search

Altinity / clickhouse-operator

Altinity Kubernetes Operator for ClickHouse creates, configures and manages ClickHouse® clusters running on Kubernetes
https://altinity.com
Apache License 2.0
1.93k stars 463 forks source link

how to change clickhouse default password in kubernetes #236

Closed zainal-abidin-assegaf closed 4 years ago

zainal-abidin-assegaf commented 4 years ago

We have deployed clickhouse on kubernetes, with detail :

image

and we can access clickhouse from command line:

image

core@manager-02 ~ $ cat clickhouse.sh #! /usr/bin/bash sudo kubectl exec -it $(sudo kubectl get pod -l clickhouse.altinity.com/app=chop -o jsonpath='{.items[0].metadata.name}' ) -- clickhouse-client

but tabix can not access clickhouse due to user default do not configured with any passwod, from documentation we need to allow 0.0.0.0:8123 and give it password from xml file, in kubernetes we can not change xml, because if kubernetes destroy and re-create clickhouse pod we will loose the password again

so how to resolve this issue ??

we want to ingest data to clickhouse kubernetes via pentaho also, but also can not connect:

image

`Error connecting to database [clickhouse] :org.pentaho.di.core.exception.KettleDatabaseException: Error occurred while trying to connect to the database

Error connecting to database: (using class ru.yandex.clickhouse.ClickHouseDriver) ru.yandex.clickhouse.except.ClickHouseException: ClickHouse exception, code: 195, host: 10.9.56.132, port: 8123; Code: 195, e.displayText() = DB::Exception: User default is not allowed to connect from address 10.244.34.0 (version 19.6.2.11 (official build))

org.pentaho.di.core.exception.KettleDatabaseException: Error occurred while trying to connect to the database

Error connecting to database: (using class ru.yandex.clickhouse.ClickHouseDriver) ru.yandex.clickhouse.except.ClickHouseException: ClickHouse exception, code: 195, host: 10.9.56.132, port: 8123; Code: 195, e.displayText() = DB::Exception: User default is not allowed to connect from address 10.244.34.0 (version 19.6.2.11 (official build))

at org.pentaho.di.core.database.Database.normalConnect(Database.java:472)
at org.pentaho.di.core.database.Database.connect(Database.java:370)
at org.pentaho.di.core.database.Database.connect(Database.java:341)
at org.pentaho.di.core.database.Database.connect(Database.java:331)
at org.pentaho.di.core.database.DatabaseFactory.getConnectionTestReport(DatabaseFactory.java:83)
at org.pentaho.di.core.database.DatabaseFactory.getConnectionTestResults(DatabaseFactory.java:112)
at org.pentaho.di.core.database.DatabaseMeta.testConnectionSuccess(DatabaseMeta.java:2811)
at org.pentaho.ui.database.event.DataHandler.testDatabaseConnection(DataHandler.java:621)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.pentaho.ui.xul.impl.AbstractXulDomContainer.invoke(AbstractXulDomContainer.java:313)
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:157)
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:141)
at org.pentaho.ui.xul.swt.tags.SwtButton.access$500(SwtButton.java:43)
at org.pentaho.ui.xul.swt.tags.SwtButton$4.widgetSelected(SwtButton.java:137)
at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:263)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:109)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:687)
at org.eclipse.swt.widgets.Widget.notifyListeners(Widget.java:594)
at org.eclipse.swt.widgets.Display.executeNextEvent(Display.java:1217)
at org.eclipse.swt.widgets.Display.runPendingMessages(Display.java:1198)
at org.eclipse.swt.widgets.Display.safeReadAndDispatch(Display.java:1181)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:1173)
at org.eclipse.jface.window.Window.runEventLoop(Window.java:869)
at org.eclipse.jface.window.Window.open(Window.java:845)
at org.pentaho.di.ui.xul.KettleDialog.show(KettleDialog.java:80)
at org.pentaho.di.ui.xul.KettleDialog.show(KettleDialog.java:47)
at org.pentaho.di.ui.core.database.dialog.XulDatabaseDialog.open(XulDatabaseDialog.java:114)
at org.pentaho.di.ui.core.database.dialog.DatabaseDialog.open(DatabaseDialog.java:61)
at org.pentaho.di.ui.spoon.delegates.SpoonDBDelegate.editConnection(SpoonDBDelegate.java:96)
at org.pentaho.di.ui.spoon.Spoon.editConnection(Spoon.java:2795)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.pentaho.ui.xul.impl.AbstractXulDomContainer.invoke(AbstractXulDomContainer.java:313)
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:157)
at org.pentaho.ui.xul.impl.AbstractXulComponent.invoke(AbstractXulComponent.java:141)
at org.pentaho.ui.xul.jface.tags.JfaceMenuitem.access$100(JfaceMenuitem.java:43)
at org.pentaho.ui.xul.jface.tags.JfaceMenuitem$1.run(JfaceMenuitem.java:106)
at org.eclipse.jface.action.Action.runWithEvent(Action.java:493)
at org.eclipse.jface.action.ActionContributionItem.handleWidgetSelection(ActionContributionItem.java:575)
at org.eclipse.jface.action.ActionContributionItem.access$2(ActionContributionItem.java:492)
at org.eclipse.jface.action.ActionContributionItem$5.handleEvent(ActionContributionItem.java:403)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:109)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:687)
at org.eclipse.swt.widgets.Widget.notifyListeners(Widget.java:594)
at org.eclipse.swt.widgets.Display.executeNextEvent(Display.java:1217)
at org.eclipse.swt.widgets.Display.runPendingMessages(Display.java:1198)
at org.eclipse.swt.widgets.Display.safeReadAndDispatch(Display.java:1181)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:1173)
at org.eclipse.rap.rwt.application.AbstractEntryPoint.createUI(AbstractEntryPoint.java:69)
at org.eclipse.rap.rwt.internal.lifecycle.RWTLifeCycle.createUI(RWTLifeCycle.java:177)
at org.eclipse.rap.rwt.internal.lifecycle.RWTLifeCycle$UIThreadController.run(RWTLifeCycle.java:290)
at java.lang.Thread.run(Thread.java:748)
at org.eclipse.rap.rwt.internal.lifecycle.UIThread.run(UIThread.java:107)

Caused by: org.pentaho.di.core.exception.KettleDatabaseException: Error connecting to database: (using class ru.yandex.clickhouse.ClickHouseDriver) ru.yandex.clickhouse.except.ClickHouseException: ClickHouse exception, code: 195, host: 10.9.56.132, port: 8123; Code: 195, e.displayText() = DB::Exception: User default is not allowed to connect from address 10.244.34.0 (version 19.6.2.11 (official build))

at org.pentaho.di.core.database.Database.connectUsingClass(Database.java:585)
at org.pentaho.di.core.database.Database.normalConnect(Database.java:456)
... 57 more

Caused by: java.lang.RuntimeException: ru.yandex.clickhouse.except.ClickHouseException: ClickHouse exception, code: 195, host: 10.9.56.132, port: 8123; Code: 195, e.displayText() = DB::Exception: User default is not allowed to connect from address 10.244.34.0 (version 19.6.2.11 (official build))

at ru.yandex.clickhouse.ClickHouseConnectionImpl.initTimeZone(ClickHouseConnectionImpl.java:94)
at ru.yandex.clickhouse.ClickHouseConnectionImpl.<init>(ClickHouseConnectionImpl.java:78)
at ru.yandex.clickhouse.ClickHouseDriver.connect(ClickHouseDriver.java:55)
at ru.yandex.clickhouse.ClickHouseDriver.connect(ClickHouseDriver.java:47)
at ru.yandex.clickhouse.ClickHouseDriver.connect(ClickHouseDriver.java:29)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.pentaho.di.core.database.Database.connectUsingClass(Database.java:567)
... 58 more

Caused by: ru.yandex.clickhouse.except.ClickHouseException: ClickHouse exception, code: 195, host: 10.9.56.132, port: 8123; Code: 195, e.displayText() = DB::Exception: User default is not allowed to connect from address 10.244.34.0 (version 19.6.2.11 (official build))

at ru.yandex.clickhouse.except.ClickHouseExceptionSpecifier.specify(ClickHouseExceptionSpecifier.java:58)
at ru.yandex.clickhouse.except.ClickHouseExceptionSpecifier.specify(ClickHouseExceptionSpecifier.java:28)
at ru.yandex.clickhouse.ClickHouseStatementImpl.checkForErrorAndThrow(ClickHouseStatementImpl.java:820)
at ru.yandex.clickhouse.ClickHouseStatementImpl.getInputStream(ClickHouseStatementImpl.java:616)
at ru.yandex.clickhouse.ClickHouseStatementImpl.executeQuery(ClickHouseStatementImpl.java:127)
at ru.yandex.clickhouse.ClickHouseStatementImpl.executeQuery(ClickHouseStatementImpl.java:110)
at ru.yandex.clickhouse.ClickHouseStatementImpl.executeQuery(ClickHouseStatementImpl.java:105)
at ru.yandex.clickhouse.ClickHouseStatementImpl.executeQuery(ClickHouseStatementImpl.java:100)
at ru.yandex.clickhouse.ClickHouseConnectionImpl.initTimeZone(ClickHouseConnectionImpl.java:89)
... 65 more

Caused by: java.lang.Throwable: Code: 195, e.displayText() = DB::Exception: User default is not allowed to connect from address 10.244.34.0 (version 19.6.2.11 (official build))

at ru.yandex.clickhouse.except.ClickHouseExceptionSpecifier.specify(ClickHouseExceptionSpecifier.java:53)
... 73 more

Custom URL: jdbc:clickhouse://10.9.56.132:8123/database Custom Driver Class: ru.yandex.clickhouse.ClickHouseDriver

`

clickhouse kubernetes service loadbalancer ip 10.9.56.132 , need you help and recommendation how to resolve this,

Thank you

alex-zaitsev commented 4 years ago

@4ss3g4f , operator secures cluster from outside access. You need to open up default user explicitly. It can be done via ClickHouse installation resource. For example:

spec:
  configuration:
    users:
      default/networks/ip: "::/0"
zainal-abidin-assegaf commented 4 years ago

@alex-zaitsev , we used your recommendation,

apiVersion: "clickhouse.altinity.com/v1"
kind: "ClickHouseInstallation"

metadata:
  name: "repl-05"

spec:
  defaults:
    templates: 
      dataVolumeClaimTemplate: default
      podTemplate: clickhouse:19.6

  configuration:
    users:
      default/networks/ip: "::/0"
    zookeeper:
      nodes:
      - host: zookeeper.zoons.svc.cluster.local
    clusters:
      - name: replicated
        layout:
          shardsCount: 6
          replicasCount: 6

  templates:
    volumeClaimTemplates:
      - name: default
        spec:
          accessModes:
            - ReadWriteOnce
          storageClassName: rook-ceph-block
          resources:
            requests:
              storage: 100Gi
    podTemplates:
      - name: clickhouse:19.6
        spec:
          containers:
            - name: clickhouse-pod
              image: yandex/clickhouse-server:19.6.2.11

And have successful result,

image

Thank you