Troubleshooting connections with OpsCenter to DSE with SSL
Review the following errors and suggested changes to troubleshoot SSL connections between OpsCenter and DSE.
cluster_name.conf
The location of the cluster_name.conf file depends on the type of installation:- Package installations: /etc/opscenter/clusters/cluster_name.conf
- Tarball installations: install_location/conf/clusters/cluster_name.conf
The following errors can indicate issues where OpsCenter is connecting to DataStax Enterprise (DSE) with SSL.
OpsCenter shuts down due to invalid property in cluster config: ssl_validate
This error occurs when your cluster configuration contains the deprecated
ssl_validate
configuration value in your
cluster_name.conf configuration file. Remove the
ssl_validate
option and Restart OpsCenter.
OpsCenter cannot connect to the cluster with No DSE connection available error in logs
While this error can be due to a number of issues with the cluster connection, when working
with SSL, it can be an indicator that the keystore/truststore setup needs tweaking. You might
see errors similar to these in the
logs:
2016-02-04 16:06:53,255 [] DEBUG: Node 127.0.0.1 seems to be down, trying next contact point (MainThread)
2016-02-04 16:06:53,255 [] DEBUG: Unable to connect to any seed nodes, tried ['127.0.0.1'] (MainThread)
2016-02-04 16:06:53,256 [] WARN: No cassandra connection available for hostlist ['127.0.0.1'] . Retrying. (MainThread)
These errors indicate that OpsCenter cannot make a connection with the DataStax Enterprise
(DSE) cluster. To ensure that your SSL configuration is correct, check the following:
- Certificates in keystore/truststore are valid (hostnames match and certificates are not expired).
- All public certificates for each node are in the truststore for OpsCenter.
- The certificate for OpsCenter is in each node's truststore if
require_client_auth
is enabled.