Set up Trino Knox

With ODP v3.3.6.2-1, the Knox service and rewrite.xml are automatically integrated. The only required step is to add the TRINOUI section in the service topology XML.

<service> <role>TRINOUI</role> <url>https://<hostname>:9096</url> </service>

An additional setup step involves importing the required certificates into the following truststores:

  1. Import the Knox certificate into JDK-23’s truststore on hostname mentioned in the above topology.

  2. Import the Trino coordinator’s certificate into Knox’s truststore on the Knox host.

keytool -import -alias trino-coordinator -file /tmp/trino-coordinator.crt -keystore /var/lib/knox/data-3.3.6.1-1/security/keystores/gateway.jks
  1. Import the Knox certificate to the default JDK 17, JDK-11, or JDK-8 truststore (cacerts).

keytool -importcert -alias knox -file knox.pem -keystore /usr/lib/jvm/java-17-openjdk-17.0.25.0.9-2.el8.x86_64/lib/security/cacerts -storepass changeit -noprompt
  1. Import the Trino coordinator's certificate into Knox's JDK 17, JDK-11, or JDK-8 truststore (cacerts) on the host running Knox.

keytool -importcert -alias trino-coordinator -file /tmp/trino-coordinator.crt -keystore /usr/lib/jvm/java-17-openjdk-17.0.25.0.9-2.el8.x86_64/lib/security/cacerts -storetype PKCS12 -storepass changeit -noprompt


  Last updated
On This Page
Set up Trino Knox