January 28, 2020 /   prestodb   prestosql   presto   python   query engine   presto authentication   presto https

Prestodb is an open source distributed query engine for big data processing. Many databases can be queried and joined together using simple ANSI SQL queries.

Enabling Https

You should run your presto cluster on https for obvious security reasons. If you want to use Password Authentication, you must enable https.

Here are steps to enable https -

keytool -genkeypair -alias presto -keyalg RSA -keystore keystore.jks

here is sample output after you have provided details in above command

keytool -genkeypair -alias presto -keyalg RSA -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  presto.coordinator.yourdomain.com
What is the name of your organizational unit?
  [Unknown]:
What is the name of your organization?
  [Unknown]:
What is the name of your City or Locality?
  [Unknown]:
What is the name of your State or Province?
  [Unknown]:
What is the two-letter country code for this unit?
  [Unknown]:
Is CN=presto.coordinator.yourdomain.com, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <presto>
        (RETURN if same as keystore password):

Remember the password you have entered.

# Https settings
http-server.https.enabled=true
http-server.https.port=8090
http-server.https.keystore.path=path to Keystore file
http-server.https.keystore.key=keystore password
http-server.authentication.type=PASSWORD
http-server.https.secure-random-algorithm=SHA1PRNG

Enabling password authentication

There is a ready-made file password authenticator in prestodb

Here are steps to use password authentication

presto:password created from htpasswd utility


Remember that username is presto is same as given in keystore alias. This is required to be same as keystore alias.

password you can create from htpasswd utility

Testing Password Authentication

You can test above password authentication from command line as

./presto --server https://presto.coordinator.yourdomain.com:8090 --keystore-path /path/to/keystore.jks --keystore-password presto --user presto --debug --password

Or You can connect from python client as well

import prestodb
conn=prestodb.dbapi.connect(
    host='presto.coordinator.yourdomain.com',
    port=8090,
    user='python-client',
    http_scheme='https',
    auth=prestodb.auth.BasicAuthentication("presto", "<password>"),
)
conn._http_session.verify = False
cur = conn.cursor()
cur.execute(some_query)
rows = cur.fetchall()