Set up Trino Knox

With ODP v3.3.6.2-1, the Knox service and rewrite.xml are automatically integrated. The only required step is to add the TRINOUI section in the service topology XML.

<service>

  <role>TRINOUI</role>

  <url>https://<hostname>:9096</url>

</service>

An additional setup step involves importing the required certificates into the following truststores:

1. Import the Knox certificate into JDK-23’s truststore on hostname mentioned in the above topology.
2. Import the Trino coordinator’s certificate into Knox’s truststore on the Knox host.

keytool -import -alias trino-coordinator  -file /tmp/trino-coordinator.crt -keystore /var/lib/knox/data-3.3.6.1-1/security/keystores/gateway.jks

3. Import the Knox certificate to the default JDK 17, JDK-11, or JDK-8 truststore (cacerts).

keytool -importcert   -alias knox   -file knox.pem   -keystore /usr/lib/jvm/java-17-openjdk-17.0.25.0.9-2.el8.x86_64/lib/security/cacerts -storepass changeit   -noprompt

4. Import the Trino coordinator's certificate into Knox's JDK 17, JDK-11, or JDK-8 truststore (cacerts) on the host running Knox.

keytool -importcert   -alias trino-coordinator   -file /tmp/trino-coordinator.crt   -keystore /usr/lib/jvm/java-17-openjdk-17.0.25.0.9-2.el8.x86_64/lib/security/cacerts   -storetype PKCS12   -storepass changeit   -noprompt