Astra Backend
To use Astra (Cassandra managed service by Datastax) as the persistent storage for Reaper, the storageType
setting must be set to astra in the Reaper configuration YAML file. In addition, the connection details for the Astra cluster being used to store Reaper data must be specified in the configuration YAML file. An example of how to configure Astra as persistent storage for Reaper can be found in the cassandra-reaper-astra.yaml.
storageType: astra
cassandra:
clusterName: "reaper"
contactPoints: ["astra host from the secure bundle config.json file"]
keyspace: reaper_db
port: <cql port found in the secure bundle cqlshrc file>
authProvider:
type: plainText
username: <client id>
password: <client secret>
ssl:
type: jdk
Generate a token in the Astra UI and use the token client id as the username and the token client secret as the password (you will not need the token itself).
The CQL port to connect to can be found in the cqlshrc
file of Astra’s secure connect bundle. The port found in config.json
is the metadata port which cannot be used for CQL connections.
The Astra backend provides the same capabilities as the Cassanda backend.
Schema initialization and migration will be done automatically upon startup.
SSL settings
Astra enables client to node encryption by default, which requires some additional setup in Reaper.
After installing Reaper and configuring the yaml file, copy the cassandra-reaper-ssl.properties
file to the /etc/cassandra-reaper
directory (the temmplate can be found under /etc/cassandra-reaper/configs/
) and configure it as follows:
-Djavax.net.ssl.keyStore=/path/to/identity.jks
-Djavax.net.ssl.keyStorePassword=keystore_password
-Djavax.net.ssl.trustStore=/path/to/trustStore.jks
-Djavax.net.ssl.trustStorePassword=truststore_password
# Comment the following line when using the Astra backend
# unless JMX encryption is enabled with the same keystore/truststore
# -Dssl.enable=true
The truststore and keystore (identity) files can be found in the secure connect bundle which should be downloaded from your Astra dashboard. The passwords will be found in the config.json
file of that same bundle.
Make sure you comment the -Dssl.enable=true
line as it enables JMX encryption.
If both CQL and JMX encryption need to be enabled, then JMX encryption must be configured to use the same truststore/keystore than Astra, and the -Dssl.enable=true
should be left uncommented.