Enabling SSL/TLS for OpsCenter and Agent communication - Tarball Installations

To enable SSL for tarball installations, edit the configuration file and run a script to generate the keys used by OpsCenter and the agents.

opscenterd.conf 

The location of the opscenterd.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

address.yaml 

The location of the address.yaml file depends on the type of installation:

  • Package installations: /var/lib/datastax-agent/conf/address.yaml
  • Tarball installations: install_location/conf/address.yaml

Procedure

  1. Optional:
    Warning: If the SSL files already exist in the install_location/ssl directory, they are not automatically recreated. Before running setup.py, remove the old SSL files from that directory.
    Run the OpsCenter setup.py script: 
    $ sudo install_location/bin/jython install_location/bin/setup.py
    The script generates the SSL keys and certificates used by the OpsCenter daemon and the agents to communicate with one another in the following directory: install_location/ssl
  2. Required: Open opscenterd.conf in an editor and add an [agents] section with the use_ssl option set to enable SSL. 
    $ sudo vi install_location/conf/opscenterd.conf
    
[agents]
use_ssl = true
    You can also configure the locations of the agent keystore or truststore and the associated keystore password generated in 1.
    $ sudo vi install_location/conf/opscenterd.conf
    
[agents]
use_ssl = true
opscenter_ssl_keystore = /etc/opscenter/ssl/agentKeyStore
opscenter_ssl_keystore_password = new_password
opscenter_ssl_truststore = /etc/opscenter/ssl/agentKeyStore
    See configuring the agent for ssl for more details on the use_ssl option.
  3. Restart the OpsCenter daemon.
  4. If you need to connect to a cluster in which agents have already been deployed, log in to each of the nodes and reconfigure the address.yaml file. Reconfigure the agents on all nodes.
    Tip: If you do not want to manually edit all of the node configuration files, follow the installing DataStax agents automatically procedure.
    1. On each node in the cluster, copy install_location/ssl/agentKeyStore from the OpsCenter machine to /var/lib/datastax-agent/ssl/agentKeyStore for agent_install_location/ssl/agentKeyStore for package installs, or agent_install_location/ssl/agentKeyStore for tarball installs. 
      $ scp /opt/opscenter/ssl/agentKeyStore user@node:/var/lib/datastax-agent/ssl/
      Where node is either the host name of the node or its IP address and user is the user ID on the node.
    2. Log into each node in the cluster using ssh. 
      $ ssh user@node
      Where node is either the host name of the node or its IP address and user is the user ID on the node.
    3. Edit the address.yaml file, changing the value of use_ssl to 1. 
      $ sudo vi install_location/conf/address.yaml
      use_ssl: 1
    4. Restart the agent. 
      $ sudo install_location/bin/datastax-agent
  5. After opscenterd and all agents have been configured and restarted, verify proper agent connection through the Agent Status tab.