Configuring palo.ini for the In-Memory Database Server

image_pdfimage_print

This article describes the parameters of the palo.ini configuration file. These parameters can also be used as command line parameters for the In-Memory Database binary: palo.exe for Windows and “palo” for Linux.

The Palo parameters have a short and a long form. On the command line, the short form has one dash (-) in front; the long form has two dashes (- -) in front. Examples: palo -? / palo - -help.

Palo.exe gets these parameters as command line arguments and/or via the palo.ini file.

Please see Order of command execution at the end of this document. In the file …\Jedox Suite\olap\data\palo.ini.sample you can find descriptions and examples of how to use parameters in the palo.ini.

Short form

Long form

Argument(s)

Description / Example(s)

Default value

?

help

 

Displays the parameters of palo.exe.
Only for the command line.
On/off switch.

False

a

admin

<address> <port>

Http interface with server browser and online documentation. An address can be a server name, an internet address or “” for all server internet addresses.
Port is a number:
admin 192.168.1.2 7777
admin localhost 7770
admin “” 7780

 

A

auto-load

 

Loads all databases on server start into memory which are defined in the palo.csv. On/off switch.

True

b

cache-barrier

<max number
of cells to store
in each cube cache>

Sets the max number of cells to store in each cube cache.
cache-barrier 150000000
cache-barrier 0 (sets cache-barrier to 0).

100000000

B

auto-commit

 

Commits all changes on server shutdown.
On/off switch.

True

c

crypt

 

Turns on encrypting of the database files. Newly saved files are encrypted if this is set using the Blowfish algorithm. On/off switch.

Note: If “crypt” is enabled,
– it is not possible to set the log-level of OLAP Server to “trace” or “debug”. Both log levels could make the log file contain information about database contents, and since log files are always readable, this would conflict with the purpose of the “crypt” option.
– it is not possible to enable the “audit” option in palo.ini. The data storage for audit information currently cannot be encrypted, and so that storage would again contain readable data information which would conflict with the purpose of the “crypt” option.

For decryption, just remove crypt from palo.ini and on next “save” the database files will be decrypted, i.e. if a value is written to a cube, it will be decrypted (with all its files). It will not be automatically decrypted. Don’t remove crypt-key otherwise it won’t be possible to load encrypted files. Remove the crypt-key after you’re sure that everything was decrypted.

Procedure to decrypt all databases:
– remove crypt from palo.ini
– restart OLAP service
– use Jedox example (ETL-Tools) “Database Copy”
– copy all databases
– everything will be back to decrypted status

False

C

chdir

 

Only for the command line.
On/off switch.

True

d

data-directory

<directory>

Only for command line.

./Data

D

add-new-databases

 

Tries to add directories with OLAP database automatically and adds them to palo.csv.
On/off switch.

True

e

windows-sso

 

Enables Windows SSO authentication.
On/off switch.

False

E

extensions

<directory>

 

../Modules

F

friendly-service-name

<service-name>

   

g

cross-origin

<domain_name>

   

G

dump-upload

 

On/off switch.

Disabled

h

http

<address> <port>

Examples for http interface:
http “” 7777
http “” 7779
http localhost 7779
See description of admin parameter above.

 

H

https

<port>

Sets https connection port:
https 7778

 

i

init-file

<init-file>

Only for command line.

palo.ini

I

ignore-journal

 

Turns off recovery of data from journal files.
The option “ignore-journal” can imply loss of data in certain scenarios, and should not be used in a production system!

False

j

device

<bus_id0>.<device_id0>
<bus_id1>.<device_id1> …

All available devices

Empty vector

J

no-csv-save

 

Turns off saving of CSV files for cubes whenever possible. Only BIN files are saved. Reduces time needed for saving.

False

k

crypt-key

<passphrase for crypting csv files>

Sets pass phrase used for encrypting/decrypting of the database files.
It is used also for decrypting, so it has to be set if there are any encrypted files in the database (even when encrypting is off ). Blowfish algorithm supports keys of up to 448 bytes in length.

Empty string

K

key-files

<ca> <private> <dh>

 

Empty vector

l

maximum-return-cells

<number>

Sets a maximum limit for cells return from an area call:
maximum-return-cells 10000

20000

L

splash-limit

<error> <warning> <info>

Splashing limits in megabytes:
Generates an error if splashing requires more space than the first number.
Generates a warning entry if splashing requires more space than the second number.
Generates an info entry if splashing requires more space than the third number.
splash-limit 2000 1000 200

1000, 500, 100

m

undo-memory-size

<number of bytes per lock>

In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in memory for storing changes:
undo-memory-size 10000000

10 * 1024 * 1024

M

session-timeout

<seconds>

Specifies the idle time after which the session is closed:
session-timeout 3600

-1 (300s)

n

load-init-file

 

Only for command line.
On/off switch.

True

N

engine-configuration

[M][S][1][E]

M – force engine to use Marker Driven Engine for rules with markers (5.1 algorithm)
S – force engine to use statically created markers
1 – single core calculation
E – suppress rule error propagation across consolidation

 

o

log

sink=- verbose=<level>
sink=+ verbose=<level>
sink=<path_to_file>/palo.log verbose=<level>
sink=syslog address=<address:port> facility=<facility> verbose=<level>

log sink=- (Log to stdout /default)
log sink=+ (Log to stderr)
log sink=/var/log/palo.log (Log to a file)
log sink=syslog (Log to syslog)

for all ‘log’ is parameter:
verbose optional, default value for verbose is Log-Level defined in the ‘verbose’ ini-key
for ‘log sink=syslog’ is parameter:
address optional with default value localhost:5556
facility optional with default value 1 (user)

sink=-

O

amazon-id

   

False

P

password

<private-password>

On/off switch.

 

P

enable-gpu

 

On/off switch.

False

q

service-description

<service-description>

   

Q

autosave

<mode>
<hour>:<minute>

possible modes:
T
L

Autosaves all the databases at an exact time once a day:
autosave T HH:MM
(autosave T 02:00).
Autosaves cyclically all the databases when a given amount of time elapses:
autosave L HH:MM
(autosave L 10:10)

Disable, 0, 0

R

default-db-right

<right value>

Default value for database access rights.
Possible values: N, R, W, D.

D

s

start-service

 

On/off switch.

False

S

service-name

<service-name>

   

t

template-directory

<directory>

Directory of online documentation:
template-directory Binary/Api.

../Api

T

trace

<trace-file>

 

Empty string

u

undo-file-size

<number of
bytes per lock>

In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in files for storing changes:
undo-file-size 100000000

50 * 1024 * 1024

U

ignore-cell-data

 

On/off switch.

False

v

verbose

<level>

Log levels:
error (default), warning, info, debug, trace

Error

V

version

 

Only for command line.
On/off switch.

False

w

worker

<worker-executable>
<argument1>
<argument2>
<argumentX>

worker /usr/bin/php5 /
home/palo/worker.php

Empty string
empty vector

W

use-dimension-worker

 

Uses dimension worker. Can react on creation, deletion, and renaming of an element in a specified dimension.
On/off switch.

False

x

workerlogin

<worker-login-type>

Uses a worker for login
Possible values:
-information
-authentication
-authorization
Example: workerlogin authorization

None

X

encryption

<encryption-type>
possible values:
-none
-optional
-required

Sets the encryption type.
If optional is selected, then you can use HTTPS. If required is selected, then only /server/info will function unencrypted. All other functions require an HTTPS connection. If encryption is turned on, TLS 1.2 is used for communication.

None

y

enable-drillthrough

 

Enables cell drillthrough.
On/off switch.

False

Y

use-cube-worker

 

Uses cube worker.
Can react on cell value changes.
On/off switch.

False

z

goalseek-timeout

<milliseconds>

Algorithm must complete within <familliseconds>.

10000

Z

goalseek-limit

<number_of_cells>

Goalseek algorithm can be executed on slices with maximum <number_of_cells>.

1000

(

ntlm_auth

<path to ntlm_auth
with helper arguments>

 

“/usr/bin/ntlm_auth
–helper-protocol
=gss-spnego”

)

wbinfo

<path to wbinfo>

 

“/usr/bin/wbinfo”

[

gzip

<level>

Level values: 0-9
0 – no compression
1 – fastest compression
9 – smallest gzip size

Disabled

]

zip-backup

<level>

Level values: 0-9
0 – no compression
1 – fastest compression
9 – smallest zip size

 

{

audit-blocksize

<number> Maximum number of rows returned for simple audit mode  

}

windows-sso-authentication

     

<

no-archives

  Turns off saving of .archive files for cubes.  

1

audit

  See KB article Audit Information

Disabled

2

dump-upload-reporter

<email-address>

 

“”

3

dump-upload-desc

<description>

 

“”

4

enable-profiling

 

On/off switch.

False

5

profile-interval

<seconds>

 

60

6

gpu-data-storage

<G> or <R>

G for GPU RAM, or R for RAM  

7

gpu-frame-size

<number>

Size of GPU computation frame in megabytes  

8

cube-perf-timeout

<seconds>

Timeout (seconds): Time which the GPU Accelerator Advisor can use for his check if the selected cube is suitable for GPU. 60

9

gpu-dim-order

<database=Demo&cube=Sales&dimensions=6,12,2,4,8,10> …

Changes the order of the dimensions in the CPU storage for the GPU storage.  
 

enable-password-retrieval

  Enables reading password hashes from Olap System database FALSE
 

password-pattern

<regular expression>

Regular expression used for checking password complexity when the password is changed (or a password is assigned to a new user), to enforce password complexity.
e.g. (?=……..+)(?=.*[a-z].*)(?=.*[A-Z].*)(.*[0-9@#$%].*) defines:
the password has to be at least 8 characters long and it has to contain at least one uppercase, one lowercase character and one digit or special symbol from ‘@#$%’

When multiple password patterns are defined, the last one has priority.

empty string
  profile-log

 

sink=syslog address=<address:port> facility=<facility>

If profiling is enabled, it specifies the address and port of syslog server and the facility of messages
‘address’ parameter is optional with the default value localhost:5556
‘facility’ parameter is optional with default value 0 (kern)
profile-log sink=syslog address=localhost:5556 facility=0
 

saml-authentication

  Enables SAML authentication mode  
 

saml-authorization

  Enables saml-authorization mode  
 

saml-encrypt-login

  Enables encrypting of SAML login requests  
 

saml-encrypt-logout

  Enables encrypting of SAML logout requests  
 

saml-idp-metadata

<url>

IdP metadata XML url

If metadata is distributed as a file, or server is restricted from accessing the internet, use file://<filepath>.

empty string
 

saml-nameidpolicy

<NameID policy>

SAML NameID policy urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
 

saml-sign-login

  Enables signing the SAML login requests  
 

saml-sign-logout

  Enables signing the SAML logout requests  
 

saml-signature-algorithm

<algorithm type>

Algorithm used for SAML signatures http://www.w3.org/2000/09/xmldsig#rsa-sha1
 

saml-use-logout

  Enables SAML IdP logout  
 

ssl-ciphers

<list of SSL ciphers>

List of allowed ssl ciphers HIGH:!ADH:!EDH:!DHE:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!kRSA
 

failed-login-threshold

<count>

Starts login delay when failed attempts count for username exceeds this value.

10

The following values are possible for <facility> (code or keyword)

Code Keyword
0 kern
1 user
2 mail
3 daemon
4 auth
5 syslog
6 lpr
7 news
8 uucp
9 cron
10 authpriv
11 ftp
12 ntp
13 security
14 console
15 solaris-cron
16-23 local0…local7

 

Order of command execution

A comment starts with a “#” sign in palo.ini. The command line arguments are evaluated first, and the file palo.ini is evaluated after the command line arguments have been processed. If you start palo with -n or – -load-init-file on the command line, then the init file is not read. The load-init-file option is ignored if given in the configuration file. Parameters without additional parameters like “auto-load” or “auto-commit” toggle a state from “true” to “false” and vice versa. You can declare a “toggle” parameter more than once.

If additional parameters like “worker” or “workerlogin” are given more than once on the command line or the configuration file, then only the last definition is valid, with the exception of the parameters “admin” and “http”, which are treated specially. All the definitions supplied on the command line and in the init file are used. For example, the default of “add-new-database” is true (see palo -?). If you supply – -add-new-database on the command line but not in the configuration file, then the option will be set to false. If you supply add-new-database in the configuration file but not on the command line then the option will also be set to false. If you supply – -add-new-database on the command line and in the configuration file, then the option will be true again, as it is toggled twice.

The option “workerlogin” has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B are used.

image_pdfimage_print