remote.yaml configuration file

The DataStax Enterprise configuration file for DSE Graph Gremlin console connection to the Gremlin Server.

remote.yaml

The location of the remote.yaml file depends on the type of installation:
Package installations /etc/dse/graph/gremlin-console/conf/remote.yaml
Tarball installations installation_location/resources/graph/gremlin-console/conf/remote.yaml

cassandra.yaml

The location of the cassandra.yaml file depends on the type of installation:
Package installations /etc/dse/cassandra/cassandra.yaml
Tarball installations installation_location/resources/cassandra/conf/cassandra.yaml

dse.yaml

The location of the dse.yaml file depends on the type of installation:
Package installations /etc/dse/dse.yaml
Tarball installations installation_location/resources/dse/conf/dse.yaml

The remote.yaml file is the primary configuration file for DSE Graph Gremlin console connection to the Gremlin Server.

The dse.yaml file is the primary configuration file for the DataStax Enterprise Graph configuration, and includes the setting for the Gremlin Server options.

Synopsis

For the properties in each section, the parent setting has zero spaces. Each child entry requires at least two spaces. Adhere to the YAML syntax and retain the spacing. For example, no spaces before the parent node_health_options entry, and at least two spaces before the child settings:
node_health_options:
    refresh_rate_ms: 60000
    uptime_ramp_up_period_seconds: 10800
    dropped_mutation_window_minutes: 30

DSE Graph Gremlin basic options

An Apache TinkerPop YAML file, remote.yaml, is configured with Gremlin Server information: The Gremlin Server is configured using Apache TinkerPop specifications.

hosts: [localhost]
port: 8182
serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0,
              config: { ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistryV3d0] }}
hosts
Identifies a host or hosts running a DSE node that is running Gremlin Server. You may need to use the native_transport_address value set in cassandra.yaml.

Default: [localhost]

Note: You can also connect to the Spark Master node for the datacenter by either running the console from the Spark Master or specifying the Spark Master in the hosts field in the remote.yaml file.
port
Identifies a port on a DSE node running Gremlin Server. The port value needs to match the port value specified for gremlin_server: in the dse.yaml file.

Default: 8182

serializer
Specifies the class and configuration for the serializer used to pass information between the Gremlin console and the Gremlin Server.

Default: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0,
              config: { ioRegistries: [org.apache.tinkerpop.gremlin.tinkergraph.structure.TinkerIoRegistryV3d0]

DSE Graph Gremlin connectionPool options

The connectionPool settings specify a number of options that will be passed between the Gremlin console and the Gremlin Server.

connectionPool: {
  enableSsl: false,
  maxContentLength: 65536000,
  maxInProcessPerConnection: 4,
  maxSimultaneousUsagePerConnection: 16,
  maxSize: 8,
  maxWaitForConnection: 3000,
  maxWaitForSessionClose: 3000,
  minInProcessPerConnection: 1,
  minSimultaneousUsagePerConnection: 8,
  minSize: 2,
  reconnectInterval: 1000,
  resultIterationBatchSize: 64,
  # trustCertChainFile: /etc/dse/graph/gremlin-console/conf/mycert.pem 
  # Note: trustCertChainFile deprecated as of TinkerPop 3.2.10; instead use trustStore.
  trustStore: /full/path/to/jsse/truststore/file
}
enableSsl
Determines if SSL should be enabled. If enabled on the server, SSL must be enabled on the client. To configure the Gremlin console to use SSL, when SSL is enabled on the Gremlin Server, edit the connectionPool section of remote.yaml:
  • Set enableSsl to true.
  • Specify the path to the:
    • Java Secure Socket Extension (JSSE) truststore file via the trustStore parameter
    • Or the PEM-based trustCertChainFile
      Attention: trustCertChainFile is deprecated as of TinkerPop 3.2.10 If SSL is enabled, when you can, switch to specifying the JSSE truststore file via the trustStore parameter in remote.yaml.
Example:
hosts: [localhost]
username: Cassandra_username
password: Cassandra_password
port: 8182
...
connectionPool: {
  enableSsl: true,
  trustStore: /full/path/to/JSSE/truststore/file,
  ...
...
Tip: For related information, refer to the TinkerPop security documentation.

Default: false

maxContentLength
The maximum length in bytes that a message can be sent to the server. This number can be no greater than the setting of the same name in the server configuration.

Default: 65536000

maxInProcessPerConnection
The maximum number of in-flight requests that can occur on a connection.

Default: 4

maxSimultaneousUsagePerConnection
The maximum number of times that a connection can be borrowed from the pool simultaneously.

Default: 16

maxSize
The maximum size of a connection pool for a host.

Default: 8

maxWaitForConnection
The amount of time in milliseconds to wait for a new connection before timing out.

Default: 3000

maxWaitForSessionClose
The amount of time in milliseconds to wait for a session to close before timing out (does not apply to sessionless connections).

Default: 3000

minInProcessPerConnection
The minimum number of in-flight requests that can occur on a connection.

Default: 1

minSimultaneousUsagePerConnection
The maximum number of times that a connection can be borrowed from the pool simultaneously.

Default: 8

minSize
The minimum size of a connection pool for a host.

Default: 2

reconnectInterval
The amount of time in milliseconds to wait before trying to reconnect to a dead host.

Default: 1000

resultIterationBatchSize
The override value for the size of the result batches to be returned from the server.

Default: 64

trustCertChainFile
The location of the public certificate from the DSE truststore file, in PEM format. Also set enableSsl: true.
Attention: Deprecated as of TinkerPop 3.2.10. Instead use trustStore.
If you are using the deprecated trustCertChainFile in your version of remote.yaml, here are the details. Depending on how you created the DSE truststore file, you may already have the PEM format certificate file from the root Certificate Authority. If so, specify the PEM file with this trustCertChainFile option. If not, export the public certificate from the DSE truststore (CER format) and convert it to PEM format. Then specify the PEM file with this option. Example:
pwd
/etc/dse/graph/gremlin-console/conf
keytool -export -keystore /etc/dse/keystores/client.truststore -alias clusterca -file mycert.cer
openssl x509 -inform der -in mycert.cer -out mycert.pem
In this example, the connectionPool section of remote.yaml should then include the following options (assuming you are aware that trustCertChainFile is deprecated, as noted above).
connectionPool: {
              enableSsl: true,
              trustCertChainFile: /etc/dse/graph/gremlin-console/conf/mycert.pem,
              ...
              }

Default: Unspecified

trustStore
The location of the Java Secure Socket Extension (JSSE) truststore file. Trusted certificates for verifying the remote client's certificate. Similar to setting the JSSE property javax.net.ssl.trustStore. If this value is not provided in remote.yaml and if SSL is enabled (via enableSSL: true), the default TrustManager is used.

Default: Unspecified

DSE Graph Gremlin AuthProperties options

Security considerations for authentication between the Gremlin console and the Gremlin server require additional options in the remote.yaml file.

# jaasEntry:
# protocol:
# username: xxx
# password: xxx
jaasEntry
Sets the AuthProperties.Property.JAAS_ENTRY properties for authentication to Gremlin Server.

Default: commented out (no value)

protocol
Sets the AuthProperties.Property.PROTOCOL properties for authentication to Gremlin Server.

Default: commented out (no value)

username
The username to submit on requests that require authentication.

Default: commented out (xxx)

password
The password to submit on requests that require authentication.

Default: commented out (xxx)