DataStax OpsCenter Documentation

Configuring SSL

OpsCenter uses Secure Socket Layer (SSL) to encrypt the communication protocol and authenticate traffic between OpsCenter agents and the main OpsCenter daemon (Linux and Mac OSX) or the DataStax OpsCenter Service (Windows). The default SSL state depends on the operating system:

Consider disabling SSL if you are running OpsCenter and DataStax Enterprise or DataStax Community under the following conditions:

  • On a secure internal network.
  • In a development environment where agents and OpsCenter run on the same computer free from network threats.
  • In a situation where you are not concerned about someone listening to OpsCenter traffic.
  • In automatic deployments of OpsCenter to avoid re-installation of agents. (Unless you disable SSL, installing OpsCenter generates SSL files for encryption and requires re-installation of agents.)
  • On a computer that does not have the required version of OpenSSL.

If you have no need for SSL, you can simply disable the SSL option to avoid installing OpenSSL.

SSL requirements

If the SSL option is enabled, OpsCenter requires a specific version of OpenSSL for each supported operating system:

Version Operating System
0.9.8 CentOS 5.x, Debian, Mac OSX, Oracle Linux 5.5, RHEL 5.x, SuSe Enterprise 11.x, Ubuntu, and Windows
1.0.0 CentOS 6.x, Oracle Linux 6.1, and RHEL 6.x

To determine which version of OpenSSL is installed on a Linux or Mac OSX system, use the following command:

openssl version

Disabling SSL in Binary Tarball Installations (Linux and Mac OSX)

By default, SSL is enabled on Linux and Mac OSX installations. You modify the configuration files for OpsCenter and its agents to disable SSL on Linux and Mac OSX.

On the OpsCenter machine:

  1. Go to the directory containing the OpsCenter configuration file (opscenterd.conf):

    • cd /etc/opscenter (package install)
    • cd /<install_location>/conf (binary tarball install)
  2. Open opscenterd.conf, for editing. For example:

    sudo vi opscenterd.conf
    
  3. Add the following to opscenterd.conf:

    [agents]
    use_ssl = false
    
  4. Restart OpsCenter:

On the agent machine:

  1. Go to the directory containing the OpsCenter agent configuration file (address.yaml):

    cd /<install_location>/conf

  2. Open address.yaml for editing. For example:

    sudo vi address.yaml
    
  3. Add the following command and set its value to 0.

    use_ssl: 0
    
  4. Restart the OpsCenter agent.

Enabling SSL in Windows installations

By default, SSL is disabled on Windows installations. To enable SSL, you run setup.py (which generates the required SSL keys and certificates), modify the configuration files for OpsCenter and its agent, and then restart the DataStax OpsCenter Agent Service.

To enable SSL:

  1. Go to the opscenter\bin directory:

    Program Files (x86) > DataStax Community > opscenter > bin

  2. Click or double-click setup.py to run it.

    The agentKeyStore key pairs are generated and appear in opscenter\ssl directory.

  3. Go to the opscenter\conf directory:

    DataStax Community > opscenter > conf

  4. Open the configuration file for OpsCenter, opscenterd.conf, in a text editor such as Notepad.

  5. In the agents section, change use_ssl from 0 to 1 (or true), and then save the file.


    ../../_images/conf_opsc_dconf2.png
  6. Go to the opscenter\agent\conf directory:

DataStax Community > opscenter > agent > conf
  1. Open the configuration file for OpsCenter agent, address.yaml, in a text editor.

  2. In the address.yaml file, change the value for use_ssl from 0 to 1, and then save the file.

    use_ssl: 1
    
  3. From the Control Panel, restart the DataStax OpsCenter Agent Service.


    ../../_images/conf_opsc_agentsvc2.png