Help Center/ MapReduce Service/ Component Operation Guide (LTS)/ Using ClickHouse/ ClickHouse O&M Management/ Configuring the Default ClickHouse User Passwords (MRS 3.3.0-LTS)
Updated on 2024-10-09 GMT+08:00
View PDF
Share

Configuring the Default ClickHouse User Passwords (MRS 3.3.0-LTS)

After a ClickHouse cluster is created, you can use the ClickHouse client to connect to the ClickHouse server.

Set the passwords of default ClickHouse users default and clickhouse after creating a ClickHouse cluster in normal mode.

  • This topic is available for MRS 3.3.0-LTS and later versions.
  • default and clickhouse are default internal administrators of a ClickHouse cluster in normal mode (with Kerberos authentication disabled).
  • For normal mode, if the default passwords of the default users default and clickhouse have been changed and the ClickHouseServer node is reinstalled, the passwords will be reset. You need to change the passwords again.

Configuring Passwords for the Default ClickHouse Users

  1. Log in to the node where ClickHouse is installed as user root, switch to user omm, and go to the $BIGDATA_HOME/FusionInsight_ClickHouse_*/install/FusionInsight-ClickHouse-*/clickhouse/clickhouse_change_password directory.

    su - omm

    cd $BIGDATA_HOME/FusionInsight_ClickHouse_*/install/FusionInsight-ClickHouse-*/clickhouse/clickhouse_change_password

  2. Run the following command to change the password of the default or clickhouse user:

    ./change_password.sh

    In the following figure, user clickhouse is used as an example. Enter clickhouse and its password as prompted, and wait until the password is changed.

    The password complexity requirements are as follows:

    • The password can contain 8 to 64 characters.
    • The password must contain at least one lowercase letter, one uppercase letter, one digit, and one special character, and the following special characters are supported: -%;[]{}@_

  3. Check the password change result.

    Log in to the ClickHouse Server node and check the value of password_sha256_hex in the ${BIGDATA_HOME}/FusionInsight_ClickHouse_*/*_ClickHouseServer/etc/users.xml file. The value is the new password.

    cd ${BIGDATA_HOME}/FusionInsight_ClickHouse_*/*_ClickHouseServer/etc/

    vi users.xml

    As shown in the following figure, the new password is stored in the password_sha256_hex file. There can be security risks if a configuration file contains the authentication password. You are advised to delete the configuration file or use other secure methods to keep the password.