Custom Configurations for the In-Memory DB (OLAP)
The In-Memory DB (OLAP) can be configured in many ways to optimize performance. The table below describes the currently available settings. Cloud customers can request specific configurations by contacting Jedox Support.
Long form |
Short form |
Argument(s) |
Description / Example(s) |
Default value |
|||||
---|---|---|---|---|---|---|---|---|---|
add-new-databases |
D |
Tries to add directories with OLAP database automatically and adds them to palo.csv. |
True |
||||||
a |
<address> <port> |
Http interface with server browser and online documentation. An address can be a server name, an internet address or "" for all server internet addresses. |
|||||||
1 |
See KB article Audit Information |
Disabled |
|||||||
audit-blocksize |
{ |
<number> | Maximum number of rows returned for simple audit mode | ||||||
auto-commit |
B |
Commits all changes on server shutdown. |
True |
||||||
auto-load |
A |
Loads all databases on server start into memory which are defined in the palo.csv. On/off switch. |
True |
||||||
autosave-interval x | integer, minimum 5, maximum 1440 | If set, defines the interval (in minutes) in which automatic autosave runs. If not set, default interval of 5 minutes is used. | 5 | ||||||
b |
<max number |
Sets the max number of cells to store in each cube cache. |
100000000 |
||||||
cross-origin |
g |
<domain_name> |
|||||||
c |
Turns on encrypting of the database files. Newly saved files are encrypted if this is set using the AES-256-CBC algorithm. On/off switch. Note: If "crypt" is enabled, For decryption, just remove crypt from palo.ini and on next "save" the database files will be decrypted, i.e. if a value is written to a cube, it will be decrypted (with all its files). It will not be automatically decrypted. Don't remove crypt-key otherwise it won't be possible to load encrypted files. Remove the crypt-key after you're sure that everything was decrypted. Procedure to decrypt all databases: |
False |
|||||||
k |
<passphrase for crypting csv files> |
Sets pass phrase used for encrypting/decrypting of the database files. |
Empty string |
||||||
default-db-right |
R |
<right value> |
Default value for database access rights. |
D |
|||||
defaults-directory |
<directory_path> |
Specifies the path to the directory where some files for OLAP server are stored. The default directory (../defaults) contains a directory called Subsets, which contains database script files that are used to generate default Subsets for a dimension. Note: when the OLAP API function /dimension/create is called with parameter mode=1, then not only is a dimension created, but the OLAP server will also execute all database scripts from the Subsets directory, if it exists in the directory indicated by defaults-directory palo.ini key. |
../defaults |
||||||
device |
j |
<bus_id0>.<device_id0> |
All available devices |
Empty vector |
|||||
Possible values: -legacy |
Legacy: dimensions are saved to database.csv Binary: dimensions are saved to database_DIM_*.csv and database_DIM_*.bin (if available), similar to cube save/load. Note: dimensions that have been saved as binary files are not portable between Linux and Windows. |
legacy |
|||||||
disable-dump |
|
|
Disables the Breakpad crash handler in order to "fall back" to the OS crash handler. Disabling Breakpad results in a WARNING log entry, as it removes the possibility of sending crash reports (via Sentry). (49069) |
Enabled |
|||||
disable-request-logging |
Allows you to control the flight recorder file (requests.txt in the data directory). When set in palo.ini, no requests.txt file is created or updated. | FALSE | |||||||
dump-upload |
G |
On/off switch. |
Disabled |
||||||
dump-upload-desc |
3 |
<description> |
"" |
||||||
dump-upload-reporter |
2 |
<email-address> |
"" |
||||||
enable-drillthrough |
y |
On/off switch to enable cell drillthrough. This option has been deprecated as of Jedox version 2023.4. The "drillthrough-mode" (below) should be used instead. If this value is set to TRUE, the |
False |
||||||
|
|
Disabled |
|||||||
enable-gpu |
P |
On/off switch. |
False |
||||||
enable-password-retrieval |
Enables reading password hashes from OLAP System database | FALSE | |||||||
enable-profiling |
4 |
On/off switch. |
False |
||||||
encryption |
X |
<encryption-type> |
Sets the encryption type. |
None |
|||||
engine-configuration |
N |
[M][S][1][E] |
M - force engine to use Marker Driven Engine for rules with markers (5.1 algorithm) |
||||||
extensions |
E |
<directory> |
../Modules |
||||||
failed-login-threshold |
<count> |
Starts login delay when failed attempts count for username exceeds this value. |
10 | ||||||
goalseek-limit |
Z |
<number_of_cells> |
Goalseek algorithm can be executed on slices with maximum <number_of_cells>. |
1000 |
|||||
goalseek-timeout |
z |
<milliseconds> |
Algorithm must complete within <familliseconds>. |
10000 |
|||||
gzip |
[ |
<level> |
Level values: 0-9 |
Disabled |
|||||
http |
h |
<address> <port> |
Examples for http interface: |
||||||
https |
H |
<port> |
Sets https connection port: |
||||||
init-file |
i |
<init-file> |
Only for command line. |
palo.ini |
|||||
journal-flush-interval |
Flushing of data prevents possible data loss following unexpected events, such as a power outage. This key sets an interval of 1-300 seconds, after which journal data will be flushed to the file system. Values: Examples: |
1 | |||||||
key-files |
K |
<ca> <private> <dh> |
Empty vector |
||||||
load-init-file |
n |
Only for command line. |
True |
||||||
log |
o |
|
Example: log sink=../log/olap_server.log verbose=info For details on log levels and parameters, see . |
ink=- |
|||||
maximum-return-cells |
l |
<number> |
Sets a maximum limit for cells return from an area call: |
100000 |
|||||
< |
Turns off saving of .archive files for cubes. | ||||||||
J |
Turns off saving of CSV files for cubes whenever possible. Only BIN files are saved. Reduces time needed for saving. |
False |
|||||||
Dimensions are saved only to database_DIM_*.bin files, NOT to database_DIM_*.csv. Behavior is similar to no_csv_save for cubes. | |||||||||
no-checksum |
|
|
Disables checksum validation of binary database files. |
|
|||||
ntlm_auth |
( |
<path to ntlm_auth |
"/usr/bin/ntlm_auth |
||||||
olap-requests-timeout |
|
<network_timeout> |
Jedox In-Memory DB (OLAP) requests can be canceled in the event of a web services shutdown after a defined time period. Once the time period is reached, all active In-Memory DB requests from the client will be canceled. The timeout period can be modified in the palo_config.xml file. |
10000 milliseconds | |||||
password |
p |
<private-password> |
On/off switch. |
||||||
password-pattern |
<regular expression> |
Regular expression used for checking password complexity when the password is changed (or a password is assigned to a new user), to enforce password complexity. When multiple password patterns are defined, the last one has priority. |
empty string | ||||||
profile-interval |
5 |
<seconds> |
60 |
||||||
profile-log |
sink=syslog address=<address:port> facility=<facility> |
If profiling is enabled, it specifies the address and port of syslog server and the facility of messages 'address' parameter is optional with the default value localhost:5556 'facility' parameter is optional with default value 0 (kern) |
profile-log sink=syslog address=localhost:5556 facility=0 | ||||||
saml-authentication |
Enables SAML authentication mode | ||||||||
saml-authorization |
Enables saml-authorization mode | ||||||||
saml-certificate |
<path to certificate> | Certificate is published in metadata so identity provider can verify the signature or use it to encrypt its responses. | |||||||
saml-digest-algorithm | Hashing algorithm for signing. | http://www.w3.org/2001/04/xmlenc#sha256 | saml-digest-algorithm | ||||||
saml-embed-signature | Embeds SAML request signature inside XML message instead of using it as GET parameter as defined by SAML Redirect standard. | saml-embed-signature | |||||||
saml-encrypt-login |
Enables encrypting of SAML login requests | ||||||||
saml-encrypt-logout |
Enables encrypting of SAML logout requests | ||||||||
saml-force-authn |
|
|
If the key is defined in palo.ini, the identity provider must authenticate the presenter directly rather than rely on a previous security context. |
False |
|||||
saml-idp-metadata |
<url> |
IdP metadata XML url If metadata is distributed as a file, or server is restricted from accessing the internet, use file://<filepath>. |
empty string | ||||||
saml-nameidpolicy |
<NameID policy> |
SAML NameID policy | Empty/omitted | ||||||
saml-privatekey |
<path to private key> |
Private key is used to sign requests (if enabled by saml-sign-login) and decrypt responses from identity provider. | |||||||
saml-sign-login |
Enables signing the SAML login requests | ||||||||
saml-sign-logout |
Enables signing the SAML logout requests | ||||||||
saml-signature-algorithm |
<algorithm type> |
Algorithm used for SAML signatures | http://www.w3.org/2000/09/xmldsig#rsa-sha1 | ||||||
saml-use-logout |
Enables SAML IdP logout | ||||||||
session-timeout |
M |
<seconds> |
Specifies the idle time after which the session is closed: |
-1 (300s) |
|||||
L |
<error> <warning> <info> <bulk error> <bytes> |
splashing limits in megabytes: Generates an error if splashing requires more space than the first number. Generates a warning entry if splashing requires more space than the second number. Generates an info entry if splashing requires more space than the third number. Generates an error if splashing operations in a bulk request require in total more space than the fourth number. “Bulk” requests are those where multiple values (cells) are changed in a single request. PALO.SETDATA_BULK() function uses this, but also ETL cube loads. In previous versions, the check was executed for each single value change in the bulk request. This new value will additionally check the overall memory requirement for the whole bulk. Without a change of the default value (empty or 0) the overall memory requirement for the whole bulk will not be checked. The fifth number is an estimation of the memory used for one cell in bytes.The used default value is 16 (entry: empty or 16). This value influences how the memory consumption of values is calculated, i.e. how much memory OLAP assumes for individual base cell values. The previously used value was hardcoded to 16 bytes; this value may be too low in reality. It can now be changed via this value. A higher value (e.g. 32) will increase the assumed memory for splashing operations and the value of number four will be exceeded earlier. Example: splash-limit 2000 1000 200 8000 32 |
1000, 500, 100 |
||||||
|
|
Defines the number of cells that are allowed to be splashed. If a value is splashed to an empty cell and the number of affected cells exceeds the limit defined, then the following error code is returned: ERROR_splash_THRESHOLD_EXCEEDED = 5027 |
1,000,000 |
||||||
ssl-ciphers |
<list of SSL ciphers> |
List of allowed ssl ciphers Example: HIGH:!ADH:!EDH:!DHE:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!kRSA |
|||||||
|
|
Sets the number of cell changes allowed before a database rebuild is triggered. If the string data limit is set to a high number (more than 100K), the rebuild should be scheduled with string-storage-rebuild-schedule. If no time is set, an error message will be logged during startup (but server will start). For details, see OLAP String Storage and its Usage in Jedox . |
1000 |
||||||
string-storage-rebuild-schedule |
|
|
Specifies time of day when database rebuild is triggered. Format is HH:MM. Example: string-storage-rebuild-schedule 03:15 |
|
|||||
|
|
New fresh System DB is created when System database.csv file is missing. |
Disabled |
||||||
template-directory |
t |
<directory> |
Directory of online documentation: |
../Api |
|||||
trace |
T |
<logname> |
Enables trace logging. Once enabled, a trace log file will be created in the olap/data directory for each opened port per startup (note: you can specify just the filename for the data folder - thus it will be saved in the olap/data directory - or a full path to another directory, such as /full/path/traceFolder/<logname>). |
Empty string |
|||||
undo-file-size |
u |
<number of |
In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in files for storing changes: |
50 * 1024 * 1024 |
|||||
undo-memory-size |
m |
<number of bytes per lock> |
In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in memory for storing changes: |
10 * 1024 * 1024 |
|||||
Y |
Uses cube worker. |
False |
|||||||
use-dimension-worker |
W |
Uses dimension worker. Can react on creation, deletion, and renaming of an element in a specified dimension. |
False |
||||||
use-new-Subset-def |
|
|
Converts existing Subsets to View XML schema upon database load. |
|
|||||
verbose |
v |
<level> |
Log levels: If no value has been set, then error is the default value. |
Error |
|||||
wbinfo |
) |
<path to wbinfo> |
"/usr/bin/wbinfo" |
||||||
windows-sso |
e |
Enables Windows SSO authentication. |
False |
||||||
windows-sso-authentication |
} |
||||||||
windows-sso-ignore-groups |
Disables group fetching in authentication mode (i.e., when windows-sso-authentication is active). Can speed up authentication process when users are assigned to many groups. When activated, arrays with group names are not retrieved from AD, so SVS authentication script receives empty array with group names. |
||||||||
worker |
w |
<worker-executable> |
worker /usr/bin/php5 / |
Empty string |
|||||
worker-pool-init-size |
|
|
Sets the initial size of the SVS worker pool for all OLAP operations. worker-pool-init-size 5 |
1 |
|||||
worker-pool-max-size |
|
|
Sets the maximum size of the SVS worker pool for all OLAP operations. Introduces a maximum on the number of parallel activities involving SVS, such as parallel writebacks through SVS. worker-pool-max-size 32 |
32 |
|||||
workerlogin |
x |
<worker-login-type> |
Uses a worker for login The workerlogin parameter has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B are used. *Authorization and authentication modes will be deprecated in Jedox 2024.2. |
None |
|||||
] |
<level> |
Level values: 0-9 |
The following values are possible for <facility> (code or keyword)
Code | Keyword |
0 | kern |
1 | user |
2 | |
3 | daemon |
4 | auth |
5 | syslog |
6 | lpr |
7 | news |
8 | uucp |
9 | cron |
10 | authpriv |
11 | ftp |
12 | ntp |
13 | security |
14 | console |
15 | solaris-cron |
16-23 | local0...local7 |
Order of command execution
A comment starts with a "#" sign in palo.ini. The command line arguments are evaluated first, and the file palo.ini is evaluated after the command line arguments have been processed. If you start palo with -n or - -load-init-file on the command line, then the init file is not read. The load-init-file option is ignored if given in the configuration file. Parameters without additional parameters like "auto-load" or "auto-commit" toggle a state from "true" to "false" and vice versa. You can declare a "toggle" parameter more than once.
If additional parameters like "worker" or "workerlogin" are given more than once on the command line or the configuration file, then only the last definition is valid, with the exception of the parameters "admin" and "http", which are treated specially. All the definitions supplied on the command line and in the init file are used. For example, the default of "add-new-database" is true (see palo -?). If you supply - -add-new-database on the command line but not in the configuration file, then the option will be set to false. If you supply add-new-database in the configuration file but not on the command line then the option will also be set to false. If you supply - -add-new-database on the command line and in the configuration file, then the option will be true again, as it is toggled twice.
The option "workerlogin" has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B are used.
Updated September 27, 2024