Enabling SSL - package installations
To enable SSL for package installations, you edit the confiugration file and run a script to generate the keys used by OpsCenter and the agents.
- The Python interface for the OpenSSL library (pyOpenSSL). With package installs (rpm or deb) of OpsCenter, the python-openssl package is installed as a dependency. However, this is not the case with CentOS 5.x installs.
Ensure that a version of pyOpenSSL
compatible with the version of libssl installed is a
requirement for any secure communications in OpsCenter.
- Opscenter ships with pyOpenSSL 0.10, compiled for libssl 0.9.8, so if you are using libssl 0.9.8 on the machine running opscenterd, no further action should be required.
- If you are using libssl 1.x, you need to ensure that pyOpenSSL 0.10+ is installed and compiled properly.
(Optional) Determine the version of pyOpenSSL
$ python -c "import OpenSSL; print OpenSSL.__version__"
(Optional) Manually install pyOpenSSL.
$ sudo easy_install pyOpenSSL
Run the OpsCenter setup.py script:
$ sudo /usr/share/opscenter/bin/setup.pyThe script generates the SSL keys and certifcates used by the OpsCenter daemon and the agents to communicate with one another in the following directory.
Open opscenterd.conf in an editor and add two lines to
$ sudo vi /etc/opscenter/opscenterd.conf
[agents] use_ssl = true
- Restart the OpsCenter daemon.
If you want to connect to a cluster in which agents have already been deployed, you can log in to each of the nodes and reconfigure the address.yaml file (see steps below).
Reconfigure the agents on all nodes.
Log into each node in the cluster using ssh.
$ ssh <user>@<node>Where <node> is either the host name of the node or its IP address and <user> is the userid on the node.
Edit the address.yaml file, changing the value of
use_ssl to 1.
$ sudo vi /var/lib/opscenter/address.yaml
Restart the agent.
$ sudo service datastax-agent restart
- Log into each node in the cluster using ssh.
If you do not want to edit all the node configuration files by hand, you can follow the agent installation procedure.
Once opscenterd and all agents have been configured and
restarted, verify proper connection via the dashboard.