USER MANUALS

Denodo Server

The presto.denodoConnector section of the values.yaml configures the connection details to the Denodo server.

Denodo will use the Denodo Embedded MPP to accelerate queries.

Important

The Denodo Embedded MPP requires the subscription bundle Enterprise Plus.

denodoConnector:
  server: "//denodo:9999/admin_denodo_mpp"
  i18n: "us_utc_iso"
  user: "denodo_mpp_user"
  password: "d3n0do_MPP_p*d"
  chunkSize: 100000
  chunkTimeout: 90000
  queryTimeout: 900000
  ssl: false
  trustStore: ""
  trustStorePassword: ""
  infrastructureProvider: ""
  infrastructureRegion: ""
  • server: Denodo server uri with the format: //<ip_or_hostname>:<port>/admin_denodo_mpp. Make sure that the Denodo server is accessible from the Denodo Embedded MPP Kubernetes cluster.

  • user: Denodo user, denodo_mpp_user by default.

  • password: Denodo password for denodo_mpp_user.

    Password must be compliant with Denodo password policies.

    It is recommended to specify the password encrypted to avoid entering it as plain text. You can encrypt the password using the <DENODO_HOME>/bin/encrypt_password.sh script. If the password is encrypted, prefix it with encrypted:, e.g.

    denodoConnector:
      password:"encrypted:<encrypted_password>"
    
  • infrastructureProvider: Name of the infrastructure provider (On-premises, AWS, Azure, Google Cloud, Alibaba, etc.) where the Embedded MPP and the Denodo server are running, for monitoring purposes.

  • infrastructureRegion: Name of the infrastructure provider region where the Embedded MPP and the Denodo server are running, for monitoring purposes.

Denodo with SSL/TLS Enabled

In case SSL is enabled on the Denodo server, the ssl property must be set to true.

  • ssl: Whether SSL is enabled in the Denodo server.

    denodoConnector:
      ssl: true
    

Import Certificate

You only need to import the certificate if the one used by the Denodo server is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.

The recommended way to import it is to add the certificate in prestocluster\presto\secrets\certs directory. This way the certificate will be automatically imported into Embedded MPP’s truststore.

To check that the certificate has been imported correctly, use kubectl logs <presto-coordinator pod> -c init-cacert command to check the log.

If successful, the message will be:

Adding /opt/certs/denodo_server.cer to keystore
Certificate was added to keystore

If it fails, the message will show the error, e.g.:

.. code-block:: none

Adding /opt/certs/denodo_server.cer to keystore keytool error: java.lang.Exception: Input not an X.509 certificate

If there were errors when importing the certificate and you run kubectl get pods Presto pods will display error states like Init:Error or Init:CrashLoopBackOff.

GET PODS
NAME                                 READY   STATUS       RESTARTS     AGE
presto-coordinator-fdbd79df5-p77ll   0/1     Init:Error   1 (2s ago)   3s
presto-worker-76cf6864b5-gshv5       0/1     Init:Error   1 (2s ago)   3s
presto-worker-76cf6864b5-jxrxh       0/1     Init:Error   1 (2s ago)   3s
presto-coordinator-fdbd79df5-p77ll   0/1     Init:CrashLoopBackOff   1 (12s ago)   14s
presto-worker-76cf6864b5-gshv5       0/1     Init:CrashLoopBackOff   1 (12s ago)   14s
presto-worker-76cf6864b5-jxrxh       0/1     Init:CrashLoopBackOff   1 (13s ago)   15s

Other option is to copy the truststore file containing the Denodo server certificate, to the presto directory and set the file name in the trustStore parameter.

  • trustStore: You only need to configure this parameter if the certificate used by the Denodo server is self-signed or it is signed by a private authority that does not exist within the Embedded MPP’s truststore.

    In this case, copy the truststore file containing the Denodo server certificate, to the presto directory and set the file name in the trustStore parameter.

  • trustStorePassword: Password of the truststore, only if the trustStore property is configured.

  • denodoConnector:
      trustStore: "cacerts"
      trustStorePassword: "changeit"
    
Add feedback