Required Setup for Third-generation JDBC Driver¶
Currently, the third-generation driver in the QDS Bypass mode, requires the Presto coordinator IP to be accessible from outside a VPC. Therefore, for clusters in a VPC set up behind a bastion (as specified in the cluster settings UI page), use the legacy mode.
Perform the following steps to build a required setup:
- Create a ticket with Qubole Support to enable SSL on the Presto coordinator. If SSL is enabled across cluster nodes, then upgrade your cluster to use QDS version R59 to use the third-generation JDBC driver.
- Open port 8443 on the Presto coordinator. To ensure this every time cluster is brought up, add a persistent security group allowing inbound TCP connection on port 8443. To know more on how to create a persistent security group with no rules, see Create a Persistent Security Group in AWS.
- It is an optional step. Set the
http-server.authentication.secure-mode=truein Presto overrides of the Presto cluster to ensure all API calls to the Presto coordinator from non-Qubole Drivers are authenticated. This requires that you configure the appropriate authentication mechanism on Presto (either File based or LDAP user authentication as described in this documentation. This configuration avoids any unauthorised access to port 8443. In effect, this blocks all communication with the Presto coordinator over HTTP. API calls from the third-generation Qubole JDBC driver to the Presto coordinator are by default authenticated and use HTTPS.