Enabling SSL - tarball installations

To enable SSL for tarball installations, you edit the configuration file and run a script to generate the keys used by OpsCenter and the agents.

opscenterd.conf 

The location of the opscenterd.conf file depends on the type of installation:

Location Package Installer (GUI or text mode) Tarball
Service No-service
/etc/opscenter/opscenterd.conf X X    
install_location/conf/opscenterd.conf     X X

address.yaml 

The location of the address.yaml file depends on the type of installation:

  • Package installations: /var/lib/datastax-agent/conf/address.yaml
  • Tarball installations: install_location/conf/address.yaml

Procedure

  1. Ensure that a version of pyOpenSSL compatible with the version of libssl installed is a requirement for any secure communications in OpsCenter.
    • OpsCenter ships with pyOpenSSL 0.10, compiled for libssl 0.9.8, so if you are using libssl 0.9.8 on the machine running opscenterd, no further action should be required.
    • If you are using libssl 1.x, you need to ensure that pyOpenSSL 0.10+ is installed and compiled properly.
    1. (Optional) Determine the version of pyOpenSSL installed.
      $ python -c "import OpenSSL; print OpenSSL.__version__"
    2. (Optional) Manually install pyOpenSSL.
      $ sudo easy_install pyOpenSSL
  2. Run the OpsCenter setup.py script:
    $ sudo install_location/bin/setup.py
    The script generates the SSL keys and certificates used by the OpsCenter daemon and the agents to communicate with one another in the following directory.
    install_location/ssl
  3. Open opscenterd.conf in an editor and add two lines to enable SSL.
    $ sudo vi install_location/conf/opscenterd.conf
    
    [agents]
    use_ssl = true
    
  4. Restart the OpsCenter daemon.

If you want to connect to a cluster in which agents have already been deployed, you can log in to each of the nodes and reconfigure the address.yaml file (see steps below).

  1. Reconfigure the agents on all nodes.
    1. Copy install_location/ssl/agentKeyStore from the OpsCenter machine to /var/lib/datastax-agent/ssl/agentKeyStore for package age installations, or agent_install_location/ssl/agentKeyStore on each node in the cluster.
      $ scp /opt/opscenter/ssl/agentKeyStore user@node:/var/lib/datastax-agent/ssl/
      Where node is either the host name of the node or its IP address and user is the userid on the node.
    2. Log into each node in the cluster using ssh.
      $ ssh user@node
      Where node is either the host name of the node or its IP address and user is the userid on the node.
    3. Edit the address.yaml file, changing the value of use_ssl to 1.
      $ sudo vi install_location/conf/address.yaml
      use_ssl: 1
    4. Restart the agent.
      $ sudo install_location/bin/datastax-agent

If you do not want to edit all the node configuration files by hand, you can follow the agent installation procedure.

  1. Once opscenterd and all agents have been configured and restarted, verify proper connection via the dashboard.