OpsCenter configuration properties

These properties are configured in the opscenterd.conf file.

[webserver] port 

The HTTP port used for client connections to the OpsCenter web server. The default port is 8888.

Optional HTTPS support. To enable, remove the comment markers (#) in front of properties prefixed with ssl in the opscenterd.conf file, as described in Configuring HTTPS.

[webserver] interface 

The interface that the web server uses to listen for client connections. The interface must be an externally accessible IP address or host name. The default interface is 127.0.0.1.

[webserver] staticdir 

The location in the file system where static content for the OpsCenter web site resides. The default location is /usr/share/opscenter/content for package installations and install_location/content for tarball installations.

[webserver] ssl_keyfile 

The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.

[webserver] ssl_certfile 

The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.

[webserver] ssl_port 

The port on which to serve SSL traffic. The default port is 8443.

[webserver] hsts_enabled 

Determines whether to use HTTP Strict Transport Security. Enabling this option causes OpsCenter to return an HSTS header in HTML responses that go over HTTPS. The HTHS header makes HTTPS->HTTP downgrade attacks more difficult by instructing supported browsers to refuse connecting to OpsCenter over unencrypted HTTP. Enabling this option also requires enabling TLS with ssl_certfile and ssl_keyfile. See also hsts_max_age. Default: False.

[webserver] hsts_max_age 

The length of time in seconds that supported browsers should consider an HSTS header fresh and refuse to connect to OpsCenter with unencrypted HTTP. See also: hsts_enabled. Default: 31536000 seconds (1 year).

[webserver] sub_process_timeout 

The time in seconds OpsCenter waits for subprocesses to complete before a timeout. The default value is 600 seconds. OpsCenter spawns subprocesses for some tasks, such as scp, these tasks have a configurable timeout.

[http_proxy_settings] proxy_url 

The URL of a proxy server that OpsCenter will use for external http/https connections. Currently only applies to the posturl plugin. Example: http://127.0.0.1:8080

[http_proxy_settings] proxy_username 

Proxy username for basic proxy HTTP authorization. Currently only applies to the posturl plugin.

[http_proxy_settings] proxy_password 

Proxy password for basic proxy HTTP authorization. Currently only applies to the posturl plugin.

[security] config_encryption_active 

Specifies whether opscenter should attempt to decrypt sensitive config values

[security] config_encryption_key_name 

Name of the system key used to encrypt / decrypt passwords stored.

[security] config_encryption_key_path 

Path to the encryption key. If left blank the directory of opscenterd.conf will be used

[logging] resource_usage_interval 

The interval, in seconds, in which OpsCenter logs the system resource usage. The default value is 60.

[definitions] use_ssl 

Specifies whether SSL should be used to get definition file updates. This option requires OpenSSL on the OpsCenter host. The default value is True.

[definitions] definitions_dir 

The file system location where definition files are stored. The default location is /etc/opscenter/definitions for package installations and install_location/conf/definitions for tarball installations.

[definitions] auto_update 

Specifies whether OpsCenter should automatically attempt to periodically update the definition files. The default value is True.

[definitions] download_host 

The host that definition file update requests will be made to. The default host is opscenter.datastax.com.

[definitions] download_port 

The port used to request definition file updates on download_host. The default port is 443.

[definitions] download_filename 

The name of the tar file on the download_host that contains definition file updates. The default name is definitions_files.tgz.

[definitions] hash_filename 

The name of the hash file on the download_host used to determine if the definition file requires an update. The default file is version.md5.

[definitions] sleep 

The duration in seconds between checks to update the definition files. The default time is 3600 seconds (1 hour).

[authentication] passwd_db 

Full path to the file for configuring password authentication for OpsCenter. If this file does not exist, OpsCenter does not verify passwords. The default location is /etc/opscenter/passwd.db for package installations and install_location/passwd.db for tarball installations.

[authentication] enabled 

Configures whether user authentication is enabled or not. The default setting is False.

[authentication] timeout 

This sets the session timeout, in seconds. Defaults to no timeout. If a timeout is desired, the minimum value it can be set to is 60 seconds.

[authentication] authentication_method 

Configured Authentication method, options include DatastaxEnterpriseAuth and LDAP, for Active Directory we support

AD over LDAP, so please specify LDAP

[authentication] password_hash_type 

The 1-way password hash algorithm to use when storing user passwords. Options include: bcrypt+blake2b-512 (default), pbkdf2+blake2b-512, pbkdf2+sha512, pbkdf2+sha3-256, bcrypt+sha512.

[authentication] sqlite_connection_timeout 

The number of seconds that opscenterd waits to receive a successful SQLite connection before a timeout. Default: 5

[authentication] sqlite_max_active_connections 

The maximum number of simultaneous active connections to the SQLite database. Default: 200

[ldap] server_host 

The LDAP server host

[ldap] server_port 

The LDAP server port

[ldap] uri_scheme 

URI Scheme, defaults to ldap for ldap_security = None, defaults to ldaps for ldap_security = SSL or TLS

[ldap] search_dn 

DN of the user that be used to search for users on the LDAP server. This user should

only have the necessary permissions to do the search

If not present then an anonymous bind will be used for the search

example cn=admin,dc=qaldap,dc=datastax,dc=lan

[ldap] search_password 

Password of the search user

[ldap] user_search_base 

The ldap search base used to find a user, example: ou=users,dc=qaldap,dc=datastax,dc=lan

[ldap] user_search_filter 

The ldap search filter used to uniquely identify a user, example: (uid={0})

[ldap] group_search_base 

The ldap search base used to find a group, example: ou=groups,dc=qaldap,dc=datastax,dc=lan

[ldap] group_search_filter 

Deprecated. The ldap search filter used to find a user's group, example: (member=cn={0},ou=users,dc=nodomain)

[ldap] group_search_filter_with_dn 

The ldap search filter used to find a user's group. Uses the full user's DN from a user search. Overrides group_search_filter. Example: (member={0})

[ldap] group_name_attribute 

The ldap field name used to identify a group's name, example: cn

[ldap] admin_group_name 

The name of the admin group or a comma separated list of admin group names, example: admin, superusers

If your group name contains restricted LDAP characters such as "," you must escape them

for example two admin groups "foo , bar" and "baz" should be entered as: foo \, bar, baz

[ldap] ldap_security 

The type of security to use with LDAP: None, TLS, SSL, SSL_TLS when set to TLS or SSL_TLS uses TLS start

[ldap] truststore 

Path to the truststore

[ldap] truststore_type 

Type for the truststore

[ldap] truststore_pass 

password for the truststore

[ldap] user_memberof_attribute 

Set to the attribute on the user entry containing group membership information.

[ldap] user_memberof_stores_dn 

Set to True if the memberof attribute's value is distinguished names of groups. Default: False

[ldap] group_search_type 

The group_search_type defines how group membership will be determined for a user. It

can be one of:

directory_search - will do a subtree search of group_search_base using

group_search_filter to filter the results

memberof_search - will get groups from the memberof attribute of the user. This

requires the directory server to have memberof support

[ldap] connection_timeout 

The number of seconds to wait before concluding the ldap server is down, defaults to 30 seconds.

[agents] config_sleep 

The durations in seconds in between Updates to the agent config md5. The default value is 420 seconds (7 minutes).

[agents] ssh_port 

The Secure Shell (SSH) port that listens for agent-OpsCenter communications. The default port is 22. Add an [agents] section, if one doesn't already exist, to the opscenterd.conf. In this section, add the ssh_port option and a value for the port number:

ssh_port = 2222

[agents] incoming_port 

The port used by OpsCenter for incoming stomp communication. The default port is 61620.

[agents] incoming_interface 

The interface used by OpsCenter for incoming stomp traffic from the agents. The default interface is 0.0.0.0.

[agents] use_ssl 

Specifies whether traffic between OpsCenter and the agents should use SSL. The default value is False.

[agents] agent_install_poll_period 

How often OpsCenter will update agent install status during an agent install

[agents] agent_install_mute_period 

The number of seconds to wait after agent install before checking agents for known problems

[agents] agent_install_timeout_period 

The number of seconds to wait for the install to complete before automatically terminating the install.

[agents] ssl_keyfile 

The location of the SSL key file used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.

[agents] ssl_certfile 

The location of the SSL certificate used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.der for package installations and install_location/ssl/opscenter.der for tarball installations.

[agents] agent_keyfile 

The location of the keyfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.

[agents] agent_keyfile_raw 

The raw key that is stored in the java key store from agent_keyfile. This key is needed by non java clients that wish to communicate with OpsCenter.

[agents] agent_certfile 

The location of the certfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.der for package installations and install_location/ssl/agentKeyStore.der for tarball installations.

[agents] ssh_executable 

The location of the ssh executable binary. The default locations is /usr/bin/ssh.

[agents] scp_executable 

The location of the scp executable binary. The default location is /usr/bin/scp.

[agents] ssh_keygen_executable 

The location of the ssh-keygen executable binary. The default location is /usr/bin/ssh-keygen.

[agents] ssh_keyscan_executable 

The location of the ssh-keyscan executable binary. The default location is /usr/bin/ssh-keyscan.

[agents] ssh_user_known_hosts_file 

The location of the OpsCenter user's known_hosts file that will be used by OpsCenter during SSH communications. The default location is ~/.ssh/known_hosts.

[agents] ssh_sys_known_hosts_file 

The location of the system wide known_hosts file that will be used by OpsCenter during SSH communications. The default location is /etc/ssh/ssh_known_hosts.

[agents] tmp_dir 

The path to a tmp directory used for temporary files used by OpsCenter. The default location is /usr/share/opscenter/tmp/ for package installations and install_location/tmp for tarball installations.

[agents] not_seen_threshold 

The maximum time in seconds since the last agent status about a specific connection, such as stomp, was sent before that agent connection is considered down. This threshold also affects how long OpsCenter waits before marking node health as unknown. Default value: 180 seconds.

[agents] call_agent_retry 

Number of times to try different up nodes on agent requests

[agents] agent_aggregation_flush 

The number of seconds between log flushes for verbose aggregated and periodically batched agent messages. Default: 600 seconds.

[agents] http_poll_period 

The frequency in seconds between attempts to poll agent http health. Default value: 60 seconds.

[stat_reporter] initial_sleep 

The delay in seconds before the cluster stats reporter starts to run. The default value is 300 (5 minutes).

[stat_reporter] interval 

The interval in seconds between usage metric reports to DataStax Support. By default, OpsCenter sends usage metrics about the cluster to DataStax Support every day.

To disable the phone-home functionality, add the following lines to your opscenterd.conf file:

interval = 0

Additional configuration metric collection properties are available in Metrics Collection Properties.

[stat_reporter] ssl_key 

The location of the SSL key file to use for SSL communication for the phone-home service. The default location is /var/lib/opscenter/ssl/stats.pem for package installations and install_location/ssl/stats.pem for tarball installations.

[hadoop] base_job_tracker_proxy_port 

The port to use for job tracker information. The interface, SSL key, and SSL cert are taken from the webserver section. The default port is 50031.

[spark] base_master_proxy_port 

Base port to use for setting up the HTTP proxy for the Spark master. Spark master UI is exposed at port 7080 and increasing ports from that + 10k (17080) are largely unused.

[cloud] accepted_certs 

The location of the SSL CA certificate file used when provisioning new clusters or using the Backup Service. The default location is /var/lib/opscenter/ssl/cacert.der

[repair_service] persist_directory 

The location in which to store a file with the current repair service status. The default location is /var/lib/opscenter/repair_service for package installations and install_location/repair_service for tarball installations.

[repair_service] persist_period 

How often, in seconds, to write the state to the persistence file for the repair service. The default value is 300 (5 minutes).

[repair_service] restart_period 

How often in seconds to restart repairs. The default value is 300 (5 minutes).

[repair_service] cluster_stabilization_period 

How often in seconds repair service checks for cluster state before resuming.

[repair_service] ks_update_period 

The maximum age, in seconds, of a cached version of the current keyspace schema. The default values is 300 (5 minutes).

[repair_service] single_task_err_threshold 

The number of times to retry a repair task before moving on to the next task. The default value is 10.

[repair_service] max_err_threshold 

The maximum number of times to fail on a repair before cancelling the repair attempt. Errors during incremental repair do not count towards this threshold. The default value is 100.

[repair_service] max_parallel_repairs 

The maximum number of repairs to run in parallel. If unspecified or set to 0, the system attempts to calculate the correct number of maximum repairs to run in parallel. The basic calculation is ceiling(Total # Nodes in cluster / Maximum total RF). The calculation prevents replica sets from overlapping during repairs.

[repair_service] max_pending_repairs 

The maximum pending repairs allowed to be running on a node at one time. The default value is 5.

[repair_service] alert_on_repair_failure 

Whether there should be alerts fired when a repair task fails. Defaults to true.

[repair_service] single_repair_timeout 

The maximum length of time for a repair to complete, in seconds. The default value is 3600 (1 hour).

[repair_service] min_repair_time 

The minimum length of time in seconds for a repair to complete. If a repair finishes sooner it will be padded with a sleep. The default value is 5.

[repair_service] min_throughput 

The minimum throughput needed to calculate parallel repairs. The default value is 512.

[repair_service] num_recent_throughputs 

The number of recent throughputs used to calculate the average throughput, which is then used to determine how many parallel repairs are needed. The default value is 20.

[repair_service] error_logging_window 

The desired amount of time in seconds between errors for exceeding max_parallel_repairs. Defaults to 86400

[repair_service] incremental_repair_tables 

The list of keyspaces and tables to include in incremental repairs. (e.g. Keyspace1.Standard1, Keyspace1.Standard2)

[repair_service] incremental_range_repair 

Determines whether incremental repairs run as subrange repairs (True) or repair the node's entire range (False). Default: False.

[repair_service] incremental_err_alert_threshold 

The threshold for the number of errors during incremental repair to ignore before alerting that incremental repair seems to be failing more than an acceptable amount.

[repair_service] snapshot_override 

Specifies whether to override the default snapshot repair behavior. The default value is False. Specifying this option as either True or False will always modify the behavior of the repair service. Snapshot repair can only be configured for Cassandra versions 2.0.11 and greater.

[ui] default_api_timeout 

The default timeout value in seconds for an API call from the OpsCenter UI to the OpsCenter API. The default value is 10.

[ui] max_metrics_requests 

The maximum concurrent metrics requests from the OpsCenter UI to opscenterd. The default value is 16.

[ui] node_detail_refresh_delay 

The time in seconds between polling calls to update node details. The default value is 5.

[ui] storagemap_ttl 

How often, in seconds, the data in the storage capacity chart is updated in the OpsCenter UI. It is set to 300 seconds (5 minutes) by default so changes to storage capacity on individual nodes may not be reflected in the UI for up to 5 minutes.

[request_tracker] queue_size 

The maximum number of requests that can be tracked. The default value is 10,000.

[clusters] add_cluster_timeout 

How long, in seconds, OpsCenter will wait when adding a cluster before reporting an error. The default value is 300 seconds. Adding a cluster includes connecting to DSE, getting topology information, and creating the OpsCenter schema. Increasing this value may be necessary when running a very large cluster with vnodes enabled.

[clusters] startup_sleep 

How long, in seconds, OpsCenter will wait between connecting to clusters on startup. The default value is 0 (no wait).

[clusters] max_schema_agreement_wait 

The maximum time in seconds to wait for schema agreement after executing a schema-altering query. Default value: 30 seconds. Increase the value if there are schema creation or schema alteration errors present in the opscenterd log.

[failover] heartbeat_period 

How often OpsCenter should heartbeat to the backup.

[failover] heartbeat_reply_period 

How often a backup OpsCenter should heartbeat to the primary Opscenter.

[failover] heartbeat_fail_window 

The amount of time required before a lack of heartbeat triggers failover

[failover] failover_configuration_directory 

The directory where failover specific configuration is stored. This directory should not be mirrored/replicated across OpsCenter installs when configuring OpsCenter to support failover. The default location is /var/lib/opscenter/failover/ for package installations and install_location/failover/ for tarball installations.

[lifecycle_manager] db_location 

The location of the database used for storing lifecycle management information.

[lifecycle_manager] cacerts_directory 

The directory to use when storing SSL-related files that are automatically generated during provisioning tasks.

[lifecycle_manager] cacerts_truststore_location 

The location of the truststore containing the root CA cert for signing certificates.

[lifecycle_manager] cacerts_truststore_password 

The password to open the cacerts truststore

[lifecycle_manager] crypto_key_file 

The key to use to encrypt sensitive data in the database for storing lifecycle management information. The encryption key is automatically generated if it does not already exist.

[lifecycle_manager] job_manager_polling_interval 

Polling frequency in seconds when performing lifecycle management tasks. Default: 5 seconds.

[lifecycle_manager] node_install_idle_timeout 

Duration of inactivity in seconds before marking an install job as idle. Default: 900 seconds.

[lifecycle_manager] node_restart_idle_timeout 

Duration of inactivity in seconds before marking a node restart job as idle. Default: 120 seconds.

[lifecycle_manager] node_configure_idle_timeout 

Duration of inactivity in seconds before marking a node configuration job as idle. Default 120 seconds.

[lifecycle_manager] node_cluster_import_idle_timeout 

Duration of inactivity in seconds before marking a cluster import job as idle. Default: 120 seconds.

[lifecycle_manager] node_install_agent_idle_timeout 

Duration of inactivity in seconds before marking an agent install job as idle. Default: 120 seconds.

[lifecycle_manager] cassandra_connection_timeout 

Duration in seconds to allow for connecting to Datastax Enterprise when provisioning a DataStax Enterprise cluster. Default: 20 seconds.

[lifecycle_manager] ssh_connect_timeout_in_seconds 

The number of seconds to wait for the SSH server on a target node to respond to a connection attempt during an LCM job. The default value is 30 seconds.

[lifecycle_manager] ssh_max_attempts 

The maximum number of times to attempt an SSH connection to a given target during an LCM job. The default value is 3.

[lifecycle_manager] ssh_retry_delay_in_seconds 

The number of seconds to wait between SSH connection retries during an LCM job. The default value is 10 seconds.

[agents] path_to_installscript 

The location of the script used to install agents. The default location is /usr/share/opscenter/agent/bin/install_agent.sh for package installations and install_location/agent/bin/install_agent.sh for tarball installations.

[agents] path_to_sudowrap 

The location of the sudo_with_pass.py wrapper for old Red Hat installations. The default location is /usr/share/opscenter/bin/sudo_with_pass.py for package installations and install_location/bin/sudo_with_pass.py for tarball installations.

[agents] path_to_deb 

The path to the agent Debian package. The default location is /usr/share/opscenter/agent/datastax-agent.deb for package installations and install_location/agent/datastax-agent.deb for tarball installations.

[agents] path_to_rpm 

The path to the agent RPM package. The default location is /usr/share/opscenter/agent/datastax-agent.rpm for package installations and install_location/agent/datastax-agent.rpm for tarball installations.

[agents] reported_interface 

The interface used when automatically setting up target nodes to communicate with opscenterd. This value is used when installing the DataStax Agent automatically through OpsCenter and is written as the stomp_interface property in address.yaml. It is also used by the remote script deployed by the Lifecycle Manager (LCM) to communicate status back to the central opscenterd process. If not explicitly set, this value is determined by an algorithm that works automatically in most cases. The reported_interface property should be set if that algorithm fails to determine the proper IP agents should use to connect (that is, if stomp_interface is configured incorrectly in address.yaml, or the remote LCM script fails to report back).

[agents] runs_sudo 

Sets whether the DataStax Agent will be run using sudo or not. The default value is True. Setting this option to False means the agent will not use sudo, and the agent user will not run using elevated privileges. Setting this option to True means the agent will run using sudo, and elevated privileges.