New features in DSE OpsCenter 6.0

Changes in configuration files, metrics, and APIs impacting upgrades to OpsCenter 6.0.

New features

The following new and improved features are highlighted for the current DataStax Enterprise (DSE) OpsCenter version 6.0 release.

New and improved OpsCenter features
Lifecycle Manager	Deploy and centrally manage configurations for DataStax Enterprise clusters version 4.7 and later using Lifecycle Manager: Efficiently prevent configuration drift by defining configuration profiles that apply to the cluster, datacenter, or node level. Enforce configurations that adhere to the desired baseline configurations for datacenter workloads. Manage SSH credentials for machine access when provisioning and managing clusters. Mix and match credential assignments between different clusters and datacenters. Create repositories to access the DataStax Repository or your own mirror for downloading DataStax Enterprise packages. Credential information is encrypted and securely stored. After running an install, configure, or import cluster job; view the Jobs Summary and drill into details for deep transparency on the status and history of all jobs. Monitor job status with unprecedented access and deep transparency into each recorded and timestamped step of the deploy process. Drill into job details to troubleshoot provisioning and configuring jobs from the convenience of the Jobs workspace without the immediate need to scour various logs for information. Agent install jobs are also visible in the Jobs workspace. Troubleshoot and terminate any jobs that take an excessive time to execute.
DataStax Enterprise 5.0	Support for provisioning and monitoring DataStax Enterprise 5.0 clusters: Support for provisioning and monitoring DSE Graph. See Configuring Lifecycle Manager for DSE Graph. Performance metrics for monitoring DSE Tiered Storage. Configure the strategy and tiers within a Lifecycle Manager config profile. OpsCenter support for monitoring DSE Multi-Instance nodes. See Configuring DataStax Agents for Multi-Instance Nodes to take advantage of monitoring multi-instance nodes.
DataStax agents overhaul	Simplified and streamlined the installing, upgrading, and troubleshooting of DataStax agents into a superlative workflow: DataStax agent installs: Revamped agent architecture and vastly improved the automatic agent install experience. Agent Status: More comprehensive details about agent status display in the Agents tab within the Nodes section of the OpsCenter monitoring UI. Troubleshoot agent issues. Launch the set up and upgrade agent process from within the Agents view. Add an Agent Issues alert and configure alert notification for additional awareness of agent issues.
Alerts enhancements	Significant enhancements for alerts include: SNMP: SNMP (Simple Network Management Protocol) trap alerts support for monitoring events. Configurable content type and fields for POST URL alerts. Both JSON and form URL-encoded content types are supported. Miscellaneous convenient alert plugin enhancements: Cluster-level granularity available for all alert plugins. Configure alert notifications by one or more or all clusters. Indicate specific clusters for SNMP, email, and POST URL alerts. By default, alerts are fired for events on all clusters. More flexible email alert templates, including full support for multiple email addresses per configuration.
Backup Service: Local FS backup locations	Add backup locations on local filesystems. See adding a backup location for more information on the available backup location options.
Flexible support for logback	Configure logback.xml in OpsCenter to suit your logging requirements. Configure security logging to record user activity in OpsCenter.
Graphite report server support	Send metrics collected by OpsCenter to your configured Graphite monitoring solution. Graphite server support is an OpsCenter monitoring labs feature in development available for use now.

Updates from previous OpsCenter versions

The following changes are updates from the OpsCenter 6.0 major releases.

Java version

Oracle Java SE Runtime Environment 8 (JRE or JDK) or OpenJDK 8. Earlier or later versions are not supported. See installing the Oracle JDK or OpenJDK.

SSL configuration changes

In the [cassandra] section of cluster_name.conf:

ssl_ca_certs has been replaced by ssl_keystore and ssl_keystore_password.
ssl_client_pem and ssl_client_key have been replaced by ssl_truststore and ssl_truststore_password.
The ssl_validate option has been removed.

See troubleshooting SSL connections.

SSL certificate chains issue

SSL certificate chains do not work properly in OpsCenter versions 6.0.0, 6.0.1, and 6.0.2. OpsCenter does not start up if HTTPs is enabled and the SSL certificates use intermediate certificates (CA chains). For details about the opscenterd.log errors as a result of this issue, refer to the KB article available from DataStax Support.

Upgrading to 6.0.3 is necessary to alleviate the issue. A patch is also available from DataStax Support.

LDAP configuration changes

Because OpsCenter uses the Java driver, the Python LDAP library has been replaced with the Java LDAP library. As of OpsCenter 6.0, OpsCenter uses a keystore/truststore to manage any SSL/TLS requirements. For LDAP to work properly, migrate to the new configuration parameters.The following cluster configuration parameters have been removed:

ssl_cacert
ssl_cert
ssl_key
tls_reqcert
tls_demand
debug_ssl
opt_referrals

The removed configuration options have been replaced with:

truststore
truststore_type
truststore_pass

The optional LDAP configuration option user_memberof_stores_dn has been added for OpsCenter version 6.0.9 and later. If your organization had difficulty getting LDAP to work with memberof_search rather than a directory_search, try configuring with the user_memberof_stores_dn. For more information, see configuring LDAP.

User password hash for OpsCenter authentication

The default user password hash (sha256) for OpsCenter versions earlier than 6.0 has been deprecated. The default as of OpsCenter 6.0 is bcrypt+blake2b-512. If you want to use an option other than the default, see changing the hash algorithm. Upgrading to OpsCenter 6.0 automatically migrates the user password hash to the new default. When users log in to OpsCenter for the first time after upgrading, their passwords are converted to the new hash.

Password database ownership

When installed with Debian packages, opscenterd now properly runs as the opscenter user instead of root. Because this can cause ownership issues with passwd.db, the 6.0.0 package install attempts to automatically chown it. Those using Debian packages and a custom path for passwd.db need to check and possibly change the ownership of that file to ensure it has read and write permissions by the opscenter user. This is caused by the aforementioned bug fix that allows opscenterd to run as the opscenter user as expected.

Logging configuration

All logging configuration is now done within logback.xml. The following options have been removed from opscenterd.conf:

[logging] level
[logging] log_path
[logging] log_length
[logging] max_rotate
[authentication] audit_auth
[authentication] audit_pattern
[repair_service] log_directory
[repair_service] log_length
[repair_service] max_rotate
[webserver] log_path

In addition to the configuration file options, the OPSCENTERD_LOG_STDOUT environment variable has also been removed. Enabling console logging is also configured in logback.xml. For more information, see configuring logback.xml in OpsCenter.

Kerberos configurations

Kerberos JCE prerequisite: If using Kerberos with 256-bit encryption, ensure the JCE is installed on the opscenterd machine. For information on installing the JCE, see AES-256 support.

Kerberos configuration options: New configuration options were added to opscenterd.conf to support Kerberos connections in OpsCenter using the DataStax Java Driver for Apache Cassandra™:

opscenterd_keytab_location: Full path to the keytab containing keys for the opscenterd_client_principal on the OpsCenter machine.
debug: Whether to output debug messages during Kerberos connection attempts from OpsCenter.

New configuration options were added to address.yaml:

kerberos_client_principal: The Kerberos client principal to use when using Kerberos authentication within DSE. Example: cassandra@hostname.
kerberos_keytab_location: The Kerberos keytab location when using Kerberos authentication within DSE. Example: /path/to/keytab.keytab.

Diagnostic tarball configurable timeout

The diagnostic_tarball_download_timeout configuration option has been added to allow configuring a timeout when generating a diagnostics tarball. Increasing the default value might be necessary on slower machines or for multi-instance clusters.

The tarball_process_timeout option has been removed. The option was actually an agent installation option that is no longer used due to improvements in the agent installation workflow.

Deprecated OpsCenter APIs

The following methods have been removed from Managing Cluster Configurations:

POST /{cluster_id}/nodeconf/{node_ip}/
GET /{cluster_id}/dseconf/{node_ip}/nodetype
POST /{cluster_id}/clusterconf/{dc}/
POST /{cluster_id}/dseconf/{node_ip}/nodetype

Warnings on deprecated DataStax Enterprise metrics

After upgrading a DataStax Enterprise cluster, OpsCenter detects any obsolete metrics in use within dashboard graph presets or alert rules. When first starting OpsCenter after an upgrade, warning icons indicate which graphs have unknown metrics. See Working with metrics performance graphs for information about deleting unknown metrics.

Metrics inserted asynchronously

Metrics are now inserted asynchronously using native driver capabilities. The following configuration options are obsolete and have been removed from agent configuration:

async_queue_size
async_pool_size

Disabling all Best Practice Service rules

If all Best Practice rules are disabled, the Best Practice Service is considered disabled by OpsCenter. Any new Best Practice rules are not enabled by default.