Help
FortiSIEM Discussions
Secucard
New Contributor III

Created on ‎08-23-2024 05:53 AM

FortiSIEM: Clickhouse cluster setup

Hi,
I hope, someone can help me with an issue here. Do not blame me ;-), I am new on this product, and I read the docs, however, it is confusing me.
Hi,

 

I want to achieve a redundant setup, using clickhouse for storage backend.
I setup the supervisor first. The supervisor will *not* be part of the keeper or data layer for the clickhouse installation, this will be done on 3 worker nodes (this was the plan/idea behind),
however, after I generated the license, and activate it, FortiSIEM is asking for a backend, when choosing clickhouse for backend, for the disk-path.


I did not provide a 5th disk node. Because, on the supervisor, there should be NONE of the clickhouse details.
I am confused. Do I need to have a clickhouse *keeper* on the *supervisor* indeed, then?

 

I reinstalled the Supervisor, with the 5th disk for understanding, but, the 5th disk is not be in use. Choosing Clickhouse on the install process, it again asks for a disk / partition, which is not in generated. The 5th disk is available, but not partitioned. 

 

I do not want my supervisor being part of the Clickhouse process, but it seems, that the supervisor has to be part of the Clickhouse-cluster-setup at least as a Keeper (?). How, then, should I partion the disk? LVM, and then ext4 or xfs? I could not find any documentation on it.

 

Maybe someone can help

Best

Ronny

Labels:
942
0 Kudos
10 REPLIES 10
Goutham_FTNT
Staff
Staff

Created on ‎08-23-2024 06:08 AM Edited on ‎08-23-2024 08:20 AM

Hi Ronny,

So for the initial setup - You need to provide 5th disk for the clickhouse data - This is because on first install it will be considered as standalone device making Super to be part of keeper and data node as well.


I suggest you can provide very low storage for this and once you have the actual keeper and data workers added , you can remove the Super out of clickhouse cluster.

 

But still it requires the data disk - Super will use clickhouse disk to generate reports etc


Regards,

Goutham 

 

826
0 Kudos
Secucard
New Contributor III

Created on ‎08-23-2024 01:23 PM

@Goutham_FTNT 

Thank you so much helping me to understand the technology.

However, working with a warm and hot tier, ended up in that the clickhouse database was not coming up. I used two partitions, each with 4 TB in space (Tiny storage models allows doing bigger setup instead of then, later, increasing and / or moving data...). For this setup, do I need a  warm tier? Or is this not even nessescarry?


Thanks a lot,
Ronny

778
0 Kudos
Secucard
New Contributor III
In response to Secucard

Created on ‎08-23-2024 01:56 PM

I tried to resetup the whole supervisor, just greated a 1 TB single storage and, received the error again:

Storage provision error: ClickHouse Restart Failure

 

I added the 5th disk,

Then, created a GPT label, created a primary partition, and formatted it using ext4, and then, created the folder /data-clickhouse-hot-1 and mounted this parition,

on setup process, I added the hot-tier using /dev/sde1 and /data-clickhouse-hot-1 and this results in this error.

Do I have to use lvm?

I am confused.

 
769
0 Kudos
Secucard
New Contributor III
In response to Secucard

Created on ‎08-23-2024 02:11 PM

 

There are some errors on the logsscreen.jpg

767
0 Kudos
Secucard
New Contributor III
In response to Secucard

Created on ‎08-24-2024 02:01 AM

Next try, creating a 1 TB lvm, but still the same error in the logs and crashing on setup

 

pvcreate /dev/sde1 
vgcreate clickhouse /dev/sde1
lvcreate --name data -l 100%FREE clickhouse 
mkfs.ext4 /dev/clickhouse/data 

 

Then, on init, choosing clickhouse on supervisor, adding /dev/mapper/clickhouse-data for the one and only hot-tier, it again is crashing and confirming same error message as before.

Bug ?

 

 

749
0 Kudos
Secucard
New Contributor III
In response to Secucard

Created on ‎08-24-2024 02:08 AM

I do not think, that this kind of error report is "normal" ...

 

clickhouse-log.jpg

749
0 Kudos
Goutham_FTNT
Staff
Staff
In response to Secucard

Created on ‎08-28-2024 03:03 AM

Hi Ronny,

 

You don't have to create the partition 
This is done by FSM itself
Please provide only the disk name that is for the clickhouse data 

 

/dev/sde instead of /dev/sde1 
During the initial setup provide this Disk name and then Test and Save 
/opt/pheonix/log/phoenix.log should provide the error message if there are any errors

You can format this disk and reuse it 

666
0 Kudos
Secucard
New Contributor III

Created on ‎08-27-2024 12:04 AM

Solution is: Just create the partition and give path to it like /dev/sde for example, and the rest of installation will be done by FortiSIEM itself.

683
Goutham_FTNT
Staff
Staff
In response to Secucard

Created on ‎08-28-2024 03:03 AM

Yes, this is expected 

666
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.