ITRS Opsview Cloud Documentation

Opsview Infrastructure Agent (Beta) Installation and Operation

Overview Copied

The Opsview Infrastructure Agent is designed to be a replacement for the existing (NRPE and NSClient) Agents and operates on servers running on either Windows or Linux systems.

The Infrastructure Agent enables communication between systems by running a daemon that Opsview Monitor Collectors can use to interrogate the status of the system. It provides some default plugins (for checking on RAM, CPU, and DISK, amongst others) that Host Templates within Opsview Monitor can make use of straight away, but can be extended with additional plugins.

Support versions Copied

Packages such as .msi, .deb, and .rpm are available for both Linux and Windows installation. The following is a list of all operating systems that are directly supported:

Contact Opsview Customer Success for support with any Operating Systems not listed above.

Installation Copied

The Agent packages are available from the Opsview Downloads website.

On Debian and Ubuntu: Copied

sudo apt install /path/to/downloaded/infrastructure-agent*.deb

On RHEL, OL, and CentOS: Copied

sudo yum install /path/to/downloaded/infrastructure-agent*.rpm

On Windows: Copied

Download and run the Windows Infrastructure Agent installer.

Import existing configuration Copied

When the Agent is started, it will attempt to automatically import the following settings from previously installed Opsview Agents:

Imported settings can be found in the config file cfg/imported.yml. If this file already exists, the Agent will skip the import process.


On early Beta versions, the location was cfg/custom/imported.yml. On newer Beta versions, the old file will automatically be moved to the new location.

Initial configuration Copied

The Agent requires some initial configuration prior to operation which should be added to the custom configuration files in these locations:

Linux: Copied


Windows: Copied

C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml


The configuration file is written in YAML which uses a whitespace sensitive syntax. Additional YAML configuration files can also be added into the custom directory and are read in alphanumeric order.

Allowed hosts Copied

The Agent will reject requests from any hosts by default, so it must be configured to accept requests from known hosts. Typically, this will be the executors in the collector cluster of the Opsview system monitoring this device. This list should be configured in the custom configuration file, for example:

    - collector1.myopsview.local
    - collector2.myopsview.local

If the Agent has successfully imported existing configuration, allowed_hosts may already be defined in cfg/imported.yml.

To allow any host to submit requests, an empty list can be used:

  allowed_hosts: []


It is not recommended to have the allowed_hosts as an empty list. This would allow anyone to launch plugins against the server

Transport Layer Security Copied

It is recommended that TLS be enabled at all times to ensure the security of communications. A valid CA, certificate, and key file can be set in the custom configuration file, within the server tls section:

    cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
    key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
    ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
    check_client_cert: true
  tls_enabled: true


By default, if no custom TLS options are set, the Agent will generate and use a custom self-signed certificate. The certificate and key are stored in the var directory of the Agent.

Default TLS Ciphers Copied

Due to the requirement to support both the new and old Agents, the default value of the NRPE_CIPHERS variable is modified in the Opsview instances:


The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).

Generate certificates Copied

Certificates can be generated using any valid method; however, the simplest way to get started is by using the Opsview Public Key Infrastructure. You can follow these steps in PKI to generate both client and server certificates. The CA certificate, server certificate and server key should be added to the TLS configuration while client certificates should be added to the hosts listed under allowed_hosts.


Setting tls_enabled to false is not recommended as communications will not be secure.

Restart the Agent Copied

Once the configuration file has been updated the Agent will need to be restarted to apply the new configuration. The old Agent (NRPE or NSClient) should be stopped (and disabled) before starting the Opsview Infrastructure Agent to avoid any interference.

Linux Copied

sudo systemctl restart infrastructure-agent

Windows Control Panel Copied

  1. Open Services.
  2. Click Start > Run, and then type services.msc.
  3. Right-click the InfrastructureAgent service and then click Restart.

Windows command prompt Copied

From the start menu, right-click Command Prompt, select More, and click Run as Administrator. Then type

net stop InfrastructureAgent
net start InfrastructureAgent

The Agent will automatically attempt to restart itself in an error state, such as an invalid configuration. The restart behaviour differs slightly across operating systems:

Ubuntu 18, Ubuntu 20, Debian 10, RHEL 8: Copied

On OL7, CentOS 7, RHEL 7, and Windows: Copied

Poller Copied

The poller provides a mechanism for the Agent to poll specified plugins in the background on a schedule to allow for capturing and aggregating data at a higher frequency than that normally supported by plugin execution.

Poller operation Copied

The Poller will read the poller_schedule and ensure that plugins are executed at the specified interval.

  nsc_checkcpu: 10

Agent version Copied

The version of the Agent is stored in the version file inside the Agent’s var directory. This can either be read directly from the file or retrieved remotely by sending an empty check_nrpe command to the Agent. The version number follows its own release cycle and has the format <major>.<minor>.<build>.

["Opsview On-premises"] ["User Guide"]

Was this topic helpful?