When OpenWBEM CIMOM (owcimomd) starts, it reads it run-time configuration
from the openwbem.conf file. The
openwbem.conf file is located in the
/etc/openwbem directory.
Any setting that has the options commented out with a semicolon (;) or
pound sign (#) uses the default setting.
When making changes to this file, you can use any text editor that saves
the file in a format that is native to the platform you are using.
9.2.1 Changing the Authentication Configuration
When changing the Authentication configuration, there are several things
that you can control:
See the following settings:
http_server.allow_local_authentication
Purpose
Directs the http_server to allow local authentication without
supplying a password, relying on local system file permissions.
You can use this setting with the Basic or Digest settings.
Syntax
http_server.allow_local_authentication
= option
Example
http_server.allow_local_authentication
= true
http_server.digest_password_file
Purpose
Specifies a location for the password file. This is required if the
http_server.use_digest setting is enabled.
Syntax
http_server.digest_password_file =
path_filename
The following is the default path and filename for the digest password
file:
/etc/openwbem/digest_auth.passwd
Example
http_server.digest_password_file =
/etc/openwbem/digest_auth.passwd
http_server.ssl_client_verification
Purpose
Determines whether the server should attempt to authenticate clients
with SSL Client Certificate verification.
This setting is disabled by default.
Syntax:
http_server.ssl_client_verification
= option
Example
http_server.ssl_client_verification
= disabled
http_server.ssl_trust_store
Purpose
Specifies a directory containing the OpenSSL trust store.
Syntax
http_server.ssl_trust_store =
path
The following is the default path for the trust store file.
/etc/openwbem/truststore
Example
http_server.ssl_trust_store =
/etc/openwbem/truststore
http_server.use_digest
Purpose
Directs the HTTP server to use Digest authentication, which bypasses
the Basic authentication mechanism. To use digest, you must set up the
digest password file using owdigestgenpass.
Digest doesn’t use the authentication module specified by the
owcimomd.authentication_module configuration setting.
Syntax
http_server.use_digest =
option
Example
http_server.use_digest = false
owcimomd.ACL_superuser
Purpose
Specifies the username of the user that has access to all Common
Information Model (CIM) data in all namespaces maintained by the
owcimomd. This user can be used to administer the
/root/security name space, which is where
all ACL user rights are stored.
ACL processing is not enabled until the
OpenWBEM_Acl1.0.mof file has been imported.
Syntax
owcimomd.ACL_superuser =
username
Example
owcimomd.ACL_superuser = root
owcimomd.allow_anonymous
Purpose
Enables or disables anonymous logins to owcimomd.
Syntax
owcimomd.allow_anonymous =
option
Example
owcimomd.allowed_anonymous = false
owcimomd.allowed_users
Purpose
Specifies a list of users who are allowed to access owcimomd data.
Syntax
owcimomd.allowed_users =
option
Example
owcimomd.allowed_users = bcwhitely jkcarey
jlanderson
owcimomd.authentication_module
Purpose
Specifies the authentication module that is used by owcimomd. This
setting should be an absolute path to the shared library containing the
authentication module.
Syntax
owcimomd.authentication_module =
path_filename
The following is the default path and filename for the authentication
modules:
/usr/lib/openwbem/authentication/libpamauthentication.so
Example
owcimomd.authentication_module =
/usr/lib/openwbem/authentication/libpamauthentication.so
simple_auth.password_file
Purpose
Specifies the path to the password file when the simple authentication
module is used.
This setting is disabled by default.
Syntax
simple_auth.password_file =
path_filename
Example
simple_auth.password_file =
/etc/openwbem/simple_auth.passwd
9.2.2 Changing the Certificate Configuration
The http_server.SSL_cert and the
http_server.SSL_key settings specify the location of the
file or files that contains the host's private key and the certificate
that is used by OpenSSL for HTTPS communications.
The .pem files are located in the following default
location:
/etc/openwbem/servercert.pem
/etc/openwbem/serverkey.pem
Syntax
http_server.SSL_cert =
path_filename
or
http_server.SSL_key =
path_filename
NOTE:
Both the key and certificate can be in the same file. In this case, the
values of http_server.SSL_cert and
http_server.SSL_key would be the same.
Examples
http_server.SSL_cert =
/etc/openwbem/servercert.pem
http_server.SSL_key =
/etc/openwbem/servercert.pem
http_server.SSL_key =
/etc/openwbem/serverkey.pem
9.2.3 Changing the Port Configuration
The http_server.http_port and server.https_port
settings specify the port number that owcimomd listens on for all HTTP
and HTTPS communications.
Syntax
http_server.http_port =
option
or
http_server.https_port =
option
Example
These settings disable the HTTP port and enable port 5989 for HTTPS
communications:
http_server.http_port = -1
http_server.https_port = 5989
9.2.4 Changing the Default Logging Configuration
The following log settings in the owcimomd.conf
file let you specify where and how much logging occurs, the type of
errors logged, and the log size, filename, and format:
If you want to set up debug logging, see
Section 9.2.5,
Configuring Debug Logging.
If you want to set up additional logs, see
Section 9.2.6,
Configuring Additional
Logs.
log.main.categories
Purpose
Specifies the categories the log outputs.
Syntax
log.main.categories =
option
Example
log.main.categories = FATAL ERROR INFO
log.main.components
Purpose
Specifies the components that the log outputs.
Syntax
log.main.components = option
Example
log.main.components = owcimomd nssd
log.main.format
Purpose
Specifies the format (text mixed with printf() style conversion
specifiers) of the log messages.
Syntax
log.main.format =
conversion_specifier
It is possible to change the minimum field width, the maximum field
width, and justification. The optional format modifier is placed
between the percent sign (%) and the conversion character. The
first optional format modifier is the left justification flag, which is
the minus (-) character. The optional minimum field width modifier
follows, which is an integer that represents the minimum number of
characters to output. If the data item requires fewer characters, it is
padded with spaces on either the left or the right, according to the
justification flag. If the data item is larger than the minimum field
width, the field is expanded to accommodate the data.
The maximum field width modifier is designated by a period (.) followed
by a decimal constant. If the data item is longer than the maximum
field, then the extra characters are removed from the beginning of the
data item (by default) or from the end (if the left justification flag
was specified).
Examples
Log4j TTCC layout:
"%r [%t] %-5p %c -
%m"
Similar to TTCC but with some fixed-size fields:
"%-6r [%15.15t] %-5p
%30.30c - %m"
XML output conforming to log4j.dtd 1.2, which can be processed by
Chainsaw (if used, this must be on one line; it is split up here for
readability):
"<log4j:event logger="%c"
timestamp="%d{%s%Q}"
level="%p" thread="%t">
<log4j:message>%e</log4j:message>
<log4j:locationInfo class="" method=""
file="%F"
line="%L"/></log4j:event>"
The following is the default:
log.main.format =
[%t]%m
log.main.level
Purpose
Specifies the level the log outputs. If set, the log outputs all
predefined categories at and above the specified level.
Syntax
log.main.level =
option
Example
log.main. level = ERROR
log.main.location
Purpose
Specifies the location of the log file owcimomd uses when the
log.main.type setting option specifies that logging is sent to a file.
Syntax
log.main.location =
path_filename
Example
log.main.location =
/system/cimom/var/owcimomd.log
log.main.max_backup_index
Purpose
Specifies the amount of backup logs that are kept before the oldest is
erased.
Syntax
log.main.backup_index =
option
Example
log.main.max_backup_index = 1
log.main.max_file_size
Purpose
Specifies the maximum size (in KB) that the owcimomd log can grow to.
Syntax
log.main.max_file_size =
option
Example
log.main.max_file_size = 0
log.main.type
Purpose
Specifies the type of main log owcimomd uses.
Syntax
log.main.type =
option
Example
log.main.type = syslog
9.2.5 Configuring Debug Logging
If owcimomd is run in debug mode, then the debug log is active with the
following settings:
Debug Log with Color
If you want a color version of the debug log, use the following ASCII
escape codes:
log.debug.format =
\x1b[1;37;40m[\x1b[1;31;40m%-.6t\x1b[1;37;40m]\x1b[1;32;40m
%m\x1b[0;37;40m
If you want to use additional colors, use the following codes with the
log.debug.format command:
Table 9-3 Additional Color Codes for the log.debug.format Command
red
|
\x1b[1;31;40m
|
dark red
|
\x1b[0;31;40m
|
green
|
\x1b[1;32;40m
|
dark green
|
\x1b[0;32;40m
|
yellow
|
\x1b[1;33;40m
|
dark yellow
|
\x1b[0;33;40m
|
blue
|
\x1b[1;34;40m
|
dark blue
|
\x1b[0;34;40m
|
purple
|
\x1b[1;35;40m
|
dark purple
|
\x1b[0;35;40m
|
cyan
|
\x1b[1;36;40m
|
dark cyan
|
\x1b[0;36;40m
|
white
|
\x1b[1;37;40m
|
dark white
|
\x1b[0;37;40m
|
gray
|
\x1b[0;37;40m
|
reset color
|
\x1b[0;37;40m
|
9.2.6 Configuring Additional
Logs
If you want to create additional logs, list the log names under this
setting:
owcimomd.additional_logs =
logname
Separate multiple lognames spaces.
Syntax
owcimomd.additional_logs =
logname
For each log, the following settings apply:
Example
owcimomd.additional_logs = errorlog1 errorlog2
errorlog3