https://signoz.io logo
#support
Title
# support
a

Anil Kumar Bandrapalli

10/03/2022, 10:53 AM
Hi @Ankit Nayan, I have few doubts regarding the Signoz for community edition. 1. In privacy policy, stated like this collecting personal information a. Email address b. First name and last name c. Cookies and Usage Data Is it applicable for community edition/standalone application which deployed via helm charts? 2. Is there any tutorial to enable authentication to clickhouse db and work along with signoz as we are able to access the db without username and password. 3. What is the impact to signoz application if we add encryption to clickhouse ?
a

Ankit Nayan

10/03/2022, 11:00 AM
@Anil Kumar Bandrapalli 1. yes, stats around usage along with email and first and last name are collected for all. 2. @Prashant Shahi 3. can you refer to some doc/blog around encryption that you plan to use?
a

Anil Kumar Bandrapalli

10/03/2022, 11:14 AM
@Ankit Nayan, even for the standalone signoz also data will get collected by signoz.io ? but how data from our standalone application is being shared with you? what level of stats information will be shared with you for the improving signoz?
a

Ankit Nayan

10/03/2022, 11:18 AM
you can anonymise the data by a toggle available during account creation
a

Anil Kumar Bandrapalli

10/03/2022, 11:29 AM
if i set this env variable, will our standalone signoz application stop sending metrics to signoz.io ?
Copy code
TELEMETRY_ENABLED=false
a

Ankit Nayan

10/03/2022, 11:30 AM
yes...it will not send any metric to us
a

Anil Kumar Bandrapalli

10/03/2022, 11:32 AM
ok thank you ankit. please help us to setup the clickhouse with authentication enabled.
a

Ankit Nayan

10/03/2022, 11:34 AM
using helm charts?
a

Anil Kumar Bandrapalli

10/03/2022, 11:34 AM
yes
a

Ankit Nayan

10/03/2022, 11:36 AM
should be doable...give some time for @Prashant Shahi to come back on this
a

Anil Kumar Bandrapalli

10/03/2022, 11:37 AM
ok thank you @Ankit Nayan. sure we will wait for him
p

Prashant Shahi

10/03/2022, 1:55 PM
2. Is there any tutorial to enable authentication to clickhouse db and work along with signoz as we are able to access the db without username and password.
Currently, we don't have any tutorial clickhouse auth in SigNoz. In Docker, right now the ClickHouse DB is accessible with default credentials. Only security measure at the moment would be to not expose the ClickHouse ports publicly. However, we will be working on adding admin user with strong password on default signoz installation in the future. Do let us know if you need help on the same in Docker environment. In case of K8s, ClickHouse DB should be secure and accessible via the credentials mentioned in `values.yaml`: https://github.com/SigNoz/charts/blob/main/charts/signoz/values.yaml#L54-L57 You can update the values and the IP whitelisting using
clickhouse.allowedNetworkIps
as per requirements.
a

Anil Kumar Bandrapalli

10/03/2022, 2:15 PM
ok
a

Ankit Nayan

10/03/2022, 2:31 PM
https://github.com/SigNoz/charts/blob/main/charts/signoz/values.yaml#L54-L57
@Prashant Shahi will just updating the username and password in these lines work? Don't we need to change values in otel-colllectors and query-service as those clients will be connecting to CH
p

Prashant Shahi

10/03/2022, 2:36 PM
Don't we need to change values in otel-colllectors and query-service as those clients will be connecting to CH
SigNoz helm chart takes care of it by including the CH creds as environment variables in query-service and otel collectors containers.
a

Ankit Nayan

10/03/2022, 2:48 PM
Cool
r

Rahul Tiwari

10/06/2022, 11:39 AM
Hello @Prashant Shahi and @Ankit Nayan i have applied the changes in override-values.yaml https://github.com/SigNoz/charts/blob/main/charts/signoz/values.yaml#L54-L57, i mentioned the username and password, but when i try to login into chi-signoz-cluster-0-0-0 pod to connect to clickhouse-client am able to connect without passing username and password, it should not be the case i must able to connect to clickhouse-client only when i pass username and password.
clickhouse: cloud: aws installCustomStorageClass: true user: admin password: admin@123 persistence: storageClass: gp2-resizable
my override-values.yaml file content
p

Prashant Shahi

10/07/2022, 1:44 AM
@Rahul Tiwari can you share the command you are using to connect to clickhouse? and from which container?
r

Rahul Tiwari

10/07/2022, 5:28 AM
@Prashant Shahi please find the command below:
[ec2-user@ ~]$ k get pods -n platform NAME READY STATUS RESTARTS AGE chi-signoz-cluster-0-0-0 1/1 Running 0 16h clickhouse-operator-57959d7fd8-wbzgd 2/2 Running 0 8d my-release-signoz-alertmanager-0 1/1 Running 0 8d my-release-signoz-frontend-7f96779f4f-l42l9 1/1 Running 0 8d my-release-signoz-otel-collector-6ff6468844-cltjx 1/1 Running 4 16h my-release-signoz-otel-collector-metrics-577574c498-2vdcp 1/1 Running 2 16h my-release-signoz-query-service-0 1/1 Running 3 16h my-release-zookeeper-0 1/1 Running 0 8d [ec2-user@ ~]$ k exec -it chi-signoz-cluster-0-0-0 -n platform bash kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. bash-5.1$ clickhouse-client ClickHouse client version 22.4.5.9 (official build). Connecting to localhost:9000 as user default. Connected to ClickHouse server version 22.4.5 revision 54455. Warnings: * Effective user of the process (clickhouse) does not match the owner of the data (root). * Some obsolete setting is changed. Check 'select * from system.settings where changed' and read the changelog. chi-signoz-cluster-0-0-0.chi-signoz-cluster-0-0.platform.svc.cluster.local :)
p

Prashant Shahi

10/07/2022, 6:05 AM
@Rahul Tiwari default ClickHouse credentials are allowed when ClickHouse server is accessible from
localhost
r

Rahul Tiwari

10/07/2022, 6:07 AM
@Prashant Shahi we need to make it password protected. So that it can be access by username and password only.
a

Anil Kumar Bandrapalli

10/07/2022, 6:07 AM
yes we need with password only
p

Prashant Shahi

10/07/2022, 6:11 AM
It is password protected. It would require the password when trying to access ClickHouse from outside the container aka "non-localhost"
r

Rahul Tiwari

10/07/2022, 6:42 AM
@Prashant Shahi our requirement is nobody should connect to clickhouse without username and password, even if they try to access it within the pod container itself.
40 Views