To enable SSL for tarball installations, edit the configuration file and run a script
to generate the keys used by OpsCenter and the agents.
opscenterd.conf
The location of the opscenterd.conf file
depends on the type of installation:
- Package installations: /etc/opscenter/opscenterd.conf
- Tarball installations:
install_location/conf/opscenterd.conf
address.yaml
The location of the address.yaml
file depends on the type of installation:
- Package installations:
/var/lib/datastax-agent/conf/address.yaml
- Tarball installations:
install_location/conf/address.yaml
Procedure
- Optional:
Warning: If the SSL files already exist in the
install_location/ssl directory,
they are not automatically recreated. Before running setup.py
,
remove the old SSL files from that directory.
Run the OpsCenter setup.py script:
$ sudo install_location/bin/jython install_location/bin/setup.py
The script generates the SSL keys and certificates used by the OpsCenter
daemon and the agents to communicate with one another in the following
directory:
install_location/ssl
- Required:
Open in an editor and add an
[agents]
section with the use_ssl
option
set to enable SSL.
$ sudo vi install_location/conf/opscenterd.conf
[agents]
use_ssl = true
You
can also configure the locations of the agent keystore or truststore and the
associated keystore password generated in
1.
$ sudo vi install_location/conf/opscenterd.conf
[agents]
use_ssl = true
opscenter_ssl_keystore = /etc/opscenter/ssl/agentKeyStore
opscenter_ssl_keystore_password = new_password
opscenter_ssl_truststore = /etc/opscenter/ssl/agentKeyStore
See
configuring the agent
for ssl for more details on the
use_ssl
option.
-
Restart the OpsCenter daemon.
-
If you need to connect to a cluster in which agents have already been deployed,
log in to each of the nodes and reconfigure the
file. Reconfigure the agents on
all nodes.
-
On each node in the cluster, copy
install_location/ssl/agentKeyStore
from the OpsCenter machine to
/var/lib/datastax-agent/ssl/agentKeyStore for
agent_install_location/ssl/agentKeyStore
for package installs, or
agent_install_location/ssl/agentKeyStore
for tarball installs.
$ scp /opt/opscenter/ssl/agentKeyStore user@node:/var/lib/datastax-agent/ssl/
Where
node is either the host name of the node or its
IP address and
user is the user ID on the
node.
-
Log into each node in the cluster using ssh.
$ ssh user@node
Where
node is either the host name of the node or its
IP address and
user is the user ID on the
node.
-
Edit the address.yaml file, changing the value of
use_ssl to
1
.
$ sudo vi install_location/conf/address.yaml
use_ssl: 1
-
Restart the agent.
$ sudo install_location/bin/datastax-agent
-
After opscenterd and all agents have been configured and
restarted, verify proper agent connection through the Agent Status
tab.