Using RDS as database for Opsview

Opsview supports using Amazon Relational Database Services (RDS) as its own database. Here’s how to set it up.

Prerequisites Copied

Prior to setting up Opsview to use a MySQL RDS instance as its database, you must:

Note

Opsview recommends that encrypted connections using TLS is enabled for external MySQL database servers.

If using a custom CA then the CA public certificate needs to be added to the systems CA bundle or configure Opsview database CA path to your CA public certificate in PEM format:

opsview_database_tls_ca_path: /path/to/ca.crt

This needs to be done on all hosts that access Opsview databases.

In the following steps, you should replace the variables as appropriate for your system.

Study the example configurations carefully before copying them and remember to back up your old settings before making any changes.

Configure RDS Copied

Configure opsview_deploy YAML Copied

  1. Create an empty section called database_hosts in /opt/opsview/deploy/etc/opsview_deploy.yml. You can do this by appending the below to this file.
#
# ...
#
database_hosts: {}

Note

The existence of this section tells opsview_deploy to set up an external database. Populating this section, notably with the database IP address, will cause opsview_deploy to fail.

Configure user_vars YAML Copied

The following changes must be made to /opt/opsview/deploy/etc/user_vars.yml:

  1. Create a section called opsview_database_backend_nodes.

    • Declare the database FQDN.
    • Declare the database name.
  2. Declare the database root username (root).

#
# ...
#
opsview_database_backend_nodes:
  - ip_addr: opsview6.aaal.eu-west-1.rds.amazonaws.com  # replace with your database FQDN
    name: opsview_database                              # replace with your database name

opsview_database_root_username: root
  1. Optionally, you can enable TLS encryption to the MySQL server.
  2. Update user_vars.yml as follows:
#
# ...
#
opsview_database_backend_nodes:
  - ip_addr: opsview6.aaal.eu-west-1.rds.amazonaws.com  # replace with your database FQDN
    name: opsview_database                              # replace with your database name

opsview_database_root_username: root

# It is recommended to encrypt connections to external database server.
opsview_database_tls_enabled: True

Note

It is possible to customise other database/TLS related settings which are documented in user_variables-example.yml.

Run opsview_deploy YAML Copied

Execute the below command as root:

/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/setup-everything.yml

Upgrading existing databases to TLS Copied

  1. Ensure that TLS is enabled in the external database configuration.

  2. Add the following line to /opt/opsview/deploy/etc/user_vars.yml:

    opsview_database_tls_enabled: True
    
  3. Optionally, add the CA path to /opt/opsview/deploy/etc/user_vars.yml. This is only required if the database’s CA certificate has not been added to the system CA bundle:

    opsview_database_tls_ca_path: <path_to_ca_certificate>
    
  4. Run setup everything.

    /opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/setup-everything.yml
    
  5. Optionally enforce secure transport on the external database by setting require_secure_transport = ON in the database configuration.

["Opsview On-premises"] ["User Guide"]

Was this topic helpful?