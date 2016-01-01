Optional secured communication between ClickHouse and Zookeeper
This page is not applicable to ClickHouse Cloud. The procedure documented here is automated in ClickHouse Cloud services.
You should specify
ssl.keyStore.location,
ssl.keyStore.password and
ssl.trustStore.location,
ssl.trustStore.password for communication with ClickHouse client over SSL. These options are available from Zookeeper version 3.5.2.
You can add
zookeeper.crt to trusted certificates.
Client section in
config.xml will look like:
Add Zookeeper to ClickHouse config with some cluster and macros:
Start
clickhouse-server. In logs you should see:
Prefix
secure:// indicates that connection is secured by SSL.
To ensure traffic is encrypted run
tcpdump on secured port:
And query in
clickhouse-client:
On unencrypted connection you will see in
tcpdump output something like this:
On encrypted connection you should not see this.