) |
-Xmx1024m |
JAVA |
Path to Java |
$JAVA_HOME/bin/java |
ZOO_LOG4J_PROP |
Sets the log4j logging level and which log appenders to turn on. If you turn on the |
INFO, CONSOLE, ROLLINGFILE |
Clickhousekeeper
Parameter | Description | Default value |
---|---|---|
Listen host |
Restriction on hosts from which requests can come. Consider possible absence of IPv6 on a target host and use |
:: |
Enable IPv6 |
Allows you to disable IPv6 if your hosts do not support this protocol |
Активен |
TCP port |
Port for a client to connect |
2129 |
Log storage path |
Path to coordination logs |
/var/lib/clickhouse-keeper/coordination/log |
Snapshot storage path |
Path to coordination snapshots |
/var/lib/clickhouse-keeper/coordination/snapshots |
root_path |
Znode that is used as a root for znodes used by the ClickHouse server |
/clickhouse |
Distributed DDL path |
ZK-path to which ClickHouse posts DDL tasks. Otherwise, make sure there are no intersections in the configuration with other clusters |
/clickhouse/task_queue/ddl |
Parameter | Description | Default value |
---|---|---|
Operation timeout ms |
Timeout for a single client operation (in milliseconds) |
10000 |
Session timeout ms |
Timeout for a client session (in milliseconds) |
30000 |
Snapshot distance |
Specifies how often ClickHouse Keeper will create new snapshots (in the number of records in logs) |
100000 |
Raft logs level |
Coordination logging level ( |
error |
Rotate log storage interval |
Number of log records to store in a single file |
10000 |
Parameter | Description | Default value |
---|---|---|
Port |
Port where a server listens for RAFT connections |
9444 |
Parameter | Description | Default value |
---|---|---|
Log level |
Logging level ( |
Trace |
Log path |
Path to the directory containing log files |
/var/log/clickhouse-keeper/ |
Log file size |
Log file size (in MB). Once a file reaches the specified size, ADQM archives and renames it, and creates a new log file in its place |
1000 |
Log file count |
Number of archived log files that ADQM stores |
5 |
Monitoring
Parameter | Description | Default value |
---|---|---|
Clickhouse listen port |
Port to listen for ClickHouse server metrics in the Prometheus format |
9363 |
Clickhouse endpoint |
Endpoint to retrieve ClickHouse server metrics |
/metrics |
Zookeeper listen port |
Port to listen for Zookeeper service metrics in the Prometheus format |
9020 |
Clickhouse Keeper listen port |
Port to listen for Clickhousekeeper service metrics in the Prometheus format |
9010 |
Clickhouse Keeper endpoint |
Endpoint to retrieve metrics of the Clickhousekeeper service |
/metrics |
Parameter | Description | Default value |
---|---|---|
listen_address |
Address to access the Prometheus web interface |
0.0.0.0:9092 |
scrape_interval |
Specifies how frequently to scrape targets |
1m |
scrape_timeout |
Specifies how long to wait until a scrape request times out |
10s |
retention_time |
Specifies how long to retain samples in the storage. Supported units: |
15d |
grafana_password |
Password of a Grafana user ( |
— |
Prometheus users to login/logout to Prometheus |
User credentials for logging into the Prometheus web interface |
— |
Parameter | Description | Default value |
---|---|---|
Grafana administrator’s password |
Password of a Grafana administrator user |
— |
Grafana listen port |
Port to access the Grafana web interface |
3000 |
Parameter | Description | Default value |
---|---|---|
listen_address |
Address to access Pushgateway Web API |
0.0.0.0:9091 |
Parameter | Description | Default value |
---|---|---|
Listen port |
Port to listen for a host’s system metrics in the Prometheus format |
9100 |
Metrics endpoint |
Endpoint to retrieve system metrics |
/metrics |