Denodo Server¶
The Denodo Lakehouse Accelerator (formerly known as Denodo Embedded MPP) can be deployed with two different engine architectures, using Presto on Velox engine or Presto Java engine. The configuration of the connection to the Denodo server depends on which engine is enabled in the values.yaml.
Enabling Presto on Velox¶
To take advantage of the next-generation C++ execution engine, enable the following property:
# Enables Presto to use C++ Velox based workers
prestoOnVelox:
enabled: true
Note
If prestoOnVelox.enabled is set to false, the Lakehouse Accelerator will default to the standard Presto Java engine.
Denodo Connector Configuration¶
Option 1: Presto on Velox¶
When using Presto on Velox, the denodoOnVeloxConnector section configures the connection to Denodo server using the Arrow Flight SQL protocol for enabling the Embedded MPP Acceleration
denodoOnVeloxConnector:
arrowFlightHost: "denodo"
arrowFlightPort: "9994"
ssl: false
pemCertificate: ""
user: "denodo_mpp_user"
password: "d3n0do_MPP_p*d"
arrowFlightHost: Denodo host name or IP. Make sure that the Denodo server is accessible from the Kubernetes cluster.
arrowFlightPort: Denodo Arrow Flight SQL port (default is
9994).ssl: Whether SSL is enabled in the Denodo server.
pemCertificate: File name of the PEM certificate of the Denodo VDP server. The file must be placed in the
presto/secrets/directory.user: Denodo user,
denodo_mpp_userby default.password: Denodo password for the user. It must be compliant with Denodo password policies.
Option 2: Presto Java¶
The presto.denodoConnector section of the values.yaml configures the connection details to the Denodo server using JDBC. Denodo will use the Denodo Lakehouse Accelerator to accelerate queries.
Note
If you have a cluster of Denodo servers it needs to be configured to store its metadata in an external database to take advantage of the Embedded MPP Acceleration technique. In environments with just one Virtual DataPort server it is possible to avoid this restriction executing:
SET 'queryOptimization.parallelProcessing.denodoConnector.enableUsingSharedMetadataOnly'='false';
denodoConnector:
server: "//denodo:9999/admin_denodo_mpp"
i18n: "us_utc_iso"
user: "denodo_mpp_user"
password: "d3n0do_MPP_p*d"
chunkSize: 100000
chunkTimeout: 90000
queryTimeout: 900000
ssl: false
trustStore: ""
trustStorePassword: ""
infrastructureProvider: ""
infrastructureRegion: ""
server: Denodo server uri with the format:
//<ip_or_hostname>:<port>/admin_denodo_mpp. Make sure that the Denodo server is accessible from the Denodo Lakehouse Accelerator Kubernetes cluster.user: Denodo user,
denodo_mpp_userby default.password: Denodo password for
denodo_mpp_user.Password must be compliant with Denodo password policies.
It is recommended to specify the password encrypted to avoid entering it as plain text. You can encrypt the password using the
<DENODO_HOME>/bin/encrypt_password.shscript. If the password is encrypted, prefix it withencrypted:, e.g.denodoConnector: password:"encrypted:<encrypted_password>"
infrastructureProvider: Name of the infrastructure provider (On-premises, AWS, Azure, Google Cloud, Alibaba, etc.) where the Lakehouse Accelerator and the Denodo server are running, for monitoring purposes.
infrastructureRegion: Name of the infrastructure provider region where the Lakehouse Accelerator and the Denodo server are running, for monitoring purposes.
Denodo with SSL/TLS Enabled¶
In case SSL is enabled on the Denodo server, the ssl property must be set to true in the corresponding connector configuration.
ssl: Whether SSL is enabled in the Denodo server.
For Presto on Velox:
denodoOnVeloxConnector:
ssl: true
For Presto Java:
denodoConnector:
ssl: true
Denodo Certificate¶
You will need to import the certificate used by the Denodo server if it is self-signed or it is signed by a private authority that does not exist within the Denodo Lakehouse Accelerator’s truststore.
Presto on Velox Certificate¶
For the Velox-based engine, you must provide the certificate in PEM format. Place the file in the presto/secrets/ directory and reference it in the configuration:
denodoOnVeloxConnector:
ssl: true
pemCertificate: "denodo_server.pem"
Presto Java Certificate¶
The recommended way to import it is to add the certificate in
lakehouseaccelerator\presto\secrets\certs directory. This way the certificate will be automatically imported into Denodo Lakehouse Accelerator’s truststore.
To check that the certificate has been imported correctly, use kubectl logs <presto-coordinator pod> -c init-cacert command to check the log.
If successful, the message will be:
Adding /opt/certs/denodo_server.cer to keystore
Certificate was added to keystore
If it fails, the message will show the error, e.g.:
Adding /opt/certs/denodo_server.cer to keystore
keytool error\: java.lang.Exception: Input not an X.509 certificate
If there were errors when importing the certificate and you run kubectl get pods, the pods will display error states such as
Init:Error or Init:CrashLoopBackOff.
GET PODS
NAME READY STATUS RESTARTS AGE
presto-coordinator-fdbd79df5-p77ll 0/1 Init:Error 1 (2s ago) 3s
presto-worker-76cf6864b5-jxrxh 0/1 Init:Error 1 (2s ago) 3s
...
presto-coordinator-fdbd79df5-p77ll 0/1 Init:CrashLoopBackOff 1 (12s ago) 14s
presto-worker-76cf6864b5-jxrxh 0/1 Init:CrashLoopBackOff 1 (13s ago) 15s
Other option is to copy the truststore file containing the Denodo server certificate, to the presto directory and set the file name in the trustStore parameter.
trustStore: You only need to configure this parameter if the certificate used by the Denodo server is self-signed or it is signed by a private authority that does not exist within the Denodo Lakehouse Accelerator’s truststore.
In this case, copy the truststore file containing the Denodo server certificate, to the
prestodirectory and set the file name in thetrustStoreparameter.trustStorePassword: Password of the truststore, only if the
trustStoreproperty is configured.denodoConnector: trustStore: "cacerts" trustStorePassword: "changeit"