{"id":2397,"date":"2026-05-22T15:41:52","date_gmt":"2026-05-22T19:41:52","guid":{"rendered":"https:\/\/enterpriseadmins.org\/blog\/?p=2397"},"modified":"2026-05-22T15:41:52","modified_gmt":"2026-05-22T19:41:52","slug":"telegraf-open-agent-updates-and-vcf-operations-9-1","status":"publish","type":"post","link":"https:\/\/enterpriseadmins.org\/blog\/scripting\/telegraf-open-agent-updates-and-vcf-operations-9-1\/","title":{"rendered":"Telegraf Open Agent Updates and VCF Operations 9.1"},"content":{"rendered":"\n<p>About a year ago, I published a post covering how to monitor a Raspberry Pi using the open source Telegraf agent and VMware Aria Operations: <a href=\"https:\/\/enterpriseadmins.org\/blog\/virtualization\/monitoring-a-raspberry-pi-with-telegraf-and-aria-operations\">https:\/\/enterpriseadmins.org\/blog\/virtualization\/monitoring-a-raspberry-pi-with-telegraf-and-aria-operations<\/a><\/p>\n\n\n\n<p>Recently, while rebuilding this configuration in a VCF 9.1 environment, I encountered a couple of changes that required updates to the original process:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Updated InfluxData repository signing and package installation requirements<\/li>\n\n\n\n<li>Authentication workflow changes when using VCF 9.1 API tokens with the Telegraf Open Agent integration<\/li>\n<\/ul>\n\n\n\n<p>The good news is that the remainder of the original workflow still functioned as expected after making these updates.<\/p>\n\n\n\n<p>Although the original article focused on Raspberry Pi monitoring, these updates apply more broadly to Linux-based Telegraf Open Agent deployments, including x64 virtual machines and other supported systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Updated Telegraf Repository Configuration<\/h2>\n\n\n\n<p>When attempting to install or update Telegraf, <code>apt update<\/code> now produces the following error:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>W: GPG error: https:\/\/repos.influxdata.com\/ubuntu stable InRelease:\nThe following signatures couldn't be verified because the public key is not available:\nNO_PUBKEY DA61C26A0585BD3B\n\nE: The repository 'https:\/\/repos.influxdata.com\/ubuntu stable InRelease' is not signed.<\/code><\/pre>\n\n\n\n<p>This occurs because older repository signing methods commonly used in previous installation examples have been deprecated.<\/p>\n\n\n\n<p>The updated installation process now uses a dedicated keyring file under <code>\/etc\/apt\/keyrings<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cleanup \/ Removal Steps<\/h2>\n\n\n\n<p>Before adding the new repository, we may need to clean up the bad entries we have (assuming we started with the old post).  That fix is rather straightforward, we just need to delete two files:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo rm \/etc\/apt\/keyrings\/influxdata-archive_compat.key\nsudo rm \/etc\/apt\/sources.list.d\/influxdata.list<\/code><\/pre>\n\n\n\n<p>With the optional cleanup complete, we can proceed to the updated installation steps.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Updated Installation Steps<\/h2>\n\n\n\n<p>The following commands successfully configured the repository and installed Telegraf in my testing:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl --silent --location -O https:\/\/repos.influxdata.com\/influxdata-archive.key\n\ngpg --show-keys --with-fingerprint --with-colons .\/influxdata-archive.key 2>&amp;1 \\\n| grep -q '^fpr:\\+24C975CBA61A024EE1B631787C3D57159FC2F927:$' \\\n&amp;&amp; cat influxdata-archive.key \\\n| gpg --dearmor \\\n| sudo tee \/etc\/apt\/keyrings\/influxdata-archive.gpg > \/dev\/null\n\necho 'deb &#91;signed-by=\/etc\/apt\/keyrings\/influxdata-archive.gpg] https:\/\/repos.influxdata.com\/debian stable main' \\\n| sudo tee \/etc\/apt\/sources.list.d\/influxdata.list<\/code><\/pre>\n\n\n\n<p>After configuring the repository:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt-get update\nsudo apt-get install telegraf<\/code><\/pre>\n\n\n\n<p>Worked as expected.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why This Changed<\/h2>\n\n\n\n<p>Modern Debian and Ubuntu-based distributions are moving away from the legacy apt-key approach for repository trust management.  Instead, repository signing keys are now commonly stored individually under: <code>\/etc\/apt\/keyrings\/<\/code>.  This provides better isolation and improved repository handling.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Using VCF 9.1 API Tokens with the Telegraf Open Agent<\/h2>\n\n\n\n<p>With VCF 9.1, I also wanted to test using an API key-based authentication workflow instead of relying on a previously obtained Aria Operations token.<\/p>\n\n\n\n<p>This process works as follows<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Generate an API token from VMware Identity Broker (VIDB)<\/li>\n\n\n\n<li>POST the API token to VIDB<\/li>\n\n\n\n<li>Receive a Bearer token<\/li>\n\n\n\n<li>Present the Bearer token to VCF Operations<\/li>\n<\/ul>\n\n\n\n<p>We can generate the API token in Manage > Identity &amp; Access > VCF SSO > select identity broker instance > API Access tab, or by created a personal access token under our profile > Generate API token > Generate.<\/p>\n\n\n\n<p>Once we have an API Token we need to present it to VIDB.  We can do this with the following POST command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vidbExtraLongToken=vidb_ZmVlMzM5ZGYtYWZkYS00OTkzLTkxMW&lt;redatcted>\n\ncurl --request POST \\\n  --url https:\/\/vcf479-vidb-01.lab.enterpriseadmins.org\/acs\/t\/CUSTOMER\/token \\\n  --header 'content-type: application\/x-www-form-urlencoded' \\\n  --data grant_type=urn:custom:vcf:params:oauth:grant-type:api-token \\\n  --data \"api_token=$vidbExtraLongToken\" \\\n  --insecure<\/code><\/pre>\n\n\n\n<p>During testing, I discovered that the <code>token<\/code> parameter handling within <code>telegraf-utils.sh<\/code> expected a traditional Aria Operations token format directly.<\/p>\n\n\n\n<p>In the script, I could see (around like 378) an entry that showed:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>377-    #set Authorization header for on-prem\n378-    AUTHORIZATION_HEADER=\"Authorization: OpsToken $VROPS_TOKEN\"<\/code><\/pre>\n\n\n\n<p>(Line numbers added for reference)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Proof of Concept Modification<\/h2>\n\n\n\n<p>As a proof of concept, I modified the authorization header handling to expect and present a standard Bearer token instead.<\/p>\n\n\n\n<p>Example modification:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>AUTHORIZATION_HEADER=\"Authorization: Bearer $VROPS_TOKEN\"<\/code><\/pre>\n\n\n\n<p>After making this change, the remainder of the workflow from the original article functioned as expected in my VCF 9.1 environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing Telegraf<\/h2>\n\n\n\n<p>This is the command line I used to install telegraf:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo .\/telegraf-utils.sh opensource -c 192.168.10.21 -t \"&lt;crazy_long_bearer_token_from_prior_curl_command>\" -v 192.168.10.21 -d \/etc\/telegraf\/telegraf.d -e \/usr\/bin\/telegraf -k 1<\/code><\/pre>\n\n\n\n<p>Where 192.168.10.21 was the IP address of my Operations Collector \/ Cloud Proxy appliance.  As before, I needed to change permissions of files in the <code>\/etc\/telegraf\/telegraf.d<\/code> directory to be owned by <code>telegraf:telegraf<\/code> and restart the service with <code>systemctl restart telegraf<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts<\/h2>\n\n\n\n<p>Outside of the repository signing changes and API token handling updates, the remainder of the original integration process still worked well in my testing.<\/p>\n\n\n\n<p>If you previously implemented the Telegraf Open Agent integration and encounter:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>repository signing errors<\/li>\n\n\n\n<li><code>NO_PUBKEY DA61C26A0585BD3B<\/code><\/li>\n\n\n\n<li>or authentication issues with VCF 9.1 API tokens<\/li>\n<\/ul>\n\n\n\n<p>the updates above should help with the deployment for current environments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>About a year ago, I published a post covering how to monitor a Raspberry Pi using the open source Telegraf agent and VMware Aria Operations: https:\/\/enterpriseadmins.org\/blog\/virtualization\/monitoring-a-raspberry-pi-with-telegraf-and-aria-operations Recently, while rebuilding this configuration in a VCF 9.1 environment, I encountered a couple &hellip; <a href=\"https:\/\/enterpriseadmins.org\/blog\/scripting\/telegraf-open-agent-updates-and-vcf-operations-9-1\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9,3,4],"tags":[],"class_list":["post-2397","post","type-post","status-publish","format-standard","hentry","category-lab-infrastructure","category-scripting","category-virtualization"],"_links":{"self":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/2397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/comments?post=2397"}],"version-history":[{"count":3,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/2397\/revisions"}],"predecessor-version":[{"id":2414,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/posts\/2397\/revisions\/2414"}],"wp:attachment":[{"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/media?parent=2397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/categories?post=2397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/enterpriseadmins.org\/blog\/wp-json\/wp\/v2\/tags?post=2397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}