Using RDS as database for Opsview
Opsview supports using Amazon Relational Database Services (RDS) as its own database. Here’s how to set it up.
Prerequisites Copied
Prior to setting up Opsview to use a MySQL RDS instance as its database, you must:
- Set up your MySQL RDS instance (other types of database are not supported).
- Have a root-privileged user that Opsview can use on your MySQL RDS instance (it should have the username
root
). - Set the password for
admin_opsview
so that it matches the one specified in/opt/opsview/deploy/etc/user_secrets.yml
on the line startingopsview_database_root_password
. - Ensure the MySQL client on the Opsview orchestrator matches the version on the MySQL RDS instance.
Note
Opsview recommends that encrypted connections using TLS is enabled for external MySQL database servers.
If using a custom CA then the CA public certificate needs to be added to the systems CA bundle or configure Opsview database CA path to your CA public certificate in PEM format:
opsview_database_tls_ca_path: /path/to/ca.crt
This needs to be done on all hosts that access Opsview databases.
In the following steps, you should replace the variables as appropriate for your system.
Study the example configurations carefully before copying them and remember to back up your old settings before making any changes.
Configure RDS Copied
Configure opsview_deploy YAML Copied
- Create an empty section called database_hosts in
/opt/opsview/deploy/etc/opsview_deploy.yml
. You can do this by appending the below to this file.
#
# ...
#
database_hosts: {}
Note
The existence of this section tells opsview_deploy to set up an external database. Populating this section, notably with the database IP address, will causeopsview_deploy
to fail.
Configure user_vars YAML Copied
The following changes must be made to /opt/opsview/deploy/etc/user_vars.yml
:
-
Create a section called
opsview_database_backend_nodes
.- Declare the database FQDN.
- Declare the database name.
-
Declare the database root username (
root
).
#
# ...
#
opsview_database_backend_nodes:
- ip_addr: opsview6.aaal.eu-west-1.rds.amazonaws.com # replace with your database FQDN
name: opsview_database # replace with your database name
opsview_database_root_username: root
- Optionally, you can enable TLS encryption to the MySQL server.
- Update
user_vars.yml
as follows:
#
# ...
#
opsview_database_backend_nodes:
- ip_addr: opsview6.aaal.eu-west-1.rds.amazonaws.com # replace with your database FQDN
name: opsview_database # replace with your database name
opsview_database_root_username: root
# It is recommended to encrypt connections to external database server.
opsview_database_tls_enabled: True
Note
It is possible to customise other database/TLS related settings which are documented inuser_variables-example.yml
.
Run opsview_deploy YAML Copied
Execute the below command as root:
/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/setup-everything.yml
Upgrading existing databases to TLS Copied
-
Ensure that TLS is enabled in the external database configuration.
-
Add the following line to
/opt/opsview/deploy/etc/user_vars.yml
:opsview_database_tls_enabled: True
-
Optionally, add the CA path to
/opt/opsview/deploy/etc/user_vars.yml
. This is only required if the database’s CA certificate has not been added to the system CA bundle:opsview_database_tls_ca_path: <path_to_ca_certificate>
-
Run setup everything.
/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/setup-everything.yml
-
Optionally enforce secure transport on the external database by setting
require_secure_transport = ON
in the database configuration.