summarylogtreecommitdiffstats
path: root/pd.toml
blob: bb261328836dc0a57304352c28297aeede6d90d4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195

# PD Configuration.

name = "pd"
data-dir = "/var/lib/pd"

client-urls = "http://127.0.0.1:2379"
## if not set, use ${client-urls}
advertise-client-urls = ""

peer-urls = "http://127.0.0.1:2380"
## if not set, use ${peer-urls}
advertise-peer-urls = ""

initial-cluster = "pd=http://127.0.0.1:2380"
initial-cluster-state = "new"

## set different tokens to prevent communication between PDs in different clusters.
# initial-cluster-token = "pd-cluster"

lease = 3
tso-save-interval = "3s"

## Make sure you set the "zone" label for this PD server before enabling its Local TSO service.
# enable-local-tso = true

enable-prevote = true

[labels]
## This means **this** PD server belongs to data center "dc-1". Setting it alone won't have any effect.
## It should be used with enable-local-tso together if you want to make the Local TSO function work.
# zone="dc-1"

[security]
## Path of file that contains list of trusted SSL CAs. if set, following four settings shouldn't be empty
cacert-path = ""
## Path of file that contains X509 certificate in PEM format.
cert-path = ""
## Path of file that contains X509 key in PEM format.
key-path = ""

cert-allowed-cn = ["example.com"]

[security.encryption]
## Encryption method to use for PD data. One of "plaintext", "aes128-ctr", "aes192-ctr" and "aes256-ctr".
## Defaults to "plaintext" if not set.
# data-encryption-method = "plaintext"
## Specifies how often PD rotates data encryption key. Default is 7 days.
# data-key-rotation-period = "168h"

## Specifies master key if encryption is enabled. There are three types of master key:
##
##   * "plaintext":
##
##     Plaintext as master key means no master key is given and only applicable when
##     encryption is not enabled, i.e. data-encryption-method = "plaintext". This type doesn't
##     have sub-config items. Example:
##     
##     [security.encryption.master-key]
##     type = "plaintext"
##
##   * "kms":
##
##     Use a KMS service to supply master key. Currently only AWS KMS is supported. This type of
##     master key is recommended for production use. Example:
##
##     [security.encryption.master-key]
##     type = "kms"
##     ## KMS CMK key id. Must be a valid KMS CMK where the TiKV process has access to.
##     ## In production is recommended to grant access of the CMK to TiKV using IAM.
##     key-id = "1234abcd-12ab-34cd-56ef-1234567890ab"
##     ## AWS region of the KMS CMK.
##     region = "us-west-2"
##     ## (Optional) AWS KMS service endpoint. Only required when non-default KMS endpoint is
##     ## desired.
##     endpoint = "https://kms.us-west-2.amazonaws.com"
##
##   * "file":
##
##     Supply a custom encryption key stored in a file. It is recommended NOT to use in production,
##     as it breaks the purpose of encryption at rest, unless the file is stored in tempfs.
##     The file must contain a 256-bits (32 bytes, regardless of key length implied by 
##     data-encryption-method) key encoded as hex string and end with newline ("\n"). Example:
##
##     [security.encryption.master-key]
##     type = "file"
##     path = "/path/to/master/key/file"
# [security.encryption.master-key]
# type = "plaintext"

[log]
level = "info"

## log format, one of json, text, console
# format = "text"

## disable automatic timestamps in output
# disable-timestamp = false

# file logging
[log.file]
# filename = ""
## max log file size in MB
# max-size = 300
## max log file keep days
# max-days = 28
## maximum number of old log files to retain
# max-backups = 7

[metric]
## prometheus client push interval, set "0s" to disable prometheus.
interval = "15s"
## prometheus pushgateway address, leaves it empty will disable prometheus.
address = ""

[pd-server]
## the metric storage is the cluster metric storage. This is use for query metric data.
## Currently we use prometheus as metric storage, we may use PD/TiKV as metric storage later.
## For usability, recommended to temporarily set it to the prometheus address, eg: http://127.0.0.1:9090
metric-storage = ""

[schedule]
max-merge-region-size = 20
max-merge-region-keys = 200000
split-merge-interval = "1h"
max-snapshot-count = 3
max-pending-peer-count = 16
max-store-down-time = "30m"
leader-schedule-limit = 4
region-schedule-limit = 2048
replica-schedule-limit = 64
merge-schedule-limit = 8
hot-region-schedule-limit = 4
## There are some policies supported: ["count", "size"], default: "count"
# leader-schedule-policy = "count"
## When the score difference between the leader or Region of the two stores is
## less than specified multiple times of the Region size, it is considered in balance by PD.
## If it equals 0.0, PD will automatically adjust it.
# tolerant-size-ratio = 0.0

## This three parameters control the merge scheduler behavior.
## If it is true, it means a region can only be merged into the next region of it.
# enable-one-way-merge = false
## If it is true, it means two region within different tables can be merged.
## This option only works when key type is "table".
# enable-cross-table-merge = false

## customized schedulers, the format is as below
## if empty, it will use balance-leader, balance-region, hot-region as default
# [[schedule.schedulers]]
# type = "evict-leader"
# args = ["1"]

[replication]
## The number of replicas for each region.
max-replicas = 3
## The label keys specified the location of a store.
## The placement priorities is implied by the order of label keys.
## For example, ["zone", "rack"] means that we should place replicas to
## different zones first, then to different racks if we don't have enough zones.
location-labels = []
## Strictly checks if the label of TiKV is matched with location labels.
# strictly-match-label = false

[label-property]
## Do not assign region leaders to stores that have these tags.
# [[label-property.reject-leader]]
# key = "zone"
# value = "cn1

[dashboard]
## Configurations below are for the TiDB Dashboard embedded in the PD.

## The path of the CA certificate used to verify the TiDB server in TLS.
# tidb-cacert-path = ""
## The path of the certificate used to connect to TiDB server in TLS.
# tidb-cert-path = ""
## The path of the certificate private key.
# tidb-key-path = ""

## The public path prefix to serve Dashboard urls. It can be set when Dashboard
## is running behind a reverse proxy. Do not configure it if you access
## Dashboard directly.
# public-path-prefix = "/dashboard"

## When enabled, request will be proxied to the instance running Dashboard
## internally instead of result in a 307 redirection.
# internal-proxy = false

## When enabled, usage data will be sent to PingCAP for improving user experience.
# enable-telemetry = true

## When enabled, experimental TiDB Dashboard features will be available.
## These features are incomplete or not well tested. Suggest not to enable in
## production.
# enable-experimental = false