DataStax Enterprise configuration file (dse.yaml)

The dse.yaml file is the primary configuration file for DataStax Enterprise. The location of the dse.yaml file depends on the type of installation:

Installer-Services	/etc/dse/dse.yaml
Package installations	/etc/dse/dse.yaml
Installer-No Services	`install_location`/resources/dse/conf/dse.yaml
Tarball installations	`install_location`/resources/dse/conf/dse.yaml

For cassandra.yaml configuration, see Node and cluster configuration (cassandra.yaml).

DSE In-Memory options

max_memory_to_lock_fraction: 0.20
# max_memory_to_lock_mb: 10240

To use the DSE In-Memory, choose one of these options to specify how much system memory to use for all in-memory tables.

max_memory_to_lock_fraction: Specify a fraction of the system memory. The default value of 0.20 specifies to use up to 20% of system memory.
max_memory_to_lock_mb: Specify a maximum amount of memory in MB.

Hive meta store

hive_meta_store_enabled: true

hive_meta_store_enabled: Enables or disables the Hive meta store via Cassandra. Default: true.

Kerberos options

Use these options for configuring security for a DataStax Enterprise cluster using Kerberos. For instructions, see Authenticating a cluster with Kerberos.

kerberos_options:
   keytab: path_to_keytab/dse.keytab
   service_principal: dse_user/_HOST@REALM
   http_principal: HTTP/_HOST@REALM
   qop: auth

keytab: resources/dse/conf/dse.keytab
The keytab file must contain the credentials for both of the fully resolved principal names, which replace _HOST with the fully qualified domain name (FQDN) of the host in the service_principal and http_principal settings. The UNIX user running DSE must also have read permissions on the keytab.
service_principal: dse_user/_HOST@REALM
The service_principal that the Cassandra and Hadoop processes run under must use the form dse_user/_HOST@REALM, where dse_user is:
- Installer-Services and Package installations: cassandra
- Package installations: the name of the UNIX user that starts the service
where:
- _HOST is converted to a reverse DNS lookup of the broadcast address.
- REALM is the name of your Kerberos realm. In the Kerberos principal, REALM must be uppercase.
Set The service_principal must be consistent everywhere: in the dse.yaml file, present in the keytab, and in the cqlshrc file (where service_principal is separated into service/hostname).
http_principal: HTTP/_HOST@REALM
The http_principal is used by the Tomcat application container to run DSE Search. The Tomcat web server uses GSS-API mechanism (SPNEGO) to negotiate the GSSAPI security mechanism (Kerberos). Set REALM to the name of your Kerberos realm. In the Kerberos principal, REALM must be uppercase.
qop - auth
A comma-delimited list of Quality of Protection (QOP) values that clients and servers can use for each connection. The client can have multiple QOP values, while the server can have only a single QOP value. The valid values are:
- auth - Default: Authentication only.
- auth-int - Authentication plus integrity protection for all transmitted data.
- auth-conf - Authentication plus integrity protection and encryption of all transmitted data.
  Encryption using auth-conf is separate and independent of whether encryption is done using SSL. If both auth-conf and SSL are enabled, the transmitted data is encrypted twice. DataStax recommends choosing only one method and using it for both encryption and authentication.

LDAP options

To use these LDAP options, you must set com.datastax.bdp.cassandra.auth.LdapAuthenticator as the authenticator in the cassandra.yaml file. For instructions, see Authenticating a cluster with LDAP.

ldap_options:
    server_host: localhost
    server_port: 389
    search_dn: cn=Admin
    search_password: secret
    use_ssl: false
    use_tls: false
    truststore_path:
    truststore_password:
    truststore_type: jks
    user_search_base: ou=users,dc=example,dc=com
    user_search_filter: (uid={0})
    credentials_validity_in_ms: 0
    connection_pool:
        max_active: 8
        max_idle: 8

server_host: The host name of the LDAP server. Default: localhost

server_port: The port on which the LDAP server listens. Default: 389

search_dn: The username of the user that is used to search for other users on the LDAP server.

search_password: The password of the search_dn user.

use_ssl: Set to true to enable SSL connections to the LDAP server. If set to true, you might need to change server_port to the SSL port of the LDAP server. Default: false

use_tls: Set to true to enable TLS connections to the LDAP server. If set to true, you might need to change the server_port to the TLS port of the LDAP server. Default: false

truststore_path: The path to the trust store for SSL certificates.

truststore_password: The password to access the trust store.

truststore_type: The type of trust store. Default: jks

user_search_base: The search base for your domain, used to look up users. Set the ou and dc elements for your LDAP domain. Typically this is set to ou=users,dc=domain,dc=top_level_domain. For example, ou=users,dc=example,dc=com.

user_search_filter: The search filter for looking up user names. Default: uid={0}

credentials_validity_in_ms: The duration period in milliseconds for the credential cache. Default: 0

search_validity_in_seconds: The duration period in milliseconds for the search cache. Default: 0

connection_pool

max_active
The maximum number of active connections to the LDAP server. Default: 8
max_idle
The maximum number of idle connections in the pool awaiting requests. Default: 8

Scheduler settings for Solr indexes

These settings control the schedulers in charge of querying for and removing expired data.

ttl_index_rebuild_options:
    fixed_rate_period: 300
    initial_delay: 20
    max_docs_per_batch: 4096
    thread_pool_size: 1

ttl_index_rebuild_options: The ttl_index_rebuild_options settings control the schedulers in charge of querying for and removing expired data.
fix_rate_period: Schedules how often to check for expired data in seconds. Default: 300
initial_delay: Speeds start-up time by delaying the first TTL checks in seconds. Default: 20
max_docs_per_batch: Sets the maximum number of documents to check and delete per batch by the TTL rebuild thread. Default: 4096
thread_pool_size: To manage system resource consumption and prevent many Solr cores from executing simultaneous TTL deletes, define the maximum number of cores that can execute TTL cleanup concurrently. Default: 1

Solr resource upload limit

You can configure the maximum resource file size or disable resource upload.

solr_resource_upload_limit_mb: 10

solr_resource_upload_limit_mb: Sets the maximum Solr resource upload size limit in MB. Set to 0 to disable resource uploading. Default: 10

Solr shard transport options

The shard_transport_options use netty or http for inter-node communication between DSE Search nodes. Also see Shard transport options for DSE Search communications.

shard_transport_options:
    type: netty
    netty_server_port: 8984
    message_server_port: 8985
    netty_server_acceptor_threads:
    netty_server_worker_threads:
    netty_client_worker_threads:
    netty_client_max_connections:
    netty_client_request_timeout:
    netty_max_frame_length_in_mb:#
# Options specific to the "http" transport type.
#   http_shard_client_conn_timeout: 0
#   http_shard_client_socket_timeout: 0

type

netty TCP-based communication provides lower latency, improved throughput, and reduced resource consumption.
http uses a standard HTTP-based interface.

When type: netty, define the following netty settings to configure inter-node communication between DSE Search nodes:

netty_server_port (deprecated): The TCP listen port. This setting is mandatory to use the netty transport now or migrate to it later. To use http transport, comment out this setting or change it to -1. During updrade to 5.0, netty_server_port is used. After all nodes are running 5.0, message_server_port is used. Default: 8984
message_server_port: The TCP listen port for the inter-node message server. Requests that are coordinated by this node use this port to communicate with other nodes. Default: 8985
netty_server_acceptor_threads: The number of server acceptor threads. Default: number_of_available_processors
netty_server_worker_threads: The number of server worker threads. Default: number_of_available_processors * 8
netty_client_worker_thread: The number of client worker threads. Default: number_of_available_processors * 8
netty_client_max_connections: The maximum number of client connections. Default: 100
netty_client_request_timeout: The client request timeout, in milliseconds, for the maximum cumulative time that a distributed Solr request will wait idly for shard responses. Default: 60000

netty_max_frame_length_in_mb: The maximum length of a message frame, in MB. Default: 256

When type: http, define the following http transport settings to configure http inter-node communication between DSE Search nodes. To avoid blocking operations, DataStax strongly recommends changing these settings to a finite value. These settings are valid across Solr cores:

http_shard_client_conn_timeout: HTTP shard client timeouts in milliseconds. 0 = no timeout. Default: 0
http_shard_client_socket_timeout: HTTP shard client socket timeouts in milliseconds. 0 = no timeout. Default: 0

Solr indexing

DSE Search provides multi-threaded indexing implementation to improve performance on multi-core machines. All index updates are internally dispatched to a per-core indexing thread pool and executed asynchronously, which allows for greater concurrency and parallelism. However, index requests can return a response before the indexing operation is executed.

max_solr_concurrency_per_core: 2
# enable_back_pressure_adaptive_nrt_commit: true
# back_pressure_threshold_per_core: 2000
# flush_max_time_per_core: 5
# load_max_time_per_core: 5

max_solr_concurrency_per_core: Configures the maximum number of concurrent asynchronous indexing threads per Solr core. If set to 1, DSE Search uses synchronous indexing behavior in a single thread. To achieve optimal performance, assign this value to number of available CPU cores divided by the number of Solr cores. For example, with 12 CPU cores and 3 Solr cores, the suggested value is 4. See Configuring and tuning indexing. Default: number_of_available_CPU_cores. To prevent writes from overwhelming reads, reduce this value and parallelDeleteTasks in solrConfig.xml.
Note: Dynamic switching to Solr concurrency level at 1 is disallowed.
enable_back_pressure_adaptive_nrt_commit: Allows back pressure system to adapt max auto soft commit time (defined per core in the solrconfig.xml file) to the actual load. Setting is respected only for NRT (near real time) cores. When Solr core is using live indexing with RT (real time) enabled, adaptive commits are disabled regardless of this property value. Default: true
back_pressure_threshold_per_core: The total number of queued asynchronous indexing requests per Solr core. When this number is exceeded, back pressure prevents excessive resource consumption by throttling new incoming requests. DataStax recommends 1000 * max_solr_concurrency_per_core. Default: 2000
flush_max_time_per_core: The maximum time, in minutes, to wait for the flushing of asynchronous index updates, which occurs at Solr commit time or at Cassandra flush time. Expert level knowledge is required to change this value. Always set the value reasonably high to ensure that flushing completes successfully. If the configured value is exceeded, index updates are only partially committed, and the Cassandra commit log is not truncated to ensure data durability.

Note: When a timeout occurs, it usually means this node is being overloaded and cannot flush in a timely manner. Live indexing increases the time to flush asynchronous index updates.
Default: 5
load_max_time_per_core: The maximum time, in minutes, to wait for each Solr core to load on startup or create/reload operations, expressed. This advanced option should be changed only if exceptions happen during core loading. Default: 1 (if not specified)

Cassandra disk failure policy

# enable_index_disk_failure_policy: false

enable_index_disk_failure_policy: DSE Search activates the configured Cassandra disk failure policy if IOExceptions occur during index update operations. Default: false

Solr CQL query options

Available options for CQL Solr queries.

solr_data_dir: /MyDir
cql_solr_query_executor_threads: 2
cql_solr_query_row_timeout: 10000

solr_data_dir: The directory to store index data. By default, the Solr data is saved in cassandra_data_dir/solr.data, or as specified by the dse.solr.data.dir system property.
cql_solr_query_executor_threads: The maximum number of threads for retrieving rows during CQL Solr queries. This value is cross-request and cross-core. Default: number of available processors * 10
cql_solr_query_row_timeout: The maximum time in milliseconds to wait for each row to be read from Cassandra during CQL Solr queries. Default: 10000 milliseconds (10 seconds)

CQL Performance Service options

These settings are used by the Performance Service to configure collection of performance metrics on Cassandra nodes. Performance metrics are stored in the dse_perf keyspace and can be queried with CQL using any CQL-based utility, such as cqlsh, DataStax DevCenter, or any application using a Cassandra CQL driver.

cql_slow_log_options:
    enabled: true
    threshold_ms: 2000
    ttl_seconds: 259200
cql_system_info_options:
    enabled: false
    refresh_rate_ms: 10000
resource_level_latency_tracking_options:
    enabled: false
    refresh_rate_ms: 10000
db_summary_stats_options:
    enabled: false
    refresh_rate_ms: 10000
cluster_summary_stats_options:
    enabled: false
    refresh_rate_ms: 10000
histogram_data_options:
  enabled: false
  refresh_rate_ms: 10000
  retention_count: 3
user_level_latency_tracking_options:
   enabled: false
   refresh_rate_ms: 10000
   top_stats_limit: 100
   quantiles: false

cql_slow_log_options: Report distributed sub-queries for Solr (query executions on individual shards) that take longer than a specified period of time. See Collecting slow queries.
enabled: Enables (true) or disables (false) log entries for slow queries. Default: true
threshold_ms: Defines the threshold time in milliseconds. Default: 2000
ttl_seconds: Defines the time, in milliseconds, to keep the slow query log entries. Default: 259200

cql_system_info_options: CQL system information tables settings See Collecting system level diagnostics.
enabled: Default: false
refresh_rate_ms: Default: 10000

resource_level_latency_tracking_options: Data resource latency tracking settings. See Collecting system level diagnostics.
enabled: Default: false
refresh_rate_ms: Default: 10000

db_summary_stats_options: Database summary statistics settings. See Collecting database summary diagnostics.
enabled: Default: false
refresh_rate_ms: Default: 10000

cluster_summary_stats_options: Cluster summary statistics settings. See Collecting cluster summary diagnostics.
enabled: Default: false
refresh_rate_ms: Default: 10000

histogram_data_options: Column Family Histogram data tables settings. See Collecting table histogram diagnostics.
enabled: Default: false
refresh_rate_ms: Default: 10000
retention_count: Default: 3

user_level_latency_tracking_options: User-resource latency tracking settings. See Collecting user activity diagnostics.
enabled: Default: false
refresh_rate_ms: Default: 10000
top_stats_limit: Default: 100
quantiles: Default: false

Spark Performance Service options

These settings are used by the Performance Service. See Monitoring Spark with Spark Performance Objects.

spark_cluster_info_options:
    enabled: false
    refresh_rate_ms: 10000
spark_application_info_options:
    enabled: false
    refresh_rate_ms: 10000
    driver:
        sink: false
        connectorSource: false
        jvmSource: false
        stateSource: false
    executor:
        sink: false
        connectorSource: false
        jvmSource: false

spark_cluster_info_options

enabled
Default: false
refresh_rate_ms
Default: 10000 milliseconds

spark_application_info_options: Statistics options.
enabled: Default: false
refresh_rate_ms: Default: 10000 milliseconds
driver: The driver option controls the metrics collected by the Spark Driver.
sink: Enables or disables writing of the metrics that are collected at Spark Driver to the Cassandra database. Default: false
connectorSource: Enables or disables Spark Cassandra Connector metrics at Spark Driver. Default: false
jvmSource: Enables or disables JVM heap and GC metrics at Spark Driver. Default: false
stateSource: Enables or disables application state metrics. Default: false

Solr Performance Service options

These settings are used by the Performance Service. See Collecting Solr performance statistics.

solr_indexing_error_log_options:
    enabled: false
    ttl_seconds: 604800
    async_writers: 1
solr_slow_sub_query_log_options:
    enabled: false
    ttl_seconds: 604800
    async_writers: 1
    threshold_ms: 3000
solr_update_handler_metrics_options:
    enabled: false
    ttl_seconds: 604800
    refresh_rate_ms: 60000
solr_request_handler_metrics_options:
    enabled: false
    ttl_seconds: 604800
    refresh_rate_ms: 60000
solr_index_stats_options:
    enabled: false
    ttl_seconds: 604800
    refresh_rate_ms: 60000
solr_cache_stats_options:
    enabled: false
    ttl_seconds: 604800
    refresh_rate_ms: 60000
solr_latency_snapshot_options:
    enabled: false
    ttl_seconds: 604800
    refresh_rate_ms: 60000

solr_indexing_error_log_options: Enable to collect record errors that occur during Solr document indexing. See Collecting indexing errors.
enabled: Default: false
ttl_seconds: Default: 604800
async_writers: Defines the number of server threads dedicated to writing in the log. More than one server thread might degrade performance. Default: 1

solr_slow_sub_query_log_options: See Collecting slow Solr queries.
enabled: Default: false
ttl_seconds: Default: 604800
async_writers: Defines the number of server threads dedicated to writing in the log. More than one server thread might degrade performance. Default: 1
threshold_ms: For the slow log, the level (in milliseconds) at which a sub-query is slow enough to be reported. Default is three seconds. Default: 3000

solr_update_handler_metrics_options: See Collecting handler statistics.
enabled: Default: false
ttl_seconds: Default: 604800
refresh_rate_ms: Default: 60000

solr_index_stats_options: See Collecting index statistics.
enabled: Default: false
ttl_seconds: Default: 604800
refresh_rate_ms: Default: 60000

solr_cache_stats_options: See Collecting cache statistics.
enabled: Default: false
ttl_seconds: Default: 604800
refresh_rate_ms: Default: 60000

solr_latency_snapshot_options: See Collecting Solr performance statistics.
enabled: Default: false
ttl_seconds: Default: 604800
refresh_rate_ms: Default: 60000

Node health options

node_health_options:
    refresh_rate_ms: 60000
    uptime_ramp_up_period_seconds: 86400
    dropped_mutation_window_minutes: 30

node_health_options: Node health options are always enabled.
refresh_rate_ms: Default: 60000
uptime_ramp_up_period_seconds: The amount of continuous uptime required for the node's uptime score to advance the node health score from 0 to 1 (full health), assuming there are no recent dropped mutations. The health score is a composite score based on dropped mutations and uptime. Tip: If a node is repairing after a period of downtime, you might want to increase the uptime period to the expected repair time. Default: 86400 (1 day)
dropped_mutation_window_minutes: The historic time window over which the rate of dropped mutations affect the node health score. Default: 30

Health-based routing

enable_health_based_routing: true

enable_health_based_routing: Enable replication selection for distributed Solr queries to consider node health when multiple candidates exist for a particular token range. Health-based routing enables a trade-off between index consistency and query throughput. When the primary concern is performance, do not enable health-based routing. Default: true

Reindexing of bootstrapped data

async_bootstrap_reindex: false

async_bootstrap_reindex

For DSE Search, configure whether to asynchronously re-index bootstrapped data. Default: false

If enabled, the node joins the ring immediately after bootstrap and re-indexing occurs asynchronously. Do not wait for post-bootstrap reindexing so that the node is not marked down.
If disabled, the node joins the ring after re-indexing the bootstrapped data.

Encryption and system key settings

Settings for encrypting passwords and sensitive system tables.

system_key_directory: /etc/dse/conf
config_encryption_active: false
config_encryption_key_name: system_key

system_key_directory

The directory where global encryption keys, called system keys, are stored. Keys that are used for SSTable encryption must be distributed to all nodes. DataStax Enterprise must be able to read and write to this directory. This directory must have 700 permissions and belong to the dse user. Default: /etc/dse/conf

See Configuring encryption using off-server encryption keys and Configuring encryption using local encryption keys.

config_encryption_active

When set to true (default: false), the following configuration values must be encrypted:

dse.yaml

ldap_options.search_password
ldap_options.truststore_password

cassandra.yaml

server_encryption_options.keystore_password
server_encryption_options.truststore_password
client_encryption_options.keystore_password 
client_encryption_options.truststore_password 
ldap_options.truststore_password

config_encryption_key_name

The name of the system key for encrypting and decrypting stored passwords in the configuration files. To encrypt keyfiles, use dsetool createsystemkey. When config_encryption_active is true, you must provide a valid key with this name for the system_key_directory option. Default: system_key

System encryption settings

system_info_encryption:
  enabled: false
  cipher_algorithm: AES
  secret_key_strength: 128
  chunk_length_kb: 64
  key_name: system_table_keytab

system_info_encryption: DataStax recommends using remote encryption keys from a KMIP server when using Transparent Data Encryption (TDE) features. Local key support is provided when a KMIP server is not available.
enabled: Enable to locally encrypt system tables that might contain sensitive information, including system.batchlog, system.paxos, hint files, and the Cassandra commit log. If true, system tables that contain sensitive information are encrypted. When you enable system table encryption on a node with existing data, run nodetool upgradesstables -a on the listed tables. When tracing is enabled, sensitive information is written to the tables in the system_traces keyspace. Configure those tables to encrypt their data by using an encrypting compressor. Default: false
cipher_algorithm: Default: AES
secret_key_strength: Default: 128
chunk_length_kb: Default: 64
key_name: The name of the keys file that is created to encrypt system tables. This file is created in system_key_directory/system/key_name. Comment out when using key_provider: KmipKeyProviderFactory Default: system_table_keytab
key_provider: An alternate key provider for local encryption. Useful for using a KMIP host as a key provider. Default: KmipKeyProviderFactory
kmip_host: When key_provider: KmipKeyProviderFactory, the kmip_groupname that is defined for the kmip_hosts entry in dse.yaml that describes the KMIP key server or group of KMIP key servers.

DSE Analytics Hive options

hive_options:
    insert_max_retries: 6
    insert_retry_sleep_period: 50

hive_options: Retries setting when Hive inserts data to Cassandra table.
insert_max_retries: Maximum number of retries. Default: 6
insert_retry_sleep_period: Period of time in milliseconds between retries. Default: 50

Spark memory

initial_spark_worker_resources: 0.7

DataStax Enterprise can control the memory and cores offered by particular Spark Workers in semi-automatic fashion.

Use the initial_spark_worker_resources parameter to specify the fraction of system resources that are made available to the Spark Worker. The available resources are calculated in the following way:

Spark Worker memory = initial_spark_worker_resources * (total system memory - memory assigned to Cassandra)
Spark Worker cores = initial_spark_worker_resources * total system cores

The lowest values that you can assign to Spark Worker memory is 64 MB. The lowest value that you can assign to Spark Worker cores is 1 core. If the results are lower, no exception is thrown and the values are automatically limited. The range of the initial_spark_worker_resources value is 0.01 to 1. If the range is not specified, the default value 0.7 is used.

This mechanism is used by default to set the Spark Worker memory and cores. To override the default, uncomment and edit one or both SPARK_WORKER_MEMORY and SPARK_WORKER_CORES options in the spark-env.sh file.

Audit logging options

audit_logging_options:
  enabled: false
  logger: SLF4JAuditWriter
  retention_time: 0

audit_logging_options

To get the maximum information from data auditing, turn on data auditing on every node. See Configuring and using data auditing and Configuring audit logging to a logback log file.

enabled

Default: false

logger

Default: SLF4JAuditWriterfalse

SLF4JAuditWriter - Logs audit information to the SLF4JAuditWriter logger. Audit logging configuration settings are in the file.

The location of the logback.xml file depends on the type of installation:

Installer-Services and Package installations	/etc/dse/cassandra/logback.xml
Installer-No Services and Tarball installations	`install_location`/resources/cassandra/logback.xml

CassandraAuditWriter - Logs audit information to a Cassandra table. This logger can be run synchronously or asynchronously. Audit logs are stored in the dse_audit.audit_log table. See related cassandra_audit_writer_options configuration entries and Configuring audit logging to a Cassandra table.

included_categories or excluded_categories

Specify either included or excluded categories. Specifying both is an error.

Comma separated list of audit event categories to include or exclude from the audit log. Categories are: QUERY, DML, DDL, DCL, AUTH.

included_categories: comma_separated_list

or

excluded_categories: comma_separated_list

included_keyspaces or excluded_keyspaces

Specify either included or excluded keyspaces. Specifying both is an error.

Use a regular expression to filter keyspaces, or use a comma separated list of keyspaces to be included or excluded from the audit log.

included_keyspaces: comma_separated_list

or

excluded_keyspaces: comma_separated_list

retention_time

The amount of time, in hours, that audit events are retained by supporting loggers. Only the CassandraAuditWriter supports retention time. Values of 0 or less retain events forever. Default: 0

cassandra_audit_writer_options

Configuration options for the CassandraAuditWriter.

cassandra_audit_writer_options:
    mode: sync
    batch_size: 50
    flush_time: 500
    num_writers: 10
    queue_size: 10000
    write_consistency: QUORUM

mode

Sets the mode the writer runs in. Default: sync

sync - A query is not executed until the audit event is successfully written.
async - Audit events are queued for writing to the audit table, but are not necessarily logged before the query executes. A pool of writer threads consumes the audit events from the queue, and writes them to the audit table in batch queries. While this substantially improves performance under load, if there is a failure between when a query is executed, and its audit event is written to the table, the audit table might be missing entries for queries that were executed.

batch_size

Available only when mode:async.

Must be greater than 0. The maximum number of events the writer will dequeue before writing them out to the table. If warnings in your logs reveal that batches are too large, decrease this value or increase the value of batch_size_warn_threshold_in_kb in cassandra.yaml. Default: 50

flush_time

Available only when mode:async.

The maximum amount of time in milliseconds before an event is removed from the queue by a writer before being written out. This flush time prevents events from waiting too long before being written to the table when there are not a lot of queries happening. Default: 500

num_writers

Available only when mode:async.

The number of worker threads asynchronously logging events to the CassandraAuditWriter. Default: 10

queue_size

queue_size: 10000

The size of the queue feeding the asynchronous audit log writer threads. When there are more events being produced than the writers can write out, the queue fills up, and newer queries block until there is space on the queue. If a value of 0 is used, the queue size is unbounded, which can lead to resource exhaustion under heavy query load. Default: 10000

write_consistency

write_consistency: QUORUM

The consistency level that is used to write audit events. Default: QUORUM

KMIP encryption options

Options for KMIP encryption keys and communication between the DataStax Enterprise node and the KMIP key server or key servers.

kmip_hosts:  
  kmip_groupname:
    hosts: kmip1.yourdomain.com, kmip2.yourdomain.com 
    keystore_path: pathto/kmip/keystore.jks
    keystore_type: jks
    keystore_password: password
    truststore_path: pathto/kmip/truststore.jks
    truststore_type: jks
    truststore_password: password
    key_cache_millis: 300000
    timeout: 1000

kmip_hosts

Configure options for a kmip_groupname section for each KMIP key server or group of KMIP key servers. Using separate key server configuration settings allows use of different key servers to encrypt table data, and eliminates the need to enter key server configuration information in DDL statements and other configurations.

kmip_groupname

A user-defined name for a group of options to configure a KMIP server or servers, key settings, and certificates.

hosts
A comma-separated list of hosts[:port] for the KMIP key server. There is no load balancing. In failover scenarios, failover occurs in the same order that servers are listed. For example: hosts: kmip1.yourdomain.com, kmip2.yourdomain.com
keystore_path
The path to a java keystore that identifies the DSE node to the KMIP key server. For example: /path/to/keystore.jks
keystore_type
The type of key store. The default value is jks.
keystore_password
The password to access the key store.
truststore_path
The path to a java truststore that identifies the KMIP key server to the DataStax Enterprise node. For example: /path/to/truststore.jks
truststore_type
The type of trust store.
truststore_password
The password to access the trust store.
key_cache_milli
Milliseconds to locally cache the encryption keys that are read from the KMIP hosts. The longer the encryption keys are cached, the fewer requests are made to the KMIP key server, but the longer it takes for changes, like revocation, to propagate to the DSE node. Default: 300000.
timeout
Socket timeout in milliseconds. Default: 1000.

CQL Solr paging

Option to specify the search pagination (cursors) behavior.

cql_solr_query_paging: off

cql_solr_query_paging

Default: off.

off - Paging is off. Do not respect driver paging settings for CQL Solr queries. To dynamically enable paging in the query, use the paging:driver parameter in JSON queries.
driver - Respects driver paging settings. Specifies to use Solr pagination (cursors) only when the driver uses pagination. Required for DSE SearchAnalytics workloads when analytics nodes leverage search.

The location of the cassandra.yaml file depends on the type of installation:

Package installations	/etc/dse/cassandra/cassandra.yaml
Tarball installations	`install_location`/resources/cassandra/conf/cassandra.yaml