DataStax Enterprise 3.0 Documentation

DataStax Enterprise configuration (dse.yaml)

The dse.yaml file is the configuration file for setting the delegated snitch, Kerberos authentication, and purging of expired data from the Solr indexes. It is located in the following directories:

  • Packaged installs: /etc/dse/cassandra
  • Binary installs: <install_location>/resources/dse/conf

For cassandra.yaml configuration, see Node and cluster configuration (cassandra.yaml).

Snitch settings

The following property sets which snitch is delegated:

delegated_snitch

(Default: com.datastax.bdp.snitch.DseSimpleSnitch) The snitch to be delegated by the DseDelegateSnitch. The Delegated Snitch is used to implement Elastic workload re-provisioning. This feature allows you to re-provision your existing Cassandra and Hadoop nodes as required by changing workloads. The DseSimpleSnitch places Cassandra, Analytics, and Solr nodes into separate data centers. See DseSimpleSnitch.

For more information, see About snitches in the Cassandra documentation.

Kerberos support

The following properties set the QOP (Quality of Protection) and encryption options:

kerberos_options

  • keytab: resources/dse/conf/dse.keytab

  • service_principal: dse/_HOST@REALM

  • http_principal: HTTP/_HOST@REALM

  • qop: auth A comma-delimited list of Quality of Protection values that clients and servers can use for each connection. The valid values are:

    • auth: (Default) Authentication only.

    • auth-int: Authentication plus integrity protection for all transmitted data.

    • auth-conf: Authentication plus integrity protection and encryption of all transmitted data.

      Encryption using auth-conf is separate and completely independent of whether encryption is done using SSL. If both auth-conf and SSL are enabled, the transmitted data is encrypted twice. DataStax recommends choosing one and using it for both encryption and authentication.

client_encryption_options

The options are:

  • enabled: (Default: false)
  • keystore: resources/dse/conf/.keystore
  • keystore_password: cassandra
  • keystore_type: JKS
  • truststore: resources/dse/conf/.truststore
  • truststore_password: cassandra
  • truststore_type JKS
  • protocol: ssl
  • cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA]

Scheduler settings for Solr indexes

Use these settings to ensure that data that has exceeded its TTL (time to live) is purged from Solr indexes.

ttl_index_rebuild_options

The options are:

  • fix_rate_period: (Default: 300 seconds) Schedules how often to check for expired data.

  • initial_delay: (Default: 20 seconds) Delays the first checks to speed up startup.

    Each Solr core must be checked individually. The following settings define which threadpool executes those checks concurrently:

  • thread_pool_initial_size: (Default: 3)

  • thread_pool_max_size: (Default: 20)

  • thread_pool_keep_alive_time: (Default: 60 seconds) How long an idle thread is kept in the active pool.

  • thread_pool_blocking_queue_size: (Default: 20)

  • max_solr_search_result_count_per_page: (Default: 200) Sets the maximum Solr search result count per page. Use this setting to throttle the resources consumed by the scheduled checks.

Other settings

  • max_solr_concurrency_per_core (Default: number of available cores times 2) Configures the number of available indexing threads per core.