Installation and operation

Installation overview Copied

The installation instructions for the Infrastructure Agent are divided into different sections, depending on the operating system.


The Infrastructure Agent can be used on monitored hosts with older Opsview versions, even if you do not upgrade to the latest version. However, we recommend that you upgrade to the latest version of Opsview to ensure that all changes, including security fixes and new features, will work correctly with the Infrastructure Agent.

See Supported versions for the full list of supported platforms.

Debian and Ubuntu Copied

On Debian and Ubuntu, run:

# OPSVIEW-APT-KEY-2024.asc GPG fingerprint:
#     CFA2 67C2 38CD BAD6 AD3D  762B 37AC 7AE6 B4B6 9A0B
sudo apt-get update && sudo apt-get install gnupg
wget -q
echo 'f095452e85790a0e1d3382468fced72fba1632da14a0e9ca649a888a0c38db12 OPSVIEW-APT-KEY-2024.asc' | sha256sum -c && cat OPSVIEW-APT-KEY-2024.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/opsview-repo-2024.gpg > /dev/null
echo "deb [signed-by=/etc/apt/trusted.gpg.d/opsview-repo-2024.gpg] $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/infrastructure-agent.list
sudo apt-get update && sudo apt-get install infrastructure-agent

Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:

sudo apt install /path/to/downloaded/infrastructure-agent*.deb

RHEL, OL, and CentOS Copied

On RHEL, OL, and CentOS run:

# OPSVIEW-RPM-KEY-2024.asc GPG fingerprint:
#     CFA2 67C2 38CD BAD6 AD3D  762B 37AC 7AE6 B4B6 9A0B
cat <<EOF | sudo tee /etc/yum.repos.d/infrastructure-agent.repo
name = Infrastructure Agent
baseurl =\$releasever/\$basearch/
enabled = 1
gpgcheck = 1
gpgkey =
sudo yum install infrastructure-agent

Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:

sudo yum install /path/to/downloaded/infrastructure-agent*.rpm

Windows Copied

You can download the ITRS Infrastructure Agent from Agent Downloads and run the Windows Infrastructure Agent installer MSI file.

Initial configuration Copied

The Agent requires some initial configuration prior to operation. This configuration can be added to custom configuration files in the following locations:

Linux Copied

On Linux, edit:


Windows Copied

On Windows, edit:

C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml


The configuration file is written in YAML, a whitespace-sensitive syntax. Additional YAML configuration files can be added to the custom directory and will be read in alphabetical order.

Allowed hosts Copied

The Agent will reject requests from any hosts by default. You must configure it to accept requests from known hosts. Typically, these hosts will be the servers from any monitoring systems that are querying this device. You can configure this list in the custom configuration file:

    - collector1.mysystem.local
    - collector2.mysystem.local

If the Agent has successfully imported its existing configuration, the allowed_hosts may already be defined in the cfg/imported.yml file. To allow any hosts to submit requests, you can use an empty list:

  allowed_hosts: []


It is not recommended to set the allowed_hosts as an empty list. This would allow any host to launch plugins against the server.

Transport Layer Security Copied

To ensure the security of communications, it is recommended to always enable TLS. The custom configuration file can be used to set a valid CA, certificate, and key file in the server tls section.

    cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
    key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
    ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
    check_client_cert: true
  tls_enabled: true


If no custom TLS options are set, the Agent will generate and use a custom self-signed certificate by default. The certificate and key are stored in the var directory of the Agent.

Default TLS Ciphers Copied

The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).


Generate certificates Copied

Certificates can be generated using any valid method. The CA certificate, server certificate, and server key should be added to the TLS configuration. Client certificates should be added to the hosts listed under allowed_hosts.


Setting tls_enabled to false is not recommended as communications will not be secure.

Restart the Agent Copied

Once the configuration file has been updated, the Agent must be restarted to apply the new configuration. If you are migrating from another Agent, such as NRPE or NSClient, you should stop and disable those agents before starting the Infrastructure Agent to avoid any interference.

Linux Copied

On Linux, run:

sudo systemctl restart infrastructure-agent

Windows Control Panel Copied

  1. Open Services.
  2. Click Start > Run, and then type services.msc.
  3. Right-click the InfrastructureAgent service and then click Restart.

Windows command prompt Copied

From the start menu, right-click Command Prompt, select More > Run as Administrator and then type:

net stop InfrastructureAgent
net start InfrastructureAgent

The agent will automatically try to restart itself if it encounters an error, such as an invalid configuration. However, the restart behavior may vary slightly depending on the operating system:

Ubuntu 18, Ubuntu 20, Debian 10, RHEL 8, OL 8 Copied

OL 7, CentOS 7, RHEL 7, and Windows Copied

Poller Copied

The poller provides a mechanism that allows the Agent to poll specified plugins in the background on a schedule. This allows for capturing and aggregating data at a higher frequency than what is normally supported by plugin execution.

Poller operation Copied

The Poller will read the poller_schedule and ensure that plugins are executed at the specified interval.

  checkcpu: 10

Agent version Copied

The Agent’s version is stored in the version file, which is located in the Agent’s var directory.

You can read the version number directly from the file, or you can retrieve it remotely by sending an empty check_nrpe command to the Agent. The version number follows its own release cycle and has the format <major>.<minor>.<build>.

["Opsview On-premises"] ["User Guide"]

Was this topic helpful?