Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Documentação do SUSE Linux Enterprise Server / Administration Guide / Services / Web Based Enterprise Management using SFCB
Applies to SUSE Linux Enterprise Server 15 SP6

45 Web Based Enterprise Management using SFCB

45.1 Introduction and basic concept

SUSE® Linux Enterprise Server (SLES) provides a collection of open standards based tools for the unified management of disparate computing systems and environments. Our enterprise solutions implement the standards proposed by the Distributed Management Task Force. The following paragraphs describe their basic components.

Distributed Management Task Force, Inc (DMTF) is the industry organization which leads the development of management standards for enterprise and Internet environments. Their goal is to unify management standards and initiatives, and to enable more integrated, cost effective and interoperable management solutions. DMTF standards provide common system management components for control and communication. Their solutions are independent of platforms and technologies. Web Based Enterprise Management and the Common Information Model are two of their key technologies.

Web Based Enterprise Management (WBEM) is a set of management and Internet standard technologies. WBEM was developed to unify the management of enterprise computing environments. It provides the ability for the industry to deliver a well-integrated collection of management tools using Web technologies. WBEM consists of the following standards:

  • A data model: the Common Information Model (CIM) standard

  • An encoding specification: CIM-XML Encoding Specification

  • A transport mechanism: CIM operations over HTTP

The Common Information Model is a conceptual information model that describes system management. It is not bound to a particular implementation and enables the interchange of management information between management systems, networks, services and applications. There are two parts to CIM: the CIM Specification and the CIM Schema.

  • The CIM Specification describes the language, naming and meta schema. The meta schema is a formal definition of the model. It defines the terms used to express the model and their usage and semantics. The elements of the meta schema are classes, properties, and methods. The meta schema also supports indications and associations as types of classes, and references as types of properties.

  • The CIM Schema provides the actual model descriptions. It supplies a set of classes with properties and associations that provide a well understood conceptual framework within which it is possible to organize the available information about the managed environment.

The Common Information Model Object Manager (CIMOM) is a CIM object manager or, more specifically, an application that manages objects according to the CIM standard. CIMOM manages communication between CIMOM providers and a CIM client, where the administrator manages the system.

CIMOM providers are software performing specific tasks within the CIMOM that are requested by client applications. Each provider instruments one or more aspects of the CIMOM's schema. These providers interact directly with the hardware.

Standards Based Linux Instrumentation for Manageability (SBLIM) is a collection of tools designed to support Web-Based Enterprise Management (WBEM). SUSE® Linux Enterprise Server uses the open source CIMOM (or CIM server) from the SBLIM project called Small Footprint CIM Broker .

Small Footprint CIM Broker is a CIM server intended for use in resource-limited or embedded environments. It is designed to be modular and lightweight at the same time. Its based on open standards and it supports CMPI providers, CIM-XML encoding, and Managed Object Format (MOF). It is highly configurable and performs stability even if the provider crashes. It is also easily accessible as it supports multiple transport protocols, such as HTTP, HTTPS, Unix domain sockets, Service Location Protocol (SLP), and Java Database Connectivity (JDBC).

45.2 Setting up SFCB

To set up the Small Footprint CIM Broker (SFCB) environment, make sure the Web-Based Enterprise Management pattern in YaST is selected during SUSE Linux Enterprise Server installation. Alternatively, select it as a component to install on a server that is already running. Make sure the following packages are installed on your system:

cim-schema, Common Information Model (CIM) schema

Contains the Common Information Model (CIM). CIM is a model for describing overall management information in a network or enterprise environments. CIM consists of a specification and a schema. The specification defines the details for integration with other management models. The schema provides the actual model descriptions.

python2-pywbem

Contains a Python module for making CIM operation calls through the WBEM protocol to query and update managed objects.

cmpi-provider-register, CIMOM neutral provider registration utility

Contains a utility allowing CMPI provider packages to register with whatever CIMOM happens to be present on the system.

sblim-sfcb, small footprint CIM broker

Contains Small Footprint CIM Broker. It is a CIM server conforming to the CIM Operations over HTTP protocol. It is robust, with low resource consumption and, therefore, specifically suited for embedded and resource constrained environments. SFCB supports providers written against the Common Manageability Programming Interface (CMPI).

sblim-sfcc

Contains Small Footprint CIM Client library runtime libraries.

sblim-wbemcli

Contains WBEM command line interface. It is a stand-alone command line WBEM client especially suited for basic systems management tasks.

45.2.1 Starting, stopping and checking status for SFCB

CIM server sfcbd daemon is installed together with Web-Based Enterprise Management software and is started by default at system start-up. The following table explains how to start, stop and check status for sfcbd.

Table 45.1: Commands for managing sfcbd

Task

Linux Command

Start sfcbd

Enter systemctl start sblim-sfcb.service as root in the command line.

Stop sfcbd

Enter systemctl stop sblim-sfcb.service as root in the command line.

Check sfcbd status

Enter systemctl status sblim-sfcb.service as root in the command line.

45.2.2 Ensuring secure access

The default setup of SFCB is secure. However, check that the access to SFCB components is as secure as required for your organization.

45.2.2.1 Certificates

Secure Sockets Layers (SSL) transports require a certificate for secure communication to occur. When SFCB is installed, it has a self-signed certificate generated.

You can replace the path to the default certificate with a path to a commercial or self-signed one by changing the sslCertificateFilePath: PATH_FILENAME setting in /etc/sfcb/sfcb.cfg. The file must be in PEM format.

By default, SFCB expects a server certificate in the following location:

/etc/sfcb/server.pem

To generate a new certificate, run the following command:

> sudo sh /usr/share/sfcb/genSslCert.sh
Generating SSL certificates in .
Generating a 2048 bit RSA private key
...................................................................+++
.+++
writing new private key to '/var/tmp/sfcb.0Bjt69/key.pem'
-----

By default, the script generates certificates client.pem , file.pem and server.pem in the current working directory. If you want the script to generate the certificates in /etc/sfcb directory, you need to append the path to the command. If these files already exist, a warning message is displayed, and the old certificates are not overwritten.

> sudo sh /usr/share/sfcb/genSslCert.sh /etc/sfcb
Generating SSL certificates in .
WARNING: server.pem SSL Certificate file already exists.
         old file will be kept intact.
WARNING: client.pem SSL Certificate trust store already exists.
         old file will be kept intact.

You must remove the old certificates from the file system and run the command again.

To change the way SFCB uses certificates, see Section 45.2.2.3, “Authentication”.

45.2.2.2 Ports

By default, SFCB is configured to accept all communications through the secure port 5989. The following paragraphs explain the communication port setup and recommended configuration.

Port 5989 (secure)

The secure port that SFCB communications use via HTTPS services. This is the default. With this setting, all communications between the CIMOM and client applications are encrypted when sent over the Internet between servers and workstations. Users must authenticate with the client application to reach SFCB server. We recommend that you keep this setting. For the SFCB CIMOM to communicate with the necessary applications, this port must be open on routers and firewall rules if they are present between the client application and the nodes being monitored.

Port 5988 (insecure)

The insecure port that SFCB communications use via HTTP services. This setting is disabled by default. With this setting, all communications between the CIMOM and client applications are open for review when sent over the Internet between servers and workstations by anyone, without any authentication. We recommend that you use this setting only when attempting to debug a problem with the CIMOM. When the problem is resolved, disable the non-secure port option back. For the SFCB CIMOM to communicate with the necessary applications that require non-secure access, this port must be open in routers and firewall rules between the client application and the nodes being monitored.

To change the default port assignments, see Section 45.2.2.2, “Ports”.

45.2.2.3 Authentication

SFCB supports HTTP basic authentication and authentication based on client certificates (HTTP over SSL connections). Basic HTTP authentication is enabled by specifying doBasicAuth=true in the SFCB configuration file ( /etc/sfcb/sfcb.cfg by default). SUSE® Linux Enterprise Server installation of SFCB supports Pluggable Authentication Modules (PAM) approach; therefore the local root user can authenticate to the SFCB CIMOM with local root user credentials.

If the sslClientCertificate configuration property is set to accept or require, the SFCB HTTP adapter will request a certificate from clients when connecting via HTTP over SSL (HTTPS). If require is specified, the client must provide a valid certificate (according to the client trust store specified via sslClientTrustStore). If the client fails to do so, the connection will be rejected by the CIM server.

The setting sslClientCertificate=accept may not be obvious. It is useful if both basic and client certificate authentication are allowed. If the client can provide a valid certificate, HTTPS connection will be established and the basic authentication procedure will not be executed. If this function cannot verify the certificate, the HTTP basic authentication will take place instead.

45.3 SFCB CIMOM configuration

SFCB is a lightweight implementation of the CIM server, but it is also highly configurable. Several options can control its behavior. You can control the SFCB server in three ways:

  • by setting appropriate environment variables

  • by using command line options

  • by changing its configuration file

45.3.1 Environment variables

Several environment variables directly affect the behavior of SFCB. You need to restart the SFCB daemon by systemctl restart sfcb for these changes to take effect.

PATH

Specifies the path to the sfcbd daemon and utilities.

LD_LIBRARY_PATH

Specifies the path to the sfcb runtime libraries. Alternatively, you can add this path to the system-wide dynamic loader configuration file /etc/ld.so.conf .

SFCB_PAUSE_PROVIDER

Specifies the provider name. The SFCB server pauses after the provider is loaded for the first time. You can then attach a runtime debugger to the provider's process for debugging purposes.

SFCB_PAUSE_CODEC

Specifies the name of the SFCB codec (currently supports only http. The SFCB server pauses after the codec is loaded for the first time. You can then attach a runtime debugger to the process.

SFCB_TRACE

Specifies the level of debug messages for SFCB. Valid values are 0 (no debug messages), or 1 (key debug messages) to 4 (all debug messages). Default is 1.

SFCB_TRACE_FILE

By default, SFCB outputs its debug messages to standard error output (STDERR). Setting this variable causes the debug messages to be written to a specified file instead.

SBLIM_TRACE

Specifies the level of debug messages for SBLIM providers. Valid values are 0 (no debug messages), or 1 (key debug messages) to 4 (all debug messages).

SBLIM_TRACE_FILE

By default, SBLIM provider outputs its trace messages to STDERR. Setting this variable causes the trace messages to be written to a specified file instead.

45.3.2 Command line options

sfcbd, the SFCB daemon, has several command line options that switch particular runtime features on or off. Enter these options when SFCB daemon starts.

-c, --config-file=FILE

When SFCB daemon starts, it reads its configuration from /etc/sfcb/sfcb.cfg by default. With this option, you can specify an alternative configuration file.

-d, --daemon

Forces sfcbd and its child processes to run in the background.

-s, --collect-stats

Turns on runtime statistics collecting. sfcbd runtime statistics will be written to the sfcbStat file in the current working directory. By default, no statistics are collected.

-l, --syslog-level=LOGLEVEL

Specifies the level of verbosity for the system logging facility. LOGLEVEL can be one of LOG_INFO, LOG_DEBUG or LOG_ERR, which is the default.

-k, --color-trace=LOGLEVEL

Prints trace output in a different color per process for easier debugging.

-t, --trace-components=NUM

Activates component-level tracing messages, where NUM is an OR-ed bitmask integer that defines which component to trace. After you specify -t ?, it lists all the components and their associated integer bitmask:

> sfcbd -t ?
---   Traceable Components:     Int       Hex
---            providerMgr:          1  0x0000001
---            providerDrv:          2  0x0000002
---             cimxmlProc:          4  0x0000004
---             httpDaemon:          8  0x0000008
---                upCalls:         16  0x0000010
---               encCalls:         32  0x0000020
---        ProviderInstMgr:         64  0x0000040
---       providerAssocMgr:        128  0x0000080
---              providers:        256  0x0000100
---            indProvider:        512  0x0000200
---       internalProvider:       1024  0x0000400
---             objectImpl:       2048  0x0000800
---                  xmlIn:       4096  0x0001000
---                 xmlOut:       8192  0x0002000
---                sockets:      16384  0x0004000
---              memoryMgr:      32768  0x0008000
---               msgQueue:      65536  0x0010000
---             xmlParsing:     131072  0x0020000
---         responseTiming:     262144  0x0040000
---              dbpdaemon:     524288  0x0080000
---                    slp:    1048576  0x0100000

A useful value that reveals the internal functions of sfcbd but does not generate too many messages, is -t 2019.

45.3.3 SFCB configuration file

SFCB reads its runtime configuration from configuration file /etc/sfcb/sfcb.cfg after starting up. This behavior can be overridden using -c option at start-up.

The configuration file contains option : VALUE pairs, one per line.

Any setting that has the options commented out with a number sign (#) uses the default setting.

The following list of options may not be complete. See the content of /etc/sfcb/sfcb.cfg and /usr/share/doc/packages/sblim-sfcb/README for their complete list.

45.3.3.1 httpPort

Purpose

Specifies the local port value that sfcbd should listen to receive HTTP (insecure) requests from CIM clients. Default is 5988 .

Syntax

httpPort: PORT_NUMBER

45.3.3.2 enableHttp

Purpose

Specifies whether SFCB should accept HTTP client connections. Default is false .

Syntax

enableHttp: OPTION

Option

Description

true

Enables HTTP connections.

false

Disables HTTP connections.

45.3.3.3 httpProcs

Purpose

Specifies the maximum number of simultaneous HTTP client connections before new incoming HTTP requests are blocked. Default is 8 .

Syntax

httpProcs: MAX_NUMBER_OF_CONNECTIONS

45.3.3.4 httpUserSFCB, httpUser

Purpose

These options control what user the HTTP server will run under. If httpUserSFCB is true, HTTP will run under the same user as the SFCB main process. If it is false the user name specified for httpUser will be used. This setting is used for both HTTP and HTTPS servers. httpUser must be specified if httpUserSFCB is set to false. the default is true.

Syntax

httpUserSFCB: true

45.3.3.5 httpLocalOnly

Purpose

Specifies whether to limit HTTP requests to localhost only. Default is false.

Syntax

httpLocalOnly: false

45.3.3.6 httpsPort

Purpose

Specifies the local port value where sfcbd listens for HTTPS requests from CIM clients. Default is 5989 .

Syntax

httpsPort: port_number

45.3.3.7 enableHttps

Purpose

Specifies if SFCB will accept HTTPS client connections. Default is true .

Syntax

enableHttps: option

Option

Description

true

Enables HTTPS connections.

false

Disables HTTPS connections.

45.3.3.8 httpsProcs

Purpose

Specifies the maximum number of simultaneous HTTPS client connections before new incoming HTTPS requests are blocked. Default is 8 .

Syntax

httpsProcs: MAX_NUMBER_OF_CONNECTIONS

45.3.3.9 enableInterOp

Purpose

Specifies if SFCB will provide the interop namespace for indication support. Default is true .

Syntax

enableInterOp: OPTION

Option

Description

true

Enables interop namespace.

false

Disables interop namespace.

45.3.3.10 provProcs

Purpose

Specifies the maximum number of simultaneous provider processes. After this point, if a new incoming request requires loading a new provider, then one of the existing providers will first be automatically unloaded. Default is 32 .

Syntax

provProcs: MAX_NUMBER_OF_PROCS

45.3.3.11 doBasicAuth

Purpose

Switches basic authentication on or off based on the client user identifier before it accepts the request. Default value is true which means that basic client authentication is performed.

Syntax

doBasicAuth: OPTION

Option

Description

true

Enables basic authentication.

false

Disables basic authentication.

45.3.3.12 basicAuthLib

Purpose

Specifies the local library name. The SFCB server loads the library to authenticate the client user identifier. Default is sfcBasicPAMAuthentication .

Syntax

provProcs: MAX_NUMBER_OF_PROCS

45.3.3.13 useChunking

Purpose

This option switches the use of HTTP/HTTPS chunking on or off. If switched on, the server will return large volumes of response data to the client in smaller chunks, rather than buffer the data and send it back all in one chunk. Default is true .

Syntax

useChunking: OPTION

Option

Description

true

Enables HTTP/HTTPS data chunking.

false

Disables HTTP/HTTPS data chunking.

45.3.3.14 keepaliveTimeout

Purpose

Specifies the maximum time in seconds that SFCB HTTP process waits between two requests on one connection before it terminates. Setting it to 0 disables HTTP keep-alive. Default is 0.

Syntax

keepaliveTimeout: SECS

45.3.3.15 keepaliveMaxRequest

Purpose

Specifies the maximum number of consecutive requests on one connection. Setting it to 0 disables HTTP keep-alive. Default value is 10 .

Syntax

keepaliveMaxRequest: NUMBER_OF_CONNECTIONS

45.3.3.16 registrationDir

Purpose

Specifies the registration directory, which contains the provider registration data, the staging area, and the static repository. Default is /var/lib/sfcb/registration .

Syntax

registrationDir: DIR

45.3.3.17 providerDirs

Purpose

Specifies a space-separated list of directories where SFCB is searching for provider libraries. Default is /usr/lib64 /usr/lib64 /usr/lib64/cmpi.

Syntax

providerDirs: DIR

45.3.3.18 providerSampleInterval

Purpose

Specifies the interval in seconds at which the provider manager is checking for idle providers. Default is 30.

Syntax

providerSampleInterval: SECS

45.3.3.19 providerTimeoutInterval

Purpose

Specifies the interval in seconds before an idle provider gets unloaded by the provider manager. Default is 60.

Syntax

providerTimeoutInterval: SECS

45.3.3.20 providerAutoGroup

Purpose

If the provider registration file does not specify any other group, and the option is set to true, all providers in the same shared library are executed in the same process.

Syntax

providerAutoGroup: OPTION

Option

Description

true

Enables grouping of providers.

false

Disables grouping of providers.

45.3.3.21 sslCertificateFilePath

Purpose

Specifies the name of the file that contains the server certificate. The file must be in PEM (Privacy Enhanced Mail, RFC 1421 and RFC 1424) format. This file is only required if enableHttps is set to true. Default is /etc/sfcb/server.pem.

Syntax

sslCertificateFilePath: PATH

45.3.3.22 sslKeyFilePath

Purpose

Specifies the name of the file that contains the private key for the server certificate. The file must be in PEM format and may not be protected by passphrase. This file is only required if enableHttps is set to true. Default is /etc/sfcb/file.pem.

Syntax

sslKeyFilePath: PATH

45.3.3.23 sslClientTrustStore

Purpose

Specifies the name of the file that contains either the CA or self-signed certificates of the clients. This file must be in PEM format and is only required if sslClientCertificate is set to accept or require. Default is /etc/sfcb/client.pem.

Syntax

sslClientTrustStore: PATH

45.3.3.24 sslClientCertificate

Purpose

Specifies the way SFCB handles client certificate based authentication. If set to ignore, it will not request a certificate from the client. If set to accept it will request a certificate from the client but will not fail if the client does not present one. If set to require, it will refuse the client connection if the client does not present a certificate. Default value is ignore.

Syntax

sslClientCertificate: OPTION

Option

Description

ignore

Disables requesting a client certificate.

accept

Disables requesting a client certificate.

Will not fail if no certificate is present.

require

Refuses the client connection without a valid certificate.

45.3.3.25 certificateAuthLib

Purpose

Specifies the name of the local library to request for the user authentication based on client certificate. This is only requested if sslClientCertificate is not set to ignore. Default value is sfcCertificateAuthentication.

Syntax

certificateAuthLib: FILE

45.3.3.26 traceLevel

Purpose

Specifies the trace level for SFCB. You can override it by setting environment variable SFCB_TRACE_LEVEL. Default value is 0.

Syntax

traceLevel: NUM_LEVEL

45.3.3.27 traceMask

Purpose

Specifies the trace mask for SFCB. you can override it by the command line option --trace-components. Default value is 0.

Syntax

traceMask: MASK

45.3.3.28 traceFile

Purpose

Specifies the trace file for SFCB. You can override it by setting environment variable SFCB_TRACE_FILE. Default value is stderr (standard error output).

Syntax

traceFile: OUTPUT

45.4 Advanced SFCB tasks

This chapter covers more advanced topics related to SFCB usage. To understand them, you need to have basic knowledge of the Linux file system and experience with the Linux command line. This chapter includes the following tasks:

  • Installing CMPI providers

  • Testing SFCB

  • Using wbemcli CIM client

45.4.1 Installing CMPI providers

To install a CMPI provider, you need to make sure that its shared library is copied into one of the directories specified by providerDirs configuration option, see Section 45.3.3.17, “providerDirs”. The provider must also be properly registered using sfcbstage and sfcbrepos commands.

The provider package is prepared for SFCB, so that its installation takes care of the proper registration. Most SBLIM providers are prepared for SFCB.

45.4.1.1 Class repository

Class repository is a place where SFCB stores information about CIM classes. It consists of a directory tree with namespace components. Typical CIM namespaces are root/cimv2 or root/interop, which respectively translate to the class repository directory path on the file system

/var/lib/sfcb/registration/repository/root/cimv2

and

/var/lib/sfcb/registration/repository/root/interop

Each namespace directory contains the file classSchemas. The file has a compiled binary representation of all the CIM classes registered under that namespace. It also contains necessary information about their CIM superclasses.

Each namespace directory may contain a file qualifiers which contains all qualifiers for the namespace. When sfcbd restarts, the class provider will scan the directory /var/lib/sfcb/registration/repository/ and all its subdirectories to determine the registered namespaces. Then classSchemas files are decoded and the class hierarchy for each namespace is built.

45.4.1.2 Adding new classes

SFCB cannot make live CIM class manipulations. You need to add, change or remove classes offline and restart SFCB service with systemctl restart sfcb to register the changes.

To store providers class and registration information, SFCB uses a place called staging area. On SUSE® Linux Enterprise Server systems, it is the directory structure under /var/lib/sfcb/stage/.

To add a new provider, you need to:

  • Copy the provider class definition files to the ./mofs subdirectory of staging area directory (/var/lib/sfcb/stage/mofs).

  • Copy a registration file which contains the name of the class or classes and type of provider, and the name of the executable library file into the ./regs subdirectory.

There are two default mof (class definition) files in the staging directory: indication.mof and interop.mof. MOF files under the root stage directory /var/lib/sfcb/stage/mofs will be copied into each namespace after running sfcbrepos command. The interop.mof will only be compiled into the interop namespace.

The directory layout may look like the following example:

> ls /var/lib/sfcb/stage
default.reg  mofs  regs
> ls /var/lib/sfcb/stage/mofs
indication.mof  root
> ls /var/lib/sfcb/stage/mofs/root
cimv2  interop  suse  virt
> ls -1 /var/lib/sfcb/stage/mofs/root/cimv2 | less
Linux_ABIParameter.mof
Linux_BaseIndication.mof
Linux_Base.mof
Linux_DHCPElementConformsToProfile.mof
Linux_DHCPEntity.mof
[..]
OMC_StorageSettingWithHints.mof
OMC_StorageVolumeDevice.mof
OMC_StorageVolume.mof
OMC_StorageVolumeStorageSynchronized.mof
OMC_SystemStorageCapabilities.mof
> ls -1 /var/lib/sfcb/stage/mofs/root/interop
ComputerSystem.mof
ElementConformsToProfile.mof
HostSystem.mof
interop.mof
Linux_DHCPElementConformsToProfile.mof
[..]
OMC_SMIElementSoftwareIdentity.mof
OMC_SMISubProfileRequiresProfile.mof
OMC_SMIVolumeManagementSoftware.mof
ReferencedProfile.mof
RegisteredProfile.mof
> ls -1 /var/lib/sfcb/stage/regs
AllocationCapabilities.reg
Linux_ABIParameter.reg
Linux_BaseIndication.reg
Linux_DHCPGlobal.reg
Linux_DHCPRegisteredProfile.reg
[..]
OMC_Base.sfcb.reg
OMC_CopyServices.sfcb.reg
OMC_PowerManagement.sfcb.reg
OMC_Server.sfcb.reg
RegisteredProfile.reg
> cat /var/lib/sfcb/stage/regs/Linux_DHCPRegisteredProfile.reg
[Linux_DHCPRegisteredProfile]
   provider: Linux_DHCPRegisteredProfileProvider
   location: cmpiLinux_DHCPRegisteredProfile
   type: instance
   namespace: root/interop
#
[Linux_DHCPElementConformsToProfile]
   provider: Linux_DHCPElementConformsToProfileProvider
   location: cmpiLinux_DHCPElementConformsToProfile
   type: instance association
   namespace: root/cimv2
#
[Linux_DHCPElementConformsToProfile]
   provider: Linux_DHCPElementConformsToProfileProvider
   location: cmpiLinux_DHCPElementConformsToProfile
   type: instance association
   namespace: root/interop

SFCB uses a custom provider registration file for each provider.

Note
Note: SBLIM providers registration files

All SBLIM providers on the SBLIM Web site already include a registration file that is used to generate the .reg file for SFCB.

The format of SFCB registration file is:

[<class-name>]
   provider: <provide-name>
   location: <library-name>
   type: [instance] [association] [method] [indication]
   group: <group-name>
   unload: never
   namespace: <namespace-for-class> ...

where:

<class-name>

The CIM class name (required)

<provider-name>

The CMPI provider name (required)

<location-name>

The name of the provider library (required)

type

The type of the provider (required). This can be any combination of: instance, association, method or indication.

<group-name>

Multiple providers can be grouped together and run under a single process to further minimize runtime resources. All providers registered under the same <group-name> will be executed under the same process. By default each provider will be run as a separate process.

unload

Specifies the unload policy for the provider. Currently the only supported option is never, which specifies that the provider will not be monitored for idle times and will never be unloaded. By default each provider will be unloaded when its idle times exceed the value specified in the configuration file.

namespace

List of namespaces for which this provider can be executed. This is required, although for most providers this will be root/cimv2.

Once all the class definitions and provider registration files are stored in the staging area, you need to rebuild the SFCB class repository with the command sfcbrepos -f.

You can add, change or remove classes this way. After rebuilding the class repository, restart SFCB with command systemctl restart sfcb.

Alternatively, the SFCB package contains a utility that will copy provider class mof files and registration files to the correct locations in the staging area.

sfcbstage -r [provider.reg] [class1.mof] [class2.mof] ...

After running this command you still need to rebuild the class repository and restart SFCB service.

45.4.2 Testing SFCB

The SFCB package includes two testing scripts: wbemcat and xmltest.

wbemcat sends raw CIM-XML data via HTTP protocol to the specified SFCB host (localhost by default) listening on port 5988. Then it displays the returned results. The following file contains the CIM-XML representation of a standard EnumerateClasses request:

<?xml version="1.0" encoding="utf-8"?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
  <MESSAGE ID="4711" PROTOCOLVERSION="1.0">
    <SIMPLEREQ>
      <IMETHODCALL NAME="EnumerateClasses">
        <LOCALNAMESPACEPATH>
          <NAMESPACE NAME="root"/>
          <NAMESPACE NAME="cimv2"/>
        </LOCALNAMESPACEPATH>
        <IPARAMVALUE NAME="ClassName">
          <CLASSNAME NAME=""/>
        </IPARAMVALUE>
        <IPARAMVALUE NAME="DeepInheritance">
          <VALUE>TRUE</VALUE>
        </IPARAMVALUE>
        <IPARAMVALUE NAME="LocalOnly">
          <VALUE>FALSE</VALUE>
        </IPARAMVALUE>
        <IPARAMVALUE NAME="IncludeQualifiers">
          <VALUE>FALSE</VALUE>
        </IPARAMVALUE>
        <IPARAMVALUE NAME="IncludeClassOrigin">
          <VALUE>TRUE</VALUE>
        </IPARAMVALUE>
      </IMETHODCALL>
    </SIMPLEREQ>
  </MESSAGE>
</CIM>

Sending this request to SFCB CIMOM returns a list of all supported classes for which there is a registered provider. Suppose you save the file as cim_xml_test.xml.

> wbemcat cim_xml_test.xml | less
HTTP/1.1 200 OK
Content-Type: application/xml; charset="utf-8"
Content-Length: 337565
Cache-Control: no-cache
CIMOperation: MethodResponse

<?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0">
<SIMPLERSP>
<IMETHODRESPONSE NAME="EnumerateClasses">
[..]
<CLASS NAME="Linux_DHCPParamsForEntity" SUPERCLASS="CIM_Component">
<PROPERTY.REFERENCE NAME="GroupComponent" REFERENCECLASS="Linux_DHCPEntity">
</PROPERTY.REFERENCE>
<PROPERTY.REFERENCE NAME="PartComponent" REFERENCECLASS="Linux_DHCPParams">
</PROPERTY.REFERENCE>
</CLASS>
</IRETURNVALUE>
</IMETHODRESPONSE>
</SIMPLERSP>
</MESSAGE>
</CIM>

The classes listed will vary depending on what providers are installed on your system.

The second script xmltest is also used to send a raw CIM-XML test file to the SFCB CIMOM. It then compares the returned results against a previously saved OK result file. If there does not yet exist a corresponding OK file, it will be created for later use:

> xmltest cim_xml_test.xml
Running test cim_xml_test.xml ... OK
        Saving response as cim_xml_test.OK
# xmltest cim_xml_test.xml
Running test cim_xml_test.xml ... Passed

45.4.3 Command line CIM client: wbemcli

Besides wbemcat and xmltest, the SBLIM project includes a more advanced command line CIM client wbemcli. The client is used to send CIM requests to SFCB server and display returned results. It is independent of CIMOM library and can be used with all WBEM compliant implementations.

For example, if you need to list all the classes implemented by SBLIM providers registered to your SFCB, send the EnumerateClasses (ec) request to SFCB:

> wbemcli -dx ec http://localhost/root/cimv2
To server: <?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0"><SIMPLEREQ><IMETHODCALL \
    NAME="EnumerateClasses"><LOCALNAMESPACEPATH><NAMESPACE NAME="root"> \
    </NAMESPACE><NAMESPACE NAME="cimv2"></NAMESPACE> \
    </LOCALNAMESPACEPATH>
<IPARAMVALUE NAME="DeepInheritance"><VALUE>TRUE</VALUE> \
    </IPARAMVALUE>
<IPARAMVALUE NAME="LocalOnly"><VALUE>FALSE</VALUE></IPARAMVALUE>
<IPARAMVALUE NAME="IncludeQualifiers"><VALUE>FALSE</VALUE> \
    </IPARAMVALUE>
<IPARAMVALUE NAME="IncludeClassOrigin"><VALUE>TRUE</VALUE> \
    </IPARAMVALUE>
</IMETHODCALL></SIMPLEREQ>
</MESSAGE></CIM>
From server: Content-Type: application/xml; charset="utf-8"
From server: Content-Length: 337565
From server: Cache-Control: no-cache
From server: CIMOperation: MethodResponse
From server: <?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0">
<SIMPLERSP>
<IMETHODRESPONSE NAME="EnumerateClasses">
<IRETURNVALUE>
<CLASS NAME="CIM_ResourcePool" SUPERCLASS="CIM_LogicalElement">
<PROPERTY NAME="Generation" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="ElementName" TYPE="string">
</PROPERTY>
<PROPERTY NAME="Description" TYPE="string">
</PROPERTY>
<PROPERTY NAME="Caption" TYPE="string">
</PROPERTY>
<PROPERTY NAME="InstallDate" TYPE="datetime">
</PROPERTY>
[..]
<CLASS NAME="Linux_Ext4FileSystem" SUPERCLASS="CIM_UnixLocalFileSystem">
<PROPERTY NAME="FSReservedCapacity" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="TotalInodes" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="FreeInodes" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="ResizeIncrement" TYPE="uint64">
<VALUE>0</VALUE>
</PROPERTY>
<PROPERTY NAME="IsFixedSize" TYPE="uint16">
<VALUE>0</VALUE>
</PROPERTY>
[..]

The -dx option shows you the actual XML sent to SFCB by wbemcli and the actual XML received. In the above example, the first of many returned classes was CIM_ResourcePool followed by Linux_Ext4FileSystem. Similar entries will appear for all other registered classes.

If you omit the -dx option, wbemcli will display only a compact representation of the returned data:

> wbemcli ec http://localhost/root/cimv2
localhost:5988/root/cimv2:CIM_ResourcePool Generation=,ElementName=, \
    Description=,Caption=,InstallDate=,Name=,OperationalStatus=, \
    StatusDescriptions=,Status=,HealthState=,PrimaryStatus=, \
    DetailedStatus=,OperatingStatus=,CommunicationStatus=,InstanceID=, \
    PoolID=,Primordial=,Capacity=,Reserved=,ResourceType=, \
    OtherResourceType=,ResourceSubType=, \AllocationUnits=
localhost:5988/root/cimv2:Linux_Ext4FileSystem FSReservedCapacity=, \
    TotalInodes=,FreeInodes=,ResizeIncrement=,IsFixedSize=,NumberOfFiles=, \
    OtherPersistenceType=,PersistenceType=,FileSystemType=,ClusterSize=, \
    MaxFileNameLength=,CodeSet=,CasePreserved=,CaseSensitive=, \
    CompressionMethod=,EncryptionMethod=,ReadOnly=,AvailableSpace=, \
    FileSystemSize=,BlockSize=,Root=,Name=,CreationClassName=,CSName=, \
    CSCreationClassName=,Generation=,ElementName=,Description=,Caption=, \
    InstanceID=,InstallDate=,OperationalStatus=,StatusDescriptions=, \
    Status=,HealthState=,PrimaryStatus=,DetailedStatus=,OperatingStatus= \
    ,CommunicationStatus=,EnabledState=,OtherEnabledState=,RequestedState= \
    ,EnabledDefault=,TimeOfLastStateChange=,AvailableRequestedStates=, \
    TransitioningToState=,PercentageSpaceUse=
    [..]

45.5 More information

For more details about WBEM and SFCB, see the following sources:
https://www.dmtf.org

Distributed Management Task Force Web site

https://www.dmtf.org/standards/wbem/

Web-Based Enterprise Management (WBEM) Web site

https://www.dmtf.org/standards/cim/

Common Information Model (CIM) Web site