45 Web Based Enterprise Management using SFCB #
45.1 Introduction and basic concept #
SUSE® Linux Enterprise Server (SLES) provides a collection of open standards based tools for the unified management of disparate computing systems and environments. Our enterprise solutions implement the standards proposed by the Distributed Management Task Force. The following paragraphs describe their basic components.
Distributed Management Task Force, Inc (DMTF) is the industry organization which leads the development of management standards for enterprise and Internet environments. Their goal is to unify management standards and initiatives, and to enable more integrated, cost effective and interoperable management solutions. DMTF standards provide common system management components for control and communication. Their solutions are independent of platforms and technologies. Web Based Enterprise Management and the Common Information Model are two of their key technologies.
Web Based Enterprise Management (WBEM) is a set of management and Internet standard technologies. WBEM was developed to unify the management of enterprise computing environments. It provides the ability for the industry to deliver a well-integrated collection of management tools using Web technologies. WBEM consists of the following standards:
A data model: the Common Information Model (CIM) standard
An encoding specification: CIM-XML Encoding Specification
A transport mechanism: CIM operations over HTTP
The Common Information Model is a conceptual information model that describes system management. It is not bound to a particular implementation and enables the interchange of management information between management systems, networks, services and applications. There are two parts to CIM: the CIM Specification and the CIM Schema.
The CIM Specification describes the language, naming and meta schema. The meta schema is a formal definition of the model. It defines the terms used to express the model and their usage and semantics. The elements of the meta schema are classes, properties, and methods. The meta schema also supports indications and associations as types of classes, and references as types of properties.
The CIM Schema provides the actual model descriptions. It supplies a set of classes with properties and associations that provide a well understood conceptual framework within which it is possible to organize the available information about the managed environment.
The Common Information Model Object Manager (CIMOM) is a CIM object manager or, more specifically, an application that manages objects according to the CIM standard. CIMOM manages communication between CIMOM providers and a CIM client, where the administrator manages the system.
CIMOM providers are software performing specific tasks within the CIMOM that are requested by client applications. Each provider instruments one or more aspects of the CIMOM's schema. These providers interact directly with the hardware.
Standards Based Linux Instrumentation for Manageability (SBLIM) is a collection of tools designed to support Web-Based Enterprise Management (WBEM). SUSE® Linux Enterprise Server uses the open source CIMOM (or CIM server) from the SBLIM project called Small Footprint CIM Broker .
Small Footprint CIM Broker is a CIM server intended for use in resource-limited or embedded environments. It is designed to be modular and lightweight at the same time. Its based on open standards and it supports CMPI providers, CIM-XML encoding, and Managed Object Format (MOF). It is highly configurable and performs stability even if the provider crashes. It is also easily accessible as it supports multiple transport protocols, such as HTTP, HTTPS, Unix domain sockets, Service Location Protocol (SLP), and Java Database Connectivity (JDBC).
45.2 Setting up SFCB #
To set up the Small Footprint CIM Broker (SFCB) environment, make sure the SUSE Linux Enterprise Server installation. Alternatively, select it as a component to install on a server that is already running. Make sure the following packages are installed on your system:
pattern in YaST is selected during- cim-schema, Common Information Model (CIM) schema
Contains the Common Information Model (CIM). CIM is a model for describing overall management information in a network or enterprise environments. CIM consists of a specification and a schema. The specification defines the details for integration with other management models. The schema provides the actual model descriptions.
- python2-pywbem
Contains a Python module for making CIM operation calls through the WBEM protocol to query and update managed objects.
- cmpi-provider-register, CIMOM neutral provider registration utility
Contains a utility allowing CMPI provider packages to register with whatever CIMOM happens to be present on the system.
- sblim-sfcb, small footprint CIM broker
Contains Small Footprint CIM Broker. It is a CIM server conforming to the CIM Operations over HTTP protocol. It is robust, with low resource consumption and, therefore, specifically suited for embedded and resource constrained environments. SFCB supports providers written against the Common Manageability Programming Interface (CMPI).
- sblim-sfcc
Contains Small Footprint CIM Client library runtime libraries.
- sblim-wbemcli
Contains WBEM command line interface. It is a stand-alone command line WBEM client especially suited for basic systems management tasks.
45.2.1 Starting, stopping and checking status for SFCB #
CIM server sfcbd daemon is installed together with Web-Based Enterprise Management software and is started by default at system start-up. The following table explains how to start, stop and check status for sfcbd.
Task |
Linux Command |
---|---|
Start sfcbd |
Enter |
Stop sfcbd |
Enter |
Check sfcbd status |
Enter |
45.2.2 Ensuring secure access #
The default setup of SFCB is secure. However, check that the access to SFCB components is as secure as required for your organization.
45.2.2.1 Certificates #
Secure Sockets Layers (SSL) transports require a certificate for secure communication to occur. When SFCB is installed, it has a self-signed certificate generated.
You can replace the path to the default certificate with a path to a
commercial or self-signed one by changing the
sslCertificateFilePath: PATH_FILENAME
setting in /etc/sfcb/sfcb.cfg
. The file
must be in PEM format.
By default, SFCB expects a server certificate in the following location:
/etc/sfcb/server.pem
To generate a new certificate, run the following command:
>
sudo
sh /usr/share/sfcb/genSslCert.sh Generating SSL certificates in . Generating a 2048 bit RSA private key ...................................................................+++ .+++ writing new private key to '/var/tmp/sfcb.0Bjt69/key.pem' -----
By default, the script generates certificates
client.pem
, file.pem
and
server.pem
in the current working directory. If you
want the script to generate the certificates in
/etc/sfcb
directory, you need to append the path to
the command. If these files already exist, a warning message is displayed,
and the old certificates are not overwritten.
>
sudo
sh /usr/share/sfcb/genSslCert.sh /etc/sfcb Generating SSL certificates in . WARNING: server.pem SSL Certificate file already exists. old file will be kept intact. WARNING: client.pem SSL Certificate trust store already exists. old file will be kept intact.
You must remove the old certificates from the file system and run the command again.
To change the way SFCB uses certificates, see Section 45.2.2.3, “Authentication”.
45.2.2.2 Ports #
By default, SFCB is configured to accept all communications through the secure port 5989. The following paragraphs explain the communication port setup and recommended configuration.
- Port 5989 (secure)
The secure port that SFCB communications use via HTTPS services. This is the default. With this setting, all communications between the CIMOM and client applications are encrypted when sent over the Internet between servers and workstations. Users must authenticate with the client application to reach SFCB server. We recommend that you keep this setting. For the SFCB CIMOM to communicate with the necessary applications, this port must be open on routers and firewall rules if they are present between the client application and the nodes being monitored.
- Port 5988 (insecure)
The insecure port that SFCB communications use via HTTP services. This setting is disabled by default. With this setting, all communications between the CIMOM and client applications are open for review when sent over the Internet between servers and workstations by anyone, without any authentication. We recommend that you use this setting only when attempting to debug a problem with the CIMOM. When the problem is resolved, disable the non-secure port option back. For the SFCB CIMOM to communicate with the necessary applications that require non-secure access, this port must be open in routers and firewall rules between the client application and the nodes being monitored.
To change the default port assignments, see Section 45.2.2.2, “Ports”.
45.2.2.3 Authentication #
SFCB supports HTTP basic authentication and authentication based on client
certificates (HTTP over SSL connections). Basic HTTP authentication is
enabled by specifying doBasicAuth=true
in the SFCB
configuration file ( /etc/sfcb/sfcb.cfg
by
default). SUSE® Linux Enterprise Server installation of SFCB supports Pluggable Authentication
Modules (PAM) approach; therefore the local root user can authenticate to
the SFCB CIMOM with local root user credentials.
If the sslClientCertificate
configuration property is
set to accept
or require
, the SFCB HTTP adapter will request a
certificate from clients when connecting via HTTP over SSL (HTTPS). If
require
is specified, the client
must provide a valid certificate
(according to the client trust store specified via
sslClientTrustStore
). If the client fails to do
so, the connection will be rejected by the CIM server.
The setting sslClientCertificate=accept
may not be
obvious. It is useful if both basic and client certificate
authentication are allowed. If the client can provide a valid certificate,
HTTPS connection will be established and the basic authentication
procedure will not be executed. If this function cannot verify the
certificate, the HTTP basic authentication will take place instead.
45.3 SFCB CIMOM configuration #
SFCB is a lightweight implementation of the CIM server, but it is also highly configurable. Several options can control its behavior. You can control the SFCB server in three ways:
by setting appropriate environment variables
by using command line options
by changing its configuration file
45.3.1 Environment variables #
Several environment variables directly affect the behavior of SFCB. You
need to restart the SFCB daemon by systemctl restart
sfcb
for these changes to take effect.
PATH
Specifies the path to the
sfcbd
daemon and utilities.LD_LIBRARY_PATH
Specifies the path to the sfcb runtime libraries. Alternatively, you can add this path to the system-wide dynamic loader configuration file
/etc/ld.so.conf
.SFCB_PAUSE_PROVIDER
Specifies the provider name. The SFCB server pauses after the provider is loaded for the first time. You can then attach a runtime debugger to the provider's process for debugging purposes.
SFCB_PAUSE_CODEC
Specifies the name of the SFCB codec (currently supports only
http
. The SFCB server pauses after the codec is loaded for the first time. You can then attach a runtime debugger to the process.SFCB_TRACE
Specifies the level of debug messages for SFCB. Valid values are 0 (no debug messages), or 1 (key debug messages) to 4 (all debug messages). Default is 1.
SFCB_TRACE_FILE
By default, SFCB outputs its debug messages to standard error output (STDERR). Setting this variable causes the debug messages to be written to a specified file instead.
SBLIM_TRACE
Specifies the level of debug messages for SBLIM providers. Valid values are 0 (no debug messages), or 1 (key debug messages) to 4 (all debug messages).
SBLIM_TRACE_FILE
By default, SBLIM provider outputs its trace messages to STDERR. Setting this variable causes the trace messages to be written to a specified file instead.
45.3.2 Command line options #
sfcbd
, the SFCB daemon, has several command line
options that switch particular runtime features on or off. Enter these
options when SFCB daemon starts.
-c, --config-file
=FILEWhen SFCB daemon starts, it reads its configuration from
/etc/sfcb/sfcb.cfg
by default. With this option, you can specify an alternative configuration file.-d, --daemon
Forces sfcbd and its child processes to run in the background.
-s, --collect-stats
Turns on runtime statistics collecting. sfcbd runtime statistics will be written to the
sfcbStat
file in the current working directory. By default, no statistics are collected.-l, --syslog-level
=LOGLEVELSpecifies the level of verbosity for the system logging facility. LOGLEVEL can be one of LOG_INFO, LOG_DEBUG or LOG_ERR, which is the default.
-k, --color-trace
=LOGLEVELPrints trace output in a different color per process for easier debugging.
-t, --trace-components
=NUMActivates component-level tracing messages, where NUM is an OR-ed bitmask integer that defines which component to trace. After you specify
-t ?
, it lists all the components and their associated integer bitmask:>
sfcbd -t ? --- Traceable Components: Int Hex --- providerMgr: 1 0x0000001 --- providerDrv: 2 0x0000002 --- cimxmlProc: 4 0x0000004 --- httpDaemon: 8 0x0000008 --- upCalls: 16 0x0000010 --- encCalls: 32 0x0000020 --- ProviderInstMgr: 64 0x0000040 --- providerAssocMgr: 128 0x0000080 --- providers: 256 0x0000100 --- indProvider: 512 0x0000200 --- internalProvider: 1024 0x0000400 --- objectImpl: 2048 0x0000800 --- xmlIn: 4096 0x0001000 --- xmlOut: 8192 0x0002000 --- sockets: 16384 0x0004000 --- memoryMgr: 32768 0x0008000 --- msgQueue: 65536 0x0010000 --- xmlParsing: 131072 0x0020000 --- responseTiming: 262144 0x0040000 --- dbpdaemon: 524288 0x0080000 --- slp: 1048576 0x0100000A useful value that reveals the internal functions of sfcbd but does not generate too many messages, is
-t
2019.
45.3.3 SFCB configuration file #
SFCB reads its runtime configuration from configuration file
/etc/sfcb/sfcb.cfg
after starting up. This behavior
can be overridden using -c
option at start-up.
The configuration file contains option
:
VALUE pairs, one per line.
Any setting that has the options commented out with a number sign (#) uses the default setting.
The following list of options may not be complete. See the content of
/etc/sfcb/sfcb.cfg
and
/usr/share/doc/packages/sblim-sfcb/README
for their
complete list.
45.3.3.1 httpPort #
Purpose#
Specifies the local port value that sfcbd should listen to receive HTTP
(insecure) requests from CIM clients. Default is 5988
.
Syntax#
httpPort:
PORT_NUMBER
45.3.3.2 enableHttp #
Purpose#
Specifies whether SFCB should accept HTTP client connections. Default is
false
.
Syntax#
enableHttp:
OPTION
Option |
Description |
---|---|
true |
Enables HTTP connections. |
false |
Disables HTTP connections. |
45.3.3.3 httpProcs #
Purpose#
Specifies the maximum number of simultaneous HTTP client connections
before new incoming HTTP requests are blocked. Default is
8
.
Syntax#
httpProcs:
MAX_NUMBER_OF_CONNECTIONS
45.3.3.4 httpUserSFCB, httpUser #
Purpose#
These options control what user the HTTP server will run under. If
httpUserSFCB
is true
, HTTP will run
under the same user as the SFCB main process. If it is
false
the user name specified for
httpUser
will be used. This setting is used for both HTTP
and HTTPS servers. httpUser
must be
specified if httpUserSFCB
is set to
false
. the default is true
.
Syntax#
httpUserSFCB: true
45.3.3.5 httpLocalOnly #
Purpose#
Specifies whether to limit HTTP requests to localhost only. Default is
false
.
Syntax#
httpLocalOnly: false
45.3.3.6 httpsPort #
Purpose#
Specifies the local port value where sfcbd listens for HTTPS requests from
CIM clients. Default is 5989
.
Syntax#
httpsPort: port_number
45.3.3.7 enableHttps #
Purpose#
Specifies if SFCB will accept HTTPS client connections. Default is
true
.
Syntax#
enableHttps: option
Option |
Description |
---|---|
true |
Enables HTTPS connections. |
false |
Disables HTTPS connections. |
45.3.3.8 httpsProcs #
Purpose#
Specifies the maximum number of simultaneous HTTPS client connections
before new incoming HTTPS requests are blocked. Default is
8
.
Syntax#
httpsProcs:
MAX_NUMBER_OF_CONNECTIONS
45.3.3.9 enableInterOp #
Purpose#
Specifies if SFCB will provide the interop namespace
for indication support. Default is true
.
Syntax#
enableInterOp:
OPTION
Option |
Description |
---|---|
true |
Enables interop namespace. |
false |
Disables interop namespace. |
45.3.3.10 provProcs #
Purpose#
Specifies the maximum number of simultaneous provider processes. After
this point, if a new incoming request requires loading a new provider,
then one of the existing providers will first be automatically unloaded.
Default is 32
.
Syntax#
provProcs:
MAX_NUMBER_OF_PROCS
45.3.3.11 doBasicAuth #
Purpose#
Switches basic authentication on or off based on the client user
identifier before it accepts the request. Default value is
true
which means that basic client authentication is
performed.
Syntax#
doBasicAuth:
OPTION
Option |
Description |
---|---|
true |
Enables basic authentication. |
false |
Disables basic authentication. |
45.3.3.12 basicAuthLib #
Purpose#
Specifies the local library name. The SFCB server loads the library to
authenticate the client user identifier. Default is
sfcBasicPAMAuthentication
.
Syntax#
provProcs:
MAX_NUMBER_OF_PROCS
45.3.3.13 useChunking #
Purpose#
This option switches the use of HTTP/HTTPS “chunking” on or
off. If switched on, the server will return large volumes of response data
to the client in smaller “chunks”, rather than buffer the
data and send it back all in one chunk. Default is true
.
Syntax#
useChunking:
OPTION
Option |
Description |
---|---|
true |
Enables HTTP/HTTPS data chunking. |
false |
Disables HTTP/HTTPS data chunking. |
45.3.3.14 keepaliveTimeout #
Purpose#
Specifies the maximum time in seconds that SFCB HTTP process waits between
two requests on one connection before it terminates. Setting it to
0
disables HTTP keep-alive. Default is
0
.
Syntax#
keepaliveTimeout:
SECS
45.3.3.15 keepaliveMaxRequest #
Purpose#
Specifies the maximum number of consecutive requests on one connection.
Setting it to 0
disables HTTP keep-alive. Default value
is 10
.
Syntax#
keepaliveMaxRequest:
NUMBER_OF_CONNECTIONS
45.3.3.16 registrationDir #
Purpose#
Specifies the registration directory, which contains the provider
registration data, the staging area, and the static repository. Default is
/var/lib/sfcb/registration
.
Syntax#
registrationDir:
DIR
45.3.3.17 providerDirs #
Purpose#
Specifies a space-separated list of directories where SFCB is searching
for provider libraries. Default is /usr/lib64 /usr/lib64
/usr/lib64/cmpi
.
Syntax#
providerDirs:
DIR
45.3.3.18 providerSampleInterval #
Purpose#
Specifies the interval in seconds at which the provider manager is
checking for idle providers. Default is 30
.
Syntax#
providerSampleInterval:
SECS
45.3.3.19 providerTimeoutInterval #
Purpose#
Specifies the interval in seconds before an idle provider gets unloaded by
the provider manager. Default is 60
.
Syntax#
providerTimeoutInterval:
SECS
45.3.3.20 providerAutoGroup #
Purpose#
If the provider registration file does not specify any other group, and
the option is set to true
, all providers in the
same shared library are executed in the same process.
Syntax#
providerAutoGroup:
OPTION
Option |
Description |
---|---|
true |
Enables grouping of providers. |
false |
Disables grouping of providers. |
45.3.3.21 sslCertificateFilePath #
Purpose#
Specifies the name of the file that contains the server certificate. The
file must be in PEM (Privacy Enhanced Mail, RFC 1421 and RFC 1424) format.
This file is only required if enableHttps
is set to
true
. Default is
/etc/sfcb/server.pem
.
Syntax#
sslCertificateFilePath:
PATH
45.3.3.22 sslKeyFilePath #
Purpose#
Specifies the name of the file that contains the private key for the
server certificate. The file must be in PEM format and may not be
protected by passphrase. This file is only required if
enableHttps
is set to true
. Default
is /etc/sfcb/file.pem
.
Syntax#
sslKeyFilePath:
PATH
45.3.3.23 sslClientTrustStore #
Purpose#
Specifies the name of the file that contains either the CA or self-signed
certificates of the clients. This file must be in PEM format and is only
required if sslClientCertificate
is set to
accept
or require
. Default is
/etc/sfcb/client.pem
.
Syntax#
sslClientTrustStore:
PATH
45.3.3.24 sslClientCertificate #
Purpose#
Specifies the way SFCB handles client certificate based authentication. If
set to ignore
, it will not request a certificate from
the client. If set to accept
it will request a
certificate from the client but will not fail if the client does not
present one. If set to require
, it will refuse the
client connection if the client does not present a certificate. Default
value is ignore
.
Syntax#
sslClientCertificate:
OPTION
Option |
Description |
---|---|
ignore |
Disables requesting a client certificate. |
accept |
Disables requesting a client certificate. Will not fail if no certificate is present. |
require |
Refuses the client connection without a valid certificate. |
45.3.3.25 certificateAuthLib #
Purpose#
Specifies the name of the local library to request for the user
authentication based on client certificate. This is only requested if
sslClientCertificate
is not set to
ignore
. Default value is
sfcCertificateAuthentication
.
Syntax#
certificateAuthLib:
FILE
45.3.3.26 traceLevel #
Purpose#
Specifies the trace level for SFCB. You can override it by setting
environment variable SFCB_TRACE_LEVEL
. Default value is
0
.
Syntax#
traceLevel:
NUM_LEVEL
45.3.3.27 traceMask #
Purpose#
Specifies the trace mask for SFCB. you can override it by the command line
option --trace-components
. Default value is
0
.
Syntax#
traceMask:
MASK
45.3.3.28 traceFile #
Purpose#
Specifies the trace file for SFCB. You can override it by setting
environment variable SFCB_TRACE_FILE
. Default value is
stderr
(standard error output).
Syntax#
traceFile:
OUTPUT
45.4 Advanced SFCB tasks #
This chapter covers more advanced topics related to SFCB usage. To understand them, you need to have basic knowledge of the Linux file system and experience with the Linux command line. This chapter includes the following tasks:
Installing CMPI providers
Testing SFCB
Using
wbemcli
CIM client
45.4.1 Installing CMPI providers #
To install a CMPI provider, you need to make sure that its shared library
is copied into one of the directories specified by
providerDirs
configuration option, see
Section 45.3.3.17, “providerDirs”. The provider must also be
properly registered using sfcbstage
and
sfcbrepos
commands.
The provider package is prepared for SFCB, so that its installation takes care of the proper registration. Most SBLIM providers are prepared for SFCB.
45.4.1.1 Class repository #
Class repository is a place where SFCB stores
information about CIM classes. It consists of a directory tree
with namespace components. Typical CIM namespaces are
root/cimv2
or root/interop
, which
respectively translate to the class repository directory path on the file
system
/var/lib/sfcb/registration/repository/root/cimv2
and
/var/lib/sfcb/registration/repository/root/interop
Each namespace directory contains the file
classSchemas
. The file has a compiled binary
representation of all the CIM classes registered under that namespace. It
also contains necessary information about their CIM superclasses.
Each namespace directory may contain a file
qualifiers
which contains all qualifiers for the
namespace. When sfcbd restarts, the class provider will scan the directory
/var/lib/sfcb/registration/repository/
and all its
subdirectories to determine the registered namespaces. Then
classSchemas
files are decoded and the class
hierarchy for each namespace is built.
45.4.1.2 Adding new classes #
SFCB cannot make live CIM class manipulations. You need to add, change or
remove classes offline and restart SFCB service with systemctl
restart sfcb
to register the changes.
To store providers class and registration information, SFCB uses a place
called staging area. On SUSE® Linux Enterprise Server systems, it is the
directory structure under /var/lib/sfcb/stage/
.
To add a new provider, you need to:
Copy the provider class definition files to the
./mofs
subdirectory of staging area directory (/var/lib/sfcb/stage/mofs
).Copy a registration file which contains the name of the class or classes and type of provider, and the name of the executable library file into the
./regs
subdirectory.
There are two default “mof” (class definition) files in the
staging directory: indication.mof
and
interop.mof
. MOF files under the root stage directory
/var/lib/sfcb/stage/mofs
will be copied into each
namespace after running sfcbrepos
command. The
interop.mof
will only be compiled into the
interop namespace.
The directory layout may look like the following example:
>
ls /var/lib/sfcb/stage
default.reg mofs regs
>
ls /var/lib/sfcb/stage/mofs
indication.mof root
>
ls /var/lib/sfcb/stage/mofs/root
cimv2 interop suse virt
>
ls -1 /var/lib/sfcb/stage/mofs/root/cimv2 | less
Linux_ABIParameter.mof
Linux_BaseIndication.mof
Linux_Base.mof
Linux_DHCPElementConformsToProfile.mof
Linux_DHCPEntity.mof
[..]
OMC_StorageSettingWithHints.mof
OMC_StorageVolumeDevice.mof
OMC_StorageVolume.mof
OMC_StorageVolumeStorageSynchronized.mof
OMC_SystemStorageCapabilities.mof
>
ls -1 /var/lib/sfcb/stage/mofs/root/interop
ComputerSystem.mof
ElementConformsToProfile.mof
HostSystem.mof
interop.mof
Linux_DHCPElementConformsToProfile.mof
[..]
OMC_SMIElementSoftwareIdentity.mof
OMC_SMISubProfileRequiresProfile.mof
OMC_SMIVolumeManagementSoftware.mof
ReferencedProfile.mof
RegisteredProfile.mof
>
ls -1 /var/lib/sfcb/stage/regs
AllocationCapabilities.reg
Linux_ABIParameter.reg
Linux_BaseIndication.reg
Linux_DHCPGlobal.reg
Linux_DHCPRegisteredProfile.reg
[..]
OMC_Base.sfcb.reg
OMC_CopyServices.sfcb.reg
OMC_PowerManagement.sfcb.reg
OMC_Server.sfcb.reg
RegisteredProfile.reg
>
cat /var/lib/sfcb/stage/regs/Linux_DHCPRegisteredProfile.reg
[Linux_DHCPRegisteredProfile]
provider: Linux_DHCPRegisteredProfileProvider
location: cmpiLinux_DHCPRegisteredProfile
type: instance
namespace: root/interop
#
[Linux_DHCPElementConformsToProfile]
provider: Linux_DHCPElementConformsToProfileProvider
location: cmpiLinux_DHCPElementConformsToProfile
type: instance association
namespace: root/cimv2
#
[Linux_DHCPElementConformsToProfile]
provider: Linux_DHCPElementConformsToProfileProvider
location: cmpiLinux_DHCPElementConformsToProfile
type: instance association
namespace: root/interop
SFCB uses a custom provider registration file for each provider.
All SBLIM providers on the SBLIM Web site already include a registration file that is used to generate the .reg file for SFCB.
The format of SFCB registration file is:
[<class-name>] provider: <provide-name> location: <library-name> type: [instance] [association] [method] [indication] group: <group-name> unload: never namespace: <namespace-for-class> ...
where:
<class-name>
The CIM class name (required)
<provider-name>
The CMPI provider name (required)
<location-name>
The name of the provider library (required)
type
The type of the provider (required). This can be any combination of:
instance
,association
,method
orindication
.<group-name>
Multiple providers can be grouped together and run under a single process to further minimize runtime resources. All providers registered under the same <group-name> will be executed under the same process. By default each provider will be run as a separate process.
unload
Specifies the unload policy for the provider. Currently the only supported option is
never
, which specifies that the provider will not be monitored for idle times and will never be unloaded. By default each provider will be unloaded when its idle times exceed the value specified in the configuration file.namespace
List of namespaces for which this provider can be executed. This is required, although for most providers this will be
root/cimv2
.
Once all the class definitions and provider registration files are stored
in the staging area, you need to rebuild the SFCB class repository with
the command sfcbrepos
-f
.
You can add, change or remove classes this way. After rebuilding the class
repository, restart SFCB with command systemctl restart
sfcb
.
Alternatively, the SFCB package contains a utility that will copy provider class mof files and registration files to the correct locations in the staging area.
sfcbstage
-r
[provider.reg]
[class1.mof] [class2.mof] ...
After running this command you still need to rebuild the class repository and restart SFCB service.
45.4.2 Testing SFCB #
The SFCB package includes two testing scripts: wbemcat
and xmltest
.
wbemcat
sends raw CIM-XML data via HTTP protocol to the
specified SFCB host (localhost by default) listening on port 5988. Then it
displays the returned results. The following file contains the CIM-XML
representation of a standard EnumerateClasses request:
<?xml version="1.0" encoding="utf-8"?> <CIM CIMVERSION="2.0" DTDVERSION="2.0"> <MESSAGE ID="4711" PROTOCOLVERSION="1.0"> <SIMPLEREQ> <IMETHODCALL NAME="EnumerateClasses"> <LOCALNAMESPACEPATH> <NAMESPACE NAME="root"/> <NAMESPACE NAME="cimv2"/> </LOCALNAMESPACEPATH> <IPARAMVALUE NAME="ClassName"> <CLASSNAME NAME=""/> </IPARAMVALUE> <IPARAMVALUE NAME="DeepInheritance"> <VALUE>TRUE</VALUE> </IPARAMVALUE> <IPARAMVALUE NAME="LocalOnly"> <VALUE>FALSE</VALUE> </IPARAMVALUE> <IPARAMVALUE NAME="IncludeQualifiers"> <VALUE>FALSE</VALUE> </IPARAMVALUE> <IPARAMVALUE NAME="IncludeClassOrigin"> <VALUE>TRUE</VALUE> </IPARAMVALUE> </IMETHODCALL> </SIMPLEREQ> </MESSAGE> </CIM>
Sending this request to SFCB CIMOM returns a list of all supported classes
for which there is a registered provider. Suppose you save the file as
cim_xml_test.xml
.
>
wbemcat cim_xml_test.xml | less
HTTP/1.1 200 OK
Content-Type: application/xml; charset="utf-8"
Content-Length: 337565
Cache-Control: no-cache
CIMOperation: MethodResponse
<?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0">
<SIMPLERSP>
<IMETHODRESPONSE NAME="EnumerateClasses">
[..]
<CLASS NAME="Linux_DHCPParamsForEntity" SUPERCLASS="CIM_Component">
<PROPERTY.REFERENCE NAME="GroupComponent" REFERENCECLASS="Linux_DHCPEntity">
</PROPERTY.REFERENCE>
<PROPERTY.REFERENCE NAME="PartComponent" REFERENCECLASS="Linux_DHCPParams">
</PROPERTY.REFERENCE>
</CLASS>
</IRETURNVALUE>
</IMETHODRESPONSE>
</SIMPLERSP>
</MESSAGE>
</CIM>
The classes listed will vary depending on what providers are installed on your system.
The second script xmltest
is also used to send a raw
CIM-XML test file to the SFCB CIMOM. It then compares the returned results
against a previously saved “OK” result file. If there does not
yet exist a corresponding “OK” file, it will be created for
later use:
>
xmltest cim_xml_test.xml Running test cim_xml_test.xml ... OK Saving response as cim_xml_test.OK#
xmltest cim_xml_test.xml Running test cim_xml_test.xml ... Passed
45.4.3 Command line CIM client: wbemcli #
Besides wbemcat
and xmltest
,
the SBLIM project includes a more advanced command line CIM client
wbemcli
. The client is used to send CIM requests to SFCB
server and display returned results. It is independent of CIMOM library and
can be used with all WBEM compliant implementations.
For example, if you need to list all the classes implemented by SBLIM providers registered to your SFCB, send the “EnumerateClasses” (ec) request to SFCB:
>
wbemcli -dx ec http://localhost/root/cimv2
To server: <?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0"><SIMPLEREQ><IMETHODCALL \
NAME="EnumerateClasses"><LOCALNAMESPACEPATH><NAMESPACE NAME="root"> \
</NAMESPACE><NAMESPACE NAME="cimv2"></NAMESPACE> \
</LOCALNAMESPACEPATH>
<IPARAMVALUE NAME="DeepInheritance"><VALUE>TRUE</VALUE> \
</IPARAMVALUE>
<IPARAMVALUE NAME="LocalOnly"><VALUE>FALSE</VALUE></IPARAMVALUE>
<IPARAMVALUE NAME="IncludeQualifiers"><VALUE>FALSE</VALUE> \
</IPARAMVALUE>
<IPARAMVALUE NAME="IncludeClassOrigin"><VALUE>TRUE</VALUE> \
</IPARAMVALUE>
</IMETHODCALL></SIMPLEREQ>
</MESSAGE></CIM>
From server: Content-Type: application/xml; charset="utf-8"
From server: Content-Length: 337565
From server: Cache-Control: no-cache
From server: CIMOperation: MethodResponse
From server: <?xml version="1.0" encoding="utf-8" ?>
<CIM CIMVERSION="2.0" DTDVERSION="2.0">
<MESSAGE ID="4711" PROTOCOLVERSION="1.0">
<SIMPLERSP>
<IMETHODRESPONSE NAME="EnumerateClasses">
<IRETURNVALUE>
<CLASS NAME="CIM_ResourcePool" SUPERCLASS="CIM_LogicalElement">
<PROPERTY NAME="Generation" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="ElementName" TYPE="string">
</PROPERTY>
<PROPERTY NAME="Description" TYPE="string">
</PROPERTY>
<PROPERTY NAME="Caption" TYPE="string">
</PROPERTY>
<PROPERTY NAME="InstallDate" TYPE="datetime">
</PROPERTY>
[..]
<CLASS NAME="Linux_Ext4FileSystem" SUPERCLASS="CIM_UnixLocalFileSystem">
<PROPERTY NAME="FSReservedCapacity" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="TotalInodes" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="FreeInodes" TYPE="uint64">
</PROPERTY>
<PROPERTY NAME="ResizeIncrement" TYPE="uint64">
<VALUE>0</VALUE>
</PROPERTY>
<PROPERTY NAME="IsFixedSize" TYPE="uint16">
<VALUE>0</VALUE>
</PROPERTY>
[..]
The -dx
option shows you the actual XML sent to SFCB by
wbemcli
and the actual XML received. In the above
example, the first of many returned classes was
CIM_ResourcePool
followed by
Linux_Ext4FileSystem
. Similar entries will appear for
all other registered classes.
If you omit the -dx
option, wbemcli
will display only a compact representation of the returned data:
>
wbemcli ec http://localhost/root/cimv2
localhost:5988/root/cimv2:CIM_ResourcePool Generation=,ElementName=, \
Description=,Caption=,InstallDate=,Name=,OperationalStatus=, \
StatusDescriptions=,Status=,HealthState=,PrimaryStatus=, \
DetailedStatus=,OperatingStatus=,CommunicationStatus=,InstanceID=, \
PoolID=,Primordial=,Capacity=,Reserved=,ResourceType=, \
OtherResourceType=,ResourceSubType=, \AllocationUnits=
localhost:5988/root/cimv2:Linux_Ext4FileSystem FSReservedCapacity=, \
TotalInodes=,FreeInodes=,ResizeIncrement=,IsFixedSize=,NumberOfFiles=, \
OtherPersistenceType=,PersistenceType=,FileSystemType=,ClusterSize=, \
MaxFileNameLength=,CodeSet=,CasePreserved=,CaseSensitive=, \
CompressionMethod=,EncryptionMethod=,ReadOnly=,AvailableSpace=, \
FileSystemSize=,BlockSize=,Root=,Name=,CreationClassName=,CSName=, \
CSCreationClassName=,Generation=,ElementName=,Description=,Caption=, \
InstanceID=,InstallDate=,OperationalStatus=,StatusDescriptions=, \
Status=,HealthState=,PrimaryStatus=,DetailedStatus=,OperatingStatus= \
,CommunicationStatus=,EnabledState=,OtherEnabledState=,RequestedState= \
,EnabledDefault=,TimeOfLastStateChange=,AvailableRequestedStates=, \
TransitioningToState=,PercentageSpaceUse=
[..]
45.5 More information #
- https://www.dmtf.org
Distributed Management Task Force Web site
- https://www.dmtf.org/standards/wbem/
Web-Based Enterprise Management (WBEM) Web site
- https://www.dmtf.org/standards/cim/
Common Information Model (CIM) Web site