目录
2.1. 启动my-clickhouse-server容器实例
2.3.my-clickhouse-server容器的配置文件、目录复制到本地挂载目录下
2.4. 复制完成后,停止删除容器my-clickhouse-server
2.5.重新运行部署my-clickhouse-server
2.6 clickhouse-servers设置密码,修改完成后,重启容器。
UK Property Price Paid | ClickHouse Docs
1.系统环境
docker 、CentOS 7.9
2. 部署clickhouse-server
2.1. 启动my-clickhouse-server容器实例
docker run -d --name my-clickhouse-server --ulimit nofile=262144:262144 yandex/clickhouse-server2.2. 创建本地挂载目录
引用/home下空间比较大,所以映射路径都放在/home下
mkdir -p /home/clickhouse-server/
mkdir -p /home/clickhouse-server/etc/2.3.my-clickhouse-server容器的配置文件、目录复制到本地挂载目录下
docker cp my-clickhouse-server:/var/log/clickhouse-server /home/clickhouse-server/
docker cp my-clickhouse-server:/var/lib/clickhouse /home/clickhouse-server/
docker cp my-clickhouse-server:/etc/clickhouse-server /home/clickhouse-server/etc/2.4. 复制完成后,停止删除容器my-clickhouse-server
docker stop my-clickhouse-server
docker rm my-clickhouse-server2.5.重新运行部署my-clickhouse-server
docker run -d --restart=always --privileged=true -p 8123:8123 -p 9000:9000 --name my-clickhouse-server --ulimit nofile=262144:262144 \
-v /home/clickhouse-server/clickhouse-server:/var/log/clickhouse-server \
-v /home/clickhouse-server/clickhouse:/var/lib/clickhouse \
-v /home/clickhouse-server/etc/clickhouse-server:/etc/clickhouse-server \
yandex/clickhouse-server 2.6 clickhouse-servers设置密码,修改完成后,重启容器。
修改本地文件
vim /home/clickhouse-server/etc/clickhouse-server/users.xml密码生成
密码生成命令,具体内容可参考users.xml文件内说明
[root@inlong clickhouse]# PASSWORD=$(base64 < /dev/urandom | head -c8); echo "clickhouse"; echo -n "clickhouse" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
clickhouse
5873faa64eaf2895016c5ee79af4704e167fec7ausers.xml
<?xml version="1.0"?>
<clickhouse>
<!-- See also the files in users.d directory where the settings can be overridden. -->
<!-- Profiles of settings. -->
<profiles>
<!-- Default settings. -->
<default>
<!-- Maximum memory usage for processing single query, in bytes. -->
<max_memory_usage>10000000000</max_memory_usage>
<!-- How to choose between replicas during distributed query processing.
random - choose random replica from set of replicas with minimum number of errors
nearest_hostname - from set of replicas with minimum number of errors, choose replica
with minimum number of different symbols between replica's hostname and local hostname
(Hamming distance).
in_order - first live replica is chosen in specified order.
first_or_random - if first replica one has higher number of errors, pick a random one from replicas with minimum number of errors.
-->
<load_balancing>random</load_balancing>
</default>
<!-- Profile that allows only read queries. -->
<readonly>
<readonly>1</readonly>
</readonly>
</profiles>
<!-- Users and ACL. -->
<users>
<!-- If user name was not specified, 'default' user is used. -->
<default>
<!-- See also the files in users.d directory where the password can be overridden.
Password could be specified in plaintext or in SHA256 (in hex format).
If you want to specify password in plaintext (not recommended), place it in 'password' element.
Example: <password>qwerty</password>.
Password could be empty.
If you want to specify SHA256, place it in 'password_sha256_hex' element.
Example: <password_sha256_hex>65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5</password_sha256_hex>
Restrictions of SHA256: impossibility to connect to ClickHouse using MySQL JS client (as of July 2019).
If you want to specify double SHA1, place it in 'password_double_sha1_hex' element.
Example: <password_double_sha1_hex>e395796d6546b1b65db9d665cd43f0e858dd4303</password_double_sha1_hex>
If you want to specify a previously defined LDAP server (see 'ldap_servers' in the main config) for authentication,
place its name in 'server' element inside 'ldap' element.
Example: <ldap><server>my_ldap_server</server></ldap>
If you want to authenticate the user via Kerberos (assuming Kerberos is enabled, see 'kerberos' in the main config),
place 'kerberos' element instead of 'password' (and similar) elements.
The name part of the canonical principal name of the initiator must match the user name for authentication to succeed.
You can also place 'realm' element inside 'kerberos' element to further restrict authentication to only those requests
whose initiator's realm matches it.
Example: <kerberos />
Example: <kerberos><realm>EXAMPLE.COM</realm></kerberos>
How to generate decent password:
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha256sum | tr -d '-'
In first line will be password and in second - corresponding SHA256.
How to generate double SHA1:
Execute: PASSWORD=$(base64 < /dev/urandom | head -c8); echo "$PASSWORD"; echo -n "$PASSWORD" | sha1sum | tr -d '-' | xxd -r -p | sha1sum | tr -d '-'
In first line will be password and in second - corresponding double SHA1.
-->
<password_double_sha1_hex>5873faa64eaf2895016c5ee79af4704e167fec7a</password_double_sha1_hex>
<!-- List of networks with open access.
To open access from everywhere, specify:
<ip>::/0</ip>
To open access only from localhost, specify:
<ip>::1</ip>
<ip>127.0.0.1</ip>
Each element of list has one of the following forms:
<ip> IP-address or network mask. Examples: 213.180.204.3 or 10.0.0.1/8 or 10.0.0.1/255.255.255.0
2a02:6b8::3 or 2a02:6b8::3/64 or 2a02:6b8::3/ffff:ffff:ffff:ffff::.
<host> Hostname. Example: server01.yandex.ru.
To check access, DNS query is performed, and all received addresses compared to peer address.
<host_regexp> Regular expression for host names. Example, ^server\d\d-\d\d-\d\.yandex\.ru$
To check access, DNS PTR query is performed for peer address and then regexp is applied.
Then, for result of PTR query, another DNS query is performed and all received addresses compared to peer address.
Strongly recommended that regexp is ends with $
All results of DNS requests are cached till server restart.
-->
<networks>
<ip>::/0</ip>
</networks>
<!-- Settings profile for user. -->
<profile>default</profile>
<!-- Quota for user. -->
<quota>default</quota>
<!-- User can create other users and grant rights to them. -->
<access_management>1</access_management>
</default>
<!-- If user name was not specified, 'inlong' user is used. -->
<inlong>
<password_double_sha1_hex>5873faa64eaf2895016c5ee79af4704e167fec7a</password_double_sha1_hex>
<networks>
<ip>::/0</ip>
</networks>
<profile>default</profile>
<quota>inlong</quota>
<access_management>1</access_management>
</inlong>
</users>
<!-- Quotas. -->
<quotas>
<!-- Name of quota. -->
<default>
<!-- Limits for time interval. You could specify many intervals with different limits. -->
<interval>
<!-- Length of interval. -->
<duration>3600</duration>
<!-- No limits. Just calculate resource usage for time interval. -->
<queries>0</queries>
<errors>0</errors>
<result_rows>0</result_rows>
<read_rows>0</read_rows>
<execution_time>0</execution_time>
</interval>
</default>
<inlong>
<interval>
<duration>7200</duration>
<queries>0</queries>
<errors>0</errors>
<result_rows>0</result_rows>
<read_rows>0</read_rows>
<execution_time>0</execution_time>
</interval>
</inlong>
</quotas>
</clickhouse>
2.7.DBeaver连接clickhouse
3.clickhouse-client连接server
docker run -it --rm --link my-clickhouse-server:clickhouse-server yandex/clickhouse-client --host clickhouse-server --user default --password=clickhouse4.clickhouse创建database
6eafc5c3cfd1 :) CREATE DATABASE IF NOT EXISTS flink_clickhouse
CREATE DATABASE IF NOT EXISTS flink_clickhouse
Query id: 75018a8e-323f-4193-885a-455848102a9d
Ok.
0 rows in set. Elapsed: 0.002 sec.