OpsCenter configuration properties

Configure OpsCenter properties in the opscenterd.conf file and restart OpsCenter.

address.yaml 

The location of the address.yaml file depends on the type of installation:

  • Package installations: /var/lib/datastax-agent/conf/address.yaml
  • Tarball installations: install_location/conf/address.yaml

opscenterd.conf 

The location of the opscenterd.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

cluster_name.conf 

The location of the cluster_name.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/clusters/cluster_name.conf
  • Tarball installations: install_location/conf/clusters/cluster_name.conf

These properties are configured in the opscenterd.conf file.

Note: After changing properties in this file, restart OpsCenter for the changes to take effect.
[webserver] port 
The HTTP port used for client connections to the OpsCenter web server. The default port is 8888.
Optional HTTPS support. To enable, remove the comment markers (#) in front of properties prefixed with ssl in the opscenterd.conf file, as described in Configuring HTTPS.
[webserver] interface 
The interface that the web server uses to listen for client connections. The interface must be an externally accessible IP address or host name. The default interface is 127.0.0.1.
[webserver] staticdir 
The location in the file system where static content for the OpsCenter web site resides. The default location is /usr/share/opscenter/content for package installations and install_location/content for tarball installations.
[webserver] ssl_keyfile 
The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.
[webserver] ssl_certfile 
The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.
[webserver] ssl_port 
The port on which to serve SSL traffic. The default port is 8443.
[webserver] hsts_enabled 
Determines whether to use HTTP Strict Transport Security. Enabling this option causes OpsCenter to return an HSTS header in HTML responses that go over HTTPS. The HTHS header makes HTTPS->HTTP downgrade attacks more difficult by instructing supported browsers to refuse connecting to OpsCenter over unencrypted HTTP. Enabling this option also requires enabling TLS with ssl_certfile and ssl_keyfile. See also hsts_max_age. Default: False.
[webserver] hsts_max_age 
The length of time in seconds that supported browsers should consider an HSTS header fresh and refuse to connect to OpsCenter with unencrypted HTTP. See also: hsts_enabled. Default: 31536000 seconds (1 year).
[webserver] sub_process_timeout 
The time in seconds OpsCenter waits for subprocesses to complete before a timeout. The default value is 600 seconds. OpsCenter spawns subprocesses for some tasks, such as scp, these tasks have a configurable timeout.
[http_proxy_settings] proxy_url 
The URL of a proxy server that OpsCenter will use for external http/https connections. Currently only applies to the posturl plugin. Example: http://127.0.0.1:8080
[http_proxy_settings] proxy_username 
Proxy username for basic proxy HTTP authorization. Currently only applies to the posturl plugin.
[http_proxy_settings] proxy_password 
Proxy password for basic proxy HTTP authorization. Currently only applies to the posturl plugin.
[security] config_encryption_active 
Specifies whether opscenter should attempt to decrypt sensitive config values
[security] config_encryption_key_name 
Name of the system key used to encrypt / decrypt passwords stored.
[security] config_encryption_key_path 
Path to the encryption key. If left blank the directory of opscenterd.conf will be used
[logging] resource_usage_interval 
The interval, in seconds, in which OpsCenter logs the system resource usage. The default value is 60.
[definitions] use_ssl 
Specifies whether SSL should be used to get definition file updates. This option requires OpenSSL on the OpsCenter host. The default value is True.
[definitions] definitions_dir 
The file system location where definition files are stored. The default location is /etc/opscenter/definitions for package installations and install_location/conf/definitions for tarball installations.
[definitions] auto_update 
Specifies whether OpsCenter should automatically attempt to periodically update the definition files. The default value is True.
[definitions] download_host 
The host that definition file update requests will be made to. The default host is opscenter.datastax.com.
[definitions] download_port 
The port used to request definition file updates on download_host. The default port is 443.
[definitions] download_filename 
The name of the tar file on the download_host that contains definition file updates. The default name is definitions_files.tgz.
[definitions] hash_filename 
The name of the hash file on the download_host used to determine if the definition file requires an update. The default file is version.md5.
[definitions] sleep 
The duration in seconds between checks to update the definition files. The default time is 3600 seconds (1 hour).
[authentication] passwd_db 
Full path to the file for configuring password authentication for OpsCenter. If this file does not exist, OpsCenter does not verify passwords. The default location is /etc/opscenter/passwd.db for package installations and install_location/passwd.db for tarball installations.
[authentication] enabled 
Configures whether user authentication is enabled or not. The default setting is False.
[authentication] timeout 
This sets the session timeout, in seconds. Defaults to no timeout. If a timeout is desired, the minimum value it can be set to is 60 seconds.
[authentication] authentication_method 
Configured Authentication method, options include DatastaxEnterpriseAuth and LDAP, for Active Directory we support
AD over LDAP, so please specify LDAP
[authentication] password_hash_type 
The 1-way password hash algorithm to use when storing user passwords. Options include: bcrypt+blake2b-512 (default), pbkdf2+blake2b-512, pbkdf2+sha512, pbkdf2+sha3-256, bcrypt+sha512.
[authentication] sqlite_connection_timeout 
The number of seconds that opscenterd waits to receive a successful SQLite connection before a timeout. Default: 5
[authentication] sqlite_max_active_connections 
The maximum number of simultaneous active connections to the SQLite database. Default: 200
[ldap] server_host 
The LDAP server host
[ldap] server_port 
The LDAP server port
[ldap] uri_scheme 
URI Scheme, defaults to ldap for ldap_security = None, defaults to ldaps for ldap_security = SSL or TLS
[ldap] search_dn 
DN of the user that be used to search for users on the LDAP server. This user should
only have the necessary permissions to do the search
If not present then an anonymous bind will be used for the search
example cn=admin,dc=qaldap,dc=datastax,dc=lan
[ldap] search_password 
Password of the search user
[ldap] user_search_base 
The ldap search base used to find a user, example: ou=users,dc=qaldap,dc=datastax,dc=lan
[ldap] user_search_filter 
The ldap search filter used to uniquely identify a user, example: (uid={0})
[ldap] group_search_base 
The ldap search base used to find a group, example: ou=groups,dc=qaldap,dc=datastax,dc=lan
[ldap] group_search_filter 
Deprecated. The ldap search filter used to find a user's group, example: (member=cn={0},ou=users,dc=nodomain)
[ldap] group_search_filter_with_dn 
The ldap search filter used to find a user's group. Uses the full user's DN from a user search. Overrides group_search_filter. Example: (member={0})
[ldap] group_name_attribute 
The ldap field name used to identify a group's name, example: cn
[ldap] admin_group_name 
The name of the admin group or a comma separated list of admin group names, example: admin, superusers
If your group name contains restricted LDAP characters such as "," you must escape them
for example two admin groups "foo , bar" and "baz" should be entered as: foo \, bar, baz
[ldap] ldap_security 
The type of security to use with LDAP: None, TLS, SSL, SSL_TLS when set to TLS or SSL_TLS uses TLS start
[ldap] truststore 
Path to the truststore
[ldap] truststore_type 
Type for the truststore
[ldap] truststore_pass 
password for the truststore
[ldap] user_memberof_attribute 
Set to the attribute on the user entry containing group membership information.
[ldap] user_memberof_stores_dn 
Set to True if the memberof attribute's value is distinguished names of groups. Default: False
[ldap] group_search_type 
The group_search_type defines how group membership will be determined for a user. It
can be one of:
directory_search - will do a subtree search of group_search_base using
group_search_filter to filter the results
memberof_search - will get groups from the memberof attribute of the user. This
requires the directory server to have memberof support
[ldap] connection_timeout 
The number of seconds to wait before concluding the ldap server is down, defaults to 30 seconds.
[agents] config_sleep 
The durations in seconds in between Updates to the agent config md5. The default value is 420 seconds (7 minutes).
[agents] ssh_port 
The Secure Shell (SSH) port that listens for agent-OpsCenter communications. The default port is 22. Add an [agents] section, if one doesn't already exist, to the opscenterd.conf. In this section, add the ssh_port option and a value for the port number:
ssh_port = 2222
[agents] incoming_port 
The port used by OpsCenter for incoming stomp communication. The default port is 61620.
[agents] incoming_interface 
The interface used by OpsCenter for incoming stomp traffic from the agents. The default interface is 0.0.0.0.
[agents] use_ssl 
Specifies whether traffic between OpsCenter and the agents should use SSL. The default value is False.
[agents] agent_install_poll_period 
How often OpsCenter will update agent install status during an agent install
[agents] agent_install_mute_period 
The number of seconds to wait after agent install before checking agents for known problems
[agents] agent_install_timeout_period 
The number of seconds to wait for the install to complete before automatically terminating the install.
[agents] ssl_keyfile 
The location of the SSL key file used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.
[agents] ssl_certfile 
The location of the SSL certificate used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.der for package installations and install_location/ssl/opscenter.der for tarball installations.
[agents] agent_keyfile 
The location of the keyfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.
[agents] agent_keyfile_raw 
The raw key that is stored in the java key store from agent_keyfile. This key is needed by non java clients that wish to communicate with OpsCenter.
[agents] agent_certfile 
The location of the certfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.der for package installations and install_location/ssl/agentKeyStore.der for tarball installations.
[agents] ssh_executable 
The location of the ssh executable binary. The default locations is /usr/bin/ssh.
[agents] scp_executable 
The location of the scp executable binary. The default location is /usr/bin/scp.
[agents] ssh_keygen_executable 
The location of the ssh-keygen executable binary. The default location is /usr/bin/ssh-keygen.
[agents] ssh_keyscan_executable 
The location of the ssh-keyscan executable binary. The default location is /usr/bin/ssh-keyscan.
[agents] ssh_user_known_hosts_file 
The location of the OpsCenter user's known_hosts file that will be used by OpsCenter during SSH communications. The default location is ~/.ssh/known_hosts.
[agents] ssh_sys_known_hosts_file 
The location of the system wide known_hosts file that will be used by OpsCenter during SSH communications. The default location is /etc/ssh/ssh_known_hosts.
[agents] tmp_dir 
The path to a tmp directory used for temporary files used by OpsCenter. The default location is /usr/share/opscenter/tmp/ for package installations and install_location/tmp for tarball installations.
[agents] not_seen_threshold 
The maximum time in seconds since the last agent status about a specific connection, such as stomp, was sent before that agent connection is considered down. This threshold also affects how long OpsCenter waits before marking node health as unknown. Default value: 180 seconds.
[agents] call_agent_retry 
Number of times to try different up nodes on agent requests
[agents] agent_aggregation_flush 
The number of seconds between log flushes for verbose aggregated and periodically batched agent messages. Default: 600 seconds.
[agents] http_poll_period 
The frequency in seconds between attempts to poll agent http health. Default value: 60 seconds.
[stat_reporter] initial_sleep 
The delay in seconds before the cluster stats reporter starts to run. The default value is 300 (5 minutes).
[stat_reporter] interval 
The interval in seconds between usage metric reports to DataStax Support. By default, OpsCenter sends usage metrics about the cluster to DataStax Support every day.

To disable the phone-home functionality, add the following lines to your opscenterd.conf file:

interval = 0
Additional configuration metric collection properties are available in Metrics Collection Properties.
[stat_reporter] ssl_key 
The location of the SSL key file to use for SSL communication for the phone-home service. The default location is /var/lib/opscenter/ssl/stats.pem for package installations and install_location/ssl/stats.pem for tarball installations.
[hadoop] base_job_tracker_proxy_port 
The port to use for job tracker information. The interface, SSL key, and SSL cert are taken from the webserver section. The default port is 50031.
[spark] base_master_proxy_port 
Base port to use for setting up the HTTP proxy for the Spark master. Spark master UI is exposed at port 7080 and increasing ports from that + 10k (17080) are largely unused.
[cloud] accepted_certs 
The location of the SSL CA certificate file used when provisioning new clusters or using the Backup Service. The default location is /var/lib/opscenter/ssl/cacert.der
[repair_service] persist_directory 
The location in which to store a file with the current repair service status. The default location is /var/lib/opscenter/repair_service for package installations and install_location/repair_service for tarball installations.
[repair_service] persist_period 
How often, in seconds, to write the state to the persistence file for the repair service. The default value is 300 (5 minutes).
[repair_service] restart_period 
How often in seconds to restart repairs. The default value is 300 (5 minutes).
[repair_service] cluster_stabilization_period 
How often in seconds repair service checks for cluster state before resuming.
[repair_service] ks_update_period 
The maximum age, in seconds, of a cached version of the current keyspace schema. The default values is 300 (5 minutes).
[repair_service] single_task_err_threshold 
The number of times to retry a repair task before moving on to the next task. The default value is 10.
[repair_service] max_err_threshold 
The maximum number of times to fail on a repair before cancelling the repair attempt. Errors during incremental repair do not count towards this threshold. The default value is 100.
[repair_service] max_parallel_repairs 
The maximum number of repairs to run in parallel. If unspecified or set to 0, the system attempts to calculate the correct number of maximum repairs to run in parallel. The basic calculation is ceiling(Total # Nodes in cluster / Maximum total RF). The calculation prevents replica sets from overlapping during repairs.
[repair_service] max_pending_repairs 
The maximum pending repairs allowed to be running on a node at one time. The default value is 5.
[repair_service] alert_on_repair_failure 
Whether there should be alerts fired when a repair task fails. Defaults to true.
[repair_service] single_repair_timeout 
The maximum length of time for a repair to complete, in seconds. The default value is 3600 (1 hour).
[repair_service] min_repair_time 
The minimum length of time in seconds for a repair to complete. If a repair finishes sooner it will be padded with a sleep. The default value is 5.
[repair_service] min_throughput 
The minimum throughput needed to calculate parallel repairs. The default value is 512.
[repair_service] num_recent_throughputs 
The number of recent throughputs used to calculate the average throughput, which is then used to determine how many parallel repairs are needed. The default value is 20.
[repair_service] error_logging_window 
The desired amount of time in seconds between errors for exceeding max_parallel_repairs. Defaults to 86400
[repair_service] incremental_repair_tables 
The list of keyspaces and tables to include in incremental repairs. (e.g. Keyspace1.Standard1, Keyspace1.Standard2)
[repair_service] incremental_range_repair 
Determines whether incremental repairs run as subrange repairs (True) or repair the node's entire range (False). Default: False.
[repair_service] incremental_err_alert_threshold 
The threshold for the number of errors during incremental repair to ignore before alerting that incremental repair seems to be failing more than an acceptable amount.
[repair_service] snapshot_override 
Specifies whether to override the default snapshot repair behavior. The default value is False. Specifying this option as either True or False will always modify the behavior of the repair service. Snapshot repair can only be configured for Cassandra versions 2.0.11 and greater.
[ui] default_api_timeout 
The default timeout value in seconds for an API call from the OpsCenter UI to the OpsCenter API. The default value is 10.
[ui] max_metrics_requests 
The maximum concurrent metrics requests from the OpsCenter UI to opscenterd. The default value is 16.
[ui] node_detail_refresh_delay 
The time in seconds between polling calls to update node details. The default value is 5.
[ui] storagemap_ttl 
How often, in seconds, the data in the storage capacity chart is updated in the OpsCenter UI. It is set to 300 seconds (5 minutes) by default so changes to storage capacity on individual nodes may not be reflected in the UI for up to 5 minutes.
[request_tracker] queue_size 
The maximum number of requests that can be tracked. The default value is 10,000.
[clusters] add_cluster_timeout 
How long, in seconds, OpsCenter will wait when adding a cluster before reporting an error. The default value is 300 seconds. Adding a cluster includes connecting to DSE, getting topology information, and creating the OpsCenter schema. Increasing this value may be necessary when running a very large cluster with vnodes enabled.
[clusters] startup_sleep 
How long, in seconds, OpsCenter will wait between connecting to clusters on startup. The default value is 0 (no wait).
[clusters] max_schema_agreement_wait 
The maximum time in seconds to wait for schema agreement after executing a schema-altering query. Default value: 30 seconds. Increase the value if there are schema creation or schema alteration errors present in the opscenterd log.
[failover] heartbeat_period 
How often OpsCenter should heartbeat to the backup.
[failover] heartbeat_reply_period 
How often a backup OpsCenter should heartbeat to the primary Opscenter.
[failover] heartbeat_fail_window 
The amount of time required before a lack of heartbeat triggers failover
[failover] failover_configuration_directory 
The directory where failover specific configuration is stored. This directory should not be mirrored/replicated across OpsCenter installs when configuring OpsCenter to support failover. The default location is /var/lib/opscenter/failover/ for package installations and install_location/failover/ for tarball installations.
[lifecycle_manager] db_location 
The location of the database used for storing lifecycle management information.
[lifecycle_manager] cacerts_directory 
The directory to use when storing SSL-related files that are automatically generated during provisioning tasks.
[lifecycle_manager] cacerts_truststore_location 
The location of the truststore containing the root CA cert for signing certificates.
[lifecycle_manager] cacerts_truststore_password 
The password to open the cacerts truststore
[lifecycle_manager] crypto_key_file 
The key to use to encrypt sensitive data in the database for storing lifecycle management information. The encryption key is automatically generated if it does not already exist.
[lifecycle_manager] job_manager_polling_interval 
Polling frequency in seconds when performing lifecycle management tasks. Default: 5 seconds.
[lifecycle_manager] node_install_idle_timeout 
Duration of inactivity in seconds before marking an install job as idle. Default: 900 seconds.
[lifecycle_manager] node_restart_idle_timeout 
Duration of inactivity in seconds before marking a node restart job as idle. Default: 120 seconds.
[lifecycle_manager] node_configure_idle_timeout 
Duration of inactivity in seconds before marking a node configuration job as idle. Default 120 seconds.
[lifecycle_manager] node_cluster_import_idle_timeout 
Duration of inactivity in seconds before marking a cluster import job as idle. Default: 120 seconds.
[lifecycle_manager] node_install_agent_idle_timeout 
Duration of inactivity in seconds before marking an agent install job as idle. Default: 120 seconds.
[lifecycle_manager] cassandra_connection_timeout 
Duration in seconds to allow for connecting to Datastax Enterprise when provisioning a DataStax Enterprise cluster. Default: 20 seconds.
[lifecycle_manager] ssh_connect_timeout_in_seconds 
The number of seconds to wait for the SSH server on a target node to respond to a connection attempt during an LCM job. The default value is 30 seconds.
[lifecycle_manager] ssh_max_attempts 
The maximum number of times to attempt an SSH connection to a given target during an LCM job. The default value is 3.
[lifecycle_manager] ssh_retry_delay_in_seconds 
The number of seconds to wait between SSH connection retries during an LCM job. The default value is 10 seconds.
[agents] path_to_installscript 
The location of the script used to install agents. The default location is /usr/share/opscenter/agent/bin/install_agent.sh for package installations and install_location/agent/bin/install_agent.sh for tarball installations.
[agents] path_to_sudowrap 
The location of the sudo_with_pass.py wrapper for old Red Hat installations. The default location is /usr/share/opscenter/bin/sudo_with_pass.py for package installations and install_location/bin/sudo_with_pass.py for tarball installations.
[agents] path_to_deb 
The path to the agent Debian package. The default location is /usr/share/opscenter/agent/datastax-agent.deb for package installations and install_location/agent/datastax-agent.deb for tarball installations.
[agents] path_to_rpm 
The path to the agent RPM package. The default location is /usr/share/opscenter/agent/datastax-agent.rpm for package installations and install_location/agent/datastax-agent.rpm for tarball installations.
[agents] reported_interface 
The interface used when automatically setting up target nodes to communicate with opscenterd. This value is used when installing the DataStax Agent automatically through OpsCenter and is written as the stomp_interface property in address.yaml. It is also used by the remote script deployed by the Lifecycle Manager (LCM) to communicate status back to the central opscenterd process. If not explicitly set, this value is determined by an algorithm that works automatically in most cases. The reported_interface property should be set if that algorithm fails to determine the proper IP agents should use to connect (that is, if stomp_interface is configured incorrectly in address.yaml, or the remote LCM script fails to report back).
[agents] runs_sudo 
Sets whether the DataStax Agent will be run using sudo or not. The default value is True. Setting this option to False means the agent will not use sudo, and the agent user will not run using elevated privileges. Setting this option to True means the agent will run using sudo, and elevated privileges.