An Introduction to WBEM and OpenWBEM in SUSE Linux
Novell Cool Solutions: Feature
By Darren R. Davis
Digg This -
Posted: 15 Apr 2005
Darren R. Davis
Senior Software Engineer
Often when developing applications for Linux, a systems management tool is needed for configuring the application or service on Linux. For example, say we implemented a time update daemon, how would the user go about configuring the service? We could just make the user change a configuration file. Well, that may not be the most user friendly approach. So, we decide that we will write a GUI application to perform the system management of our service. Often, the development of the system management application can be as detailed as the original application. Also, creating another management tool that the IT organization must learn can lead to difficult acceptance by the users of the product. What developers need is a standard method for extending an existing systems management application with the functionality that is needed to manage their application or service. The WBEM standard is the perfect way to add systems management to your application or service without having to develop the whole management application.
So what is WBEM? WBEM stands for Web Based Enterprise Management and is a standard of the DMTF (Distributed Management Task Force). The DMTF is an industry organization made up of member companies to develop and promote a standard method for systems management. The method that the DMTF came up with is called the CIM (Common Information Model). CIM is an object oriented model to represent a wide variety of systems in a standard and neutral way, and is commonly referred to as the CIM schema. That way a common component such as a server, a network router, or our example time update daemon software, will be represented in a way that all management tools that use CIM will understand. The CIM standard has been used by all the major systems management tools available today. The CIM standard has a way to represent management data, but there are many different ways that the data can be accessed. To create a standard way to access CIM, a working group of the DMTF developed a technique where CIM data can be accessed using the HTTP protocol used by the world wide web. There is another standard used where the CIM data is represented in XML format. This gives us a common model for system management, a standard way to represent that model, and a standard way to access the model.
So, how does WBEM do this? The first major component of a WBEM implementation is the CIMOM (Common Information Model Object Manager). This is the core engine that holds the CIM data. It usually uses either its own repository or a standard external database to hold the CIM data. In order to structure our database, we must have a way to load the CIM schema into our CIMOM. Well, if you go to the DMTF web site and download the CIM schema, you will find that you have it in a format called MOF (Managed Object Format). The MOF format was the way the DMTF chose to represent the CIM schema and was used long before XML became the standard format for representing data in a neutral format. So, after you get a WBEM implementation running, you generally use a MOF compiler to convert the neutral CIM schema MOF file into the internal schema representation used by the CIMOM.
So, there is this object database that contains my systems configuration data. How do I communicate with it? Well, sitting on top of the CIMOM is the WBEM interface that is basically a HTTP server, but not one that you would use a web browser with. The WBEM interface has it's own unique port number 5988 (you can check this by looking in the /etc/services file and looking for wbem-http) that you communicate to it. So to communicate to the CIMOM, you would use a CIM WBEM client that would communicate over the standard port. Generally, the CIM WBEM client is your system management console. The one tool that you use to configure the system could be used to configure all WBEM enable systems. So, can I do this on SUSE Linux? Yes, Novell has adopted the OpenWBEM open source implementation of WBEM and includes it in SUSE Linux Enterprise Server. Novell also provides the Novell CIM SDK from the Novell Forge Website for developers. In the future, the Linux management tools will incorporate the WBEM protocol.
OK, I have this process running on my Linux machine called a CIMOM that contains my configuration information and I talk to it using a management console that is WBEM enabled. How does it know how to change things? Well at the bottom most layer is a driver-like layer called the provider layer. The CIMOM has a provider interface that can communicate with providers and the providers know how to change things on my Linux system. So, as a developer, you would implement a new provider using the provider interface that would plug into OpenWBEM. The provider knows how to make changes to your system service or hardware and return results to the CIMOM. We will talk about developing OpenWBEM providers and CIM clients in future articles. For now, let's get this OpenWBEM system running and just browse around.
Here is a diagram that shows the pieces of the WBEM architecture:
To install OpenWBEM on SUSE Linux Enterprise server, we need to use YaST to make sure we have several packages installed. The packages are:
Once you have these packages installed, it is probably a good time to run YOU (YaST Online Update) and make sure that all your packages are up to date.
We are now going to start the OpenWBEM CIMOM with the help option '-h' to make sure all is installed and working.
linux:~> /usr/sbin/owcimomd -h owcimomd [OPTIONS]... Available options: -d, --debug Set debug on (does not detach from terminal -c, --config Specify an alternate config file -h, --help Print this help information linux:~>
Normally, the CIMOM is a system service that is started with a startup script. To startup OpenWBEM you login as root and run the startup script:
linux:~ # /etc/init.d/owcimomd start Starting the OpenWBEM CIMOM Daemon done linux:~ #
Since it is a system service, we can check status at anytime with:
linux:~ # /etc/init.d/owcimomd status Checking for service OpenWBEM CIMOM Daemon running linux:~ #
So, with OpenWBEM running as a system service, status messages are logged in /var/log/messages. At any time you can go look there for status. We will also use the '-d' debug mode when we are developing our own providers to be able to get real-time status from the running CIMOM. Now that we have our CIMOM running, we are ready to explore clients and providers. From our earlier discussion, we know there is a client API that is available in OpenWBEM to create applications that can communicate with the CIMOM. There are also several client applications available such as a CIM browser that will let us explore the CIMOM. For providers, Novell includes several providers for the Linux platform in the Novell LIFE package. Again, providers are the interface between our object manager and the underlying system and we will need to create our own providers for our system service.
Before we do that, we need to make changes to the OpenWBEM configuration file.
First, we need to stop the CIMOM before we change the configuration file:
linux:~ # /etc/init.d/owcimomd stop Shutting down OpenWBEM CIMOM Daemon done linux:~ #
The OpenWBEM configuration file is /etc/openwbem/openwbem.conf and there are several options that we are going to want to change while we explore and develop to OpenWBEM. All these options are described in the OpenWBEM documentation.
First is the owcimomd.allow_anonymous option. Where we are going to want to remove the ';' to uncomment the option and set it to true. Normally, during a deployment, you probably don't want to allow anonymous connections, but during development setting this makes it easier to develop.
Next we change owcimomd.authentication_module = /usr/lib/openwbem/authentication/libsimpleauthentication.so
from using the PAM authentication module libpamauthentication.so. PAM is the Pluggable Authentication Modules method of authentication. By changing it to simple authentication, we just need to create a file with the format of user:password for authentication. Again, not very secure, but makes development easier.
So, we now need to uncomment simple_auth.password_file = /etc/openwbem/simple_auth.passwd by removing the ';' in front. We will also need to create a file in that location with the contents of "root:pass", or whatever user name and password you would like to use.
The last thing to check is http_server.http_port = -1 and make sure it is commented out by inserting a ';' in front, because if this is left uncommented we will be unable to connect to it using standard HTTP. Only HTTPS communication would be allowed.
Now that we are done changing our configuration file, let's start OpenWBEM again:
linux:~ # /etc/init.d/owcimomd start Starting the OpenWBEM CIMOM Daemon done linux:~ #
Now, we have the OpenWBEM CIMOM Daemon running the way we need it, but we are not quite ready yet. The CIMOM needs to have the CIM schema loaded. Prior to doing this, we need to create our primary name space for our CIM schema. To do that we need to do a owcreatenamespace:
linux:~ # owcreatenamespace -u http://localhost/ -n /root/cimv2 linux:~ #
You may get the result back that the name space already exists. That is OK. After that we need to load the CIM Schema.
linux:~ # cd /usr/share/cim-schema/cim28/ linux:~ # owmofc CIM_Schema28.mof linux:~ # ...
This command will generate a lot of output as it is compiling the MOF file and loading the CIM Schema. It should return with no errors. After this step we should have a running OpenWBEM CIMOM and we are ready to connect to it with a client.
The easiest first client to use is a CIM Browser that was implemented by the SNIA (Storage Network Industry Association) group. SNIA implemented a WBEM CIMOM in Java and also created a Java based browser. You can download that source to the browser from their website and build it, but I have already built a version you can use. This is unsupported code by SNIA and Novell, but never the less is very useful.
I have created a simple shell script to start up the browser. Just extract the tar file snia.tar.gz and change into that directory and run it.
linux:~ # cd cimbrowser/ linux:~ # ./cimbrowsernoSSL.sh
After doing this you should have the CIM Browser login window running.
I created a user of 'root' with the password of 'pass' in my /etc/openwbem/simple_auth.passwd file. I can connect to the host with either localhost if it is on the same machine or just the DNS name or IP number. If you remember from previously in this article, we created the name space /root/cimv2 as the name space with our CIM Schema. We are now ready to connect and we should get the browser window like:
This is the main browser window and allows us to browse through the CIM Schema loaded into our CIMOM. We can examine or edit any attribute and we can see that everything is structured in a key-value pairs. This is common for systems management and should look familiar to most developers. Think of your standard configuration file where you have some attribute and you set it to some value.
Well, we completed our first step in using WBEM by getting the OpenWBEM implementation running on our SLES 9 machine. Now is a good time for the developer to do some homework on DMTF, WBEM, CIM, and OpenWBEM. Included in the resources is a link to the Novell Forge Tutorial which covers some of the same material we included here, but goes into detail of writing providers. We will cover that in a future Cool Solutions for Developers Article!
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com