Getting started with Managed Service for ClickHouse®

To get started with the service:

• Create a database cluster.
• Connect to the DB.

Getting startedGetting started

1. Go to the management console and log in to Yandex Cloud or sign up if not signed up yet.

2. If you do not have a folder yet, create one:

   1. In the management console, select the appropriate cloud from the list on the left.

   2. At the top right, click Create folder.

   3. Give your folder a name. The naming requirements are as follows:

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

   4. Optionally, specify the description for your folder.

   5. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, you will also have a default security group, inside which all network traffic will be allowed.

   6. Click Create.

3. Assign the vpc.user role and the managed-clickhouse.editor role or higher to your Yandex Cloud account. These roles allow you to create a cluster.

   To link the service account to a cluster, e.g., to use Yandex Object Storage, your account also needs the iam.serviceAccounts.user role or higher.

   Note

   If you are unable to manage roles, contact your cloud or organization administrator.

4. You can connect to DB clusters from both inside and outside Yandex Cloud:

   • To connect from inside Yandex Cloud, create a Linux-based VM in the same network as the DB cluster.
   • To connect to the cluster from the internet, request public access to hosts when creating the cluster.

   Note

   The next steps assume that you connect to the cluster from a Linux-based VM.

5. Connect to the VM over SSH.

6. Connect the ClickHouse® DEB repository:

   sudo apt update && sudo apt install --yes apt-transport-https ca-certificates dirmngr && \
   sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 8919F6BD******** && \
   echo "deb https://packages.clickhouse.com/deb stable main" | sudo tee \
   /etc/apt/sources.list.d/clickhouse.list
   

7. Install the dependencies and the clickhouse-client client application:

   sudo apt update && sudo apt install --yes clickhouse-client
   

8. Download the configuration file for clickhouse-client:

   mkdir -p ~/.clickhouse-client && \
   wget "https://storage.yandexcloud.net/doc-files/clickhouse-client.conf.example" \
     --output-document ~/.clickhouse-client/config.xml
   

Create a clusterCreate a cluster

1. In the management console, select the folder where you want to create a DB cluster.
2. Select Managed Service for ClickHouse.
3. Click Create cluster.
4. Set the cluster parameters and click Create cluster. For more information, see Creating clusters.
5. Wait until the cluster is ready: its status on the Managed Service for ClickHouse® dashboard will change to Running and its state, to Alive. This may take some time.

Connect to the DBConnect to the DB

1. If you are using security groups for a cloud network, configure them to enable all relevant traffic between the cluster and the connecting host.

2. To connect to the DB server, get SSL certificates:

   Linux (Bash)

   macOS (Zsh)

   Windows (PowerShell)

   sudo mkdir --parents /usr/local/share/ca-certificates/Yandex/ && \
   sudo wget "https://storage.yandexcloud.net/cloud-certs/RootCA.pem" \
        --output-document /usr/local/share/ca-certificates/Yandex/RootCA.crt && \
   sudo wget "https://storage.yandexcloud.net/cloud-certs/IntermediateCA.pem" \
        --output-document /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt && \
   sudo chmod 655 \
        /usr/local/share/ca-certificates/Yandex/RootCA.crt \
        /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt && \
   sudo update-ca-certificates
   

   The certificates will be saved to the following files:

   • /usr/local/share/ca-certificates/Yandex/RootCA.crt
   • /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt

   sudo mkdir -p /usr/local/share/ca-certificates/Yandex/ && \
   sudo wget "https://storage.yandexcloud.net/cloud-certs/RootCA.pem" \
        --output-document /usr/local/share/ca-certificates/Yandex/RootCA.crt && \
   sudo wget "https://storage.yandexcloud.net/cloud-certs/IntermediateCA.pem" \
        --output-document /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt && \
   sudo chmod 655 \
        /usr/local/share/ca-certificates/Yandex/RootCA.crt \
        /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt && \
   security import /usr/local/share/ca-certificates/Yandex/RootCA.crt -k ~/Library/Keychains/login.keychain; \
   security import /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt -k ~/Library/Keychains/login.keychain
   

   The certificates will be saved to the following files:

   • /usr/local/share/ca-certificates/Yandex/RootCA.crt
   • /usr/local/share/ca-certificates/Yandex/IntermediateCA.crt

   1. Download and import the certificates:

      mkdir -Force $HOME\.yandex; `
      curl.exe https://storage.yandexcloud.net/cloud-certs/RootCA.pem `
        --output $HOME\.yandex\RootCA.crt; `
      curl.exe https://storage.yandexcloud.net/cloud-certs/IntermediateCA.pem `
        --output $HOME\.yandex\IntermediateCA.crt; `
      Import-Certificate `
        -FilePath $HOME\.yandex\RootCA.crt `
        -CertStoreLocation cert:\CurrentUser\Root; `
      Import-Certificate `
        -FilePath $HOME\.yandex\IntermediateCA.crt `
        -CertStoreLocation cert:\CurrentUser\Root
      

      Corporate policies and antivirus software can block the download of certificates. For more information, see FAQ.

   2. Agree to install the certificates in the Trusted Root Certification Authorities store.

   The certificates will be saved to the following files:

   • $HOME\.yandex\RootCA.crt
   • $HOME\.yandex\IntermediateCA.crt

3. Use the ClickHouse® CLI to connect:

   1. Specify the path to the RootCA.crt SSL certificate in the configuration file, in the <caConfig> element:

      <config>
        <openSSL>
          <client>
            <loadDefaultCAFile>true</loadDefaultCAFile>
            <caConfig>/usr/local/share/ca-certificates/Yandex/RootCA.crt</caConfig>
            <cacheSessions>true</cacheSessions>
            <disableProtocols>sslv2,sslv3</disableProtocols>
            <preferServerCiphers>true</preferServerCiphers>
            <invalidCertificateHandler>
              <name>RejectCertificateHandler</name>
            </invalidCertificateHandler>
          </client>
        </openSSL>
      </config>
      

   2. Run the ClickHouse® CLI with the following parameters:

      clickhouse-client --host <FQDN_of_any_ClickHouse®_host> \
                        --secure \
                        --user <username> \
                        --database <DB_name> \
                        --port 9440 \
                        --ask-password
      

What's nextWhat's next

• Read about service concepts.
• Learn more about creating a cluster and connecting to the database.
• Read questions and answers.

ClickHouse® is a registered trademark of ClickHouse, Inc.