Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

SUSE Linux Enterprise Server (SLES 10) Installation and Administration
Previous Page Home Next Page

9.2 Changing the OpenWBEM CIMOM Configuration

When OpenWBEM CIMOM (owcimomd) starts, it reads it run-time configuration from the openwbem.conf file. The openwbem.conf file is located in the /etc/openwbem directory.

Any setting that has the options commented out with a semicolon (;) or pound sign (#) uses the default setting.

When making changes to this file, you can use any text editor that saves the file in a format that is native to the platform you are using.

You can change any of the settings in the openwbem.conf file. This section discusses the following configuration settings:

9.2.1 Changing the Authentication Configuration

When changing the Authentication configuration, there are several things that you can control:

  • Who can access the CIMOM

  • What authentication module is used

See the following settings:

http_server.allow_local_authentication

Purpose

Directs the http_server to allow local authentication without supplying a password, relying on local system file permissions.

You can use this setting with the Basic or Digest settings.

Syntax

http_server.allow_local_authentication = option

Option

Description

true

Enables local authentication.

This is the default setting.

false

Disables local authentication.

Example

http_server.allow_local_authentication = true

http_server.digest_password_file

Purpose

Specifies a location for the password file. This is required if the http_server.use_digest setting is enabled.

Syntax

http_server.digest_password_file = path_filename

The following is the default path and filename for the digest password file:

/etc/openwbem/digest_auth.passwd

Example

http_server.digest_password_file = /etc/openwbem/digest_auth.passwd

http_server.ssl_client_verification

Purpose

Determines whether the server should attempt to authenticate clients with SSL Client Certificate verification.

This setting is disabled by default.

Syntax:

http_server.ssl_client_verification = option

Option

Description

autoupdate

Specifies the same functionality as the Optional option; however, previously unknown client certificates that pass HTTP authentication are added to a trust store so that subsequent client connections with the same certificate do not require HTTP authentication.

disabled

Disables client certificate checking.

This is the default setting.

optional

Allows a trusted certificate to be authenticated (no HTTP authentication is necessary).

Also allows an untrusted certificate to pass the SSL handshake if the client passes the HTTP authentication.

required

Requires a trusted certificate for the SSL handshake to succeed.

Example

http_server.ssl_client_verification = disabled

http_server.ssl_trust_store

Purpose

Specifies a directory containing the OpenSSL trust store.

Syntax

http_server.ssl_trust_store = path

The following is the default path for the trust store file.

/etc/openwbem/truststore

Example

http_server.ssl_trust_store = /etc/openwbem/truststore

http_server.use_digest

Purpose

Directs the HTTP server to use Digest authentication, which bypasses the Basic authentication mechanism. To use digest, you must set up the digest password file using owdigestgenpass.

Digest doesn’t use the authentication module specified by the owcimomd.authentication_module configuration setting.

Syntax

http_server.use_digest = option

Option

Description

false

Enables the Basic authentication mechanism.

This is the default setting.

true

Disables the Basic authentication mechanism.

Example

http_server.use_digest = false

owcimomd.ACL_superuser

Purpose

Specifies the username of the user that has access to all Common Information Model (CIM) data in all namespaces maintained by the owcimomd. This user can be used to administer the /root/security name space, which is where all ACL user rights are stored.

ACL processing is not enabled until the OpenWBEM_Acl1.0.mof file has been imported.

Syntax

owcimomd.ACL_superuser = username

Example

owcimomd.ACL_superuser = root

owcimomd.allow_anonymous

Purpose

Enables or disables anonymous logins to owcimomd.

Syntax

owcimomd.allow_anonymous = option

Option

Description

false

Requires login with a username and password to access owcimomd data.

This is the default and recommended setting.

true

Allows anonymous logins to owcimomd.

This disables authentication. No username or password is required to access owcimomd data.

Example

owcimomd.allowed_anonymous = false

owcimomd.allowed_users

Purpose

Specifies a list of users who are allowed to access owcimomd data.

Syntax

owcimomd.allowed_users = option

Option

Description

username

Specifies one or more users who are allowed to access the owcimomd data.

Separate each username with a space.

*

Allows all users to authenticate (for example, if you choose to control access with ACLs instead).

This option is enforced for all authentication methods unless owcimomd.allow_anonymous is set to True.

This is the default setting.

Example

owcimomd.allowed_users = bcwhitely jkcarey jlanderson

owcimomd.authentication_module

Purpose

Specifies the authentication module that is used by owcimomd. This setting should be an absolute path to the shared library containing the authentication module.

Syntax

owcimomd.authentication_module = path_filename

The following is the default path and filename for the authentication modules:

/usr/lib/openwbem/authentication/libpamauthentication.so

Example

owcimomd.authentication_module = /usr/lib/openwbem/authentication/libpamauthentication.so

simple_auth.password_file

Purpose

Specifies the path to the password file when the simple authentication module is used.

This setting is disabled by default.

Syntax

simple_auth.password_file = path_filename

Example

simple_auth.password_file = /etc/openwbem/simple_auth.passwd

9.2.2 Changing the Certificate Configuration

The http_server.SSL_cert and the http_server.SSL_key settings specify the location of the file or files that contains the host's private key and the certificate that is used by OpenSSL for HTTPS communications.

The .pem files are located in the following default location:

/etc/openwbem/servercert.pem

/etc/openwbem/serverkey.pem

Syntax

http_server.SSL_cert = path_filename

or

http_server.SSL_key = path_filename

NOTE: Both the key and certificate can be in the same file. In this case, the values of http_server.SSL_cert and http_server.SSL_key would be the same.

Examples

http_server.SSL_cert = /etc/openwbem/servercert.pem

http_server.SSL_key = /etc/openwbem/servercert.pem

http_server.SSL_key = /etc/openwbem/serverkey.pem

9.2.3 Changing the Port Configuration

The http_server.http_port and server.https_port settings specify the port number that owcimomd listens on for all HTTP and HTTPS communications.

Syntax

http_server.http_port = option

or

http_server.https_port = option

Option

Description

Specific_port_number

Specify the specific port for HTTP or HTTPS communications.

For HTTP, the default port is 5988.

For HTTPS, the default port is 5989.

-1

Disables HTTP or HTTPS connections (for example, if you only want to support HTTPS connections).

0

Dynamically assigns a port number at runtime.

Example

These settings disable the HTTP port and enable port 5989 for HTTPS communications:

http_server.http_port = -1

http_server.https_port = 5989

9.2.4 Changing the Default Logging Configuration

The following log settings in the owcimomd.conf file let you specify where and how much logging occurs, the type of errors logged, and the log size, filename, and format:

If you want to set up debug logging, see Section 9.2.5, Configuring Debug Logging.

If you want to set up additional logs, see Section 9.2.6, Configuring Additional Logs.

log.main.categories

Purpose

Specifies the categories the log outputs.

Syntax

log.main.categories = option

Option

Description

category_name

Specifies the categories to be logged using a space delimited list.

The categories used in owcimomd are:

  • DEBUG

  • ERROR

  • FATAL

  • INFO

For more information about these options, see log.main.level.

If specified in this option, the predefined categories are not treated as levels, but as independent categories. No default is available; and if a category is not set, no categories are logged and the log.main.level setting is used.

*

All categories are logged.

This is the default setting.

Example

log.main.categories = FATAL ERROR INFO

log.main.components

Purpose

Specifies the components that the log outputs.

Syntax

log.main.components = option

Option

Description

component_name

Specifies the components to be logged (such as owcimomd) using a space-­­delimited list.

Providers can use their own components.

*

Specifies that all components are logged.

This is the default setting.

Example

log.main.components = owcimomd nssd

log.main.format

Purpose

Specifies the format (text mixed with printf() style conversion specifiers) of the log messages.

Syntax

log.main.format = conversion_specifier

Option

Specifies

%%

%

%c

Component (such as owcimomd)

%d

Date

Can be followed by a date format specifier enclosed between braces. For example, %d{%H:%M:%S} or %d{%d %b %Y %H:%M:%S}. If no date format specifier is given, then ISO 8601 format is assumed.

The only addition is %Q, which is the number of milliseconds.

For more information about the date format specifiers, see the documentation for the strftime() function found in the <ctime> header.

%e

Message as XML CDATA. This includes the “<![CDATA[“ and ending “]]>”

%F

Filename

%l

Filename and line number. For example, file.cpp(100)

%L

Line number

%M

Method name where the logging request was issued (only works on C++ compilers which support __PRETTY_FUNCTION__ or C99’s __func__).

%m

Message

%n

Platform-dependent line separator character (\n) or characters (\r\n).

%p

Category, also known as level or priority.

%r

Number of milliseconds elapsed between the start of the application and the creation of the logging event.

%t

Thread ID

\n

New line

\t

Tab

\r

Line feed

\\

\

\x<hexDigits>

Character represented in hexadecimal

It is possible to change the minimum field width, the maximum field width, and justification. The optional format modifier is placed between the percent sign (%) and the conversion character. The first optional format modifier is the left justification flag, which is the minus (-) character. The optional minimum field width modifier follows, which is an integer that represents the minimum number of characters to output. If the data item requires fewer characters, it is padded with spaces on either the left or the right, according to the justification flag. If the data item is larger than the minimum field width, the field is expanded to accommodate the data.

The maximum field width modifier is designated by a period (.) followed by a decimal constant. If the data item is longer than the maximum field, then the extra characters are removed from the beginning of the data item (by default) or from the end (if the left justification flag was specified).

Examples

Log4j TTCC layout:

"%r [%t] %-5p %c - %m"

Similar to TTCC but with some fixed-size fields:

"%-6r [%15.15t] %-5p %30.30c - %m"

XML output conforming to log4j.dtd 1.2, which can be processed by Chainsaw (if used, this must be on one line; it is split up here for readability):

"<log4j:event logger="%c" timestamp="%d{%s%Q}" level="%p" thread="%t"> <log4j:message>%e</log4j:message> <log4j:locationInfo class="" method="" file="%F" line="%L"/></log4j:event>"

The following is the default:

log.main.format = [%t]%m

log.main.level

Purpose

Specifies the level the log outputs. If set, the log outputs all predefined categories at and above the specified level.

Syntax

log.main.level = option

Option

Description

DEBUG

Logs all Debug, Info, Error, and Fatal error messages.

ERROR

Logs all Error and Fatal error messages.

This is the default setting.

FATAL

Logs only Fatal error messages.

INFO

Logs all Info, Error, and Fatal error messages.

Example

log.main. level = ERROR

log.main.location

Purpose

Specifies the location of the log file owcimomd uses when the log.main.type setting option specifies that logging is sent to a file.

Syntax

log.main.location = path_filename

Example

log.main.location = /system/cimom/var/owcimomd.log

log.main.max_backup_index

Purpose

Specifies the amount of backup logs that are kept before the oldest is erased.

Syntax

log.main.backup_index = option

Option

Description

unsigned_integer_above_0

Specifies the number of backup logs kept.

The default setting is 1 log file.

0

No backup logs are made and the log is truncated when it reaches the maximum file size.

Example

log.main.max_backup_index = 1

log.main.max_file_size

Purpose

Specifies the maximum size (in KB) that the owcimomd log can grow to.

Syntax

log.main.max_file_size = option

Option

Description

unsigned _integer_in_KB

Limits the log to a certain size in KB.

0

Lets the log grow to an unlimited size.

This is the default setting.

Example

log.main.max_file_size = 0

log.main.type

Purpose

Specifies the type of main log owcimomd uses.

Syntax

log.main.type = option

Option

Description

file

Sends all messages to a file that is identified in the log.main.location configuration setting.

null

Disables logging.

syslog

Sends all messages to the syslog interface.

This is the default setting.

Example

log.main.type = syslog

9.2.5 Configuring Debug Logging

If owcimomd is run in debug mode, then the debug log is active with the following settings:

  • log.debug.categories = *

  • log.debug.components = *

  • log.debug.format = [%t] %m

  • log.debug.level = *

  • log.debug.type = stderr

Debug Log with Color

If you want a color version of the debug log, use the following ASCII escape codes:

log.debug.format = \x1b[1;37;40m[\x1b[1;31;40m%-.6t\x1b[1;37;40m]\x1b[1;32;40m %m\x1b[0;37;40m

If you want to use additional colors, use the following codes with the log.debug.format command:

Table 9-3 Additional Color Codes for the log.debug.format Command

Color

Codes

red

\x1b[1;31;40m

dark red

\x1b[0;31;40m

green

\x1b[1;32;40m

dark green

\x1b[0;32;40m

yellow

\x1b[1;33;40m

dark yellow

\x1b[0;33;40m

blue

\x1b[1;34;40m

dark blue

\x1b[0;34;40m

purple

\x1b[1;35;40m

dark purple

\x1b[0;35;40m

cyan

\x1b[1;36;40m

dark cyan

\x1b[0;36;40m

white

\x1b[1;37;40m

dark white

\x1b[0;37;40m

gray

\x1b[0;37;40m

reset color

\x1b[0;37;40m

9.2.6 Configuring Additional Logs

If you want to create additional logs, list the log names under this setting:

owcimomd.additional_logs = logname

Separate multiple lognames spaces.

Syntax

owcimomd.additional_logs = logname

For each log, the following settings apply:

  • log.log_name.categories

  • log.log_name.components

  • log.log_name.format

  • log.log_name.level

  • log.log_name.location

  • log.log_name.max_backup_index

  • log.log_name.max_file_size

Example

owcimomd.additional_logs = errorlog1 errorlog2 errorlog3

SUSE Linux Enterprise Server (SLES 10) Installation and Administration
Previous Page Home Next Page

 
 
  Published Courtesy of Novell, Inc. Design by Interspire