["Opsview"]["Compatibility Matrix","Technical Reference"]

Opsview 6.x Compatibility Matrix

Supported operating systems

ITRS Opsview supports the following Linux distributions for your Opsview Monitor environment. You must verify that your intended platform is supported in the list below prior to installation.

For the complete installation guide, you may refer to Opsview Monitor documentation.

Operating system Version supported Architecture Status FIPS support
Debian

10.x (Buster)

64-bit

Supported

This requires upgrade instructions from Debian 8. See Upgrade from Debian 8 to Debian 10.

Unsupported
Debian 8.x (Jessie) 64-bit Unsupported beginning 6.6.4 and newer version Unsupported
CentOS 7.x 64-bit Supported Supported beginning 6.5.4 and newer version
RHEL 7.x 64-bit Supported Supported beginning 6.5.4 and newer version
RHEL 8.x 64-bit Supported

Supported beginning 6.5.4 and newer version (requires additional configuration, see FIPS compatibilities)

OL (Formerly OEL) 7.x 64-bit Supported Supported beginning 6.5.4 and newer version
Ubuntu (LTS) 18.04 (Bionic Beaver) 64-bit Supported Unsupported
Ubuntu LTS) 20.04 (Focal Fossa) 64-bit Supported Unsupported
Ubuntu (LTS) 16.04 (Xenial Xerus) 64-bit Supported until 6.5 only Unsupported
         

The Opsview Monitor software is tested against all latest package updates to include major fixes and security updates across all distributions. It is recommended you ensure that your target platform has the most up-to-date packages, fixes and so on. Furthermore, ensure you use the latest stable release of your distribution unless stated elsewhere in your documentation that is needed to successfully run Opsview Monitor.

Virtualisation

Opsview Monitor supports the following virtualisation technologies in combination with supported operating systems (see above); this is limited to our ability to test and diagnose issues. You must verify that your intended virtualisation platform is supported in the following list:

  • Parallels (for evaluation only, not production systems)

  • VMware Player (for evaluation only, not production systems)

  • VMware Server

  • VMware ESX/ESXi

  • Xen Hypervisor

  • KVM Hypervisor

  • Microsoft Hyper-V

Federal Information Processing Standards (FIPS)

Opsview Monitor will run on specific FIPS-compliant operating systems with FIPS mode enabled (see the support table above). Different packages may be installed on FIPS-enabled systems. This is managed automatically by opsview-deploy, so you can follow the usual installation instructions.

Note: To enable FIPS on a system which already has Opsview installed, please contact the Customer Success team.

SNMP Privacy Protocol Support

The SNMP privacy protocol support is included beginning Opsview 6.6.7.

The aes256 and aes256c SNMPv3 privacy protocol options only support custom SNMP Polling Checks and SNMP Traps when run or received on RHEL 8 systems. This means that any Opsview Hosts using these pieces of functionality must be monitored by Monitoring Clusters made up entirely of RHEL 8 Collectors.

Caution: This assumes the default installation of Net-SNMP for each listed operating system. If this has been changed, support may vary.

The Network Topology feature does not currently support these privacy protocols.

For all supported protocols, see Supported SNMPv3 Protocols.

FIPS compatibilities

This section provides information on specific operating systems to enable FIPS support which is available from Opsview Monitor 6.5.4.

RHEL 8 Java

While the rest of the Opsview system will correctly work on a FIPS-enabled server running Red Hat Enterprise Linux 8 (RHEL 8), the Opsview Reporting Module requires a Java Runtime configured to not run in FIPS mode due to the incompatibility with FIPS standards that the keystore algorithm (JCEKS) Jasperserver uses.

There are two workarounds to this issue:

  1. Install a new JRE for Opsview to run in a non-FIPS compliant mode. This will allow any other Java applications on the system to continue running in FIPS mode while allowing the Reporting Module to run.

  2. Configure the currently installed JRE on the Orchestrator machine to run in a non-FIPS compliant mode. This will have the side effect of allowing non-FIPS compliant Java applications on the system.

Note: If there is no Java runtime located on the orchestrator machine, one of the workarounds must be performed so that the Reporting Module has a valid Java installation to use.

Install an Opsview specific Java (Recommended)

These instructions will need to be modified if a later version of the JRE is released.

  1. Get the URL of the latest 1.8 OpenJDK release from Red Hat.

  2. Download the OpenJDK tarball from the above site and transfer it to the Orchestrator host.

  3. scp java-1.8.0-openjdk-<version>.portable.jre.el.x86_64.tar.xz orchestrator-hostname:/tmp/
  4. Create the Opsview Java directory.

  5. mkdir /opt/opsview/java
  6. Extract the OpenJDK tarball in the newly created Java directory.

  7. tar -xf /tmp/java-1.8.0-openjdk-<version>.portable.jre.el.x86_64.tar.xz -C /opt/opsview/java --strip 1
  8. Set security.useSystemPropertiesFile to false in the new Java installation java.security file.

  9. sed -i.bk "s/^security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g" /opt/opsview/java/lib/security/java.security
  10. Run the check-deploy playbook to ensure that Java is now correctly configured. This playbook will additionally set up Python on all systems used.

Note: This Java installation is currently not managed by Opsview in any way. This means that any security updates will have to be manually installed by rerunning the manual steps listed above.

Configure the System Java to run in a FIPS non-compliant mode

  1. Run the check-deploy playbook in Opsview Deploy. This will detect the Java runtime that the Jasper server will choose to use and raise an alarm if it is not configured as needed. This playbook will additionally set up Python on all systems used.

  2. cd /opt/opsview/deploy/
    ./bin/opsview-deploy ./lib/playbooks/check-deploy.yml 
    

    Sample output:

    ....
    
    REQUIRED ACTION RECAP ********************************************************************
    
    [HIGH -> rm-op-44104-rhel8-2-orch] Security flag is set to 'true' on system Java
      | A system Java Runtime (JRE) installation has been located at
      | /usr/lib/jvm/jre-1.8.0-openjdk, but the security flag 'security.useSystemPropertiesFile'
      | is currently set to 'true'.
      | 
      | In order to use the Opsview Reporting module on RedHat 8 with FIPS mode enabled,
      | this flag must either be set to false or an alternative Java installation
      | installed for Opsview's usage.
      | 
      | For more information and instructions, see:
      | https://knowledge.opsview.com/docs/
  3. Edit the configuration file in the specified Java directory. The following sed command creates a backup named java.security.bk.

  4. # In this example, the Java directory is '/usr/lib/jvm/jre-1.8.0-openjdk' as specified by the Deploy in the `REQUIRED ACTION RECAP` output
    cd /usr/lib/jvm/jre-1.8.0-openjdk/
    sed -i.bk "s/^security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g" lib/security/java.security
  5. Rerun the check_deploy playbook following the first step above to ensure that Java is now correctly configured.

RHEL 8 Opsview-Agent (NRPE) ciphers

The default anonymous ciphers configured on the Orchestrator and used to communicate with opsview-agent on monitored devices need to be replaced with higher security ones in order for check_nrpe based checks to work in a RHEL8 FIPS environment. The easiest way to accomplish this is to replace the ciphers listed in the NRPE_CIPHERS global variable (Menu > Configuration > Advanced > Variables) with AECDH-AES256-SHA:AECDH-AES128-SHA and run Apply Changes.

You must ensure that the opsview-agent on the monitored hosts allows this new cipher configuration (see Opsview Agent Security for more details). They will work with opsview-agent version 6.0.0 and newer using the default configuration. This change is not necessary if you already use authenticated ciphers exclusively.

The need for this change is brought about by the tighter security standards enforced by RHEL8 FIPS (see Strong crypto defaults in RHEL 8 and deprecation of weak crypto algorithms - Red Hat Customer Portal). These new ciphers use Elliptic-Curve Cryptography (ECC) which provides enhanced security as well as improved performance.

Upgrade from Debian 8 to Debian 10

Please note that this section is only applicable for users who are using Opsview 6.6.x.

There is no support for a direct upgrade from Debian 8 (Jessie) to Debian 10 (Buster). An intermediate upgrade to Debian 9 (Stretch) is required. Follow the steps below to upgrade your Debian 8 Opsview system to Debian 10.

Note: This section focuses on how to handle Opsview Monitor during the upgrade from Debian 8 to Debian 10. You may see Debian-related errors during the upgrade which have not been mentioned in this documentation. It is advised to read the Debian documentation to resolve these issues if needed.

Before the upgrade

Ensure your system is up-to-date by following the standard protocol implemented by Debian Chapter 9. Keeping your Debian system up-to-date.

Upgrade Opsview Monitor to the latest version that supports Debian 8. If you are using a version lower than 6.4 ,follow the instruction in In-Place Upgrade to upgrade your system to 6.4.

To upgrade to version 6.6.3 you will need to use the following repository: https://downloads.opsview.com/opsview-commercial/6.6.3.202110261346/deploy.

You can simply follow the instructions on how to upgrade from 6.4.x or later to 6.6 using the new repository https://downloads.opsview.com/opsview-commercial/6.6.3.202110261346. Please take note of the following:

  • When doing automated upgrade instead of curl -sLo- https://deploy.opsview.com/6.6 | sudo bash -s -- --only repository,bootstrap use:

  • curl -sLo- https://downloads.opsview.com/opsview-commercial/6.6.3.202110261346/deploy | sudo bash -s -- --only repository,bootstrap
  • When doing manual upgrade:

  • # CentOS/RHEL/OL
    [opsview]
    name    = Opsview Monitor
    baseurl = https://downloads.opsview.com/opsview-commercial/6.6.3.202110261346/yum/rhel/$releasever/$basearch
    enabled = yes
    gpgkey  = https://downloads.opsview.com/OPSVIEW-RPM-KEY.asc
    
    # Ubuntu/Debian
    deb https://downloads.opsview.com/opsview-commercial/6.6.3.202110261346/apt xenial main

Finally, run the check-deploy playbook on your orchestrator and ensure any outputted issues are resolved:

/opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/check-deploy.yml

Stop Opsview Monitor on the orchestrator:

cd /opt/opsview/deploy
./bin/rc.ansible ansible -m command -a "/opt/opsview/watchdog/bin/opsview-monit stop all" 'opsview_all'

Upgrade to Debian 9 (Stretch)

Update the sources list to use Debian 9.

As root user, edit /etc/apt/sources.list on each system then change all occurrences of jessie to stretch.

Upgrade from Debian 8

Run these set of steps for each system to upgrade to Debian 9.

Note: Ignore warnings about W: There is no public key available for the following key IDs.

apt-get update
apt-get upgrade
apt-get dist-upgrade
reboot

Note: Select default options when prompted during the upgrade.

Running reboot will shut down your system and boot it back up again so you will need to reconnect to it. Optionally, you can remove remnants of Debian 8 (this is done for you in a later stage).

rm -rf /etc/apt/sources.list.d/jessie-backports.list

Upgrade to Debian 10 (Buster)

Update the sources list to use Debian 10.

As root user, edit /etc/apt/sources.list on each system then change all occurrences of stretch to buster.

Also edit /etc/apt/sources.list.d/opsview.list then change all occurrences of jessie to buster.

Upgrade from Debian 9

Run these set of steps for each system to upgrade to Debian 10:

apt-get update
apt-get upgrade
apt-get dist-upgrade
reboot

Note: Select default options when prompted during the upgrade.

Running reboot will shut down your system and boot it back up again so you will need to reconnect to it

Update Opsview

Install the latest Opsview by following upgrade instructions in From 6.4.x or later to 6.6. This step will ensure that you pull the latest 6.6 packages (later than 6.6.3).

  1. On the orchestrator, run:

  2. /opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/create-config-debian10.yml
  3. Update and upgrade Opsview packages. On each system, run:

  4. apt update

    It is expected that apt update will claim that the system is up to date.

    apt upgrade

    It is expected that apt upgrade will say that it is downgrading opsview-xxx from 6.6.3.<yyyymmddhhmm>-1jessie1 to 6.6.3.<yyyymmddhhmm>-1buster1.

  5. On the orchestrator, run:

  6. /opt/opsview/deploy/bin/opsview-deploy /opt/opsview/deploy/lib/playbooks/remove-config-debian10.yml
  7. Stop php5-fpm. This interferes with the setup and needs to be stopped on the orchestrator.

  8. service php5-fpm stop
  9. Run the check-deploy playbook on the orchestrator.

  10. cd /opt/opsview/deploy
    ./bin/opsview-deploy ./lib/playbooks/check-deploy.yml
  11. Resolve any issues highlighted by check-deploy.

  12. Run the setup-everything playbook on the orchestrator.

  13. cd /opt/opsview/deploy
    ./bin/opsview-deploy ./lib/playbooks/setup-everything.yml

Note: If necessary, please follow the additional steps below. Otherwise, you have now successfully upgraded your system.

Additional steps

Due to an apt issue through the upgrade, it is necessary to upgrade libcurl4 manually and restart the datastore on all Opsview hosts. To do so run the following commands on the master.

/opt/opsview/deploy/bin/rc.ansible ansible -m command -vvv -a "apt-get -y install libcurl4" opsview_datastore_all
/opt/opsview/deploy/bin/rc.ansible ansible -m command -vvv -a "/opt/opsview/watchdog/bin/opsview-monit restart opsview-datastore" opsview_datastore_all

Supported browsers

The Opsview Monitor user interface is presented as a web application and in the table below is the list of supported browsers that have been tested with the Opsview Monitor software. Our software is tested against the web browser's latest release or patch update where issues may exist with earlier versions.

Browser Version
Google Chrome Latest stable release
Firefox Latest stable release
Microsoft Edge Latest stable release (Chromium)
   

Screen size support

The User Interface is optimised for these sizes of screen:

Minimum Recommended maximum
1366 x 768 1920 x 1080
   

Other web browsers that are not listed in the table above may work with Opsview Monitor but are not officially supported and are not tested.