Trino with Iceberg REST¶
Using Trino with Nessie Catalog (Iceberg REST) works and has been validated using S3 and Minio.
Object Stores¶
Currently only S3 is supported for Trino with Nessie Catalog. GCS and ADLS might work.
Trino does not support S3 request signing, so it is mandatory to configure the assume role/credentials vending functionality, see Nessie Docs starting here. The Trino fs.native-s3.enabled=true setting is mandatory for this to work.
OAuth2 support¶
Warn
Trino lacks functionality to configure the oauth endpoint and is therefore unable to work with any Iceberg REST catalog implementation and demands a standard OAuth2 server like Keycloak or Authelia.
Until the missing OAuth2 endpoint support issue is fixed in Trino, users have to supply an OAuth2 token via the iceberg.rest-catalog.oauth2.token Trino catalog configuration.
Starter configuration¶
You can query Nessie Catalog to get an example starter configuration template for the Trino catalog configuration.
To get the Trino ‘static’ catalog configuration, use curl or wget:
NESSIE_BASE_URL="http://127.0.0.1:19120/"
curl "${NESSIE_BASE_URL}/iceberg-ext/v1/client-template/trino?format=static"
wget can be used to download the configuration SQL to a nessie.properties file:
NESSIE_BASE_URL="http://127.0.0.1:19120/"
wget --content-disposition "${NESSIE_CATALOG_URL}/iceberg-ext/v1/client-template/trino?format=static"
The above will return the contents for a Trino catalog configuration properties file for ‘static’ catalog configuration.
#
# Example Trino starter configuration properties for warehouse s3://bucket-yzeq68
# generated by Nessie to be placed for example in
# /etc/trino/catalogs/nessie.properties within a Trino container/pod when.
# using Trino 'static' configurations.
#
# This starter configuration must be inspected and verified to validate that
# all options and values match your specific needs and no mandatory options
# are missing or superfluous options are present.
#
# When using OAuth2, you have to supply the 'iceberg.rest-catalog.oauth2.token'
# configuration.
#
# WARNING! Trino lacks functionality to configure the oauth endpoint and is therefore
# unable to work with any Iceberg REST catalog implementation and demands a standard
# OAuth2 server like Keycloak or Authelia. If you feel you need client-ID/secret flow,
# please report an issue against Trino.
#
# No guarantees that this configuration works for your specific needs.
# Use at your own risk!
# Do not distribute the contents as those may contain sensitive information!
#
connector.name=iceberg
fs.native-s3.enabled=true
iceberg.catalog.type=rest
iceberg.rest-catalog.uri=http\://localhost\:33405/iceberg/
iceberg.rest-catalog.vended-credentials-enabled=true
s3.endpoint=http\://localhost\:37029/
s3.path-style-access=true
s3.region=us-east-1
To get the Trino ‘dynamic’ catalog configuration, use curl or wget:
NESSIE_CATALOG_URL="http://127.0.0.1:19120/iceberg"
curl "${NESSIE_CATALOG_URL}/v1-clients/trino?format=dynamic"
wget can be used to download the configuration SQL to a create-catalog-nessie.sql file:
NESSIE_CATALOG_URL="http://127.0.0.1:19120/iceberg"
wget --content-disposition "${NESSIE_CATALOG_URL}/v1-clients/trino?format=dynamic"
The above will return the SQL for a Trino catalog configuration for ‘dynamic’ catalog configuration.
/*
* Example Trino starter configuration properties for warehouse s3://bucket-yzeq68
* generated by Nessie to be placed for example in
* /etc/trino/catalogs/nessie.properties within a Trino container/pod when.
* using Trino 'static' configurations.
*
* This starter configuration must be inspected and verified to validate that
* all options and values match your specific needs and no mandatory options
* are missing or superfluous options are present.
*
* When using OAuth2, you have to supply the 'iceberg.rest-catalog.oauth2.token'
* configuration.
*
* WARNING! Trino lacks functionality to configure the oauth endpoint and is therefore
* unable to work with any Iceberg REST catalog implementation and demands a standard
* OAuth2 server like Keycloak or Authelia. If you feel you need client-ID/secret flow,
* please report an issue against Trino.
*
* No guarantees that this configuration works for your specific needs.
* Use at your own risk!
* Do not distribute the contents as those may contain sensitive information!
*/
CREATE CATALOG nessie
USING iceberg
WITH (
"connector.name" = 'iceberg',
"fs.native-s3.enabled" = 'true',
"iceberg.catalog.type" = 'rest',
"iceberg.rest-catalog.uri" = 'http://localhost:33405/iceberg/',
"iceberg.rest-catalog.vended-credentials-enabled" = 'true',
"s3.endpoint" = 'http://localhost:37029/',
"s3.path-style-access" = 'true',
"s3.region" = 'us-east-1'
);
References¶
Refer to the Trino documentation for more information about the configuration settings: