Opsview Infrastructure Agent (Beta) Installation and Operation
The Opsview Infrastructure Agent is designed to be a replacement for the existing (NRPE and NSClient) Agents and operates on servers running on either Windows or Linux systems.
The Infrastructure Agent enables communication between systems by running a daemon that Opsview Monitor Collectors can use to interrogate the status of the system. It provides some default plugins (for checking on RAM, CPU, and DISK, amongst others) that Host Templates within Opsview Monitor can make use of straight away, but can be extended with additional plugins.
Packages such as .msi, .deb, and .rpm are available for both Linux and Windows installation. The following is a list of all operating systems that are directly supported:
- All Opsview supported Linux OSs (Centos7, OL7, RHEL7, RHEL8, Debian10, Ubuntu18, Ubuntu20).
- Windows 10, 11, and Windows Server 2012, 2012-R2, 2016, 2019, 2022.
Contact Opsview Customer Success for support with any Operating Systems not listed above.
The Agent packages are available from the Opsview Downloads website.
On Debian and Ubuntu:
sudo apt install /path/to/downloaded/infrastructure-agent*.deb
On RHEL, OL, and CentOS:
sudo yum install /path/to/downloaded/infrastructure-agent*.rpm
Download and run the Windows Infrastructure Agent installer.
Import existing configuration
When the Agent is started, it will attempt to automatically import the following settings from previously installed Opsview Agents:
- allowed hosts
- server port
Imported settings can be found in the config file
cfg/imported.yml. If this file already exists, the Agent will skip the import process.
NoteOn early Beta versions, the location was
cfg/custom/imported.yml. On newer Beta versions, the old file will automatically be moved to the new location.
The Agent requires some initial configuration prior to operation which should be added to the custom configuration files in these locations:
C:\Program Files\Infrastructure Agent\cfg\custom\agent.yml
NoteThe configuration file is written in YAML which uses a whitespace sensitive syntax. Additional YAML configuration files can also be added into the
customdirectory and are read in alphanumeric order.
The Agent will reject requests from any hosts by default, so it must be configured to accept requests from known hosts. Typically, this will be the executors in the collector cluster of the Opsview system monitoring this device. This list should be configured in the custom configuration file, for example:
server: allowed_hosts: - collector1.myopsview.local - collector2.myopsview.local - 188.8.131.52
If the Agent has successfully imported existing configuration,
allowed_hosts may already be defined in
To allow any host to submit requests, an empty list can be used:
server: allowed_hosts: 
WarningIt is not recommended to have the
allowed_hostsas an empty list. This would allow anyone to launch plugins against the server
Transport Layer Security
It is recommended that TLS be enabled at all times to ensure the security of communications. A valid CA, certificate, and key file can be set in the custom configuration file, within the
server: tls: cert_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.pem key_file: /opt/itrs/infrastructure-agent/cfg/custom/<FQDN>.key ca_cert: /opt/itrs/infrastructure-agent/cfg/custom/ca.pem check_client_cert: true tls_enabled: true
NoteBy default, if no custom TLS options are set, the Agent will generate and use a custom self-signed certificate. The certificate and key are stored in the
vardirectory of the Agent.
Default TLS Ciphers
Due to the requirement to support both the new and old Agents, the default value of the
NRPE_CIPHERS variable is modified in the Opsview instances:
The specific cipher selected will be determined by negotiation between the client and server, and will rely on a number of variables, including the version of OpenSSL (new versions support TLS-1.3 and have additional secure ciphers available).
Certificates can be generated using any valid method; however, the simplest way to get started is by using the Opsview Public Key Infrastructure. You can follow these steps in PKI to generate both client and server certificates. The CA certificate, server certificate and server key should be added to the TLS configuration while client certificates should be added to the hosts listed under
tls_enabledto false is not recommended as communications will not be secure.
Restart the Agent
Once the configuration file has been updated the Agent will need to be restarted to apply the new configuration. The old Agent (NRPE or NSClient) should be stopped (and disabled) before starting the Opsview Infrastructure Agent to avoid any interference.
sudo systemctl restart infrastructure-agent
Windows Control Panel
- Open Services.
- Click Start > Run, and then type
- Right-click the InfrastructureAgent service and then click Restart.
Windows command prompt
From the start menu, right-click
Command Prompt, select
More, and click
Run as Administrator. Then type
net stop InfrastructureAgent net start InfrastructureAgent
The Agent will automatically attempt to restart itself in an error state, such as an invalid configuration. The restart behaviour differs slightly across operating systems:
Ubuntu 18, Ubuntu 20, Debian 10, RHEL 8:
- The Agent will try to restart twice with a 10-second pause between restarts.
- After updating the configuration, the Agent will need to be restarted manually.
On OL7, CentOS 7, RHEL 7, and Windows:
- The Agent will continually restart every 10 seconds.
- After updating the configuration, the Agent will restart automatically.
The poller provides a mechanism for the Agent to poll specified plugins in the background on a schedule to allow for capturing and aggregating data at a higher frequency than that normally supported by plugin execution.
The Poller will read the poller_schedule and ensure that plugins are executed at the specified interval.
poller_schedule: nsc_checkcpu: 10
The version of the Agent is stored in the version file inside the Agent’s var directory. This can either be read directly from the file or retrieved remotely by sending an empty
check_nrpe command to the Agent. The version number follows its own release cycle and has the format