Troubleshooting connections with OpsCenter to DSE with SSL

Review the following errors and suggested changes to troubleshoot SSL connections between OpsCenter and DSE.

cluster_name.conf

The location of the cluster_name.conf file depends on the type of installation:
  • Package installations: /etc/opscenter/clusters/cluster_name.conf
  • Tarball installations: install_location/conf/clusters/cluster_name.conf

The following errors can indicate issues where OpsCenter is connecting to DataStax Enterprise (DSE) with SSL.

OpsCenter shuts down due to invalid property in cluster config: ssl_validate

This error occurs when your cluster configuration contains the deprecated ssl_validate configuration value in your cluster_name.conf configuration file. Remove the ssl_validate option and Restart OpsCenter.

OpsCenter cannot connect to the cluster with No DSE connection available error in logs

While this error can be due to a number of issues with the cluster connection, when working with SSL, it can be an indicator that the keystore/truststore setup needs tweaking. You might see errors similar to these in the logs:
2016-02-04 16:06:53,255 [] DEBUG: Node 127.0.0.1 seems to be down, trying next contact point (MainThread)
2016-02-04 16:06:53,255 [] DEBUG: Unable to connect to any seed nodes, tried ['127.0.0.1'] (MainThread)
2016-02-04 16:06:53,256 []  WARN: No cassandra connection available for hostlist ['127.0.0.1'] .  Retrying. (MainThread)
These errors indicate that OpsCenter cannot make a connection with the DataStax Enterprise (DSE) cluster. To ensure that your SSL configuration is correct, check the following:
  • Certificates in keystore/truststore are valid (hostnames match and certificates are not expired).
  • All public certificates for each node are in the truststore for OpsCenter.
  • The certificate for OpsCenter is in each node's truststore if require_client_auth is enabled.