Using RDS as Opsview's database
Opsview supports using Amazon Relational Database Services (RDS) as its own database. Here's how to set it up.
Preparation and considerations
Prior to setting up Opsview to use a MySQL RDS instance as its database, you must:
- set up your MySQL RDS instance (other types of database are not supported)
- have a root-privileged user that Opsview can use on your MySQL RDS instance (it should have the username 'root').
- set admin_opsview's password so that it matches the one specified in
/opt/opsview/deploy/etc/user_secrets.yml
on the line startingopsview_database_root_password
.
6.7.1 and above
Opsview recommends that encrypted connections using TLS is enabled for external MySQL database servers.
If using a custom CA then the CA public certificate needs to be added to the systems CA bundle or configure Opsview database CA path to your CA public certificate in PEM format:
opsview_database_tls_ca_path: /path/to/ca.crt
This needs to be done on all hosts that access Opsview databases.
In the following steps, you should replace the variables as appropriate for your system.
Study the example configurations carefully before copying them and remember to back up your old settings before making any changes.
The Set Up
1. Configure opsview_deploy.yml
Create an empty section called database_hosts in /opt/opsview/deploy/etc/opsview_deploy.yml
.
You can do this by appending the below to this file.
#
# ...
#
database_hosts: {}
Why is this section blank?
The existence of this section tells opsview_deploy to set up an external database.
Populating this section, notably with the database IP address, will cause opsview_deploy to fail.
2. Configure user_vars.yml
The following changes must be made to /opt/opsview/deploy/etc/user_vars.yml
:
- Create a section called opsview_database_backend_nodes
- Declare the database FQDN
- Declare the database name
- Declare the database root username (
root
)
#
# ...
#
opsview_database_backend_nodes:
- ip_addr: opsview6.aaal.eu-west-1.rds.amazonaws.com # replace with your database FQDN
name: opsview_database # replace with your database name
opsview_database_root_username: root
- [6.7.1 and above] Optionally enable TLS encryption to the MySQL server - Update
user_vars.yml
as follows:
#
# ...
#
opsview_database_backend_nodes:
- ip_addr: opsview6.aaal.eu-west-1.rds.amazonaws.com # replace with your database FQDN
name: opsview_database # replace with your database name
opsview_database_root_username: root
# It is recommended to encrypt connections to external database server.
opsview_database_tls_enabled: True
Note: (it’s possible to customize other database/TLS related settings which are documented in user_variables-example.yml
).
3. Run opsview_deploy
Execute the below command as root.
/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/setup-everything.yml
Upgrading existing databases to TLS
(6.7.1 and above)
- Ensure that TLS is enabled in the external database configuration.
- Add the following line to /opt/opsview/deploy/etc/user_vars.yml:
opsview_database_tls_enabled: True
- Optionally add the CA path to /opt/opsview/deploy/etc/user_vars.yml. This is only required if the database's CA certificate has not been added to the system CA bundle:
opsview_database_tls_ca_path: <path_to_ca_certificate>
- Run setup everything:
/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/setup-everything.yml
- Optionally enforce secure transport on the external database by setting
require_secure_transport = ON
in the database configuration.
Updated about 1 year ago