MainTargetsDoris

Apache Doris Setup

Prerequisites

  • Supported Apache Doris Distributions
    • VeloDB Cloud
    • Apache Doris 4.0 or higher

      Cluster Topology

      The connector talks to the Frontend HTTP endpoint and follows Stream Load redirects to Backends. The machine running Supermetal must reach both FE and BE. If either is blocked, snapshot and CDC ingest will fail.

  • Database Admin Access. An account with Admin_priv (typically the built-in root). The setup steps below issue CREATE USER, CREATE DATABASE, and GRANT, which require this privilege.
  • Network Connectivity. Open inbound access from Supermetal to:
    • FE HTTP (default 8030). Stream Load entry point. Issues a 307 redirect to a BE.
    • BE HTTP (default 8040). The client follows the 307 directly to the BE holding the target tablet.
    • FE MySQL (default 9030). SQL, schema reflection, and INSERT WITH LABEL via the S3 TVF path. Override via fe_mysql_port.

Setup

Create a user & grant permissions

Connect to a Frontend

Log in to any FE as root (or another account with Admin_priv) using the MySQL protocol on port 9030.

mysql -h <fe-host> -P 9030 -u root -p

Create a user

CREATE USER 'supermetal_user' IDENTIFIED BY 'strong-password';

Create the target database

CREATE DATABASE IF NOT EXISTS target_database;

Grant privileges

GRANT SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV, DELETE_PRIV
  ON target_database.*
  TO 'supermetal_user';

Connection details

You'll need the following to configure the target in Supermetal.

  • Frontend HTTP URL (for example http://fe.example.internal:8030, or https://...:8030 if you've fronted FE with TLS)
  • Username and password you created above
  • Target database name

Multiple Frontends

If you run more than one FE, point Supermetal at a single URL behind a load balancer. The connector follows Stream Load's 307 redirects to BEs on its own. FE failover should be handled by your LB, not by listing FEs individually.

TLS / mTLS

For HTTPS endpoints, optionally set ssl_root_cert (private CA) and ssl_client_cert_pem + ssl_client_key_pem (mTLS). The same SSL config is applied to both the Stream Load HTTP client and the MySQL client.

Open the SQL editor

Log in to VeloDB Cloud and open the SQL editor for your warehouse. Cloud warehouses expose a MySQL-compatible endpoint. The same DDL works on the web console or any MySQL client pointed at port 9030.

Create a user

CREATE USER 'supermetal_user' IDENTIFIED BY 'strong-password';

Create the target database

CREATE DATABASE IF NOT EXISTS target_database;

Grant privileges

GRANT SELECT_PRIV, LOAD_PRIV, ALTER_PRIV, CREATE_PRIV, DELETE_PRIV
  ON target_database.*
  TO 'supermetal_user';

Connection details

You'll need the following to configure the target in Supermetal.

  • Frontend HTTP(S) URL (for example https://<warehouse-id>.cloud.velodb.io:8030)
  • Username and password you created above
  • Target database name

IP Allowlist

VeloDB Cloud restricts inbound traffic by default. From the warehouse settings, add the public IP (or VPC peering range) of the machine running Supermetal to the allowlist for both the FE HTTP port and the BE HTTP port.

Last updated on

On this page

PrerequisitesSetupCreate a user & grant permissions