SSL configuration options for OpsCenter 

Reference of available configuration options for OpsCenter SSL in one convenient location.

Reference of available SSL configuration options in each level of OpsCenter configuration file (daemon, cluster, agent), sorted by alphabetical order within each section.

OpsCenter daemon (opscenterd) SSL configuration options

SSL configuration options available in opscenterd.conf:
[agents] agent_certfile
The location of the certfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.der for package installations and install_location/ssl/agentKeyStore.der for tarball installations.
[agents] agent_keyfile
The location of the keyfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.
[agents] agent_keyfile_raw
The raw key that is stored in the java key store from agent_keyfile. This key is needed by non java clients that wish to communicate with OpsCenter.
[agents] ssl_certfile
The location of the SSL certificate used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.der for package installations and install_location/ssl/opscenter.der for tarball installations.
[agents] ssl_keyfile
The location of the SSL key file used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.
[agents] use_ssl
Specifies whether traffic between OpsCenter and the agents should use SSL. The default value is False.
[webserver] ssl_certfile
The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.
[webserver] ssl_keyfile
The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.
[webserver] ssl_port
The port on which to serve SSL traffic. The default port is 8443.

Cluster SSL configuration options 

Cluster-specific SSL configuration options available in cluster_name.conf:

[agents] ssl_keystore
The SSL keystore location for agents to use to connect to CQL on the monitored cluster.
[agents] ssl_keystore_password
The SSL keystore password for agents to use to connect to CQL on the monitored cluster.
[agents] ssl_truststore
The SSL truststore location for agents to use for trusted certs.
[agents] ssl_truststore_password
The SSL truststore password for agents to use for trusted certs.
[agents] storage_ssl_keystore
The SSL keystore location for agents to use to connect to CQL on the storage cluster.
[agents] storage_ssl_keystore_password
The SSL keystore password for agents to use to connect to CQL on the storage cluster.
[agents] storage_ssl_truststore
The SSL truststore location for agents to use for trusted certs on the storage cluster.
[agents] storage_ssl_truststore_password
The SSL truststore password for agents to use for trusted certs on the storage cluster.
[cassandra] ssl_keystore
The SSL keystore location for OpsCenter to use to connect to Cassandra directly.
[cassandra] ssl_keystore_password
The SSL keystore password for OpsCenter to use to connect to Cassandra directly.
[cassandra] ssl_truststore
The SSL truststore location for OpsCenter to use to connect to Cassandra directly
[cassandra] ssl_truststore_password
The SSL truststore password for OpsCenter to use to connect to Cassandra directly
[storage_cassandra] ssl_keystore
The SSL keystore location for OpsCenter to use to connect to Cassandra directly.
[storage_cassandra] ssl_keystore_password
The SSL keystore password for OpsCenter to use to connect to Cassandra directly.
[storage_cassandra] ssl_truststore
The SSL truststore location for OpsCenter to use to connect to Cassandra directly
[storage_cassandra] ssl_truststore_password
The SSL truststore password for OpsCenter to use to connect to Cassandra directly

Agent configuration options

SSL configuration options available for agents in address.yaml:

monitored_ssl_keystore
The SSL keystore location for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_keystore: /etc/dse/conf/.keystore
monitored_ssl_keystore_password
The SSL keystore password for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]
monitored_ssl_truststore
The SSL truststore location for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_truststore: /etc/dse/conf/.truststore
monitored_ssl_truststore_password
The SSL truststore password for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_truststore_password: truststore-pass [This field may be encrypted for additional security.]
opscenter_ssl_keystore
The SSL keystore location that the agents use to connect to opscenterd. Example: opscenter_ssl_keystore: /etc/opscenter/conf/.keystore
opscenter_ssl_keystore_password
The SSL keystore password that the agents use to connect to opscenterd. Example: opscenter_ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]
opscenter_ssl_truststore
The path to the truststore file that the agents use to connect to opscenterd. Example: opscenter_ssl_truststore: /etc/opscenter/conf/.truststore
opscenter_ssl_truststore_password
The SSL truststore password that the agents use to connect to opscenterd. Default: Uses the keystore password if an SSL truststore password is not specified. Example: opscenter_ssl_truststore_password: trust-pass [This field may be encrypted for additional security.]
ssl_truststore
The SSL truststore location for the storage cluster that agents use to connect to CQL. Example: ssl_truststore: /etc/dse/conf/.truststore
ssl_truststore_password
The SSL truststore password for the storage cluster that agents use to connect to CQL. Example: ssl_truststore_password: truststore-pass [This field may be encrypted for additional security.]
use_ssl
Whether or not to use SSL communication between the agent and opscenterd. Affects both the STOMP connection and agent HTTP server. Corresponds to [agents].use_ssl in opscenterd.conf. Setting this option to true turns on SSL connections. Example: use_ssl: true

cluster_name.conf 

The location of the cluster_name.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/clusters/cluster_name.conf
  • Tarball installations: install_location/conf/clusters/cluster_name.conf

opscenterd.conf 

The location of the opscenterd.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

address.yaml 

The location of the address.yaml file depends on the type of installation:

  • Package installations: /var/lib/datastax-agent/conf/address.yaml
  • Tarball installations: install_location/conf/address.yaml