mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-15 10:52:30 +00:00
113 lines
5.3 KiB
Plaintext
113 lines
5.3 KiB
Plaintext
# Profiles of settings.
|
|
profiles:
|
|
# Default settings.
|
|
default:
|
|
# Maximum memory usage for processing single query, in bytes.
|
|
max_memory_usage: 10000000000
|
|
|
|
# How to choose between replicas during distributed query processing.
|
|
# random - choose random replica from set of replicas with minimum number of errors
|
|
# nearest_hostname - from set of replicas with minimum number of errors, choose replica
|
|
# with minimum number of different symbols between replica's hostname and local hostname (Hamming distance).
|
|
# hostname_levenshtein_distance - just the same with nearest_hostname but calculate the difference by Levenshtein distance.
|
|
# in_order - first live replica is chosen in specified order.
|
|
# first_or_random - if first replica one has higher number of errors, pick a random one from replicas with minimum number of errors.
|
|
load_balancing: random
|
|
|
|
# Profile that allows only read queries.
|
|
readonly:
|
|
readonly: 1
|
|
|
|
# Users and ACL.
|
|
users:
|
|
# If user name was not specified, 'default' user is used.
|
|
default:
|
|
# Password could be specified in plaintext or in SHA256 (in hex format).
|
|
#
|
|
# If you want to specify password in plaintext (not recommended), place it in 'password' element.
|
|
# Example: password: qwerty
|
|
# Password could be empty.
|
|
#
|
|
# If you want to specify SHA256, place it in 'password_sha256_hex' element.
|
|
# Example: password_sha256_hex: 65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5
|
|
# Restrictions of SHA256: impossibility to connect to ClickHouse using MySQL JS client (as of July 2019).
|
|
#
|
|
# If you want to specify double SHA1, place it in 'password_double_sha1_hex' element.
|
|
# Example: password_double_sha1_hex: e395796d6546b1b65db9d665cd43f0e858dd4303
|
|
#
|
|
# If you want to specify a previously defined LDAP server (see 'ldap_servers' in the main config) for authentication,
|
|
# place its name in 'server' element inside 'ldap' element.
|
|
# Example: ldap:
|
|
# server: my_ldap_server
|
|
#
|
|
# If you want to authenticate the user via Kerberos (assuming Kerberos is enabled, see 'kerberos' in the main config),
|
|
# place 'kerberos' element instead of 'password' (and similar) elements.
|
|
# The name part of the canonical principal name of the initiator must match the user name for authentication to succeed.
|
|
# You can also place 'realm' element inside 'kerberos' element to further restrict authentication to only those requests
|
|
# whose initiator's realm matches it.
|
|
# Example: kerberos: ''
|
|
# Example: kerberos:
|
|
# realm: EXAMPLE.COM
|
|
#
|
|
# How to generate decent password:
|
|
# Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'
|
|
# In first line will be password and in second - corresponding SHA256.
|
|
#
|
|
# How to generate double SHA1:
|
|
# Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
|
|
# In first line will be password and in second - corresponding double SHA1.
|
|
|
|
password: ''
|
|
|
|
# List of networks with open access.
|
|
#
|
|
# To open access from everywhere, specify:
|
|
# - ip: '::/0'
|
|
#
|
|
# To open access only from localhost, specify:
|
|
# - ip: '::1'
|
|
# - ip: 127.0.0.1
|
|
#
|
|
# Each element of list has one of the following forms:
|
|
# ip: IP-address or network mask. Examples: 213.180.204.3 or 10.0.0.1/8 or 10.0.0.1/255.255.255.0
|
|
# 2a02:6b8::3 or 2a02:6b8::3/64 or 2a02:6b8::3/ffff:ffff:ffff:ffff::.
|
|
# host: Hostname. Example: server01.clickhouse.com.
|
|
# To check access, DNS query is performed, and all received addresses compared to peer address.
|
|
# host_regexp: Regular expression for host names. Example, ^server\d\d-\d\d-\d\.clickhouse\.com$
|
|
# To check access, DNS PTR query is performed for peer address and then regexp is applied.
|
|
# Then, for result of PTR query, another DNS query is performed and all received addresses compared to peer address.
|
|
# Strongly recommended that regexp is ends with $ and take all expression in ''
|
|
# All results of DNS requests are cached till server restart.
|
|
|
|
networks:
|
|
ip: '::/0'
|
|
|
|
# Settings profile for user.
|
|
profile: default
|
|
|
|
# Quota for user.
|
|
quota: default
|
|
|
|
# User can create other users and grant rights to them.
|
|
# access_management: 1
|
|
|
|
# SQL expressions for grants available for that user - https://clickhouse.com/docs/en/sql-reference/statements/grant
|
|
# grants:
|
|
# - query: GRANT ALL ON *.*
|
|
|
|
# Quotas.
|
|
quotas:
|
|
# Name of quota.
|
|
default:
|
|
# Limits for time interval. You could specify many intervals with different limits.
|
|
interval:
|
|
# Length of interval.
|
|
duration: 3600
|
|
|
|
# No limits. Just calculate resource usage for time interval.
|
|
queries: 0
|
|
errors: 0
|
|
result_rows: 0
|
|
read_rows: 0
|
|
execution_time: 0
|