Add inter-server cluster secret, it is used for Distributed queries
inside cluster, you can configure in the configuration file:
<remote_servers>
<logs>
<shard>
<secret>foobar</secret> <!-- empty -- works as before -->
...
</shard>
</logs>
</remote_servers>
And this will allow clickhouse to make sure that the query was not
faked, and was issued from the node that knows the secret. And since
trust appeared it can use initial_user for query execution, this will
apply correct *_for_user (since with inter-server secret enabled, the
query will be executed from the same user on the shards as on initator,
unlike "default" user w/o it).
v2: Change user to the initial_user for Distributed queries if secret match
v3: Add Protocol::Cluster package
v4: Drop Protocol::Cluster and use plain Protocol::Hello + user marker
v5: Do not use user from Hello for cluster-secure (superfluous)
Add distributed_ddl.pool_size to control maximum parallel to handle
distributed DDL.
Also:
- convert Exception constructors to fmt-like
- use sleepFor* over std::this_thread::sleep_for()
Functions to encrypt/decrypt any input data with OpenSSL's ciphers
with custom key, iv, and add (-gcm mode only).
_mysql versions are 100% compatitable with corresponding MySQL functions
Supported modes depend on OpenSSL version, but generally are:
aes-{128,192,56}-{ecb,cbc,cfb1,cfb8,cfb128,ofb,gcm}
Please note that in a -gcm mode a 16-byte tag is appended to the ciphertext
on encryption and is expected to be found at the end of ciphertext on decryption.
Added tests that verify compatibility with MySQL functions,
and test vectors for GCM mode from OpenSSL.
Added masking rules for aes_X funtions
Rules are installed by default to config.d/query_masking_rules.xml
* master: (414 commits)
Add .reference
Update 01460_mark_inclusion_search_crash.sql
Fix bug in mark inclusion search.
cosmetic fixes for performance report
cosmetic fixes in performance report
Add more docs about functional tests
Add ability to specify Default codec for columns (#14049)
better
done
Disable force TTL on optimise
Update CMakeLists.txt
Update custom parts of storage AST only if it has extended definition
DOCSUP-712: Documented the ttl_only_drop_parts setting (#13823)
Small fixes
gix comment and useDefault*(), add tests for nullables
Fix a build for old some OS with old find
Update hdfs.md
Fix 01085_max_distributed_connections flackiness
Fix 00974_distributed_join_on flackiness (by allow retries and hide logs)
Update adopters.md
...
* master: (30 commits)
Documentation improve: Translate [select] section into Chinese to improve readability (#13814)
Update adopters.md
partially disable test with MaterializeMySQL
one more unroll for arerage.cpp
Update adopters.md
Update adopters.md
Update adopters.md
Update adopters.md
fix#13819
DOCSUP-1888: Documented the input_format_avro_allow_missing_fields setting (#13671)
Fix "Arcadia" and "Unbundled" builds
DOCSUP-928: Documented the groupArraySample function (#13791)
Documentation about ReplacingMergeTree extended with type DateTime64 for column (#13498)
doc: update quotas.md (#13400)
Fix 01356_initialize_aggregation in unbundled build (change topKWeighted order)
Fix style
Add normalizedQueryHash function with tests
Fix topK/topKWeighted merge (wtih non-default parameters)
Add test
Add function "normalizeQuery"
...
# Conflicts:
# programs/server/Server.cpp
# src/Access/AccessControlManager.cpp
# src/Access/AccessControlManager.h
* master: (70 commits)
Fix terrible markup due to wrong @blinkov's script.
Update extended-roadmap.md
Update extended-roadmap.md
Fix bug on the website
Suppress Shellcheck
Fix typos
Fix typos
Install codespell
Fix typo
Update gtest_thread_pool_schedule_exception.cpp
Fix flaky unit test
Fix set index with const column pred
Updating healthcheck parameters.
Fix step overflow in range()
* Moving to standard healthcheck parameters. * Adding docker-compose pull and docker-compose down before executing docker-compose up. * Adding docker-compose ps if any of the containers are unhealthy.
Fix topK test
Adding missing certificates and dhparam.pem for openldap4.
Keep "metadata_loading" test only for release build
Fix error in test
Fix typo
...
This PR adds a server level config for overriding the default max number
of threads in global thread pool that is currently allowed (10,000).
This might be useful in scenarios where there are a large number of
distributed queries that are executing concurrently and where the
default number of max threads might not be necessarily be sufficient.
