Denodo Server¶
The presto.denodoConnector section of the values.yaml configures the connection details to the Denodo server.
Denodo will use the Denodo Embedded MPP to accelerate queries.
Note
If you have a cluster of Denodo servers it needs to be configured to store its metadata in an external database to take advantage of the Embedded MPP Acceleration technique. In environments with just one Virtual DataPort server it is possible to avoid this restriction executing:
SET 'queryOptimization.parallelProcessing.denodoConnector.enableUsingSharedMetadataOnly'='false';
denodoConnector:
server: "//denodo:9999/admin_denodo_mpp"
i18n: "us_utc_iso"
user: "denodo_mpp_user"
password: "d3n0do_MPP_p*d"
chunkSize: 100000
chunkTimeout: 90000
queryTimeout: 900000
ssl: false
trustStore: ""
trustStorePassword: ""
infrastructureProvider: ""
infrastructureRegion: ""
server: Denodo server uri with the format:
//<ip_or_hostname>:<port>/admin_denodo_mpp. Make sure that the Denodo server is accessible from the Denodo Embedded MPP Kubernetes cluster.user: Denodo user,
denodo_mpp_userby default.password: Denodo password for
denodo_mpp_user.Starting with the update 8.0u20230914, password must be compliant with Denodo password policies.
It is recommended to specify the password encrypted to avoid entering it as plain text. You can encrypt the password using the
<DENODO_HOME>/bin/encrypt_password.shscript. If the password is encrypted, prefix it withencrypted:, e.g.denodoConnector: password:"encrypted:<encrypted_password>"
infrastructureProvider: Name of the infrastructure provider (On-premises, AWS, Azure, Google Cloud, Alibaba, etc.) where the Embedded MPP and the Denodo server are running, for monitoring purposes.
infrastructureRegion: Name of the infrastructure provider region where the Embedded MPP and the Denodo server are running, for monitoring purposes.
Denodo with SSL/TLS Enabled¶
In case SSL is enabled on the Denodo server, the ssl property must be set to true.
ssl: Whether SSL is enabled in the Denodo server.
denodoConnector: ssl: true
Denodo Certificate¶
You will need to import the certificate used by the Denodo server if it is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.
The recommended way to import it is to add the certificate in
prestocluster\presto\secrets\certs directory. This way the certificate will be automatically imported into Embedded MPP’s truststore.
To check that the certificate has been imported correctly, use kubectl logs <presto-coordinator pod> -c init-cacert command to check the log.
If successful, the message will be:
Adding /opt/certs/denodo_server.cer to keystore
Certificate was added to keystore
If it fails, the message will show the error, e.g.:
Adding /opt/certs/denodo_server.cer to keystore
keytool error\: java.lang.Exception: Input not an X.509 certificate
If there were errors when importing the certificate and you run kubectl get pods, the pods will display error states such as
Init:Error or Init:CrashLoopBackOff.
GET PODS
NAME READY STATUS RESTARTS AGE
presto-coordinator-fdbd79df5-p77ll 0/1 Init:Error 1 (2s ago) 3s
presto-worker-76cf6864b5-jxrxh 0/1 Init:Error 1 (2s ago) 3s
...
presto-coordinator-fdbd79df5-p77ll 0/1 Init:CrashLoopBackOff 1 (12s ago) 14s
presto-worker-76cf6864b5-jxrxh 0/1 Init:CrashLoopBackOff 1 (13s ago) 15s
Other option is to copy the truststore file containing the Denodo server certificate, to the presto directory and set the file name in the trustStore parameter.
trustStore: You only need to configure this parameter if the certificate used by the Denodo server is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.
In this case, copy the truststore file containing the Denodo server certificate, to the
prestodirectory and set the file name in thetrustStoreparameter.trustStorePassword: Password of the truststore, only if the
trustStoreproperty is configured.denodoConnector: trustStore: "cacerts" trustStorePassword: "changeit"