3.4. Deploy a new probe

This section describes how you can add a new Probe to a Trisul domain. We will illustrate the steps involved by adding a new probe named probeWEST to an existing Trisul domain domain0

3.4.1 Overview of the process

Adding a new probe to a Trisul domain simply involves two high level operations

  1. Generate a certificate/key-pair on the PROBE node and
  2. Authorizing it on the HUB node.

In the following steps, commands labeled RUN ON PROBE must be run on the probe node using the CLI tool trisulctl_probe or RUN ON HUB using the CLI tool trisulctl_hub

3.4.2 Steps to add a new probeWEST to a Trisul domain

  • Install package trisul-probe on the new system


    On the new machine, install the trisul-probe package as explained in the Downloads page

    sudo apt-get install trisul-probe
  • Obtain and install domain certificate


    First time? Switch domain0 to distributed network TCP mode. Make sure you have followed the steps in Switching to a distributed domain from the default single machine domain.

    The domain certificate file can be found on the hub node at /usr/local/etc/trisul-hub/domain0/domain0.cert Get this file and put it in a local directory and then install it.

    sudo trisulctl_probe install domain /home/unpl/domain0.cert
  • Create and install a new probe certificate


    Create a new certificate/key pair for your new probe , lets call it probeWEST

    sudo trisulctl_probe
    create probe
    .. enter probeWEST  # probe names must begin with probeXXXXX
    .. enter description
    install probe /usr/local/share/trisul-probe/probeWEST.cert

    You can see that a new probeWEST certificate + key pair is created, this certificate will be sent to the Hub node to authenticate in Step-5.

  • Install context on new probe


    Since the new probe you are about to deply will send data to a Trisul context called ‘default’ you need to install that context on the new probe. Do the following

    sudo trisulctl_probe
    install context probeWEST default
    # output below - dont copy
    Wrote new config file /usr/local/etc/trisul-probe/domain0/probeWEST/context0/trisulProbeConfig.xml
    Wrote ringpass file   /usr/local/etc/trisul-probe/domain0/probeWEST/context0/ringpass.txt
  • Add the new probe certificate on the hub server


    Send the probe certificate file from Step-3 to hub server administrator.

    Assuming you have placed the new probe0.cert on the hub node under /home/unpl/server

    sudo trisulctl_hub
    install probe /home/unpl/server/probeWEST.cert
    .. output below dont copy
    Installing probe id probeWEST
    Copied probe certificate        /usr/local/etc/trisul-hub/domain0/probeWEST.cert
    Added client certificate        /usr/local/etc/trisul-hub/domain0/client_certs/probeWEST.cert

    Now the probe can authenticate with the domain.

  • Add the new probe to contexts


    Authorize and add the new probe to the contexts you want from the hub side. Use the trisulctl_hub set config command

    To add the new probeWEST to the default context use :

    trisulctl_hub set config default@hub0 addlayer=probeWEST 

    To check the probes allowed on this context

    trisul_hub:unpl-seco-16-prod(domain0)> show config default@hub0
    Node info
    node hub0
    context_name default

    Network endpoints
    Type Endpoint
    endpoints_flush tcp://
    endpoints_flush tcp://
    endpoints_query tcp://
    endpoints_pub tcp://
    endpoints_pub tcp://

    Probes allowed on context
    Layer ProbeID
    0 probe0
    1 probeMAA8
    2 probeWEST

    See the Probe to Context Layer mapping reference

  • Run change_endpoints for hub context (for first probe only)


    By default , Trisul uses an IPC connection for each Hub node. If this is the first remote probe you are adding. You
    need to switch the Hub to a TCP connection mode. Follow these steps.

    .. enter domain [default = domain0]
    .. enter hub [default = hub0]
    .. enter context [default = context0]
    .. next enter a local Hub IP to bind to - the probes will connect to this
    .. next enter a starting port number
  • Finishing up

    Now trisulctl_hub restart domain and trisulctl_probe restart domain on all the hub and probe nodes respectively. Then use list nodes to see if they have connected. Finally start context default to start Trisul.

    Congrats your new probe is now live !

    —end task

3.4.3 Uninstall a probe


Simply remove the probe certificate file from /usr/local/etc/trisul-hub/domain0 . Then restart the domain. The probe will no longer be allowed to connect to the domain.

Note that all the data collected by the probe will still be available for viewing. There is no way to delete data collected by a probe because it is merged with the overall data. If you wish to not see the probe dropdown or options in the Web interface. Delete the probe from the trisulHubConfig.xml hub config files. See above section for the location of the file.


On the probe node, you can uninstall the probe using

sudo trisulctl_probe
trisul_probe:kku3(domain0)> uninstall probe domain0 probeWEST
Confirm stop local domain processes and uninstall probe [probeWEST] ? Enter YES to continue : 

This deletes the probe and all the data under it.