Executing the Configurator Script

The configuator script generates the single-node installation script to install the Trino Protector.

To execute the configurator script:

  1. Log in to the staging machine that has connectivity to ESA.

  2. To execute the configurator script, run the following command:

    ./TrinoProtectorConfigurator_10.0.0+x.sh

  3. Press ENTER. The prompt to continue the configuration of the Trino Protector appears.

    ************************************************************************************
            Welcome to the Configurator for Protegrity Trino Protector
************************************************************************************
This will configure and generate the Protegrity Trino Protector Generic Installation
Script for a single Trino node.

Do you want to continue? [yes or no]:

  4. To continue, type yes.

  5. Press ENTER. The prompt to enter the installation directory on the cluster node appears.

    Protegrity Trino Protector Configurator started...

Enter the Installation Directory on cluster node
[default: /opt/protegrity]:

  6. Enter the location of the directory to install the Trino protector.
    To use the default directory, press ENTER.

  7. Press ENTER. The prompt to enter a temporary directory appears.

    Enter a Temporary Staging Directory on the cluster node.
This directory will be used for extracting files from the Installation/Uninstallation scripts.
The user executing the Installation/Uninstallation scripts must have permission to create this directory and execute in it.
If the directory exists, ensure it is empty, as the scripts will delete its contents recursively.
[default: /tmp/protegrity]:

  8. Enter the location of the temporary directory.

  9. Press ENTER. The prompt to enter the ESA IP address or host name appears.

    Enter the ESA Hostname/IP Address:

  10. Enter the ESA hostname or IP address.

  11. Press ENTER. The prompt to enter the listening port appears.

    Enter ESA host listening port [8443]:

  12. Enter the ESA host listening port.

  13. Press ENTER. The prompt to enter the JSON Web Token appears.

    If you have an existing ESA JSON Web Token (JWT) with Export Certificates role, enter it otherwise enter 'no':

    Note: The script silently reads the user input. Therefore, the user will be unable to see the entered JWT or no.

  14. Enter the JWT token.

    a. If you do not have an existing ESA JSON Web Token (JWT), type no.

    b. Press ENTER. The prompt to enter the user name with Export Certificates permission appears.

    ```
JWT was not provided. Script will now prompt for ESA username and password.
Enter ESA Username:
```

    c. Enter the username that has permissions to export the certificates.

    d. Press ENTER. The prompt to enter the password appears.

    ```
Temporarily setting up RPAgent directory structure on current node...
Please enter the password for downloading certificates[]:

```

    e. Enter the password.

    f. Press ENTER. The script retrieves the JWT from the ESA, validates it, and the prompt to select the Audit Store type appears.

    ```
Unpacking...
Extracting files...
Obtaining token from <ESA_IP_Address>:<ESA_Port>...
Downloading certificates from ESA_IP_Address:ESA_Port...
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                Dload  Upload   Total   Spent    Left  Speed
100 11264  100 11264    0     0   116k      0 --:--:-- --:--:-- --:--:--  117k

Extracting certificates...
Certificates successfully downloaded and stored in /<installation_directory>/rpagent/data

Protegrity RPAgent installed in /<installation_directory>/rpagent.


Repackaging rpagent with ESA certificates...

Fetched and Repackaged ESA Certificates successfully..


Select the Audit Store type where Log Forwarder(s) should send logs to.

[ 1 ] : Protegrity Audit Store
[ 2 ] : External Audit Store
[ 3 ] : Protegrity Audit Store + External Audit Store

Enter the no.:
```

  15. Depending on the Audit Store type, select any one of the following options:

    OptionDescription
    1To use the default setting using the Protegrity Audit Store appliance, type 1. If you enter 1, then the default Fluent Bit configuration files are used and Fluent Bit will forward the logs to the Protegrity Audit Store appliances.
    2To use an external audit store, type 2. If you enter 2, then the default Fluent Bit configuration files used for the External Audit Store (out.conf and upstream.cfg in the /opt/protegrity/fluent-bit/data/config.d/ directory) are renamed (out.conf.bkp and upstream.cfg.bkp) so that they will not be used by Fluent Bit. Additionally, the custom Fluent Bit configuration files for the external audit store are copied to the /opt/protegrity/fluent-bit/data/config.d/ directory.
    3To use a combination of the default setting with an external audit store, type 3. If you enter 3, then the default Fluent Bit configuration files used for the Protegrity Audit Store (out.conf and upstream.cfg in the /opt/protegrity/fluent-bit/data/config.d/ directory) are not renamed. However, the custom Fluent Bit configuration files for the external audit store are copied to the /opt/protegrity/fluent-bit/data/config.d/ directory.

  16. Press ENTER. The prompt to enter the comma-separated list of the Audit Store appears.

    Enter comma-separated list of Hostnames/IP Addresses and/or Ports of Protegrity Audit Store.
Allowed Syntax: hostname[:port][,hostname[:port],hostname[:port]...] (Default Value - <ESA_IP_Address>:<ESA_Port>)
Enter the list:

  17. Enter the comma-separated IP addresses/ports in the correct syntax.

  18. Press ENTER.

    The prompt to enter the local directory path that stores the LogForwarder configuration file appears.

    Enter the local directory path on this machine that stores the LogForwarder configuration files for External Audit Store:

    The configurator script will display this prompt only if you select option 2 or 3

  19. Enter the location to store the Log Forwarder configuration files.

  20. Press ENTER.

    The prompt to generate the application logs for the RPAgent appears.

    Do you want RPAgent's log to be generated in a file? [yes or no]:

  21. To generate the application logs for the RPAgent, type yes.

  22. Press ENTER.

    The script enables the application log file and generates the single-node installation script.

    RPAgent's log will be generated in a file.

Configuring the Trino Protector Installation Script...

Successfully finished configuring the Trino Protector Installation Script.

The single-node Installation Script is generated at /<installation_directory>/Installation_Script/TrinoProtector_InstallationScript_10.0.0+x.sh

Next Steps:

1) Copy the Installation Script to a storage location that is reachable by the Trino cluster nodes.

2) You can create a shell script that will download the Installation Script and execute it by passing the correct arguments.

3) Ensure to pass the correct Command Line arguments to the Installation Script.
Run ./TrinoProtector_InstallationScript_10.0.0+x.sh --help  to print Usage and Help Info.

4) For a new Trino cluster, you can configure the shell script to be executed at Node Startup via Bootstrap/Init Script mechanism if your cluster provides it.

5) For a running Trino cluster, you can execute the shell script on the existing nodes.

Last modified : December 18, 2025