src/test/resources/config/sidecar_ssl.yaml - cassandra-sidecar - Git at Google

 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 #
 # Cassandra SideCar configuration file
 #
 cassandra_instances:
   - id: 1
     host: localhost1
     port: 9042
     username: cassandra
     password: cassandra
     data_dirs:
       - /ccm/test/node1/data0
       - /ccm/test/node1/data1
     staging_dir: /ccm/test/node1/sstable-staging
     jmx_host: 127.0.0.1
     jmx_port: 7100
     jmx_ssl_enabled: false
   #    jmx_role:
   #    jmx_role_password:
   - id: 2
     host: localhost2
     port: 9042
     username: cassandra
     password: cassandra
     data_dirs:
       - /ccm/test/node2/data0
       - /ccm/test/node2/data1
     staging_dir: /ccm/test/node2/sstable-staging
     jmx_host: 127.0.0.1
     jmx_port: 7200
     jmx_ssl_enabled: false
   #    jmx_role:
   #    jmx_role_password:
   - id: 3
     host: localhost3
     port: 9042
     username: cassandra
     password: cassandra
     data_dirs:
       - /ccm/test/node3/data0
       - /ccm/test/node3/data1
     staging_dir: /ccm/test/node3/sstable-staging
     jmx_host: 127.0.0.1
     jmx_port: 7300
     jmx_ssl_enabled: false
 #    jmx_role:
 #    jmx_role_password:

 sidecar:
   host: 0.0.0.0
   port: 9043
   request_idle_timeout_millis: 300000 # this field expects integer value
   request_timeout_millis: 300000
   tcp_keep_alive: false
   accept_backlog: 1024
   server_verticle_instances: 1
   throttle:
     stream_requests_per_sec: 5000
     delay_sec: 5
     timeout_sec: 10
   traffic_shaping:
     inbound_global_bandwidth_bps: 500
     outbound_global_bandwidth_bps: 1500
     peak_outbound_global_bandwidth_bps: 2000
     max_delay_to_wait_millis: 2500
     check_interval_for_stats_millis: 3000
   sstable_upload:
     concurrent_upload_limit: 80
     min_free_space_percent: 10
     # file_permissions: "rw-r--r--" # when not specified, the default file permissions are owner read & write, group & others read
   allowable_time_skew_in_minutes: 60
   sstable_import:
     poll_interval_millis: 100
     cache:
       expire_after_access_millis: 7200000 # 2 hours
       maximum_size: 10000
   worker_pools:
     service:
       name: "sidecar-worker-pool"
       size: 20
       max_execution_time_millis: 60000 # 60 seconds
     internal:
       name: "sidecar-internal-worker-pool"
       size: 20
       max_execution_time_millis: 900000 # 15 minutes
   jmx:
     max_retries: 3
     retry_delay_millis: 200

 #
 # Enable SSL configuration (Disabled by default)
 #
 ssl:
   enabled: true
   use_openssl: false
   handshake_timeout_sec: 25
   client_auth: REQUEST # valid options are NONE, REQUEST, REQUIRED
   accepted_protocols:
    - TLSv1.3
   cipher_suites:
    - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    - TLS_RSA_WITH_AES_128_GCM_SHA256
    - TLS_RSA_WITH_AES_128_CBC_SHA
    - TLS_RSA_WITH_AES_256_CBC_SHA
   keystore:
     type: PKCS12
     path: "path/to/keystore.p12"
     password: password
     check_interval_sec: 300
   truststore:
     path: "path/to/truststore.p12"
     password: password


 healthcheck:
   initial_delay_millis: 100
   poll_freq_millis: 30000

 cassandra_input_validation:
   forbidden_keyspaces:
     - system_schema
     - system_traces
     - system_distributed
     - system
     - system_auth
     - system_views
     - system_virtual_schema
   allowed_chars_for_directory: "[a-zA-Z][a-zA-Z0-9_]{0,47}"
   allowed_chars_for_quoted_name: "[a-zA-Z_0-9]{1,48}"
   allowed_chars_for_component_name: "[a-zA-Z0-9_-]+(.db|.cql|.json|.crc32|TOC.txt)"
   allowed_chars_for_restricted_component_name: "[a-zA-Z0-9_-]+(.db|TOC.txt)"
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	#
	# Cassandra SideCar configuration file
	#
	cassandra_instances:
	- id: 1
	host: localhost1
	port: 9042
	username: cassandra
	password: cassandra
	data_dirs:
	- /ccm/test/node1/data0
	- /ccm/test/node1/data1
	staging_dir: /ccm/test/node1/sstable-staging
	jmx_host: 127.0.0.1
	jmx_port: 7100
	jmx_ssl_enabled: false
	# jmx_role:
	# jmx_role_password:
	- id: 2
	host: localhost2
	port: 9042
	username: cassandra
	password: cassandra
	data_dirs:
	- /ccm/test/node2/data0
	- /ccm/test/node2/data1
	staging_dir: /ccm/test/node2/sstable-staging
	jmx_host: 127.0.0.1
	jmx_port: 7200
	jmx_ssl_enabled: false
	# jmx_role:
	# jmx_role_password:
	- id: 3
	host: localhost3
	port: 9042
	username: cassandra
	password: cassandra
	data_dirs:
	- /ccm/test/node3/data0
	- /ccm/test/node3/data1
	staging_dir: /ccm/test/node3/sstable-staging
	jmx_host: 127.0.0.1
	jmx_port: 7300
	jmx_ssl_enabled: false
	# jmx_role:
	# jmx_role_password:

	sidecar:
	host: 0.0.0.0
	port: 9043
	request_idle_timeout_millis: 300000 # this field expects integer value
	request_timeout_millis: 300000
	tcp_keep_alive: false
	accept_backlog: 1024
	server_verticle_instances: 1
	throttle:
	stream_requests_per_sec: 5000
	delay_sec: 5
	timeout_sec: 10
	traffic_shaping:
	inbound_global_bandwidth_bps: 500
	outbound_global_bandwidth_bps: 1500
	peak_outbound_global_bandwidth_bps: 2000
	max_delay_to_wait_millis: 2500
	check_interval_for_stats_millis: 3000
	sstable_upload:
	concurrent_upload_limit: 80
	min_free_space_percent: 10
	# file_permissions: "rw-r--r--" # when not specified, the default file permissions are owner read & write, group & others read
	allowable_time_skew_in_minutes: 60
	sstable_import:
	poll_interval_millis: 100
	cache:
	expire_after_access_millis: 7200000 # 2 hours
	maximum_size: 10000
	worker_pools:
	service:
	name: "sidecar-worker-pool"
	size: 20
	max_execution_time_millis: 60000 # 60 seconds
	internal:
	name: "sidecar-internal-worker-pool"
	size: 20
	max_execution_time_millis: 900000 # 15 minutes
	jmx:
	max_retries: 3
	retry_delay_millis: 200

	#
	# Enable SSL configuration (Disabled by default)
	#
	ssl:
	enabled: true
	use_openssl: false
	handshake_timeout_sec: 25
	client_auth: REQUEST # valid options are NONE, REQUEST, REQUIRED
	accepted_protocols:
	- TLSv1.3
	cipher_suites:
	- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
	- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
	- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
	- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
	- TLS_RSA_WITH_AES_128_GCM_SHA256
	- TLS_RSA_WITH_AES_128_CBC_SHA
	- TLS_RSA_WITH_AES_256_CBC_SHA
	keystore:
	type: PKCS12
	path: "path/to/keystore.p12"
	password: password
	check_interval_sec: 300
	truststore:
	path: "path/to/truststore.p12"
	password: password


	healthcheck:
	initial_delay_millis: 100
	poll_freq_millis: 30000

	cassandra_input_validation:
	forbidden_keyspaces:
	- system_schema
	- system_traces
	- system_distributed
	- system
	- system_auth
	- system_views
	- system_virtual_schema
	allowed_chars_for_directory: "[a-zA-Z][a-zA-Z0-9_]{0,47}"
	allowed_chars_for_quoted_name: "[a-zA-Z_0-9]{1,48}"
	allowed_chars_for_component_name: "[a-zA-Z0-9_-]+(.db\|.cql\|.json\|.crc32\|TOC.txt)"
	allowed_chars_for_restricted_component_name: "[a-zA-Z0-9_-]+(.db\|TOC.txt)"