Required Setup for Third-generation ODBC Driver¶
Currently, the third-generation driver in the QDS Bypass mode, requires the Presto coordinator IP to be accessible from outside a VPC. Therefore, for clusters in a VPC set up behind a bastion (as specified in the cluster settings UI page), use the legacy mode.
Perform the following steps to build a required setup:
- Create a ticket with Qubole Support to enable SSL on the Presto master. If SSL is enabled across cluster nodes, then upgrade your cluster to use QDS version R59 to use the third-generation ODBC driver.
- Open port 8443 on the Presto master. To ensure this every time cluster is brought up, add a persistent security group allowing inbound TCP connection on port 8443. To know more on how to create a persistent security group with no rules, see Create a Persistent Security Group in AWS.
- It is an optional step. Set the
http-server.authentication.secure-mode=truein Presto overrides of the Presto cluster to ensure all API calls to the Presto master from non-Qubole Drivers are authenticated. This requires that you configure the appropriate authentication mechanism on Presto (either File based or LDAP user authentication as described in this documentation. This configuration avoids any unauthorised access to port 8443. In effect, this blocks all communication with the Presto master over HTTP. API calls from the third-generation Qubole ODBC driver to the Presto master are by default authenticated and use HTTPS.