Cluster configuration files

cluster.cnf files are used to configure basic Deephaven installations. These settings define the Deephaven cluster topology.

Warning

You should treat the cluster configuration file as critical source code and protect it under source control.

File structure

Format

Cluster configuration files consist of two main sections: basic configuration and node definition. The format of the cluster.cnf file is very strict. Variables must be defined in uppercase letters, with no spaces between the declaration and the assignment. Values can be either single token values or enclosed in double quotes. Note that Unicode “smart” quotes are not permitted, and the use of the 'export' command is also not allowed.

Note

The first time you run the installation generator, the cluster configuration file will be updated with the default values for unspecified options.

# Comments are allowed in Java properties and bash
DH_SOME_KEY=good
DH_OTHER_KEY="also good"

# Now, some bad examples:
// illegal comment
DH_BAD_KEY = badSpace
DH_ALSO_BAD=also bad space
DH_SMART_QUOTES=”bad: no ‘smart’ quotes”
DH_SINGLE_QUOTE='bad: must use double quote'
export SOMETHING="bad: java properties cannot export"

Basic Configuration

The basic configuration section defines the parameters of the installation:

  • Deephaven system version
  • Java JDK version
  • Service User definition
  • OS
  • Python configuration
  • Envoy configuration
  • The fully qualified domain name suffix
  • Installation directories

Below is an example of a minimum set of configurations for an example cluster.

# The name of the cluster
DH_CLUSTER_NAME="dh-example-cluster"

# The local directory containing the installation files
DH_LOCAL_DIR="/tmp/dh/install"

# The directory on each host to upload and run the installation from
DH_REMOTE_DIR="/tmp/dh/install"

# The Deephaven version being installed
DH_VERSION="1.20240517.245"

# The root of the domain of the hosts
DH_DOMAIN_ROOT="mydomain.com"

# The Java version being used
DH_JAVA_VERSION="jdk17"

# Set to true to allow the installer to automatically update the sudoers file with the proper rules.
DH_MODIFY_ETC_SUDOERS="true"

# Replace this user with the service account username (the user that will run the installation)
DH_SSH_USER=dh_service

# The operating system used on server machines
DH_OS="rocky9"

# Set to true to install Deephaven Python integration, including venv update and setup.
DH_PYTHON="true"

# Set this to the version of Python you have installed. See the support matrix for supported versions.
DH_PYTHON_VERSION="3.10"

# Set to true to configure Envoy automatically.
# Note that you must install Envoy separately. See the documentation for more information
DH_CONFIGURE_ENVOY="false"

# Comment out this line to allow the installer to download and install missing requirements.
#  For example, if the requested Python version is not detected, the installer will download,
#  build, and install the correct version of Python on each node.
DH_OFFLINE=true

Node configuration

Note

For a more complete definition of the different classes of Deephaven nodes, see the planning guide

The node configuration section defines the cluster topology. Include a section defining each cluster node, their names, and roles. Each node is assigned a numbered prefix, for example, DH_NODE_1_, which is then used to define the configuration of that node. You must define at least one node that acts as an Infrastructure node. For example, a simple single-node cluster is:

# Infrastructure node
DH_NODE_1_NAME="dh-example-cluster-infra"
DH_NODE_1_ROLE_INFRA="true"
DH_NODE_1_ROLE_QUERY="true"
DH_NODE_1_ROLE_ETCD="true"

The INFRA role is a special role that configures several separate services required for a Deephaven Infrastructure node, see DH_NODE_N_ROLE_INFRA. The full set of possible roles is listed here.

You can add as many nodes as you want to your cluster by adding another set of DH_NODE_N values. For example, you could add two more nodes that run query servers and ETCD instances to the cluster defined above with the following:

# Query 1 Node
DH_NODE_2_NAME="dh-example-cluster-query-1"
DH_NODE_2_ROLE_QUERY="true"
DH_NODE_2_ROLE_ETCD="true"

# Query 2 Node
DH_NODE_3_NAME="dh-example-cluster-query-2"
DH_NODE_3_ROLE_QUERY="true"
DH_NODE_3_ROLE_ETCD="true"

Service redundancy

Several Deephaven services such as the Authentication Server, Persistent Query Controller, and Data Import Server, support redundancy and failover. You can add these roles to additional nodes in the system to automatically configure these services for redundancy. For more details about redundant services, see resilience planning.

Required variables

DH_LOCAL_DIR

DH_LOCAL_DIR=/tmp/deploy

The location on the Installation Host where installation media is placed and all generated scripts are written to and run from. You run the installation generator from this directory. If this property is not defined, the value for DH_REMOTE_DIR is used instead. If neither is specified, an error is thrown, and no files are generated.

Note

This directory must be owned and writable by the DH_SSH_USER.

DH_REMOTE_DIR

DH_REMOTE_DIR=/tmp/deploy

The location on each Remote Host where the installer copies installation media and writes log files. If this directory is missing, the install script creates it. If DH_REMOTE_DIR is not specified, the value of DH_LOCAL_DIR is used instead. If both are missing, an error is thrown, and no files are generated.

Tip

To avoid uploading large files from your installer host to each target machine, you can place the installation media into /var/lib/deephaven, ensuring the files are readable by DH_SSH_USER and DH_ADMIN_USER

All scripts that run during installation write their log files to $DH_REMOTE_DIR/logs.

DH_VERSION

DH_VERSION=1.20240517.344

The version of Deephaven to install. This must match the name of the Deephaven tar.gz file placed in DH_LOCAL_DIR. The installer searches for the installation media in the following filesystem locations, in order:

  1. /var/lib/deephaven/deephaven-enterprise-${DH_JAVA_VERSION}-1.20240517.344.tar.gz (owned by irisadmin)
  2. $DH_REMOTE_DIR/lib/deephaven-enterprise-${DH_JAVA_VERSION}-1.20240517.344.tar.gz (readable by Service Account AND irisadmin)
  3. $DH_LOCAL_DIR/deephaven-enterprise-${DH_JAVA_VERSION}-1.20240517.344.tar.gz (readable by service account)

If the tar.gz is not found in any of these places, the installation fails.

DH_CLUSTER_NAME

DH_CLUSTER_NAME="Some Name"

An identifying name for the cluster. While this is required, it is only used for logging.

DH_NODE_N_NAME

DH_NODE_N_NAME="some-name"

DH_NODE_N_ variables define each Remote Host in the cluster that the installer configures (domain name, hostname, and running processes). At least one node must be specified, and N should be replaced with an integer starting at 1.

Tip

You should set this to match the node's short hostname (not the fully qualified domain name), similar to the output of hostname -s.

Optional variables

DH_OS

DH_OS=rocky9

The operating system that the installer targets. Valid options are:

  • ubuntu20
  • ubuntu22
  • rocky8
  • rocky9
  • rhel8
  • rhel9

The version support matrix details when each Operating System is supported by a specific version of Deephaven. To install on an OS, both the install generator and product archive must have matching versions listed on the support matrix.

Caution

It is strongly recommended that all hosts within the Deephaven cluster use the same OS flavor and version. If you have specific requirements that prevent this, please contact Deephaven support for further help configuring your system.

DH_SSH_USER

DH_SSH_USER=dh_service

The service user to use for SSH during the installation process. If left unspecified, this defaults to the user running the installer from the DH_LOCAL_DIR.

Caution

It is strongly recommended that you set the DH_SSH_USER variable when generating scripts so the installer can validate the proper ownership of all files.

DH_SSH_KEY

DH_SSH_KEY=/path/to/some/id_rsa

The path to the SSH key on the installation host to use during the installation process. It is good practice to combine this with DH_SSH_USER. If left unspecified, this uses the normal SSH key for the user.

DH_LAX_SSH

DH_LAX_SSH="false"

Setting this to true bypasses SSH Remote Host verification. The default value is false, and requires that the known_hosts file for the DH_SSH_USER on the installation host is already set up to communicate with all target Remote Hosts.

DH_WORLD_READABLE_LOGS

DH_WORLD_READABLE_LOGS="false"

Setting this to true makes log files world-readable. The default value is false.

Caution

Set this to true only if access to the DH_SSH_USER is highly restricted, and other users need to debug logs without logging in as the service account. Enabling this option may risk exposing sensitive information through the log files.

DH_CLEANUP

DH_CLEANUP="true"

Setting this to true directs the installer to scrub all temporary files AND logs on all remote machines after installation completes. Logs are copied from Remote Host to Installer Host before they are deleted. The default value is false unless DH_LOCAL_DIR is not the same as DH_REMOTE_DIR.

For more information about host types see the installation guide

DH_DOMAIN_ROOT

DH_DOMAIN_ROOT=my.company.com

When DH_DOMAIN_ROOT is set, per-node domain names are computed by concatenating DH_NODE_N_HOST with DH_DOMAIN_ROOT (see below). This should generally be set to match the domain name used in the provided TLS certificate files.

DH_NODE_N_HOST

The hostname of node N. If this is not specified, the installer uses the DH_NODE_N_NAME instead.

DH_NODE_N_DOMAIN

The fully qualified domain name of node N. This overrides the value of DH_DOMAIN_ROOT for node N. When this is specified, the installer connects to host N using the address {DH_NODE_N_HOST}.{$DH_NODE_N_DOMAIN}.

If neither is specified, the installer assumes that the networking layer can resolve all machines directly by hostname.

Caution

Note that this value is used for exposed services, such as the Web UI. All client machines must be able to resolve this domain name.

DH_NODE_N_ROLE\_$SERVICE

DH_NODE_N_ROLE_$SERVICE=true|false

When set to true, this directs the installer to enable the specified service on the specified node. The DH_NODE_N_ROLE_INFRA role is a special role that enables common services needed on an Infrastructure node.

The full list of services is:

Service SuffixDescription
_QUERYEnable a query-class (read-only) RemoteQueryDispatcher [db_query].
_MERGEEnable a merge-class (read-write) RemoteQueryDispatcher [db_merge].
_CONFIGEnable a ConfigurationServer. This requires etcd binaries and client keys on disk configuration_server.
_AUTHEnable an AuthenticationServer [authentication_server].
_DISEnable a Data Import Server [db_dis].
_WEBEnable a WebServer (web IDE) and a Client Update Service [web_api_server].
_CONTROLLEREnable a Persistent Query Controller [iris_controller].
_ETCDEnable an etcd server on this node. An etcd node need not run any other services. There must be an odd number of etcd nodes. When not specified, the first node or (if available) three nodes are marked as etcd servers.
_SCHEMASpecify the node (which must run a merge server) to be used to run the Schema Editor for Swing clients. If this value is not specified, the first merge server in the service list is used.
_LASEnable a Log Aggregator Service. By default, all nodes run a LAS [log_aggregator_service]
_TDCPEnable a Table Data Cache Proxy [db_tdcp]. By default, all nodes run a Table Data Cache Proxy.
_TAILEREnable a Log Tailer [tailer1]. By default, all nodes run a log tailer.
_LTDSEnable a Local Table Data Service [db_ltds].
_ENVOYEnable Envoy reverse proxy. Note that Envoy configuration also requires that DH_CONFIGURE_ENVOY be set to true. When Envoy is enabled, but no node is designated, this defaults to the first Web API node.

For example, the snippet below enables a merge server on node 4 and disables the query server on node 1:

# Tell installer that node 4 should run a merge server

DH_NODE_4_ROLE_MERGE=true

# Tell installer that node 1 should NOT run a query server

DH_NODE_1_ROLE_QUERY=false

DH_NODE_N_ROLE_INFRA

DH_NODE_N_ROLE_INFRA="true"

The DH_NODE_N_ROLE_INFRA flag is a shortcut for enabling the following services: CONFIG, AUTH, DIS, WEB, SCHEMA, CONTROLLER, and MERGE. To remove any of these, set the service to be removed to false after setting the INFRA flag.

DH_SKIP_MONIT_CHECK

DH_SKIP_MONIT_CHECK="false"

The default value is false. When set to true, bypass built-in monit health checks. This flag instructs installer scripts to skip all checks and modifications and assume that monit has been configured correctly.

DH_SKIP_ACL_INIT

DH_SKIP_ACL_INIT="false"

The default value is false. When set to true, bypass built-in ACL setup checks. The installer assumes that ACLs have been set up correctly.

DH_CONFIGURE_ENVOY

DH_CONFIGURE_ENVOY="false"

The default value is false.

When set to true, the installation is configured to use Envoy for access to Deephaven services. The installer updates the iris-endpoints.prop to use Envoy with the default Envoy port of 8000 and creates an Envoy configuration YAML file. This setting does not install Envoy itself; see the Envoy documentation and Envoy-related installer flags for instructions on how to install Envoy.

DH_MODIFY_ETC_SUDOERS

DH_MODIFY_ETC_SUDOERS="false"

The default value is false, and the installer fails if sudoers permissions are incorrect.

When set to true, the installation scripts detect when sudoers permissions are incorrect and automatically modify /etc/sudoers with the correct sudoers permissions.

DH_PARALLEL

DH_PARALLEL="true"

The default value is true.

When set to true, installation scripts use as much parallelism as possible. This can greatly improve installation speed, especially on large clusters.

Caution

This setting can cause log messages to interleave and become harder to read. When debugging an installation, you should set DH_PARALLEL=false to trade speed for clarity.

DH_STRICT

DH_STRICT="true"

The default value is true, which means all cluster.cnf entries are validated before performing the installation.

Note

A value of false should only be used in rare cases when upgrading to a new version of the installer and it is needed to ignore deprecated or removed properties.

DH_ETCD_TOKEN

DH_ETCD_TOKEN=""

This property specifies the ETCD token to use. Some installations install and configure ETCD before installation and pass in the etcd token they used via DH_ETCD_TOKEN.

DH_DIR_ETCD_BIN

DH_DIR_ETCD_BIN="/usr/bin"

This property sets the directory where etcd and etcdctl binaries are installed. The default value is /usr/bin.

The specified directory must exist before performing an installation. If the required etcd binaries are not found in this directory, the installer downloads them from https://github.com/etcd-io/etcd/releases unless DH_OFFLINE=true.

DH_JAVA

DH_JAVA="/path/to/java_executable_to_use/bin/java"

This variable specifies where the java executables are, regardless of the system PATH.

DH_JAVA works correctly whether you point to a Java executable or a Java installation directory (like "JAVA_HOME"). Both DH_JAVA=/path/to/java_to_use and DH_JAVA=/path/to/java_to_use/bin/java behave the same.

DH_JAVA_VERSION

DH_JAVA_VERSION="jdk17"

This determines which version of Java to use. Valid values are jdk11 and jdk17. The default value is jdk17.

DH_JAVA_PACKAGE

DH_JAVA_PACKAGE="temurin-17-jdk"

When the requested version of Java is not installed, this specifies the exact Java package name to use with apt/dnf install. This is normally computed from DH_JAVA_VERSION and is only needed if an installed JDK version was not provided, e.g., if a suitable Java JDK was not already installed on the target nodes for the cluster.

DH_JAVA_REPO

DH_JAVA_REPO="https://packages.adoptium.net"

When the requested version of Java is not installed, Deephaven adds a repository definition to your remote machine's package manager to install DH_JAVA_PACKAGE using apt/dnf.

When using the default value for DH_JAVA_REPO, Deephaven saves the Temurin OpenJDK repositories from adoptium.net into /etc/apt/sources.list.d/adoptium.list on Debian distributions and /etc/yum.repos.d/adoptopenjdk.repo on RPM-based distributions.

When using a non-default value of DH_JAVA_REPO, the repository definition is saved to /etc/apt/sources.list.d/deephaven-java.list and /etc/yum.repos.d/deephaven-java.repo.

If you do not wish to modify any of these files, pre-install Java on all remote machines.

DH_JAVA_GPG_KEY

DH_JAVA_GPG_KEY="https://packages.adoptium.net/artifactory/api/gpg/key/public"

When the requested version of Java is not installed, Deephaven adds the Temurin OpenJDK repositories at adoptium.net to your remote machine's package manager so we can install DH_JAVA_PACKAGE using apt/dnf.

The DH_JAVA_GPG_KEY variable defines a URL where the installer can download the GPG key used to verify packages in DH_JAVA_REPO.

If you do not wish to download any GPG keys, pre-install Java on all remote machines.

DH_PYTHON

DH_PYTHON="true"

The default value is true, which means Python is installed on the target node(s).

If the Python version specified by DH_PYTHON_VERSION is not available, the installer downloads and builds it from source. The file Python-3.10.12.tgz can be downloaded or locally provided. See DH_PYTHON_VERSION and DH_PYTHON_PATCH_VERSION for options to install other versions of Python. If a different DH_PYTHON_VERSION major.minor version is specified, and DH_PYTHON=true, the specified version is checked for and installed if not already present.

DH_DND_PYTHON

DH_DND_PYTHON="true"

When set to true, install the Python virtual environment for Core+ workers. The default value is the value of DH_PYTHON.

DH_PYTHON_VERSION

DH_PYTHON_VERSION="3.10"

The version of Python to install when DH_PYTHON is set to true. See the version support matrix for valid versions. The default value is 3.10.

DH_PYTHON_PATCH_VERSION

DH_PYTHON_PATCH_VERSION="12"

Note

Python versions are of the format Major.Minor.Patch. Using the default values for DH_PYTHON_VERSION and DH_PYTHON_PATCH_VERSION you would install Python 3.10.12

This determines which patch version of Python to install when DH_PYTHON is set to true.

Valid values are 0 or higher integers. The corresponding file can be downloaded from https://www.python.org/ftp/python or provided to the installer as part of the installation media.

The default Python versions are:

  • 3.9.18
  • 3.10.12

DH_OFFLINE

DH_OFFLINE="false"

The default value is false. When set to true, if any missing dependencies have not been provided, the installation will fail.

Note

The installer does not download resources that are already present on the running system.

DH_FORCE_NEW_CERTS

DH_FORCE_NEW_CERTS="false"

The default value is false. When set to true, it forcibly overwrites all tls certificates.

Caution

This should only be set to true when you need to rotate keys or certificates are expiring and the Deephaven cluster is not enrolled in a certificate management infrastructure.

DH_SKIP_CERT_VALIDATION

DH_SKIP_CERT_VALIDATION="false"

This defaults to false. When set to true, additional truststore / certificate validation performed at the end of an installation is bypassed. This flag should only be used if you have verified that your truststore and certificates are correctly formatted or if you plan to repair your certificates after the installation has completed.

DH_REPO_URL

DH_REPO_URL="https://illumon.jfrog.io/illumon/libs-customer"

When installation media for DH_VERSION is not found on each Remote Host or in DH_LOCAL_DIR on the Installer Host, the installer downloads the media from Deephaven’s jfrog repository, as specified by DH_REPO_URL.

Caution

To avoid network-related failures, it is recommended that you supply all installation media before running the installation. See installation media

DH_REPO_SEGMENT

DH_REPO_SEGMENT="iris/illumon-db/1.20240517.344"

The repo name segment to use in conjunction with DH_REPO_URL to calculate download URLs. The default value is iris/illumon-db/<DH_VERSION>. This value is not needed when installation media has been provided.

DH_REPO_KEY_FILE

DH_REPO_KEY_FILE="/path/to/file/containing/repo/password"

When using DH_REPO_URL to download archives, the DH_REPO_KEY_FILE specifies a file containing the secret password used to authenticate with Deephaven’s jfrog repository. The file is copied to the Remote Host, which downloads the files and erases the key file once complete. This is not needed when installation media has been provided.

DH_DND_VERSIONS

DH_DND_VERSIONS=auto

or

DH_DND_VERSIONS=0.37.4

Note

The recommended setting for this value is auto. Do not set this to anything else unless directed by Deephaven support.

A comma-separated list of Core+ versions to install. You must have provided the Core+ installation file (e.g., deephaven-coreplus-0.37.4-1.20240517.344-jdk17.tgz) that corresponds to the DH_VERSION and Core+ version that you are requesting.

The installer expects the installation file to be located in $DH_LOCAL_DIR/ along with the other installation media. The Installer searches the same paths as documented in DH_VERSION

The installer sets the /usr/illumon/coreplus/latest link to the first specified version. If you install multiple versions, you must edit your iris-environment.prop file to include appropriate WorkerKind definitions for those versions.

You may also set DH_DND_VERSIONS to the special properties none or auto. When selecting auto, the installer selects the same version of Deephaven Community that was built and tested with your selected version of Deephaven Enterprise. When selecting none, Core+ is not installed or upgraded.

DH_USE_EPEL

DH_USE_EPEL="true"

Set to false to tell Fedora-based operating systems (Red Hat, Rocky) to exclude the automatically added epel-release upstream source. This is useful when you have your own RPM repositories to supply operating system dependencies and do not wish to include the epel repository.

Custom user accounts

If you are unable to use the default Deephaven service user names you may change them using the following settings.

DH_MONIT_USER

DH_MONIT_USER=irisadmin

The OS user account to run Monit. The default value is irisadmin. If the user does not exist, the installer creates one.

Note

This can be the same user as your DH_SSH_USER service account

The user must have sudoer privileges to run as the DH_ADMIN_USER, DH_MERGE_USER, and DH_QUERY_USER. See Sudoers for more details.

DH_MONIT_GROUP

DH_MONIT_GROUP=irisadmin

The OS group to use to run monit. The default value is the same name as DH_MONIT_USER and is created if missing.

DH_SHARED_GROUP

DH_SHARED_GROUP=dbmergegrp

The OS group to use for ownership of files that must be shared between DH_ADMIN_USER, DH_MERGE_USER, and DH_QUERY_USER. This defaults to dbmergegrp.

This group must be the primary group for these three Deephaven system accounts, and any files which must be readable by all three OS users should have group ownership of DH_SHARED_GROUP (or DH_SHARED_QUERY_GROUP, described below, if you wish to share data beyond Deephaven system accounts).

If the DH_SHARED_GROUP group does not exist, it is created and set as the OS primary (default) group for the DH_ADMIN_USER, DH_MERGE_USER, and DH_QUERY_USER accounts.

DH_ADMIN_USER

DH_ADMIN_USER=irisadmin

The OS user to run administrative services such as the query controller, authentication and configuration servers. The default value is irisadmin. This user account is created if it does not exist. Both the DH_SSH_USER and DH_MONIT_USER must be able to sudo as DH_ADMIN_USER : DH_ADMIN_GROUP.

Caution

Restrict access to this user account as much as possible.

DH_ADMIN_GROUP

DH_ADMIN_GROUP=irisadmin

The OS group used primarily for file permissions. This defaults to the same name as DH_ADMIN_USER. If the group does not exist, it is created.

The primary group for DH_ADMIN_USER must be DH_SHARED_GROUP (typically dbmergegrp), NOT DH_ADMIN_GROUP (typically irisadmin).

To check your primary group, run:

id "${DH_ADMIN_USER:-irisadmin}"
# expect output similar to: uid=9002(irisadmin) gid=9003(dbmergegrp) groups=9003(dbmergegrp),9004(dbquerygrp),9002(irisadmin)
# the gid= represents the primary group, groups= are the complete group membership list

DH_MERGE_USER

DH_MERGE_USER=dbmerge

The OS user to use when running merge processes (allowed to write historical data). This defaults to dbmerge. It is created if it does not exist.

Caution

It is strongly discouraged to set DH_MERGE_USER == DH_ADMIN_USER or DH_MONIT_USER because it grants administrative privileges to any user allowed to run queries on the merge server. The DH_MONIT_USER and DH_SSH_USER must be able to use sudo as DH_MERGE_USER : DH_MERGE_GROUP.

DH_MERGE_GROUP

DH_MERGE_GROUP=dbmerge

The OS group to use for files that are only readable by DH_MERGE_USER. This defaults to the same name as DH_MERGE_USER. It is created if it does not exist.

Note

Processes are run using DH_SHARED_GROUP, so files created by merge processes are visible to other OS user accounts.

The primary group for DH_MERGE_USER must be DH_SHARED_GROUP (typically dbmergegrp), NOT DH_MERGE_GROUP (typically dbmerge).

DH_QUERY_USER

DH_QUERY_USER=dbquery

The OS user to use when running query processes. This defaults to dbquery. It is created if it does not exist. The primary group for DH_QUERY_USER must be DH*SHARED_GROUP (typically dbmergegrp), _NOT* DH_QUERY_GROUP (typically dbquery).

Caution

It is strongly discouraged to set DH_QUERY_USER == DH_ADMIN_USER or DH_MONIT_USER because this grants administrative privileges to any user allowed to run code on the query server. The DH_MONIT_USER and DH_SSH_USER must be able to use sudo as DH_QUERY_USER : DH_QUERY_GROUP.

DH_QUERY_GROUP

DH_QUERY_GROUP=dbquery

The OS group to use for files that are only readable by DH_QUERY_USER. This defaults to the same name as DH_QUERY_USER (dbquery). It is created if it does not exist.

Note

Processes are run using DH_SHARED_GROUP, so files created by query processes are visible to other OS user accounts.

DH_SHARED_QUERY_GROUP

DH_SHARED_QUERY_GROUP=dbquerygrp

The OS group to use for ownership of files that must be shared between any operating system user that you want to be able to run a Deephaven worker / query / console. The default value is dbquerygrp.

All three system users, DH_ADMIN_USER, DH_MERGE_USER, and DH_QUERY_USER must have secondary group membership in the DH_SHARED_QUERY_GROUP, but you may also allow any operating system user to start Deephaven sessions by granting them membership to DH_SHARED_QUERY_GROUP. See the Configuration guide for more information.