Setup for Access Management for Starburst Trino¶

Perform following steps to configure Starburst Trino plugin:

1. SSH into the instance where Privacera Manager is installed.

2. Run the following command to navigate to the /config directory and copy yml files:

   Bash
   1 2	cd ~/privacera/privacera-manager/config cp sample-vars/vars.trino.opensource.yml custom-vars/vars.trino.opensource.yml

3. Modify the following properties:
   • In the vars.trino.opensource.yml file, update the following properties with the appropriate values:

     Bash
     1 2 3	TRINO_USER_HOME: "<PLEASE_CHANGE>" TRINO_INSTALL_DIR_NAME: "<PLEASE_CHANGE>" TRINO_CONFIG_DIR: "/etc/starburst"

4. After configuring the properties, start the connector by executing the following instructions:

   Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

   Bash
   1 2	cd ~/privacera/privacera-manager ./privacera-manager.sh setup

   Step 2 - Apply the Privacera Manager helm charts.

   Bash
   1 2	cd ~/privacera/privacera-manager ./pm_with_helm.sh upgrade

   Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

   Bash
   1 2	cd ~/privacera/privacera-manager ./privacera-manager.sh post-install

Copy Privacera Trino Plugin Configuration Files¶

1. Run the following command to copy required configuration files:

   Bash
   1 2 3 4 5	mkdir ~/privacera-starburst-trino-plugin cd ~/privacera-starburst-trino-plugin cp ~/privacera/privacera-manager/output/trino-opensource/privacera_trino_setup.sh ~/privacera-starburst-trino-plugin/ cp ~/privacera/privacera-manager/output/trino-opensource/privacera_trino_plugin_conf.zip ~/privacera-starburst-trino-plugin/

2. Edit privacera_trino_setup.sh file to comment out wget and add curl command as shown below:

   Bash
   1 2 3	#wget ${PRIVACERA_BASE_DOWNLOAD_URL}/${PRIVACERA_PKG_NAME} -O ${PRIVACERA_PKG_NAME} curl ${PRIVACERA_BASE_DOWNLOAD_URL}/${PRIVACERA_PKG_NAME} -o ${PRIVACERA_PKG_NAME}

Create entrypoint.sh Script¶

• Run the following command to create and edit entrypoint.sh file:

  Bash
  1 2	cd ~/privacera-starburst-trino-plugin vi entrypoint.sh

• Add the following content in the entrypoint.sh file:

  Bash

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  #!/bin/bash set -eo pipefail set -x STARBURST_CONFIG_FILE="/etc/starburst/config.properties" # Check if the file exists if [ ! -e "$STARBURST_CONFIG_FILE" ]; then echo "File not found: $STARBURST_CONFIG_FILE" exit 1 fi ## Add below config in jvm.config to support Starburst Trino 459 and above versions echo "# https://bugs.openjdk.org/browse/JDK-8327134" >> /etc/starburst/jvm.config echo "-Djava.security.manager=allow" >> /etc/starburst/jvm.config cd /home/starburst/ # Check if the coordinator node and install the plugin if grep -q "^coordinator=true$" "$STARBURST_CONFIG_FILE"; then echo "It is a coordinator node, Installing trino plugin" ./privacera_trino_setup.sh fi # Start the trino server /usr/lib/starburst/bin/run-starburst set -- tail -f /dev/null exec "$@"

Create Dockerfile¶

• Run the following command to create and edit the Dockerfile:

  Bash
  1 2 3	cd ~/privacera-starburst-trino-plugin vi Dockerfile

• Add the following content in the Dockerfile:

  Bash

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79

  # Define starburst version ARG SB_TRINO_VERSION=<SB_TRINO_VERSION> # Use a base image to install necessary packages FROM registry.access.redhat.com/ubi9/ubi AS downloader # Install the necessary packages RUN dnf install -y zip findutils # starburst image FROM harbor.starburstdata.net/starburstdata/starburst-enterprise:${SB_TRINO_VERSION}-e # Switch to root user to install packages USER root ## curl COPY --from=downloader /usr/bin/curl /usr/bin/ COPY --from=downloader /usr/lib64/ /usr/lib64/ COPY --from=downloader /etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/tls/certs/ COPY --from=downloader /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ RUN curl --version ## zip COPY --from=downloader /usr/bin/zip /usr/bin/ RUN zip --version ## unzip COPY --from=downloader /usr/bin/unzip /usr/bin/ RUN unzip ## gzip COPY --from=downloader /usr/bin/gzip /usr/bin/ RUN gzip --version ## findutils COPY --from=downloader /usr/bin/find /usr/bin/ COPY --from=downloader /usr/bin/xargs /usr/bin/ RUN find --version ## sed COPY --from=downloader /usr/bin/sed /usr/bin/ RUN sed --version ## grep COPY --from=downloader /usr/bin/grep /usr/bin/ RUN grep --version ## awk COPY --from=downloader /usr/bin/awk /usr/bin/ RUN awk --version RUN mkdir -p /var/log/trino/ && chown -R starburst:root /var/log/trino/ RUN mkdir -p /home/starburst/ # Copy Privacera Trino Plugin configuration and setup script COPY privacera_trino_setup.sh /home/starburst/ COPY privacera_trino_plugin_conf.zip /home/starburst/ # Set permissions and ownership RUN chown starburst:root -R /home/starburst/privacera_trino_setup.sh RUN chown starburst:root -R /home/starburst/privacera_trino_plugin_conf.zip RUN mkdir -p /etc/ranger RUN chown -R starburst:root /etc/ranger # Create entrypoint directory RUN mkdir /entrypoint # Copy the entrypoint script COPY entrypoint.sh /entrypoint # Set execute permissions for the entrypoint script RUN chmod +x /entrypoint/entrypoint.sh # Set the entrypoint ENTRYPOINT ["/entrypoint/entrypoint.sh"] USER starburst:root

Build the Docker Image¶

• Run the following command to build the Docker image:

  Bash
  1	docker build -t privacera-starburst-trino:latest .

Push the Docker Image to the Remote HUB¶

• Use your internal HUB to publish the image.

Create a Namespace¶

• Run the following command to create a namespace.

  Bash
  1	kubectl create namespace <STARBURST_TRINO_NAMESPACE>

Create Starburst License File¶

• Create a file containing Starburst license details, add the license key and save the file.

  Bash
  1 2	cd ~/privacera-starburst-trino-plugin vi starburstdata.license

Create Starburst License Secret¶

• Run the following command to create a secret for Starburst license:

  Bash
  1	kubectl create secret generic starburstlicense --from-file=starburstdata.license -n <STARBURST_TRINO_NAMESPACE>

Create Docker Image Secret¶

• To create an image secret, run the following command:

  Bash
  1 2 3 4 5	kubectl create secret docker-registry starburst-hub \ --docker-server=harbor.starburstdata.net/starburstdata \ --docker-username=<STARBURST_REPO_USER_NAME> \ --docker-password=<STARBURST_REPO_PASSWORD> \ -n <STARBURST_TRINO_NAMESPACE>

Verify the Secrets¶

• To verify the secret, run the following command:

  Bash
  1	kubectl get secrets -n <STARBURST_TRINO_NAMESPACE>

Create .yaml Deployment File to Override the Default Values¶

• Run the following command to create and edit the values.yaml file:

  Bash
  1 2	cd ~/privacera-trino-plugin vi values.yaml

• Add the following content in the values.yaml file:

  Bash
  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16	image: repository: <STARBURST_TRINO_IMAGE_REPOSITORY> pullPolicy: Always # Overrides the image tag whose default is the chart version. # Same value as Chart.yaml#appVersion tag: <STARBURST_TRINO_IMAGE_TAG> imagePullSecrets: - name: <STARBURST_TRINO_IMAGE_PULL_SECRET_NAME> #license starburstPlatformLicense: starburstlicense worker: replicas: 1

Install Starburst Trino on Kubernetes Cluster¶

1. Upgrade an existing Helm release or install it if not present using the chart, version, and values file.

   Bash
   1 2 3 4 5	helm upgrade my-sep oci://harbor.starburstdata.net/starburstdata/charts/starburst-enterprise \ --version <SBT_VERSION_TAG> \ --install \ --values ./values.yaml \ --namespace <STARBURST_TRINO_NAMESPACE>