Tls 证书生成

生成的证书分发到每个节点

#ip和主机名为**coordinator**的ip和主机名及对应的vip

keytool -genkeypair -validity 36500 -ext SAN=IP:xxx.xxx.xxx.221,xxx.xxx.xxx.221 DNS:xxx.xxx.xxx3,xxx.xxx.xx3 -alias trino -keypass admin@123 -storepass admin@123 -keyalg RSA -dname CN=TRINO-HOST-VIP,OU=,O=,L=,ST=,C= -keystore trino.jks

keytool -export -rfc -keystore trino.jks --alias trino -file trino.pem

添加TRINO-HOST-VIP 172.16.38.14 到/etc/hosts

openldap对接

1.1. 配置config.properties文件

vim etc/config.properties

内容如下：

# 新增对接ldap配置

http-server.https.enabled=true

http-server.https.port=8443

http-server.https.keystore.key=admin@123

http-server.https.keystore.path=/opt/trino/etc/trino.jks

internal-communication.shared-secret=abc123

internal-communication.https.required=true

http-server.https.secure-random-algorithm=SHA1PRNG

http-server.authentication.allow-insecure-over-http=true

http-server.authentication.type=PASSWORD

1.2. 配置password-authenticator.properties文件

vim etc/password-authenticator.properties

内容如下：

password-authenticator.name=ldap

ldap.url=ldap://xxx.xxx.xxx.xxx:389

ldap.user-base-dn=ou=People,dc=dfcv,dc=com

ldap.user-bind-pattern=uid=${USER},ou=People,dc=dfcv,dc=com

ldap.allow-insecure=true