Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(docker-compose): Add clickhouse users #402

Merged
merged 8 commits into from
Oct 17, 2024
Merged

feat(docker-compose): Add clickhouse users #402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
db9cc00
feat(docker-compose): Add clickhouse users
samcm Oct 16, 2024
f25c3e8
fix: Update password tags to include replace attribute
samcm Oct 16, 2024
1301eef
fix: Update password replacement value in users.xml
samcm Oct 17, 2024
28e5f3f
fix: Update default ClickHouse password in script
samcm Oct 17, 2024
ac31aa4
fix: Update ClickHouse password handling in scripts
samcm Oct 17, 2024
6e9781c
fix: Update CLICKHOUSE_PASSWORD handling in config files
samcm Oct 17, 2024
d224105
chore: Update ClickHouse password handling in config files
samcm Oct 17, 2024
d56583b
fix: Update password variable in database connection URL
samcm Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/cannon/assert_clickhouse.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ SEEDING_YAML="$1"
CLICKHOUSE_HOST=${CLICKHOUSE_HOST:-"localhost"}
CLICKHOUSE_PORT=${CLICKHOUSE_PORT:-"9000"}
CLICKHOUSE_USER=${CLICKHOUSE_USER:-"default"}
CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-""}
CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD}
CLICKHOUSE_DB=${CLICKHOUSE_DB:-"default"}

# Function to execute ClickHouse query
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/sentry-smoke-test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ jobs:
for sentry in "${all_sentries[@]}"; do
pretty_print "Checking $table table for $sentry..." "none"
while true; do
data_count=$(docker exec xatu-clickhouse-01 clickhouse-client --query "SELECT COUNT(*) FROM default.$table WHERE meta_client_name = '$sentry'" || true)
data_count=$(docker exec xatu-clickhouse-01 clickhouse-client --user=default --query "SELECT COUNT(*) FROM default.$table WHERE meta_client_name = '$sentry'" || true)
if [[ $data_count -gt 0 ]]; then
pretty_print "$table has $data_count entries from $sentry" "green"
break
Expand Down
1 change: 1 addition & 0 deletions ...y/local/docker-compose/clickhouse/clickhouse-01/etc/clickhouse-server/config.d/config.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
</distributed_ddl>
<remote_servers>
<cluster_2S_1R>
<secret>supersecret</secret>
<shard>
<replica>
<host>xatu-clickhouse-01</host>
Expand Down
41 changes: 41 additions & 0 deletions ...pose/clickhouse/clickhouse-01/etc/clickhouse-server/docker-entrypoint-initdb.d/init-db.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,43 @@
#!/bin/bash
set -e

cat /etc/clickhouse-server/users.d/users.xml

cat <<EOT >> /etc/clickhouse-server/users.d/default.xml
<yandex>
<users>
<${CLICKHOUSE_USER}>
<profile>default</profile>
<networks>
<ip>::/0</ip>
</networks>
$([ -n "${CLICKHOUSE_PASSWORD}" ] && echo "<password>${CLICKHOUSE_PASSWORD}</password>")
<quota>default</quota>
</${CLICKHOUSE_USER}>
<readonly>
<password>${CLICKHOUSE_USER_READONLY_PASSWORD}</password>
</readonly>
</users>
</yandex>
EOT

cat <<EOT >> /etc/clickhouse-server/config.d/users.xml
<clickhouse replace="true">
<remote_servers>
<cluster_2S_1R>
<shard>
<replica>
<host>xatu-clickhouse-01</host>
$([ -n "${CLICKHOUSE_PASSWORD}" ] && echo "<password replace=\"true\">${CLICKHOUSE_PASSWORD}</password>")
</replica>
</shard>
<shard>
<replica>
<host>xatu-clickhouse-02</host>
$([ -n "${CLICKHOUSE_PASSWORD}" ] && echo "<password replace=\"true\">${CLICKHOUSE_PASSWORD}</password>")
</replica>
</shard>
</cluster_2S_1R>
</remote_servers>
</clickhouse>
EOT
16 changes: 16 additions & 0 deletions deploy/local/docker-compose/clickhouse/clickhouse-01/etc/clickhouse-server/users.d/users.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@
<load_balancing>in_order</load_balancing>
<log_queries>1</log_queries>
</default>
<readonly>
<max_memory_usage>10000000000</max_memory_usage>
<use_uncompressed_cache>0</use_uncompressed_cache>
<load_balancing>in_order</load_balancing>
<readonly>1</readonly>
<log_queries>1</log_queries>
</readonly>
</profiles>
<users>
<default>
Expand All @@ -21,6 +28,15 @@
<show_named_collections>1</show_named_collections>
<show_named_collections_secrets>1</show_named_collections_secrets>
</default>
<readonly>
<access_management>0</access_management>
<profile>readonly</profile>
<networks>
<ip>::/0</ip>
</networks>
<password from_env="CLICKHOUSE_USER_READONLY_PASSWORD" replace="replace"></password>
<quota>default</quota>
</readonly>
</users>
<quotas>
<default>
Expand Down
1 change: 1 addition & 0 deletions ...y/local/docker-compose/clickhouse/clickhouse-02/etc/clickhouse-server/config.d/config.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
</distributed_ddl>
<remote_servers>
<cluster_2S_1R>
<secret>supersecret</secret>
<shard>
<replica>
<host>xatu-clickhouse-01</host>
Expand Down
47 changes: 46 additions & 1 deletion ...pose/clickhouse/clickhouse-02/etc/clickhouse-server/docker-entrypoint-initdb.d/init-db.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,50 @@
#!/bin/bash
set -e
cat /etc/clickhouse-server/users.d/users.xml

clickhouse client --user default -n <<-EOSQL
cat <<EOT >> /etc/clickhouse-server/users.d/default.xml
<yandex>
<users>
<${CLICKHOUSE_USER}>
<profile>default</profile>
<networks>
<ip>::/0</ip>
</networks>
$([ -n "${CLICKHOUSE_PASSWORD}" ] && echo "<password>${CLICKHOUSE_PASSWORD}</password>")
<quota>default</quota>
</${CLICKHOUSE_USER}>
<readonly>
<password>${CLICKHOUSE_USER_READONLY_PASSWORD}</password>
</readonly>
</users>
</yandex>
EOT

cat <<EOT >> /etc/clickhouse-server/config.d/users.xml
<clickhouse>
<remote_servers>
<cluster_2S_1R>
<shard>
<replica>
<host>xatu-clickhouse-01</host>
$([ -n "${CLICKHOUSE_PASSWORD}" ] && echo "<password replace=\"true\">${CLICKHOUSE_PASSWORD}</password>")
</replica>
</shard>
<shard>
<replica>
<host>xatu-clickhouse-02</host>
$([ -n "${CLICKHOUSE_PASSWORD}" ] && echo "<password replace=\"true\">${CLICKHOUSE_PASSWORD}</password>")
</replica>
</shard>
</cluster_2S_1R>
</remote_servers>
</clickhouse>
EOT


PASSWORD=${CLICKHOUSE_PASSWORD}

clickhouse client --user default --password ${PASSWORD} -n <<-EOSQL
CREATE TABLE default.schema_migrations_local ON CLUSTER '{cluster}'
(
"version" Int64,
Expand All @@ -14,3 +57,5 @@ SETTINGS index_granularity = 81921;
CREATE TABLE schema_migrations on cluster '{cluster}' AS schema_migrations_local
ENGINE = Distributed('{cluster}', default, schema_migrations_local, rand());
EOSQL

echo "ClickHouse schema initialized"
16 changes: 16 additions & 0 deletions deploy/local/docker-compose/clickhouse/clickhouse-02/etc/clickhouse-server/users.d/users.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@
<load_balancing>in_order</load_balancing>
<log_queries>1</log_queries>
</default>
<readonly>
<max_memory_usage>10000000000</max_memory_usage>
<use_uncompressed_cache>0</use_uncompressed_cache>
<load_balancing>in_order</load_balancing>
<readonly>1</readonly>
<log_queries>1</log_queries>
</readonly>
</profiles>
<users>
<default>
Expand All @@ -21,6 +28,15 @@
<show_named_collections>1</show_named_collections>
<show_named_collections_secrets>1</show_named_collections_secrets>
</default>
<readonly>
<access_management>0</access_management>
<profile>readonly</profile>
<networks>
<ip>::/0</ip>
</networks>
<password from_env="CLICKHOUSE_USER_READONLY_PASSWORD" replace="replace"></password>
<quota>default</quota>
</readonly>
</users>
<quotas>
<default>
Expand Down
20 changes: 8 additions & 12 deletions deploy/local/docker-compose/grafana/datasources/datasources.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,24 +13,20 @@ datasources:
port: 9000
server: xatu-clickhouse-01
tlsSkipVerify: true
username: readonly
user: readonly
secureJsonData:
password: $CLICKHOUSE_USER_READONLY_PASSWORD

- name: ClickHouse-vert
type: vertamedia-clickhouse-datasource
access: proxy
url: http://xatu-clickhouse-01:8123

- name: postgres
type: postgres
access: proxy
url: xatu-postgres:5432
user: user
secureJsonData:
password: password
user: readonly
jsonData:
sslmode: disable
tlsSkipVerify: true
postgresVersion: 1500
database: xatu
user: readonly
secureJsonData:
password: $CLICKHOUSE_USER_READONLY_PASSWORD
- name: Tempo
type: tempo
access: proxy
Expand Down
26 changes: 21 additions & 5 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ services:
timeout: 10s
retries: 15
start_period: 15s
environment:
- CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1
- CLICKHOUSE_USER=default
- CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD}
- CLICKHOUSE_USER_READONLY_PASSWORD=${CLICKHOUSE_USER_READONLY_PASSWORD:-readonly}
xatu-clickhouse-02:
profiles:
- clickhouse
Expand Down Expand Up @@ -69,6 +74,11 @@ services:
timeout: 10s
retries: 15
start_period: 15s
environment:
- CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1
- CLICKHOUSE_USER=default
- CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-supersecret}
- CLICKHOUSE_USER_READONLY_PASSWORD=${CLICKHOUSE_USER_READONLY_PASSWORD:-readonly}
xatu-clickhouse-zookeeper-01:
profiles:
- clickhouse
Expand Down Expand Up @@ -197,10 +207,16 @@ services:
GF_AUTH_ANONYMOUS_ENABLED: "true"
GF_AUTH_ANONYMOUS_ORG_ROLE: Admin
GF_AUTH_ANONYMOUS_ORG_NAME: Main Org.
CLICKHOUSE_USER_READONLY_PASSWORD: ${CLICKHOUSE_USER_READONLY_PASSWORD:-readonly}
volumes:
- ./deploy/local/docker-compose/grafana/datasources:/etc/grafana/provisioning/datasources
- ./deploy/local/docker-compose/grafana/dashboard.yaml:/etc/grafana/provisioning/dashboards/main.yaml
- ./deploy/local/docker-compose/grafana/dashboards:/var/lib/grafana/dashboards
command: >
bash -c "
sed -i 's/readonlypassword/'"$$CLICKHOUSE_USER_READONLY_PASSWORD"'/g' /etc/grafana/provisioning/datasources/datasources.yaml &&
/run.sh
"
xatu-prometheus:
profiles:
- ""
Expand Down Expand Up @@ -386,8 +402,8 @@ services:
- "${VECTOR_KAFKA_CLICKHOUSE_ADDRESS:-127.0.0.1}:${VECTOR_KAFKA_CLICKHOUSE_PORT:-8686}:8686"
environment:
CLICKHOUSE_ENDPOINT: "xatu-clickhouse-01:8123"
CLICKHOUSE_USER: default
CLICKHOUSE_PASSWORD: ""
CLICKHOUSE_USER: ${CLICKHOUSE_USER:-default}
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD}
KAFKA_BROKERS: "xatu-kafka:29092"
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8686/health"]
Expand Down Expand Up @@ -416,8 +432,8 @@ services:
- xatu-net
environment:
CLICKHOUSE_ENDPOINT: "xatu-clickhouse-01:8123"
CLICKHOUSE_USER: default
CLICKHOUSE_PASSWORD: ""
CLICKHOUSE_USER: ${CLICKHOUSE_USER:-default}
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD}
KAFKA_BROKERS: "xatu-kafka:29092"
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8686/health"]
Expand Down Expand Up @@ -469,7 +485,7 @@ services:
"-path",
"/migrations",
"-database",
"clickhouse://xatu-clickhouse-01:9000?username=default&database=default&x-multi-statement=true",
"clickhouse://xatu-clickhouse-01:9000?username=${CLICKHOUSE_USER:-default}&password=${CLICKHOUSE_PASSWORD}&database=default&x-multi-statement=true",
"up",
]
depends_on:
Expand Down
Loading