This set of scripts can be used to set up Java, a jks certificate, the trino user, and /etc/trino. You can then proceed to the regular setup for Trino through Ambari, making sure to note on which machines you’ve set up the coordinator, and on which you’ve set up the workers.
Before proceeding to setup the coordinator and the workers, make sure to read through 2.3 which contains additional configuration options you may want.
You will need to setup the environment for the Coordinator first in order to get your Coordinator’s certificate. This needs to be the same machine that you will setup the Coordinator on through Ambari.
Afterwards, run `./coordinator -i [path to your ssh key] -H [host]` There are optional arguments you can pass:
- -u [user] – this defaults to `acceldata`
- -f [path/to/save/certificate] – this defaults to your current working directory
You can pass additional arguments to trino-setup by appending `–` after your command. These will be explained in 2.4.
Example usage:
./coordinator -i ~/.ssh/my_ssh_key -H 10.100.11.25 -u acceldata
# Or specify where you want the coordinator cert saved to your local machine
./coordinator -i ~/.ssh/my_ssh_key -H 10.100.11.25 -u acceldata -f ~/trino-cert.crt
You will need to have already setup your Coordinator’s environment in order to proceed with setting up the workers1.
Having done this, run `./workers -i [path to your ssh key] -H [comma or space separated list of hosts]`
Importantly, you can setup as many workers as you want with one invocation of this script by passing a comma separated list of hosts.
Much like the coordinator setup, you can specify additional arguments:
- -u [user] – this defaults to `acceldata`
- -f [local/path/to/coordinator/cert] – this defaults to `trino-coordinator` in your working directory.
Example usage:
./workers -i ~/.ssh/my_ssh_key -H 10.100.11.26,my_other_host,10.100.11.72
# If you saved your coordinator cert somewhere else, or named it something else
./workers -i ~/.ssh/my_ssh_key -H 10.100.11.26,my_other_host,10.100.11.72 -f ~/trino-cert.crt -u acceldata
This script is what does most of the work in setting up Trino and SSL. The defaults should generally work fine for simple usage, but you may wish to customize some aspects of it.
Options:
- -p [your jks password] – defaults to Hadoop@123
- -j [jdk home path] – This is where JAVA_HOME will be created on the target machine
- -c [PATH] – This is where the .crt will be created and imported from
- -C [PATH] – This is where the coordinator certificate will be placed
- -l [URL] – Where to download JDK from. This must be a direct url to the tarball
- -t [name] – The trino user name
- -k [PATH] – where to save the jks file on the host
- -r [password] – Java truststore password
By appending `–` to your calls to either `worker` or `coordinator`, you can modify additional options for setting up Trino.
In this example, we specify where JAVA_HOME will be located as well as the PATH and password for the trino keystore.
./coordinator -i ~/.ssh/my_ssh_key -H 10.100.11.25 -u acceldata -- -j /usr/lib/java23 -t my_new_trino_user -k /etc/security/ssl/trino.jks -p your_keystore_password
Anything after the `–` will be treated as an argument to the `trino-setup` script.
1 See `Coordinator Setup` for details