Configuring palo.ini for the In-Memory DB
This article describes the parameters of the palo.ini configuration file. These parameters can also be used as command line parameters for the In-Memory Database binary: palo.exe for Windows and “palo” for Linux.
The Palo parameters have a short and a long form. On the command line, the short form has one dash (-) in front; the long form has two dashes (- -) in front. Examples: palo -? / palo - -help. The table below lists the parameters in alphabetical order by long form.
Palo.exe gets these parameters as command line arguments and/or via the palo.ini file. Note: any changes made to the palo.ini file require restarting the OLAP service.
Please see Order of command execution at the end of this document. In the file …\Jedox Suite\olap\data\palo.ini.sample you can find descriptions and examples of how to use parameters in the palo.ini.
Short Long form Argument(s) Description / Example(s) Default value form
Tries to add directories with OLAP database automatically and adds them to palo.csv. add-new-databases D True On/off switch.
Http interface with server browser and online documentation. An address can be a server name, an internet address or “” for all server internet addresses.
Port is a number: admin a
admin localhost 7770
admin “” 7780 amazon-id O False audit 1 See KB article Audit Information Disabled audit-blocksize {
Commits all changes on server shutdown. auto-commit B True On/off switch. auto-load A Loads all databases on server start into memory which are defined in the palo.csv. On/off switch. True autosave-interval x integer, minimum 5, maximum 1440 If set, defines the interval (in minutes) in which automatic autosave runs. If not set, default interval of 5 minutes is used. 5
in each cube cache> cache-barrier 0 (sets cache-barrier to 0). Only for the command line. chdir C True On/off switch. Copyright © Jedox AG cross-origin g Note: If “crypt” is enabled, – it is not possible to set the log-level of OLAP Server to “trace” or “debug”. Both log levels could make the log file contain information about database contents, and since log files are always readable, this would conflict with the purpose of the “crypt” option. – it is not possible to enable the “audit” option in palo.ini. The data storage for audit information currently cannot be encrypted, and so that storage would again contain readable data information which would conflict with the purpose of the “crypt” option. For decryption, just remove crypt from palo.ini and on next “save” the database files will be decrypted, i.e. if a value is written to a cube, it will be decrypted (with all its files). It will not be automatically decrypted. Don’t remove crypt-key otherwise it won’t be possible to load encrypted files. Remove the crypt-key False after you’re sure that everything was decrypted. Procedure to decrypt all databases: – remove crypt from palo.ini – restart OLAP service – use Jedox example (ETL-Tools) “Database Copy” – copy all databases – everything will be back to decrypted status Sets pass phrase used for encrypting/decrypting of the database files. crypt-key k keys of up to 448 bytes in length. data-directory d Default value for database access rights. default-db-right R contains database script files that are used to generate default subsets for a dimension. Note: when the OLAP API function /dimension/create is called with parameter mode=1, then not only is a dimension created, but the OLAP server will also execute all database scripts from the subsets directory, if it exists in the directory indicated by defaults-directory palo.ini key. -legacy Binary: dimensions are saved to database_DIM_*.csv and database_DIM_*.bin (if available), similar to cube save/load. -binary Compare: used for testing and debugging. Dimensions are loaded from both database_DIM_*.bin and database_DIM_*.csv files and are compared to find -compare identical content. Note: dimensions that have been saved as binary files are not portable between Linux and Windows. disable-request-logging Allows you to control the flight recorder file (requests.txt in the data directory). When set in palo.ini, no requests.txt file is created or updated. FALSE dump-upload G On/off switch. Disabled dump-upload-desc 3 Enables cell drillthrough. enable-drillthrough y False On/off switch. enable-gpu P On/off switch. False enable-password-retrieval Enables reading password hashes from OLAP System database FALSE enable-profiling 4 On/off switch. False encryption X possible values: If optional is selected, then you can use HTTPS. If required is selected, then only /server/info will function unencrypted. All other functions require an HTTPS -none connection. If encryption is turned on, TLS 1.2 is used for communication. -optional -required M – force engine to use Marker Driven Engine for rules with markers (5.1 algorithm) S – force engine to use statically created markers engine-configuration N [M][S][1][E] 1 – single core calculation E – suppress rule error propagation across consolidation extensions E 0 – no compression 1 – fastest compression 9 – smallest gzip size help ? Displays the parameters of palo.exe. False Only for the command line. On/off switch. http h
http “” 7777
http “” 7779
http localhost 7779
See description of admin parameter above.
Sets https connection port: https H
Turns off recovery of data from journal files. ignore-journal I False The option “ignore-journal” can imply loss of data in certain scenarios, and should not be used in a production system! init-file i
Only for command line. load-init-file n True On/off switch. log o For details on log levels and parameters, see General Information about Logs ink=- log sink=- verbose=
log sink=+ verbose=
log sink=
log sink=syslog address=
facility=
log verbose=
Sets a maximum limit for cells return from an area call: maximum-return-cells l
Copyright © Jedox AG “/usr/bin/ntlm_auth
complexity.
e.g. (?=……..+)(?=.*[a-z].*)(?=.*[A-Z].*)(.*[0-9@#$%].*) defines: empty string the password has to be at least 8 characters long and it has to contain at least one uppercase, one lowercase character and one digit or special symbol from
‘@#$%’
When multiple password patterns are defined, the last one has priority. profile-interval 5
sink=syslog address=
facility=
IdP metadata XML url saml-idp-metadata
Specifies the idle time after which the session is closed: session-timeout M
Generates an error if splashing requires more space than the first number.
Generates a warning entry if splashing requires more space than the second number. 1000, 500, 100
Generates an info entry if splashing requires more space than the third number.
splash-limit 2000 1000 200 ssl-ciphers List of allowed ssl ciphers
Example: HIGH:!ADH:!EDH:!DHE:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-
SHA:!kRSA start-service s On/off switch. False template-directory t
template-directory Binary/Api. trace T
bytes per lock> undo-file-size 100000000 undo-memory-size m
undo-memory-size 10000000 use-cube-worker Y Uses cube worker. False
Can react on cell value changes.
On/off switch. use-dimension-worker W Uses dimension worker. Can react on creation, deletion, and renaming of an element in a specified dimension. False
On/off switch. verbose v
error, warning, info, debug, trace
If no value has been set, then error is the default value. version V Only for command line. False
On/off switch. wbinfo )
On/off switch. windows-sso-authentication } windows-sso-ignore-groups Disables group fetching in authentication mode (i.e., when windows-sso-authentication is active). Can speed up authentication process when users are
assigned to many groups.
When activated, arrays with group names are not retrieved from AD, so SVS authentication script receives empty array with group names. worker w
Possible values:
-information
-authentication
-authorization None
Example: workerlogin authorization
The workerlogin parameter has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied
in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B
are used. zip-backup ]
0 – no compression
1 – fastest compression
9 – smallest zip size
The following values are possible for
Copyright © Jedox AG Code Keyword
0 kern
1 user
2 mail
3 daemon
4 auth
5 syslog
6 lpr
7 news
8 uucp
9 cron
10 authpriv
11 ftp
12 ntp
13 security
14 console
15 solaris-cron
16-23 local0…local7
Copyright © Jedox AG Order of command execution
A comment starts with a “#” sign in palo.ini. The command line arguments are evaluated first, and the file palo.ini is evaluated after the command line arguments have been processed. If you start palo with -n or – -load-init-file on the command line, then the init file is not read. The load-init-file option is ignored if given in the configuration file. Parameters without additional parameters like “auto-load” or “auto-commit” toggle a state from “true” to “false” and vice versa. You can declare a “toggle” parameter more than once.
If additional parameters like “worker” or “workerlogin” are given more than once on the command line or the configuration file, then only the last definition is valid, with the exception of the parameters “admin” and “http”, which are treated specially. All the definitions supplied on the command line and in the init file are used. For example, the default of “add-new-database” is true (see palo -?). If you supply – -add-new- database on the command line but not in the configuration file, then the option will be set to false. If you supply add-new-database in the configuration file but not on the command line then the option will also be set to false. If you supply – -add-new-database on the command line and in the configuration file, then the option will be true again, as it is toggled twice.
The option “workerlogin” has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the
Copyright © Jedox AG configuration file, then both ports A and B are used.
Copyright © Jedox AG