An Introduction to WBEM and OpenWBEM in SUSE LINUX
Posted: 15 Apr 2005
Darren R. Davis Senior Software Engineer Novell, Inc.
Introduction
Often when developing applications for Linux, a systems management tool is
needed for configuring the application or service on Linux. For example, say we
implemented a time update daemon, how would the user go about configuring the
service? We could just make the user change a configuration file. Well, that may
not be the most user friendly approach. So, we decide that we will write a GUI
application to perform the system management of our service. Often, the
development of the system management application can be as detailed as the
original application. Also, creating another management tool that the IT
organization must learn can lead to difficult acceptance by the users of the
product. What developers need is a standard method for extending an existing
systems management application with the functionality that is needed to manage
their application or service. The WBEM standard is the perfect way to add
systems management to your application or service without having to develop the
whole management application.
So what is WBEM? WBEM stands for Web Based Enterprise
Management and is a standard of the DMTF (Distributed Management Task Force). The DMTF is an industry
organization made up of member companies to develop and promote a standard
method for systems management. The method that the DMTF came up with is called
the CIM (Common
Information Model). CIM is an object oriented model to represent a wide
variety of systems in a standard and neutral way, and is commonly referred to as
the CIM schema. That way a common component such as a server, a network router,
or our example time update daemon software, will be represented in a way that
all management tools that use CIM will understand. The CIM standard has been
used by all the major systems management tools available today. The CIM standard
has a way to represent management data, but there are many different ways that
the data can be accessed. To create a standard way to access CIM, a working
group of the DMTF developed a technique where CIM data can be accessed using the
HTTP protocol used by the world wide web. There is another standard used where
the CIM data is represented in XML format. This gives us a common model for
system management, a standard way to represent that model, and a standard way to
access the model.
So, how does WBEM do this? The first major component of a WBEM implementation
is the CIMOM (Common Information Model Object Manager). This is the core engine
that holds the CIM data. It usually uses either its own repository or a standard
external database to hold the CIM data. In order to structure our database, we
must have a way to load the CIM schema into our CIMOM. Well, if you go to the
DMTF web site and download the CIM schema, you will find that you have it in a
format called MOF (Managed Object Format). The MOF format was the way the DMTF
chose to represent the CIM schema and was used long before XML became the
standard format for representing data in a neutral format. So, after you get a
WBEM implementation running, you generally use a MOF compiler to convert the
neutral CIM schema MOF file into the internal schema representation used by the
CIMOM.
So, there is this object database that contains my systems configuration
data. How do I communicate with it? Well, sitting on top of the CIMOM is the
WBEM interface that is basically a HTTP server, but not one that you would use a
web browser with. The WBEM interface has it's own unique port number 5988 (you
can check this by looking in the /etc/services file and looking for wbem-http) that you
communicate to it. So to communicate to the CIMOM, you would use a CIM WBEM
client that would communicate over the standard port. Generally, the CIM WBEM
client is your system management console. The one tool that you use to configure
the system could be used to configure all WBEM enable systems. So, can I do this
on SUSE Linux? Yes, Novell has adopted the OpenWBEM open source implementation of WBEM and includes it in
SUSE Linux Enterprise Server. Novell also provides the Novell CIM SDK from the Novell Forge Website for developers.
In the future, the Linux management tools will incorporate the WBEM
protocol.
OK, I have this process running on my Linux machine called a CIMOM that
contains my configuration information and I talk to it using a management
console that is WBEM enabled. How does it know how to change things? Well at the
bottom most layer is a driver-like layer called the provider layer. The CIMOM
has a provider interface that can communicate with providers and the providers
know how to change things on my Linux system. So, as a developer, you would
implement a new provider using the provider interface that would plug into
OpenWBEM. The provider knows how to make changes to your system service or
hardware and return results to the CIMOM. We will talk about developing OpenWBEM
providers and CIM clients in future articles. For now, let's get this OpenWBEM
system running and just browse around.
Architecture
Here is a diagram that shows the pieces of the WBEM architecture:
Installing OpenWBEM
To install OpenWBEM on SUSE Linux Enterprise server, we need to use YaST to
make sure we have several packages installed. The packages are:
openwbem, openwbem-devel, cim-schema, and novell-life
Once you have these packages installed, it is probably a good time to run YOU
(YaST Online Update) and make sure that all your packages are up to date.
We are now going to start the OpenWBEM CIMOM with the help option '-h' to
make sure all is installed and working. linux:~> /usr/sbin/owcimomd -h
owcimomd [OPTIONS]...
Available options:
-d, --debug Set debug on (does not detach from terminal
-c, --config Specify an alternate config file
-h, --help Print this help information
linux:~>
Normally, the CIMOM is a system service that is started with a startup
script. To startup OpenWBEM you login as root and run the startup script: linux:~ # /etc/init.d/owcimomd start
Starting the OpenWBEM CIMOM Daemon done
linux:~ #
Since it is a system service, we can check status at anytime with: linux:~ # /etc/init.d/owcimomd status
Checking for service OpenWBEM CIMOM Daemon running
linux:~ #
So, with OpenWBEM running as a system service, status messages are logged in
/var/log/messages. At any time you
can go look there for status. We will also use the '-d' debug mode when we are developing our own providers
to be able to get real-time status from the running CIMOM. Now that we have our
CIMOM running, we are ready to explore clients and providers. From our earlier
discussion, we know there is a client API that is available in OpenWBEM to
create applications that can communicate with the CIMOM. There are also several
client applications available such as a CIM browser that will let us explore the
CIMOM. For providers, Novell includes several providers for the Linux platform
in the Novell LIFE package. Again, providers are the interface
between our object manager and the underlying system and we will need to create
our own providers for our system service.
Before we do that, we need to make changes to the OpenWBEM configuration
file.
First, we need to stop the CIMOM before we change the configuration file: linux:~ # /etc/init.d/owcimomd stop
Shutting down OpenWBEM CIMOM Daemon done
linux:~ #
The OpenWBEM configuration file is /etc/openwbem/openwbem.conf and there are several
options that we are going to want to change while we explore and develop to
OpenWBEM. All these options are described in the OpenWBEM documentation.
First is the owcimomd.allow_anonymous option. Where we are going to
want to remove the ';' to uncomment the option and set it to true. Normally,
during a deployment, you probably don't want to allow anonymous connections, but
during development setting this makes it easier to develop.
Next we change owcimomd.authentication_module =
/usr/lib/openwbem/authentication/libsimpleauthentication.so from using
the PAM authentication module libpamauthentication.so. PAM is the Pluggable Authentication Modules method of authentication. By
changing it to simple authentication, we just need to create a file with the
format of user:password for authentication. Again, not very secure, but makes
development easier.
So, we now need to uncomment simple_auth.password_file =
/etc/openwbem/simple_auth.passwd by removing the ';' in front. We will
also need to create a file in that location with the contents of "root:pass", or
whatever user name and password you would like to use.
The last thing to check is http_server.http_port = -1 and make sure it is commented
out by inserting a ';' in front, because if this is left uncommented we will be
unable to connect to it using standard HTTP. Only HTTPS communication would be
allowed.
Now that we are done changing our configuration file, let's start OpenWBEM
again: linux:~ # /etc/init.d/owcimomd start
Starting the OpenWBEM CIMOM Daemon done
linux:~ #
Now, we have the OpenWBEM CIMOM Daemon running the way we need it, but we are
not quite ready yet. The CIMOM needs to have the CIM schema loaded. Prior to
doing this, we need to create our primary name space for our CIM schema. To do
that we need to do a owcreatenamespace: linux:~ # owcreatenamespace -u http://localhost/ -n /root/cimv2
linux:~ #
You may get the result back that the name space already exists. That is OK.
After that we need to load the CIM Schema. linux:~ # cd /usr/share/cim-schema/cim28/
linux:~ # owmofc CIM_Schema28.mof
linux:~ # ...
This command will generate a lot of output as it is compiling the MOF file
and loading the CIM Schema. It should return with no errors. After this step we
should have a running OpenWBEM CIMOM and we are ready to connect to it with a
client.
CIM Clients
The easiest first client to use is a CIM Browser that was implemented by the
SNIA (Storage Network Industry Association) group. SNIA implemented a
WBEM CIMOM in Java and also created a Java based browser. You can download
that source to the browser from their website and build it, but I have already
built a version you can use. This is unsupported code by SNIA and Novell, but
never the less is very useful.
I have created a simple shell script to start up the browser. Just extract
the tar file cimbrowser.tar.gz
and change into that directory and run it. linux:~ # cd cimbrowser/
linux:~ # ./cimbrowsernoSSL.sh
After doing this you should have the CIM Browser login window
running.
I created a user of 'root' with the password of 'pass' in my /etc/openwbem/simple_auth.passwd file. I
can connect to the host with either localhost if it is on the same machine or
just the DNS name or IP number. If you remember from previously in this article,
we created the name space /root/cimv2
as the name space with our CIM Schema. We are now ready to connect and we should
get the browser window like:
This is the main browser window and allows us to browse through the CIM
Schema loaded into our CIMOM. We can examine or edit any attribute and we can
see that everything is structured in a key-value pairs. This is common for
systems management and should look familiar to most developers. Think of your
standard configuration file where you have some attribute and you set it to some
value.
Summary
Well, we completed our first step in using WBEM by getting the OpenWBEM
implementation running on our SLES 9 machine. Now is a good time for the
developer to do some homework on DMTF, WBEM, CIM, and OpenWBEM. Included in the
resources is a link to the Novell Forge Tutorial which covers some of the same
material we included here, but goes into detail of writing providers. We will
cover that in a future Cool Solutions for Developers Article!
Stay Tuned...
Resources:
Pre-built CIM Browser: cimbrowser.tar.gz Novell
Forge Tutorial: Developer Primer to WBEM and CIMOM OpenWBEM website: http://www.openwbem.org/
|