Skip to content

Setup for Access Management for Trino

Configure

Perform following steps to configure Trino plugin:

  1. SSH into the instance where Privacera Manager is installed.

  2. Run the following command to navigate to the /config directory and copy yml files:

    Bash
    1
2
    cd ~/privacera/privacera-manager/config
cp sample-vars/vars.trino.opensource.yml custom-vars/vars.trino.opensource.yml

  3. Modify the following properties:
    • In the vars.trino.opensource.yml file, update the following properties with the appropriate values:
      Bash
      1
2
3
      TRINO_USER_HOME: "<PLEASE_CHANGE>"
TRINO_INSTALL_DIR_NAME: "<PLEASE_CHANGE>"
TRINO_CONFIG_DIR: "/etc/trino"

  4. After configuring the properties, start the connector by executing the following instructions:

    Step 1 - Setup which generates the helm charts. This step usually takes few minutes.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh setup
    Step 2 - Apply the Privacera Manager helm charts.
    Bash
    1
2
    cd ~/privacera/privacera-manager
./pm_with_helm.sh upgrade
    Step 3 - Post-installation step which generates Plugin tar ball, updates Route 53 DNS and so on.

    Bash
    1
2
    cd ~/privacera/privacera-manager
./privacera-manager.sh post-install

  5. Copy privacera_trino_setup.sh and privacera_trino_plugin_conf.zip to the same location as the Dockerfile.

  6. Edit privacera_trino_setup.sh file to comment out wget and add curl command as shown below:

    Bash
    1
2
3
    #wget ${PRIVACERA_BASE_DOWNLOAD_URL}/${PRIVACERA_PKG_NAME} -O ${PRIVACERA_PKG_NAME}

curl ${PRIVACERA_BASE_DOWNLOAD_URL}/${PRIVACERA_PKG_NAME} -o ${PRIVACERA_PKG_NAME}

Create entrypoint.sh script

  • Run the following command to create and edit entrypoint.sh file:

    Bash
    1
2
3
4
    mkdir ~/privacera-trino-plugin
cd ~/privacera-trino-plugin

vi entrypoint.sh

  • Add the following content in the entrypoint.sh file:

    Bash
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
    #!/bin/bash
set -eo pipefail

set -x

TRINO_CONFIG_FILE="/etc/trino/config.properties"
# Check if the file exists
if [ ! -e "$TRINO_CONFIG_FILE" ]; then
    echo "File not found: $TRINO_CONFIG_FILE"
    exit -1
fi

# Copy the config files from the mounted volume to the trino config directory
# except jvm.config (to support trino 459 and above)
find /trino_config/ -mindepth 1 ! -name 'jvm.config' -exec cp -r {} /etc/trino/ \;
cd /home/trino/

# Check if the coordinator node and install the plugin
if grep -q "^coordinator=true$" "$TRINO_CONFIG_FILE"; then
    echo "It is a coordinator node, Installing trino plugin"
    ./privacera_trino_setup.sh
fi

# Start the trino server
/usr/lib/trino/bin/run-trino

set -- tail -f /dev/null

exec "$@"

Create Dockerfile

Create the file in the same directory as the entrypoint.sh script.

  • Run the following command to create and edit the Dockerfile:
    Bash
    1
2
3
    cd ~/privacera-trino-plugin

vi Dockerfile
  • Add the following content in the Dockerfile:
    Bash
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
    # Define Trino version
ARG TRINO_VERSION=<trino_version>

# Use a base image to install necessary packages
FROM registry.access.redhat.com/ubi9/ubi:latest AS downloader

# Install the necessary packages
RUN dnf install -y zip findutils

# Trino base image
FROM trinodb/trino:${TRINO_VERSION}

# Set the user
USER root

## curl
COPY --from=downloader /usr/bin/curl /usr/bin/
COPY --from=downloader /usr/lib64/ /usr/lib64/
COPY --from=downloader /etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/tls/certs/
COPY --from=downloader /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/
RUN curl --version

## zip
COPY --from=downloader /usr/bin/zip /usr/bin/
RUN zip --version

## unzip
COPY --from=downloader /usr/bin/unzip /usr/bin/
RUN unzip

## gzip
COPY --from=downloader /usr/bin/gzip /usr/bin/
RUN gzip --version

## findutils
COPY --from=downloader /usr/bin/find /usr/bin/
COPY --from=downloader /usr/bin/xargs /usr/bin/
RUN find --version

## sed
COPY --from=downloader /usr/bin/sed /usr/bin/
RUN sed --version

## grep
COPY --from=downloader /usr/bin/grep /usr/bin/
RUN grep --version

## awk
COPY --from=downloader /usr/bin/awk /usr/bin/
RUN awk --version

# Copy Privacera Trino Plugin configuration and setup script
COPY privacera_trino_setup.sh /home/trino
COPY privacera_trino_plugin_conf.zip /home/trino

# Set permissions and ownership
RUN chmod +x /home/trino/privacera_trino_setup.sh
RUN chown trino:trino /home/trino/privacera_trino_setup.sh
RUN chown trino:trino /home/trino/privacera_trino_plugin_conf.zip

# Create ranger directory
RUN mkdir -p /etc/ranger
RUN chown -R trino:trino /etc/ranger

# Create entrypoint directory
RUN mkdir /entrypoint

# Copy the entrypoint script
COPY entrypoint.sh /entrypoint

# Set execute permissions for the entrypoint script
RUN chmod +x /entrypoint/entrypoint.sh

# Set the entrypoint
ENTRYPOINT ["/entrypoint/entrypoint.sh"]

# Set the user
USER trino:trino

Enable Trino Application

  1. In PrivaceraCloud, navigate to Settings -> Applications.
  2. On the Applications screen, select Trino.
  3. Enter the application Name and Click Save. You can choose any name, for example, Trino.
  4. Enable the Access Management option with toggle button.
  5. Click on Save button.

Create entrypoint.sh script

  • Run the following command to create and edit entrypoint.sh file:

    Bash
    1
2
3
4
    mkdir ~/privacera-trino-plugin
cd ~/privacera-trino-plugin

vi entrypoint.sh

  • Add the following content in the entrypoint.sh file:

    Bash
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
    #!/bin/bash
set -eo pipefail

set -x

TRINO_CONFIG_FILE="/etc/trino/config.properties"
# Check if the file exists
if [ ! -e "$TRINO_CONFIG_FILE" ]; then
    echo "File not found: $TRINO_CONFIG_FILE"
    exit -1
fi

# Copy the config files from the mounted volume to the trino config directory
# except jvm.config (to support trino 459 and above)
find /trino_config/ -mindepth 1 ! -name 'jvm.config' -exec cp -r {} /etc/trino/ \;
cd /home/trino/

# Check if the coordinator node and install the plugin
if grep -q "^coordinator=true$" "$TRINO_CONFIG_FILE"; then
    echo "It is a coordinator node, Installing trino plugin"
    ./privacera_plugin.sh
fi

# Start the trino server
/usr/lib/trino/bin/run-trino

set -- tail -f /dev/null

exec "$@"

Create Dockerfile

Create the file in the same location as the entrypoint.sh script.

  • Run the following command to create and edit Dockerfile:
    Bash
    1
2
3
    cd ~/privacera-trino-plugin

vi Dockerfile

  • To obtain the PCLOUD_PLUGIN_SCRIPT_URL, log in to PrivaceraCloud and navigate to Settings -> API Keys Click on the info ℹ️ icon, and you will see the option to copy the Plugins Setup Script URL.

  • Add the following content in the Dockerfile:

    Bash
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
    # Define Trino version
ARG TRINO_VERSION=<trino_version>

# Use a base image to install necessary packages
FROM registry.access.redhat.com/ubi9/ubi:latest AS downloader

# Install the necessary packages
RUN dnf install -y zip findutils wget

# Trino base image
FROM trinodb/trino:${TRINO_VERSION}

# Set the user
USER root

## Declare required environment variables
ENV PLUGIN_TYPE="trino"
ENV TRINO_HOME_FOLDER=/usr/lib/trino
ENV TRINO_CONFIG_DIR=/etc/trino

## URL to download the Privacera Trino Plugin setup script. 
ENV PCLOUD_PLUGIN_SCRIPT_URL="<PCLOUD_PLUGIN_SCRIPT_URL>"

## curl
COPY --from=downloader /usr/bin/curl /usr/bin/
COPY --from=downloader /usr/lib64/ /usr/lib64/
COPY --from=downloader /etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/tls/certs/
COPY --from=downloader /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/
RUN curl --version

## zip
COPY --from=downloader /usr/bin/zip /usr/bin/
RUN zip --version

## unzip
COPY --from=downloader /usr/bin/unzip /usr/bin/
RUN unzip

## gzip
COPY --from=downloader /usr/bin/gzip /usr/bin/
RUN gzip --version

## findutils
COPY --from=downloader /usr/bin/find /usr/bin/
COPY --from=downloader /usr/bin/xargs /usr/bin/
RUN find --version

## sed
COPY --from=downloader /usr/bin/sed /usr/bin/
RUN sed --version

## grep
COPY --from=downloader /usr/bin/grep /usr/bin/
RUN grep --version

## awk
COPY --from=downloader /usr/bin/awk /usr/bin/
RUN awk --version

## wget
COPY --from=downloader /usr/bin/wget /usr/bin/
RUN wget --version

## Download Privacera Trino Plugin setup script
RUN wget ${PCLOUD_PLUGIN_SCRIPT_URL} -O /home/trino/privacera_plugin.sh

# Set permissions and ownership
RUN chmod +x /home/trino/privacera_plugin.sh
RUN chown trino:trino /home/trino/privacera_plugin.sh

# Create ranger directory
RUN mkdir -p /etc/ranger
RUN chown -R trino:trino /etc/ranger

# Create entrypoint directory
RUN mkdir /entrypoint

# Copy the entrypoint script
COPY entrypoint.sh /entrypoint

# Set execute permissions for the entrypoint script
RUN chmod +x /entrypoint/entrypoint.sh

# Set the entrypoint
ENTRYPOINT ["/entrypoint/entrypoint.sh"]

# Set the user
USER trino:trino

Build the Docker image

  • Run the following command to build the Docker image:
    Bash
    1
    docker build -t privacera-trino:latest .

Push the Docker image to the remote HUB

  • Please use your internal HUB to publish the image.

Create a namespace

  • Run the following command to create a namespace.
    Bash
    1
    kubectl create namespace <TRINO_NAMESPACE>

Create docker image secret:

  • To create an image secret, please use and run the command according to your requirements.

Add the Trino Helm chart repository

  • Run the following command to add the Trino Helm chart repository:
    Bash
    1
    helm repo add trino https://trinodb.github.io/charts/

Create .yaml deployment file to override the default values

  • Run the following command to create and edit the values.yaml file:

    Bash
    1
2
3
    cd ~/privacera-trino-plugin

vi values.yaml

  • Add the following content in the values.yaml file:

    Bash
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
    image:
    repository: <TRINO_IMAGE_REPOSITORY>
    pullPolicy: Always
    # Overrides the image tag whose default is the chart version.
    # Same value as Chart.yaml#appVersion
    tag: <TRINO_IMAGE_TAG>


# Optional
imagePullSecrets:
  - name: <TRINO_IMAGE_PULL_SECRET_NAME>

server:
  workers: 1
  config:
    path: /trino_config

service:
  host: "trino"

Install Trino on kubernetes cluster

  • Run the following command to install Trino on the Kubernetes cluster:
    Bash
    1
    helm install -f values.yaml privacera-trino-cluster trino/trino --namespace=<TRINO_NAMESPACE>

Comments