OpsCenter configuration properties

These properties are configured in the opscenterd.conf file.

[webserver] port 

The HTTP port used for client connections to the OpsCenter web server. The default port is 8888.

Optional HTTPS support. To enable, remove the comment markers (#) in front of properties prefixed with ssl in the opscenterd.conf file, as described in Configuring HTTPS.

[webserver] interface 

The interface that the web server uses to listen for client connections. The interface must be an externally accessible IP address or host name. The default interface is 127.0.0.1.

[webserver] staticdir 

The location in the file system where static content for the OpsCenter web site resides. The default location is /usr/share/opscenter/content for package installations and install_location/content for tarball installations.

[webserver] log_path 

The location where HTTP traffic to the service is logged. The default is /var/log/opscenter/http.log for package installations and install_location/log/http.log for tarball installations.

[webserver] ssl_keyfile 

The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.

[webserver] ssl_certfile 

The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.

[webserver] ssl_port 

The port on which to serve SSL traffic. The default port is 8443.

[webserver] sub_process_timeout 

The time in seconds OpsCenter waits for subprocesses to complete before a timeout. The default value is 600 seconds. OpsCenter spawns subprocesses for some tasks, such as scp, these tasks have a configurable timeout.

[webserver] tarball_process_timeout 

The timeout, in seconds, to deliver the agent tarball to a node during agent installation. The default value is 600 seconds.

[security] config_encryption_active 

Specifies whether opscenter should attempt to decrypt sensitive config values.

[security] config_encryption_key_name 

Name of the system key used to encrypt / decrypt passwords stored.

[security] config_encryption_key_path 

Path to the encryption key. If left blank, the directory of opscenterd.conf will be used.

[logging] level 

The logging level for OpsCenter. Available levels are (from most to least verbose): TRACE, DEBUG, INFO, WARN, or ERROR. The default level is INFO.

The OpsCenter log file is located in /var/log/opscenter/opscenterd.log.

[logging] resource_usage_interval 

The interval, in seconds, in which OpsCenter logs the system resource usage. The default value is 60.

[logging] log_path 

The log file for OpsCenter. The default location is /var/log/opscenter/opscenter.log for package installations and install_location/log/opscenterd.log for tarball installations.

[logging] log_length 

Logs will rotate after the specified number of bytes. The default is 10000000 (10MB).

[logging] max_rotate 

The maximum number of logs to retain. The default value is 10.

[definitions] use_ssl 

Specifies whether SSL should be used to get definition file updates. This option requires OpenSSL on the OpsCenter host. The default value is True.

[definitions] definitions_dir 

The file system location where definition files are stored. The default location is /etc/opscenter/definitions for package installations and install_location/conf/definitions for tarball installations.

[definitions] auto_update 

Specifies whether OpsCenter should automatically attempt to periodically update the definition files. The default value is True.

[definitions] download_host 

The host that defintion file update requests will be made to. The default host is opscenter.datastax.com.

[definitions] download_port 

The port used to request definition file updates on download_host. The default port is 443.

[definitions] download_filename 

The name of the tar file on the download_host that contains definition file updates. The default name is definitions_files.tgz.

[definitions] hash_filename 

The name of the hash file on the download_host used to determine if the definition file requires an update. The default file is version.md5.

[definitions] sleep 

The duration in seconds between checks to update the definition files. The default time is 3600 seconds (1 hour).

[definitions] ssl_certfile 

The SSL certificate file used for SSL communication with the definition file download_host. The default file is /var/lib/opscenter/ssl/definitions.pem for package installations and install_location/ssl/definitions.pem for tarball installations.

[authentication] passwd_db 

Full path to the file for configuring password authentication for OpsCenter. If this file does not exist, OpsCenter does not verify passwords. The default location is /etc/opscenter/passwd.db for package installations and install_location/passwd.db for tarball installations.

[authentication] enabled 

Configures whether user authentication is enabled or not. The default setting is False.

[authentication] timeout 

This sets the session timeout, in seconds. Defaults to no timeout.

[authentication] authentication_method 

Configured Authentication method. Options: DatastaxEnterpriseAuth, LDAP. For Active Directory, DataStax supports AD over LDAP. Specify LDAP for AD.

[authentication] audit_auth 

Logs all login attempts/successes/log outs, default setting is True

[authentication] audit_pattern 

Prefixes all audit_auth actions with a pattern for searching

[ldap] server_host 

The LDAP server host

[ldap] server_port 

The LDAP server port

[ldap] uri_scheme 

URI Scheme, defaults to ldap for ldap_security = None, defaults to ldaps for ldap_security = SSL or TLS

[ldap] search_dn 

DN of the user that should be used to search for users on the LDAP server. This user should only have the necessary permissions to do the search.

If not present, then an anonymous bind will be used for the search.

example cn=admin,dc=qaldap,dc=datastax,dc=lan

[ldap] search_password 

Password of the search user

[ldap] user_search_base 

The ldap search base used to find a user, example: ou=users,dc=qaldap,dc=datastax,dc=lan

[ldap] user_search_filter 

The ldap search filter used to uniquely identify a user, example: (uid={0})

[ldap] group_search_base 

The ldap search base used to find a group, example: ou=groups,dc=qaldap,dc=datastax,dc=lan

[ldap] group_search_filter 

Deprecated. The ldap search filter used to find a user's group, example: (member=cn={0},ou=users,dc=nodomain)

[ldap] group_search_filter_with_dn

The ldap search filter used to find a user's group. Uses the full user's DN from a user search. Overrides group_search_filter. Example: (member={0}).

[ldap] group_name_attribute 

The ldap field name used to identify a group's name, example: cn

[ldap] admin_group_name 

The name of the admin group or a comma-separated list of admin group names, example: admin, superusers. If your group name contains restricted LDAP characters such as "," you must escape them. For example, two admin groups "foo , bar" and "baz" should be entered as: foo \, bar, baz

[ldap] ldap_security 

The type of security to use with LDAP: None, TLS, SSL; when set to TLS uses TLS start.

[ldap] ssl_cacert 

Path to the CA Cert file, example: ./cacert.pem

[ldap] ssl_cert 

Path to the cert file, example: ./cert.pem

[ldap] ssl_key 

Path to the Key, example: ./user.key.pem

[ldap] tls_reqcert 

Sets the security level for secure communication. Available options: NEVER, DEMAND, TRY, ALLOW.

See http://www.openldap.org/doc/admin21/tls.html.

[ldap] tls_demand 

Sets the demand level for tls, options: Never, HARD see http://www.openldap.org/doc/admin21/tls.html.

[ldap] debug_ssl 

Turns on debug logging for ldap, options: True, False

[ldap] opt_referrals 

A number that represents whether referrals are followed. Zero does not follow referrals.

Any other number follows referrals. This option usually needs to be set to 0 for Active Directory. The default setting is 1.

[ldap] protocol_version 

Sets the LDAP protocol version, this needs to be explicitly set to 3 for ldap v3.

[ldap] user_memberof_attribute 

Set to the attribute on the user entry containing group membership information.

[ldap] group_search_type 

Defines how group membership will be determined for a user. It can be one of:

• directory_search - will do a subtree search of group_search_base using group_search_filter to filter the results. Default.
• memberof_search - will get groups from the user_memberof_attribute of the user. This requires the directory server to have memberof support.

[ldap] connection_timeout 

The number of seconds to wait before concluding the ldap server is down. Default: 20 seconds.

[agents] config_sleep 

The durations in seconds in between Updates to the agent config md5. The default value is 420 seconds (7 minutes).

[agents] ssh_port 

The Secure Shell (SSH) port that listens for agent-OpsCenter communications. The default port is 22. Add an [agents] section, if one doesn't already exist, to the opscenterd.conf. In this section, add the ssh_port option and a value for the port number:

ssh_port = 2222

[agents] incoming_port 

The port used by OpsCenter for incoming stomp communication. The default port is 61620.

[agents] incoming_interface 

The interface used by OpsCenter for incoming stomp traffic from the agents. The default interface is 0.0.0.0.

[agents] use_ssl 

Specifies whether traffic between OpsCenter and the agents should use SSL. The default value is False.

[agents] install_throttle 

The maximum number of concurrent agent installs OpsCenter will attempt. The default value is 20. Keeping this value low prevents high CPU usage during agent installs but increasing it may make agent installs complete faster.

[agents] fingerprint_throttle 

The maximum number of concurrent SSH fingerprints OpsCenter will process when provisioning or installing agents. The default value is 50. Keeping this value low prevents high CPU usage during agent installs but increasing it may make agent provisioning and installs complete faster.

[agents] ssl_keyfile 

The location of the SSL key file used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.

[agents] ssl_certfile 

The location of the SSL certificate used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.pem for package installations and install_location/ssl/opscenter.pem for tarball installations.

[agents] agent_keyfile 

The location of the keyfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.

[agents] agent_keyfile_raw 

The raw key that is stored in the java key store from agent_keyfile. This key is needed by non java clients that wish to communicate with OpsCenter.

[agents] agent_certfile 

The location of the certfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.pem for package installations and install_location/ssl/agentKeyStore.pem for tarball installations.

[agents] ssh_executable 

The location of the ssh executable binary. The default locations is /usr/bin/ssh.

[agents] scp_executable 

The location of the scp executable binary. The default location is /usr/bin/scp.

[agents] ssh_keygen_executable 

The location of the ssh-keygen executable binary. The default location is /usr/bin/ssh-keygen.

[agents] ssh_keyscan_executable 

The location of the ssh-keyscan executable binary. The default location is /usr/bin/ssh-keyscan.

[agents] ssh_user_known_hosts_file 

The location of the OpsCenter user's known_hosts file that will be used by OpsCenter during SSH communications. The default location is ~/.ssh/known_hosts.

[agents] ssh_sys_known_hosts_file 

The location of the system wide known_hosts file that will be used by OpsCenter during SSH communications. The default location is /etc/ssh/ssh_known_hosts.

[agents] path_to_installscript 

The location of the script used to install agents. The default location is /usr/share/opscenter/agent/bin/install_agent.sh for package installations and install_location/agent/bin/install_agent.sh for tarball installations.

[agents] path_to_find_java 

The location of the find-java shell script, used to find the location of Java on the agent machine. The default is /usr/share/opscenter/agent/bin/find-java for package installations and install_location/agent/bin/find-java for tarball installations.

[agents] path_to_sudowrap 

The location of the sudo_with_pass.py wrapper for old Red Hat installations. The default location is /usr/share/opscenter/bin/sudo_with_pass.py for package installations and install_location/bin/sudo_with_pass.py for tarball installations.

[agents] path_to_deb 

The path to the agent Debian package. The default location is /usr/share/opscenter/agent/datastax-agent.deb for package installations and install_location/agent/datastax-agent.deb for tarball installations.

[agents] path_to_rpm 

The path to the agent RPM package. The default location is /usr/share/opscenter/agent/datastax-agent.rpm for package installations and install_location/agent/datastax-agent.rpm for tarball installations.

[agents] tmp_dir 

The path to a tmp directory used for temporary files used by OpsCenter. The default location is /usr/share/opscenter/tmp/ for package installations and install_location/tmp for tarball installations.

[agents] not_seen_threshold 

The time in seconds after an agent request has been received after which the agent is considered down.

[agents] reported_interface 

The interface that OpsCenter tells agents to connect to for STOMP communication. It is not set by default and OpsCenter will try to automatically detect the interface.

[agents] runs_sudo 

Sets whether the DataStax Agent will be run using sudo or not. The default value is True. Setting this option to False means the agent will not use sudo, and the agent user will not run using elevated privileges. Setting this option to True means the agent will run using sudo, and elevated privileges.

[stat_reporter] initial_sleep 

The delay in seconds before the cluster stats reporter starts to run. The default value is 300 (5 minutes).

[stat_reporter] interval 

The interval in seconds between usage metric reports to DataStax Support. By default, OpsCenter sends usage metrics about the cluster to DataStax Support every day.

To disable the phone-home functionality, add the following lines to your opscenterd.conf file:

interval = 0

Additional configuration metric collection properties are available in Metrics Collection Properties.

[stat_reporter] ssl_key 

The location of the SSL key file to use for SSL communication for the phone-home service. The default location is /var/lib/opscenter/ssl/stats.pem for package installations and install_location/ssl/stats.pem for tarball installations.

[stat_reporter] report_file 

The location where generated PDF reports on the cluster are stored. The default location is /usr/share/opscenter/cluster-report.pdf for package installations and install_location/cluster-report.pdf for tarball installations.

[hadoop] base_job_tracker_proxy_port 

The port to use for job tracker information. The interface, SSL key, and SSL cert are taken from the webserver section. The default port is 50031.

[spark] base_master_proxy_port 

Base port to use for setting up the HTTP proxy for the Spark master. Spark master UI is exposed at port 7080 so following the Hadoop model we start incrementing from there.

[provisioning] private_key_dir 

The folder containing private SSL key files used when provisioning new clusters. The default location is /var/lib/opscenter/ssl for package installations and install_location/conf for tarball installations. You may alternately specify the key file using the OpsCenter API when provisioning.

[provisioning] agent_install_timeout 

The timeout allowed for provisioning new agents.

[provisioning] keyspace_timeout 

The amount of time (in seconds) that OpsCenter will wait for keyspace creation before logging a warning and attempting to continue on with provisioning.

[cloud] accepted_certs 

The location of the SSL CA certificate file used when provisioning new clusters or using the Backup Service. The default location is /var/lib/opscenter/ssl/cacert.pem

[repair_service] log_directory 

The location in which to store repair service logs. The default location is /var/log/opscenter/repair_service/ for package installations and install_location/log/repair_service for tarball installations.

[repair_service] log_length 

Logs will rotate after the specified number of bytes. Defaults to 10485760 (10MB).

[repair_service] max_rotate 

The maximum number of logs to retain. The default is 10.

[repair_service] persist_directory 

The location in which to store a file with the current repair service status. The default location is /var/lib/opscenter/repair_service for package installations and install_location/repair_service for tarball installations.

[repair_service] persist_period 

How often, in seconds, to write the state to the persistence file for the repair service. The default value is 300 (5 minutes).

[repair_service] restart_period 

How often in seconds to restart repairs. The default value is 300 (5 minutes).

[repair_service] cluster_stabilization_period 

How often in seconds repair service checks for cluster state before resuming.

[repair_service] ks_update_period 

The maximum age, in seconds, of a cached version of the current keyspace schema. The default values is 300 (5 minutes).

[repair_service] single_task_err_threshold 

The number of times to retry a repair task before moving on to the next task. The default value is 10.

[repair_service] max_err_threshold 

The maximum number of times to fail on a repair before cancelling the repair attempt. Errors during incremental repair do not count towards this threshold. The default value is 100.

[repair_service] max_parallel_repairs 

The maximum number of repairs to run in parallel. The default value is 0.

[repair_service] max_pending_repairs 

The maximum pending repairs allowed to be running on a node at one time. The default value is 5.

[repair_service] alert_on_repair_failure 

Whether there should be alerts fired when a repair task fails. Defaults to true.

[repair_service] single_repair_timeout 

The maximum length of time for a repair to complete, in seconds. The default value is 3600 (1 hour).

[repair_service] min_repair_time 

The minimum length of time in seconds for a repair to complete. If a repair finishes sooner it will be padded with a sleep. The default value is 5.

[repair_service] min_throughput 

The minimum throughput needed to calculate parallel repairs. The default value is 512.

[repair_service] num_recent_throughputs 

The number of recent throughputs used to calculate the average throughput, which is then used to determine how many parallel repairs are needed. The default value is 20.

[repair_service] error_logging_window 

The desired amount of time in seconds between errors for exceeding max_parallel_repairs. Defaults to 86400

[repair_service] incremental_repair_tables 

The list of keyspaces and tables to include in incremental repairs. (e.g. Keyspace1.Standard1, Keyspace1.Standard2)

[repair_service] incremental_range_repair 

Whether incremental repairs should do subrange repair or full repair of a node's entire range.

[repair_service] incremental_err_alert_threshold 

The threshold for the number of errors during incremental repair to ignore before alerting that incremental repair seems to be failing more than an acceptable amount.

[repair_service] snapshot_override 

Specifies whether to override the default snapshot repair behavior. The default value is False. Specifying this option as either True or False will always modify the behavior of the repair service. Snapshot repair can only be configured for Cassandra versions 2.0.11 and greater.

[ui] default_api_timeout 

The default timeout value in seconds for an API call from the OpsCenter UI to the OpsCenter API. The default value is 10.

[ui] max_metrics_requests 

The maximum concurrent metrics requests from the OpsCenter UI to opscenterd. The default value is 16.

[ui] node_detail_refresh_delay 

The time in seconds between polling calls to update node details. The default value is 5.

[ui] storagemap_ttl 

How often, in seconds, the data in the storage capacity chart is updated in the OpsCenter UI. It is set to 300 seconds (5 minutes) by default so changes to storage capacity on individual nodes may not be reflected in the UI for up to 5 minutes.

[request_tracker] queue_size 

The maximum number of requests that can be tracked. The default value is 10,000.

[clusters] add_cluster_timeout 

How long, in seconds, OpsCenter will wait when adding a cluster before reporting an error. The default value is 30 seconds. Adding a cluster includes things like connecting to THRIFT, getting a node list, and creating the OpsCenter schema. Increasing this value may be necessary when running a very large cluster with vnodes enabled.

[clusters] startup_sleep 

How long, in seconds, OpsCenter will wait between connecting to clusters on startup. The default value is 0 (no wait).

[failover] heartbeat_period 

How often OpsCenter should heartbeat to the backup.

[failover] heartbeat_reply_period 

How often a backup OpsCenter should heartbeat to the primary OpsCenter.

[failover] heartbeat_fail_window 

The amount of time required before a lack of heartbeat triggers failover

[failover] failover_configuration_directory 

The directory where failover specific configuration is stored. This directory should not be mirrored/replicated across OpsCenter installs when configuring OpsCenter to support failover.