Installation and operation

Installation overview Copied

The installation instructions for the Infrastructure Agent are divided into different sections, depending on the operating system.

• Debian and Ubuntu
• Red Hat Enterprise Linux (RHEL) and Oracle Linux (OL)
• Windows

Note

The Infrastructure Agent can be used on monitored hosts with older Opsview versions, even if you do not upgrade to the latest version. However, we recommend that you upgrade to the latest version of Opsview to ensure that all changes, including security fixes and new features, will work correctly with the Infrastructure Agent.

See Supported versions for the full list of supported platforms.

Debian and Ubuntu Copied

On Debian and Ubuntu, run:

# OPSVIEW-APT-KEY-2024.asc GPG fingerprint:
#     CFA2 67C2 38CD BAD6 AD3D  762B 37AC 7AE6 B4B6 9A0B
sudo apt-get update && sudo apt-get install gnupg
wget -q https://downloads.opsview.com/OPSVIEW-APT-KEY-2024.asc
echo 'f095452e85790a0e1d3382468fced72fba1632da14a0e9ca649a888a0c38db12 OPSVIEW-APT-KEY-2024.asc' | sha256sum -c && cat OPSVIEW-APT-KEY-2024.asc | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg] https://downloads.opsview.com/infrastructure-agent/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/infrastructure-agent.list
sudo apt-get update && sudo apt-get install infrastructure-agent

Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:

sudo apt install /path/to/downloaded/infrastructure-agent*.deb

RHEL and OL Copied

On RHEL, and OL run:

# OPSVIEW-RPM-KEY-2024.asc GPG fingerprint:
#     CFA2 67C2 38CD BAD6 AD3D  762B 37AC 7AE6 B4B6 9A0B
cat <<EOF | sudo tee /etc/yum.repos.d/infrastructure-agent.repo
[infrastructure-agent]
name = Infrastructure Agent
baseurl = https://downloads.opsview.com/infrastructure-agent/yum/rhel/\$releasever/\$basearch/
enabled = 1
gpgcheck = 1
gpgkey = https://downloads.opsview.com/OPSVIEW-RPM-KEY-2024.asc
EOF
sudo yum install infrastructure-agent

Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:

sudo yum install /path/to/downloaded/infrastructure-agent*.rpm

Windows Copied

Warning

For security reasons, we recommend running the installer EXE from an empty directory; running any Windows applications in directories that contain untrusted files may cause Windows to load unsafe components.

You can download the ITRS Infrastructure Agent from the Agent Downloads page and run the Windows Infrastructure Agent installer EXE file. This first installs the required Microsoft Visual C++ Redistributable package, followed by the Infrastructure Agent itself. As part of the installation, you will be prompted to accept the license terms. By default, no firewall rules are added. To allow Opsview to connect to the Agent, select the desired firewall rules to add in the installer dialog.

If installing via the command line, you can use the /help option to view available options. The /passive and /quiet options can be used to display minimal or no user interface, and require setting the ACCEPT_EULA=1 parameter. By doing so, you agree to the license terms outlined in the Agent License and LICENSE_MICROSOFT_VCPP.

Additionally, you can control which firewall rules are added by setting the following properties:

• SET_FIREWALL_RULE_PRIVATE=1 to set a private profile rule
• SET_FIREWALL_RULE_PUBLIC=1 to set a public profile rule
• SET_FIREWALL_RULE_DOMAIN=1 to set a domain profile rule

For example:

.\infrastructure-agent-installer-<version>.exe ACCEPT_EULA=1 SET_FIREWALL_RULE_PRIVATE=1 /quiet

The preceding command will set the appropriate firewall rule for the private profile and install the agent without displaying any user interface.

Note

Any firewall rules that are created by the installer will be removed if the agent is uninstalled.

Troubleshooting during installation Copied

Details about successful or failed installations are logged to your user’s hidden AppData\Local\Temp directory. This may include multiple log files for different components of the installer.

Avoid interacting with the infra-svce.exe or netsh.exe command prompt windows that appear during installation. Doing so may interrupt the process and result in a broken service, which can prevent future installations. If that happens, refer to the section on Agent service conflicts.

Initial configuration Copied

The Agent requires some initial configuration prior to operation. This configuration can be added to custom configuration files in the following locations:

Linux Copied

On Linux, edit:

/opt/itrs/infrastructure-agent/cfg/custom/agent.yml

Windows Copied

On Windows, edit:

C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml

Note

The configuration file is written in YAML, a whitespace-sensitive syntax. Additional YAML configuration files can be added to the custom directory and will be read in alphabetical order.

Allowed hosts Copied

By default, the Agent will run but reject requests from any hosts as allowed_hosts is set to null:

server:
  allowed_hosts: null

To allow access, you may configure the Agent to accept requests from known hosts. Typically, these hosts will be the servers from any monitoring systems that are querying this device. You can configure this list in the custom configuration file:

server:
  allowed_hosts:
    - collector1.mysystem.local
    - collector2.mysystem.local
    - 168.10.1.2

If the Agent has successfully imported its existing configuration, the allowed_hosts may already be defined in the cfg/imported.yml file. To allow any hosts to submit requests, you can use an empty list:

server:
  allowed_hosts: []

Warning

It is not recommended to set the allowed_hosts as an empty list. This would allow any host to launch plugins against the server.

Transport Layer Security Copied

To ensure the security of communications, it is recommended to always enable TLS. The custom configuration file can be used to set a valid CA, certificate, and key file in the server tls section.

server:
  tls:
    cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
    key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
    ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
    check_client_cert: true
  tls_enabled: true

Note

If no custom TLS options are set, the Agent will generate and use a custom self-signed certificate by default. The certificate and key are stored in the var directory of the Agent.

Default TLS Ciphers Copied

The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).

ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!aNULL:!MD5:!DSS

Generate certificates Copied

Certificates can be generated using any valid method. The CA certificate, server certificate, and server key should be added to the TLS configuration. Client certificates should be added to the hosts listed under allowed_hosts.

Warning

Setting tls_enabled to false is not recommended as communications will not be secure.

Restart the Agent Copied

Once the configuration file has been updated, the Agent must be restarted to apply the new configuration. If you are migrating from another Agent, such as NRPE or NSClient, you should stop and disable those agents before starting the Infrastructure Agent to avoid any interference.

Linux Copied

On Linux, run:

sudo systemctl restart infrastructure-agent

Windows Control Panel Copied

1. Open Services.
2. Click Start > Run, and then type services.msc.
3. Right-click the InfrastructureAgent service and then click Restart.

Windows command prompt Copied

From the start menu, right-click Command Prompt, select More > Run as Administrator and then type:

net stop InfrastructureAgent
net start InfrastructureAgent

The agent will automatically try to restart itself if it encounters an error, such as an invalid configuration. However, the restart behavior may vary slightly depending on the operating system:

Ubuntu 20, Ubuntu 22, Debian 10, Debian 12, RHEL 8, OL 8 Copied

• The Agent will attempt to restart twice with a 10-second pause between restarts.
• After updating the configuration, the Agent will need to be restarted manually.

Windows Copied

• The Agent will continually restart every 10 seconds.
• After updating the configuration, the Agent will restart automatically.

Poller Copied

The poller provides a mechanism that allows the Agent to poll specified plugins in the background on a schedule. This allows for capturing and aggregating data at a higher frequency than what is normally supported by plugin execution.

Poller operation Copied

The Poller will read the poller_schedule and ensure that plugins are executed at the specified interval.

poller_schedule:
  checkcpu: 10

Agent version Copied

The Agent’s version is stored in the version file located in the Agent’s var directory.

You can read the version number directly from the file, or you can retrieve it remotely by sending an empty check_nrpe command to the Agent. The version number follows its own release cycle and uses the format <major>.<minor>.<build>.

Managing firewall rules on Windows Copied

On Windows, you can manage the firewall rules for the Infrastructure Agent using the included managefirewall.bat script. This is located in the agent bin directory where the agent is installed, typically at Program Files\Infrastructure Agent\.

To view the available options, use the /help parameter. You can control which firewall rules are added or removed by setting the following properties to 1 or 0 respectively.

• SET_FIREWALL_RULE_PRIVATE to change a private profile rule
• SET_FIREWALL_RULE_PUBLIC to change a public profile rule
• SET_FIREWALL_RULE_DOMAIN to change a domain profile rule

By default, no firewall rules are changed.

For example:

.\managefirewall.bat SET_FIREWALL_RULE_PRIVATE=0 SET_FIREWALL_RULE_DOMAIN=1

The preceding command removes the appropriate firewall rule from the private profile if present, adds the appropriate firewall rule to the domain profile if not present, and leaves any relevant public profile rules unchanged.

Troubleshooting during operation Copied

Windows Copied

Missing Visual C++ Redistributable Copied

If the Microsoft Visual C++ Redistributable is missing, the Agent will fail to start and display an error of the following form:

ImportError: DLL load failed while importing ...: The specified module could not be found.

To resolve this, reinstall the Visual C++ Redistributable, and then restart the Agent service. If other operations are attempted, leaving the agent service in a broken state, refer to the steps for resolving Agent service conflicts.

Agent service conflicts during installation or uninstallation Copied

Installation of the Infrastructure Agent may fail if the infrastructureagent service already exists (for example, if it was left over from a failed installation). To remove the service, run the following in command prompt:

sc STOP infrastructureagent
sc DELETE infrastructureagent

Note

If the Windows Services application is open, it may not display the service as removed until re-opened.

Conversely, uninstallation may fail if the infrastructureagent service has already been removed (for example, with manual commands). To unblock the uninstallation, you can run the following in command prompt to temporarily create the service again (location may differ if your Infrastructure Agent is installed to a different location):

C:\Program Files\Infrastructure Agent\bin\infra-svce.exe --install Agent