Editing OpsCenter cluster connections for authentication or encryption 

Cluster connection settings define how OpsCenter connects to a DSE cluster. Edit the cluster connection settings if authentication or encryption has been enabled on a DSE cluster.

The connection settings for a cluster define how OpsCenter connects to a DSE cluster. For example, if Kerberos authentication or client-to-node encryption was enabled on a cluster, you need to specify that information in the cluster connection settings.

cluster_name.conf 

The location of the cluster_name.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/clusters/cluster_name.conf
  • Tarball installations: install_location/conf/clusters/cluster_name.conf

Procedure

  1. Select the cluster to edit from the Cluster menu in OpsCenter Monitoring.
  2. Click Settings > Cluster Connections.
    The Edit Cluster Connection Settings dialog appears.

    Collapsed view Edit Cluster Connections Settings in OpsCenter Monitoring

    Tip: Select other clusters to edit connection settings for from the Cluster list.
  3. If applicable, change the IP addresses of cluster nodes.
  4. If applicable, change the JMX Port and Native Transport Port listen port numbers if you are not using the defaults.
  5. If applicable, click Add credentials to add or edit the user credentials (username and passwords) if the JMX or Native Transport ports require authentication.
  6. Optional: If applicable to your environment, select DSE security (kerberos) is enabled on my cluster and complete the fields.

    DSE security (Kerberos) enabled configuration settings for OpsCenter connections

    1. Enter the Service Name. For example, if the server principal on your nodes is dse/nodeX.example.com@EXAMPLE.COM, this field should be dse.
    2. Enter the Opscenterd Client Principal for the OpsCenter process/machine to use. Example: opscenterd@YOUR_REALM.
    3. Enter the location of the keytab OpsCenter machine in Opscenterd Keytab Location, which contains credentials for the opscenter_client_principal.
    4. Enter the client principal for the DataStax Agent process/machine to use in DataStax Agent Client Principal. Example: agent@YOUR_REALM.
    5. Enter the location of the keytab on the DataStax Agent machines in DataStax Agent Keytab Location, which contains credentials for the agent_client_principal. Example: /path/to/keytab.keytab.

    For more information, see Authenticating with Kerberos and the Kerberos tutorial in the DataStax Enterprise documentation.

  7. Optional: If applicable to your environment, select Client-to-node encryption is enabled on my cluster.

    Client-to-node encryption enabled connection settings for OpsCenter and Agents

    Note: For information about creating keystores and truststores, see Enabling client-to-node encryption in OpsCenter.
  8. If configuring client-to-node settings, indicate the following for OpsCenter and each agent to use for connecting directly to the monitored DSE cluster:
    • If the keystore and truststore are the same (default), select the My Keystore and Truststore are the same for OpsCenter and Agent as appropriate for your environment. The keystore information entered is used for both the keystore and the truststore.
    • If the keystore and truststore are not the same, clear the check boxes. Separate fields appear for truststore paths and passwords.
    1. Enter the OpsCenter Keystore Path, which is the SSL keystore location for OpsCenter (opscenterd) to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [cassandra] ssl_keystore property in the OpsCenter cluster configuration file (cluster_name.conf).
    2. Enter the Password for the OpsCenter Keystore Path. The value entered in the UI populates the [cassandra] ssl_keystore_password property in cluster_name.conf.
    3. If applicable (separate truststore), enter the OpsCenter Truststore Path, which is the SSL truststore location for OpsCenter (opscenterd) to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [cassandra] ssl_truststore property in (cluster_name.conf).
    4. If applicable (separate truststore), enter the Password for the OpsCenter Truststore Path. The value entered in the UI populates the [cassandra] ssl_truststore_password property in cluster_name.conf.
    5. Enter the Agent Keystore Path, which is the SSL keystore location for each agent to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [agents] ssl_keystore property in cluster_name.conf.
    6. Enter the Password for the Agent Keystore Path. The value entered in the UI populates the [agents] ssl_keystore_password property in cluster_name.conf.
    7. If applicable (separate truststore), enter the Agent Truststore Path, which is the SSL truststore location for each agent to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [agents] ssl_truststore property in (cluster_name.conf).
    8. If applicable (separate truststore), enter the Password for the Agent Truststore Path. The value entered in the UI populates the [agents] ssl_truststore_password property in cluster_name.conf.
  9. Click Save Cluster.