To enable SSL for tarball installations, you edit the confiugration file and run a
script to generate the keys used by OpsCenter and the agents.
Procedure
-
Ensure that a version of pyOpenSSL
compatible with the version of libssl installed is a
requirement for any secure communications in OpsCenter.
- Opscenter ships with pyOpenSSL 0.10, compiled for
libssl 0.9.8, so if you are using
libssl 0.9.8 on the machine running
opscenterd, no further action should be
required.
- If you are using libssl 1.x, you need to ensure that
pyOpenSSL 0.10+ is installed and compiled
properly.
-
(Optional) Determine the version of pyOpenSSL
installed.
$ python -c "import OpenSSL; print OpenSSL.__version__"
-
(Optional) Manually install pyOpenSSL.
$ sudo easy_install pyOpenSSL
-
Run the OpsCenter setup.py script:
$ sudo <install_location>/bin/setup.py
The script generates the SSL keys and certifcates used by the OpsCenter
daemon and the agents to communicate with one another in the following
directory.
<install_location>/ssl
-
Open opscenterd.conf in an editor and add two lines to
enable SSL.
$ sudo vi <install_location>/opscenterd.conf
[agents]
use_ssl = true
-
Restart the OpsCenter daemon.
If you want to connect to a cluster in which agents have already been
deployed, you can log in to each of the nodes and reconfigure the
address.yaml file (see steps below).
-
Reconfigure the agents on all nodes.
-
Log into each node in the cluster using ssh.
$ ssh <user>@<node>
Where
<node> is either the host name of the node or
its IP address and
<user> is the userid on the
node.
-
Edit the address.yaml file, changing the value of
use_ssl to 1.
$ sudo vi <install_location>/conf/address.yaml
use_ssl: 1
-
Restart the agent.
$ sudo <install_location>/bin/datastax-agent
If you do not want to edit all the node
configuration files by hand, you can follow the agent installation
procedure.
-
Once opscenterd and all agents have been configured and
restarted, verify proper connection via the dashboard.