Installation and operation
Installation overview Copied
The installation instructions for the Infrastructure Agent are divided into different sections, depending on the operating system.
- Debian and Ubuntu
- Red Hat Enterprise Linux (RHEL) and Oracle Linux (OL)
- Windows
Note
The Infrastructure Agent can be used on monitored hosts with older Opsview versions, even if you do not upgrade to the latest version. However, we recommend that you upgrade to the latest version of Opsview to ensure that all changes, including security fixes and new features, will work correctly with the Infrastructure Agent.
See Supported versions for the full list of supported platforms.
Debian and Ubuntu Copied
On Debian and Ubuntu, run:
# OPSVIEW-APT-KEY-2024.asc GPG fingerprint:
# CFA2 67C2 38CD BAD6 AD3D 762B 37AC 7AE6 B4B6 9A0B
sudo apt-get update && sudo apt-get install gnupg
wget -q https://downloads.opsview.com/OPSVIEW-APT-KEY-2024.asc
echo 'f095452e85790a0e1d3382468fced72fba1632da14a0e9ca649a888a0c38db12 OPSVIEW-APT-KEY-2024.asc' | sha256sum -c && cat OPSVIEW-APT-KEY-2024.asc | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg] https://downloads.opsview.com/infrastructure-agent/apt $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/infrastructure-agent.list
sudo apt-get update && sudo apt-get install infrastructure-agent
Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:
sudo apt install /path/to/downloaded/infrastructure-agent*.deb
RHEL and OL Copied
On RHEL, and OL run:
# OPSVIEW-RPM-KEY-2024.asc GPG fingerprint:
# CFA2 67C2 38CD BAD6 AD3D 762B 37AC 7AE6 B4B6 9A0B
cat <<EOF | sudo tee /etc/yum.repos.d/infrastructure-agent.repo
[infrastructure-agent]
name = Infrastructure Agent
baseurl = https://downloads.opsview.com/infrastructure-agent/yum/rhel/\$releasever/\$basearch/
enabled = 1
gpgcheck = 1
gpgkey = https://downloads.opsview.com/OPSVIEW-RPM-KEY-2024.asc
EOF
sudo yum install infrastructure-agent
Alternatively, you can download the ITRS Infrastructure Agent from Agent Downloads and then run:
sudo yum install /path/to/downloaded/infrastructure-agent*.rpm
Windows Copied
You can download the ITRS Infrastructure Agent from Agent Downloads and run the Windows Infrastructure Agent installer MSI file.
Initial configuration Copied
The Agent requires some initial configuration prior to operation. This configuration can be added to custom configuration files in the following locations:
Linux Copied
On Linux, edit:
/opt/itrs/infrastructure-agent/cfg/custom/agent.yml
Windows Copied
On Windows, edit:
C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml
Note
The configuration file is written in YAML, a whitespace-sensitive syntax. Additional YAML configuration files can be added to thecustom
directory and will be read in alphabetical order.
Allowed hosts Copied
The Agent will reject requests from any hosts by default. You must configure it to accept requests from known hosts. Typically, these hosts will be the servers from any monitoring systems that are querying this device. You can configure this list in the custom configuration file:
server:
allowed_hosts:
- collector1.mysystem.local
- collector2.mysystem.local
- 168.10.1.2
If the Agent has successfully imported its existing configuration, the allowed_hosts
may already be defined in the cfg/imported.yml
file.
To allow any hosts to submit requests, you can use an empty list:
server:
allowed_hosts: []
Warning
It is not recommended to set theallowed_hosts
as an empty list. This would allow any host to launch plugins against the server.
Transport Layer Security Copied
To ensure the security of communications, it is recommended to always enable TLS. The custom configuration file can be used to set a valid CA, certificate, and key file in the server
tls
section.
server:
tls:
cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem
key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key
ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem
check_client_cert: true
tls_enabled: true
Note
If no custom TLS options are set, the Agent will generate and use a custom self-signed certificate by default. The certificate and key are stored in thevar
directory of the Agent.
Default TLS Ciphers Copied
The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!aNULL:!MD5:!DSS
Generate certificates Copied
Certificates can be generated using any valid method. The CA certificate, server certificate, and server key should be added to the TLS configuration. Client certificates should be added to the hosts listed under allowed_hosts
.
Warning
Settingtls_enabled
to false is not recommended as communications will not be secure.
Restart the Agent Copied
Once the configuration file has been updated, the Agent must be restarted to apply the new configuration. If you are migrating from another Agent, such as NRPE or NSClient, you should stop and disable those agents before starting the Infrastructure Agent to avoid any interference.
Linux Copied
On Linux, run:
sudo systemctl restart infrastructure-agent
Windows Control Panel Copied
- Open Services.
- Click Start > Run, and then type
services.msc
. - Right-click the
InfrastructureAgent
service and then click Restart.
Windows command prompt Copied
From the start menu, right-click Command Prompt, select More > Run as Administrator and then type:
net stop InfrastructureAgent
net start InfrastructureAgent
The agent will automatically try to restart itself if it encounters an error, such as an invalid configuration. However, the restart behavior may vary slightly depending on the operating system:
Ubuntu 20, Ubuntu 22, Debian 10, Debian 12, RHEL 8, OL 8 Copied
- The Agent will attempt to restart twice with a 10-second pause between restarts.
- After updating the configuration, the Agent will need to be restarted manually.
Windows Copied
- The Agent will continually restart every 10 seconds.
- After updating the configuration, the Agent will restart automatically.
Poller Copied
The poller provides a mechanism that allows the Agent to poll specified plugins in the background on a schedule. This allows for capturing and aggregating data at a higher frequency than what is normally supported by plugin execution.
Poller operation Copied
The Poller will read the poller_schedule
and ensure that plugins are executed at the specified interval.
poller_schedule:
checkcpu: 10
Agent version Copied
The Agent’s version is stored in the version file, which is located in the Agent’s var
directory.
You can read the version number directly from the file, or you can retrieve it remotely by sending an empty check_nrpe
command to the Agent. The version number follows its own release cycle and has the format <major>.<minor>.<build>
.