This is a grooving process before it was all manual but slowly we are getting a more “automated” installation process so hopefully this will keep improving in the future as well and some of the steps might go away.
NSClient++ comes with an interactive installer (MSI) which is the prefered method of installation. There is also a command line option for registering (and de-registering) the service.
Details on how to do silent installs and automated silent installs can be found below.
Thus for most people installing NSClient++ is simply running the MSI entering some options and clicking next. BUT this is only where the fun begins. After installing NSClient++ you need to configure it.
Before you start NSClient++ you need to configure it by editing the configuration. The configuration is usually in a file called nsclient.ini. But the configuration can be stored elsewhere as will (for instance registry is a great place on Windows). To check where the configuratio is stored you can trun the following command:
$ nscp settings --show
INI settings: (ini://${shared-path}/nsclient.ini, C:\source\build\x64\dev/nsclient.ini)
Now this configuration can include other configuration files so you need to check that as well. So it is possible to include the registry from the ini file and vice versa. For details on the configuration options check the Reference Manual.
The system tray has been removed in the 0.4.0 version it will not be added back instead we have the WEBUI in 0.4.3.
After you have installed NSClient++ you need to start it. As it is a normal Windows service you can either use the “net start” and “net stop” commands in the command line or you can use the Computer Manager’s Services node.
When you are starting and/or configuring your client you can use the “debug” mode which will be very helpful as you will see the debug log in “real time” when you play around with it. To start NSClient++ in test/debug mode use the following command:
nscp test
A windows firewall exception for NRPE and check_nt is installed (optional) if you have another firewall then the built-in one you might have to manually add exceptions to all incoming traafic if you wich to use check_nrpe and/or check_nt.
Firewall configuration should be pretty straight forward:
Protocol | Source | Source port | Destination | Destination port | Comment |
---|---|---|---|---|---|
NRPE | nagios | <all> | client | 5666 | The nagios server initiates a call to the client on port 5666 |
NSClient | nagios | <all> | client | 12489 | The nagios server initiates a call to the client on port 12489 |
NSCA | client | <all> | nagios | 5667 | The client initiates a call to the nagios server on port 5667 |
NRPE-proxy | client | <all> | remote-client | 5666 | The client initiates a call to the remote client on port 5666 |
All these ports can be changed – check your nsclient.ini.
The NSClient++ installer for windows is a standard MSI installer which means it can be installed using pretty much all deployment techniques available on the windows platform. This means that there is no built-in deploy and configuration mechanism in NSClient++ instead it fully relies on standard tools provided for the Windows plattform.
MSI files can be tweaked in several ways.
There are several options for deploying configuration and copying textfile is probably the worst of them. You can use group policies to push the configuration files but there are several other ways to do the same.
The MSI file can be customized during the installer. The following keys are available:
Keyword | Description |
---|---|
INSTALLLOCATION | Folder where NSCLient++ is installed. |
CONF_CAN_CHANGE | Has to be set for all configuration changes to be applied. |
ADD_DEFAULTS | Add default values to the configuration file. |
ALLOWED_HOSTS | Set allowed hosts value |
CONFIGURATION_TYPE | Configuration context to use |
CONF_CHECKS | Enable default check plugins |
CONF_NRPE | Enable NRPE server |
CONF_NSCA | Enable NSCA Collection /OU probably need scheduler as well) |
CONF_NSCLIENT | Enable NSCLient Server (check_nt) |
CONF_SCHEDULER | Enable Scheduler (required by NSCA) |
CONF_WEB | ENabled WEB Server |
NRPEMODE | NRPE Mode (LEGACY = default old insecure SSL, SAFE = new secure SSL) |
NSCLIENT_PWD | Password to use for check_nt (and web server) |
NSClient++ consists of the following features most which can be disable when doing silent installs.
Feature Name | Title | Description |
---|---|---|
CheckPlugins | Check Plugins | Various plugins to check your system. (Includes all check plugins) |
Documentation | Documentation (pdf) | Documentation for NSClient++ and how to use it from Nagios |
DotNetPluginSupport | .net plugin support | Support for loading modules written in .dot net (Requires installing .net framework) |
ExtraClientPlugin | Various client plugins | Plugins to connect to various sytems such as syslog, graphite and smtp |
FirewallConfig | Firewall Exception | A firewall exception to allow NSClient++ to open ports |
LuaScript | Lua Scripting | Allows running INTERNAL scripts written in Lua |
NRPEPlugins | NRPE Support | NRPE Server Plugin. Support for the more vercitile NRPE protocol (check_nrpe) |
NSCAPlugin | NSCA plugin | Plugin to submit passive results to an NSCA server |
NSCPlugins | check_nt support | NSClient Server Plugin. Support for the old NSClient protocol (check_nt) |
PythonScript | Python Scripting | Allows running INTERNAL scripts written in Python |
SampleConfig | Sample config | Sample config file (with all options) |
SampleScripts | Scripts | Scripts for checking and testing various aspects of your computer and NSClient++ |
Shortcuts | Shortcuts | Main Service shortcuts |
WEBPlugins | WEB Server | NSClient WEB Server. Use this to administrate or check NSCLient via a browser or REST API |
Now we can put all this together using the normal silent installer which is again part of the standard windows install toolkit. So if you already have a framework for managing installs use that instead of this command line. The gist of it is:
msiexec /quiet /i <MSI FILE> PROPERTY=PropertyValue ...
For instance Installing (with log) nsclient++ into c:foobar using registry as configuration and not installing the Python script binaries.
msiexec /qn /l* log.txt /i NSCP-0.4.3.50-x64.msi INSTALLLOCATION=c:\FooBar CONFIGURATION_TYPE=registry://HKEY_LOCAL_MACHINE/software/NSClient++ ADDDEFAULT=ALL REMOVE=PythonScript
As NSClient++ uninstalls it self if you install there are two options for running multipl NSClient++ on a machine.
- You can add multipl services for the same installation
- You can manually install NSClient++
To add multipl service you need to first create the services:
nscp service --install --name nscp2
And then edit the start command so you can override the configuration. The key to look for in the registry is HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices<NAME OF SERVICE> and there you can modify the ImagePath:
"C:\Program Files\NSClient++\nscp.exe" service --run --name nscp --settings ini://${shared-path}/nsclient-2.ini