Setup for Access Management for Trino¶

Configure¶

Self Managed and Data PlanePrivaceraCloud

Perform following steps to configure Trino plugin:

SSH into the instance where Privacera Manager is installed.

Run the following command to navigate to the /config directory and copy yml files:

Bash
cd ~/privacera/privacera-manager/config
cp sample-vars/vars.trino.opensource.yml custom-vars/vars.trino.opensource.yml

Modify the following properties:
- In the vars.trino.opensource.yml file, update the following properties with the appropriate values:
  Bash
  1 2 3
  TRINO_USER_HOME: "<PLEASE_CHANGE>" TRINO_INSTALL_DIR_NAME: "<PLEASE_CHANGE>" TRINO_CONFIG_DIR: "/etc/trino"
Once the properties are configured, run Privacera Manager post-install action. Refer to this guide
Copy privacera_trino_setup.sh and privacera_trino_plugin_conf.zip to the same location as the Dockerfile.

Create entrypoint.sh script¶

Run the following command to create and edit entrypoint.sh file:

Bash
mkdir ~/privacera-trino-plugin
cd ~/privacera-trino-plugin

vi entrypoint.sh

Add the following content in the entrypoint.sh file:

Bash
#!/bin/bash
set -eo pipefail

set -x

TRINO_CONFIG_FILE="/etc/trino/config.properties"
# Check if the file exists
if [ ! -e "$TRINO_CONFIG_FILE" ]; then
    echo "File not found: $TRINO_CONFIG_FILE"
    exit -1
fi

# Copy the config files from the mounted volume to the trino config directory
# except jvm.config (to support trino 459 and above)
find /trino_config/ -mindepth 1 ! -name 'jvm.config' -exec cp -r {} /etc/trino/ \;
cd /home/trino/

# Check if the coordinator node and install the plugin
if grep -q "^coordinator=true$" "$TRINO_CONFIG_FILE"; then
    echo "It is a coordinator node, Installing trino plugin"
    ./privacera_trino_setup.sh
fi

# Start the trino server
/usr/lib/trino/bin/run-trino

set -- tail -f /dev/null

exec "$@"

Create Dockerfile¶

Note : Create the file in the same location as the entrypoint.sh script.
Run the following command to create and edit the Dockerfile:
Bash
1 2 3
cd ~/privacera-trino-plugin vi Dockerfile

Add the following content in the Dockerfile:

Bash
# Use the specified Trino base image
FROM trinodb/trino:<trino-version-tag>

# Set the user
USER root

# Install Pre-requisites for Trino
RUN microdnf install vim procps wget gzip unzip findutils tar -y

# Copy Privacera Trino Plugin configuration and setup script
COPY privacera_trino_setup.sh /home/trino
COPY privacera_trino_plugin_conf.zip /home/trino

# Set permissions and ownership
RUN chmod +x /home/trino/privacera_trino_setup.sh
RUN chown trino:trino /home/trino/privacera_trino_setup.sh
RUN chown trino:trino /home/trino/privacera_trino_plugin_conf.zip

# Create ranger directory
RUN mkdir -p /etc/ranger
RUN chown -R trino:trino /etc/ranger

# Create entrypoint directory
RUN mkdir /entrypoint

# Copy the entrypoint script
COPY entrypoint.sh /entrypoint

# Set execute permissions for the entrypoint script
RUN chmod +x /entrypoint/entrypoint.sh

# Set the entrypoint
ENTRYPOINT ["/entrypoint/entrypoint.sh"]

# Set the user
USER trino:trino

Enable Trino Application¶

In PrivaceraCloud, navigate to Settings -> Applications.
On the Applications screen, select Trino.
Enter the application Name and Click Save. You can choose any name, for example, Trino.
Enable the Access Management option with toggle button.
Click on Save button.

Create entrypoint.sh script¶

Run the following command to create and edit entrypoint.sh file:

Bash
mkdir ~/privacera-trino-plugin
cd ~/privacera-trino-plugin

vi entrypoint.sh

Add the following content in the entrypoint.sh file:

Bash
#!/bin/bash
set -eo pipefail

set -x

TRINO_CONFIG_FILE="/etc/trino/config.properties"
# Check if the file exists
if [ ! -e "$TRINO_CONFIG_FILE" ]; then
    echo "File not found: $TRINO_CONFIG_FILE"
    exit -1
fi

# Copy the config files from the mounted volume to the trino config directory
# except jvm.config (to support trino 459 and above)
find /trino_config/ -mindepth 1 ! -name 'jvm.config' -exec cp -r {} /etc/trino/ \;
cd /home/trino/

# Check if the coordinator node and install the plugin
if grep -q "^coordinator=true$" "$TRINO_CONFIG_FILE"; then
    echo "It is a coordinator node, Installing trino plugin"
    ./privacera_plugin.sh
fi

# Start the trino server
/usr/lib/trino/bin/run-trino

set -- tail -f /dev/null

exec "$@"

Create Dockerfile¶

Note : Create at the same location as the entrypoint.sh script.
Run the following command to create and edit Dockerfile:
Bash
1 2 3
cd ~/privacera-trino-plugin vi Dockerfile
To obtain the PCLOUD_PLUGIN_SCRIPT_URL, log in to PrivaceraCloud and navigate to Settings -> API Keys Click on the info ℹ️ icon, and you will see the option to copy the Plugins Setup Script URL.

Add the following content in the Dockerfile:

Bash
# Use the specified Trino base image
FROM trinodb/trino:<trino-version-tag>

# Set the user
USER root

# Install Pre-requisites for Trino
RUN microdnf install vim procps wget gzip unzip findutils tar -y

#Declare required environment variables
ENV PLUGIN_TYPE="trino"
ENV TRINO_HOME_FOLDER=/usr/lib/trino
ENV TRINO_USER_HOME=/home/trino
ENV TRINO_CONFIG_DIR=/etc/trino

# Download Privacera Trino Plugin setup script
ENV PCLOUD_PLUGIN_SCRIPT_URL="<replace_with_plugin_setup_script_url>"

RUN wget ${PCLOUD_PLUGIN_SCRIPT_URL} -O /home/trino/privacera_plugin.sh

# Set permissions and ownership
RUN chmod +x /home/trino/privacera_plugin.sh
RUN chown trino:trino /home/trino/privacera_plugin.sh

# Create ranger directory
RUN mkdir -p /etc/ranger
RUN chown -R trino:trino /etc/ranger

# Create entrypoint directory
RUN mkdir /entrypoint

# Copy the entrypoint script
COPY entrypoint.sh /entrypoint

# Set execute permissions for the entrypoint script
RUN chmod +x /entrypoint/entrypoint.sh

# Set the entrypoint
ENTRYPOINT ["/entrypoint/entrypoint.sh"]

# Set the user
USER trino:trino

Build the Docker image¶

Run the following command to build the Docker image:
Bash
1
docker build -t privacera-trino:latest .

Push the Docker image to the remote HUB¶

Please use your internal HUB to publish the image.

Create a namespace¶

Run the following command to create a namespace.
Bash
1
kubectl create namespace <TRINO_NAMESPACE>

Create docker image secret:¶

To create an image secret, please use and run the command according to your requirements.

Add the Trino Helm chart repository¶

Run the following command to add the Trino Helm chart repository:
Bash
1
helm repo add trino https://trinodb.github.io/charts/

Create .yaml deployment file to override the default values¶

Run the following command to create and edit the values.yaml file:
Bash
1 2 3
cd ~/privacera-trino-plugin vi values.yaml

Add the following content in the values.yaml file:

Bash
image:
    repository: <TRINO_IMAGE_REPOSITORY>
    pullPolicy: Always
    # Overrides the image tag whose default is the chart version.
    # Same value as Chart.yaml#appVersion
    tag: <TRINO_IMAGE_TAG>


# Optional
imagePullSecrets:
  - name: <TRINO_IMAGE_PULL_SECRET_NAME>

server:
  workers: 1
  config:
    path: /trino_config

service:
  host: "trino"

Install Trino on kubernetes cluster¶

Run the following command to install Trino on the Kubernetes cluster:

Bash
helm install -f values.yaml privacera-trino-cluster trino/trino --namespace=<TRINO_NAMESPACE>

Prev topic: Access Management
Next topic: Advanced Configuration

Setup for Access Management for Trino¶

Configure¶

Create entrypoint.sh script¶

Create Dockerfile¶

Enable Trino Application¶

Create entrypoint.sh script¶

Create Dockerfile¶

Build the Docker image¶

Push the Docker image to the remote HUB¶

Create a namespace¶

Create docker image secret:¶

Add the Trino Helm chart repository¶

Create .yaml deployment file to override the default values¶

Install Trino on kubernetes cluster¶

Comments