Apache Kudu Configuration Reference

kudu-master Flags

Stable Flags

Flags tagged stable and not advanced are safe to use for common configuration tasks.

--block_cache_capacity_mb

block cache capacity in MB

Type

int64

Default

512

Tags

stable

 

--builtin_ntp_servers

The NTP servers used by the built-in NTP client, in format <FQDN|IP>[:PORT]. These will only be used if the built-in NTP client is enabled (i.e. if setting --time_source=builtin).

Type

string

Default

0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

Tags

stable

 

--time_source

The time source that HybridClock should use. Must be one of auto, builtin, system, system_unsync (toy clusters/testing only), mock (testing only). When set to auto, the system automatically picks one of the following depending on the environment: builtin, system, system_unsync, where in case of picking builtin the built-in NTP client is configured with dedicated NTP server(s) provided by the environment.

Type

string

Default

system

Tags

stable

 

--log_force_fsync_all

Whether the Log/WAL should explicitly call fsync() after each write.

Type

bool

Default

false

Tags

stable

 

--fs_data_dirs

Comma-separated list of directories with data blocks. If this is not specified, fs_wal_dir will be used as the sole data block directory.

Type

string

Default

none

Tags

stable

 

--fs_metadata_dir

Directory with metadata. If this is not specified, for compatibility with Kudu 1.6 and below, Kudu will check the first entry of fs_data_dirs for metadata and use it as the metadata directory if any exists. If none exists, fs_wal_dir will be used as the metadata directory.

Type

string

Default

none

Tags

stable

 

--fs_wal_dir

Directory with write-ahead logs. If this is not specified, the program will not start. May be the same as fs_data_dirs

Type

string

Default

none

Tags

stable

 

--master_addresses

Comma-separated list of the RPC addresses belonging to all Masters in this cluster. NOTE: if not specified, configures a non-replicated Master.

Type

string

Default

none

Tags

stable

 

--keytab_file

Path to the Kerberos Keytab file for this server. Specifying a keytab file will cause the server to kinit, and enable Kerberos to be used to authenticate RPC connections.

Type

string

Default

none

Tags

stable

 

--rpc_bind_addresses

Comma-separated list of addresses to bind to for RPC connections. Currently, ephemeral ports (i.e. port 0) are not allowed.

Type

string

Default

0.0.0.0:7051

Tags

stable

 

--superuser_acl

The list of usernames to allow as super users, comma-separated. A '*' entry indicates that all authenticated users are allowed. If this is left unset or blank, the default behavior is that the identity of the daemon itself determines the superuser. If the daemon is logged in from a Keytab, then the local username from the Kerberos principal is used; otherwise, the local Unix username is used.

Type

string

Default

none

Tags

sensitive,stable

 

--user_acl

The list of usernames who may access the cluster, comma-separated. A '*' entry indicates that all authenticated users are allowed.

Type

string

Default

*

Tags

sensitive,stable

 

--webserver_certificate_file

The location of the debug webserver’s SSL certificate file, in PEM format. If empty, webserver SSL support is not enabled. If --webserver_private_key_file is set, this option must be set as well.

Type

string

Default

none

Tags

stable

 

--webserver_port

Port to bind to for the web server

Type

int32

Default

8051

Tags

stable

 

--webserver_private_key_file

The full path to the private key used as a counterpart to the public key contained in --webserver_certificate_file. If --webserver_certificate_file is set, this option must be set as well.

Type

string

Default

none

Tags

stable

 

--webserver_private_key_password_cmd

A Unix command whose output returns the password used to decrypt the Webserver’s certificate private key file specified in --webserver_private_key_file. If the PEM key file is not password-protected, this flag does not need to be set. Trailing whitespace will be trimmed before it is used to decrypt the private key

Type

string

Default

none

Tags

stable

 

--webserver_require_spnego

Require connections to the web server to authenticate via Kerberos using SPNEGO.

Type

bool

Default

false

Tags

stable

 

--log_filename

Prefix of log filename - full path is <log_dir>/<log_filename>.[INFO|WARN|ERROR|FATAL]

Type

string

Default

none

Tags

stable

 

--maintenance_manager_num_threads

Size of the maintenance manager thread pool. For spinning disks, the number of threads should not be above the number of devices.

Type

int32

Default

1

Tags

stable

 

--memory_limit_hard_bytes

Maximum amount of memory this daemon should use, in bytes. A value of 0 autosizes based on the total system memory. A value of -1 disables all memory limiting.

Type

int64

Default

0

Tags

stable

 

--flagfile

load flags from file

Type

string

Default

none

Tags

stable

 

--help

show help on all flags [tip: all flags can have two dashes]

Type

bool

Default

false

Tags

stable

 

--version

show version and build info and exit

Type

bool

Default

false

Tags

stable

 

--colorlogtostderr

color messages logged to stderr (if supported by terminal)

Type

bool

Default

false

Tags

runtime,stable

 

--log_dir

If specified, logfiles are written into this directory instead of the default logging directory.

Type

string

Default

none

Tags

stable

 

--logtostderr

log messages go to stderr instead of logfiles

Type

bool

Default

false

Tags

runtime,stable

 

--max_log_size

approx. maximum log file size (in MB). A value of 0 will be silently overridden to 1.

Type

int32

Default

1800

Tags

runtime,stable

 

Stable, Advanced Flags

Flags tagged stable and advanced are supported, but should be considered "expert" options and should be used carefully and after thorough testing.

--tablet_history_max_age_sec

Number of seconds to retain tablet history, including history required to perform diff scans and incremental backups. Reads initiated at a snapshot that is older than this age will be rejected. To disable history removal, set to -1.

Type

int32

Default

604800

Tags

stable,advanced

 

--enable_process_lifetime_heap_profiling

Enables heap profiling for the lifetime of the process. Profile output will be stored in the directory specified by -heap_profile_path.

Type

bool

Default

false

Tags

advanced,stable

 

--heap_profile_path

Output path to store heap profiles. If not set profiles are stored in /tmp/<process-name>.<pid>.<n>.heap.

Type

string

Default

none

Tags

advanced,stable

 

--unlock_experimental_flags

Unlock flags marked as 'experimental'. These flags are not guaranteed to be maintained across releases of Kudu, and may enable features or behavior known to be unstable. Use at your own risk.

Type

bool

Default

false

Tags

stable,advanced

 

--unlock_unsafe_flags

Unlock flags marked as 'unsafe'. These flags are not guaranteed to be maintained across releases of Kudu, and enable features or behavior known to be unsafe. Use at your own risk.

Type

bool

Default

false

Tags

stable,advanced

 

--fromenv

set flags from the environment [use 'export FLAGS_flag1=value']

Type

string

Default

none

Tags

advanced,stable

 

--tryfromenv

set flags from the environment if present

Type

string

Default

none

Tags

advanced,stable

 

--undefok

comma-separated list of flag names that it is okay to specify on the command line even if the program does not define a flag with that name. IMPORTANT: flags in this list that have arguments MUST use the flag=value format

Type

string

Default

none

Tags

advanced,stable

 

--helpmatch

show help on modules whose name contains the specified substr

Type

string

Default

none

Tags

advanced,stable

 

--helpon

show help on the modules named by this flag value

Type

string

Default

none

Tags

advanced,stable

 

--helppackage

show help on all modules in the main package

Type

bool

Default

false

Tags

advanced,stable

 

--helpshort

show help on only the main module for this program

Type

bool

Default

false

Tags

advanced,stable

 

--helpxml

produce an xml version of help

Type

bool

Default

false

Tags

advanced,stable

 

Put additional links to the log files in this directory

Type

string

Default

none

Tags

advanced,stable

 

--log_prefix

Prepend the log prefix to the start of each log line

Type

bool

Default

true

Tags

runtime,advanced,stable

 

--minloglevel

Messages logged at a lower level than this don’t actually get logged anywhere

Type

int32

Default

0

Tags

runtime,advanced,stable

 

--stderrthreshold

log messages at or above this level are copied to stderr in addition to logfiles. This flag obsoletes --alsologtostderr.

Type

int32

Default

2

Tags

runtime,advanced,stable

 

--stop_logging_if_full_disk

Stop attempting to log to disk if the disk is full.

Type

bool

Default

false

Tags

runtime,advanced,stable

 

--symbolize_stacktrace

Symbolize the stack trace in the tombstone

Type

bool

Default

true

Tags

runtime,advanced,stable

 

--v

Show all VLOG(m) messages for m ⇐ this. Overridable by --vmodule.

Type

int32

Default

0

Tags

runtime,advanced,stable

 

--vmodule

per-module verbose level. Argument is a comma-separated list of <module name>=<log level>. <module name> is a glob pattern, matched against the filename base (that is, name ignoring .cc/.h./-inl.h). <log level> overrides any value given by --v.

Type

string

Default

none

Tags

advanced,stable

 

Evolving Flags

Flags tagged evolving (or not tagged with a stability tag) are not yet considered final, and while they may be useful for tuning, they are subject to being changed or removed without notice.

--block_cache_type

Which type of block cache to use for caching data. Valid choices are 'DRAM' or 'NVM'. DRAM, the default, caches data in regular memory. 'NVM' caches data in a memory-mapped file using the memkind library. To use 'NVM', libmemkind 1.8.0 or newer must be available on the system; otherwise Kudu will crash.

Type

string

Default

DRAM

Tags

 

--cfile_verify_checksums

Verify the checksum for each block on read if one exists

Type

bool

Default

true

Tags

evolving

 

--cfile_default_block_size

The default block size to use in cfiles

Type

int32

Default

262144

Tags

advanced

 

--cfile_default_compression_codec

Default cfile block compression codec.

Type

string

Default

no_compression

Tags

advanced

 

--cfile_write_checksums

Write CRC32 checksums for each block

Type

bool

Default

true

Tags

evolving

 

--builtin_ntp_client_bind_address

Local address to bind client UDP socket used to send and receive NTP packets. The default value '0.0.0.0' is equivalent to '0.0.0.0:0' meaning 'bind to all available IPv4 interfaces using ephemeral ports (i.e. port 0)'. It might be useful to customize this flag if getting through a firewall to reach public NTP servers specified by --builtin_ntp_servers.

Type

string

Default

0.0.0.0

Tags

advanced

 

--builtin_ntp_poll_interval_ms

The time between successive polls of a single NTP server (in milliseconds)

Type

uint32

Default

16000

Tags

runtime,advanced

 

--max_clock_sync_error_usec

Maximum allowed clock synchronization error as reported by NTP before the server will abort.

Type

int32

Default

10000000

Tags

runtime,advanced

 

--ntp_initial_sync_wait_secs

Amount of time in seconds to wait for clock synchronisation at startup. A value of zero means Kudu will fail to start if the clock is unsynchronized. This flag can prevent Kudu from crashing if it starts before NTP can synchronize the clock.

Type

int32

Default

60

Tags

evolving,advanced

 

--ranger_default_database

Name of the default database which is used in the Ranger authorization context when the database name is not specified in the table name. Ranger makes no difference between <ranger_default_database>.<table> and <table>, so privileges granted on <table> in <ranger_default_database> are applied toboth <ranger_default_database>.<table> and <table> in Kudu.

Type

string

Default

default

Tags

 

--cmeta_force_fsync

Whether fsync() should be called when consensus metadata files are updated

Type

bool

Default

false

Tags

advanced

 

--consensus_rpc_timeout_ms

Timeout used for all consensus internal RPC communications.

Type

int32

Default

30000

Tags

advanced

 

--consensus_max_batch_size_bytes

The maximum per-tablet RPC batch size when updating peers.

Type

int32

Default

1048576

Tags

advanced

 

--follower_unavailable_considered_failed_sec

Seconds that a leader is unable to successfully heartbeat to a follower after which the follower is considered to be failed and evicted from the config.

Type

int32

Default

300

Tags

runtime,advanced

 

--fs_wal_dir_reserved_bytes

Number of bytes to reserve on the log directory filesystem for non-Kudu usage. The default, which is represented by -1, is that 1% of the disk space on each disk will be reserved. Any other value specified represents the number of bytes reserved and must be greater than or equal to 0. Explicit percentages to reserve are not currently supported

Type

int64

Default

-1

Tags

runtime

 

--fs_wal_use_file_cache

Whether to use the server-wide file cache for WAL segments and WAL index chunks.

Type

bool

Default

true

Tags

advanced,runtime

 

--group_commit_queue_size_bytes

Maximum size of the group commit queue in bytes

Type

int32

Default

4194304

Tags

advanced

 

--log_min_segments_to_retain

The minimum number of past log segments to keep at all times, regardless of what is required for durability. Must be at least 1.

Type

int32

Default

1

Tags

advanced,runtime

 

--global_log_cache_size_limit_mb

Server-wide version of 'log_cache_size_limit_mb'. The total memory used for caching log entries across all tablets is kept under this threshold.

Type

int32

Default

1024

Tags

advanced

 

--log_cache_size_limit_mb

The total per-tablet size of consensus entries which may be kept in memory. The log cache attempts to keep all entries which have not yet been replicated to all followers in memory, but if the total size of those entries exceeds this limit within an individual tablet, the oldest will be evicted.

Type

int32

Default

128

Tags

advanced

 

--log_async_preallocate_segments

Whether the WAL segments preallocation should happen asynchronously

Type

bool

Default

true

Tags

advanced

 

--log_preallocate_segments

Whether the WAL should preallocate the entire segment before writing to it

Type

bool

Default

true

Tags

advanced

 

--log_segment_size_mb

The default size for log segments, in MB

Type

int32

Default

8

Tags

advanced

 

--evict_failed_followers

Whether to evict followers from the Raft config that have fallen too far behind the leader’s log to catch up normally or have been unreachable by the leader for longer than follower_unavailable_considered_failed_sec

Type

bool

Default

false

Tags

advanced

 

--leader_failure_max_missed_heartbeat_periods

Maximum heartbeat periods that the leader can fail to heartbeat in before we consider the leader to be failed. The total failure timeout in milliseconds is raft_heartbeat_interval_ms times leader_failure_max_missed_heartbeat_periods. The value passed to this flag may be fractional.

Type

double

Default

3

Tags

advanced

 

--raft_heartbeat_interval_ms

The heartbeat interval for Raft replication. The leader produces heartbeats to followers at this interval. The followers expect a heartbeat at this interval and consider a leader to have failed if it misses several in a row.

Type

int32

Default

500

Tags

advanced

 

--safe_time_advancement_without_writes

Whether to enable the advancement of "safe" time in the absense of write operations

Type

bool

Default

true

Tags

advanced

 

--fs_data_dirs_available_space_cache_seconds

Number of seconds we cache the available disk space in the block manager.

Type

int32

Default

10

Tags

evolving,advanced

 

--fs_data_dirs_consider_available_space

Whether to consider available space when selecting a data directory during tablet or data block creation.

Type

bool

Default

true

Tags

evolving,runtime

 

--fs_data_dirs_reserved_bytes

Number of bytes to reserve on each data directory filesystem for non-Kudu usage. The default, which is represented by -1, is that 1% of the disk space on each disk will be reserved. Any other value specified represents the number of bytes reserved and must be greater than or equal to 0. Explicit percentages to reserve are not currently supported

Type

int64

Default

-1

Tags

evolving,runtime

 

--fs_max_thread_count_per_data_dir

Maximum work thread per data directory.

Type

uint64

Default

8

Tags

advanced

 

--fs_target_data_dirs_per_tablet

Indicates the target number of data dirs to spread each tablet’s data across. If greater than the number of data dirs available, data will be striped across those available. A value of 0 indicates striping should occur across all healthy data dirs. Using fewer data dirs per tablet means a single drive failure will be less likely to affect a given tablet.

Type

int32

Default

3

Tags

evolving,advanced

 

--block_manager

Which block manager to use for storage. Valid options are 'file' and 'log'. The file block manager is not suitable for production use due to scaling limitations.

Type

string

Default

log

Tags

advanced

 

--log_container_excess_space_before_cleanup_fraction

Additional fraction of a log container’s calculated size that must be consumed on disk before the container is considered to be inconsistent and subject to excess space cleanup at block manager startup.

Type

double

Default

0.10000000000000001

Tags

advanced

 

--log_container_max_blocks

Maximum number of blocks (soft) of a log container. Use 0 for no limit. Use -1 for no limit except in the case of a kernel bug with hole punching on ext4 (see KUDU-1508 for details).

Type

int64

Default

-1

Tags

advanced

 

--log_container_max_size

Maximum size (soft) of a log container

Type

uint64

Default

10737418240

Tags

advanced

 

--log_container_preallocate_bytes

Number of bytes to preallocate in a log container when creating new blocks. Set to 0 to disable preallocation

Type

uint64

Default

33554432

Tags

advanced

 

--hive_metastore_conn_timeout_seconds

Configures the socket connect timeout, in seconds, for Thrift connections to the Hive Metastore.

Type

int32

Default

60

Tags

advanced

 

--hive_metastore_kerberos_principal

The service principal of the Hive Metastore server. Must match the primary (user) portion of hive.metastore.kerberos.principal option in the Hive Metastore configuration.

Type

string

Default

hive

Tags

 

--hive_metastore_max_message_size_bytes

Maximum size of Hive Metastore objects that can be received by the HMS client in bytes. Should match the metastore.server.max.message.size configuration.

Type

int32

Default

104857600

Tags

advanced

 

--hive_metastore_recv_timeout_seconds

Configures the socket receive timeout, in seconds, for Thrift connections to the Hive Metastore.

Type

int32

Default

60

Tags

advanced

 

--hive_metastore_retry_count

The number of times that HMS operations will retry after encountering retriable failures, such as network errors.

Type

int32

Default

1

Tags

advanced

 

--hive_metastore_sasl_enabled

Configures whether Thrift connections to the Hive Metastore use SASL (Kerberos) security. Must match the value of the hive.metastore.sasl.enabled option in the Hive Metastore configuration. When enabled, the --keytab_file flag must be provided.

Type

bool

Default

false

Tags

 

--hive_metastore_send_timeout_seconds

Configures the socket send timeout, in seconds, for Thrift connections to the Hive Metastore.

Type

int32

Default

60

Tags

advanced

 

--hive_metastore_uris

Address of the Hive Metastore instance(s). The provided port must be for the HMS Thrift service. If a port is not provided, defaults to 9083. If the HMS is deployed in an HA configuration, multiple comma-separated addresses should be supplied. If not set, the Kudu master will not send Kudu table catalog updates to Hive. The configured value must match the Hive hive.metastore.uris configuration.

Type

string

Default

none

Tags

 

--server_thread_pool_max_thread_count

Maximum number of threads to allow in each server-wide thread pool. If -1, Kudu will automatically calculate this value. It is an error to use a value of 0.

Type

int32

Default

-1

Tags

evolving,advanced

 

--trusted_user_acl

Comma-separated list of trusted users who may access the cluster without being authorized against fine-grained permissions.

Type

string

Default

none

Tags

sensitive

 

--auto_rebalancing_interval_seconds

How long to sleep in between rebalancing cycles, before checking the cluster again to see if there is skew and rebalancing to be done.

Type

uint32

Default

30

Tags

 

--auto_rebalancing_load_imbalance_threshold

The threshold for the per-table location load imbalance. The threshold is used during the cross-location rebalancing phase. If the measured cross-location load imbalance for a table is greater than the specified threshold, the rebalancer tries to move table’s replicas to reduce the imbalance. The recommended range for the threshold is [0.5, …​) with the default value of 1.0. The threshold represents a policy wrt what to prefer: either ideal balance of the cross-location load on per-table basis (lower threshold value) or minimum number of replica movements between locations (greater threshold value). The default value is empirically proven to be a good choice between 'ideal' and 'good enough' replica distributions.

Type

double

Default

1

Tags

 

--auto_rebalancing_max_moves_per_server

Maximum number of replica moves to perform concurrently on one tablet server: 'move from' and 'move to' are counted as separate move operations.

Type

uint32

Default

1

Tags

 

--auto_rebalancing_rpc_timeout_seconds

RPC timeout in seconds when making RPCs to request moving tablet replicas or to check if the replica movement has completed.

Type

uint32

Default

60

Tags

 

--auto_rebalancing_wait_for_replica_moves_seconds

How long to wait before checking to see if the scheduled replica movement in this iteration of auto-rebalancing has completed.

Type

uint32

Default

1

Tags

 

--catalog_manager_enable_chunked_tablet_reports

Whether to split the tablet report data received from one tablet server into chunks when persisting it in the system catalog. The chunking starts at around the maximum allowed RPC size controlled by the --rpc_max_message_size flag. When the chunking is disabled, a tablet report sent by a tablet server is rejected if it would result in an oversized update on the system catalog tablet. With the default settings for --rpc_max_message_size, the latter can happen only in case of extremely high number of tablet replicas per tablet server.

Type

bool

Default

true

Tags

runtime,advanced

 

--default_num_replicas

Default number of replicas for tables that do not have the num_replicas set.

Type

int32

Default

3

Tags

advanced

 

--master_ts_rpc_timeout_ms

Timeout used for the master→TS async rpc calls.

Type

int32

Default

30000

Tags

advanced

 

--max_column_comment_length

Maximum length of the comment of a column

Type

int32

Default

256

Tags

 

--max_create_tablets_per_ts

The number of tablet replicas per TS that can be requested for a new table. If 0, no limit is enforced.

Type

int32

Default

60

Tags

advanced

 

--table_locations_ttl_ms

Maximum time in milliseconds which clients may cache table locations. New range partitions may not be visible to existing client instances until after waiting for the ttl period.

Type

int32

Default

300000

Tags

advanced

 

--tablet_creation_timeout_ms

Timeout used by the master when attempting to create tablet replicas during table creation.

Type

int32

Default

30000

Tags

advanced

 

--unresponsive_ts_rpc_timeout_ms

After this amount of time, the master will stop attempting to contact a tablet server in order to perform operations such as deleting a tablet.

Type

int32

Default

3600000

Tags

advanced

 

--hive_metastore_notification_log_batch_size

Number of notification log entries which are retrieved from the Hive Metastore per batch when polling.

Type

int32

Default

100

Tags

runtime,advanced

 

--hive_metastore_notification_log_poll_period_seconds

Amount of time the notification log listener waits between attempts to poll the Hive Metastore for catalog updates.

Type

uint32

Default

15

Tags

runtime,advanced

 

--location_mapping_cmd

A Unix command which takes a single argument, the IP address or hostname of a tablet server or client, and returns the location string for the tablet server. A location string begins with a / and consists of /-separated tokens each of which contains only characters from the set [a-zA-Z0-9_-.]. If the cluster is not using location awareness features this flag should not be set.

Type

string

Default

none

Tags

 

--master_client_location_assignment_enabled

Whether masters assign locations to connecting clients. By default they do if the location assignment command is set, but setting this flag to 'false' makes masters assign locations only to tablet servers, not clients.

Type

bool

Default

true

Tags

runtime,advanced

 

--sentry_require_db_privileges_for_list_tables

Whether Kudu will require database-level privileges to authorize ListTables requests. When set to false, table-level privileges are required for each table. ranger_config_path must not be set if this is set

Type

bool

Default

false

Tags

advanced

 

--kudu_service_name

The service name of the Kudu server. Must match the service name used for Kudu server of sentry.service.admin.group option in the Sentry server configuration.

Type

string

Default

kudu

Tags

 

--sentry_privileges_cache_capacity_mb

Capacity for the authz cache, in MiBytes. The cache stores information received from Sentry. A value of 0 means Sentry responses will not be cached.

Type

uint32

Default

256

Tags

advanced

 

--sentry_privileges_cache_max_scrubbed_entries_per_pass

Maximum number of entries in the privileges cache to process in one pass of the periodic scrubbing task. A value of 0 means there is no limit, i.e. all expired entries, if any, are invalidated every time the scrubbing task runs. Note that the cache is locked while the scrubbing task is running.

Type

uint32

Default

32

Tags

advanced

 

--sentry_privileges_cache_scrubbing_period_sec

The interval to run the periodic task that scrubs the privileges cache of expired entries. A value of 0 means expired entries are only evicted when inserting new entries into a full cache.

Type

uint32

Default

20

Tags

advanced

 

--sentry_privileges_cache_ttl_factor

Factor of multiplication for the authz token validity interval defined by --authz_token_validity_seconds flag. The result of the multiplication of this factor and authz token validity defines the TTL of entries in the authz cache.

Type

uint32

Default

10

Tags

advanced

 

--sentry_service_conn_timeout_seconds

Configures the socket connect timeout, in seconds, for Thrift connections to the Sentry server.

Type

int32

Default

60

Tags

advanced

 

--sentry_service_kerberos_principal

The service principal of the Sentry server. Must match the primary (user) portion of sentry.service.server.principal option in the Sentry server configuration.

Type

string

Default

sentry

Tags

 

--sentry_service_max_message_size_bytes

Maximum size of Sentry objects that can be received by the Sentry client in bytes. Must match the value of the sentry.policy.client.thrift.max.message.size option in the Sentry server configuration.

Type

int32

Default

104857600

Tags

advanced

 

--sentry_service_recv_timeout_seconds

Configures the socket receive timeout, in seconds, for Thrift connections to the Sentry server.

Type

int32

Default

60

Tags

advanced

 

--sentry_service_retry_count

The number of times that Sentry operations will retry after encountering retriable failures, such as network errors.

Type

int32

Default

1

Tags

advanced

 

--sentry_service_rpc_addresses

Comma-separated list of RPC addresses of the Sentry service(s). When set, Sentry integration is enabled, fine-grained access control is enforced in the master, and clients are issued authorization tokens. Must match the value of the sentry.service.client.server.rpc-addresses option in the Sentry server configuration.

Type

string

Default

none

Tags

 

--sentry_service_security_mode

Configures whether Thrift connections to the Sentry server use SASL (Kerberos) security. Must match the value of the ‘sentry.service.security.mode’ option in the Sentry server configuration.

Type

string

Default

kerberos

Tags

 

--sentry_service_send_timeout_seconds

Configures the socket send timeout, in seconds, for Thrift connections to the Sentry server.

Type

int32

Default

60

Tags

advanced

 

--server_name

Configures which server namespace the Kudu instance belongs to for defining server-level privileges in Sentry. Used to distinguish a particular Kudu cluster in case of a multi-cluster setup. Must match the value of the hive.sentry.server option in the HiveServer2 configuration, and the value of the --server_name in Impala configuration.

Type

string

Default

server1

Tags

 

--tserver_unresponsive_timeout_ms

The period of time that a Master can go without receiving a heartbeat from a tablet server before considering it unresponsive. Unresponsive servers are not selected when assigning replicas during table creation or re-replication.

Type

int32

Default

60000

Tags

advanced

 

--ranger_config_path

Path to directory containing Ranger client configuration. When set, Ranger integration is enabled, fine-grained access control is enforced, and clients are issued authorization tokens. In addition, both --ranger_java_path and --ranger_jar_path flags need to be set properly for Ranger integration to work. The --sentry_service_rpc_addresses flag, which enables Sentry integration, must not be set if this is enabled.

Type

string

Default

none

Tags

 

--ranger_jar_path

Path to the JAR file containing the Ranger subprocess. If not specified, the default JAR file path is expected to be next to the master binary.

Type

string

Default

none

Tags

 

--ranger_java_path

Path where the Java binary was installed. If the value isn’t an absolute path (e.g. 'java'), it will be evaluated using the Kudu user’s PATH. If not specified, $JAVA_HOME/bin/java is used. If $JAVA_HOME is not found, Kudu will attempt to find 'java' in the Kudu user’s PATH.

Type

string

Default

none

Tags

 

--ranger_log_config_dir

Directory in which to look for a kudu-ranger-subprocess-log4j2.properties file. If empty, will use the value of --log_dir. If such a file does not exist, a properties file will be created to honor Kudu’s logging configurations.

Type

string

Default

none

Tags

evolving,advanced

 

--ranger_log_level

Log level to use in the Ranger Java subprocess. Supports "all", "trace", "debug", "info", "warn", "error", "fatal", and "off"

Type

string

Default

info

Tags

evolving,advanced

 

--ranger_logtostdout

Whether to have the Ranger subprocess log to stdout.

Type

bool

Default

false

Tags

evolving,advanced

 

--ranger_overwrite_log_config

Whether to overwrite any existing logging configuration file, if found.

Type

bool

Default

true

Tags

evolving,advanced

 

--ranger_receiver_fifo_dir

Directory in which to create a fifo used to receive messages from the Ranger subprocess. Existing fifos at this path will be overwritten. If not specified, a fifo will be created in the --ranger_config_path directory.

Type

string

Default

none

Tags

advanced

 

--rpc_acceptor_listen_backlog

Socket backlog parameter used when listening for RPC connections. This defines the maximum length to which the queue of pending TCP connections inbound to the RPC server may grow. If a connection request arrives when the queue is full, the client may receive an error. Higher values may help the server ride over bursts of new inbound connection requests.

Type

int32

Default

128

Tags

advanced

 

--rpc_encrypt_loopback_connections

Whether to encrypt data transfer on RPC connections that stay within a single host. Encryption here is likely to offer no additional security benefit since only a local 'root' user could intercept the traffic, and wire encryption does not suitably protect against such an attacker.

Type

bool

Default

false

Tags

advanced

 

--rpc_callback_max_cycles

The maximum number of cycles for which an RPC callback should be allowed to run without emitting a warning. (Advanced debugging option)

Type

int64

Default

100000000

Tags

runtime,advanced

 

--tcp_keepalive_probe_period_s

The duration in seconds after an outbound connection has gone idle before a TCP keepalive probe is sent to the peer. Set to 0 to disable TCP keepalive probes from being sent.

Type

int32

Default

60

Tags

advanced

 

--tcp_keepalive_retry_count

The maximum number of keepalive probes sent before declaring the remote end as dead. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

10

Tags

advanced

 

--tcp_keepalive_retry_period_s

The duration in seconds between successive keepalive probes from an outbound connection if the previous probes are not acknowledged. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

3

Tags

advanced

 

--remember_clients_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a client for the purpose of caching its responses. After this period without hearing from it, the client is no longer remembered and the memory occupied by its responses is reclaimed. Retries of requests older than 'remember_clients_ttl_ms' are treated as new ones.

Type

int64

Default

3600000

Tags

advanced

 

--remember_responses_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a response to a specific request for a client. After this period has elapsed, the response may have been garbage collected and the client might get a response indicating the request is STALE.

Type

int64

Default

600000

Tags

advanced

 

--rpc_dump_all_traces

If true, dump all RPC traces at INFO level

Type

bool

Default

false

Tags

runtime,advanced

 

--rpc_duration_too_long_ms

Threshold (in milliseconds) above which a RPC is considered too long and its duration and method name are logged at INFO level. The time measured is between when a RPC is accepted and when its call handler completes.

Type

int32

Default

1000

Tags

runtime,advanced

 

--trusted_subnets

A trusted subnet whitelist. If set explicitly, all unauthenticated or unencrypted connections are prohibited except the ones from the specified address blocks. Otherwise, private network (127.0.0.0/8, etc.) and local subnets of all local network interfaces will be used. Set it to '0.0.0.0/0' to allow unauthenticated/unencrypted connections from all remote IP addresses. However, if network access is not otherwise restricted by a firewall, malicious users may be able to gain unauthorized access.

Type

string

Default

127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16

Tags

evolving,advanced

 

--rpc_max_message_size

The maximum size of a message that any RPC that the server will accept. Must be at least 1MB.

Type

int64

Default

52428800

Tags

runtime,advanced

 

--use_system_auth_to_local

When enabled, use the system krb5 library to map Kerberos principal names to local (short) usernames. If not enabled, the first component of the principal will be used as the short name. For example, 'kudu/foo.example.com@EXAMPLE' will map to 'kudu'.

Type

bool

Default

true

Tags

advanced

 

--metrics_default_level

The default severity level to use when filtering the metrics. Valid choices are 'debug', 'info', and 'warn'. The levels are ordered and lower levels include the levels above them. This value can be overridden by passing the level query parameter to the '/metrics' endpoint.

Type

string

Default

debug

Tags

evolving,runtime,advanced

 

--web_log_bytes

The maximum number of bytes to display on the debug webserver’s log page

Type

int64

Default

1048576

Tags

runtime,advanced

 

--rpc_advertised_addresses

Comma-separated list of addresses to advertise externally for RPC connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound RPC addresses specified in --rpc_bind_addresses are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

 

--rpc_num_acceptors_per_address

Number of RPC acceptor threads for each bound address

Type

int32

Default

1

Tags

advanced

 

--rpc_num_service_threads

Number of RPC worker threads to run

Type

int32

Default

10

Tags

advanced

 

--rpc_service_queue_length

Default length of queue for incoming RPC requests

Type

int32

Default

50

Tags

advanced

 

--gc_tcmalloc_memory_interval_seconds

Interval seconds to GC tcmalloc memory, 0 means disabled.

Type

uint64

Default

30

Tags

runtime,advanced

 

--max_negotiation_threads

Maximum number of connection negotiation threads.

Type

int32

Default

50

Tags

advanced

 

--min_negotiation_threads

Minimum number of connection negotiation threads.

Type

int32

Default

0

Tags

advanced

 

--num_reactor_threads

Number of libev reactor threads to start.

Type

int32

Default

4

Tags

advanced

 

--rpc_authentication

Whether to require RPC connections to authenticate. Must be one of 'disabled', 'optional', or 'required'. If 'optional', authentication will be used when the remote end supports it. If 'required', connections which are not able to authenticate (because the remote end lacks support) are rejected. Secure clusters should use 'required'.

Type

string

Default

optional

Tags

evolving

 

--rpc_default_keepalive_time_ms

If an RPC connection from a client is idle for this amount of time, the server will disconnect the client. Setting this to any negative value keeps connections always alive.

Type

int32

Default

65000

Tags

advanced

 

--rpc_encryption

Whether to require RPC connections to be encrypted. Must be one of 'disabled', 'optional', or 'required'. If 'optional', encryption will be used when the remote end supports it. If 'required', connections which are not able to use encryption (because the remote end lacks support) are rejected. If 'disabled', encryption will not be used, and RPC authentication (--rpc_authentication) must also be disabled as well. Secure clusters should use 'required'.

Type

string

Default

optional

Tags

evolving

 

--rpc_negotiation_timeout_ms

Timeout for negotiating an RPC connection.

Type

int64

Default

3000

Tags

runtime,advanced

 

--rpc_private_key_password_cmd

A Unix command whose output returns the password used to decrypt the RPC server’s private key file specified in --rpc_private_key_file. If the .PEM key file is not password-protected, this flag does not need to be set. Trailing whitespace will be trimmed before it is used to decrypt the private key.

Type

string

Default

none

Tags

 

--rpc_tls_ciphers

The cipher suite preferences to use for TLS-secured RPC connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

 

--rpc_tls_min_protocol

The minimum protocol version to allow when for securing RPC connections with TLS. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

 

--server_max_open_files

Maximum number of open file descriptors. If 0, Kudu will automatically calculate this value. This is a soft limit

Type

uint64

Default

0

Tags

advanced

 

--webserver_enabled

Whether to enable the web server on this daemon. NOTE: disabling the web server is also likely to prevent monitoring systems from properly capturing metrics.

Type

bool

Default

true

Tags

advanced

 

--metrics_log_interval_ms

Interval (in milliseconds) at which the server will dump its metrics to a local log file. The log files are located in the same directory as specified by the -log_dir flag. If this is not a positive value, then metrics logging will be disabled.

Type

int32

Default

60000

Tags

advanced

 

--webserver_max_post_length_bytes

The maximum length of a POST request that will be accepted by the embedded web server.

Type

int32

Default

1048576

Tags

runtime,advanced

 

--webserver_x_frame_options

The webserver will add an 'X-Frame-Options' HTTP header with this value to all responses. This can help prevent clickjacking attacks.

Type

string

Default

DENY

Tags

advanced

 

--webserver_advertised_addresses

Comma-separated list of addresses to advertise externally for HTTP(S) connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound webserver address specified in --webserver_interface and --webserver_port are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

 

--webserver_authentication_domain

Domain used for debug webserver authentication

Type

string

Default

none

Tags

 

--webserver_doc_root

Files under <webserver_doc_root> are accessible via the debug webserver. Defaults to $KUDU_HOME/www, or if $KUDU_HOME is not set, disables the document root

Type

string

Default

none

Tags

advanced

 

--webserver_enable_doc_root

If true, webserver may serve static files from the webserver_doc_root

Type

bool

Default

true

Tags

advanced

 

--webserver_interface

Interface to start debug webserver on. If blank, webserver binds to 0.0.0.0

Type

string

Default

none

Tags

advanced

 

--webserver_num_worker_threads

Maximum number of threads to start for handling web server requests

Type

int32

Default

50

Tags

advanced

 

--webserver_password_file

(Optional) Location of .htpasswd file containing user names and hashed passwords for debug webserver authentication

Type

string

Default

none

Tags

 

--webserver_tls_ciphers

The cipher suite preferences to use for webserver HTTPS connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

 

--webserver_tls_min_protocol

The minimum protocol version to allow when for webserver HTTPS connections. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

 

--subprocess_deadline_checking_interval_ms

Interval in milliseconds at which Kudu will check the deadlines of in-flight calls to the subprocess

Type

int32

Default

50

Tags

advanced,runtime

 

--subprocess_num_responder_threads

Number of threads that will be dedicated to reading responses from the inbound queue and returning to callers

Type

int32

Default

3

Tags

advanced

 

--subprocess_queue_full_retry_ms

Number of milliseconds between attempts to enqueue the request to the subprocess

Type

int32

Default

50

Tags

advanced,runtime

 

--subprocess_request_queue_size_bytes

Maximum size in bytes of the outbound request queue. This is best effort: if a single request is larger than this, it is still added to the queue

Type

int32

Default

4194304

Tags

advanced

 

--subprocess_response_queue_size_bytes

Maximum size in bytes of the inbound response queue. This is best effort: if a single request is larger than this, it is still added to the queue

Type

int32

Default

4194304

Tags

advanced

 

--subprocess_timeout_secs

Number of seconds a call to the subprocess is allowed to take before a timeout error is returned to the calling process

Type

int32

Default

15

Tags

advanced

 

--compaction_minimum_improvement

The minimum quality for a compaction to run. If a compaction does not improve the average height of DiskRowSets by at least this amount, the compaction will be considered ineligible.

Type

double

Default

0.0099999997764825821

Tags

advanced

 

--tablet_bloom_block_size

Block size of the bloom filters used for tablet keys.

Type

int32

Default

4096

Tags

advanced

 

--tablet_bloom_target_fp_rate

Target false-positive rate (between 0 and 1) to size tablet key bloom filters. A lower false positive rate may reduce the number of disk seeks required in heavy insert workloads, at the expense of more space and RAM required for bloom filters.

Type

double

Default

9.9999997473787516e-05

Tags

advanced

 

--enable_deleted_rowset_gc

Whether to enable garbage collection of fully deleted rowsets. Disabling deleted rowset garbage collection may increase disk space usage for workloads that involve a high number of deletes. Only deleted rowsets that are entirely considered ancient history (see --tablet_history_max_age_sec) are deleted.

Type

bool

Default

true

Tags

runtime

 

--undo_delta_block_gc_init_budget_millis

The maximum number of milliseconds we will spend initializing UNDO delta blocks per invocation of UndoDeltaBlockGCOp. Existing delta blocks must be initialized once per process startup to determine when they can be deleted.

Type

int32

Default

1000

Tags

advanced,evolving

 

--tablet_transaction_memory_limit_mb

Maximum amount of memory that may be consumed by all in-flight transactions belonging to a particular tablet. When this limit is reached, new transactions will be rejected and clients will be forced to retry them. If -1, transaction memory tracking is disabled.

Type

int64

Default

64

Tags

advanced

 

--heartbeat_incompatible_replica_management_is_fatal

Whether incompatible replica management schemes or unsupported PREPARE_REPLACEMENT_BEFORE_EVICTION feature flag by master are fatal

Type

bool

Default

true

Tags

runtime,advanced

 

--heartbeat_interval_ms

Interval at which the TS heartbeats to the master.

Type

int32

Default

1000

Tags

advanced

 

--heartbeat_max_failures_before_backoff

Maximum number of consecutive heartbeat failures until the Tablet Server backs off to the normal heartbeat interval, rather than retrying.

Type

int32

Default

3

Tags

advanced

 

--heartbeat_rpc_timeout_ms

Timeout used for the TS→Master heartbeat RPCs.

Type

int32

Default

15000

Tags

advanced

 

--scanner_ttl_ms

Number of milliseconds of inactivity allowed for a scannerbefore it may be expired

Type

int32

Default

60000

Tags

advanced

 

--tablet_copy_begin_session_timeout_ms

Tablet server RPC client timeout for BeginTabletCopySession calls. Also used for EndTabletCopySession calls.

Type

int32

Default

30000

Tags

advanced

 

--tablet_copy_idle_timeout_sec

Amount of time without activity before a tablet copy session will expire, in seconds

Type

uint64

Default

600

Tags

evolving,advanced

 

--scanner_batch_size_rows

The number of rows to batch for servicing scan requests.

Type

int32

Default

128

Tags

runtime,advanced

 

--scanner_default_batch_size_bytes

The default size for batches of scan results

Type

int32

Default

1048576

Tags

runtime,advanced

 

--scanner_max_batch_size_bytes

The maximum batch size that a client may request for scan results.

Type

int32

Default

8388608

Tags

runtime,advanced

 

--scanner_max_wait_ms

The maximum amount of time (in milliseconds) we’ll hang a scanner thread waiting for safe time to advance or transactions to commit, even if its deadline allows waiting longer.

Type

int32

Default

1000

Tags

advanced

 

--tserver_enforce_access_control

If set, the server will apply fine-grained access control rules to client RPCs.

Type

bool

Default

false

Tags

runtime

 

--num_tablets_to_copy_simultaneously

Number of threads available to copy tablets from remote servers.

Type

int32

Default

10

Tags

advanced

 

--num_tablets_to_delete_simultaneously

Number of threads available to delete tablets. If this is set to 0 (the default), then the number of delete threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

 

--num_tablets_to_open_simultaneously

Number of threads available to open tablets during startup. If this is set to 0 (the default), then the number of bootstrap threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

 

--tablet_state_walk_min_period_ms

Minimum amount of time in milliseconds between walks of the tablet map to update tablet state counts.

Type

int32

Default

1000

Tags

advanced

 

--update_tablet_stats_interval_ms

Interval at which the tablet statistics should be updated.Should be greater than 'heartbeat_interval_ms'

Type

int32

Default

5000

Tags

advanced

 

--cloud_aws_instance_id_url

The URL to fetch the identifier of an AWS instance

Type

string

Default

http://169.254.169.254/latest/meta-data/instance-id

Tags

runtime,advanced

 

--cloud_aws_ntp_server

IP address/FQDN of the internal NTP server to use from within an AWS instance

Type

string

Default

169.254.169.123

Tags

runtime,advanced

 

--cloud_azure_instance_id_url

The URL to fetch the identifier of an Azure instance

Type

string

Default

http://169.254.169.254/metadata/instance/compute/vmId?api-version=2018-10-01&format=text

Tags

runtime,advanced

 

--cloud_gce_instance_id_url

The URL to fetch the identifier of a GCE instance

Type

string

Default

http://metadata.google.internal/computeMetadata/v1/instance/id

Tags

runtime,advanced

 

--cloud_gce_ntp_server

IP address/FQDN of the internal NTP server to use from within a GCE instance

Type

string

Default

metadata.google.internal

Tags

runtime,advanced

 

--cloud_metadata_server_request_timeout_ms

Timeout for HTTP/HTTPS requests to the instance metadata server (in milliseconds)

Type

uint32

Default

1000

Tags

runtime,advanced

 

--cloud_openstack_metadata_url

The URL to fetch metadata of an OpenStack instance via Nova metadata service. OpenStack Nova metadata server does not provide a separate URL to fetch instance UUID, at least with 12.0.0 (Liberty) release.

Type

string

Default

http://169.254.169.254/openstack/latest/meta_data.json

Tags

runtime,advanced

 

--env_use_fsync

Use fsync(2) instead of fdatasync(2) for synchronizing dirty data to disk.

Type

bool

Default

false

Tags

evolving,advanced

 

--file_cache_expiry_period_ms

Period of time (in ms) between removing expired file cache descriptors

Type

int32

Default

60000

Tags

advanced

 

--disable_core_dumps

Disable core dumps when this process crashes.

Type

bool

Default

false

Tags

evolving,advanced

 

--heap_sample_every_n_bytes

Enable heap occupancy sampling. If this flag is set to some positive value N, a memory allocation will be sampled approximately every N bytes. Lower values of N incur larger overhead but give more accurate results. A value such as 512KB is a reasonable choice with relatively low overhead.

Type

int64

Default

524288

Tags

advanced

 

--redact

Comma-separated list that controls redaction context. Supported options are 'all','log', and 'none'. If 'all' is specified, sensitive data (sensitive configuration flags and row data) will be redacted from the web UI as well as glog and error messages. If 'log' is specified, sensitive data will only be redacted from glog and error messages. If 'none' is specified, no redaction will occur.

Type

string

Default

all

Tags

evolving,advanced

 

--umask

The umask that will be used when creating files and directories. Permissions of top-level data directories will also be modified at start-up to conform to the given umask. Changing this value may enable unauthorized local users to read or modify data stored by Kudu.

Type

string

Default

077

Tags

advanced

 

--metrics_retirement_age_ms

The minimum number of milliseconds a metric will be kept for after it is no longer active. (Advanced option)

Type

int32

Default

120000

Tags

advanced,runtime

 

--enable_minidumps

Whether to enable minidump generation upon process crash or SIGUSR1. Currently only supported on Linux systems.

Type

bool

Default

true

Tags

evolving,advanced

 

--max_minidumps

Maximum number of minidump files to keep per daemon. Older files are removed first. Set to 0 to keep all minidump files.

Type

int32

Default

9

Tags

evolving

 

--minidump_path

Directory to write minidump files to. This can be either an absolute path or a path relative to --log_dir. Each daemon will create an additional sub-directory to prevent naming conflicts and to make it easier to identify a crashing daemon. Minidump files contain crash-related information in a compressed format. Minidumps will be written when a daemon exits unexpectedly, for example on an unhandled exception or signal, or when a SIGUSR1 signal is sent to the process. Cannot be set to an empty value.

Type

string

Default

minidumps

Tags

evolving

 

--minidump_size_limit_hint_kb

Size limit hint for minidump files in KB. If a minidump exceeds this value, then breakpad will reduce the stack memory it collects for each thread from 8KB to 2KB. However it will always include the full stack memory for the first 20 threads, including the thread that crashed.

Type

int32

Default

20480

Tags

evolving,advanced

 

--dns_resolver_cache_capacity_mb

Capacity of DNS resolver cache, in MiBytes. For each key, the cache stores records returned by getaddrinfo(). A value of 0 means the results of DNS name resolution are not cached.

Type

uint32

Default

1

Tags

advanced

 

--dns_resolver_cache_ttl_sec

TTL of records in the DNS resolver cache, in seconds.

Type

uint32

Default

15

Tags

advanced

 

--dns_resolver_max_threads_num

The maximum number of threads to use for async DNS resolution

Type

int32

Default

1

Tags

advanced

 

--nvm_cache_path

The path at which the NVM cache will try to allocate its memory. This can be a tmpfs or ramfs for testing purposes.

Type

string

Default

/pmem

Tags

 

--nvm_cache_usage_ratio

A ratio to set the usage of nvm cache. The charge of an item in the nvm cache is equal to the results of memkind_malloc_usable_size multiplied by the ratio.

Type

double

Default

1.25

Tags

advanced

 

--memory_limit_soft_percentage

Percentage of the hard memory limit that this daemon may consume before memory throttling of writes begins. The greater the excess, the higher the chance of throttling. In general, a lower soft limit leads to smoother write latencies but decreased throughput, and vice versa for a higher soft limit.

Type

int32

Default

80

Tags

advanced

 

--memory_limit_warn_threshold_percentage

Percentage of the hard memory limit that this daemon may consume before WARNING level messages are periodically logged.

Type

int32

Default

98

Tags

advanced

 

--memory_pressure_percentage

Percentage of the hard memory limit that this daemon may consume before flushing of in-memory data becomes prioritized.

Type

int32

Default

60

Tags

advanced

 

--tcmalloc_max_free_bytes_percentage

Maximum percentage of the RSS that tcmalloc is allowed to use for reserved but unallocated memory.

Type

int32

Default

10

Tags

advanced

 

--drop_log_memory

Drop in-memory buffers of log contents. Logs can grow very quickly and they are rarely read before they need to be evicted from memory. Instead, drop them from memory as soon as they are flushed to disk.

Type

bool

Default

true

Tags

runtime,advanced

 

--log_backtrace_at

Emit a backtrace when logging at file:linenum.

Type

string

Default

none

Tags

advanced

 

--logbuflevel

Buffer log messages logged at this level or lower (-1 means don’t buffer; 0 means buffer INFO only; …​)

Type

int32

Default

0

Tags

runtime,advanced

 

--logbufsecs

Buffer log messages for at most this many seconds

Type

int32

Default

5

Tags

runtime,advanced

 

--logfile_mode

Log file mode/permissions.

Type

int32

Default

436

Tags

 


kudu-tserver Flags

Stable Flags

Flags tagged stable and not advanced are safe to use for common configuration tasks.

--block_cache_capacity_mb

block cache capacity in MB

Type

int64

Default

512

Tags

stable

 

--builtin_ntp_servers

The NTP servers used by the built-in NTP client, in format <FQDN|IP>[:PORT]. These will only be used if the built-in NTP client is enabled (i.e. if setting --time_source=builtin).

Type

string

Default

0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

Tags

stable

 

--time_source

The time source that HybridClock should use. Must be one of auto, builtin, system, system_unsync (toy clusters/testing only), mock (testing only). When set to auto, the system automatically picks one of the following depending on the environment: builtin, system, system_unsync, where in case of picking builtin the built-in NTP client is configured with dedicated NTP server(s) provided by the environment.

Type

string

Default

system

Tags

stable

 

--log_force_fsync_all

Whether the Log/WAL should explicitly call fsync() after each write.

Type

bool

Default

false

Tags

stable

 

--fs_data_dirs

Comma-separated list of directories with data blocks. If this is not specified, fs_wal_dir will be used as the sole data block directory.

Type

string

Default

none

Tags

stable

 

--fs_metadata_dir

Directory with metadata. If this is not specified, for compatibility with Kudu 1.6 and below, Kudu will check the first entry of fs_data_dirs for metadata and use it as the metadata directory if any exists. If none exists, fs_wal_dir will be used as the metadata directory.

Type

string

Default

none

Tags

stable

 

--fs_wal_dir

Directory with write-ahead logs. If this is not specified, the program will not start. May be the same as fs_data_dirs

Type

string

Default

none

Tags

stable

 

--keytab_file

Path to the Kerberos Keytab file for this server. Specifying a keytab file will cause the server to kinit, and enable Kerberos to be used to authenticate RPC connections.

Type

string

Default

none

Tags

stable

 

--rpc_bind_addresses

Comma-separated list of addresses to bind to for RPC connections. Currently, ephemeral ports (i.e. port 0) are not allowed.

Type

string

Default

0.0.0.0:7050

Tags

stable

 

--superuser_acl

The list of usernames to allow as super users, comma-separated. A '*' entry indicates that all authenticated users are allowed. If this is left unset or blank, the default behavior is that the identity of the daemon itself determines the superuser. If the daemon is logged in from a Keytab, then the local username from the Kerberos principal is used; otherwise, the local Unix username is used.

Type

string

Default

none

Tags

sensitive,stable

 

--user_acl

The list of usernames who may access the cluster, comma-separated. A '*' entry indicates that all authenticated users are allowed.

Type

string

Default

*

Tags

sensitive,stable

 

--webserver_certificate_file

The location of the debug webserver’s SSL certificate file, in PEM format. If empty, webserver SSL support is not enabled. If --webserver_private_key_file is set, this option must be set as well.

Type

string

Default

none

Tags

stable

 

--webserver_port

Port to bind to for the web server

Type

int32

Default

8050

Tags

stable

 

--webserver_private_key_file

The full path to the private key used as a counterpart to the public key contained in --webserver_certificate_file. If --webserver_certificate_file is set, this option must be set as well.

Type

string

Default

none

Tags

stable

 

--webserver_private_key_password_cmd

A Unix command whose output returns the password used to decrypt the Webserver’s certificate private key file specified in --webserver_private_key_file. If the PEM key file is not password-protected, this flag does not need to be set. Trailing whitespace will be trimmed before it is used to decrypt the private key

Type

string

Default

none

Tags

stable

 

--webserver_require_spnego

Require connections to the web server to authenticate via Kerberos using SPNEGO.

Type

bool

Default

false

Tags

stable

 

--tserver_master_addrs

Comma separated addresses of the masters which the tablet server should connect to. The masters do not read this flag — configure the masters separately using 'rpc_bind_addresses'.

Type

string

Default

127.0.0.1:7051

Tags

stable

 

--log_filename

Prefix of log filename - full path is <log_dir>/<log_filename>.[INFO|WARN|ERROR|FATAL]

Type

string

Default

none

Tags

stable

 

--maintenance_manager_num_threads

Size of the maintenance manager thread pool. For spinning disks, the number of threads should not be above the number of devices.

Type

int32

Default

1

Tags

stable

 

--memory_limit_hard_bytes

Maximum amount of memory this daemon should use, in bytes. A value of 0 autosizes based on the total system memory. A value of -1 disables all memory limiting.

Type

int64

Default

0

Tags

stable

 

--flagfile

load flags from file

Type

string

Default

none

Tags

stable

 

--help

show help on all flags [tip: all flags can have two dashes]

Type

bool

Default

false

Tags

stable

 

--version

show version and build info and exit

Type

bool

Default

false

Tags

stable

 

--colorlogtostderr

color messages logged to stderr (if supported by terminal)

Type

bool

Default

false

Tags

runtime,stable

 

--log_dir

If specified, logfiles are written into this directory instead of the default logging directory.

Type

string

Default

none

Tags

stable

 

--logtostderr

log messages go to stderr instead of logfiles

Type

bool

Default

false

Tags

runtime,stable

 

--max_log_size

approx. maximum log file size (in MB). A value of 0 will be silently overridden to 1.

Type

int32

Default

1800

Tags

runtime,stable

 

Stable, Advanced Flags

Flags tagged stable and advanced are supported, but should be considered "expert" options and should be used carefully and after thorough testing.

--tablet_history_max_age_sec

Number of seconds to retain tablet history, including history required to perform diff scans and incremental backups. Reads initiated at a snapshot that is older than this age will be rejected. To disable history removal, set to -1.

Type

int32

Default

604800

Tags

stable,advanced

 

--enable_process_lifetime_heap_profiling

Enables heap profiling for the lifetime of the process. Profile output will be stored in the directory specified by -heap_profile_path.

Type

bool

Default

false

Tags

advanced,stable

 

--heap_profile_path

Output path to store heap profiles. If not set profiles are stored in /tmp/<process-name>.<pid>.<n>.heap.

Type

string

Default

none

Tags

advanced,stable

 

--unlock_experimental_flags

Unlock flags marked as 'experimental'. These flags are not guaranteed to be maintained across releases of Kudu, and may enable features or behavior known to be unstable. Use at your own risk.

Type

bool

Default

false

Tags

stable,advanced

 

--unlock_unsafe_flags

Unlock flags marked as 'unsafe'. These flags are not guaranteed to be maintained across releases of Kudu, and enable features or behavior known to be unsafe. Use at your own risk.

Type

bool

Default

false

Tags

stable,advanced

 

--fromenv

set flags from the environment [use 'export FLAGS_flag1=value']

Type

string

Default

none

Tags

advanced,stable

 

--tryfromenv

set flags from the environment if present

Type

string

Default

none

Tags

advanced,stable

 

--undefok

comma-separated list of flag names that it is okay to specify on the command line even if the program does not define a flag with that name. IMPORTANT: flags in this list that have arguments MUST use the flag=value format

Type

string

Default

none

Tags

advanced,stable

 

--helpmatch

show help on modules whose name contains the specified substr

Type

string

Default

none

Tags

advanced,stable

 

--helpon

show help on the modules named by this flag value

Type

string

Default

none

Tags

advanced,stable

 

--helppackage

show help on all modules in the main package

Type

bool

Default

false

Tags

advanced,stable

 

--helpshort

show help on only the main module for this program

Type

bool

Default

false

Tags

advanced,stable

 

--helpxml

produce an xml version of help

Type

bool

Default

false

Tags

advanced,stable

 

Put additional links to the log files in this directory

Type

string

Default

none

Tags

advanced,stable

 

--log_prefix

Prepend the log prefix to the start of each log line

Type

bool

Default

true

Tags

runtime,advanced,stable

 

--minloglevel

Messages logged at a lower level than this don’t actually get logged anywhere

Type

int32

Default

0

Tags

runtime,advanced,stable

 

--stderrthreshold

log messages at or above this level are copied to stderr in addition to logfiles. This flag obsoletes --alsologtostderr.

Type

int32

Default

2

Tags

runtime,advanced,stable

 

--stop_logging_if_full_disk

Stop attempting to log to disk if the disk is full.

Type

bool

Default

false

Tags

runtime,advanced,stable

 

--symbolize_stacktrace

Symbolize the stack trace in the tombstone

Type

bool

Default

true

Tags

runtime,advanced,stable

 

--v

Show all VLOG(m) messages for m ⇐ this. Overridable by --vmodule.

Type

int32

Default

0

Tags

runtime,advanced,stable

 

--vmodule

per-module verbose level. Argument is a comma-separated list of <module name>=<log level>. <module name> is a glob pattern, matched against the filename base (that is, name ignoring .cc/.h./-inl.h). <log level> overrides any value given by --v.

Type

string

Default

none

Tags

advanced,stable

 

Evolving Flags

Flags tagged evolving (or not tagged with a stability tag) are not yet considered final, and while they may be useful for tuning, they are subject to being changed or removed without notice.

--block_cache_type

Which type of block cache to use for caching data. Valid choices are 'DRAM' or 'NVM'. DRAM, the default, caches data in regular memory. 'NVM' caches data in a memory-mapped file using the memkind library. To use 'NVM', libmemkind 1.8.0 or newer must be available on the system; otherwise Kudu will crash.

Type

string

Default

DRAM

Tags

 

--cfile_verify_checksums

Verify the checksum for each block on read if one exists

Type

bool

Default

true

Tags

evolving

 

--cfile_default_block_size

The default block size to use in cfiles

Type

int32

Default

262144

Tags

advanced

 

--cfile_default_compression_codec

Default cfile block compression codec.

Type

string

Default

no_compression

Tags

advanced

 

--cfile_write_checksums

Write CRC32 checksums for each block

Type

bool

Default

true

Tags

evolving

 

--builtin_ntp_client_bind_address

Local address to bind client UDP socket used to send and receive NTP packets. The default value '0.0.0.0' is equivalent to '0.0.0.0:0' meaning 'bind to all available IPv4 interfaces using ephemeral ports (i.e. port 0)'. It might be useful to customize this flag if getting through a firewall to reach public NTP servers specified by --builtin_ntp_servers.

Type

string

Default

0.0.0.0

Tags

advanced

 

--builtin_ntp_poll_interval_ms

The time between successive polls of a single NTP server (in milliseconds)

Type

uint32

Default

16000

Tags

runtime,advanced

 

--max_clock_sync_error_usec

Maximum allowed clock synchronization error as reported by NTP before the server will abort.

Type

int32

Default

10000000

Tags

runtime,advanced

 

--ntp_initial_sync_wait_secs

Amount of time in seconds to wait for clock synchronisation at startup. A value of zero means Kudu will fail to start if the clock is unsynchronized. This flag can prevent Kudu from crashing if it starts before NTP can synchronize the clock.

Type

int32

Default

60

Tags

evolving,advanced

 

--cmeta_force_fsync

Whether fsync() should be called when consensus metadata files are updated

Type

bool

Default

false

Tags

advanced

 

--consensus_rpc_timeout_ms

Timeout used for all consensus internal RPC communications.

Type

int32

Default

30000

Tags

advanced

 

--consensus_max_batch_size_bytes

The maximum per-tablet RPC batch size when updating peers.

Type

int32

Default

1048576

Tags

advanced

 

--follower_unavailable_considered_failed_sec

Seconds that a leader is unable to successfully heartbeat to a follower after which the follower is considered to be failed and evicted from the config.

Type

int32

Default

300

Tags

runtime,advanced

 

--fs_wal_dir_reserved_bytes

Number of bytes to reserve on the log directory filesystem for non-Kudu usage. The default, which is represented by -1, is that 1% of the disk space on each disk will be reserved. Any other value specified represents the number of bytes reserved and must be greater than or equal to 0. Explicit percentages to reserve are not currently supported

Type

int64

Default

-1

Tags

runtime

 

--fs_wal_use_file_cache

Whether to use the server-wide file cache for WAL segments and WAL index chunks.

Type

bool

Default

true

Tags

advanced,runtime

 

--group_commit_queue_size_bytes

Maximum size of the group commit queue in bytes

Type

int32

Default

4194304

Tags

advanced

 

--log_min_segments_to_retain

The minimum number of past log segments to keep at all times, regardless of what is required for durability. Must be at least 1.

Type

int32

Default

1

Tags

advanced,runtime

 

--global_log_cache_size_limit_mb

Server-wide version of 'log_cache_size_limit_mb'. The total memory used for caching log entries across all tablets is kept under this threshold.

Type

int32

Default

1024

Tags

advanced

 

--log_cache_size_limit_mb

The total per-tablet size of consensus entries which may be kept in memory. The log cache attempts to keep all entries which have not yet been replicated to all followers in memory, but if the total size of those entries exceeds this limit within an individual tablet, the oldest will be evicted.

Type

int32

Default

128

Tags

advanced

 

--log_async_preallocate_segments

Whether the WAL segments preallocation should happen asynchronously

Type

bool

Default

true

Tags

advanced

 

--log_preallocate_segments

Whether the WAL should preallocate the entire segment before writing to it

Type

bool

Default

true

Tags

advanced

 

--log_segment_size_mb

The default size for log segments, in MB

Type

int32

Default

8

Tags

advanced

 

--evict_failed_followers

Whether to evict followers from the Raft config that have fallen too far behind the leader’s log to catch up normally or have been unreachable by the leader for longer than follower_unavailable_considered_failed_sec

Type

bool

Default

true

Tags

advanced

 

--leader_failure_max_missed_heartbeat_periods

Maximum heartbeat periods that the leader can fail to heartbeat in before we consider the leader to be failed. The total failure timeout in milliseconds is raft_heartbeat_interval_ms times leader_failure_max_missed_heartbeat_periods. The value passed to this flag may be fractional.

Type

double

Default

3

Tags

advanced

 

--raft_heartbeat_interval_ms

The heartbeat interval for Raft replication. The leader produces heartbeats to followers at this interval. The followers expect a heartbeat at this interval and consider a leader to have failed if it misses several in a row.

Type

int32

Default

500

Tags

advanced

 

--safe_time_advancement_without_writes

Whether to enable the advancement of "safe" time in the absense of write operations

Type

bool

Default

true

Tags

advanced

 

--fs_data_dirs_available_space_cache_seconds

Number of seconds we cache the available disk space in the block manager.

Type

int32

Default

10

Tags

evolving,advanced

 

--fs_data_dirs_consider_available_space

Whether to consider available space when selecting a data directory during tablet or data block creation.

Type

bool

Default

true

Tags

evolving,runtime

 

--fs_data_dirs_reserved_bytes

Number of bytes to reserve on each data directory filesystem for non-Kudu usage. The default, which is represented by -1, is that 1% of the disk space on each disk will be reserved. Any other value specified represents the number of bytes reserved and must be greater than or equal to 0. Explicit percentages to reserve are not currently supported

Type

int64

Default

-1

Tags

evolving,runtime

 

--fs_max_thread_count_per_data_dir

Maximum work thread per data directory.

Type

uint64

Default

8

Tags

advanced

 

--fs_target_data_dirs_per_tablet

Indicates the target number of data dirs to spread each tablet’s data across. If greater than the number of data dirs available, data will be striped across those available. A value of 0 indicates striping should occur across all healthy data dirs. Using fewer data dirs per tablet means a single drive failure will be less likely to affect a given tablet.

Type

int32

Default

3

Tags

evolving,advanced

 

--block_manager

Which block manager to use for storage. Valid options are 'file' and 'log'. The file block manager is not suitable for production use due to scaling limitations.

Type

string

Default

log

Tags

advanced

 

--log_container_excess_space_before_cleanup_fraction

Additional fraction of a log container’s calculated size that must be consumed on disk before the container is considered to be inconsistent and subject to excess space cleanup at block manager startup.

Type

double

Default

0.10000000000000001

Tags

advanced

 

--log_container_max_blocks

Maximum number of blocks (soft) of a log container. Use 0 for no limit. Use -1 for no limit except in the case of a kernel bug with hole punching on ext4 (see KUDU-1508 for details).

Type

int64

Default

-1

Tags

advanced

 

--log_container_max_size

Maximum size (soft) of a log container

Type

uint64

Default

10737418240

Tags

advanced

 

--log_container_preallocate_bytes

Number of bytes to preallocate in a log container when creating new blocks. Set to 0 to disable preallocation

Type

uint64

Default

33554432

Tags

advanced

 

--server_thread_pool_max_thread_count

Maximum number of threads to allow in each server-wide thread pool. If -1, Kudu will automatically calculate this value. It is an error to use a value of 0.

Type

int32

Default

-1

Tags

evolving,advanced

 

--rpc_acceptor_listen_backlog

Socket backlog parameter used when listening for RPC connections. This defines the maximum length to which the queue of pending TCP connections inbound to the RPC server may grow. If a connection request arrives when the queue is full, the client may receive an error. Higher values may help the server ride over bursts of new inbound connection requests.

Type

int32

Default

128

Tags

advanced

 

--rpc_encrypt_loopback_connections

Whether to encrypt data transfer on RPC connections that stay within a single host. Encryption here is likely to offer no additional security benefit since only a local 'root' user could intercept the traffic, and wire encryption does not suitably protect against such an attacker.

Type

bool

Default

false

Tags

advanced

 

--rpc_callback_max_cycles

The maximum number of cycles for which an RPC callback should be allowed to run without emitting a warning. (Advanced debugging option)

Type

int64

Default

100000000

Tags

runtime,advanced

 

--tcp_keepalive_probe_period_s

The duration in seconds after an outbound connection has gone idle before a TCP keepalive probe is sent to the peer. Set to 0 to disable TCP keepalive probes from being sent.

Type

int32

Default

60

Tags

advanced

 

--tcp_keepalive_retry_count

The maximum number of keepalive probes sent before declaring the remote end as dead. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

10

Tags

advanced

 

--tcp_keepalive_retry_period_s

The duration in seconds between successive keepalive probes from an outbound connection if the previous probes are not acknowledged. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

3

Tags

advanced

 

--remember_clients_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a client for the purpose of caching its responses. After this period without hearing from it, the client is no longer remembered and the memory occupied by its responses is reclaimed. Retries of requests older than 'remember_clients_ttl_ms' are treated as new ones.

Type

int64

Default

3600000

Tags

advanced

 

--remember_responses_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a response to a specific request for a client. After this period has elapsed, the response may have been garbage collected and the client might get a response indicating the request is STALE.

Type

int64

Default

600000

Tags

advanced

 

--rpc_dump_all_traces

If true, dump all RPC traces at INFO level

Type

bool

Default

false

Tags

runtime,advanced

 

--rpc_duration_too_long_ms

Threshold (in milliseconds) above which a RPC is considered too long and its duration and method name are logged at INFO level. The time measured is between when a RPC is accepted and when its call handler completes.

Type

int32

Default

1000

Tags

runtime,advanced

 

--trusted_subnets

A trusted subnet whitelist. If set explicitly, all unauthenticated or unencrypted connections are prohibited except the ones from the specified address blocks. Otherwise, private network (127.0.0.0/8, etc.) and local subnets of all local network interfaces will be used. Set it to '0.0.0.0/0' to allow unauthenticated/unencrypted connections from all remote IP addresses. However, if network access is not otherwise restricted by a firewall, malicious users may be able to gain unauthorized access.

Type

string

Default

127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16

Tags

evolving,advanced

 

--rpc_max_message_size

The maximum size of a message that any RPC that the server will accept. Must be at least 1MB.

Type

int64

Default

52428800

Tags

runtime,advanced

 

--use_system_auth_to_local

When enabled, use the system krb5 library to map Kerberos principal names to local (short) usernames. If not enabled, the first component of the principal will be used as the short name. For example, 'kudu/foo.example.com@EXAMPLE' will map to 'kudu'.

Type

bool

Default

true

Tags

advanced

 

--metrics_default_level

The default severity level to use when filtering the metrics. Valid choices are 'debug', 'info', and 'warn'. The levels are ordered and lower levels include the levels above them. This value can be overridden by passing the level query parameter to the '/metrics' endpoint.

Type

string

Default

debug

Tags

evolving,runtime,advanced

 

--web_log_bytes

The maximum number of bytes to display on the debug webserver’s log page

Type

int64

Default

1048576

Tags

runtime,advanced

 

--rpc_advertised_addresses

Comma-separated list of addresses to advertise externally for RPC connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound RPC addresses specified in --rpc_bind_addresses are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

 

--rpc_num_acceptors_per_address

Number of RPC acceptor threads for each bound address

Type

int32

Default

1

Tags

advanced

 

--rpc_num_service_threads

Number of RPC worker threads to run

Type

int32

Default

20

Tags

advanced

 

--rpc_service_queue_length

Default length of queue for incoming RPC requests

Type

int32

Default

50

Tags

advanced

 

--gc_tcmalloc_memory_interval_seconds

Interval seconds to GC tcmalloc memory, 0 means disabled.

Type

uint64

Default

30

Tags

runtime,advanced

 

--max_negotiation_threads

Maximum number of connection negotiation threads.

Type

int32

Default

50

Tags

advanced

 

--min_negotiation_threads

Minimum number of connection negotiation threads.

Type

int32

Default

0

Tags

advanced

 

--num_reactor_threads

Number of libev reactor threads to start.

Type

int32

Default

4

Tags

advanced

 

--rpc_authentication

Whether to require RPC connections to authenticate. Must be one of 'disabled', 'optional', or 'required'. If 'optional', authentication will be used when the remote end supports it. If 'required', connections which are not able to authenticate (because the remote end lacks support) are rejected. Secure clusters should use 'required'.

Type

string

Default

optional

Tags

evolving

 

--rpc_default_keepalive_time_ms

If an RPC connection from a client is idle for this amount of time, the server will disconnect the client. Setting this to any negative value keeps connections always alive.

Type

int32

Default

65000

Tags

advanced

 

--rpc_encryption

Whether to require RPC connections to be encrypted. Must be one of 'disabled', 'optional', or 'required'. If 'optional', encryption will be used when the remote end supports it. If 'required', connections which are not able to use encryption (because the remote end lacks support) are rejected. If 'disabled', encryption will not be used, and RPC authentication (--rpc_authentication) must also be disabled as well. Secure clusters should use 'required'.

Type

string

Default

optional

Tags

evolving

 

--rpc_negotiation_timeout_ms

Timeout for negotiating an RPC connection.

Type

int64

Default

3000

Tags

runtime,advanced

 

--rpc_private_key_password_cmd

A Unix command whose output returns the password used to decrypt the RPC server’s private key file specified in --rpc_private_key_file. If the .PEM key file is not password-protected, this flag does not need to be set. Trailing whitespace will be trimmed before it is used to decrypt the private key.

Type

string

Default

none

Tags

 

--rpc_tls_ciphers

The cipher suite preferences to use for TLS-secured RPC connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

 

--rpc_tls_min_protocol

The minimum protocol version to allow when for securing RPC connections with TLS. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

 

--server_max_open_files

Maximum number of open file descriptors. If 0, Kudu will automatically calculate this value. This is a soft limit

Type

uint64

Default

0

Tags

advanced

 

--webserver_enabled

Whether to enable the web server on this daemon. NOTE: disabling the web server is also likely to prevent monitoring systems from properly capturing metrics.

Type

bool

Default

true

Tags

advanced

 

--metrics_log_interval_ms

Interval (in milliseconds) at which the server will dump its metrics to a local log file. The log files are located in the same directory as specified by the -log_dir flag. If this is not a positive value, then metrics logging will be disabled.

Type

int32

Default

60000

Tags

advanced

 

--webserver_max_post_length_bytes

The maximum length of a POST request that will be accepted by the embedded web server.

Type

int32

Default

1048576

Tags

runtime,advanced

 

--webserver_x_frame_options

The webserver will add an 'X-Frame-Options' HTTP header with this value to all responses. This can help prevent clickjacking attacks.

Type

string

Default

DENY

Tags

advanced

 

--webserver_advertised_addresses

Comma-separated list of addresses to advertise externally for HTTP(S) connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound webserver address specified in --webserver_interface and --webserver_port are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

 

--webserver_authentication_domain

Domain used for debug webserver authentication

Type

string

Default

none

Tags

 

--webserver_doc_root

Files under <webserver_doc_root> are accessible via the debug webserver. Defaults to $KUDU_HOME/www, or if $KUDU_HOME is not set, disables the document root

Type

string

Default

none

Tags

advanced

 

--webserver_enable_doc_root

If true, webserver may serve static files from the webserver_doc_root

Type

bool

Default

true

Tags

advanced

 

--webserver_interface

Interface to start debug webserver on. If blank, webserver binds to 0.0.0.0

Type

string

Default

none

Tags

advanced

 

--webserver_num_worker_threads

Maximum number of threads to start for handling web server requests

Type

int32

Default

50

Tags

advanced

 

--webserver_password_file

(Optional) Location of .htpasswd file containing user names and hashed passwords for debug webserver authentication

Type

string

Default

none

Tags

 

--webserver_tls_ciphers

The cipher suite preferences to use for webserver HTTPS connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

 

--webserver_tls_min_protocol

The minimum protocol version to allow when for webserver HTTPS connections. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

 

--compaction_minimum_improvement

The minimum quality for a compaction to run. If a compaction does not improve the average height of DiskRowSets by at least this amount, the compaction will be considered ineligible.

Type

double

Default

0.0099999997764825821

Tags

advanced

 

--tablet_bloom_block_size

Block size of the bloom filters used for tablet keys.

Type

int32

Default

4096

Tags

advanced

 

--tablet_bloom_target_fp_rate

Target false-positive rate (between 0 and 1) to size tablet key bloom filters. A lower false positive rate may reduce the number of disk seeks required in heavy insert workloads, at the expense of more space and RAM required for bloom filters.

Type

double

Default

9.9999997473787516e-05

Tags

advanced

 

--enable_deleted_rowset_gc

Whether to enable garbage collection of fully deleted rowsets. Disabling deleted rowset garbage collection may increase disk space usage for workloads that involve a high number of deletes. Only deleted rowsets that are entirely considered ancient history (see --tablet_history_max_age_sec) are deleted.

Type

bool

Default

true

Tags

runtime

 

--undo_delta_block_gc_init_budget_millis

The maximum number of milliseconds we will spend initializing UNDO delta blocks per invocation of UndoDeltaBlockGCOp. Existing delta blocks must be initialized once per process startup to determine when they can be deleted.

Type

int32

Default

1000

Tags

advanced,evolving

 

--tablet_transaction_memory_limit_mb

Maximum amount of memory that may be consumed by all in-flight transactions belonging to a particular tablet. When this limit is reached, new transactions will be rejected and clients will be forced to retry them. If -1, transaction memory tracking is disabled.

Type

int64

Default

64

Tags

advanced

 

--heartbeat_incompatible_replica_management_is_fatal

Whether incompatible replica management schemes or unsupported PREPARE_REPLACEMENT_BEFORE_EVICTION feature flag by master are fatal

Type

bool

Default

true

Tags

runtime,advanced

 

--heartbeat_interval_ms

Interval at which the TS heartbeats to the master.

Type

int32

Default

1000

Tags

advanced

 

--heartbeat_max_failures_before_backoff

Maximum number of consecutive heartbeat failures until the Tablet Server backs off to the normal heartbeat interval, rather than retrying.

Type

int32

Default

3

Tags

advanced

 

--heartbeat_rpc_timeout_ms

Timeout used for the TS→Master heartbeat RPCs.

Type

int32

Default

15000

Tags

advanced

 

--scanner_ttl_ms

Number of milliseconds of inactivity allowed for a scannerbefore it may be expired

Type

int32

Default

60000

Tags

advanced

 

--tablet_copy_begin_session_timeout_ms

Tablet server RPC client timeout for BeginTabletCopySession calls. Also used for EndTabletCopySession calls.

Type

int32

Default

30000

Tags

advanced

 

--tablet_copy_idle_timeout_sec

Amount of time without activity before a tablet copy session will expire, in seconds

Type

uint64

Default

600

Tags

evolving,advanced

 

--scanner_batch_size_rows

The number of rows to batch for servicing scan requests.

Type

int32

Default

128

Tags

runtime,advanced

 

--scanner_default_batch_size_bytes

The default size for batches of scan results

Type

int32

Default

1048576

Tags

runtime,advanced

 

--scanner_max_batch_size_bytes

The maximum batch size that a client may request for scan results.

Type

int32

Default

8388608

Tags

runtime,advanced

 

--scanner_max_wait_ms

The maximum amount of time (in milliseconds) we’ll hang a scanner thread waiting for safe time to advance or transactions to commit, even if its deadline allows waiting longer.

Type

int32

Default

1000

Tags

advanced

 

--tserver_enforce_access_control

If set, the server will apply fine-grained access control rules to client RPCs.

Type

bool

Default

false

Tags

runtime

 

--num_tablets_to_copy_simultaneously

Number of threads available to copy tablets from remote servers.

Type

int32

Default

10

Tags

advanced

 

--num_tablets_to_delete_simultaneously

Number of threads available to delete tablets. If this is set to 0 (the default), then the number of delete threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

 

--num_tablets_to_open_simultaneously

Number of threads available to open tablets during startup. If this is set to 0 (the default), then the number of bootstrap threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

 

--tablet_state_walk_min_period_ms

Minimum amount of time in milliseconds between walks of the tablet map to update tablet state counts.

Type

int32

Default

1000

Tags

advanced

 

--update_tablet_stats_interval_ms

Interval at which the tablet statistics should be updated.Should be greater than 'heartbeat_interval_ms'

Type

int32

Default

5000

Tags

advanced

 

--cloud_aws_instance_id_url

The URL to fetch the identifier of an AWS instance

Type

string

Default

http://169.254.169.254/latest/meta-data/instance-id

Tags

runtime,advanced

 

--cloud_aws_ntp_server

IP address/FQDN of the internal NTP server to use from within an AWS instance

Type

string

Default

169.254.169.123

Tags

runtime,advanced

 

--cloud_azure_instance_id_url

The URL to fetch the identifier of an Azure instance

Type

string

Default

http://169.254.169.254/metadata/instance/compute/vmId?api-version=2018-10-01&format=text

Tags

runtime,advanced

 

--cloud_gce_instance_id_url

The URL to fetch the identifier of a GCE instance

Type

string

Default

http://metadata.google.internal/computeMetadata/v1/instance/id

Tags

runtime,advanced

 

--cloud_gce_ntp_server

IP address/FQDN of the internal NTP server to use from within a GCE instance

Type

string

Default

metadata.google.internal

Tags

runtime,advanced

 

--cloud_metadata_server_request_timeout_ms

Timeout for HTTP/HTTPS requests to the instance metadata server (in milliseconds)

Type

uint32

Default

1000

Tags

runtime,advanced

 

--cloud_openstack_metadata_url

The URL to fetch metadata of an OpenStack instance via Nova metadata service. OpenStack Nova metadata server does not provide a separate URL to fetch instance UUID, at least with 12.0.0 (Liberty) release.

Type

string

Default

http://169.254.169.254/openstack/latest/meta_data.json

Tags

runtime,advanced

 

--env_use_fsync

Use fsync(2) instead of fdatasync(2) for synchronizing dirty data to disk.

Type

bool

Default

false

Tags

evolving,advanced

 

--file_cache_expiry_period_ms

Period of time (in ms) between removing expired file cache descriptors

Type

int32

Default

60000

Tags

advanced

 

--disable_core_dumps

Disable core dumps when this process crashes.

Type

bool

Default

false

Tags

evolving,advanced

 

--heap_sample_every_n_bytes

Enable heap occupancy sampling. If this flag is set to some positive value N, a memory allocation will be sampled approximately every N bytes. Lower values of N incur larger overhead but give more accurate results. A value such as 512KB is a reasonable choice with relatively low overhead.

Type

int64

Default

524288

Tags

advanced

 

--redact

Comma-separated list that controls redaction context. Supported options are 'all','log', and 'none'. If 'all' is specified, sensitive data (sensitive configuration flags and row data) will be redacted from the web UI as well as glog and error messages. If 'log' is specified, sensitive data will only be redacted from glog and error messages. If 'none' is specified, no redaction will occur.

Type

string

Default

all

Tags

evolving,advanced

 

--umask

The umask that will be used when creating files and directories. Permissions of top-level data directories will also be modified at start-up to conform to the given umask. Changing this value may enable unauthorized local users to read or modify data stored by Kudu.

Type

string

Default

077

Tags

advanced

 

--metrics_retirement_age_ms

The minimum number of milliseconds a metric will be kept for after it is no longer active. (Advanced option)

Type

int32

Default

120000

Tags

advanced,runtime

 

--enable_minidumps

Whether to enable minidump generation upon process crash or SIGUSR1. Currently only supported on Linux systems.

Type

bool

Default

true

Tags

evolving,advanced

 

--max_minidumps

Maximum number of minidump files to keep per daemon. Older files are removed first. Set to 0 to keep all minidump files.

Type

int32

Default

9

Tags

evolving

 

--minidump_path

Directory to write minidump files to. This can be either an absolute path or a path relative to --log_dir. Each daemon will create an additional sub-directory to prevent naming conflicts and to make it easier to identify a crashing daemon. Minidump files contain crash-related information in a compressed format. Minidumps will be written when a daemon exits unexpectedly, for example on an unhandled exception or signal, or when a SIGUSR1 signal is sent to the process. Cannot be set to an empty value.

Type

string

Default

minidumps

Tags

evolving

 

--minidump_size_limit_hint_kb

Size limit hint for minidump files in KB. If a minidump exceeds this value, then breakpad will reduce the stack memory it collects for each thread from 8KB to 2KB. However it will always include the full stack memory for the first 20 threads, including the thread that crashed.

Type

int32

Default

20480

Tags

evolving,advanced

 

--dns_resolver_cache_capacity_mb

Capacity of DNS resolver cache, in MiBytes. For each key, the cache stores records returned by getaddrinfo(). A value of 0 means the results of DNS name resolution are not cached.

Type

uint32

Default

1

Tags

advanced

 

--dns_resolver_cache_ttl_sec

TTL of records in the DNS resolver cache, in seconds.

Type

uint32

Default

15

Tags

advanced

 

--dns_resolver_max_threads_num

The maximum number of threads to use for async DNS resolution

Type

int32

Default

1

Tags

advanced

 

--nvm_cache_path

The path at which the NVM cache will try to allocate its memory. This can be a tmpfs or ramfs for testing purposes.

Type

string

Default

/pmem

Tags

 

--nvm_cache_usage_ratio

A ratio to set the usage of nvm cache. The charge of an item in the nvm cache is equal to the results of memkind_malloc_usable_size multiplied by the ratio.

Type

double

Default

1.25

Tags

advanced

 

--memory_limit_soft_percentage

Percentage of the hard memory limit that this daemon may consume before memory throttling of writes begins. The greater the excess, the higher the chance of throttling. In general, a lower soft limit leads to smoother write latencies but decreased throughput, and vice versa for a higher soft limit.

Type

int32

Default

80

Tags

advanced

 

--memory_limit_warn_threshold_percentage

Percentage of the hard memory limit that this daemon may consume before WARNING level messages are periodically logged.

Type

int32

Default

98

Tags

advanced

 

--memory_pressure_percentage

Percentage of the hard memory limit that this daemon may consume before flushing of in-memory data becomes prioritized.

Type

int32

Default

60

Tags

advanced

 

--tcmalloc_max_free_bytes_percentage

Maximum percentage of the RSS that tcmalloc is allowed to use for reserved but unallocated memory.

Type

int32

Default

10

Tags

advanced

 

--drop_log_memory

Drop in-memory buffers of log contents. Logs can grow very quickly and they are rarely read before they need to be evicted from memory. Instead, drop them from memory as soon as they are flushed to disk.

Type

bool

Default

true

Tags

runtime,advanced

 

--log_backtrace_at

Emit a backtrace when logging at file:linenum.

Type

string

Default

none

Tags

advanced

 

--logbuflevel

Buffer log messages logged at this level or lower (-1 means don’t buffer; 0 means buffer INFO only; …​)

Type

int32

Default

0

Tags

runtime,advanced

 

--logbufsecs

Buffer log messages for at most this many seconds

Type

int32

Default

5

Tags

runtime,advanced

 

--logfile_mode

Log file mode/permissions.

Type

int32

Default

436

Tags

 


Apache Kudu Unsupported Configuration Flags

These flags are unsupported and are included for informational purposes only. They are subject to being changed or removed at any time.

kudu-master Unsupported Flags

Flags not marked stable or evolving are considered experimental and are unsupported. They are included here for informational purposes only and are subject to being changed or removed without notice.

--block_cache_type

Which type of block cache to use for caching data. Valid choices are 'DRAM' or 'NVM'. DRAM, the default, caches data in regular memory. 'NVM' caches data in a memory-mapped file using the memkind library. To use 'NVM', libmemkind 1.8.0 or newer must be available on the system; otherwise Kudu will crash.

Type

string

Default

DRAM

Tags

--min_compression_ratio

If a column compression codec is configured, but the codec is unable to achieve a compression ratio at least as good as the configured value, then the data will be written uncompressed. This will reduce CPU overhead on the read side at the expense of a small amount of extra space if the codec encounters portions of data that are not easily compressible.

Type

double

Default

0.90000000000000002

Tags

experimental

--cfile_default_block_size

The default block size to use in cfiles

Type

int32

Default

262144

Tags

advanced

--cfile_default_compression_codec

Default cfile block compression codec.

Type

string

Default

no_compression

Tags

advanced

--builtin_ntp_client_bind_address

Local address to bind client UDP socket used to send and receive NTP packets. The default value '0.0.0.0' is equivalent to '0.0.0.0:0' meaning 'bind to all available IPv4 interfaces using ephemeral ports (i.e. port 0)'. It might be useful to customize this flag if getting through a firewall to reach public NTP servers specified by --builtin_ntp_servers.

Type

string

Default

0.0.0.0

Tags

advanced

--builtin_ntp_poll_interval_ms

The time between successive polls of a single NTP server (in milliseconds)

Type

uint32

Default

16000

Tags

runtime,advanced

--builtin_ntp_request_timeout_ms

Timeout for requests sent to NTP servers (in milliseconds)

Type

uint32

Default

3000

Tags

runtime,experimental

--builtin_ntp_true_time_refresh_max_interval_s

Maximum allowed time interval without refreshing computed true time estimation (in seconds)

Type

uint32

Default

3600

Tags

runtime,experimental

--max_clock_sync_error_usec

Maximum allowed clock synchronization error as reported by NTP before the server will abort.

Type

int32

Default

10000000

Tags

runtime,advanced

--codegen_dump_functions

Whether to print the LLVM IR for generated functions

Type

bool

Default

false

Tags

runtime,experimental

--codegen_dump_mc

Whether to dump the disassembly of the machine code for generated functions.

Type

bool

Default

false

Tags

runtime,experimental

--codegen_cache_capacity

Number of entries which may be stored in the code generation cache.

Type

int32

Default

100

Tags

experimental

--codegen_time_compilation

Whether to print time that each code generation request took.

Type

bool

Default

false

Tags

runtime,experimental

--ranger_default_database

Name of the default database which is used in the Ranger authorization context when the database name is not specified in the table name. Ranger makes no difference between <ranger_default_database>.<table> and <table>, so privileges granted on <table> in <ranger_default_database> are applied toboth <ranger_default_database>.<table> and <table> in Kudu.

Type

string

Default

default

Tags

--cmeta_force_fsync

Whether fsync() should be called when consensus metadata files are updated

Type

bool

Default

false

Tags

advanced

--consensus_rpc_timeout_ms

Timeout used for all consensus internal RPC communications.

Type

int32

Default

30000

Tags

advanced

--consensus_max_batch_size_bytes

The maximum per-tablet RPC batch size when updating peers.

Type

int32

Default

1048576

Tags

advanced

--follower_unavailable_considered_failed_sec

Seconds that a leader is unable to successfully heartbeat to a follower after which the follower is considered to be failed and evicted from the config.

Type

int32

Default

300

Tags

runtime,advanced

--fs_wal_dir_reserved_bytes

Number of bytes to reserve on the log directory filesystem for non-Kudu usage. The default, which is represented by -1, is that 1% of the disk space on each disk will be reserved. Any other value specified represents the number of bytes reserved and must be greater than or equal to 0. Explicit percentages to reserve are not currently supported

Type

int64

Default

-1

Tags

runtime

--fs_wal_use_file_cache

Whether to use the server-wide file cache for WAL segments and WAL index chunks.

Type

bool

Default

true

Tags

advanced,runtime

--group_commit_queue_size_bytes

Maximum size of the group commit queue in bytes

Type

int32

Default

4194304

Tags

advanced

--log_compression_codec

Codec to use for compressing WAL segments.

Type

string

Default

LZ4

Tags

experimental

--log_max_segments_to_retain

The maximum number of past log segments to keep at all times for the purposes of catching up other peers.

Type

int32

Default

80

Tags

experimental,advanced,runtime

--log_min_segments_to_retain

The minimum number of past log segments to keep at all times, regardless of what is required for durability. Must be at least 1.

Type

int32

Default

1

Tags

advanced,runtime

--global_log_cache_size_limit_mb

Server-wide version of 'log_cache_size_limit_mb'. The total memory used for caching log entries across all tablets is kept under this threshold.

Type

int32

Default

1024

Tags

advanced

--log_cache_size_limit_mb

The total per-tablet size of consensus entries which may be kept in memory. The log cache attempts to keep all entries which have not yet been replicated to all followers in memory, but if the total size of those entries exceeds this limit within an individual tablet, the oldest will be evicted.

Type

int32

Default

128

Tags

advanced

--log_async_preallocate_segments

Whether the WAL segments preallocation should happen asynchronously

Type

bool

Default

true

Tags

advanced

--log_preallocate_segments

Whether the WAL should preallocate the entire segment before writing to it

Type

bool

Default

true

Tags

advanced

--log_segment_size_mb

The default size for log segments, in MB

Type

int32

Default

8

Tags

advanced

--evict_failed_followers

Whether to evict followers from the Raft config that have fallen too far behind the leader’s log to catch up normally or have been unreachable by the leader for longer than follower_unavailable_considered_failed_sec

Type

bool

Default

false

Tags

advanced

--leader_failure_exp_backoff_max_delta_ms

Maximum time to sleep in between leader election retries, in addition to the regular timeout. When leader election fails the interval in between retries increases exponentially, up to this value.

Type

int32

Default

20000

Tags

experimental

--leader_failure_max_missed_heartbeat_periods

Maximum heartbeat periods that the leader can fail to heartbeat in before we consider the leader to be failed. The total failure timeout in milliseconds is raft_heartbeat_interval_ms times leader_failure_max_missed_heartbeat_periods. The value passed to this flag may be fractional.

Type

double

Default

3

Tags

advanced

--raft_enable_pre_election

When enabled, candidates will call a pre-election before running a real leader election.

Type

bool

Default

true

Tags

runtime,experimental

--raft_enable_tombstoned_voting

When enabled, tombstoned tablets may vote in elections.

Type

bool

Default

true

Tags

runtime,experimental

--raft_heartbeat_interval_ms

The heartbeat interval for Raft replication. The leader produces heartbeats to followers at this interval. The followers expect a heartbeat at this interval and consider a leader to have failed if it misses several in a row.

Type

int32

Default

500

Tags

advanced

--raft_prepare_replacement_before_eviction

When enabled, failed replicas will only be evicted after a replacement has been prepared for them.

Type

bool

Default

true

Tags

experimental,advanced

--missed_heartbeats_before_rejecting_snapshot_scans

The maximum raft heartbeat periods since the tablet has seen safe time advanced before refusing scans at snapshots that aren’t yet safe and forcing clients to try again.

Type

double

Default

1.5

Tags

experimental

--safe_time_advancement_without_writes

Whether to enable the advancement of "safe" time in the absense of write operations

Type

bool

Default

true

Tags

advanced

--safe_time_max_lag_ms

The maximum amount of time we allow safe time to lag behind the requested timestampbefore forcing the client to retry, in milliseconds.

Type

int32

Default

30000

Tags

experimental

--block_manager_preflush_control

Controls when to pre-flush a block. Valid values are 'finalize', 'close', or 'never'. If 'finalize', blocks will be pre-flushed when writing is finished. If 'close', blocks will be pre-flushed when their transaction is committed. If 'never', blocks will never be pre-flushed but still be flushed when closed.

Type

string

Default

finalize

Tags

experimental

--fs_max_thread_count_per_data_dir

Maximum work thread per data directory.

Type

uint64

Default

8

Tags

advanced

--block_manager

Which block manager to use for storage. Valid options are 'file' and 'log'. The file block manager is not suitable for production use due to scaling limitations.

Type

string

Default

log

Tags

advanced

--log_block_manager_delete_dead_container

When enabled, full and dead log block containers will be deleted at runtime, which can potentially help improving log block manager startup time

Type

bool

Default

true

Tags

experimental,advanced

--log_container_excess_space_before_cleanup_fraction

Additional fraction of a log container’s calculated size that must be consumed on disk before the container is considered to be inconsistent and subject to excess space cleanup at block manager startup.

Type

double

Default

0.10000000000000001

Tags

advanced

--log_container_live_metadata_before_compact_ratio

Desired ratio of live block metadata in log containers. If a container’s live to total block ratio dips below this value, the container’s metadata file will be compacted at startup.

Type

double

Default

0.5

Tags

experimental

--log_container_max_blocks

Maximum number of blocks (soft) of a log container. Use 0 for no limit. Use -1 for no limit except in the case of a kernel bug with hole punching on ext4 (see KUDU-1508 for details).

Type

int64

Default

-1

Tags

advanced

--log_container_max_size

Maximum size (soft) of a log container

Type

uint64

Default

10737418240

Tags

advanced

--log_container_preallocate_bytes

Number of bytes to preallocate in a log container when creating new blocks. Set to 0 to disable preallocation

Type

uint64

Default

33554432

Tags

advanced

--hive_metastore_conn_timeout_seconds

Configures the socket connect timeout, in seconds, for Thrift connections to the Hive Metastore.

Type

int32

Default

60

Tags

advanced

--hive_metastore_kerberos_principal

The service principal of the Hive Metastore server. Must match the primary (user) portion of hive.metastore.kerberos.principal option in the Hive Metastore configuration.

Type

string

Default

hive

Tags

--hive_metastore_max_message_size_bytes

Maximum size of Hive Metastore objects that can be received by the HMS client in bytes. Should match the metastore.server.max.message.size configuration.

Type

int32

Default

104857600

Tags

advanced

--hive_metastore_recv_timeout_seconds

Configures the socket receive timeout, in seconds, for Thrift connections to the Hive Metastore.

Type

int32

Default

60

Tags

advanced

--hive_metastore_retry_count

The number of times that HMS operations will retry after encountering retriable failures, such as network errors.

Type

int32

Default

1

Tags

advanced

--hive_metastore_sasl_enabled

Configures whether Thrift connections to the Hive Metastore use SASL (Kerberos) security. Must match the value of the hive.metastore.sasl.enabled option in the Hive Metastore configuration. When enabled, the --keytab_file flag must be provided.

Type

bool

Default

false

Tags

--hive_metastore_send_timeout_seconds

Configures the socket send timeout, in seconds, for Thrift connections to the Hive Metastore.

Type

int32

Default

60

Tags

advanced

--hive_metastore_uris

Address of the Hive Metastore instance(s). The provided port must be for the HMS Thrift service. If a port is not provided, defaults to 9083. If the HMS is deployed in an HA configuration, multiple comma-separated addresses should be supplied. If not set, the Kudu master will not send Kudu table catalog updates to Hive. The configured value must match the Hive hive.metastore.uris configuration.

Type

string

Default

none

Tags

--trusted_user_acl

Comma-separated list of trusted users who may access the cluster without being authorized against fine-grained permissions.

Type

string

Default

none

Tags

sensitive

--auto_rebalancing_interval_seconds

How long to sleep in between rebalancing cycles, before checking the cluster again to see if there is skew and rebalancing to be done.

Type

uint32

Default

30

Tags

--auto_rebalancing_load_imbalance_threshold

The threshold for the per-table location load imbalance. The threshold is used during the cross-location rebalancing phase. If the measured cross-location load imbalance for a table is greater than the specified threshold, the rebalancer tries to move table’s replicas to reduce the imbalance. The recommended range for the threshold is [0.5, …​) with the default value of 1.0. The threshold represents a policy wrt what to prefer: either ideal balance of the cross-location load on per-table basis (lower threshold value) or minimum number of replica movements between locations (greater threshold value). The default value is empirically proven to be a good choice between 'ideal' and 'good enough' replica distributions.

Type

double

Default

1

Tags

--auto_rebalancing_max_moves_per_server

Maximum number of replica moves to perform concurrently on one tablet server: 'move from' and 'move to' are counted as separate move operations.

Type

uint32

Default

1

Tags

--auto_rebalancing_rpc_timeout_seconds

RPC timeout in seconds when making RPCs to request moving tablet replicas or to check if the replica movement has completed.

Type

uint32

Default

60

Tags

--auto_rebalancing_wait_for_replica_moves_seconds

How long to wait before checking to see if the scheduled replica movement in this iteration of auto-rebalancing has completed.

Type

uint32

Default

1

Tags

--auto_rebalancing_enabled

Whether auto-rebalancing is enabled.

Type

bool

Default

false

Tags

experimental,advanced

--catalog_manager_enable_chunked_tablet_reports

Whether to split the tablet report data received from one tablet server into chunks when persisting it in the system catalog. The chunking starts at around the maximum allowed RPC size controlled by the --rpc_max_message_size flag. When the chunking is disabled, a tablet report sent by a tablet server is rejected if it would result in an oversized update on the system catalog tablet. With the default settings for --rpc_max_message_size, the latter can happen only in case of extremely high number of tablet replicas per tablet server.

Type

bool

Default

true

Tags

runtime,advanced

--default_num_replicas

Default number of replicas for tables that do not have the num_replicas set.

Type

int32

Default

3

Tags

advanced

--master_failover_catchup_timeout_ms

Amount of time to give a newly-elected leader master to load the previous master’s metadata and become active. If this time is exceeded, the node crashes.

Type

int32

Default

30000

Tags

experimental,advanced

--master_ts_rpc_timeout_ms

Timeout used for the master→TS async rpc calls.

Type

int32

Default

30000

Tags

advanced

--max_column_comment_length

Maximum length of the comment of a column

Type

int32

Default

256

Tags

--max_create_tablets_per_ts

The number of tablet replicas per TS that can be requested for a new table. If 0, no limit is enforced.

Type

int32

Default

60

Tags

advanced

--table_locations_ttl_ms

Maximum time in milliseconds which clients may cache table locations. New range partitions may not be visible to existing client instances until after waiting for the ttl period.

Type

int32

Default

300000

Tags

advanced

--tablet_creation_timeout_ms

Timeout used by the master when attempting to create tablet replicas during table creation.

Type

int32

Default

30000

Tags

advanced

--unresponsive_ts_rpc_timeout_ms

After this amount of time, the master will stop attempting to contact a tablet server in order to perform operations such as deleting a tablet.

Type

int32

Default

3600000

Tags

advanced

--hive_metastore_notification_log_batch_size

Number of notification log entries which are retrieved from the Hive Metastore per batch when polling.

Type

int32

Default

100

Tags

runtime,advanced

--hive_metastore_notification_log_poll_period_seconds

Amount of time the notification log listener waits between attempts to poll the Hive Metastore for catalog updates.

Type

uint32

Default

15

Tags

runtime,advanced

--authn_token_validity_seconds

Period of time for which an issued authentication token is valid. Clients will automatically attempt to reacquire a token after the validity period expires.

Type

int64

Default

604800

Tags

experimental

--authz_token_validity_seconds

Period of time for which an issued authorization token is valid. Clients will automatically attempt to reacquire a token after the validity period expires.

Type

int64

Default

300

Tags

experimental

--location_mapping_cmd

A Unix command which takes a single argument, the IP address or hostname of a tablet server or client, and returns the location string for the tablet server. A location string begins with a / and consists of /-separated tokens each of which contains only characters from the set [a-zA-Z0-9_-.]. If the cluster is not using location awareness features this flag should not be set.

Type

string

Default

none

Tags

--master_registration_rpc_timeout_ms

Timeout for retrieving master registration over RPC.

Type

int32

Default

1500

Tags

experimental

--tsk_rotation_seconds

Number of seconds between consecutive activations of newly generated TSKs (Token Signing Keys).

Type

int64

Default

86400

Tags

experimental,advanced

--ipki_ca_cert_expiration_seconds

validity interval for self-signed root CA certifcate issued by Kudu IPKI (Internal Private Key Infrastructure, a.k.a. Internal Kudu CA)

Type

int64

Default

315360000

Tags

experimental

--ipki_ca_key_size

the number of bits for self-signed root CA cert used by Kudu IPKI (Internal Private Key Infrastructure, a.k.a. Internal Kudu CA)

Type

int32

Default

2048

Tags

experimental

--ipki_server_cert_expiration_seconds

validity interval for server certificates issued by Kudu IPKI (Internal Private Key Infrastructure, a.k.a. Internal Kudu CA)

Type

int64

Default

315360000

Tags

experimental

--master_client_location_assignment_enabled

Whether masters assign locations to connecting clients. By default they do if the location assignment command is set, but setting this flag to 'false' makes masters assign locations only to tablet servers, not clients.

Type

bool

Default

true

Tags

runtime,advanced

--sentry_require_db_privileges_for_list_tables

Whether Kudu will require database-level privileges to authorize ListTables requests. When set to false, table-level privileges are required for each table. ranger_config_path must not be set if this is set

Type

bool

Default

false

Tags

advanced

--kudu_service_name

The service name of the Kudu server. Must match the service name used for Kudu server of sentry.service.admin.group option in the Sentry server configuration.

Type

string

Default

kudu

Tags

--sentry_privileges_cache_capacity_mb

Capacity for the authz cache, in MiBytes. The cache stores information received from Sentry. A value of 0 means Sentry responses will not be cached.

Type

uint32

Default

256

Tags

advanced

--sentry_privileges_cache_max_scrubbed_entries_per_pass

Maximum number of entries in the privileges cache to process in one pass of the periodic scrubbing task. A value of 0 means there is no limit, i.e. all expired entries, if any, are invalidated every time the scrubbing task runs. Note that the cache is locked while the scrubbing task is running.

Type

uint32

Default

32

Tags

advanced

--sentry_privileges_cache_scrubbing_period_sec

The interval to run the periodic task that scrubs the privileges cache of expired entries. A value of 0 means expired entries are only evicted when inserting new entries into a full cache.

Type

uint32

Default

20

Tags

advanced

--sentry_privileges_cache_ttl_factor

Factor of multiplication for the authz token validity interval defined by --authz_token_validity_seconds flag. The result of the multiplication of this factor and authz token validity defines the TTL of entries in the authz cache.

Type

uint32

Default

10

Tags

advanced

--sentry_service_conn_timeout_seconds

Configures the socket connect timeout, in seconds, for Thrift connections to the Sentry server.

Type

int32

Default

60

Tags

advanced

--sentry_service_kerberos_principal

The service principal of the Sentry server. Must match the primary (user) portion of sentry.service.server.principal option in the Sentry server configuration.

Type

string

Default

sentry

Tags

--sentry_service_max_message_size_bytes

Maximum size of Sentry objects that can be received by the Sentry client in bytes. Must match the value of the sentry.policy.client.thrift.max.message.size option in the Sentry server configuration.

Type

int32

Default

104857600

Tags

advanced

--sentry_service_recv_timeout_seconds

Configures the socket receive timeout, in seconds, for Thrift connections to the Sentry server.

Type

int32

Default

60

Tags

advanced

--sentry_service_retry_count

The number of times that Sentry operations will retry after encountering retriable failures, such as network errors.

Type

int32

Default

1

Tags

advanced

--sentry_service_rpc_addresses

Comma-separated list of RPC addresses of the Sentry service(s). When set, Sentry integration is enabled, fine-grained access control is enforced in the master, and clients are issued authorization tokens. Must match the value of the sentry.service.client.server.rpc-addresses option in the Sentry server configuration.

Type

string

Default

none

Tags

--sentry_service_security_mode

Configures whether Thrift connections to the Sentry server use SASL (Kerberos) security. Must match the value of the ‘sentry.service.security.mode’ option in the Sentry server configuration.

Type

string

Default

kerberos

Tags

--sentry_service_send_timeout_seconds

Configures the socket send timeout, in seconds, for Thrift connections to the Sentry server.

Type

int32

Default

60

Tags

advanced

--server_name

Configures which server namespace the Kudu instance belongs to for defining server-level privileges in Sentry. Used to distinguish a particular Kudu cluster in case of a multi-cluster setup. Must match the value of the hive.sentry.server option in the HiveServer2 configuration, and the value of the --server_name in Impala configuration.

Type

string

Default

server1

Tags

--tserver_unresponsive_timeout_ms

The period of time that a Master can go without receiving a heartbeat from a tablet server before considering it unresponsive. Unresponsive servers are not selected when assigning replicas during table creation or re-replication.

Type

int32

Default

60000

Tags

advanced

--ranger_config_path

Path to directory containing Ranger client configuration. When set, Ranger integration is enabled, fine-grained access control is enforced, and clients are issued authorization tokens. In addition, both --ranger_java_path and --ranger_jar_path flags need to be set properly for Ranger integration to work. The --sentry_service_rpc_addresses flag, which enables Sentry integration, must not be set if this is enabled.

Type

string

Default

none

Tags

--ranger_jar_path

Path to the JAR file containing the Ranger subprocess. If not specified, the default JAR file path is expected to be next to the master binary.

Type

string

Default

none

Tags

--ranger_java_path

Path where the Java binary was installed. If the value isn’t an absolute path (e.g. 'java'), it will be evaluated using the Kudu user’s PATH. If not specified, $JAVA_HOME/bin/java is used. If $JAVA_HOME is not found, Kudu will attempt to find 'java' in the Kudu user’s PATH.

Type

string

Default

none

Tags

--ranger_receiver_fifo_dir

Directory in which to create a fifo used to receive messages from the Ranger subprocess. Existing fifos at this path will be overwritten. If not specified, a fifo will be created in the --ranger_config_path directory.

Type

string

Default

none

Tags

advanced

--rpc_acceptor_listen_backlog

Socket backlog parameter used when listening for RPC connections. This defines the maximum length to which the queue of pending TCP connections inbound to the RPC server may grow. If a connection request arrives when the queue is full, the client may receive an error. Higher values may help the server ride over bursts of new inbound connection requests.

Type

int32

Default

128

Tags

advanced

--rpc_encrypt_loopback_connections

Whether to encrypt data transfer on RPC connections that stay within a single host. Encryption here is likely to offer no additional security benefit since only a local 'root' user could intercept the traffic, and wire encryption does not suitably protect against such an attacker.

Type

bool

Default

false

Tags

advanced

--rpc_trace_negotiation

If enabled, dump traces of all RPC negotiations to the log

Type

bool

Default

false

Tags

experimental,advanced,runtime

--rpc_callback_max_cycles

The maximum number of cycles for which an RPC callback should be allowed to run without emitting a warning. (Advanced debugging option)

Type

int64

Default

100000000

Tags

runtime,advanced

--tcp_keepalive_probe_period_s

The duration in seconds after an outbound connection has gone idle before a TCP keepalive probe is sent to the peer. Set to 0 to disable TCP keepalive probes from being sent.

Type

int32

Default

60

Tags

advanced

--tcp_keepalive_retry_count

The maximum number of keepalive probes sent before declaring the remote end as dead. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

10

Tags

advanced

--tcp_keepalive_retry_period_s

The duration in seconds between successive keepalive probes from an outbound connection if the previous probes are not acknowledged. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

3

Tags

advanced

--remember_clients_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a client for the purpose of caching its responses. After this period without hearing from it, the client is no longer remembered and the memory occupied by its responses is reclaimed. Retries of requests older than 'remember_clients_ttl_ms' are treated as new ones.

Type

int64

Default

3600000

Tags

advanced

--remember_responses_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a response to a specific request for a client. After this period has elapsed, the response may have been garbage collected and the client might get a response indicating the request is STALE.

Type

int64

Default

600000

Tags

advanced

--rpc_dump_all_traces

If true, dump all RPC traces at INFO level

Type

bool

Default

false

Tags

runtime,advanced

--rpc_duration_too_long_ms

Threshold (in milliseconds) above which a RPC is considered too long and its duration and method name are logged at INFO level. The time measured is between when a RPC is accepted and when its call handler completes.

Type

int32

Default

1000

Tags

runtime,advanced

--rpc_max_message_size

The maximum size of a message that any RPC that the server will accept. Must be at least 1MB.

Type

int64

Default

52428800

Tags

runtime,advanced

--use_system_auth_to_local

When enabled, use the system krb5 library to map Kerberos principal names to local (short) usernames. If not enabled, the first component of the principal will be used as the short name. For example, 'kudu/foo.example.com@EXAMPLE' will map to 'kudu'.

Type

bool

Default

true

Tags

advanced

--ipki_server_key_size

the number of bits for server cert’s private key. The server cert is used for TLS connections to and from clients and other servers.

Type

int32

Default

2048

Tags

experimental

--tsk_num_rsa_bits

Number of bits in RSA keys used for token signing.

Type

int32

Default

2048

Tags

experimental

--web_log_bytes

The maximum number of bytes to display on the debug webserver’s log page

Type

int64

Default

1048576

Tags

runtime,advanced

--diagnostics_log_stack_traces_interval_ms

The interval at which the server will a snapshot of its thread stacks to the diagnostics log. In fact, the server will log at a random interval betweeen zero and twice the configured value to avoid biasing samples towards periodic processes which happen exactly on some particular schedule. If this is set to 0, stack traces will be not be periodically logged, but will still be logged on events such as queue overflows. Setting this to a negative value disables stack trace logging entirely.

Type

int32

Default

60000

Tags

experimental,runtime

--rpc_advertised_addresses

Comma-separated list of addresses to advertise externally for RPC connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound RPC addresses specified in --rpc_bind_addresses are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

--rpc_num_acceptors_per_address

Number of RPC acceptor threads for each bound address

Type

int32

Default

1

Tags

advanced

--rpc_num_service_threads

Number of RPC worker threads to run

Type

int32

Default

10

Tags

advanced

--rpc_reuseport

Whether to set the SO_REUSEPORT option on listening RPC sockets.

Type

bool

Default

false

Tags

experimental

--rpc_service_queue_length

Default length of queue for incoming RPC requests

Type

int32

Default

50

Tags

advanced

--gc_tcmalloc_memory_interval_seconds

Interval seconds to GC tcmalloc memory, 0 means disabled.

Type

uint64

Default

30

Tags

runtime,advanced

--max_negotiation_threads

Maximum number of connection negotiation threads.

Type

int32

Default

50

Tags

advanced

--min_negotiation_threads

Minimum number of connection negotiation threads.

Type

int32

Default

0

Tags

advanced

--num_reactor_threads

Number of libev reactor threads to start.

Type

int32

Default

4

Tags

advanced

--rpc_ca_certificate_file

Path to the PEM encoded X509 certificate of the trusted external certificate authority. The provided certificate should be the root issuer of the certificate passed in '--rpc_certificate_file'.

Type

string

Default

none

Tags

experimental

--rpc_certificate_file

Path to a PEM encoded X509 certificate to use for securing RPC connections with SSL/TLS. If set, '--rpc_private_key_file' and '--rpc_ca_certificate_file' must be set as well.

Type

string

Default

none

Tags

experimental

--rpc_default_keepalive_time_ms

If an RPC connection from a client is idle for this amount of time, the server will disconnect the client. Setting this to any negative value keeps connections always alive.

Type

int32

Default

65000

Tags

advanced

--rpc_negotiation_timeout_ms

Timeout for negotiating an RPC connection.

Type

int64

Default

3000

Tags

runtime,advanced

--rpc_private_key_file

Path to a PEM encoded private key paired with the certificate from '--rpc_certificate_file'

Type

string

Default

none

Tags

experimental

--rpc_private_key_password_cmd

A Unix command whose output returns the password used to decrypt the RPC server’s private key file specified in --rpc_private_key_file. If the .PEM key file is not password-protected, this flag does not need to be set. Trailing whitespace will be trimmed before it is used to decrypt the private key.

Type

string

Default

none

Tags

--rpc_tls_ciphers

The cipher suite preferences to use for TLS-secured RPC connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

--rpc_tls_min_protocol

The minimum protocol version to allow when for securing RPC connections with TLS. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

--server_max_open_files

Maximum number of open file descriptors. If 0, Kudu will automatically calculate this value. This is a soft limit

Type

uint64

Default

0

Tags

advanced

--webserver_enabled

Whether to enable the web server on this daemon. NOTE: disabling the web server is also likely to prevent monitoring systems from properly capturing metrics.

Type

bool

Default

true

Tags

advanced

--metrics_log_interval_ms

Interval (in milliseconds) at which the server will dump its metrics to a local log file. The log files are located in the same directory as specified by the -log_dir flag. If this is not a positive value, then metrics logging will be disabled.

Type

int32

Default

60000

Tags

advanced

--webserver_max_post_length_bytes

The maximum length of a POST request that will be accepted by the embedded web server.

Type

int32

Default

1048576

Tags

runtime,advanced

--webserver_x_frame_options

The webserver will add an 'X-Frame-Options' HTTP header with this value to all responses. This can help prevent clickjacking attacks.

Type

string

Default

DENY

Tags

advanced

--webserver_advertised_addresses

Comma-separated list of addresses to advertise externally for HTTP(S) connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound webserver address specified in --webserver_interface and --webserver_port are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

--webserver_authentication_domain

Domain used for debug webserver authentication

Type

string

Default

none

Tags

--webserver_doc_root

Files under <webserver_doc_root> are accessible via the debug webserver. Defaults to $KUDU_HOME/www, or if $KUDU_HOME is not set, disables the document root

Type

string

Default

none

Tags

advanced

--webserver_enable_doc_root

If true, webserver may serve static files from the webserver_doc_root

Type

bool

Default

true

Tags

advanced

--webserver_interface

Interface to start debug webserver on. If blank, webserver binds to 0.0.0.0

Type

string

Default

none

Tags

advanced

--webserver_num_worker_threads

Maximum number of threads to start for handling web server requests

Type

int32

Default

50

Tags

advanced

--webserver_password_file

(Optional) Location of .htpasswd file containing user names and hashed passwords for debug webserver authentication

Type

string

Default

none

Tags

--webserver_tls_ciphers

The cipher suite preferences to use for webserver HTTPS connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

--webserver_tls_min_protocol

The minimum protocol version to allow when for webserver HTTPS connections. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

--subprocess_deadline_checking_interval_ms

Interval in milliseconds at which Kudu will check the deadlines of in-flight calls to the subprocess

Type

int32

Default

50

Tags

advanced,runtime

--subprocess_num_responder_threads

Number of threads that will be dedicated to reading responses from the inbound queue and returning to callers

Type

int32

Default

3

Tags

advanced

--subprocess_queue_full_retry_ms

Number of milliseconds between attempts to enqueue the request to the subprocess

Type

int32

Default

50

Tags

advanced,runtime

--subprocess_request_queue_size_bytes

Maximum size in bytes of the outbound request queue. This is best effort: if a single request is larger than this, it is still added to the queue

Type

int32

Default

4194304

Tags

advanced

--subprocess_response_queue_size_bytes

Maximum size in bytes of the inbound response queue. This is best effort: if a single request is larger than this, it is still added to the queue

Type

int32

Default

4194304

Tags

advanced

--subprocess_timeout_secs

Number of seconds a call to the subprocess is allowed to take before a timeout error is returned to the calling process

Type

int32

Default

15

Tags

advanced

--budgeted_compaction_target_rowset_size

The target size in bytes for DiskRowSets produced by flushes or compactions when the budgeted compaction policy is used.

Type

int64

Default

33554432

Tags

experimental,advanced

--compaction_approximation_ratio

Approximation ratio allowed for optimal compaction calculation. A value of 1.05 indicates that the policy may use an approximate result if it is known to be within 5% of the optimal solution.

Type

double

Default

1.0499999523162842

Tags

experimental,advanced

--compaction_minimum_improvement

The minimum quality for a compaction to run. If a compaction does not improve the average height of DiskRowSets by at least this amount, the compaction will be considered ineligible.

Type

double

Default

0.0099999997764825821

Tags

advanced

--deltafile_default_block_size

Block size for delta files. In the future, this may become configurable on a per-table basis.

Type

int32

Default

32768

Tags

experimental

--deltafile_default_compression_codec

The compression codec used when writing deltafiles.

Type

string

Default

lz4

Tags

experimental

--default_composite_key_index_block_size_bytes

Block size used for composite key indexes.

Type

int32

Default

4096

Tags

experimental

--rowset_metadata_store_keys

Whether to store the min/max encoded keys in the rowset metadata. If false, keys will be read from the data blocks.

Type

bool

Default

false

Tags

experimental

--tablet_delta_store_major_compact_min_ratio

Minimum ratio of sizeof(deltas) to sizeof(base data) before a major compaction can run (Advanced option)

Type

double

Default

0.10000000149011612

Tags

experimental

--tablet_delta_store_minor_compact_max

How many delta stores are required before forcing a minor delta compaction (Advanced option)

Type

int32

Default

1000

Tags

experimental

--compaction_small_rowset_tradeoff

The weight of small rowset compaction compared to height-based compaction. This value must be less than -compaction_minimum_improvement to prevent compaction loops. Only change this if you know what you are doing.

Type

double

Default

0.0089999999999999993

Tags

runtime,experimental,advanced

--tablet_bloom_block_size

Block size of the bloom filters used for tablet keys.

Type

int32

Default

4096

Tags

advanced

--tablet_bloom_target_fp_rate

Target false-positive rate (between 0 and 1) to size tablet key bloom filters. A lower false positive rate may reduce the number of disk seeks required in heavy insert workloads, at the expense of more space and RAM required for bloom filters.

Type

double

Default

9.9999997473787516e-05

Tags

advanced

--tablet_compaction_budget_mb

Budget for a single compaction

Type

int32

Default

128

Tags

experimental

--tablet_throttler_burst_factor

Burst factor for write RPC throttling. The maximum rate the throttler allows within a token refill period (100ms) equals burst factor multiply base rate.

Type

double

Default

1

Tags

experimental

--tablet_throttler_bytes_per_sec

Maximum write RPC IO rate (byte/s) allowed for a tablet, write RPC exceeding this limit will be throttled. 0 means no limit.

Type

int64

Default

0

Tags

experimental

--tablet_throttler_rpc_per_sec

Maximum write RPC rate (op/s) allowed for a tablet, write RPC exceeding this limit will be throttled. 0 means no limit.

Type

int64

Default

0

Tags

experimental

--enable_deleted_rowset_gc

Whether to enable garbage collection of fully deleted rowsets. Disabling deleted rowset garbage collection may increase disk space usage for workloads that involve a high number of deletes. Only deleted rowsets that are entirely considered ancient history (see --tablet_history_max_age_sec) are deleted.

Type

bool

Default

true

Tags

runtime

--flush_threshold_mb

Size at which MemRowSet flushes are triggered. A MRS can still flush below this threshold if it hasn’t flushed in a while, or if the server-wide memory limit has been reached.

Type

int32

Default

1024

Tags

runtime,experimental

--flush_threshold_secs

Number of seconds after which a non-empty MemRowSet will become flushable even if it is not large.

Type

int32

Default

120

Tags

runtime,experimental

--tablet_transaction_memory_limit_mb

Maximum amount of memory that may be consumed by all in-flight transactions belonging to a particular tablet. When this limit is reached, new transactions will be rejected and clients will be forced to retry them. If -1, transaction memory tracking is disabled.

Type

int64

Default

64

Tags

advanced

--heartbeat_incompatible_replica_management_is_fatal

Whether incompatible replica management schemes or unsupported PREPARE_REPLACEMENT_BEFORE_EVICTION feature flag by master are fatal

Type

bool

Default

true

Tags

runtime,advanced

--heartbeat_interval_ms

Interval at which the TS heartbeats to the master.

Type

int32

Default

1000

Tags

advanced

--heartbeat_max_failures_before_backoff

Maximum number of consecutive heartbeat failures until the Tablet Server backs off to the normal heartbeat interval, rather than retrying.

Type

int32

Default

3

Tags

advanced

--heartbeat_rpc_timeout_ms

Timeout used for the TS→Master heartbeat RPCs.

Type

int32

Default

15000

Tags

advanced

--scan_history_count

Number of completed scans to keep history for. Determines how many historical scans will be shown on the tablet server’s scans dashboard.

Type

int32

Default

20

Tags

experimental

--scanner_ttl_ms

Number of milliseconds of inactivity allowed for a scannerbefore it may be expired

Type

int32

Default

60000

Tags

advanced

--tablet_copy_begin_session_timeout_ms

Tablet server RPC client timeout for BeginTabletCopySession calls. Also used for EndTabletCopySession calls.

Type

int32

Default

30000

Tags

advanced

--scanner_batch_size_rows

The number of rows to batch for servicing scan requests.

Type

int32

Default

128

Tags

runtime,advanced

--scanner_default_batch_size_bytes

The default size for batches of scan results

Type

int32

Default

1048576

Tags

runtime,advanced

--scanner_max_batch_size_bytes

The maximum batch size that a client may request for scan results.

Type

int32

Default

8388608

Tags

runtime,advanced

--scanner_max_wait_ms

The maximum amount of time (in milliseconds) we’ll hang a scanner thread waiting for safe time to advance or transactions to commit, even if its deadline allows waiting longer.

Type

int32

Default

1000

Tags

advanced

--tserver_enforce_access_control

If set, the server will apply fine-grained access control rules to client RPCs.

Type

bool

Default

false

Tags

runtime

--num_tablets_to_copy_simultaneously

Number of threads available to copy tablets from remote servers.

Type

int32

Default

10

Tags

advanced

--num_tablets_to_delete_simultaneously

Number of threads available to delete tablets. If this is set to 0 (the default), then the number of delete threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

--num_tablets_to_open_simultaneously

Number of threads available to open tablets during startup. If this is set to 0 (the default), then the number of bootstrap threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

--tablet_state_walk_min_period_ms

Minimum amount of time in milliseconds between walks of the tablet map to update tablet state counts.

Type

int32

Default

1000

Tags

advanced

--update_tablet_stats_interval_ms

Interval at which the tablet statistics should be updated.Should be greater than 'heartbeat_interval_ms'

Type

int32

Default

5000

Tags

advanced

--cloud_aws_instance_id_url

The URL to fetch the identifier of an AWS instance

Type

string

Default

http://169.254.169.254/latest/meta-data/instance-id

Tags

runtime,advanced

--cloud_aws_ntp_server

IP address/FQDN of the internal NTP server to use from within an AWS instance

Type

string

Default

169.254.169.123

Tags

runtime,advanced

--cloud_azure_instance_id_url

The URL to fetch the identifier of an Azure instance

Type

string

Default

http://169.254.169.254/metadata/instance/compute/vmId?api-version=2018-10-01&format=text

Tags

runtime,advanced

--cloud_gce_instance_id_url

The URL to fetch the identifier of a GCE instance

Type

string

Default

http://metadata.google.internal/computeMetadata/v1/instance/id

Tags

runtime,advanced

--cloud_gce_ntp_server

IP address/FQDN of the internal NTP server to use from within a GCE instance

Type

string

Default

metadata.google.internal

Tags

runtime,advanced

--cloud_metadata_server_request_timeout_ms

Timeout for HTTP/HTTPS requests to the instance metadata server (in milliseconds)

Type

uint32

Default

1000

Tags

runtime,advanced

--cloud_openstack_metadata_url

The URL to fetch metadata of an OpenStack instance via Nova metadata service. OpenStack Nova metadata server does not provide a separate URL to fetch instance UUID, at least with 12.0.0 (Liberty) release.

Type

string

Default

http://169.254.169.254/openstack/latest/meta_data.json

Tags

runtime,advanced

--trace_to_console

Trace pattern specifying which trace events should be dumped directly to the console

Type

string

Default

none

Tags

experimental

--crash_on_eio

Kill the process if an I/O operation results in EIO. If false, I/O resulting in EIOs will return the status IOError and leave error-handling up to the caller.

Type

bool

Default

false

Tags

experimental,advanced

--env_use_ioctl_hole_punch_on_xfs

Use the XFS_IOC_UNRESVSP64 ioctl instead of fallocate(2) to punch holes on XFS filesystems.

Type

bool

Default

true

Tags

experimental,advanced

--file_cache_expiry_period_ms

Period of time (in ms) between removing expired file cache descriptors

Type

int32

Default

60000

Tags

advanced

--heap_sample_every_n_bytes

Enable heap occupancy sampling. If this flag is set to some positive value N, a memory allocation will be sampled approximately every N bytes. Lower values of N incur larger overhead but give more accurate results. A value such as 512KB is a reasonable choice with relatively low overhead.

Type

int64

Default

524288

Tags

advanced

--umask

The umask that will be used when creating files and directories. Permissions of top-level data directories will also be modified at start-up to conform to the given umask. Changing this value may enable unauthorized local users to read or modify data stored by Kudu.

Type

string

Default

077

Tags

advanced

--max_log_files

Maximum number of log files to retain per severity level. The most recent log files are retained. If set to 0, all log files are retained.

Type

int32

Default

10

Tags

experimental,runtime

--data_gc_min_size_mb

The (exclusive) minimum number of mebibytes of ancient data on disk, per tablet, needed to prioritize deletion of that data.

Type

int64

Default

0

Tags

experimental

--data_gc_prioritization_prob

The probability that we will prioritize data GC over performance improvement operations. If set to 1.0, we will always prefer to delete old data before running performance improvement operations such as delta compaction.

Type

double

Default

0.5

Tags

experimental

--log_target_replay_size_mb

The target maximum size of logs to be replayed at startup. If a tablet has in-memory operations that are causing more than this size of logs to be retained, then the maintenance manager will prioritize flushing these operations to disk.

Type

int64

Default

1024

Tags

experimental

--maintenance_op_multiplier

Multiplier applied on different priority levels, table maintenance OPs on level N has multiplier of FLAGS_maintenance_op_multiplier^N, the last score will be multiplied by this multiplier. Note: this multiplier is only take effect on compaction OPs

Type

double

Default

1.1000000000000001

Tags

runtime,experimental,advanced

--max_priority_range

Maximal priority range of OPs.

Type

int32

Default

5

Tags

runtime,experimental,advanced

--metrics_retirement_age_ms

The minimum number of milliseconds a metric will be kept for after it is no longer active. (Advanced option)

Type

int32

Default

120000

Tags

advanced,runtime

--dns_resolver_cache_capacity_mb

Capacity of DNS resolver cache, in MiBytes. For each key, the cache stores records returned by getaddrinfo(). A value of 0 means the results of DNS name resolution are not cached.

Type

uint32

Default

1

Tags

advanced

--dns_resolver_cache_ttl_sec

TTL of records in the DNS resolver cache, in seconds.

Type

uint32

Default

15

Tags

advanced

--dns_resolver_max_threads_num

The maximum number of threads to use for async DNS resolution

Type

int32

Default

1

Tags

advanced

--local_ip_for_outbound_sockets

IP to bind to when making outgoing socket connections. This must be an IP address of the form A.B.C.D, not a hostname. Advanced parameter, subject to change.

Type

string

Default

none

Tags

experimental

--nvm_cache_path

The path at which the NVM cache will try to allocate its memory. This can be a tmpfs or ramfs for testing purposes.

Type

string

Default

/pmem

Tags

--nvm_cache_usage_ratio

A ratio to set the usage of nvm cache. The charge of an item in the nvm cache is equal to the results of memkind_malloc_usable_size multiplied by the ratio.

Type

double

Default

1.25

Tags

advanced

--memory_limit_soft_percentage

Percentage of the hard memory limit that this daemon may consume before memory throttling of writes begins. The greater the excess, the higher the chance of throttling. In general, a lower soft limit leads to smoother write latencies but decreased throughput, and vice versa for a higher soft limit.

Type

int32

Default

80

Tags

advanced

--memory_limit_warn_threshold_percentage

Percentage of the hard memory limit that this daemon may consume before WARNING level messages are periodically logged.

Type

int32

Default

98

Tags

advanced

--memory_pressure_percentage

Percentage of the hard memory limit that this daemon may consume before flushing of in-memory data becomes prioritized.

Type

int32

Default

60

Tags

advanced

--tcmalloc_max_free_bytes_percentage

Maximum percentage of the RSS that tcmalloc is allowed to use for reserved but unallocated memory.

Type

int32

Default

10

Tags

advanced

--drop_log_memory

Drop in-memory buffers of log contents. Logs can grow very quickly and they are rarely read before they need to be evicted from memory. Instead, drop them from memory as soon as they are flushed to disk.

Type

bool

Default

true

Tags

runtime,advanced

--log_backtrace_at

Emit a backtrace when logging at file:linenum.

Type

string

Default

none

Tags

advanced

--logbuflevel

Buffer log messages logged at this level or lower (-1 means don’t buffer; 0 means buffer INFO only; …​)

Type

int32

Default

0

Tags

runtime,advanced

--logbufsecs

Buffer log messages for at most this many seconds

Type

int32

Default

5

Tags

runtime,advanced

--logfile_mode

Log file mode/permissions.

Type

int32

Default

436

Tags


kudu-tserver Unsupported Flags

Flags not marked stable or evolving are considered experimental and are unsupported. They are included here for informational purposes only and are subject to being changed or removed without notice.

--block_cache_type

Which type of block cache to use for caching data. Valid choices are 'DRAM' or 'NVM'. DRAM, the default, caches data in regular memory. 'NVM' caches data in a memory-mapped file using the memkind library. To use 'NVM', libmemkind 1.8.0 or newer must be available on the system; otherwise Kudu will crash.

Type

string

Default

DRAM

Tags

--min_compression_ratio

If a column compression codec is configured, but the codec is unable to achieve a compression ratio at least as good as the configured value, then the data will be written uncompressed. This will reduce CPU overhead on the read side at the expense of a small amount of extra space if the codec encounters portions of data that are not easily compressible.

Type

double

Default

0.90000000000000002

Tags

experimental

--cfile_default_block_size

The default block size to use in cfiles

Type

int32

Default

262144

Tags

advanced

--cfile_default_compression_codec

Default cfile block compression codec.

Type

string

Default

no_compression

Tags

advanced

--builtin_ntp_client_bind_address

Local address to bind client UDP socket used to send and receive NTP packets. The default value '0.0.0.0' is equivalent to '0.0.0.0:0' meaning 'bind to all available IPv4 interfaces using ephemeral ports (i.e. port 0)'. It might be useful to customize this flag if getting through a firewall to reach public NTP servers specified by --builtin_ntp_servers.

Type

string

Default

0.0.0.0

Tags

advanced

--builtin_ntp_poll_interval_ms

The time between successive polls of a single NTP server (in milliseconds)

Type

uint32

Default

16000

Tags

runtime,advanced

--builtin_ntp_request_timeout_ms

Timeout for requests sent to NTP servers (in milliseconds)

Type

uint32

Default

3000

Tags

runtime,experimental

--builtin_ntp_true_time_refresh_max_interval_s

Maximum allowed time interval without refreshing computed true time estimation (in seconds)

Type

uint32

Default

3600

Tags

runtime,experimental

--max_clock_sync_error_usec

Maximum allowed clock synchronization error as reported by NTP before the server will abort.

Type

int32

Default

10000000

Tags

runtime,advanced

--codegen_dump_functions

Whether to print the LLVM IR for generated functions

Type

bool

Default

false

Tags

runtime,experimental

--codegen_dump_mc

Whether to dump the disassembly of the machine code for generated functions.

Type

bool

Default

false

Tags

runtime,experimental

--codegen_cache_capacity

Number of entries which may be stored in the code generation cache.

Type

int32

Default

100

Tags

experimental

--codegen_time_compilation

Whether to print time that each code generation request took.

Type

bool

Default

false

Tags

runtime,experimental

--cmeta_force_fsync

Whether fsync() should be called when consensus metadata files are updated

Type

bool

Default

false

Tags

advanced

--consensus_rpc_timeout_ms

Timeout used for all consensus internal RPC communications.

Type

int32

Default

30000

Tags

advanced

--consensus_max_batch_size_bytes

The maximum per-tablet RPC batch size when updating peers.

Type

int32

Default

1048576

Tags

advanced

--follower_unavailable_considered_failed_sec

Seconds that a leader is unable to successfully heartbeat to a follower after which the follower is considered to be failed and evicted from the config.

Type

int32

Default

300

Tags

runtime,advanced

--fs_wal_dir_reserved_bytes

Number of bytes to reserve on the log directory filesystem for non-Kudu usage. The default, which is represented by -1, is that 1% of the disk space on each disk will be reserved. Any other value specified represents the number of bytes reserved and must be greater than or equal to 0. Explicit percentages to reserve are not currently supported

Type

int64

Default

-1

Tags

runtime

--fs_wal_use_file_cache

Whether to use the server-wide file cache for WAL segments and WAL index chunks.

Type

bool

Default

true

Tags

advanced,runtime

--group_commit_queue_size_bytes

Maximum size of the group commit queue in bytes

Type

int32

Default

4194304

Tags

advanced

--log_compression_codec

Codec to use for compressing WAL segments.

Type

string

Default

LZ4

Tags

experimental

--log_max_segments_to_retain

The maximum number of past log segments to keep at all times for the purposes of catching up other peers.

Type

int32

Default

80

Tags

experimental,advanced,runtime

--log_min_segments_to_retain

The minimum number of past log segments to keep at all times, regardless of what is required for durability. Must be at least 1.

Type

int32

Default

1

Tags

advanced,runtime

--global_log_cache_size_limit_mb

Server-wide version of 'log_cache_size_limit_mb'. The total memory used for caching log entries across all tablets is kept under this threshold.

Type

int32

Default

1024

Tags

advanced

--log_cache_size_limit_mb

The total per-tablet size of consensus entries which may be kept in memory. The log cache attempts to keep all entries which have not yet been replicated to all followers in memory, but if the total size of those entries exceeds this limit within an individual tablet, the oldest will be evicted.

Type

int32

Default

128

Tags

advanced

--log_async_preallocate_segments

Whether the WAL segments preallocation should happen asynchronously

Type

bool

Default

true

Tags

advanced

--log_preallocate_segments

Whether the WAL should preallocate the entire segment before writing to it

Type

bool

Default

true

Tags

advanced

--log_segment_size_mb

The default size for log segments, in MB

Type

int32

Default

8

Tags

advanced

--evict_failed_followers

Whether to evict followers from the Raft config that have fallen too far behind the leader’s log to catch up normally or have been unreachable by the leader for longer than follower_unavailable_considered_failed_sec

Type

bool

Default

true

Tags

advanced

--leader_failure_exp_backoff_max_delta_ms

Maximum time to sleep in between leader election retries, in addition to the regular timeout. When leader election fails the interval in between retries increases exponentially, up to this value.

Type

int32

Default

20000

Tags

experimental

--leader_failure_max_missed_heartbeat_periods

Maximum heartbeat periods that the leader can fail to heartbeat in before we consider the leader to be failed. The total failure timeout in milliseconds is raft_heartbeat_interval_ms times leader_failure_max_missed_heartbeat_periods. The value passed to this flag may be fractional.

Type

double

Default

3

Tags

advanced

--raft_enable_pre_election

When enabled, candidates will call a pre-election before running a real leader election.

Type

bool

Default

true

Tags

runtime,experimental

--raft_enable_tombstoned_voting

When enabled, tombstoned tablets may vote in elections.

Type

bool

Default

true

Tags

runtime,experimental

--raft_heartbeat_interval_ms

The heartbeat interval for Raft replication. The leader produces heartbeats to followers at this interval. The followers expect a heartbeat at this interval and consider a leader to have failed if it misses several in a row.

Type

int32

Default

500

Tags

advanced

--raft_prepare_replacement_before_eviction

When enabled, failed replicas will only be evicted after a replacement has been prepared for them.

Type

bool

Default

true

Tags

experimental,advanced

--missed_heartbeats_before_rejecting_snapshot_scans

The maximum raft heartbeat periods since the tablet has seen safe time advanced before refusing scans at snapshots that aren’t yet safe and forcing clients to try again.

Type

double

Default

1.5

Tags

experimental

--safe_time_advancement_without_writes

Whether to enable the advancement of "safe" time in the absense of write operations

Type

bool

Default

true

Tags

advanced

--safe_time_max_lag_ms

The maximum amount of time we allow safe time to lag behind the requested timestampbefore forcing the client to retry, in milliseconds.

Type

int32

Default

30000

Tags

experimental

--block_manager_preflush_control

Controls when to pre-flush a block. Valid values are 'finalize', 'close', or 'never'. If 'finalize', blocks will be pre-flushed when writing is finished. If 'close', blocks will be pre-flushed when their transaction is committed. If 'never', blocks will never be pre-flushed but still be flushed when closed.

Type

string

Default

finalize

Tags

experimental

--fs_max_thread_count_per_data_dir

Maximum work thread per data directory.

Type

uint64

Default

8

Tags

advanced

--block_manager

Which block manager to use for storage. Valid options are 'file' and 'log'. The file block manager is not suitable for production use due to scaling limitations.

Type

string

Default

log

Tags

advanced

--log_block_manager_delete_dead_container

When enabled, full and dead log block containers will be deleted at runtime, which can potentially help improving log block manager startup time

Type

bool

Default

true

Tags

experimental,advanced

--log_container_excess_space_before_cleanup_fraction

Additional fraction of a log container’s calculated size that must be consumed on disk before the container is considered to be inconsistent and subject to excess space cleanup at block manager startup.

Type

double

Default

0.10000000000000001

Tags

advanced

--log_container_live_metadata_before_compact_ratio

Desired ratio of live block metadata in log containers. If a container’s live to total block ratio dips below this value, the container’s metadata file will be compacted at startup.

Type

double

Default

0.5

Tags

experimental

--log_container_max_blocks

Maximum number of blocks (soft) of a log container. Use 0 for no limit. Use -1 for no limit except in the case of a kernel bug with hole punching on ext4 (see KUDU-1508 for details).

Type

int64

Default

-1

Tags

advanced

--log_container_max_size

Maximum size (soft) of a log container

Type

uint64

Default

10737418240

Tags

advanced

--log_container_preallocate_bytes

Number of bytes to preallocate in a log container when creating new blocks. Set to 0 to disable preallocation

Type

uint64

Default

33554432

Tags

advanced

--rpc_acceptor_listen_backlog

Socket backlog parameter used when listening for RPC connections. This defines the maximum length to which the queue of pending TCP connections inbound to the RPC server may grow. If a connection request arrives when the queue is full, the client may receive an error. Higher values may help the server ride over bursts of new inbound connection requests.

Type

int32

Default

128

Tags

advanced

--rpc_encrypt_loopback_connections

Whether to encrypt data transfer on RPC connections that stay within a single host. Encryption here is likely to offer no additional security benefit since only a local 'root' user could intercept the traffic, and wire encryption does not suitably protect against such an attacker.

Type

bool

Default

false

Tags

advanced

--rpc_trace_negotiation

If enabled, dump traces of all RPC negotiations to the log

Type

bool

Default

false

Tags

experimental,advanced,runtime

--rpc_callback_max_cycles

The maximum number of cycles for which an RPC callback should be allowed to run without emitting a warning. (Advanced debugging option)

Type

int64

Default

100000000

Tags

runtime,advanced

--tcp_keepalive_probe_period_s

The duration in seconds after an outbound connection has gone idle before a TCP keepalive probe is sent to the peer. Set to 0 to disable TCP keepalive probes from being sent.

Type

int32

Default

60

Tags

advanced

--tcp_keepalive_retry_count

The maximum number of keepalive probes sent before declaring the remote end as dead. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

10

Tags

advanced

--tcp_keepalive_retry_period_s

The duration in seconds between successive keepalive probes from an outbound connection if the previous probes are not acknowledged. Effective only if --tcp_keepalive_probe_period_s is not 0.

Type

int32

Default

3

Tags

advanced

--remember_clients_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a client for the purpose of caching its responses. After this period without hearing from it, the client is no longer remembered and the memory occupied by its responses is reclaimed. Retries of requests older than 'remember_clients_ttl_ms' are treated as new ones.

Type

int64

Default

3600000

Tags

advanced

--remember_responses_ttl_ms

Maximum amount of time, in milliseconds, the server "remembers" a response to a specific request for a client. After this period has elapsed, the response may have been garbage collected and the client might get a response indicating the request is STALE.

Type

int64

Default

600000

Tags

advanced

--rpc_dump_all_traces

If true, dump all RPC traces at INFO level

Type

bool

Default

false

Tags

runtime,advanced

--rpc_duration_too_long_ms

Threshold (in milliseconds) above which a RPC is considered too long and its duration and method name are logged at INFO level. The time measured is between when a RPC is accepted and when its call handler completes.

Type

int32

Default

1000

Tags

runtime,advanced

--rpc_max_message_size

The maximum size of a message that any RPC that the server will accept. Must be at least 1MB.

Type

int64

Default

52428800

Tags

runtime,advanced

--use_system_auth_to_local

When enabled, use the system krb5 library to map Kerberos principal names to local (short) usernames. If not enabled, the first component of the principal will be used as the short name. For example, 'kudu/foo.example.com@EXAMPLE' will map to 'kudu'.

Type

bool

Default

true

Tags

advanced

--ipki_server_key_size

the number of bits for server cert’s private key. The server cert is used for TLS connections to and from clients and other servers.

Type

int32

Default

2048

Tags

experimental

--web_log_bytes

The maximum number of bytes to display on the debug webserver’s log page

Type

int64

Default

1048576

Tags

runtime,advanced

--diagnostics_log_stack_traces_interval_ms

The interval at which the server will a snapshot of its thread stacks to the diagnostics log. In fact, the server will log at a random interval betweeen zero and twice the configured value to avoid biasing samples towards periodic processes which happen exactly on some particular schedule. If this is set to 0, stack traces will be not be periodically logged, but will still be logged on events such as queue overflows. Setting this to a negative value disables stack trace logging entirely.

Type

int32

Default

60000

Tags

experimental,runtime

--rpc_advertised_addresses

Comma-separated list of addresses to advertise externally for RPC connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound RPC addresses specified in --rpc_bind_addresses are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

--rpc_num_acceptors_per_address

Number of RPC acceptor threads for each bound address

Type

int32

Default

1

Tags

advanced

--rpc_num_service_threads

Number of RPC worker threads to run

Type

int32

Default

20

Tags

advanced

--rpc_reuseport

Whether to set the SO_REUSEPORT option on listening RPC sockets.

Type

bool

Default

false

Tags

experimental

--rpc_service_queue_length

Default length of queue for incoming RPC requests

Type

int32

Default

50

Tags

advanced

--gc_tcmalloc_memory_interval_seconds

Interval seconds to GC tcmalloc memory, 0 means disabled.

Type

uint64

Default

30

Tags

runtime,advanced

--max_negotiation_threads

Maximum number of connection negotiation threads.

Type

int32

Default

50

Tags

advanced

--min_negotiation_threads

Minimum number of connection negotiation threads.

Type

int32

Default

0

Tags

advanced

--num_reactor_threads

Number of libev reactor threads to start.

Type

int32

Default

4

Tags

advanced

--rpc_ca_certificate_file

Path to the PEM encoded X509 certificate of the trusted external certificate authority. The provided certificate should be the root issuer of the certificate passed in '--rpc_certificate_file'.

Type

string

Default

none

Tags

experimental

--rpc_certificate_file

Path to a PEM encoded X509 certificate to use for securing RPC connections with SSL/TLS. If set, '--rpc_private_key_file' and '--rpc_ca_certificate_file' must be set as well.

Type

string

Default

none

Tags

experimental

--rpc_default_keepalive_time_ms

If an RPC connection from a client is idle for this amount of time, the server will disconnect the client. Setting this to any negative value keeps connections always alive.

Type

int32

Default

65000

Tags

advanced

--rpc_negotiation_timeout_ms

Timeout for negotiating an RPC connection.

Type

int64

Default

3000

Tags

runtime,advanced

--rpc_private_key_file

Path to a PEM encoded private key paired with the certificate from '--rpc_certificate_file'

Type

string

Default

none

Tags

experimental

--rpc_private_key_password_cmd

A Unix command whose output returns the password used to decrypt the RPC server’s private key file specified in --rpc_private_key_file. If the .PEM key file is not password-protected, this flag does not need to be set. Trailing whitespace will be trimmed before it is used to decrypt the private key.

Type

string

Default

none

Tags

--rpc_tls_ciphers

The cipher suite preferences to use for TLS-secured RPC connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

--rpc_tls_min_protocol

The minimum protocol version to allow when for securing RPC connections with TLS. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

--server_max_open_files

Maximum number of open file descriptors. If 0, Kudu will automatically calculate this value. This is a soft limit

Type

uint64

Default

0

Tags

advanced

--webserver_enabled

Whether to enable the web server on this daemon. NOTE: disabling the web server is also likely to prevent monitoring systems from properly capturing metrics.

Type

bool

Default

true

Tags

advanced

--metrics_log_interval_ms

Interval (in milliseconds) at which the server will dump its metrics to a local log file. The log files are located in the same directory as specified by the -log_dir flag. If this is not a positive value, then metrics logging will be disabled.

Type

int32

Default

60000

Tags

advanced

--webserver_max_post_length_bytes

The maximum length of a POST request that will be accepted by the embedded web server.

Type

int32

Default

1048576

Tags

runtime,advanced

--webserver_x_frame_options

The webserver will add an 'X-Frame-Options' HTTP header with this value to all responses. This can help prevent clickjacking attacks.

Type

string

Default

DENY

Tags

advanced

--webserver_advertised_addresses

Comma-separated list of addresses to advertise externally for HTTP(S) connections. Ephemeral ports (i.e. port 0) are not allowed. This should be configured when the locally bound webserver address specified in --webserver_interface and --webserver_port are not externally resolvable, for example, if Kudu is deployed in a container.

Type

string

Default

none

Tags

advanced

--webserver_authentication_domain

Domain used for debug webserver authentication

Type

string

Default

none

Tags

--webserver_doc_root

Files under <webserver_doc_root> are accessible via the debug webserver. Defaults to $KUDU_HOME/www, or if $KUDU_HOME is not set, disables the document root

Type

string

Default

none

Tags

advanced

--webserver_enable_doc_root

If true, webserver may serve static files from the webserver_doc_root

Type

bool

Default

true

Tags

advanced

--webserver_interface

Interface to start debug webserver on. If blank, webserver binds to 0.0.0.0

Type

string

Default

none

Tags

advanced

--webserver_num_worker_threads

Maximum number of threads to start for handling web server requests

Type

int32

Default

50

Tags

advanced

--webserver_password_file

(Optional) Location of .htpasswd file containing user names and hashed passwords for debug webserver authentication

Type

string

Default

none

Tags

--webserver_tls_ciphers

The cipher suite preferences to use for webserver HTTPS connections. Uses the OpenSSL cipher preference list format. See man (1) ciphers for more information.

Type

string

Default

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Tags

advanced

--webserver_tls_min_protocol

The minimum protocol version to allow when for webserver HTTPS connections. May be one of 'TLSv1', 'TLSv1.1', or 'TLSv1.2'.

Type

string

Default

TLSv1

Tags

advanced

--budgeted_compaction_target_rowset_size

The target size in bytes for DiskRowSets produced by flushes or compactions when the budgeted compaction policy is used.

Type

int64

Default

33554432

Tags

experimental,advanced

--compaction_approximation_ratio

Approximation ratio allowed for optimal compaction calculation. A value of 1.05 indicates that the policy may use an approximate result if it is known to be within 5% of the optimal solution.

Type

double

Default

1.0499999523162842

Tags

experimental,advanced

--compaction_minimum_improvement

The minimum quality for a compaction to run. If a compaction does not improve the average height of DiskRowSets by at least this amount, the compaction will be considered ineligible.

Type

double

Default

0.0099999997764825821

Tags

advanced

--deltafile_default_block_size

Block size for delta files. In the future, this may become configurable on a per-table basis.

Type

int32

Default

32768

Tags

experimental

--deltafile_default_compression_codec

The compression codec used when writing deltafiles.

Type

string

Default

lz4

Tags

experimental

--default_composite_key_index_block_size_bytes

Block size used for composite key indexes.

Type

int32

Default

4096

Tags

experimental

--rowset_metadata_store_keys

Whether to store the min/max encoded keys in the rowset metadata. If false, keys will be read from the data blocks.

Type

bool

Default

false

Tags

experimental

--tablet_delta_store_major_compact_min_ratio

Minimum ratio of sizeof(deltas) to sizeof(base data) before a major compaction can run (Advanced option)

Type

double

Default

0.10000000149011612

Tags

experimental

--tablet_delta_store_minor_compact_max

How many delta stores are required before forcing a minor delta compaction (Advanced option)

Type

int32

Default

1000

Tags

experimental

--compaction_small_rowset_tradeoff

The weight of small rowset compaction compared to height-based compaction. This value must be less than -compaction_minimum_improvement to prevent compaction loops. Only change this if you know what you are doing.

Type

double

Default

0.0089999999999999993

Tags

runtime,experimental,advanced

--tablet_bloom_block_size

Block size of the bloom filters used for tablet keys.

Type

int32

Default

4096

Tags

advanced

--tablet_bloom_target_fp_rate

Target false-positive rate (between 0 and 1) to size tablet key bloom filters. A lower false positive rate may reduce the number of disk seeks required in heavy insert workloads, at the expense of more space and RAM required for bloom filters.

Type

double

Default

9.9999997473787516e-05

Tags

advanced

--tablet_compaction_budget_mb

Budget for a single compaction

Type

int32

Default

128

Tags

experimental

--tablet_throttler_burst_factor

Burst factor for write RPC throttling. The maximum rate the throttler allows within a token refill period (100ms) equals burst factor multiply base rate.

Type

double

Default

1

Tags

experimental

--tablet_throttler_bytes_per_sec

Maximum write RPC IO rate (byte/s) allowed for a tablet, write RPC exceeding this limit will be throttled. 0 means no limit.

Type

int64

Default

0

Tags

experimental

--tablet_throttler_rpc_per_sec

Maximum write RPC rate (op/s) allowed for a tablet, write RPC exceeding this limit will be throttled. 0 means no limit.

Type

int64

Default

0

Tags

experimental

--enable_deleted_rowset_gc

Whether to enable garbage collection of fully deleted rowsets. Disabling deleted rowset garbage collection may increase disk space usage for workloads that involve a high number of deletes. Only deleted rowsets that are entirely considered ancient history (see --tablet_history_max_age_sec) are deleted.

Type

bool

Default

true

Tags

runtime

--flush_threshold_mb

Size at which MemRowSet flushes are triggered. A MRS can still flush below this threshold if it hasn’t flushed in a while, or if the server-wide memory limit has been reached.

Type

int32

Default

1024

Tags

runtime,experimental

--flush_threshold_secs

Number of seconds after which a non-empty MemRowSet will become flushable even if it is not large.

Type

int32

Default

120

Tags

runtime,experimental

--tablet_transaction_memory_limit_mb

Maximum amount of memory that may be consumed by all in-flight transactions belonging to a particular tablet. When this limit is reached, new transactions will be rejected and clients will be forced to retry them. If -1, transaction memory tracking is disabled.

Type

int64

Default

64

Tags

advanced

--heartbeat_incompatible_replica_management_is_fatal

Whether incompatible replica management schemes or unsupported PREPARE_REPLACEMENT_BEFORE_EVICTION feature flag by master are fatal

Type

bool

Default

true

Tags

runtime,advanced

--heartbeat_interval_ms

Interval at which the TS heartbeats to the master.

Type

int32

Default

1000

Tags

advanced

--heartbeat_max_failures_before_backoff

Maximum number of consecutive heartbeat failures until the Tablet Server backs off to the normal heartbeat interval, rather than retrying.

Type

int32

Default

3

Tags

advanced

--heartbeat_rpc_timeout_ms

Timeout used for the TS→Master heartbeat RPCs.

Type

int32

Default

15000

Tags

advanced

--scan_history_count

Number of completed scans to keep history for. Determines how many historical scans will be shown on the tablet server’s scans dashboard.

Type

int32

Default

20

Tags

experimental

--scanner_ttl_ms

Number of milliseconds of inactivity allowed for a scannerbefore it may be expired

Type

int32

Default

60000

Tags

advanced

--tablet_copy_begin_session_timeout_ms

Tablet server RPC client timeout for BeginTabletCopySession calls. Also used for EndTabletCopySession calls.

Type

int32

Default

30000

Tags

advanced

--scanner_batch_size_rows

The number of rows to batch for servicing scan requests.

Type

int32

Default

128

Tags

runtime,advanced

--scanner_default_batch_size_bytes

The default size for batches of scan results

Type

int32

Default

1048576

Tags

runtime,advanced

--scanner_max_batch_size_bytes

The maximum batch size that a client may request for scan results.

Type

int32

Default

8388608

Tags

runtime,advanced

--scanner_max_wait_ms

The maximum amount of time (in milliseconds) we’ll hang a scanner thread waiting for safe time to advance or transactions to commit, even if its deadline allows waiting longer.

Type

int32

Default

1000

Tags

advanced

--tserver_enforce_access_control

If set, the server will apply fine-grained access control rules to client RPCs.

Type

bool

Default

false

Tags

runtime

--num_tablets_to_copy_simultaneously

Number of threads available to copy tablets from remote servers.

Type

int32

Default

10

Tags

advanced

--num_tablets_to_delete_simultaneously

Number of threads available to delete tablets. If this is set to 0 (the default), then the number of delete threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

--num_tablets_to_open_simultaneously

Number of threads available to open tablets during startup. If this is set to 0 (the default), then the number of bootstrap threads will be set based on the number of data directories. If the data directories are on some very fast storage device such as SSD or a RAID array, it may make sense to manually tune this.

Type

int32

Default

0

Tags

advanced

--tablet_state_walk_min_period_ms

Minimum amount of time in milliseconds between walks of the tablet map to update tablet state counts.

Type

int32

Default

1000

Tags

advanced

--update_tablet_stats_interval_ms

Interval at which the tablet statistics should be updated.Should be greater than 'heartbeat_interval_ms'

Type

int32

Default

5000

Tags

advanced

--cloud_aws_instance_id_url

The URL to fetch the identifier of an AWS instance

Type

string

Default

http://169.254.169.254/latest/meta-data/instance-id

Tags

runtime,advanced

--cloud_aws_ntp_server

IP address/FQDN of the internal NTP server to use from within an AWS instance

Type

string

Default

169.254.169.123

Tags

runtime,advanced

--cloud_azure_instance_id_url

The URL to fetch the identifier of an Azure instance

Type

string

Default

http://169.254.169.254/metadata/instance/compute/vmId?api-version=2018-10-01&format=text

Tags

runtime,advanced

--cloud_gce_instance_id_url

The URL to fetch the identifier of a GCE instance

Type

string

Default

http://metadata.google.internal/computeMetadata/v1/instance/id

Tags

runtime,advanced

--cloud_gce_ntp_server

IP address/FQDN of the internal NTP server to use from within a GCE instance

Type

string

Default

metadata.google.internal

Tags

runtime,advanced

--cloud_metadata_server_request_timeout_ms

Timeout for HTTP/HTTPS requests to the instance metadata server (in milliseconds)

Type

uint32

Default

1000

Tags

runtime,advanced

--cloud_openstack_metadata_url

The URL to fetch metadata of an OpenStack instance via Nova metadata service. OpenStack Nova metadata server does not provide a separate URL to fetch instance UUID, at least with 12.0.0 (Liberty) release.

Type

string

Default

http://169.254.169.254/openstack/latest/meta_data.json

Tags

runtime,advanced

--trace_to_console

Trace pattern specifying which trace events should be dumped directly to the console

Type

string

Default

none

Tags

experimental

--crash_on_eio

Kill the process if an I/O operation results in EIO. If false, I/O resulting in EIOs will return the status IOError and leave error-handling up to the caller.

Type

bool

Default

false

Tags

experimental,advanced

--env_use_ioctl_hole_punch_on_xfs

Use the XFS_IOC_UNRESVSP64 ioctl instead of fallocate(2) to punch holes on XFS filesystems.

Type

bool

Default

true

Tags

experimental,advanced

--file_cache_expiry_period_ms

Period of time (in ms) between removing expired file cache descriptors

Type

int32

Default

60000

Tags

advanced

--heap_sample_every_n_bytes

Enable heap occupancy sampling. If this flag is set to some positive value N, a memory allocation will be sampled approximately every N bytes. Lower values of N incur larger overhead but give more accurate results. A value such as 512KB is a reasonable choice with relatively low overhead.

Type

int64

Default

524288

Tags

advanced

--umask

The umask that will be used when creating files and directories. Permissions of top-level data directories will also be modified at start-up to conform to the given umask. Changing this value may enable unauthorized local users to read or modify data stored by Kudu.

Type

string

Default

077

Tags

advanced

--max_log_files

Maximum number of log files to retain per severity level. The most recent log files are retained. If set to 0, all log files are retained.

Type

int32

Default

10

Tags

experimental,runtime

--data_gc_min_size_mb

The (exclusive) minimum number of mebibytes of ancient data on disk, per tablet, needed to prioritize deletion of that data.

Type

int64

Default

0

Tags

experimental

--data_gc_prioritization_prob

The probability that we will prioritize data GC over performance improvement operations. If set to 1.0, we will always prefer to delete old data before running performance improvement operations such as delta compaction.

Type

double

Default

0.5

Tags

experimental

--log_target_replay_size_mb

The target maximum size of logs to be replayed at startup. If a tablet has in-memory operations that are causing more than this size of logs to be retained, then the maintenance manager will prioritize flushing these operations to disk.

Type

int64

Default

1024

Tags

experimental

--maintenance_op_multiplier

Multiplier applied on different priority levels, table maintenance OPs on level N has multiplier of FLAGS_maintenance_op_multiplier^N, the last score will be multiplied by this multiplier. Note: this multiplier is only take effect on compaction OPs

Type

double

Default

1.1000000000000001

Tags

runtime,experimental,advanced

--max_priority_range

Maximal priority range of OPs.

Type

int32

Default

5

Tags

runtime,experimental,advanced

--metrics_retirement_age_ms

The minimum number of milliseconds a metric will be kept for after it is no longer active. (Advanced option)

Type

int32

Default

120000

Tags

advanced,runtime

--dns_resolver_cache_capacity_mb

Capacity of DNS resolver cache, in MiBytes. For each key, the cache stores records returned by getaddrinfo(). A value of 0 means the results of DNS name resolution are not cached.

Type

uint32

Default

1

Tags

advanced

--dns_resolver_cache_ttl_sec

TTL of records in the DNS resolver cache, in seconds.

Type

uint32

Default

15

Tags

advanced

--dns_resolver_max_threads_num

The maximum number of threads to use for async DNS resolution

Type

int32

Default

1

Tags

advanced

--local_ip_for_outbound_sockets

IP to bind to when making outgoing socket connections. This must be an IP address of the form A.B.C.D, not a hostname. Advanced parameter, subject to change.

Type

string

Default

none

Tags

experimental

--nvm_cache_path

The path at which the NVM cache will try to allocate its memory. This can be a tmpfs or ramfs for testing purposes.

Type

string

Default

/pmem

Tags

--nvm_cache_usage_ratio

A ratio to set the usage of nvm cache. The charge of an item in the nvm cache is equal to the results of memkind_malloc_usable_size multiplied by the ratio.

Type

double

Default

1.25

Tags

advanced

--memory_limit_soft_percentage

Percentage of the hard memory limit that this daemon may consume before memory throttling of writes begins. The greater the excess, the higher the chance of throttling. In general, a lower soft limit leads to smoother write latencies but decreased throughput, and vice versa for a higher soft limit.

Type

int32

Default

80

Tags

advanced

--memory_limit_warn_threshold_percentage

Percentage of the hard memory limit that this daemon may consume before WARNING level messages are periodically logged.

Type

int32

Default

98

Tags

advanced

--memory_pressure_percentage

Percentage of the hard memory limit that this daemon may consume before flushing of in-memory data becomes prioritized.

Type

int32

Default

60

Tags

advanced

--tcmalloc_max_free_bytes_percentage

Maximum percentage of the RSS that tcmalloc is allowed to use for reserved but unallocated memory.

Type

int32

Default

10

Tags

advanced

--drop_log_memory

Drop in-memory buffers of log contents. Logs can grow very quickly and they are rarely read before they need to be evicted from memory. Instead, drop them from memory as soon as they are flushed to disk.

Type

bool

Default

true

Tags

runtime,advanced

--log_backtrace_at

Emit a backtrace when logging at file:linenum.

Type

string

Default

none

Tags

advanced

--logbuflevel

Buffer log messages logged at this level or lower (-1 means don’t buffer; 0 means buffer INFO only; …​)

Type

int32

Default

0

Tags

runtime,advanced

--logbufsecs

Buffer log messages for at most this many seconds

Type

int32

Default

5

Tags

runtime,advanced

--logfile_mode

Log file mode/permissions.

Type

int32

Default

436

Tags