Opsview Infrastructure Agent (Beta) Installation and Operation
Overview Copied
The Opsview Infrastructure Agent is designed to be a replacement for the existing (NRPE and NSClient) Agents and operates on servers running on either Windows or Linux systems.
The Infrastructure Agent enables communication between systems by running a daemon that Opsview Monitor Collectors can use to interrogate the status of the system. It provides some default plugins (for checking on RAM, CPU, and DISK, amongst others) that Host Templates within Opsview Monitor can make use of straight away, but can be extended with additional plugins.
Support versions Copied
Packages such as .msi, .deb, and .rpm are available for both Linux and Windows installation. The following is a list of all operating systems that are directly supported:
- All Opsview supported Linux OSs (Centos7, OL7, RHEL7, RHEL8, Debian10, Ubuntu18, Ubuntu20).
- Windows 10, 11, and Windows Server 2012, 2012-R2, 2016, 2019, 2022.
Contact Opsview Customer Success for support with any Operating Systems not listed above.
Installation Copied
The Agent packages are available from the Opsview Downloads website.
On Debian and Ubuntu: Copied
sudo apt install /path/to/downloaded/infrastructure-agent*.deb
On RHEL, OL, and CentOS: Copied
sudo yum install /path/to/downloaded/infrastructure-agent*.rpm
On Windows: Copied
Download and run the Windows Infrastructure Agent installer.
Import existing configuration Copied
When the Agent is started, it will attempt to automatically import the following settings from previously installed Opsview Agents:
- allowed hosts
- server port
- commands
Imported settings can be found in the config file cfg/imported.yml
. If this file already exists, the Agent will skip the import process.
Note
On early Beta versions, the location wascfg/custom/imported.yml
. On newer Beta versions, the old file will automatically be moved to the new location.
Initial configuration Copied
The Agent requires some initial configuration prior to operation which should be added to the custom configuration files in these locations:
Linux: Copied
/opt/itrs/infrastructure-agent/cfg/custom/agent.yml
Windows: Copied
C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml
Note
The configuration file is written in YAML which uses a whitespace sensitive syntax. Additional YAML configuration files can also be added into thecustom
directory and are read in alphanumeric order.
Allowed hosts Copied
The Agent will reject requests from any hosts by default, so it must be configured to accept requests from known hosts. Typically, this will be the executors in the collector cluster of the Opsview system monitoring this device. This list should be configured in the custom configuration file, for example:
server:
allowed_hosts:
- collector1.myopsview.local
- collector2.myopsview.local
- 168.10.1.2
If the Agent has successfully imported existing configuration, allowed_hosts
may already be defined in cfg/imported.yml
.
To allow any host to submit requests, an empty list can be used:
server:
allowed_hosts: []
Warning
It is not recommended to have theallowed_hosts
as an empty list. This would allow anyone to launch plugins against the server
Transport Layer Security Copied
It is recommended that TLS be enabled at all times to ensure the security of communications. A valid CA, certificate, and key file can be set in the custom configuration file, within the server
tls
section:
server:
tls:
cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
check_client_cert: true
tls_enabled: true
Note
By default, if no custom TLS options are set, the Agent will generate and use a custom self-signed certificate. The certificate and key are stored in thevar
directory of the Agent.
Default TLS Ciphers Copied
Due to the requirement to support both the new and old Agents, the default value of the NRPE_CIPHERS
variable is modified in the Opsview instances:
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ADH-AES256-SHA:ADH-AES128-SHA:!MD5:!DSS
The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).
Generate certificates Copied
Certificates can be generated using any valid method; however, the simplest way to get started is by using the Opsview Public Key Infrastructure. You can follow these steps in PKI to generate both client and server certificates. The CA certificate, server certificate and server key should be added to the TLS configuration while client certificates should be added to the hosts listed under allowed_hosts
.
Warning
Settingtls_enabled
to false is not recommended as communications will not be secure.
Restart the Agent Copied
Once the configuration file has been updated the Agent will need to be restarted to apply the new configuration. The old Agent (NRPE or NSClient) should be stopped (and disabled) before starting the Opsview Infrastructure Agent to avoid any interference.
Linux Copied
sudo systemctl restart infrastructure-agent
Windows Control Panel Copied
- Open Services.
- Click Start > Run, and then type
services.msc
. - Right-click the InfrastructureAgent service and then click Restart.
Windows command prompt Copied
From the start menu, right-click Command Prompt
, select More
, and click Run as Administrator
. Then type
net stop InfrastructureAgent
net start InfrastructureAgent
The Agent will automatically attempt to restart itself in an error state, such as an invalid configuration. The restart behaviour differs slightly across operating systems:
Ubuntu 18, Ubuntu 20, Debian 10, RHEL 8: Copied
- The Agent will try to restart twice with a 10-second pause between restarts.
- After updating the configuration, the Agent will need to be restarted manually.
On OL7, CentOS 7, RHEL 7, and Windows: Copied
- The Agent will continually restart every 10 seconds.
- After updating the configuration, the Agent will restart automatically.
Poller Copied
The poller provides a mechanism for the Agent to poll specified plugins in the background on a schedule to allow for capturing and aggregating data at a higher frequency than that normally supported by plugin execution.
Poller operation Copied
The Poller will read the poller_schedule and ensure that plugins are executed at the specified interval.
poller_schedule:
nsc_checkcpu: 10
Agent version Copied
The version of the Agent is stored in the version file inside the Agent’s var directory. This can either be read directly from the file or retrieved remotely by sending an empty check_nrpe
command to the Agent. The version number follows its own release cycle and has the format <major>.<minor>.<build>
.