Advanced properties (TODO)

Properties for advanced users or properties that are less commonly used.

Advanced initialization properties

auto_bootstrap
(Default: true) This setting has been removed from default configuration. It causes new (non-seed) nodes migrate the right data to themselves automatically. When initializing a fresh cluster without data, add auto_bootstrap: false. Related information: Initializing a multiple node cluster (single datacenter) and Initializing a multiple node cluster (multiple datacenters).

batch_size_warn_threshold_in_kb (Default: 5KB per batch) Causes Cassandra to log a WARN message when any batch size exceeds this value in kilobytes. CAUTION: Increasing this threshold can lead to node instability. batch_size_fail_threshold_in_kb (Default: 50KB per batch) Cassandra fails any batch whose size exceeds this setting. The default value is 10X the value of batch_size_warn_threshold_in_kb. unlogged_batch_across_partitions_warn_threshold (Default: 10partitions per batch) Causes Cassandra to log a WARN message on any batches not of type LOGGED that span across more partitions than this limit. The default value is 10 partitions. cdc_enabled (Default: commented out) Enable / disable CDC functionality on a per-node basis. This modifies the logic used for write path allocation rejection (standard: never reject. cdc: reject Mutation containing a CDC-enabled table if at space limit in cdc_raw_directory). Important: Do not enable CDC on a mixed-version cluster. Upgrade all nodes to Cassandra 3.8 before enabling and restarting the cluster. broadcast_address (Default: listen_address)note The "public" IP address this node uses to broadcast to other nodes outside the network or across regions in multiple-region EC2 deployments. If this property is commented out, the node uses the same IP address or hostname as listen_address. A node does not need a separate broadcast_address in a single-node or single-datacenter installation, or in an EC2-based network that supports automatic switching between private and public communication. It is necessary to set a separate listen_address and broadcast_address on a node with multiple physical network interfaces or other topologies where not all nodes have access to other nodes by their private IP addresses. For specific configurations, see the instructions for listen_address. listen_on_broadcast_address (Default: false) If this node uses multiple physical network interfaces, set a unique IP address for broadcast_address and set listen_on_broadcast_address to true. This enables the node to communicate on both interfaces. Set this property to false if the node is on a network that automatically routes between public and private networks, as Amazon EC2 does.

For configuration details, see the instructions for listen_address.

initial_token (Default: disabled) Set this property for single-node-per-token architecture, in which a node owns exactly one contiguous range in the ring space. Setting this property overrides num_tokens. If your Cassandra installation is not using vnodes or this node's num_tokens is set it to 1 or is commented out, you should always set an initial_token value when setting up a production cluster for the first time, and when adding capacity. For more information, see this parameter in the Cassandra 1.1 Node and Cluster Configuration documentation. This parameter can be used with num_tokens (vnodes ) in special cases such as Restoring from a snapshot. Note: If you are using DataStax Enterprise, your node's setting for this property depends on the type of node and type of install. For more information, see Virtual node (vnode) configuration.

num_tokens (Default: 1 disabled) Set this property for virtual node token architecture. Determines the number of token ranges to assign to this (vnode). Use a number between 1 and 256, where 1 disables vnodes. When the token number varies between nodes in a datacenter, the vnode logic assigns a proportional number of ranges relative to other nodes in the datacenter. In general, if all nodes have equal hardware capability, each node should have the same num_tokens value . Random selection algorithm: Assign token ranges randomly. A higher num_token value increases the probability that the data and workload are evenly distributed. For recommended settings when randomly assigning token ranges, see Virtual node (vnode) configuration. Allocation algorithm: Assign token ranges using the allocation algorithm which optimizes the workload balance using the target keyspace replication factor. Enabled when the allocate_tokens_for_local_replication_factor is set. DataStax recommends setting the number of tokens to 8 to distribute the workload with ~10% variance between nodes. To migrate an existing cluster from single node per token range to vnodes, see Enabling virtual nodes on an existing production clusterEnabling virtual nodes on an existing production cluster. Note: All other nodes in the datacenter must have the same token architecture, that is single-token, random algorithm vnode or allocation algorithm vnode architecture. allocate_tokens_for_local_replication_factor When adding a vnode to an existing cluster or setting up nodes in a new datacenter, set to the target replication factor (RF) of keyspaces in the datacenter. Triggers algorithmic allocation for the RF and num_tokens for this node. The allocation algorithm attempts to choose tokens in a way that optimizes replicated load over the nodes in the datacenter for the specified RF. The load assigned to each node is close to proportional to the number of vnodes.

For an explanation of the random and allocation algorithms, see Virtual node (vnode) configuration. For set up instructions, see Adding nodes to an existing cluster or Adding a datacenter to a cluster.

Note: The allocation algorithm is supported only for the Murmur3Partitioner and RandomPartitioner partitioners. allocate_tokens_for_keyspace (deprecated) (Default: KEYSPACE) REPLACED BY allocate_tokens_for_local_replication_factor. Enables automatic allocation of num_tokens tokens for this node. The allocation algorithm attempts to choose tokens in a way that optimizes replicated load over the nodes in the datacenter for the replication strategy used by the specified KEYSPACE. The load assigned to each node will near proportional to its number of vnodes. partitioner (Default: org.apache.cassandra.dht.Murmur3Partitioner) Sets the class that distributes rows (by partition key) across all nodes in the cluster. Any IPartitioner may be used, including your own as long as it is in the class path. For new clusters use the default partitioner. Cassandra provides the following partitioners for backwards compatibility: RandomPartitioner ByteOrderedPartitioner (deprecated) OrderPreservingPartitioner (deprecated) Important: Use only partitioner implementations bundled with DSE. Related information: Partitioners

storage_port (Default: 7000) The port for inter-node communication. tracetype_query_ttl (Default: 86400) TTL for different trace types used during logging of the query process tracetype_repair_ttl (Default: 604800) TTL for different trace types used during logging of the repair process. Advanced automatic backup setting

auto_snapshot (Default: true) Whether Cassandra takes a snapshot of the data before truncating a keyspace or dropping a table. To prevent data loss, DataStax strongly advises using the default setting. If you set auto_snapshot to false, data loss occurs on truncation or drop. Key caches and global row properties

When creating or modifying tables, you can enable or disable the key cache (partition key cache) or row cache for that table by setting the caching parameter. Other row and key cache tuning and configuration options are set at the global (node) level. Cassandra uses these settings to automatically distribute memory for each table on the node based on the overall workload and specific table usage. You can also configure the save periods for these caches globally.

Related information: Configuring caches

key_cache_keys_to_save (Default: disabled - all keys are saved)note Number of keys from the key cache to save. key_cache_save_period (Default: 14400 seconds [4 hours]) Duration in seconds that keys are kept in cache. Caches are saved to saved_caches_directory. Saved caches greatly improve cold-start speeds and have relatively little effect on I/O. key_cache_size_in_mb (Default: empty) A global cache setting for the maximum size of the key cache in memory (for all tables). If no value is set, the cache is set to the smaller of 5% of the available heap, or 100MB. To disable set to 0. Related information: nodetool setcachecapacity, Enabling and configuring caching.

column_index_cache_size_in_kb (Default: 2) A threshold for the total size of all index entries for a partition that Cassandra stores in the partition key cache. If the total size of all index entries for a partition exceeds this amount, Cassandra stops putting entries for this partition into the partition key cache. This limitation prevents index entries from large partitions from taking up all the space in the partition key cache (which is controlled by key_cache_size_in_mb). row_cache_class_name (Default: disabled - row cache is not enabled)note The classname of the row cache provider to use. Valid values: OHCProvider (fully off-heap) or SerializingCacheProvider (partially off-heap). Important: Use only row cache provider implementations bundled with DSE. row_cache_keys_to_save (Default: disabled - all keys are saved)note Number of keys from the row cache to save. row_cache_size_in_mb (Default: 0- disabled) Maximum size of the row cache in memory. The row cache can save more time than key_cache_size_in_mb,, but it is space-intensive because it contains the entire row. Use the row cache only for hot rows or static rows. If you reduce the size, you may not get you hottest keys loaded on start up. row_cache_save_period (Default: 0- disabled) The number of seconds that rows are kept in cache. Caches are saved to saved_caches_directory. This setting has limited use as described in row_cache_size_in_mb. Counter caches properties

Counter cache helps to reduce counter locks' contention for hot counter cells. In case of RF = 1 a counter cache hit causes Cassandra to skip the read before write entirely. With RF > 1 a counter cache hit still helps to reduce the duration of the lock hold, helping with hot counter cell updates, but does not allow skipping the read entirely. Only the local (clock, count) tuple of a counter cell is kept in memory, not the whole counter, so it is relatively cheap.

Note: If you reduce the counter cache size, Cassandra may load the hottest keys start-up. counter_cache_size_in_mb (Default value: empty)note When no value is set, Cassandra uses the smaller of minimum of 2.5% of Heap or 50MB. If your system performs counter deletes and relies on low gc_grace_seconds, you should disable the counter cache. To disable, set to 0. counter_cache_save_period (Default: 7200 seconds [2 hours]) the amount of time after which Cassandra saves the counter cache (keys only). Cassandra saves caches to saved_caches_directory. counter_cache_keys_to_save (Default value: disabled)note Number of keys from the counter cache to save. When this property is disabled, Cassandra saves all keys. Tombstone settings

When executing a scan, within or across a partition, Cassandra must keep tombstones in memory to allow them to return to the coordinator. The coordinator uses tombstones to ensure that other replicas know about the deleted rows. Workloads that generate numerous tombstones may cause performance problems and exhaust the server heap. See Cassandra anti-patterns: Queues and queue-like datasets. Adjust these thresholds only if you understand the impact and want to scan more tombstones. You can adjust these thresholds at runtime using the StorageServiceMBean.

Related information: Cassandra anti-patterns: Queues and queue-like datasets

tombstone_warn_threshold (Default: 1000) Cassandra issues a warning if a query scans more than this number of tombstones. tombstone_failure_threshold (Default: 100000) Cassandra aborts a query if it scans more than this number of tombstones. Network timeout settings

range_request_timeout_in_ms (Default: 10000 milliseconds) The number of milliseconds that the coordinator waits for sequential or index scans to complete before timing it out. read_request_timeout_in_ms (Default: 5000 milliseconds) The number of milliseconds that the coordinator waits for read operations to complete before timing it out. counter_write_request_timeout_in_ms (Default: 5000 milliseconds) The number of milliseconds that the coordinator waits for counter writes to complete before timing it out. cas_contention_timeout_in_ms (Default: 1000 milliseconds) The number of milliseconds during which the coordinator continues to retry a CAS (compare and set) operation that contends with other proposals for the same row. If the coordinator cannot complete the operation within this timespan, it aborts the operation. truncate_request_timeout_in_ms (Default: 60000 milliseconds) The number of milliseconds that the coordinator waits for a truncate (the removal of all data from a table) to complete before timing it out. The long default value allows Cassandra to take a snapshot before removing the data. If auto_snapshot is disabled (not recommended), you can reduce this time. write_request_timeout_in_ms Default: 2000. The number of milliseconds that the coordinator waits for a write operations to complete before timing it out for requests with at least one node in the local datacenter. Related information: Hinted Handoff: repair during write path

crossdc_rtt_in_ms Default: 0. Increases the cross-datacenter timeout (write_request_timeout_in_ms + cross_dc_rtt_in_ms) for requests that only involve nodes in a remote datacenter. This setting is intended to reduce hint pressure. Tip: DataStax recommends using LOCAL* consistency levels (CL) for read and write requests in multi-datacenter deployments to avoid timeouts that may occur when remote nodes are chosen to satisfy the CL, such as QUORUM. request_timeout_in_ms (Default: 10000 milliseconds) The default timeout value for other miscellaneous operations. Related information: Hinted Handoff: repair during write path

Inter-node settings

cross_node_timeout (Default: false) Enables or disables operation timeout information exchange between nodes (to accurately measure request timeouts). If this property is disabled, the replica assumes any requests are forwarded to it instantly by the coordinator. During overload conditions this means extra time is required for processing already-timed-out requests. CAUTION: Before enabling this property make sure NTP (network time protocol) is installed and the times are synchronized among the nodes. internode_send_buff_size_in_bytes (Default: N/A)note The sending socket buffer size in bytes for inter-node calls. The buffer size set by this parameter and internode_recv_buff_size_in_bytes is limited by net.core.wmem_max. If this property is not set, net.ipv4.tcp_wmem determines the buffer size. See man tcp and: /proc/sys/net/core/wmem_max /proc/sys/net/core/rmem_max /proc/sys/net/ipv4/tcp_wmem /proc/sys/net/ipv4/tcp_wmem Related information: TCP settings

internode_recv_buff_size_in_bytes (Default: N/A)noteThe receiving socket buffer size in bytes for inter-node calls. internode_compression (Default: all) Controls whether traffic between nodes is compressed. Valid values: all Compresses all traffic.

dc Compresses traffic between datacenters only.

none No compression.

inter_dc_tcp_nodelay (Default: false) Enable this property or disable tcp_nodelay for inter-datacenter communication. If this property is disabled, the network sends larger, but fewer, network packets. This reduces overhead from the TCP protocol itself. However, disabling inter_dc_tcp_nodelay may increase latency by blocking cross data-center responses. streaming_socket_timeout_in_ms (Default: 3600000 - 1 hour)note Enables or disables socket timeout for streaming operations. If a streaming times out by exceeding this number of milliseconds, Cassandra retries it from the start of the current file. Setting this value too low can result in a significant amount of data re-streaming. Native transport (CQL Binary Protocol)

start_native_transport (Default: true) Enables or disables the native transport server. This server uses the same address as the rpc_address, but the port it uses is different from rpc_port. See native_transport_port. native_transport_port (Default: 9042) The port where the CQL native transport listens for clients. native_transport_max_threads (Default: 128)note The maximum number of thread handling requests. Similar to rpc_max_threads, but this property differs as follows: The default for native_transport_max_threads is 128; the default for rpc_max_threads is unlimited. There is no corresponding native_transport_min_threads. Cassandra stops idle native transport threads after 30 seconds. native_transport_max_frame_size_in_mb (Default: 256MB) The maximum allowed size of a frame. Frame (requests) larger than this are rejected as invalid. native_transport_max_concurrent_connections (Default: -1) The maximum number of concurrent client connections. The default value of -1 means unlimited. native_transport_max_concurrent_connections_per_ip (Default: -1) The maximum number of concurrent client connections per source IP address. The default value of -1 means unlimited. RPC (remote procedure call) settings

Settings for configuring and tuning client connections.

broadcast_rpc_address (Default: unset)note The RPC address for broadcast to drivers and other Cassandra nodes. This cannot be set to 0.0.0.0. If left blank, Cassandra uses the rpc_address or rpc_interface. If rpc_address or rpc_interfaceis set to 0.0.0.0, this property must be set. rpc_port (Default: 9160) Thrift port for client connections. start_rpc (Default: true) Enables or disables the Thrift RPC server. rpc_keepalive (Default: true) Enables or disables keepalive on client connections (RPC or native). rpc_max_threads (Default: unlimited)note Regardless of your choice of RPC server (rpc_server_type), rpc_max_threads dictates the maximum number of concurrent requests in the RPC thread pool. If you are using the parameter sync (see rpc_server_type) it also dictates the number of clients that can be connected. A high number of client connections could cause excessive memory usage for the thread stack. Connection pooling on the client side is highly recommended. Setting a rpc_max_threads acts as a safeguard against misbehaving clients. If the number of threads reaches the maximum, Cassandra blocks additional connections until a client disconnects. rpc_min_threads (Default: 16)noteThe minimum thread pool size for remote procedure calls. rpc_recv_buff_size_in_bytes (Default: N/A)note The receiving socket buffer size for remote procedure calls. rpc_send_buff_size_in_bytes (Default: N/A)note The sending socket buffer size in bytes for remote procedure calls. rpc_server_type (Default: sync) Cassandra provides three options for the RPC server. sync and hsha performance is about the same, but hsha uses less memory. sync: (Default: one thread per Thrift connection.) For a very large number of clients, memory is the limiting factor. On a 64-bit JVM, 180KB is the minimum stack size per thread and corresponds to your use of virtual memory. Physical memory may be limited depending on use of stack space.

hsha: Half synchronous, half asynchronous. All Thrift clients are handled asynchronously using a small number of threads that does not vary with the number of clients. This mechanism scales well to many clients. The RPC requests are synchronous (one thread per active request). Note: If you select this option, you must change the default value (unlimited) of rpc_max_threads. Your own RPC server You must provide a fully-qualified class name of an o.a.c.t.TServerFactory that can create a server instance.

Advanced fault detection settings

Settings to handle poorly performing or failing components.

gc_warn_threshold_in_ms (Default: 1000) Any GC pause longer than this interval is logged at the WARN level. (By default, Cassandra logs any GC pause greater than 200 ms at the INFO level.) Additional information: Configuring logging.

max_value_size_in_mb Default: 256. note The maximum size of any value in SSTables. It detects SSTable corruption and marks the SSTables as corrupted when the threshold is exceeded. dynamic_snitch_badness_threshold (Default: 0.1) The performance threshold for dynamically routing client requests away from a poorly performing node. Specifically, it controls how much worse a poorly performing node has to be before the dynamic snitch prefers other replicas over it. A value of 0.2 means Cassandra continues to prefer the static snitch values until the node response time is 20% worse than the best performing node. Until the threshold is reached, incoming requests are statically routed to the closest replica (as determined by the snitch). A value greater than zero for this parameter, with a value of less than 1.0 for read_repair_chance, maximizes cache capacity across the nodes. dynamic_snitch_reset_interval_in_ms (Default: 600000 milliseconds) Time interval after which Cassandra resets all node scores. This allows a bad node to recover. dynamic_snitch_update_interval_in_ms (Default: 100 milliseconds) The number of milliseconds between Cassandra's calculation of node scores. Because score calculation is CPU intensive, be careful when reducing this interval. hints_flush_period_in_ms (Default: 10000) The number of milliseconds Cassandra waits before flushing hints from internal buffers to disk. hints_directory (Default: $CASSANDRA_HOME/data/hints) The directory in which hints are stored. hinted_handoff_enabled (Default: true) Enables or disables hinted handoff. To enable per datacenter, add a list of datacenters. For example: hinted_handoff_enabled: DC1,DC2. A hint indicates that the write needs to be replayed to an unavailable node. Cassandra writes the hint to a hints file on the coordinator node. Related information: Hinted Handoff: repair during write path

hinted_handoff_disabled_datacenters (Default: none) A blacklist of datacenters that will not perform hinted handoffs. To disable hinted handoff on a certain datacenter, , add its name to this list. For example: hinted_handoff_disabled_datacenters: - DC1 - DC2. Related information: Hinted Handoff: repair during write path

hinted_handoff_throttle_in_kb (Default: 1024) Maximum amount of traffic per delivery thread in kilobytes per second. This rate reduces proportionally to the number of nodes in the cluster. For example, if there are two nodes in the cluster, each delivery thread uses the maximum rate. If there are three, each node throttles to half of the maximum, since the two nodes are expected to deliver hints simultaneously. Note: When applying this limit, Cassandra computes the hint transmission rate based on the uncompressed hint size, even if internode_compression or hints_compression is enabled. max_hint_window_in_ms (Default: 10800000 milliseconds [3 hours]) Maximum amount of time during which Cassandra generates hints for an unresponsive node. After this interval, Cassandra does not generate any new hints for the node until it is back up and responsive. If the node goes down again, Cassandra starts a new interval. This setting can prevent a sudden demand for resources when a node is brought back online and the rest of the cluster attempts to replay a large volume of hinted writes. Related information: Failure detection and recovery

max_hints_delivery_threads (Default: 2) Number of threads Cassandra uses to deliver hints. In multiple data-center deployments, consider increasing this number because cross data-center handoff is generally slower. max_hints_file_size_in_mb (Default: 128) The maximum size for a single hints file, in megabytes. hints_compression (Default: LZ4Compressor) The compressor for hint files. Supported compressors: LZ, Snappy, and Deflate. If you do not specify a compressor, Cassandra does not compress hints files. batchlog_replay_throttle_in_kb (Default: 1024KB per second) Total maximum throttle for replaying hints. Throttling is reduced proportionally to the number of nodes in the cluster. Request scheduler properties

Settings to handle incoming client requests according to a defined policy. If your nodes are overloaded and dropping requests, DataStax recommends that you add more nodes rather than use these properties to prioritize requests.

Note: The properties in this section apply only to the Thrift transport. They have no effect on the use of CQL over the native protocol. request_scheduler (Default: org.apache.cassandra.scheduler.NoScheduler) The scheduler to handle incoming client requests according to a defined policy. This scheduler is useful for throttling client requests in single clusters containing multiple keyspaces. This parameter is specifically for requests from the client and does not affect inter-node communication. Valid values: org.apache.cassandra.scheduler.NoScheduler Cassandra does no scheduling.

org.apache.cassandra.scheduler.RoundRobinScheduler Cassandra uses a round robin of client requests to a node with a separate queue for each request_scheduler_id property.

Cassandra uses a Java class that implements the RequestScheduler interface. request_scheduler_id (Default: keyspace)note The scope of the scheduler's activity. Currently the only valid value is keyspace. See weights. request_scheduler_options (Default: disabled) A list of properties that define configuration options for request_scheduler: throttle_limit: The number of in-flight requests per client. Requests beyond this limit are queued up until running requests complete. Recommended value is ((concurrent_reads + concurrent_writes) × 2). default_weight: (Default: 1)note How many requests the scheduler handles during each turn of the RoundRobin.

weights: (Default: Keyspace: 1) A list of keyspaces. How many requests the scheduler handles during each turn of the RoundRobin, based on the request_scheduler_id.

Thrift interface properties

Legacy API for older clients. CQL is a simpler and better API for Cassandra.

thrift_framed_transport_size_in_mb (Default: 15) Frame size (maximum field length) for Thrift. The frame is the row or part of the row that the application is inserting. thrift_max_message_length_in_mb (Default: 16) The maximum length of a Thrift message in megabytes, including all fields and internal Thrift overhead (1 byte of overhead for each frame). Calculate message length in conjunction with batches. A frame length greater than or equal to 24 accommodates a batch with four inserts, each of which is 24 bytes. The required message length is greater than or equal to 24+24+24+24+4 (number of frames). Security properties Server and client security settings.

authenticator (Default: AllowAllAuthenticator) The authentication backend. It implements IAuthenticator for identifying users. Available authenticators: AllowAllAuthenticator: Disables authentication; Cassandra performs no checks.

PasswordAuthenticator Authenticates users with user names and hashed passwords stored in the system_auth.roles table. Leaving the default replication factor of 1 set for the system_auth keyspace results in denial of access to the cluster if the single replica of the keyspace goes down. For multiple datacenters, be sure to set the replication class to NetworkTopologyStrategy.

Important: Use only authentication implementations bundled with DSE. Related information: About Internal authentication

internode_authenticator (Default: enabled)note Internode authentication backend. It implements org.apache.cassandra.auth.AllowAllInternodeAuthenticator to allows or disallow connections from peer nodes. Important: Use only authentication implementations bundled with DSE. authorizer (Default: AllowAllAuthorizer) The authorization backend. It implements IAuthenticator to limit access and provide permissions. Available authorizers: AllowAllAuthorizer Disables authorization: Cassandra allows any action to any user.

CassandraAuthorizer Stores permissions in system_auth.permissions table. Leaving the default replication factor of 1 set for the system_auth keyspace results in denial of access to the cluster if the single replica of the keyspace goes down. For multiple datacenters, be sure to set the replication class to NetworkTopologyStrategy.

Important: Use only authorization implementations bundled with DSE. Related information: Object permissions

role_manager (Default: CassandraRoleManager) Part of the Authentication & Authorization backend that implements IRoleManager to maintain grants and memberships between roles. Out of the box, Cassandra provides org.apache.cassandra.auth.CassandraRoleManager, which stores role information in the system_auth keyspace. Most functions of the IRoleManager require an authenticated login, so unless the configured IAuthenticator actually implements authentication, most of this functionality will be unavailable. CassandraRoleManager stores role data in the system_auth keyspace. If you use the role manager, increase system_auth keyspace replication factor. Important: Use only role manager implementations bundled with DSE. roles_validity_in_ms (Default: 2000) Fetching permissions can be an expensive operation depending on the authorizer, so this setting allows flexibility. Validity period for roles cache; set to 0 to disable. Granted roles are cached for authenticated sessions in AuthenticatedUser and after the period specified here, become eligible for (async) reload. Disabled automatically for AllowAllAuthenticator. roles_update_interval_in_ms (Default: 2000) Enable to refresh interval for roles cache. Defaults to the same value as roles_validity_in_ms. After this interval, cache entries become eligible for refresh. Upon next access, Cassandra schedules an async reload, and returns the old value until the reload completes. If roles_validity_in_ms is non-zero, then this must be also. credentials_validity_in_ms (Default: 2000) How many milliseconds credentials in the cache remain valid. This cache is tightly coupled to the provided PasswordAuthenticator implementation of IAuthenticator. If another IAuthenticator implementation is configured, Cassandra does not use this cache, and these settings have no effect. Set to 0 to disable. Related information: Internal authentication, Internal authorization

Note: Credentials are cached in encrypted form. This may cause a performance penalty that offsets the reduction in latency gained by caching. credentials_update_interval_in_ms (Default: same value as credentials_validity_in_ms) After this interval, cache entries become eligible for refresh. The next time the cache is accessed, the system schedules an asynchronous reload of the cache. Until this cache reload is complete, the cache returns the old values. If credentials_validity_in_ms is nonzero, this property must also be nonzero.

permissions_validity_in_ms (Default: 2000) How many milliseconds permissions in cache remain valid. Depending on the authorizer, such as CassandraAuthorizer, fetching permissions can be resource intensive. This setting is disabled when set to 0 or when AllowAllAuthorizer is set. Related information: Object permissions

permissions_update_interval_in_ms (Default: same value as permissions_validity_in_ms)note If enabled, sets refresh interval for the permissions cache. After this interval, cache entries become eligible for refresh. On next access, Cassandra schedules an async reload and returns the old value until the reload completes. If permissions_validity_in_ms is nonzero, roles_update_interval_in_ms must also be non-zero. server_encryption_options Enables or disables inter-node encryption. If you enable server_encryption_options, you must also generate keys and provide the appropriate key and truststore locations and passwords. There are no custom encryption options currently enabled for Cassandra. Available options: internode_encryption: (Default: none) Enables or disables encryption of inter-node communication using the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite for authentication, key exchange, and encryption of data transfers. Use the DHE/ECDHE ciphers, such as TLS_DHE_RSA_WITH_AES_128_CBC_SHA if running in (Federal Information Processing Standard) FIPS 140 compliant mode. Available inter-node options: all Encrypt all inter-node communications.

none No encryption.

dc Encrypt the traffic between the datacenters (server only).

rack Encrypt the traffic between the racks (server only).

keystore: (Default: conf/.keystore) The location of a Java keystore (JKS) suitable for use with Java Secure Socket Extension (JSSE), which is the Java version of the Secure Sockets Layer (SSL), and Transport Layer Security (TLS) protocols. The keystore contains the private key used to encrypt outgoing messages.

keystore_password: (Default: cassandra) Password for the keystore.

truststore: (Default: conf/.truststore) Location of the truststore containing the trusted certificate for authenticating remote servers.

truststore_password: (Default: cassandra) Password for the truststore.

The passwords used in these options must match the passwords used when generating the keystore and truststore. For instructions on generating these files, see Creating a Keystore to Use with JSSE.

The advanced settings:

protocol: (Default: TLS) algorithm: (Default: SunX509) store_type: (Default: JKS) cipher_suites: (Default: TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA) require_client_auth: (Default: false) Enables or disables certificate authentication.

Related information: Node-to-node encryption

client_encryption_options Enables or disables client-to-node encryption. You must also generate keys and provide the appropriate key and truststore locations and passwords. There are no custom encryption options are currently enabled for Cassandra. Available options: enabled: (Default: false) To enable, set to true.

keystore_password: (Default: cassandra) Password for the keystore. This must match the password used when generating the keystore and truststore.

require_client_auth: (Default: false) Enables or disables certificate authentication. (Available starting with Cassandra 1.2.3.)

truststore: (Default: conf/.truststore) Set this property if require_client_auth is true.

require_endpoint_verification: Default: false. Enables or disables host name verification.

truststore_password: truststore_password Set if require_client_auth is true.

Advanced settings:

transparent_data_encryption_options Enables encryption of data at rest (on-disk). Recommendation: download and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your version of the JDK. Cassandra supports transparent data encryption for the following file types: commitlog hints Available options:

enabled: (Default: false) chunk_length_kb: (Default: 64) cipher: options: AES CBC PKCS5Padding key_alias: testing:1 iv_length: 16 Note: iv_length is commented out in the default cassandra.yaml file. Uncomment only if cipher is set to AES. The value must be 16 (bytes). key_provider: class_name: org.apache.cassandra.security.JKSKeyProvider parameters:

keystore: conf/.keystore keystore_password: cassandra store_type: JCEKS key_password: cassandra ssl_storage_port (Default: 7001) The SSL port for encrypted communication. Unused unless enabled in encryption_options. native_transport_port_ssl (Default: 9142) In Cassandra 3.0 and later, an additional dedicated port can be designated for encryption. If client encryption is enabled and native_transport_port_ssl is disabled, the native_transport_port (default: 9042) will encrypt all traffic. To use both unencrypted and encrypted traffic, enable native_transport_port_ssl

Advanced (TODO)

Advanced properties (TODO)

results matching ""

No results matching ""