Editing OpsCenter cluster connections for authentication or encryption 

Cluster connection settings define how OpsCenter connects to a cluster. Edit the cluster connection settings if authentication or encryption has been enabled on a cluster.

The connection settings for a cluster define how OpsCenter connects to a cluster. For example, if you enabled authentication or encryption on a cluster, you need to specify that information in the cluster connection settings.

cluster_name.conf 

The location of the cluster_name.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/clusters/cluster_name.conf
  • Tarball installations: install_location/conf/clusters/cluster_name.conf

Procedure

  1. Select the cluster to edit from the Cluster menu.
  2. Click Settings > Cluster Connections.
    The Edit Cluster Connection Settings dialog appears.

  3. If applicable, change the IP addresses of cluster nodes.
  4. If applicable, change the JMX and Native Transport listen port numbers.
  5. If applicable, click Add credentials to add or edit the user credentials if the JMX or Native Transport ports require authentication.
  6. Optional: If applicable to your environment, select DSE security (kerberos) is enabled on my cluster and complete the fields.

    1. Enter the service name. For example, if the server principal on your nodes is dse/nodeX.example.com@EXAMPLE.COM, this field should be dse.
    2. Enter the client principal for the OpsCenter process/machine to use. Example: opscenterd@YOUR_REALM.
    3. Enter the location of the keytab OpsCenter machine, which contains credentials for the opscenter_client_principal.
    4. Enter the client principal for the DataStax Agent process/machine to use. Example: agent@YOUR_REALM.
    5. Enter the location of the keytab on the DataStax Agent machines, which contains credentials for the agent_client_principal. Example: /path/to/keytab.keytab.

    For more information, see Authenticating with Kerberos and the Kerberos tutorial in the DataStax Enterprise documentation.

  7. Optional: If applicable to your environment, select Client-to-node encryption is enabled on my cluster.
    Note: For more information, see Enabling client-to-node encryption in OpsCenter.

  8. If configuring client-to-node settings, indicate the following for OpsCenter and each agent to use for connecting directly to the monitored DSE cluster:
    • If the keystore and truststore are the same (default), select the My Keystore and Truststore are the same for OpsCenter and Agent as appropriate for your environment. The keystore information entered is used for both the keystore and the truststore.
    • If the keystore and truststore are not the same, clear the check boxes. Separate fields appear for truststore paths and passwords.
    1. Enter the OpsCenter Keystore Path, which is the SSL keystore location for OpsCenter (opscenterd) to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [cassandra] ssl_keystore property in the OpsCenter cluster configuration file (cluster_name.conf).
    2. Enter the Password for the OpsCenter Keystore Path. The value entered in the UI populates the [cassandra] ssl_keystore_password property in cluster_name.conf.
    3. If applicable (separate truststore), enter the OpsCenter Truststore Path, which is the SSL truststore location for OpsCenter (opscenterd) to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [cassandra] ssl_truststore property in (cluster_name.conf).
    4. If applicable (separate truststore), enter the Password for the OpsCenter Truststore Path. The value entered in the UI populates the [cassandra] ssl_truststore_password property in cluster_name.conf.
    5. Enter the Agent Keystore Path, which is the SSL keystore location for each agent to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [agents] ssl_keystore property in cluster_name.conf.
    6. Enter the Password for the Agent Keystore Path. The value entered in the UI populates the [agents] ssl_keystore_password property in cluster_name.conf.
    7. If applicable (separate truststore), enter the Agent Truststore Path, which is the SSL truststore location for each agent to use for connecting to the monitored DSE cluster. The value entered in the UI populates the [agents] ssl_truststore property in (cluster_name.conf).
    8. If applicable (separate truststore), enter the Password for the Agent Truststore Path. The value entered in the UI populates the [agents] ssl_truststore_password property in cluster_name.conf.
  9. Click Save Cluster.