Installation and operation
Installation overview Copied
The installation instructions for the Infrastructure Agent are divided into different sections, depending on the operating system.
- Debian and Ubuntu
- Red Hat Enterprise Linux (RHEL) and Oracle Linux (OL)
- Windows
Note
The Infrastructure Agent can be used on monitored hosts with older Opsview versions, even if you do not upgrade to the latest version. However, we recommend that you upgrade to the latest version of Opsview to ensure that all changes, including security fixes and new features, will work correctly with the Infrastructure Agent.
See Supported versions for the full list of supported platforms.
Debian and Ubuntu Copied
On Debian and Ubuntu, run:
# OPSVIEW-APT-KEY-2024.asc GPG fingerprint:
# CFA2 67C2 38CD BAD6 AD3D 762B 37AC 7AE6 B4B6 9A0B
sudo apt-get update && sudo apt-get install gnupg
wget -q https://downloads.opsview.com/OPSVIEW-APT-KEY-2024.asc
echo 'f095452e85790a0e1d3382468fced72fba1632da14a0e9ca649a888a0c38db12 OPSVIEW-APT-KEY-2024.asc' | sha256sum -c && cat OPSVIEW-APT-KEY-2024.asc | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg] https://downloads.opsview.com/infrastructure-agent/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/infrastructure-agent.list
sudo apt-get update && sudo apt-get install infrastructure-agent
Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:
sudo apt install /path/to/downloaded/infrastructure-agent*.deb
RHEL and OL Copied
On RHEL, and OL run:
# OPSVIEW-RPM-KEY-2024.asc GPG fingerprint:
# CFA2 67C2 38CD BAD6 AD3D 762B 37AC 7AE6 B4B6 9A0B
cat <<EOF | sudo tee /etc/yum.repos.d/infrastructure-agent.repo
[infrastructure-agent]
name = Infrastructure Agent
baseurl = https://downloads.opsview.com/infrastructure-agent/yum/rhel/\$releasever/\$basearch/
enabled = 1
gpgcheck = 1
gpgkey = https://downloads.opsview.com/OPSVIEW-RPM-KEY-2024.asc
EOF
sudo yum install infrastructure-agent
Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:
sudo yum install /path/to/downloaded/infrastructure-agent*.rpm
Windows Copied
Warning
For security reasons, we recommend running the installer EXE from an empty directory; running any Windows applications in directories that contain untrusted files may cause Windows to load unsafe components.
You can download the ITRS Infrastructure Agent from the Agent Downloads page and run the Windows Infrastructure Agent installer EXE file. This first installs the required Microsoft Visual C++ Redistributable package, followed by the Infrastructure Agent itself. As part of the installation, you will be prompted to accept the license terms. By default, no firewall rules are added. To allow Opsview to connect to the Agent, select the desired firewall rules to add in the installer dialog.
If installing via the command line, you can use the /help
option to view available options. The /passive
and /quiet
options can be used to display minimal or no user interface, and require setting the ACCEPT_EULA=1
parameter. By doing so, you agree to the license terms outlined in the Agent License and LICENSE_MICROSOFT_VCPP.
Additionally, you can control which firewall rules are added by setting the following properties:
SET_FIREWALL_RULE_PRIVATE=1
to set a private profile ruleSET_FIREWALL_RULE_PUBLIC=1
to set a public profile ruleSET_FIREWALL_RULE_DOMAIN=1
to set a domain profile rule
For example:
.\infrastructure-agent-installer-<version>.exe ACCEPT_EULA=1 SET_FIREWALL_RULE_PRIVATE=1 /quiet
The preceding command will set the appropriate firewall rule for the private profile and install the agent without displaying any user interface.
Note
Any firewall rules that are created by the installer will be removed if the agent is uninstalled.
Troubleshooting during installation Copied
Details about successful or failed installations are logged to your user’s hidden AppData\Local\Temp
directory. This may include multiple log files for different components of the installer.
Avoid interacting with the infra-svce.exe
or netsh.exe
command prompt windows that appear during installation. Doing so may interrupt the process and result in a broken service, which can prevent future installations. If that happens, refer to the section on Agent service conflicts.
Initial configuration Copied
The Agent requires some initial configuration prior to operation. This configuration can be added to custom configuration files in the following locations:
Linux Copied
On Linux, edit:
/opt/itrs/infrastructure-agent/cfg/custom/agent.yml
Windows Copied
On Windows, edit:
C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml
Note
The configuration file is written in YAML, a whitespace-sensitive syntax. Additional YAML configuration files can be added to thecustom
directory and will be read in alphabetical order.
Allowed hosts Copied
By default, the Agent will run but reject requests from any hosts as allowed_hosts
is set to null
:
server:
allowed_hosts: null
To allow access, you may configure the Agent to accept requests from known hosts. Typically, these hosts will be the servers from any monitoring systems that are querying this device. You can configure this list in the custom configuration file:
server:
allowed_hosts:
- collector1.mysystem.local
- collector2.mysystem.local
- 168.10.1.2
If the Agent has successfully imported its existing configuration, the allowed_hosts
may already be defined in the cfg/imported.yml
file.
To allow any hosts to submit requests, you can use an empty list:
server:
allowed_hosts: []
Warning
It is not recommended to set theallowed_hosts
as an empty list. This would allow any host to launch plugins against the server.
Transport Layer Security Copied
To ensure the security of communications, it is recommended to always enable TLS. The custom configuration file can be used to set a valid CA, certificate, and key file in the server
tls
section.
server:
tls:
cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
check_client_cert: true
tls_enabled: true
Note
If no custom TLS options are set, the Agent will generate and use a custom self-signed certificate by default. The certificate and key are stored in thevar
directory of the Agent.
Default TLS Ciphers Copied
The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!aNULL:!MD5:!DSS
Generate certificates Copied
Certificates can be generated using any valid method. The CA certificate, server certificate, and server key should be added to the TLS configuration. Client certificates should be added to the hosts listed under allowed_hosts
.
Warning
Settingtls_enabled
to false is not recommended as communications will not be secure.
Restart the Agent Copied
Once the configuration file has been updated, the Agent must be restarted to apply the new configuration. If you are migrating from another Agent, such as NRPE or NSClient, you should stop and disable those agents before starting the Infrastructure Agent to avoid any interference.
Linux Copied
On Linux, run:
sudo systemctl restart infrastructure-agent
Windows Control Panel Copied
- Open Services.
- Click Start > Run, and then type
services.msc
. - Right-click the
InfrastructureAgent
service and then click Restart.
Windows command prompt Copied
From the start menu, right-click Command Prompt, select More > Run as Administrator and then type:
net stop InfrastructureAgent
net start InfrastructureAgent
The agent will automatically try to restart itself if it encounters an error, such as an invalid configuration. However, the restart behavior may vary slightly depending on the operating system:
Ubuntu 20, Ubuntu 22, Debian 10, Debian 12, RHEL 8, OL 8 Copied
- The Agent will attempt to restart twice with a 10-second pause between restarts.
- After updating the configuration, the Agent will need to be restarted manually.
Windows Copied
- The Agent will continually restart every 10 seconds.
- After updating the configuration, the Agent will restart automatically.
Poller Copied
The poller provides a mechanism that allows the Agent to poll specified plugins in the background on a schedule. This allows for capturing and aggregating data at a higher frequency than what is normally supported by plugin execution.
Poller operation Copied
The Poller will read the poller_schedule
and ensure that plugins are executed at the specified interval.
poller_schedule:
checkcpu: 10
Agent version Copied
The Agent’s version is stored in the version file located in the Agent’s var
directory.
You can read the version number directly from the file, or you can retrieve it remotely by sending an empty check_nrpe
command to the Agent. The version number follows its own release cycle and uses the format <major>.<minor>.<build>
.
Managing firewall rules on Windows Copied
On Windows, you can manage the firewall rules for the Infrastructure Agent using the included managefirewall.bat
script. This is located in the agent bin
directory where the agent is installed, typically at Program Files\Infrastructure Agent\
.
To view the available options, use the /help
parameter. You can control which firewall rules are added or removed by setting the following properties to 1
or 0
respectively.
SET_FIREWALL_RULE_PRIVATE
to change a private profile ruleSET_FIREWALL_RULE_PUBLIC
to change a public profile ruleSET_FIREWALL_RULE_DOMAIN
to change a domain profile rule
By default, no firewall rules are changed.
For example:
.\managefirewall.bat SET_FIREWALL_RULE_PRIVATE=0 SET_FIREWALL_RULE_DOMAIN=1
The preceding command removes the appropriate firewall rule from the private profile if present, adds the appropriate firewall rule to the domain profile if not present, and leaves any relevant public profile rules unchanged.
Troubleshooting during operation Copied
Windows Copied
Missing Visual C++ Redistributable Copied
If the Microsoft Visual C++ Redistributable is missing, the Agent will fail to start and display an error of the following form:
ImportError: DLL load failed while importing ...: The specified module could not be found.
To resolve this, reinstall the Visual C++ Redistributable, and then restart the Agent service. If other operations are attempted, leaving the agent service in a broken state, refer to the steps for resolving Agent service conflicts.
Agent service conflicts during installation or uninstallation Copied
Installation of the Infrastructure Agent may fail if the infrastructureagent
service already exists (for example, if it was left over from a failed installation). To remove the service, run the following in command prompt:
sc STOP infrastructureagent
sc DELETE infrastructureagent
Note
If the Windows Services application is open, it may not display the service as removed until re-opened.
Conversely, uninstallation may fail if the infrastructureagent
service has already been removed (for example, with manual commands). To unblock the uninstallation, you can run the following in command prompt to temporarily create the service again (location may differ if your Infrastructure Agent is installed to a different location):
C:\Program Files\Infrastructure Agent\bin\infra-svce.exe --install Agent