26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
|
{%- from "clickhouse/map.jinja" import clickhouse with context %}
|
||
|
<clickhouse>
|
||
|
<openSSL>
|
||
|
<server>
|
||
|
<certificateFile>/etc/clickhouse-server/certs/{{ salt['grains.get']('fqdn') }}.crt</certificateFile>
|
||
|
<privateKeyFile>/etc/clickhouse-server/certs/{{ salt['grains.get']('fqdn') }}.key</privateKeyFile>
|
||
|
<verificationMode>relaxed</verificationMode>
|
||
|
<caConfig>/etc/clickhouse-server/certs/{{ clickhouse.cluster }}_ca.crt</caConfig>
|
||
|
<cacheSessions>true</cacheSessions>
|
||
|
<disableProtocols>sslv2,sslv3</disableProtocols>
|
||
|
<preferServerCiphers>true</preferServerCiphers>
|
||
|
</server>
|
||
|
<client>
|
||
|
<loadDefaultCAFile>false</loadDefaultCAFile>
|
||
|
<caConfig>/etc/clickhouse-server/certs/{{ clickhouse.cluster }}_ca.crt</caConfig>
|
||
|
<cacheSessions>true</cacheSessions>
|
||
|
<disableProtocols>sslv2,sslv3</disableProtocols>
|
||
|
<preferServerCiphers>true</preferServerCiphers>
|
||
|
<verificationMode>relaxed</verificationMode>
|
||
|
<invalidCertificateHandler>
|
||
|
<name>RejectCertificateHandler</name>
|
||
|
</invalidCertificateHandler>
|
||
|
</client>
|
||
|
</openSSL>
|
||
|
</clickhouse>
|