Deploying with Object Storage
This topic explains how to deploy Databend with your object storage. For a list of supported object storage solutions, see Understanding Deployment Modes.
Before You start
Before deploying Databend, ensure that you have successfully set up your object storage and downloaded the latest version of Databend.
Set up object storage
- Amazon S3
- Google GCS
- Azure Blob
- Tencent COS
- Alibaba Cloud OSS
- Wasabi
- MinIO
- CubeFS
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your cloud object storage, refer to the user manual from the solution provider. Here are some useful links you may need:
- Follow the topic Create a new bucket from the Google documentation to create a bucket named
my_bucket
. - Follow the topic Create a service account key from the Google documentation to create and download a service account key file.
- Utilize Base64 encoding to convert the contents of the service account key file into a Base64-encoded string. For example,
base64 -i <path-to-your-key-file> -o ~/Desktop/base64-encoded-key.txt
The command above will generate a file named base64-encoded-key.txt
containing the credentials that you will subsequently use to configure the connection in the databend-query.toml
configuration file.
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your cloud object storage, refer to the user manual from the solution provider. Here are some useful links you may need:
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your cloud object storage, refer to the user manual from the solution provider. Here are some useful links you may need:
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your cloud object storage, refer to the user manual from the solution provider. Here are some useful links you may need:
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your cloud object storage, refer to the user manual from the solution provider. Here are some useful links you may need:
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your MinIO, refer to the user manual from the solution provider. Here are some useful links you may need:
- Start the ObjectNode object gateway.
- Create a bucket or container named
my_bucket
. - Get the endpoint URL for connecting to the bucket or container you created.
- Get the Access Key ID and Secret Access Key for your account.
For information about how to manage buckets and Access Keys for your CubeFS, refer to the user manual from the solution provider. Here are some useful links you may need:
Download Databend
- Create a folder named
databend
in the directory/usr/local
. - Download and extract the latest Databend release for your platform from GitHub Release:
- Linux(x86)
- Linux(Arm)
curl -LJO https://repo.databend.rs/databend/${version}/databend-${version}-x86_64-unknown-linux-musl.tar.gz
tar xzvf databend-${version}-x86_64-unknown-linux-musl.tar.gz
curl -LJO https://repo.databend.rs/databend/${version}/databend-${version}-aarch64-unknown-linux-musl.tar.gz
tar xzvf databend-${version}-aarch64-unknown-linux-musl.tar.gz
- Move the extracted folders
bin
,configs
, andscripts
to the folder/usr/local/databend
.
Step 1: Deploying Meta Node
Follow the instructions below to deploy a Meta node:
Start Meta Node
- Open a terminal window and navigate to the folder
/usr/local/databend/bin
. - Run the following command to start the Meta node:
./databend-meta -c ../configs/databend-meta.toml > meta.log 2>&1 &
Check Meta Node
Run the following command to check if the Meta node was started successfully:
curl -I http://127.0.0.1:28101/v1/health
Step 2: Deploying Query Node
Follow the instructions below to deploy a Query node:
Configure Query Node
- Locate the file
databend-query.toml
in the folder/usr/local/databend/configs
. - In the file
databend-query.toml
, set the parameter type in the [storage] block and configure the access credentials and endpoint URL for connecting to your object storage.
To configure your storage settings, comment out the [storage.fs] section by adding #
at the beginning of each line. Then, uncomment the relevant section for your object storage provider by removing the #
symbol and fill in your values.
- Amazon S3
- Google GCS
- Azure Blob
- Tencent COS
- Alibaba Cloud OSS
- Wasabi
- MinIO
- CubeFS
[storage]
# s3
type = "s3"
[storage.s3]
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html
bucket = "my_bucket"
endpoint_url = "https://s3.amazonaws.com"
# How to get access_key_id and secret_access_key:
# https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
access_key_id = "<your-key-id>"
secret_access_key = "<your-access-key>"
For the credential
parameter, paste the Base64-encoded string obtained in Step Setting up Your Object Storage (enclosed in double quotation marks).
[storage]
# gcs
type = "gcs"
[storage.gcs]
bucket = "my_bucket"
# endpoint_url defaults to "https://storage.googleapis.com"
credential = "<your-credential>"
[storage]
# azblob
type = "azblob"
[storage.azblob]
endpoint_url = "https://<your-storage-account-name>.blob.core.windows.net"
# https://docs.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-portal#create-a-container
container = "my_bucket"
account_name = "<your-storage-account-name>"
# https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys
account_key = "<your-account-key>"
When specifying the endpoint_url
parameter, ensure to exclude the <BucketName-APPID>
portion from your bucket's endpoint. For instance, if your bucket endpoint is https://databend-xxxxxxxxxx.cos.ap-beijing.myqcloud.com
, use https://cos.ap-beijing.myqcloud.com
. For Tencent COS endpoints in various regions, refer to https://www.tencentcloud.com/document/product/436/6224.
[storage]
# s3
type = "cos"
[storage.cos]
# How to create a bucket:
# https://cloud.tencent.com/document/product/436/13309
bucket = "my_bucket"
# The following is an example where the region is Beijing (ap-beijing).
endpoint_url = "https://cos.ap-beijing.myqcloud.com"
# How to get secret_id and secret_key:
# https://cloud.tencent.com/document/product/436/68282
secret_id = "<your-secret-id>"
secret_key = "<your-secret-key>"
[storage]
type = "oss"
[storage.oss]
bucket = "my_bucket"
# You can get the URL from the bucket detail page.
# https://help.aliyun.com/document_detail/31837.htm
# https://<bucket-name>.<region-id>[-internal].aliyuncs.com
# This example uses OSS region id: oss-cn-beijing-internal.
endpoint_url = "https://oss-cn-beijing-internal.aliyuncs.com"
# enable_virtual_host_style = true
# How to get access_key_id and secret_access_key:
# https://help.aliyun.com/document_detail/53045.htm
access_key_id = "<your-key-id>"
secret_access_key = "<your-access-key>"
Databend Enterprise Edition supports server-side encryption in OSS. This feature enables you to enhance data security and privacy by activating server-side encryption for data stored in OSS. You can choose the encryption method that best suits your needs. Please note that you must have a valid Databend Enterprise Edition license to utilize this feature. To obtain one, see Licensing Databend.
To enable server-side encryption in Databend, add the following parameters to the [storage.oss] section:
Parameter | Description | Available Values |
---|---|---|
server_side_encryption | Specifies the server-side encryption method for OSS data. "AES256" uses an OSS-managed AES256 key for encryption, while "KMS" utilizes the key defined in server_side_encryption_key_id. | "AES256" or "KMS" |
server_side_encryption_key_id | When server_side_encryption is set to "KMS," this parameter is used to specify the server-side encryption key ID for OSS. It is only applicable when using the KMS encryption mode. | String, a unique identifier for the KMS encryption key. |
[storage]
# s3
type = "s3"
[storage.s3]
bucket = "my_bucket"
# You can get the URL from:
# https://wasabi-support.zendesk.com/hc/en-us/articles/360015106031-What-are-the-service-URLs-for-Wasabi-s-different-regions-
endpoint_url = "https://s3.us-east-2.wasabisys.com"
# How to get access_key_id and secret_access_key:
access_key_id = "<your-key-id>"
secret_access_key = "<your-access-key>"
[storage]
# s3
type = "s3"
[storage.s3]
bucket = "my_bucket"
endpoint_url = "<your-endpoint-url>"
access_key_id = "<your-key-id>"
secret_access_key = "<your-access-key>"
[storage]
# s3
type = "s3"
[storage.s3]
bucket = "my_bucket"
endpoint_url = "<your-endpoint-url>"
access_key_id = "<your-key-id>"
secret_access_key = "<your-access-key>"
- Configure an admin user with the [query.users] sections. For more information, see Configuring Admin Users. To proceed with the default root user and the authentication type "no_password", ensure that you remove the '#' character before the following lines in the file
databend-query.toml
:
Using "no_password" authentication for the root user in this tutorial is just an example and not recommended for production due to potential security risks.
...
[[query.users]]
name = "root"
auth_type = "no_password"
...
Start Query Node
- Open a terminal window and navigate to the folder
/usr/local/databend/bin
. - Run the following command to start the Query node:
./databend-query -c ../configs/databend-query.toml > query.log 2>&1 &
Check Query Node
Run the following command to check if the Query node was started successfully:
curl -I http://127.0.0.1:8080/v1/health
Step 3: Verifying Deployment
In this step, you will run a simple query against Databend using BendSQL to verify the deployment.
Install BendSQL
Follow Installing BendSQL to install BendSQL on your machine.
Connect to Databend
Follow Connecting to Databend using BendSQL to launch BendSQL and retrieve the current time for verification.
Starting / Stopping Databend
Each time you initiate or halt Databend, there's no need to manage the Meta and Query nodes individually. Execute the scripts in the /usr/local/databend/scripts
directory to handle both nodes with a single run:
# Start Databend
./scripts/start.sh
# Stop Databend
# This script employs the KILLALL command. If not installed, please install the psmisc package for your system.
# For example, on CentOS: yum install psmisc
./scripts/stop.sh
Permission denied?
==> query.log <==
: No getcpu support: percpu_arena:percpu
: option background_thread currently supports pthread only
Databend Query start failure, cause: Code: 1104, Text = failed to create appender: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }.
Run the following commands and try starting Databend again:
sudo mkdir /var/log/databend
sudo mkdir /var/lib/databend
sudo chown -R $USER /var/log/databend
sudo chown -R $USER /var/lib/databend
Next Steps
After deploying Databend, you might need to learn about the following topics:
- Load & Unload Data: Manage data import/export in Databend.
- Visualize: Integrate Databend with visualization tools for insights.