New features in DSE OpsCenter 6.0
Changes in configuration files, metrics, and APIs impacting upgrades to OpsCenter 6.0.
New features
The following new and improved features are highlighted for the current DataStax Enterprise (DSE) OpsCenter version 6.0 release.
Lifecycle Manager |
Deploy and centrally manage configurations for DataStax Enterprise clusters version 4.7 and later using Lifecycle Manager:
|
DataStax Enterprise 5.0 |
Support for provisioning and monitoring DataStax Enterprise 5.0 clusters:
|
DataStax agents overhaul |
Simplified and streamlined the installing, upgrading, and troubleshooting of DataStax agents into a superlative workflow:
|
Alerts enhancements | Significant enhancements for alerts include:
|
Backup Service: Local FS backup locations | Add backup locations on local filesystems. See adding a backup location for more information on the available backup location options. |
Flexible support for logback | Configure logback.xml in OpsCenter to suit your logging requirements. Configure security logging to record user activity in OpsCenter. |
Graphite report server support | Send metrics collected by OpsCenter to your configured Graphite monitoring solution. Graphite server support is an OpsCenter monitoring labs feature in development available for use now. |
Updates from previous OpsCenter versions
The following changes are updates from the OpsCenter 6.0 major releases.
Oracle Java SE Runtime Environment 8 (JRE or JDK) or OpenJDK 8. Earlier or later versions are not supported. See installing the Oracle JDK or OpenJDK.
[cassandra]
section of
cluster_name.conf:ssl_ca_certs
has been replaced byssl_keystore
andssl_keystore_password
.ssl_client_pem
andssl_client_key
have been replaced byssl_truststore
andssl_truststore_password
.- The
ssl_validate
option has been removed.
See troubleshooting SSL connections.
SSL certificate chains do not work properly in OpsCenter versions 6.0.0, 6.0.1, and 6.0.2. OpsCenter does not start up if HTTPs is enabled and the SSL certificates use intermediate certificates (CA chains). For details about the opscenterd.log errors as a result of this issue, refer to the KB article available from DataStax Support.
Upgrading to 6.0.3 is necessary to alleviate the issue. A patch is also available from DataStax Support.
ssl_cacert
ssl_cert
ssl_key
tls_reqcert
tls_demand
debug_ssl
opt_referrals
truststore
truststore_type
truststore_pass
The optional LDAP configuration option user_memberof_stores_dn
has been
added for OpsCenter version 6.0.9 and later. If your organization had difficulty getting
LDAP to work with memberof_search
rather than a
directory_search
, try configuring with the
user_memberof_stores_dn
. For more information, see configuring LDAP.
User password hash for OpsCenter authentication
The default user password hash (sha256
) for OpsCenter versions earlier
than 6.0 has been deprecated. The default as of OpsCenter 6.0 is
bcrypt+blake2b-512
. If you want to use an option other than the default,
see changing the hash algorithm. Upgrading to OpsCenter 6.0
automatically migrates the user password hash to the new default. When users log in to
OpsCenter for the first time after upgrading, their passwords are converted to the new
hash.
When installed with Debian packages, opscenterd now properly runs as the opscenter user
instead of root. Because this can cause ownership issues with
passwd.db, the 6.0.0 package install attempts to automatically
chown
it. Those using Debian packages and a custom path for
passwd.db need to check and possibly change the ownership of that
file to ensure it has read and write permissions by the opscenter user. This is caused by
the aforementioned bug fix that allows opscenterd to run as the opscenter user as
expected.
[logging] level
[logging] log_path
[logging] log_length
[logging] max_rotate
[authentication] audit_auth
[authentication] audit_pattern
[repair_service] log_directory
[repair_service] log_length
[repair_service] max_rotate
[webserver] log_path
In addition to the configuration file options, the OPSCENTERD_LOG_STDOUT
environment variable has also been removed. Enabling console logging is also configured in
logback.xml. For more information, see configuring logback.xml in OpsCenter.
Kerberos JCE prerequisite: If using Kerberos with 256-bit encryption, ensure the JCE is installed on the opscenterd machine. For information on installing the JCE, see AES-256 support.
Kerberos configuration options: New configuration options were added to opscenterd.conf to support Kerberos connections in OpsCenter using the DataStax Java Driver for Apache Cassandra™:
opscenterd_keytab_location
: Full path to the keytab containing keys for theopscenterd_client_principal
on the OpsCenter machine.debug
: Whether to output debug messages during Kerberos connection attempts from OpsCenter.
kerberos_client_principal
: The Kerberos client principal to use when using Kerberos authentication within DSE. Example: cassandra@hostname.kerberos_keytab_location
: The Kerberos keytab location when using Kerberos authentication within DSE. Example: /path/to/keytab.keytab.
Diagnostic tarball configurable timeout
The diagnostic_tarball_download_timeout
configuration option has been
added to allow configuring a timeout when generating a diagnostics tarball. Increasing the
default value might be necessary on slower machines or for multi-instance clusters.
The tarball_process_timeout
option has been removed. The option was
actually an agent installation option that is no longer used due to improvements in the
agent installation workflow.
POST /{cluster_id}/nodeconf/{node_ip}/
GET /{cluster_id}/dseconf/{node_ip}/nodetype
POST /{cluster_id}/clusterconf/{dc}/
POST /{cluster_id}/dseconf/{node_ip}/nodetype
Warnings on deprecated DataStax Enterprise metrics
After upgrading a DataStax Enterprise cluster, OpsCenter detects any obsolete metrics in use within dashboard graph presets or alert rules. When first starting OpsCenter after an upgrade, warning icons indicate which graphs have unknown metrics. See Working with metrics performance graphs for information about deleting unknown metrics.
Metrics inserted asynchronously
async_queue_size
async_pool_size
If all Best Practice rules are disabled, the Best Practice Service is considered disabled by OpsCenter. Any new Best Practice rules are not enabled by default.