• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help

DataStax Enterprise OpsCenter 6.8

    • About OpsCenter
      • New features
      • Key features
      • Labs features
        • Exporting and importing dashboard presets
        • Adding a Swift CLI backup location
        • Configuring named route linking
        • Viewing logs from node details
      • Architecture overview
      • OpsCenter policy for DDAC and OSS
      • Feedback about OpsCenter
    • Release notes
    • Installing OpsCenter
    • Upgrading OpsCenter
    • OpsCenter recommended settings
      • OpsCenter basic configurations
      • Cluster synchronization settings
      • Backup Service settings
      • Knowledge Base articles
    • Configuring OpsCenter
      • OpsCenter Security
        • OpsCenter SSL overview
          • Enabling/Disabling HTTPS for the OpsCenter server
          • Configuring SSL/TLS between OpsCenter and the DataStax Agents
          • Connect to DSE with client-to-node encryption in OpsCenter and the DataStax Agents
          • Editing/OpsCenter cluster connections for authentication or encryption
          • SSL configuration options for OpsCenter
        • Configuring OpsCenter role-based security
        • Encrypting sensitive configuration values
          • Activating configuration encryption
          • Creating a system key to encrypt sensitive configuration values
          • Manually encrypting a configuration value
          • Deactivating configuration encryption
        • Authenticating with LDAP
          • Configuring LDAP
          • Adding a role for an LDAP user
          • Troubleshooting OpsCenter LDAP
        • Kerberos authentication
          • Configuring OpsCenter for Kerberos authentication
          • OpsCenter Kerberos configuration options
          • Troubleshooting Kerberos in OpsCenter
        • Configuring security logging
      • Configuring alerts for events
        • SNMP alerts overview
          • Enabling SNMP alerts
        • Enabling SMTP email alerts
        • Enabling alerts posted to a URL
          • Verifying that events are posting correctly
          • Posting URL alerts to a Slack channel
      • Configuring data collection and expiration
        • Controlling data collection
        • Storing collection data on a separate cluster
      • OpsCenter DSE definitions files updates
        • Updating and configuring definitions files properties
      • Automatic failover overview
        • Enabling automatic failover
        • Failover configuration options reference
      • Backing up critical configuration data
      • Configuring named route linking
      • Configuring the OpsCenter JVM
      • Configuring the DataStax Agent JVM
        • Setting and securing the tmp directory for the DataStax Agent
        • Encrypting JMX communications
      • Changing the replication strategy for the OpsCenter keyspace
      • Configuration files for OpsCenter
        • OpsCenter configuration properties
          • Statistics reporter properties
        • Cluster configuration properties
          • Cassandra connection properties
          • Metrics Collection Properties
        • DataStax Agent configuration
        • OpsCenter logback.xml configuration
      • Customize scripts for starting and stopping DataStax Enterprise
      • Example configuration scenarios
        • Configuring for multiple regions
        • Configuring for very large clusters
    • Using OpsCenter
      • OpsCenter workspace overview
        • Ring View
        • List View
        • DataStax Agents Status View
        • Nodes Detail View
          • Node management operations
      • Configuring alerts
        • Adding an alert for agent issues
          • Troubleshooting DataStax Agent Issues
        • Adding an alert for down nodes
        • Configuring an alert for KMIP errors
        • Configuring an alert for percentage of in-memory usage
        • Configuring an alert for percentiles
      • Monitoring node operations
        • Viewing the Spark Console
        • Monitoring in-memory usage
        • Viewing logs from node details
      • Managing and maintaining nodes
        • Running cleanup
        • Performing garbage collection
        • Running compaction
        • Flushing tables
        • Decommission a node
        • Draining a node
        • Moving a node
        • Running a manual repair
        • Configure an alias for a node
      • Starting and stopping DSE
        • Starting DSE on a node
        • Stopping DSE on a node
        • Restarting DSE on a node
      • Managing keyspaces and tables
        • Keyspaces
          • Managing a keyspace
            • Viewing the CQL for User-Defined Types
            • Viewing the CQL for User-Defined Functions
            • Viewing the CQL for User-Defined Aggregates
          • Managing tables
            • Managing a table
              • Truncating data from a table
        • Browsing data deprecated
      • Cluster administration
        • Adding an existing cluster
        • Disconnecting a cluster from OpsCenter and Lifecycle Manager
        • Rebalancing a cluster overview
          • Rebalancing a cluster
          • Configuring an alert for rebalancing a cluster
        • Restarting a cluster
        • Changing the display name of a cluster
        • Downloading diagnostic data
          • Diagnostic tarball reference
          • Creating an alternate directory for diagnostic information
        • Downloading Insights diagnostic data
        • Generating a cluster report
      • OpsCenter Metrics Tooltips Reference
        • Dashboard performance metrics
        • Performance metrics overview
          • Working with metrics performance graphs
          • Organizing performance metrics presets
          • Exporting and importing dashboard presets
        • Cluster performance metrics
        • Pending task metrics
          • Pending task metrics for writes
          • Pending task metrics for reads
          • Pending task metrics for cluster operations
        • Table performance metrics
        • Tiered storage performance metrics
          • Configuring tiered storage metric graphs
          • Configuring tiered storage alerts
        • Message latency metrics
          • Adding dashboard graphs for datacenter and node messaging latency
          • Adding alerts for DC and node message latency
        • Search performance metrics
        • Graph metrics
        • NodeSync metrics
        • Thread Pool (TP) metrics
          • Viewing TP stats in Node Details
          • Enabling network backpressure
        • Dropped Messages metrics
        • Operating system performance metrics
        • Alert metrics
          • Advanced system alert metrics
            • Partition name limitation for disk usage alerts
    • OpsCenter 6.8 Reference
      • OpsCenter ports reference
      • Installation and configuration locations
        • Default file locations for package installations
        • Default file locations tarball installations
      • Starting, stopping, and restarting OpsCenter
        • Startup log for OpsCenter
      • Stopping, starting, and restarting DataStax Agents
    • DSE Management Services
      • Backup Service
        • Quick Video Tour: Backup Service
        • Adding a backup location
          • Adding a local file system backup location
          • Adding an Amazon S3 backup location
            • Bulk uploading S3 backups using the AWS CLI
            • Tuning throttling when using AWS CLI
          • Adding an Azure backup location
        • Backing up data
          • Backing up a cluster
            • Creating a recurring scheduled backup
              • Editing or deleting scheduled backups
            • Scheduling a one-off backup
            • Running an ad hoc backup
            • Syncing a snapshot to a location
          • Backing up to Amazon S3
          • Backing up and restoring DataStax Graphs in OpsCenter
          • Viewing backup and restore history
            • Synchronizing backup data after an upgrade
          • Deleting backup data
        • Restoring a cluster
          • Restoring from a backup
          • Restoring a backup to a specific point-in-time
          • Monitoring sufficient disk space for restoring backups
        • Cloning cluster data
          • Cloning cluster data from a defined other location
          • Cloning cluster data from clusters managed by the same OpsCenter instance
        • Configuring the Backup Service
          • Configuring commit log backups
          • Configuring the free disk space threshold for backups
          • Configuring encryption key storage for backups
          • Configuring custom scripts to run before and after backups
          • Configuring restore to continue after a download failure
          • Backup Service configuration options
        • Troubleshooting Backup Service errors
      • NodeSync Service
        • Enabling NodeSync
        • Configuring the NodeSync refresh data interval
        • Viewing NodeSync Status
        • Configuring the NodeSync rate using LCM
        • NodeSync metrics
      • Repair Service
        • Repair Service overview
          • Subrange repairs overview
          • Distributed subrange overview
          • Incremental repairs overview
          • Repair Service behavior during environment changes
          • Estimating remaining repair time
        • Turning the Repair Service on
        • Turning the Repair Service off
        • Viewing repair status
        • Basic repair configuration
          • Configuring incremental repairs
            • Tracking repaired SSTables for incremental repairs
          • Excluding keyspaces or tables from subrange repairs
          • Enabling distributed subrange repairs
          • Logging for the Repair Service
          • Basic Repair Service configuration reference
        • Advanced repair configuration
          • Adjusting or disabling the throttle for subrange repairs
          • Running validation compaction sequentially
          • Advanced Repair Service configuration reference
        • Expert repair configuration
          • Setting the maximum for parallel subrange repairs
          • Expert Repair Service configuration reference
          • Tuning Repair Service for multi-datacenter environments
        • Expedited Repair Service configuration
        • Troubleshoot Repair Service errors
        • Learn more about repairs
      • Capacity Service
        • Forecasting trends for metric graphs
        • Advanced forecast configuration
      • Best Practice Service
        • Configuring Best Practice service rules
        • Monitoring the results of Best Practice service scans
        • Best Practice Rules Reference
      • Performance Service
        • Performance Service Overview
        • Why use the OpsCenter Performance Service?
        • Enabling the OpsCenter Performance Service
        • Disabling the OpsCenter Performance Service
        • Setting permissions for the OpsCenter Performance Service
        • Tuning a database cluster with the Performance Service
          • Identifying and tuning slow queries
            • Configuring the slow query log
            • Viewing slow queries
            • Tracing slow queries
            • Example alert setup
            • Configuring rules for the slow queries advisor
            • Slow query recommendations
          • Identifying poorly performing tables
            • Configuring table metrics
            • Viewing table metrics
            • Example alert setup
            • Configuring rules for the table metrics advisor
            • Tables metrics recommendations
          • Monitoring node thread pool statistics
            • Configuring thread pool statistics
            • Viewing thread pool statistics in the Performance Service
            • Example alert setup
            • Configuring rules for the thread pools advisor
            • Thread pool statistics recommendations
    • Troubleshooting OpsCenter
    • Lifecycle Manager
      • Overview of Lifecycle Manager
        • Supported capabilities
        • Defining the topology
        • Using configuration profiles
        • Defining repositories
        • Running jobs in LCM
          • Job types in LCM
          • Job concurrency in LCM
        • Monitoring job status
      • Installing DSE using LCM
        • Accessing OpsCenter Lifecycle Manager
        • Creating custom data directories
        • Adding SSH credentials
        • Adding a configuration profile
        • Adding a repository
        • Defining the cluster topology
          • Adding a cluster
          • Adding a datacenter
          • Adding a node
        • Running an installation job
        • Viewing job details
        • Using LCM in an offline environment
          • Required software for offline DSE installs
          • Downloading DSE in an offline environments
      • Managing SSH credentials
        • Adding SSH credentials
        • Editing SSH credentials
        • Deleting SSH credentials
        • Configuring SSH connection thresholds for LCM jobs
      • Managing configuration profiles
        • Adding a configuration profile
        • Editing a configuration profile
        • Customizing configuration profile files
        • Cloning a configuration profile
        • Deleting a configuration profile
        • Configuring an HTTP or HTTPS proxy
      • Configuring repositories
        • Adding a repository
        • Editing a repository
        • Deleting a repository
      • Defining DSE topologies
        • Managing cluster topologies
          • Adding a cluster
          • Editing a cluster
          • Deleting a cluster
          • Importing a cluster topology
        • Managing datacenter topologies
          • Adding a datacenter
          • Editing a datacenter
          • Deleting a datacenter
        • Managing node topologies
          • Adding a node
          • Editing a node
          • Deleting a node
      • Running LCM jobs
        • Running an installation job
        • Running an configure job
        • Running an upgrade job
          • Example: Upgrading DSE to a minor release using LCM
        • Aborting a job
        • Adjusting idle timeout
      • Configuring Java options
        • Choosing a Java vendor in LCM
        • Managing Java installs
        • Configuring JVM options for DSE using LCM
      • Configuring DSE security using LCM
        • Native transport authentication schemes and limitations in LCM
          • Configuring row-level access control
        • Configuring SSL/TLS for DSE
        • Configuring a JMX Connection to DSE
      • Lifecycle Manager configuration options
      • Configuration known issues and limitations
      • Using advanced configurations with LCM
        • Exporting metrics collection
        • Configuring AlwaysOn SQL
        • Configuring DSE Graph
        • Configuring the NodeSync rate
        • Configuring tiered storage
    • OpsCenter API reference for developers
      • Enable and access the Datastax Agent API
      • Authentication
      • OpsCenter configuration
      • Retrieving cluster and node information
      • Performing Cluster Operations
      • Managing Keyspaces and Tables
      • Retrieving Metric Data
      • Managing Events and Alerts
      • Schedule management
      • Backup Management and Restoring from Backups
      • Best Practice Rules
      • Hadoop
      • Spark
      • Managing Performance Service Configuration
      • User Interface
      • Agent Install and Status
      • Cluster Lifecycle Management
      • DataStax Agent API example curl commands
  • DataStax Enterprise OpsCenter 6.8
  • Configuring OpsCenter
  • OpsCenter Security
  • OpsCenter SSL overview
  • SSL configuration options for OpsCenter

SSL configuration options for OpsCenter

Reference of available configuration options for OpsCenter SSL in one convenient location.

address.yaml

The location of the address.yaml file depends on the type of installation:

  • Package installations: /var/lib/datastax-agent/conf/address.yaml

  • Tarball installations: install_location/conf/address.yaml

opscenterd.conf

The location of the opscenterd.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/opscenterd.conf

  • Tarball installations: install_location/conf/opscenterd.conf

cluster_name.conf

The location of the cluster_name.conf file depends on the type of installation:

  • Package installations: /etc/opscenter/clusters/cluster_name.conf

  • Tarball installations: install_location/conf/clusters/cluster_name.conf

Reference of available SSL configuration options in each level of OpsCenter configuration file (daemon, cluster, agent), sorted by alphabetical order within each section.

OpsCenter daemon (opscenterd) SSL configuration options

SSL configuration options available in opscenterd.conf:

  • [agents] agent_certfile

    The location of the certfile sent to the DataStax Agents when using SSL communication between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/agentKeyStore.der for package installations and install_location/ssl/agentKeyStore.der for tarball installations.

  • [agents] agent_keyfile

    The location of the keyfile sent to the DataStax Agents when using SSL communication between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/agentKeyStore for package installations and install_location/ssl/agentKeyStore for tarball installations.

    Do not use the agent_keyfile when manually generating and deploying keys.

  • [agents] agent_keyfile_raw

    The raw keystore file stored in the Java keystore from agent_keyfile. This parameter is required only when configuring high availability, so that the secondary OpsCenter instance can communicate with the primary OpsCenter instance. The failover opscenterd processes on the secondary OpsCenter instance use this key to establish a STOMP connection to the primary opscenterd instance.

  • [agents] ssl_certfile

    The location of the SSL certificate used for SSL traffic between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/opscenter.der for package installations and install_location/ssl/opscenter.der for tarball installations.

  • [agents] ssl_keyfile

    The location of the SSL key file used for SSL traffic between OpsCenter and the DataStax Agents. The default location is /var/lib/opscenter/ssl/opscenter.key for package installations and install_location/ssl/opscenter.key for tarball installations.

  • [agents] use_ssl

    Specifies whether traffic between OpsCenter and the DataStax Agents should use SSL. The default value is False.

  • [webserver] ssl_certfile

    The location where the SSL certificate resides. This option requires ssl_keyfile and optionally ssl_port to also be set.

  • [webserver] ssl_keyfile

    The location where the SSL keyfile resides. This option requires ssl_certfile and optionally ssl_port to also be set.

  • [webserver] ssl_port

    The port on which to serve SSL traffic. The default port is 8443.

Cluster SSL configuration options

Cluster-specific SSL configuration options available in cluster_name.conf:

  • [agents] ssl_keystore

    The SSL keystore location for DataStax Agents to use to connect to CQL on the monitored cluster.

  • [agents] ssl_keystore_password

    The SSL keystore password for DataStax Agents to use to connect to CQL on the monitored cluster.

  • [agents] ssl_truststore

    The SSL truststore location for DataStax Agents to use for trusted certs.

  • [agents] ssl_truststore_password

    The SSL truststore password for DataStax Agents to use for trusted certs.

  • [agents] storage_ssl_keystore

    The SSL keystore location for DataStax Agents to use to connect to CQL on the storage cluster.

  • [agents] storage_ssl_keystore_password

    The SSL keystore password for DataStax Agents to use to connect to CQL on the storage cluster.

  • [agents] storage_ssl_truststore

    The SSL truststore location for DataStax Agents to use for trusted certs on the storage cluster.

  • [agents] storage_ssl_truststore_password

    The SSL truststore password for DataStax Agents to use for trusted certs on the storage cluster.

  • [cassandra] ssl_keystore

    The SSL keystore location for OpsCenter to use to connect to Cassandra directly.

  • [cassandra] ssl_keystore_password

    The SSL keystore password for OpsCenter to use to connect to Cassandra directly.

  • [cassandra] ssl_truststore

    The SSL truststore location for OpsCenter to use to connect to Cassandra directly.

  • [cassandra] ssl_truststore_password

    The SSL truststore password for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_keystore

    The SSL keystore location for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_keystore_password

    The SSL keystore password for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_truststore

    The SSL truststore location for OpsCenter to use to connect to Cassandra directly.

  • [storage_cassandra] ssl_truststore_password

    The SSL truststore password for OpsCenter to use to connect to Cassandra directly.

Agent configuration options

SSL configuration options available for agents in address.yaml:

  • monitored_ssl_keystore

    The SSL keystore location for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_keystore: /etc/dse/conf/.keystore

  • monitored_ssl_keystore_password

    The SSL keystore password for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]

  • monitored_ssl_truststore

    The SSL truststore location for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_truststore: /etc/dse/conf/.truststore

  • monitored_ssl_truststore_password

    The SSL truststore password for the monitored cluster that agents use to connect to CQL. Example: monitored_ssl_truststore_password: truststore-pass [This field may be encrypted for additional security.]

  • opscenter_ssl_keystore

    The SSL keystore location that the DataStax Agents use to connect to opscenterd. Example: opscenter_ssl_keystore: /etc/opscenter/conf/.keystore

  • opscenter_ssl_keystore_password

    The SSL keystore password that the agents use to connect to opscenterd. Example: opscenter_ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]

  • opscenter_ssl_truststore

    The path to the truststore file that the agents use to connect to opscenterd. Example: opscenter_ssl_truststore: /etc/opscenter/conf/.truststore

  • opscenter_ssl_truststore_password

    The SSL truststore password that the agents use to connect to opscenterd. Default: Uses the keystore password if an SSL truststore password is not specified. Example: opscenter_ssl_truststore_password: trust-pass [This field may be encrypted for additional security.]

  • opscenter_ssl_strict_subject_validation

    Instructs the agent to reject certificates from opscenterd when the certificate subject does not match the server’s ip. This option is false by default, which means the agent attempts subject validation first. If that fails, the agent logs a warning and retries the connection without subject validation. In a later version of OpsCenter, the default will change to true. Example: opscenter_ssl_strict_subject_validation: true

  • ssl_keystore

    The SSL keystore location for the storage cluster that agents use to connect to CQL. Example: ssl_keystore: /etc/dse/conf/.keystore

  • ssl_keystore_password

    The SSL keystore password for the storage cluster that agents use to connect to CQL. Example: ssl_keystore_password: keystore-pass [This field may be encrypted for additional security.]

  • ssl_truststore

    The SSL truststore location for the storage cluster that agents use to connect to CQL. Example: ssl_truststore: /etc/dse/conf/.truststore

  • ssl_truststore_password

    The SSL truststore password for the storage cluster that agents use to connect to CQL. Example: ssl_truststore_password: truststore-pass [This field may be encrypted for additional security.]

  • use_ssl

    Whether or not to use SSL communication between the agent and opscenterd. Affects both the STOMP connection and the agent HTTP server. Corresponds to [agents].use_ssl in opscenterd.conf. Setting this option to true turns on SSL connections. Example: use_ssl: true

Editing/OpsCenter cluster connections for authentication or encryption Configuring OpsCenter role-based security

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage