remote.yaml configuration file

The DataStax Enterprise configuration file for DSE Graph Gremlin console connection to the Gremlin Server.

dse.yaml

The location of the dse.yaml file depends on the type of installation:

Package installations	/etc/dse/dse.yaml
Tarball installations	`installation_location`/resources/dse/conf/dse.yaml

remote.yaml

The location of the remote.yaml file depends on the type of installation:

Package installations	/etc/dse/graph/gremlin-console/conf/remote.yaml
Tarball installations	`installation_location`/resources/graph/gremlin-console/conf/remote.yaml

cassandra.yaml

The location of the cassandra.yaml file depends on the type of installation:

Package installations	/etc/dse/cassandra/cassandra.yaml
Tarball installations	`installation_location`/resources/cassandra/conf/cassandra.yaml

The remote.yaml file is the primary configuration file for DSE Graph Gremlin console connection to the Gremlin Server.

The dse.yaml file is the primary configuration file for the DataStax Enterprise Graph configuration, and includes the setting for the Gremlin Server options.

Synopsis

For the properties in each section, the parent setting has zero spaces. Each child entry requires at least two spaces. Adhere to the YAML syntax and retain the spacing. For example, no spaces before the parent node_health_options entry, and at least two spaces before the child settings:

node_health_options:
    refresh_rate_ms: 50000    
    uptime_ramp_up_period_seconds: 10800    
    dropped_mutation_window_minutes: 30

DSE Graph Gremlin basic options

An Apache TinkerPop YAML file, remote.yaml, is configured with Gremlin Server information: The Gremlin Server is configured using Apache TinkerPop specifications.

hosts: [localhost]
port: 8182
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0,
              config: { ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistryV3d0] }}

hosts: Identifies a host or hosts running a DSE node that is running Gremlin Server. You may need to use the native_transport_address value set in cassandra.yaml.
Default: [localhost]
Note: You can also connect to the Spark Master node for the datacenter by either running the console from the Spark Master or specifying the Spark Master in the hosts field in the remote.yaml file.
port: Identifies a port on a DSE node running Gremlin Server. The port value needs to match the port value specified for gremlin_server: in the dse.yaml file.
Default: 8182
serializer: Specifies the class and configuration for the serializer used to pass information between the Gremlin console and the Gremlin Server.
Default: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0,
config: { ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistryV3d0]

DSE Graph Gremlin connectionPool options

The connectionPool settings specify a number of options that will be passed between the Gremlin console and the Gremlin Server.

connectionPool: {
  enableSsl: false,
  maxContentLength: 65536000,
  maxInProcessPerConnection: 4,
  maxSimultaneousUsagePerConnection: 16,
  maxSize: 8,
  maxWaitForConnection: 3000,
  maxWaitForSessionClose: 3000,
  minInProcessPerConnection: 1,
  minSimultaneousUsagePerConnection: 8,
  minSize: 2,
  reconnectInterval: 1000,
  resultIterationBatchSize: 64,
  # trustCertChainFile: /etc/dse/graph/gremlin-console/conf/mycert.pem 
  # Note: trustCertChainFile deprecated as of TinkerPop 3.2.10; instead use trustStore.
  trustStore: /full/path/to/jsse/truststore/file
}

enableSsl

Determines if SSL should be enabled. If enabled on the server, SSL must be enabled on the client. To configure the Gremlin console to use SSL, when SSL is enabled on the Gremlin Server, edit the connectionPool section of :

Set enableSsl to true.
Specify the path to the:
- Java Secure Socket Extension (JSSE) truststore file via the trustStore parameter
- Or the PEM-based trustCertChainFile
  Attention: trustCertChainFile is deprecated as of TinkerPop 3.2.10 If SSL is enabled, when you can, switch to specifying the JSSE truststore file via the trustStore parameter in remote.yaml.

Example:

hosts: [localhost]
username: Cassandra_username
password: Cassandra_password
port: 8182
...
connectionPool: {
  enableSsl: true,
  trustStore: /full/path/to/JSSE/truststore/file,
  ...
...

Tip: For related information, refer to the TinkerPop security documentation.

Default: false

maxContentLength

The maximum length in bytes that a message can be sent to the server. This number can be no greater than the setting of the same name in the server configuration.

Default: 65536000

maxInProcessPerConnection

The maximum number of in-flight requests that can occur on a connection.

Default: 4

maxSimultaneousUsagePerConnection

The maximum number of times that a connection can be borrowed from the pool simultaneously.

Default: 16

maxSize

The maximum size of a connection pool for a host.

Default: 8

maxWaitForConnection

The amount of time in milliseconds to wait for a new connection before timing out.

Default: 3000

maxWaitForSessionClose

The amount of time in milliseconds to wait for a session to close before timing out (does not apply to sessionless connections).

Default: 3000

minInProcessPerConnection

The minimum number of in-flight requests that can occur on a connection.

Default: 1

minSimultaneousUsagePerConnection

The maximum number of times that a connection can be borrowed from the pool simultaneously.

Default: 8

minSize

The minimum size of a connection pool for a host.

Default: 2

reconnectInterval

The amount of time in milliseconds to wait before trying to reconnect to a dead host.

Default: 1000

resultIterationBatchSize

The override value for the size of the result batches to be returned from the server.

Default: 64

trustCertChainFile

The location of the public certificate from the DSE truststore file, in PEM format. Also set enableSsl: true.

Attention: Deprecated as of TinkerPop 3.2.10. Instead use trustStore.

If you are using the deprecated trustCertChainFile in your version of , here are the details. Depending on how you created the DSE truststore file, you may already have the PEM format certificate file from the root Certificate Authority. If so, specify the PEM file with this trustCertChainFile option. If not, export the public certificate from the DSE truststore (CER format) and convert it to PEM format. Then specify the PEM file with this option. Example:

pwd

/etc/dse/graph/gremlin-console/conf

keytool -export -keystore /etc/dse/keystores/client.truststore -alias clusterca -file mycert.cer

openssl x509 -inform der -in mycert.cer -out mycert.pem

In this example, the connectionPool section of should then include the following options (assuming you are aware that trustCertChainFile is deprecated, as noted above).

connectionPool: {
              enableSsl: true,
              trustCertChainFile: /etc/dse/graph/gremlin-console/conf/mycert.pem,
              ...
              }

Default: Unspecified

trustStore

The location of the Java Secure Socket Extension (JSSE) truststore file. Trusted certificates for verifying the remote client's certificate. Similar to setting the JSSE property javax.net.ssl.trustStore. If this value is not provided in and if SSL is enabled (via enableSSL: true), the default TrustManager is used.

Default: Unspecified

DSE Graph Gremlin AuthProperties options

Security considerations for authentication between the Gremlin console and the Gremlin server require additional options in the remote.yaml file.

# jaasEntry:
# protocol:
# username: xxx
# password: xxx

jaasEntry: Sets the AuthProperties.Property.JAAS_ENTRY properties for authentication to Gremlin Server.
Default: commented out (no value)
protocol: Sets the AuthProperties.Property.PROTOCOL properties for authentication to Gremlin Server.
Default: commented out (no value)
username: The username to submit on requests that require authentication.
Default: commented out (xxx)
password: The password to submit on requests that require authentication.
Default: commented out (xxx)