Configuring Palo.Ini for the In-Memory DB

Conﬁguring palo.ini for the In-Memory DB

This article describes the parameters of the palo.ini conﬁguration ﬁle. These parameters can also be used as command line parameters for the In-Memory Database binary: palo.exe for Windows and “palo” for Linux.

The Palo parameters have a short and a long form. On the command line, the short form has one dash (-) in front; the long form has two dashes (- -) in front. Examples: palo -? / palo - -help. The table below lists the parameters in alphabetical order by long form.

Palo.exe gets these parameters as command line arguments and/or via the palo.ini ﬁle. Note: any changes made to the palo.ini ﬁle require restarting the OLAP service.

Please see Order of command execution at the end of this document. In the ﬁle …\Jedox Suite\olap\data\palo.ini.sample you can ﬁnd descriptions and examples of how to use parameters in the palo.ini.

Short Long form Argument(s) Description / Example(s) Default value form

Tries to add directories with OLAP database automatically and adds them to palo.csv. add-new-databases D True On/oﬀ switch.

Http interface with server browser and online documentation. An address can be a server name, an internet address or “” for all server internet addresses.

Port is a number: admin a

admin 192.168.1.2 7777

admin localhost 7770

admin “” 7780 amazon-id O False audit 1 See KB article Audit Information Disabled audit-blocksize { Maximum number of rows returned for simple audit mode

Commits all changes on server shutdown. auto-commit B True On/off switch. auto-load A Loads all databases on server start into memory which are defined in the palo.csv. On/off switch. True autosave-interval x integer, minimum 5, maximum 1440 If set, defines the interval (in minutes) in which automatic autosave runs. If not set, default interval of 5 minutes is used. 5

in each cube cache> cache-barrier 0 (sets cache-barrier to 0).

Only for the command line. chdir C True On/oﬀ switch.

Note: If “crypt” is enabled,

– it is not possible to set the log-level of OLAP Server to “trace” or “debug”. Both log levels could make the log ﬁle contain information about database

contents, and since log ﬁles are always readable, this would conﬂict with the purpose of the “crypt” option.

– it is not possible to enable the “audit” option in palo.ini. The data storage for audit information currently cannot be encrypted, and so that storage would

again contain readable data information which would conﬂict with the purpose of the “crypt” option.

For decryption, just remove crypt from palo.ini and on next “save” the database ﬁles will be decrypted, i.e. if a value is written to a cube, it will be decrypted

(with all its ﬁles). It will not be automatically decrypted. Don’t remove crypt-key otherwise it won’t be possible to load encrypted ﬁles. Remove the crypt-key False

after you’re sure that everything was decrypted.

Procedure to decrypt all databases:

– remove crypt from palo.ini

– restart OLAP service

– use Jedox example (ETL-Tools) “Database Copy”

– copy all databases

– everything will be back to decrypted status

Sets pass phrase used for encrypting/decrypting of the database files. crypt-key k It is used also for decrypting, so it has to be set if there are any encrypted files in the database (even when encrypting is off ). Blowfish algorithm supports Empty string

keys of up to 448 bytes in length. data-directory d Only for command line. ./Data

Default value for database access rights. default-db-right R D Possible values: N, R, W, D. defaults-directory Speciﬁes the path to the directory where some ﬁles for OLAP server are stored. The default directory (../defaults) contains a directory called subsets, which ../defaults

contains database script ﬁles that are used to generate default subsets for a dimension.

Note: when the OLAP API function /dimension/create is called with parameter mode=1, then not only is a dimension created, but the OLAP server will also

execute all database scripts from the subsets directory, if it exists in the directory indicated by defaults-directory palo.ini key.

. device j All available devices Empty vector . … dimension-ﬁle-format Possible values: Legacy: dimensions are saved to database.csv legacy

-legacy Binary: dimensions are saved to database_DIM_*.csv and database_DIM_*.bin (if available), similar to cube save/load.

-binary Compare: used for testing and debugging. Dimensions are loaded from both database_DIM_*.bin and database_DIM_*.csv ﬁles and are compared to ﬁnd

-compare identical content.

Note: dimensions that have been saved as binary files are not portable between Linux and Windows. disable-request-logging Allows you to control the flight recorder file (requests.txt in the data directory). When set in palo.ini, no requests.txt file is created or updated. FALSE dump-upload G On/off switch. Disabled dump-upload-desc 3 “” dump-upload-reporter 2 “”

Enables cell drillthrough. enable-drillthrough y False On/off switch. enable-gpu P On/off switch. False enable-password-retrieval Enables reading password hashes from OLAP System database FALSE enable-profiling 4 On/off switch. False encryption X Sets the encryption type. None

possible values: If optional is selected, then you can use HTTPS. If required is selected, then only /server/info will function unencrypted. All other functions require an HTTPS

-none connection. If encryption is turned on, TLS 1.2 is used for communication.

-optional

-required

M – force engine to use Marker Driven Engine for rules with markers (5.1 algorithm)

S – force engine to use statically created markers engine-conﬁguration N [M][S][1][E] 1 – single core calculation

E – suppress rule error propagation across consolidation extensions E ../Modules failed-login-threshold Starts login delay when failed attempts count for username exceeds this value. 10 friendly-service-name F goalseek-limit Z Goalseek algorithm can be executed on slices with maximum . 1000 goalseek-timeout z Algorithm must complete within . 10000 gpu-frame-size 7 Size of GPU computation frame in megabytes gzip [ Level values: 0-9 Disabled

0 – no compression

1 – fastest compression

9 – smallest gzip size help ? Displays the parameters of palo.exe. False

Only for the command line.

On/oﬀ switch. http h

Examples for http interface:

http “” 7777

http “” 7779

http localhost 7779

See description of admin parameter above.

Sets https connection port: https H https 7778 ignore-cell-data U On/oﬀ switch. False

Turns off recovery of data from journal files. ignore-journal I False The option “ignore-journal” can imply loss of data in certain scenarios, and should not be used in a production system! init-file i Only for command line. palo.ini key-files K Empty vector

Only for command line. load-init-ﬁle n True On/oﬀ switch. log o For details on log levels and parameters, see General Information about Logs ink=- log sink=- verbose=

log sink=+ verbose=

log sink=/palo.log

log sink=syslog address=

facility= verbose=

log verbose=

Sets a maximum limit for cells return from an area call: maximum-return-cells l 100000 maximum-return-cells 10000 no-archives < Turns off saving of .archive files for cubes. no-csv-save J Turns off saving of CSV files for cubes whenever possible. Only BIN files are saved. Reduces time needed for saving. False no-csv-save-dim Dimensions are saved only to database_DIM_*.bin files, NOT to database_DIM_*.csv. Behavior is similar to no_csv_save for cubes.

Copyright © Jedox AG “/usr/bin/ntlm_auth =gss-spnego” password p On/oﬀ switch. password-pattern Regular expression used for checking password complexity when the password is changed (or a password is assigned to a new user), to enforce password

complexity.

e.g. (?=……..+)(?=.*[a-z].*)(?=.*[A-Z].*)(.*[0-9@#$%].*) deﬁnes: empty string the password has to be at least 8 characters long and it has to contain at least one uppercase, one lowercase character and one digit or special symbol from

‘@#$%’

When multiple password patterns are defined, the last one has priority. profile-interval 5 60 profile-log If profiling is enabled, it specifies the address and port of syslog server and the facility of messages profile-log sink=syslog

sink=syslog address= ‘address’ parameter is optional with the default value localhost:5556 address=localhost:5556 facility=0

facility= ‘facility’ parameter is optional with default value 0 (kern) saml-authentication Enables SAML authentication mode saml-authorization Enables saml-authorization mode saml-certiﬁcate Certiﬁcate is published in metadata so identity provider can verify the signature or use it to encrypt its responses. saml-encrypt-login Enables encrypting of SAML login requests saml-encrypt-logout Enables encrypting of SAML logout requests

IdP metadata XML url saml-idp-metadata empty string If metadata is distributed as a file, or server is restricted from accessing the internet, use file://<filepath>. saml-nameidpolicy SAML NameID policy Empty/omitted saml-privatekey Private key is used to sign requests (if enabled by saml-sign-login) and decrypt responses from identity provider. saml-sign-login Enables signing the SAML login requests saml-sign-logout Enables signing the SAML logout requests saml-signature-algorithm Algorithm used for SAML signatures http://www.w3.org/2000/09/xmldsig#rsa-sha1 saml-use-logout Enables SAML IdP logout service-description q service-name S

Speciﬁes the idle time after which the session is closed: session-timeout M -1 (300s) session-timeout 3600 splash-limit L Splashing limits in megabytes:

Generates an error if splashing requires more space than the ﬁrst number.

Generates a warning entry if splashing requires more space than the second number. 1000, 500, 100

Generates an info entry if splashing requires more space than the third number.

splash-limit 2000 1000 200 ssl-ciphers List of allowed ssl ciphers

Example: HIGH:!ADH:!EDH:!DHE:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-

SHA:!kRSA start-service s On/oﬀ switch. False template-directory t Directory of online documentation: ../Api

template-directory Binary/Api. trace T Empty string undo-ﬁle-size u bytes in ﬁles for storing changes: 50 * 1024 * 1024

bytes per lock> undo-ﬁle-size 100000000 undo-memory-size m In a locked cube area it is possible to undo changes. Each lock can use bytes in memory for storing changes: 10 * 1024 * 1024

undo-memory-size 10000000 use-cube-worker Y Uses cube worker. False

Can react on cell value changes.

On/oﬀ switch. use-dimension-worker W Uses dimension worker. Can react on creation, deletion, and renaming of an element in a speciﬁed dimension. False

On/oﬀ switch. verbose v Log levels: Error

error, warning, info, debug, trace

If no value has been set, then error is the default value. version V Only for command line. False

On/oﬀ switch. wbinfo ) “/usr/bin/wbinfo” windows-sso e Enables Windows SSO authentication. False

On/oﬀ switch. windows-sso-authentication } windows-sso-ignore-groups Disables group fetching in authentication mode (i.e., when windows-sso-authentication is active). Can speed up authentication process when users are

assigned to many groups.

When activated, arrays with group names are not retrieved from AD, so SVS authentication script receives empty array with group names. worker w worker /usr/bin/php5 / Empty string

home/palo/worker.php empty vector

workerlogin x Uses a worker for login

Possible values:

-information

-authentication

-authorization None

Example: workerlogin authorization

The workerlogin parameter has one additional argument. If you supply workerlogin on the command line and in the conﬁguration ﬁle, then the value supplied

in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B

are used. zip-backup ] Level values: 0-9

0 – no compression

1 – fastest compression

9 – smallest zip size

The following values are possible for (code or keyword)

0 kern

1 user

2 mail

3 daemon

4 auth

5 syslog

6 lpr

7 news

8 uucp

9 cron

10 authpriv

11 ftp

12 ntp

13 security

14 console

15 solaris-cron

16-23 local0…local7

A comment starts with a “#” sign in palo.ini. The command line arguments are evaluated first, and the file palo.ini is evaluated after the command line arguments have been processed. If you start palo with -n or – -load-init-file on the command line, then the init file is not read. The load-init-file option is ignored if given in the configuration file. Parameters without additional parameters like “auto-load” or “auto-commit” toggle a state from “true” to “false” and vice versa. You can declare a “toggle” parameter more than once.

If additional parameters like “worker” or “workerlogin” are given more than once on the command line or the configuration file, then only the last definition is valid, with the exception of the parameters “admin” and “http”, which are treated specially. All the definitions supplied on the command line and in the init file are used. For example, the default of “add-new-database” is true (see palo -?). If you supply – -add-new- database on the command line but not in the configuration file, then the option will be set to false. If you supply add-new-database in the configuration file but not on the command line then the option will also be set to false. If you supply – -add-new-database on the command line and in the configuration file, then the option will be true again, as it is toggled twice.

The option “workerlogin” has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the