remote.yaml configuration file

The remote.yaml file is the primary configuration file for the DataStax Graph (DSG) Gremlin console connection to the Gremlin Server.

The dse.yaml file is the primary configuration file for the DSG configuration, and includes the setting for the Gremlin Server options.

Synopsis

For the properties in each section, the parent setting has zero spaces. Each child entry requires at least two spaces. Adhere to the YAML syntax and retain the spacing.

For example, no spaces before the parent node_health_options entry, and at least two spaces before the child settings:

node_health_options:
    refresh_rate_ms: 60000
    uptime_ramp_up_period_seconds: 10800
    dropped_mutation_window_minutes: 30

DSG Gremlin basic options

An Apache TinkerPop YAML file, remote.yaml, is configured with Gremlin Server information: The Gremlin Server is configured using Apache TinkerPop specifications.

hosts: [localhost]
port: 8182
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0,
              config: { serializeResultToString: true, ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistryV3d0] }}
hosts

Identifies a host or hosts running a DSE node that is running Gremlin Server. You may need to use the native_transport_address value set in cassandra.yaml.

Default: [localhost]

You can also connect to the Spark Master node for the datacenter by either running the console from the Spark Master or specifying the Spark Master in the hosts field in the remote.yaml file.
port

Identifies a port on a DSE node running Gremlin Server. The port value needs to match the port value specified for gremlin_server: in the dse.yaml file.

Default: 8182

serializer

Specifies the class and configuration for the serializer used to pass information between the Gremlin console and the Gremlin Server.

Default: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0, + config: { serializeResultToString: true, ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistryV3d0]

DSG Gremlin connectionPool options

The connectionPool settings specify a number of options that will be passed between the Gremlin console and the Gremlin Server.

connectionPool: {
  enableSsl: false,
  # JSSE keystore file path. Similar to setting JSSE property javax.net.ssl.keyStore.
  # keyStore:,
  # JSSE keystore password. Similar to setting JSSE property javax.net.ssl.keyStorePassword.
  # keyStorePassword:,
  # JSSE truststore file path. Similar to setting JSSE property javax.net.ssl.trustStore.
  # trustStore:,
  # JSSE truststore password. Similar to setting JSSE property javax.net.ssl.trustStorePassword.
  # trustStorePassword:,
  # JSSE keystore format. 'jks' or 'pkcs12'. Similar to setting JSSE property javax.net.ssl.keyStoreType.
  # keyStoreType:,
  # https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SunJSSE_Protocols
  # sslEnabledProtocols:,
  # https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
  # sslCipherSuites:,
  # If true, trust all certificates and do not perform any validation.
  # sslSkipCertValidation:,
  # The maximum length in bytes that a message can be sent to the server. This number can be no greater than the
  # setting of the same name in the server configuration.
  maxContentLength: 65536000,
  maxInProcessPerConnection: 4,
  maxSimultaneousUsagePerConnection: 16,
  maxSize: 8,
  maxWaitForConnection: 3000,
  maxWaitForSessionClose: 3000,
  minInProcessPerConnection: 1,
  minSimultaneousUsagePerConnection: 8,
  minSize: 2,
  reconnectInterval: 1000,
  resultIterationBatchSize: 64,
  trustStore: </full/path/to/jsse/truststore/file>}
enableSsl

Determines if SSL should be enabled. If enabled on the server, SSL must be enabled on the client. To configure the Gremlin console to use SSL, when SSL is enabled on the Gremlin Server, edit the connectionPool section of remote.yaml:

  • Set enableSsl to true.

  • Specify the path to the:

    • Java Secure Socket Extension (JSSE) truststore file via the trustStore parameter

    • Or the PEM-based trustCertChainFile

trustCertChainFile is deprecated as of TinkerPop 3.2.10. If SSL is enabled, when you can, switch to specifying the JSSE truststore file via the trustStore parameter in remote.yaml.

Example:

hosts: [localhost]
username: <Cassandra_username>
password: <Cassandra_password>
port: 8182
...
connectionPool: {
  enableSsl: true,
  trustStore: </full/path/to/JSSE/truststore/file>,
  ...
...

For related information, refer to the TinkerPop security documentation.

Default: false

maxContentLength

The maximum length in bytes that a message can be sent to the server. This number can be no greater than the setting of the same name in the server configuration.

Default: 65536000

maxInProcessPerConnection

The maximum number of in-flight requests that can occur on a connection.

Default: 4

maxSimultaneousUsagePerConnection

The maximum number of times that a connection can be borrowed from the pool simultaneously.

Default: 16

maxSize

The maximum size of a connection pool for a host.

Default: 8

maxWaitForConnection

The amount of time in milliseconds to wait for a new connection before timing out.

Default: 3000

maxWaitForSessionClose

The amount of time in milliseconds to wait for a session to close before timing out (does not apply to sessionless connections).

Default: 3000

minInProcessPerConnection

The minimum number of in-flight requests that can occur on a connection.

Default: 1

minSimultaneousUsagePerConnection

The maximum number of times that a connection can be borrowed from the pool simultaneously.

Default: 8

minSize

The minimum size of a connection pool for a host.

Default: 2

reconnectInterval

The amount of time in milliseconds to wait before trying to reconnect to a dead host.

Default: 1000

resultIterationBatchSize

The override value for the size of the result batches to be returned from the server.

Default: 64

trustCertChainFile

The location of the public certificate from the DSE truststore file, in PEM format. Also set enableSsl: <true>.

Deprecated as of TinkerPop 3.2.10. Instead use trustStore.

If you are using the deprecated trustCertChainFile in your version of remote.yaml, here are the details. Depending on how you created the DSE truststore file, you may already have the PEM format certificate file from the root Certificate Authority. If so, specify the PEM file with this trustCertChainFile option. If not, export the public certificate from the DSE truststore (CER format) and convert it to PEM format. Then specify the PEM file with this option. Example:

pwd
/etc/dse/graph/gremlin-console/conf
keytool -export -keystore /etc/dse/keystores/client.truststore -alias clusterca -file mycert.cer
openssl x509 -inform der -in mycert.cer -out mycert.pem

In this example, the connectionPool section of remote.yaml should then include the following options (assuming you are aware that trustCertChainFile is deprecated, as noted above).

connectionPool: {
              enableSsl: true,
              trustCertChainFile: </etc/dse/graph/gremlin-console/conf/mycert.pem>,
              ...
              }

Default: Unspecified

trustStore

The location of the Java Secure Socket Extension (JSSE) truststore file. Trusted certificates for verifying the remote client’s certificate. Similar to setting the JSSE property javax.net.ssl.trustStore. If this value is not provided in remote.yaml and if SSL is enabled (via enableSSL: true), the default TrustManager is used.

Default: Unspecified

DSG Gremlin AuthProperties options

Security considerations for authentication between the Gremlin console and the Gremlin server require additional options in the remote.yaml file.

# jaasEntry:
# protocol:
# username: xxx
# password: xxx
jaasEntry

Sets the AuthProperties.Property.JAAS_ENTRY properties for authentication to Gremlin Server.

Default: commented out (no value)

protocol

Sets the AuthProperties.Property.PROTOCOL properties for authentication to Gremlin Server.

Default: commented out (no value)

username

The username to submit on requests that require authentication.

Default: commented out (xxx)

password

The password to submit on requests that require authentication.

Default: commented out (xxx)

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com