Denodo Server¶
The presto.denodoConnector
section of the values.yaml
configures the connection details to the Denodo server.
Denodo will use the Denodo Embedded MPP to accelerate queries.
Important
The Denodo Embedded MPP requires the subscription bundle Enterprise Plus.
denodoConnector:
server: "//denodo:9999/admin_denodo_mpp"
i18n: "us_utc_iso"
user: "denodo_mpp_user"
password: "d3n0do_MPP_p*d"
chunkSize: 100000
chunkTimeout: 90000
queryTimeout: 900000
ssl: false
trustStore: ""
trustStorePassword: ""
infrastructureProvider: ""
infrastructureRegion: ""
server: Denodo server uri with the format:
//<ip_or_hostname>:<port>/admin_denodo_mpp
. Make sure that the Denodo server is accessible from the Denodo Embedded MPP Kubernetes cluster.user: Denodo user,
denodo_mpp_user
by default.password: Denodo password for
denodo_mpp_user
.Password must be compliant with Denodo password policies.
It is recommended to specify the password encrypted to avoid entering it as plain text. You can encrypt the password using the
<DENODO_HOME>/bin/encrypt_password.sh
script. If the password is encrypted, prefix it withencrypted:
, e.g.denodoConnector: password:"encrypted:<encrypted_password>"
infrastructureProvider: Name of the infrastructure provider (On-premises, AWS, Azure, Google Cloud, Alibaba, etc.) where the Embedded MPP and the Denodo server are running, for monitoring purposes.
infrastructureRegion: Name of the infrastructure provider region where the Embedded MPP and the Denodo server are running, for monitoring purposes.
Denodo with SSL/TLS Enabled¶
In case SSL is enabled on the Denodo server, the ssl property must be set to true.
ssl: Whether SSL is enabled in the Denodo server.
denodoConnector: ssl: true
Import Certificate¶
You only need to import the certificate if the one used by the Denodo server is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.
The recommended way to import it is to add the certificate in
prestocluster\presto\secrets\certs
directory. This way the certificate will be automatically imported into Embedded MPP’s truststore.
To check that the certificate has been imported correctly, use kubectl logs <presto-coordinator pod> -c init-cacert
command to check the log.
If successful, the message will be:
Adding /opt/certs/denodo_server.cer to keystore
Certificate was added to keystore
If it fails, the message will show the error, e.g.:
.. code-block:: none
Adding /opt/certs/denodo_server.cer to keystore keytool error: java.lang.Exception: Input not an X.509 certificate
If there were errors when importing the certificate and you run kubectl get pods
Presto pods will display error states like
Init:Error
or Init:CrashLoopBackOff
.
GET PODS
NAME READY STATUS RESTARTS AGE
presto-coordinator-fdbd79df5-p77ll 0/1 Init:Error 1 (2s ago) 3s
presto-worker-76cf6864b5-gshv5 0/1 Init:Error 1 (2s ago) 3s
presto-worker-76cf6864b5-jxrxh 0/1 Init:Error 1 (2s ago) 3s
presto-coordinator-fdbd79df5-p77ll 0/1 Init:CrashLoopBackOff 1 (12s ago) 14s
presto-worker-76cf6864b5-gshv5 0/1 Init:CrashLoopBackOff 1 (12s ago) 14s
presto-worker-76cf6864b5-jxrxh 0/1 Init:CrashLoopBackOff 1 (13s ago) 15s
Other option is to copy the truststore file containing the Denodo server certificate, to the presto
directory and set the file name in the trustStore
parameter.
trustStore: You only need to configure this parameter if the certificate used by the Denodo server is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.
In this case, copy the truststore file containing the Denodo server certificate, to the
presto
directory and set the file name in thetrustStore
parameter.trustStorePassword: Password of the truststore, only if the
trustStore
property is configured.denodoConnector: trustStore: "cacerts" trustStorePassword: "changeit"