Enabling Agent SSL in LCM-installed clusters

Introduction

OpsCenter 6.0 shipped with a bug that prevents configuration of agents with SSL enabled on clusters installed by Lifecycle Manager (the bug is not present for clusters created before and imported into LCM). This bug should be addressed in the next release (6.0.3), but until then there is a workaround by calling the LCM APIs. You should only use this fix if use_ssl = True in the [agents] section of opscenterd.conf.

Python Script

While it is possible to call the APIs using a series of curl commands and sed/editing the config-profile bodies, things are simpler if you have Python installed on a machine that has access to the OpsCenter server. The following Python script will automate the API steps for every config profile in LCM. You only need to tweak the base_url, opsc_user, and opsc_pass variables for your environment:

import urllib2
import json

# If using SSL, this will need to be something like
# https://yourhost:8443
base_url = "http://10.200.179.108:8888"   # CHANGE ME

# OpsCenter Auth credentials
# Set these if using auth, otherwise None
opsc_user = None # CHANGE ME
opsc_pass = None # CHANGE ME

session_id = None
if opsc_user and opsc_pass:
    data = """{"username": "%s", "password": "%s"}""" % (opsc_user, opsc_pass)
    req = urllib2.Request("%s/login" % base_url, data)
    req.add_header("Content-Length", len(data))
    req.add_header("Content-Type", "application/json")
    response = urllib2.urlopen(req)
    session_id = json.loads(response.read()).get("sessionid")

# Get the ID of each config-profile
req = urllib2.Request("%s/api/v1/lcm/config_profiles/" % base_url)
if session_id:
    req.add_header("opscenter-session", session_id)
response = urllib2.urlopen(req)
profile_ids = [x.get("id") for x in json.loads(response.read()).get("results")]

# For each config profile, add in the address-yaml config to set use_ssl to True.
for profile_id in profile_ids:
    req = urllib2.Request("%s/api/v1/lcm/config_profiles/%s" % (base_url, profile_id))
    if session_id:
        req.add_header("opscenter-session", session_id)
    response = urllib2.urlopen(req)
    profile = json.loads(response.read())
    json_field = profile.get("json", {})
    address_yaml = json_field.get("address-yaml", {})
    address_yaml["use-ssl"] = True
    json_field["address-yaml"] = address_yaml
    profile["json"] = json_field
    data = json.dumps(profile)

    # PUT updated profile
    req = urllib2.Request("%s/api/v1/lcm/config_profiles/%s" % (base_url, profile_id), data)
    if session_id:
        req.add_header("opscenter-session", session_id)
    req.get_method = lambda: 'PUT'
    urllib2.urlopen(req)