OpsCenter 4.0 User Guide

Enabling SSL - package installations

To enable SSL for package installations, you edit the confiugration file and run a script to generate the keys used by OpsCenter and the agents.

Prerequisites

  • The Python interface for the OpenSSL library (pyOpenSSL). With package installs (rpm or deb) of OpsCenter, the python-openssl package is installed as a dependency. However, this is not the case with CentOS 5.x installs.

Procedure

  1. Ensure that a version of pyOpenSSL compatible with the version of libssl installed is a requirement for any secure communications in OpsCenter.
    • Opscenter ships with pyOpenSSL 0.10, compiled for libssl 0.9.8, so if you are using libssl 0.9.8 on the machine running opscenterd, no further action should be required.
    • If you are using libssl 1.x, you need to ensure that pyOpenSSL 0.10+ is installed and compiled properly.
    1. (Optional) Determine the version of pyOpenSSL installed.
      $ python -c "import OpenSSL; print OpenSSL.__version__"
    2. (Optional) Manually install pyOpenSSL.
      $ sudo easy_install pyOpenSSL
  2. Run the OpsCenter setup.py script:
    $ sudo /usr/share/opscenter/bin/setup.py
    The script generates the SSL keys and certifcates used by the OpsCenter daemon and the agents to communicate with one another in the following directory.

    /var/lib/opscenter

  3. Open opscenterd.conf in an editor and add two lines to enable SSL.
    $ sudo vi /etc/opscenter/opscenterd.conf
    [agents]
    use_ssl = true
    
  4. Restart the OpsCenter daemon.

If you want to connect to a cluster in which agents have already been deployed, you can log in to each of the nodes and reconfigure the address.yaml file (see steps below).

  1. Reconfigure the agents on all nodes.
    1. Log into each node in the cluster using ssh.
      $ ssh <user>@<node>
      Where <node> is either the host name of the node or its IP address and <user> is the userid on the node.
    2. Edit the address.yaml file, changing the value of use_ssl to 1.
      $ sudo vi /var/lib/opscenter/address.yaml
      use_ssl: 1
    3. Restart the agent.
      $ sudo service datastax-agent restart

If you do not want to edit all the node configuration files by hand, you can follow the agent installation procedure.

  1. Once opscenterd and all agents have been configured and restarted, verify proper connection via the dashboard.