OpsCenter configuration properties

Configure OpsCenter properties in the opscenterd.conf file and restart OpsCenter.

These properties are configured in the opscenterd.conf file.

Note: After changing properties in this file, restart OpsCenter for the changes to take effect.
[webserver] port 
The HTTP port used for client connections to the OpsCenter web server. The default port is 8888.
Optional HTTPS support. To enable, remove the comment markers (#) in front of properties prefixed with ssl in the opscenterd.conf file, as described in Configuring HTTPS.
[webserver] interface 
The interface that the web server uses to listen for client connections. The interface must be an externally accessible IP address or host name. The default interface is
[webserver] staticdir 
The location in the file system where static content for the OpsCenter web site resides. The default location is /usr/share/opscenter/content for package installations and install_location/content for tarball installations.
[webserver] ssl_keyfile 
The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.
[webserver] ssl_certfile 
The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.
[webserver] ssl_port 
The port on which to serve SSL traffic. The default port is 8443.
[webserver] hsts_enabled 
Determines whether to use HTTP Strict Transport Security. Enabling this option causes OpsCenter to return an HSTS header in HTML responses that go over HTTPS. The HTHS header makes HTTPS->HTTP downgrade attacks more difficult by instructing supported browsers to refuse connecting to OpsCenter over unencrypted HTTP. Enabling this option also requires enabling TLS with ssl_certfile and ssl_keyfile. See also hsts_max_age. Default: False.
[webserver] hsts_max_age 
The length of time in seconds that supported browsers should consider an HSTS header fresh and refuse to connect to OpsCenter with unencrypted HTTP. See also: hsts_enabled. Default: 31536000 seconds (1 year).
[webserver] sub_process_timeout 
The time in seconds OpsCenter waits for subprocesses to complete before a timeout. The default value is 600 seconds. OpsCenter spawns subprocesses for some tasks, such as scp; these tasks have a configurable timeout.
[http_proxy_settings] proxy_url 
The URL of a proxy server that OpsCenter will use for external http/https connections. Currently only applies to the posturl plugin. Example:
[http_proxy_settings] proxy_username 
Proxy username for basic proxy HTTP authorization. Currently only applies to the posturl plugin.
[http_proxy_settings] proxy_password 
Proxy password for basic proxy HTTP authorization. Currently only applies to the posturl plugin.
[security] config_encryption_active 
Specifies whether OpsCenter should attempt to decrypt sensitive config values.
[security] config_encryption_key_name 
Name of the system key used to encrypt/decrypt stored passwords.
[security] config_encryption_key_path 
Path to the encryption key. If left blank, the directory of opscenterd.conf will be used.
[logging] resource_usage_interval 
The interval in seconds in which OpsCenter logs the system resource usage. The default value is 60.
[definitions] use_ssl 
Specifies whether SSL should be used to get definition file updates. This option requires OpenSSL on the OpsCenter host. The default value is True.
[definitions] definitions_dir 
The file system location where definition files are stored. The default location is /var/lib/opscenter/definitions for package installations and install_location/definitions for tarball installations.
[definitions] auto_update 
Specifies whether OpsCenter should automatically attempt to periodically update the definition files. The default value is True.
[definitions] download_host 
The host that definition file update requests will be made to. The default host is opscenter.datastax.com.
[definitions] download_port 
The port used to request definition file updates on download_host. The default port is 443.
[definitions] download_filename 
The name of the tar file on the download_host that contains definition file updates. The default name is definitions_files.tgz.
[definitions] hash_filename 
The name of the hash file on the download_host used to determine if the definition file requires an update. The default file is version.md5.
[definitions] sleep 
The duration in seconds between checks to update the definition files. The default time is 3600 seconds (1 hour).
[authentication] passwd_db 
Full path to the file for configuring password authentication for OpsCenter. If this file does not exist, OpsCenter does not verify passwords. The default location is /etc/opscenter/passwd.db for package installations and install_location/passwd.db for tarball installations.
[authentication] enabled 
Configures whether user authentication is enabled or not. The default setting is False.
[authentication] timeout 
This sets the session timeout, in seconds. Defaults to no timeout (0). If a timeout is desired, the minimum value it can be set to is 60 seconds.
[authentication] authentication_method 
Configured Authentication method. Options include DatastaxEnterpriseAuth and LDAP; for Active Directory we support
AD over LDAP, so please specify LDAP.
[authentication] password_hash_type 
The 1-way password hash algorithm to use when storing user passwords. Options include: bcrypt+blake2b-512 (default), pbkdf2+blake2b-512, pbkdf2+sha512, pbkdf2+sha3-256, bcrypt+sha512.
[authentication] sqlite_connection_timeout 
The number of seconds that opscenterd waits to receive a successful SQLite connection before a timeout. Default: 5
[authentication] sqlite_max_active_connections 
The maximum number of simultaneous active connections to the SQLite database. Default: 200
[ldap] server_host 
The LDAP server host.
[ldap] server_port 
The LDAP server port.
[ldap] uri_scheme 
URI Scheme, defaults to ldap for ldap_security = None, defaults to ldaps for ldap_security = SSL or TLS.
[ldap] search_dn 
DN of the user that be used to search for users on the LDAP server. This user should
only have the necessary permissions to do the search.
If not present, then an anonymous bind will be used for the search.
example cn=admin,dc=qaldap,dc=datastax,dc=lan
[ldap] search_password 
Password of the search user.
[ldap] user_search_base 
The ldap search base used to find a user; example: ou=users,dc=qaldap,dc=datastax,dc=lan
[ldap] user_search_filter 
The ldap search filter used to uniquely identify a user; example: (uid={0})
[ldap] group_search_base 
The ldap search base used to find a group; example: ou=groups,dc=qaldap,dc=datastax,dc=lan
[ldap] group_search_filter 
Deprecated. The ldap search filter used to find a user's group; example: (member=cn={0},ou=users,dc=nodomain)
[ldap] group_search_filter_with_dn 
The ldap search filter used to find a user's group. Uses the full user's DN from a user search. Overrides group_search_filter. Example: (member={0})
[ldap] group_name_attribute 
The ldap field name used to identify a group's name; example: cn
[ldap] admin_group_name 
The name of the admin group or a comma separated list of admin group names; example: admin, superusers
If your group name contains restricted LDAP characters such as "," (a comma), you must escape them.
For example, the two admin groups "foo , bar" and "baz" should be entered as: foo \, bar, baz
[ldap] ldap_security 
The type of security to use with LDAP: None, TLS, SSL, SSL_TLS when set to TLS or SSL_TLS uses TLS start
[ldap] truststore 
Path to the truststore.
[ldap] truststore_type 
Type for the truststore.
[ldap] truststore_pass 
Password for the truststore.
[ldap] user_memberof_attribute 
Set to the attribute on the user entry containing group membership information.
[ldap] user_memberof_stores_dn 
Set to True if the memberof attribute's value is distinguished names of groups. Default: False
[ldap] group_search_type 
The group_search_type defines how group membership will be determined for a user. It
can be one of:
directory_search - will do a subtree search of group_search_base using
group_search_filter to filter the results
memberof_search - will get groups from the memberof attribute of the user. This
requires the directory server to have memberof support
[ldap] connection_timeout 
The number of seconds to wait before concluding the ldap server is down, defaults to 30 seconds.
[agents] config_sleep 
The durations in seconds in between updates to the agent config md5. The default value is 420 seconds (7 minutes).
[agents] ssh_port 
The Secure Shell (SSH) port that listens for agent-OpsCenter communications. The default port is 22. Add an [agents] section, if one doesn't already exist, to the opscenterd.conf. In this section, add the ssh_port option and a value for the port number:
ssh_port = 2222
[agents] incoming_port 
The port used by OpsCenter for incoming stomp communication. The default port is 61620.
[agents] incoming_interface 
The interface used by OpsCenter for incoming stomp traffic from the agents. The default interface is
[agents] use_ssl 
Specifies whether traffic between OpsCenter and the agents should use SSL. The default value is False.
[agents] agent_install_poll_period 
How often OpsCenter will update agent install status during an agent install.
[agents] agent_install_mute_period 
The number of seconds to wait after agent install before checking agents for known problems.
[agents] agent_install_timeout_period 
The number of seconds to wait for the install to complete before automatically terminating the install.
[agents] ssl_keyfile 
The location of the SSL key file used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.
[agents] ssl_certfile 
The location of the SSL certificate used for SSL traffic between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/opscenter.der for package installations and install_location/ssl/opscenter.der for tarball installations.
[agents] agent_keyfile 
The location of the keyfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.
[agents] agent_keyfile_raw 
The raw key that is stored in the Java key store from agent_keyfile. This key is needed by non-Java clients that need to communicate with OpsCenter.
[agents] agent_certfile 
The location of the certfile sent to the agents when using SSL communication between OpsCenter and the agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.der for package installations and install_location/ssl/agentKeyStore.der for tarball installations.
[agents] ssh_executable 
The location of the ssh executable binary. The default locations is /usr/bin/ssh.
[agents] scp_executable 
The location of the scp executable binary. The default location is /usr/bin/scp.
[agents] ssh_keygen_executable 
The location of the ssh-keygen executable binary. The default location is /usr/bin/ssh-keygen.
[agents] ssh_keyscan_executable 
The location of the ssh-keyscan executable binary. The default location is /usr/bin/ssh-keyscan.
[agents] ssh_user_known_hosts_file 
The location of the OpsCenter user's known_hosts file that will be used by OpsCenter during SSH communications. The default location is ~/.ssh/known_hosts.
[agents] ssh_sys_known_hosts_file 
The location of the system wide known_hosts file that will be used by OpsCenter during SSH communications. The default location is /etc/ssh/ssh_known_hosts.
[agents] tmp_dir 
The path to a tmp directory used for temporary files used by OpsCenter. The default location is /usr/share/opscenter/tmp/ for package installations and install_location/tmp for tarball installations.
[agents] not_seen_threshold 
The maximum time in seconds since the last agent status about a specific connection, such as stomp, was sent before that agent connection is considered down. This threshold also affects how long OpsCenter waits before marking node health as unknown. Default value: 180 seconds.
[agents] call_agent_retry 
Number of times to try different up nodes on agent requests.
[agents] agent_aggregation_flush 
The number of seconds between log flushes for verbose aggregated and periodically batched agent messages. Default: 600 seconds.
[agents] http_poll_period 
The frequency in seconds between attempts to poll agent http health. Default value: 60 seconds.
[stat_reporter] initial_sleep 
The delay in seconds before the cluster stats reporter starts to run. The default value is 300 (5 minutes).
[stat_reporter] interval 
The interval in seconds between usage metric reports to DataStax Support. By default, OpsCenter sends usage metrics about the cluster to DataStax Support every day.

To disable the phone-home functionality, add the following lines to your opscenterd.conf file:

interval = 0
Additional configuration metric collection properties are available in Metrics Collection Properties.
[stat_reporter] ssl_key 
The location of the SSL key file to use for SSL communication for the phone-home service. The default location is /var/lib/opscenter/ssl/stats.pem for package installations and install_location/ssl/stats.pem for tarball installations.
[spark] base_master_proxy_port 
Base port to use for setting up the HTTP proxy for the Spark master. Spark master UI is exposed at port 7080 and increasing ports from that + 10k (17080) are largely unused.
[nodesync] refresh_period 
The period of time in seconds between each NodeSync Service refresh of status data from the NodeSync metrics table. Default: 300 (5 mn).
[nodesync] max_request_tables 
The maximum number of tables that can be processed for a single request to enable or disable NodeSync. Only adjust the default value if schema agreement errors are encountered when enabling or disabling NodeSync on multiple tables. Default: 50.
[repair_service] persist_directory 
The location in which to store a file with the current repair service status. The default location is /var/lib/opscenter/repair_service for package installations and install_location/repair_service for tarball installations.
[repair_service] restart_period 
The period of time in seconds the Repair Service pauses in response to certain events before verifying the cluster stability and restarting repairs. Default: 300 (5 minutes).
[repair_service] cluster_stabilization_period 
The frequency in seconds that the Repair Service checks for cluster stability before making repairs. The check begins when the Repair Service is activated (either by a user or after an OpsCenter restart) and repeats until the cluster is stable. Default: 30.
[repair_service] single_task_err_threshold 
The maximum number of times to retry a repair task before temporarily skipping the task and moving on to the next task. The skipped task is moved to the end of the repairs queue to retry later. After the maximum retries is reached, an alert is fired. Default: 10.
[repair_service] max_parallel_repairs 
The maximum number of subrange repairs to run in parallel. If unspecified or set to 0, the Repair Service calculates the correct number of maximum repairs to run in parallel. Default: 0.
[repair_service] max_pending_repairs 
The maximum number of pending repairs allowed to be running on a node at one time. Default: 5.
[repair_service] single_repair_timeout 
The maximum length of time in seconds for a repair to complete. Default: 3600 (1 hour).
[repair_service] min_repair_time 
The minimum length of time in seconds for a repair to complete. If a repair finishes sooner, it will be padded with a sleep. Default: 5.
[repair_service] prioritization_page_size 
The maximum number of remaining subrange repair tasks for the Repair Service to evaluate when choosing the next low-impact repair to run. Default: 512.
[repair_service] offline_splits 
The minimum number of subrange splits for a node to have per keyspace when falling back to offline splits if the node is unable to communicate with its agent to get more optimal splits. Default: 256.
[repair_service] min_throughput 
The minimum throughput in bytes needed to calculate parallel repairs. See also num_recent_throughputs. Default: 512.
[repair_service] num_recent_throughputs 
The maximum most recent completed repair throughputs used to calculate the average repair throughput, which is then used to determine how many parallel repairs are needed. See also min_throughput. Default: 500.
[repair_service] error_logging_window 
The frequency in seconds to log errors and trigger alerts after exceeding time_to_completion. Default: 86400 (1 day).
[repair_service] snapshot_override 
Specifies whether to override the default snapshot repair behavior. Specifying this option as True runs validation compaction sequentially rather than in parallel. Default: False.
[repair_service] ignore_keyspaces 
The list of keyspaces to ignore during a repair in addition to system keyspaces.
[repair_service] ignore_tables 
The list of keyspace and tables to exclude during a repair. Example: keyspace1.standard1, keyspace1.standard2.
[repair_service] incremental_repair_tables 
The list of keyspaces and tables to include in incremental repairs. The OpsCenter.settings and OpsCenter.backup_reports tables are included by default. Example: keyspace1.standard1, keyspace1.standard2.
[repair_service] incremental_repair_datacenters 
Restricts incremental repairs by datacenters or racks. Setting this option improves performance by limiting the repair requests to only those replicas within the datacenters and any specified racks. Example: dc1,dc2:rack1,dc2:rack2. The default behavior sends repair requests to all datacenters and racks for all replicas.
[repair_service] incremental_sleep 
The number of seconds to pause after completing all incremental repairs for a cluster. Default: 3600 (1 hour).
[repair_service] incremental_threshold 
The minimum number of bytes required to consider a table for incremental repairs (DSE 5.1+ only). The default value of 1 byte means that if there is any unrepaired data in a table, the Repair Service will run an incremental repair. Be cautious of setting this value too high. If not enough data is written to exceed the threshold in the gc_grace_seconds period, deletes might be lost. Default: 1.
[repair_service] incremental_err_alert_threshold 
The threshold for the number of errors during incremental repair to ignore before alerting that incremental repair seems to be failing more than an acceptable amount. Default: 20.
[repair_service] time_to_completion_target_percentage 
A percentage of the time to completion that the Repair Service should target, including slowing down or reducing parallelism as necessary to avoid overtaxing the cluster. Default: 65.
[repair_service] tokenranges_http_timeout 
The timeout in seconds for the HTTP call to the agent to retrieve node token range splits. The default value (30) is deliberately set higher than the default value for agents http_timeout in clustername.conf (10). Default: 30.
[repair_service] persist_period 
The minimum number of seconds between the Repair Service writing the persist file to disk. Default: 3600 (1 hour).
[repair_service] tokenranges_partitions 
Target number of partitions for each range in a subrange repair. This value is used by the Repair Service to create repair tasks, and is set to the max DSE merkle tree depth by default. Default: 1048576.
[repair_service] max_down_node_retry 
The maximum number of attempts to retry a repair task when a node containing a replica is down. The default is 1080 retry attempts. Retries occur every 10 seconds. The default 1080 retries elapses after 10800 seconds (3 hours), which corresponds to the default Cassandra hinted-handoff expiration. Example: To double the time allowed to attempt repairs on a down node or replica to 6 hours, set the number of retries to 2160. Default: 1080.
[repair_service] parallel_tasks_update_interval 
Interval at which to recalculate parallel tasks to use for the Repair service in seconds. Default: 120 (2 minutes).
[ui] default_api_timeout 
The default timeout value in seconds for an API call from the OpsCenter UI to the OpsCenter API. The default value is 10. Some API calls require a timeout longer than 10 seconds. In those cases, the API call timeouts are scaled relative to the default_api_timeout (for example, 6 * default_api_timeout). Changing the default_api_timeout affects those timeouts accordingly.
[ui] max_metrics_requests 
The maximum concurrent metrics requests from the OpsCenter UI to opscenterd. The default value is 16.
[ui] node_detail_refresh_delay 
The time in seconds between polling calls to update node details. The default value is 5.
[ui] storagemap_ttl 
How often in seconds the data in the storage capacity chart is updated in the OpsCenter UI. It is set to 300 seconds (5 minutes) by default so changes to storage capacity on individual nodes might not be reflected in the UI for up to 5 minutes.
[request_tracker] queue_size 
The maximum number of requests that can be tracked. The default value is 10,000.
[clusters] add_cluster_timeout 
How long in seconds OpsCenter will wait when adding a cluster before reporting an error. The default value is 300 seconds. Adding a cluster includes connecting to DSE, getting topology information, and creating the OpsCenter schema. Increasing this value may be necessary when running a very large cluster with vnodes enabled.
[clusters] startup_sleep 
How long in seconds OpsCenter will wait between connecting to clusters on startup. The default value is 0 (no wait).
[clusters] max_schema_agreement_wait 
The maximum time in seconds to wait for schema agreement after executing a schema-altering query. Default value: 30 seconds. Increase the value if there are schema creation or schema alteration errors present in the opscenterd log.
[failover] heartbeat_period 
How often OpsCenter should heartbeat to the backup. Default: 10 seconds.
[failover] heartbeat_reply_period 
How often a backup OpsCenter should heartbeat to the primary Opscenter. Default: 300 seconds.
[failover] heartbeat_fail_window 
The amount of time required before a lack of heartbeat triggers failover. Default: 60 seconds.
[failover] failover_configuration_directory 
The directory where failover specific configuration is stored. This directory should not be mirrored/replicated across OpsCenter installs when configuring OpsCenter to support failover. The default location is /var/lib/opscenter/failover/ for package installations and install_location/opscenterd/failover/ for tarball installations.
[failover] override_primary_redirect_url 
If set, overrides the primary OpsCenter URL automatically generated during failover. Example: https://opscenter:80
[lifecycle_manager] db_location 
The location of the lcm.db database used for storing Lifecycle Manager information. Default: /var/lib/opscenter/lcm.db
[lifecycle_manager] cacerts_directory 
The directory to use when storing SSL-related files that are automatically generated during provisioning tasks. Default: /var/lib/opscenter/ssl/lcm
[lifecycle_manager] cacerts_truststore_location 
The location of the truststore containing the root CA cert for signing certificates. Default: /var/lib/opscenter/ssl/lcm/lcm-auto-generated.truststore
[lifecycle_manager] cacerts_truststore_password 
The password to open the cacerts truststore.
[lifecycle_manager] crypto_key_file 
The key to use to encrypt sensitive data in the database for storing Lifecycle Manager information. The encryption key is automatically generated if it does not already exist. Default: /etc/opscenter/lcm.key
[lifecycle_manager] job_manager_polling_interval 
Polling frequency in seconds when performing Lifecycle Manager tasks. Default: 5 seconds.
[lifecycle_manager] node_install_idle_timeout 
Duration of inactivity in seconds before marking an install job as idle. Default: 900 seconds.
[lifecycle_manager] node_restart_idle_timeout 
Duration of inactivity in seconds before marking a node restart job as idle. Default: 120 seconds.
[lifecycle_manager] node_configure_idle_timeout 
Duration of inactivity in seconds before marking a node configuration job as idle. Default: 120 seconds.
[lifecycle_manager] node_cluster_import_idle_timeout 
Duration of inactivity in seconds before marking a cluster import job as idle. Default: 120 seconds.
[lifecycle_manager] node_install_agent_idle_timeout 
Duration of inactivity in seconds before marking an agent install job as idle. Default: 120 seconds.
[lifecycle_manager] cassandra_connection_timeout 
Duration in seconds to allow for connecting to DataStax Enterprise when provisioning a DataStax Enterprise cluster. Default: 20 seconds.
[lifecycle_manager] ssh_connect_timeout_in_seconds 
The number of seconds to wait for the SSH server on a target node to respond to a connection attempt during an LCM job. Default: 30 seconds.
[lifecycle_manager] ssh_max_attempts 
The maximum number of times to attempt an SSH connection to a given target during an LCM job. Default: 3.
[lifecycle_manager] ssh_retry_delay_in_seconds 
The number of seconds to wait between SSH connection retries during an LCM job. Default: 10 seconds.
[lifecycle_manager] disable_platform_check 
Platform check ensures DSE compatibility and support. Disable at your own risk. Default: False.
[backup_service] auto_sync_retry_attempts 
The number of times to auto retry sending a backup to a destination if there are failures. Default: 3.
[backup_service] auto_sync_retry_delay 
The amount of time in minutes to wait between retry attempts. Default: 60.
[agents] path_to_sudowrap 
The location of the sudo_with_pass.py wrapper for old Red Hat installations. The default location is /usr/share/opscenter/bin/sudo_with_pass.py for package installations and install_location/bin/sudo_with_pass.py for tarball installations.
[agents] path_to_deb 
The path to the agent Debian package. The default location is /usr/share/opscenter/agent/datastax-agent.deb for package installations and install_location/agent/datastax-agent.deb for tarball installations.
[agents] path_to_rpm 
The path to the agent RPM package. The default location is /usr/share/opscenter/agent/datastax-agent.rpm for package installations and install_location/agent/datastax-agent.rpm for tarball installations.
[agents] reported_interface 
The interface used when automatically setting up target nodes to communicate with opscenterd. The value is used when installing the DataStax Agent automatically through OpsCenter, during failover, and is also used by the remote script deployed by the Lifecycle Manager (LCM) to communicate status back to the central opscenterd process. The value is written as the stomp_interface property in address.yaml. If not explicitly set, this value is determined by an algorithm that works automatically in most cases. The reported_interface property should be set if that algorithm fails to determine the proper IP that agents should use to connect (that is, if stomp_interface is configured incorrectly in address.yaml, or the remote LCM script fails to report back).
[agents] runs_sudo 
Sets whether the DataStax Agent will be run using sudo or not. The default value is True. Setting this option to False means the agent will not use sudo, and the agent user will not run using elevated privileges. Setting this option to True means the agent will run using sudo, and elevated privileges.