USER MANUALS


Object storage with SSL/TLS enabled

You only need to import the Object Storage certificate into the Embedded MPP’s truststore if the certificate is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.

To import the certificate is necessary to add the certificate in prestocluster\presto\secrets\certs and prestocluster\hive-metastore\secrets\certs directories. This way the certificate will be automatically imported into the Embedded MPP’s truststores (Presto and Hive Metastore).

To check that the certificate has been imported correctly, use kubectl logs <presto-coordinator pod> -c init-cacert and kubectl logs <hive-metastore pod> -c init-cacert commands to check the logs.

If successful, the message will be:

Adding /opt/certs/storage.cer to keystore
Certificate was added to keystore

If it fails, the message will display an error, e.g.:

Adding /opt/certs/storage.cer to keystore
keytool error\: java.lang.Exception: Input not an X.509 certificate

If there were errors when importing the certificate and you run kubectl get pods Embedded MPP pods will display error states like Init:Error or Init:CrashLoopBackOff.

GET PODS
NAME                                 READY   STATUS       RESTARTS     AGE
presto-coordinator-fdbd79df5-p77ll   0/1     Init:Error   1 (2s ago)   3s
presto-worker-76cf6864b5-gshv5       0/1     Init:Error   1 (2s ago)   3s
presto-worker-76cf6864b5-jxrxh       0/1     Init:Error   1 (2s ago)   3s
presto-coordinator-fdbd79df5-p77ll   0/1     Init:CrashLoopBackOff   1 (12s ago)   14s
presto-worker-76cf6864b5-gshv5       0/1     Init:CrashLoopBackOff   1 (12s ago)   14s
presto-worker-76cf6864b5-jxrxh       0/1     Init:CrashLoopBackOff   1 (13s ago)   15s
hive-metastore-f6f588fb-f9qrd        0/1     Init:Error   0            23s
hive-metastore-f6f588fb-f9qrd        0/1     Init:CrashLoopBackOff   1 (32s ago)   2m28s
Add feedback