Setting up pluggable authentication for OpsCenter

Instructions for enabling pluggable authentication for OpsCenter.

opscenterd.conf

The location of the opscenterd.conf file depends on the type of installation:
  • Package installations: /etc/opscenter/opscenterd.conf
  • Tarball installations: install_location/conf/opscenterd.conf

Procedure

  1. Edit the opscenterd.conf file and enable authentication.
    Note: You can also bring your own pluggable authentication class and define it in the authentication_method.

    File authentication strategy

    Create the auth_file with user:password:role:
    file:$2a$10$LvCn7Qm8SjkIUfRN3ZBWSuhH6KqmQPomnjcSkh2imkPVvwrzmYhmO:superuser
    Important: The password must use a bcrypt 2a variation hash.
    Note: The authentication file should contain one user per line in this format.
    passwd_db = ./passwd.db
    enabled = True
    authentication_method = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider
    
    [authentication_provider]
    # auth file configuration
    auth_file = /apps/test/auth.txt

    LDAP authentication strategy

    passwd_db = ./passwd.db
    enabled = True
    authentication_method = com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider
    
    [authentication_provider]
    # ldap configuration
    server_host = dev-ldap.datastax.lan
    # use 389 if you set ldap_security = None
    server_port = 636
    search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
    search_password = dseng
    user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
    user_search_filter = (uid={0})
    group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
    group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
    group_name_attribute = cn
    admin_group_name = superusers, superusers2
    truststore = ./tests/resources/truststore.ts
    truststore_pass = secret
    ldap_security = SSL_TLS
    truststore_type = jks

    Multiple authentication strategy

    passwd_db = ./passwd.db
    enabled = True
    authentication_method = com.datastax.opscenter.auth.http.impl.MultipleAuthenticationStrategyProvider
    
    [authentication_provider]
    # List of authentication strategies in the order each strategy will be used
    strategy_chain = com.datastax.opscenter.auth.http.impl.FileAuthenticationStrategyProvider, com.datastax.opscenter.auth.http.impl.LDAPAuthenticationStrategyProvider
    
    # auth file configuration
    auth_file = /apps/test/auth.txt
    
    # ldap configuration, formerly in [ldap_section]
    server_host = dev-ldap.datastax.lan
    # use 389 if you set ldap_security = None
    server_port = 636
    search_dn = cn=admin,dc=devldap,dc=datastax,dc=lan
    search_password = dseng
    user_search_base = ou=users,dc=devldap,dc=datastax,dc=lan
    user_search_filter = (uid={0})
    group_search_base = ou=groups,dc=devldap,dc=datastax,dc=lan
    group_search_filter = (member=cn={0},ou=users,dc=devldap,dc=datastax,dc=lan)
    group_name_attribute = cn
    admin_group_name = superusers, superusers2
    truststore = ./tests/resources/truststore.ts
    truststore_pass = secret
    ldap_security = SSL_TLS
    truststore_type = jks
  2. Restart OpsCenter.
  3. Open the OpsCenter user interface in a browser.
    http://localhost:8888