Commit Graph

297 Commits

Author SHA1 Message Date
Vitaly Baranov
3356d75b23
Merge pull request #13156 from azat/cluster-secure
Secure inter-cluster query execution (with initial_user as current query user) [v3]
2020-09-17 17:11:00 +03:00
Alexey Milovidov
068e8576b7 Corrections 2020-09-17 15:53:52 +03:00
Alexey Milovidov
8bce20076c Only mlock code segment 2020-09-17 15:39:37 +03:00
Alexander Kuzmenkov
a374541214 straighten the protocol version 2020-09-17 15:15:05 +03:00
Alexander Kuzmenkov
6217dd77b5 Merge remote-tracking branch 'origin/master' into tmp 2020-09-17 12:35:10 +03:00
sundy-li
544b2cb20d add configChanged method for zookeeper
fix logic error && skip reload testkeeper
2020-09-17 13:33:45 +08:00
alexey-milovidov
3d9ec963e9
Update query_masking_rules.xml 2020-09-15 15:49:16 +03:00
alexey-milovidov
018f596d21
Merge pull request #14685 from ClickHouse/remap-executable
Attempt to make performance test more reliable
2020-09-15 15:09:47 +03:00
Azat Khuzhin
0159c74f21 Secure inter-cluster query execution (with initial_user as current query user) [v3]
Add inter-server cluster secret, it is used for Distributed queries
inside cluster, you can configure in the configuration file:

  <remote_servers>
      <logs>
          <shard>
              <secret>foobar</secret> <!-- empty -- works as before -->
              ...
          </shard>
      </logs>
  </remote_servers>

And this will allow clickhouse to make sure that the query was not
faked, and was issued from the node that knows the secret. And since
trust appeared it can use initial_user for query execution, this will
apply correct *_for_user (since with inter-server secret enabled, the
query will be executed from the same user on the shards as on initator,
unlike "default" user w/o it).

v2: Change user to the initial_user for Distributed queries if secret match
v3: Add Protocol::Cluster package
v4: Drop Protocol::Cluster and use plain Protocol::Hello + user marker
v5: Do not use user from Hello for cluster-secure (superfluous)
2020-09-15 01:36:28 +03:00
Alexey Milovidov
7aa3f86ab9 Added config.d file for development 2020-09-14 22:44:20 +03:00
Alexey Milovidov
2ac88ab47d Added config option 2020-09-14 21:08:09 +03:00
Alexey Milovidov
0e73b8acf3 Merge branch 'master' into remap-executable 2020-09-14 20:26:16 +03:00
Vasily Nemkov
30b1831752 Moved default values for query_masking rules for encrypt/decrypt to config.xml 2020-09-14 18:15:07 +03:00
Denis Glazachev
c202364f01
Merge branch 'master' into ldap-any-user-authentication 2020-09-14 18:53:46 +04:00
Vitaly Baranov
421eeeccef Add the section user_directories to the default config. 2020-09-12 23:04:28 +03:00
Azat Khuzhin
dd867b787f Allow parallel execution of distributed DDL
Add distributed_ddl.pool_size to control maximum parallel to handle
distributed DDL.

Also:
- convert Exception constructors to fmt-like
- use sleepFor* over std::this_thread::sleep_for()
2020-09-12 02:32:08 +03:00
Alexey Milovidov
a644733139 Attempt to make performance test more reliable 2020-09-10 12:05:57 +03:00
Alexander Kuzmenkov
c62bf555d2 Merge origin/master into tmp (using imerge) 2020-09-08 16:26:38 +03:00
Alexander Kuzmenkov
d0a9926e7d fixes and some docs 2020-09-08 16:19:27 +03:00
Alexey Milovidov
e3924b8057 Fix "Arcadia" 2020-09-08 01:14:13 +03:00
Denis Glazachev
59e0c10aaf Merge branch 'master' into ldap-any-user-authentication 2020-09-03 19:36:19 +04:00
Yatsishin Ilya
45e54f81c7 better resolv.conf, add DNSCacheUpdater logs 2020-09-02 11:07:46 +03:00
Vasily Nemkov
b147ffcd43 encrypt, aes_encrypt_mysql, decrypt, aes_decrypt_mysql functions
Functions to encrypt/decrypt any input data with OpenSSL's ciphers
with custom key, iv, and add (-gcm mode only).

_mysql versions are 100% compatitable with corresponding MySQL functions

Supported modes depend on OpenSSL version, but generally are:
aes-{128,192,56}-{ecb,cbc,cfb1,cfb8,cfb128,ofb,gcm}

Please note that in a -gcm mode a 16-byte tag is appended to the ciphertext
on encryption and is expected to be found at the end of ciphertext on decryption.

Added tests that verify compatibility with MySQL functions,
and test vectors for GCM mode from OpenSSL.

Added masking rules for aes_X funtions
Rules are installed by default to config.d/query_masking_rules.xml
2020-09-01 12:42:15 +03:00
Denis Glazachev
9b4cd06051 Merge branch 'master' into ldap-any-user-authentication
* master: (414 commits)
  Add .reference
  Update 01460_mark_inclusion_search_crash.sql
  Fix bug in mark inclusion search.
  cosmetic fixes for performance report
  cosmetic fixes in performance report
  Add more docs about functional tests
  Add ability to specify Default codec for columns (#14049)
  better
  done
  Disable force TTL on optimise
  Update CMakeLists.txt
  Update custom parts of storage AST only if it has extended definition
  DOCSUP-712: Documented the ttl_only_drop_parts setting (#13823)
  Small fixes
  gix comment and useDefault*(), add tests for nullables
  Fix a build for old some OS with old find
  Update hdfs.md
  Fix 01085_max_distributed_connections flackiness
  Fix 00974_distributed_join_on flackiness (by allow retries and hide logs)
  Update adopters.md
  ...
2020-08-30 11:56:38 +04:00
Amos Bird
05a5a13e08
specific ReplicatedMergeTree settings 2020-08-27 22:37:41 +08:00
alexey-milovidov
0f706c01ca
Merge pull request #13888 from vladimir-golovchenko/add-date-trunc-function
Added date_trunc function
2020-08-27 02:12:27 +03:00
vladimir golovchenko
f3cfd39003 Fixed .gitignore to exclude tests-generated data. 2020-08-25 16:41:23 -07:00
Alexander Kuzmenkov
05ad9b9fff opentelemetry wip 2020-08-20 23:59:58 +03:00
Denis Glazachev
ec52a165af Style fixes 2020-08-20 12:46:42 +04:00
Denis Glazachev
bdfea652c1 Change user_template to roles
Change top_enclosing_storage to access_control_manager
Simplify the lookup in peer storages
2020-08-20 11:39:27 +04:00
Denis Glazachev
58f73ff041 Merge branch 'master' into ldap-any-user-authentication
* master: (30 commits)
  Documentation improve:  Translate [select] section into Chinese to improve readability (#13814)
  Update adopters.md
  partially disable test with MaterializeMySQL
  one more unroll for arerage.cpp
  Update adopters.md
  Update adopters.md
  Update adopters.md
  Update adopters.md
  fix #13819
  DOCSUP-1888: Documented the input_format_avro_allow_missing_fields setting (#13671)
  Fix "Arcadia" and "Unbundled" builds
  DOCSUP-928: Documented the groupArraySample function (#13791)
  Documentation about ReplacingMergeTree extended with type DateTime64 for column (#13498)
  doc: update quotas.md (#13400)
  Fix 01356_initialize_aggregation in unbundled build (change topKWeighted order)
  Fix style
  Add normalizedQueryHash function with tests
  Fix topK/topKWeighted merge (wtih non-default parameters)
  Add test
  Add function "normalizeQuery"
  ...

# Conflicts:
#	programs/server/Server.cpp
#	src/Access/AccessControlManager.cpp
#	src/Access/AccessControlManager.h
2020-08-18 14:54:02 +04:00
Denis Glazachev
fbbaf645b9 Merge branch 'master' into ldap-any-user-authentication
* master: (70 commits)
  Fix terrible markup due to wrong @blinkov's script.
  Update extended-roadmap.md
  Update extended-roadmap.md
  Fix bug on the website
  Suppress Shellcheck
  Fix typos
  Fix typos
  Install codespell
  Fix typo
  Update gtest_thread_pool_schedule_exception.cpp
  Fix flaky unit test
  Fix set index with const column pred
  Updating healthcheck parameters.
  Fix step overflow in range()
  * Moving to standard healthcheck parameters. * Adding docker-compose pull and docker-compose down before executing docker-compose up. * Adding docker-compose ps if any of the containers are unhealthy.
  Fix topK test
  Adding missing certificates and dhparam.pem for openldap4.
  Keep "metadata_loading" test only for release build
  Fix error in test
  Fix typo
  ...
2020-08-17 18:08:24 +04:00
Vitaly Baranov
0759dff12b Support <user_directories> section in the main config. 2020-08-16 19:15:38 +03:00
Vitaly Baranov
2909ed1bc0 Better initialization of access storages. Make list of access storages dynamic. 2020-08-16 19:15:34 +03:00
Alexey Milovidov
e43746395e Merge branch 'master' into codespell-2 2020-08-16 14:57:21 +03:00
Denis Glazachev
7375dc5d66 Merge branch 'master' into ldap-any-user-authentication
* master: (956 commits)
  Remove ZooKeeper from unit tests
  Revert check location of Docker compose files @qoega.
  Update developer-instruction.md
  trigger the CI
  Update settings.md
  Update settings.md
  Fix
  fix sync 2
  Fix tests.
  Add docker for style check
  fix sync 1
  passwd and group location error
  Hotfix for pushdown with StorageMerge (#13679)
  Fix error with batch aggregation and -Array combinator
  Fix cassandra build on macos
  Update adopters.md
  Update adopters.md
  Fix build after merge
  Fix shared build
  log error message
  ...

# Conflicts:
#	tests/testflows/ldap/docker-compose/clickhouse-service.yml
2020-08-15 14:18:40 +04:00
Alexander Tokmakov
a6ff049eec use Atomic for system database 2020-08-12 23:40:13 +03:00
Alexey Milovidov
c7a6a18a75 Preparation to enable clickhouse install on Mac and FreeBSD 2020-08-10 02:58:09 +03:00
Alexey Milovidov
4129ad5bbf Merge branch 'embed-configs' into clickhouse-install 2020-08-09 05:17:12 +03:00
Alexey Milovidov
aa3b4bbfe0 Fix build 2020-08-09 05:16:55 +03:00
Alexey Milovidov
8d616444e4 Support for AArch64 2020-08-09 02:54:38 +03:00
Alexey Milovidov
182e2929f3 Merge branch 'master' into embed-configs 2020-08-09 02:41:44 +03:00
Alexey Milovidov
f459640269 Fix build 2020-08-09 02:41:34 +03:00
Alexey Milovidov
6c4df0f27a Better tool 2020-08-08 17:10:49 +03:00
Alexey Milovidov
0f79eb3cc5 Embed configs into binary 2020-08-08 06:42:42 +03:00
Alexey Milovidov
0cbbe153cd Fix typos, the last 1% 2020-08-08 04:21:04 +03:00
Vitaly Baranov
1a4a8a219c
Merge pull request #13305 from vitlibar/correct-error-message-if-setting-not-found-in-users_xml
Correct error message if setting not found in users.xml
2020-08-07 23:31:23 +03:00
alexey-milovidov
9cb0914bbd
Merge pull request #13447 from vladimir-golovchenko/fix-server-gitignore
Updated gitignore-files.
2020-08-07 05:01:33 +03:00
vladimir golovchenko
cb153d2605 Updated gitignore-files. 2020-08-06 18:05:32 -07:00
Vitaly Baranov
a804f9499d Use references while iterating through settings. 2020-08-04 04:00:38 +03:00
Vitaly Baranov
dadebadcac Print correct error message in log for unknown settings in users.xml 2020-08-04 00:20:33 +03:00
Alexey Milovidov
778abb346f Merge branch 'master' into merge-tree-settings-sanity-check 2020-08-02 17:13:17 +03:00
Vitaly Baranov
18b21511a9
Merge pull request #13013 from vitlibar/implement-custom-settings
Implement custom settings
2020-08-02 05:01:14 +03:00
Alexey Milovidov
53450b1b09 Merge branch 'master' into merge-tree-settings-sanity-check 2020-08-02 02:47:57 +03:00
Vitaly Baranov
7c4ae5ee65 Add the parameter custom_settings_prefixes to the server config. 2020-07-31 20:57:49 +03:00
Vitaly Baranov
56665a15f7 Rework and rename the template class SettingsCollection => BaseSettings. 2020-07-31 20:54:18 +03:00
Alexey Milovidov
c3ad710b84 Merge branch 'master' into crash-log 2020-07-31 16:12:53 +03:00
Alexey Milovidov
b9f49d31df Sanity checks for MergeTreeSettings 2020-07-30 22:08:13 +03:00
Denis Glazachev
479fa4c325 Improve LDAP-related comments 2020-07-27 14:24:56 +04:00
Denis Glazachev
90a064c7a6 Fix compilation 2020-07-24 19:39:18 +04:00
Denis Glazachev
3b3404c326 Style fix
Remove unused declarations
2020-07-23 22:10:57 +04:00
Denis Glazachev
5d6b5101fe Implement LDAPAccessStorage and integrate it into AccessControlManager
Rename ExternalAuthenticators::setConfig to setConfiguration
Revisit LDAP servers config section comments
Add user_directories config section with comments (only for ldap)
Fix bug in MemoryAccessStorage::insertImpl
2020-07-23 21:55:24 +04:00
Denis Glazachev
8688a1f5d0 Recreate ExternalAuthenticators (LDAP) on config update 2020-07-10 15:59:48 +04:00
Alexey Milovidov
31cbdd1a56 system.crash_log: development 2020-07-09 07:15:45 +03:00
alesapin
1aa45f203b
bump CI 2020-07-08 13:40:02 +03:00
Denis Glazachev
9effacfbc1 Merge branch 'master' into ldap-per-user-authentication
* master: (1102 commits)
  Update README.md
  Update README.md
  Update README.md
  Update index.md
  [docs] add intrdocution for statements page (#12189)
  Revert "Run perf tests with memory sampling (for allocations >1M)"
  Sanitize LINK_LIBRARIES property for the directories (#12160)
  [docs] refactor Domains overview (#12186)
  DOCS-647: toStartOfSecond (#12190)
  [docs] add intrdocution for commercial page (#12187)
  DOCSUP-1348 Russian translation for new functions (#133) (#12194)
  changelog fixes
  Update index.md (#12191)
  Update zh kafka.md title (#12192)
  Added test for #3767
  style fix for #12152
  Tests for fixed issues #10846 and #7347
  changelog fixes
  [docs] introduction for special table engines (#12170)
  [docs] introduction for third-party interfaces (#12175)
  ...

# Conflicts:
#	src/Access/ya.make
#	src/Common/ErrorCodes.cpp
2020-07-08 00:42:09 +04:00
Nikita Mikhaylov
5c6d6bdf54
Merge pull request #11995 from azat/load_balancing-priority
Load balancing manual priority
2020-07-06 13:32:20 +04:00
alexey-milovidov
f1151ed474
Merge pull request #12133 from ClickHouse/normalize-pid-file
Normalize "pid" file handling #3501
2020-07-04 21:36:27 +03:00
Alexey Milovidov
176a7f2f72 Normalize "pid" file handling #3501 2020-07-04 16:54:24 +03:00
alesapin
c57edd2018 Tiny fixes 2020-07-03 11:02:35 +03:00
alesapin
64583ceb22 Merge branch 'master' into add-storage-rabbitmq-read-only 2020-07-02 16:08:29 +03:00
Azat Khuzhin
ebff4eae7d Add replica priority for load_balancing
Make default 1, to match with <weight>
2020-06-29 23:03:28 +03:00
Azat Khuzhin
e547f6b6d7 Add <weight> example in <remote_servers> into dist config 2020-06-29 23:03:28 +03:00
Alexey Milovidov
44f2742a51 Fix bad log message at server startup 2020-06-27 15:56:06 +03:00
Alexander Kuzmenkov
d77f397b38 review fixes 2020-06-26 03:18:33 +03:00
alexey-milovidov
a34032cace
Merge pull request #11300 from blinkov/sentry
Opt-in support for sending crash reports
2020-06-25 17:20:50 +03:00
Alexander Kuzmenkov
593a0181bd
Merge pull request #11616 from ClickHouse/aku/perf-benchmark
Add concurrent benchmark to performance test
2020-06-25 09:36:52 +03:00
alesapin
3fc65b3269 Merge branch 'master' into kssenii-rabbit-mq 2020-06-24 20:14:28 +03:00
Alexander Kuzmenkov
f0fbba5522 allow implicit initialization 2020-06-23 20:31:46 +03:00
Denis Glazachev
d17d72b075 More generic DN in the example 2020-06-23 18:23:34 +04:00
Alexander Kuzmenkov
e0bdbe73d2 Merge remote-tracking branch 'origin/master' into HEAD 2020-06-23 15:31:09 +03:00
Alexander Kuzmenkov
ab809f59b9 memory usage settings 2020-06-23 15:30:45 +03:00
Alexander Kuzmenkov
96d2e9c997 Initialize GlobalThreadPool explicitly 2020-06-22 22:04:12 +03:00
Alexander Kuzmenkov
bd5ab9c686 Merge remote-tracking branch 'origin/master' into bnc/config-max-num-threads 2020-06-22 15:55:39 +03:00
Ivan Blinkov
2c0ff29c48 Merge branch 'master' of github.com:ClickHouse/ClickHouse into sentry 2020-06-22 10:06:36 +03:00
alexey-milovidov
4ee623ccac
Merge pull request #10242 from MovElb/movelb-postgresql-wire-protocol-impl
PostgreSQL wire protocol implementation
2020-06-21 14:39:22 +03:00
Denis Glazachev
5db60202b6 Merge branch 'master' into ldap-per-user-authentication 2020-06-19 00:11:08 +04:00
Ivan Blinkov
8b50e3450b move the default endpoint to config 2020-06-16 23:01:15 +03:00
Denis Glazachev
6338225c50 Fix tls_cipher_suite example 2020-06-16 17:49:18 +04:00
Ivan Blinkov
7e2bb1fd83 Merge branch 'master' of github.com:ClickHouse/ClickHouse into sentry 2020-06-16 16:02:55 +03:00
Ivan Blinkov
0e77692a27 improvements after review comments 2020-06-16 15:56:28 +03:00
Bharat Nallan
c43bd228ab make max global thread pool setting configurable
This PR adds a server level config for overriding the default max number
of threads in global thread pool that is currently allowed (10,000).

This might be useful in scenarios where there are a large number of
distributed queries that are executing concurrently and where the
default number of max threads might not be necessarily be sufficient.
2020-06-15 22:04:30 -07:00
Alexey Milovidov
bb6c0743fc Change the level of log message about failure to listen, to warning #4406 2020-06-15 23:30:36 +03:00
Alexey Milovidov
a421e7e4b4 Added a test 2020-06-14 00:13:52 +03:00
Denis Glazachev
276fcd8903 Add/rename parameters that control TLS 2020-06-12 21:59:47 +04:00
Ivan Blinkov
e98a91e9f7 Merge branch 'master' of github.com:ClickHouse/ClickHouse into sentry 2020-06-12 16:53:00 +03:00
Alexander Kuzmenkov
e354bbc78c
Merge pull request #11588 from ClickHouse/aku/async-log
Add system.asynchronous_metric_log
2020-06-11 16:10:35 +03:00
Ivan Blinkov
b70ed921ea Merge branch 'master' of github.com:ClickHouse/ClickHouse into sentry 2020-06-11 12:22:13 +03:00
kssenii
18820814f5 Merge 2020-06-10 23:25:33 +00:00
Denis Glazachev
9e3a28a6b8 Merge branch 'master' into ldap-per-user-authentication
* master: (414 commits)
  Update file.md
  Update merge.md
  Update dictionary.md
  Update external-data.md
  Update distributed.md
  Update null.md
  Update set.md
  Update join.md
  Update url.md
  Update view.md
  Update materializedview.md
  Update memory.md
  Update buffer.md
  Update generate.md
  removed a sentence about global lock during rename (#11577)
  greatCircleAngle en translation (#11584)
  Update configuration-files.md
  try fix flacky test
  Update why.html
  Update rich.html
  ...

# Conflicts:
#	src/Common/ErrorCodes.cpp
#	utils/ci/jobs/quick-build/run.sh
2020-06-11 03:06:17 +04:00