1 karl 1.11
2 OpenPegasus - A Manageability Services Broker for the DMTF CIM/WBEM Standards
|
3 karl 1.1
|
4 mike 1.3 Author: Mike Brasher, Karl Schopmeyer
5
|
6 karl 1.11 Tagline: OpenPegasus is an object manager for DMTF CIM objects written in C++
|
7 karl 1.5 and supported by The Open Group
|
8 karl 1.4
|
9 konrad.r 1.18 STATUS: Revised March 10 to match Pegasus release 2.3
|
10 karl 1.15
11 NOTE: Obsolete. See readme.html
|
12 karl 1.11 Contents:
|
13 mike 1.7 =========
14
|
15 karl 1.11 1. Overview
16 2. Availability of Pegasus
17 3. Pegasus major components
18 4. Pegasus Dependencies
19 5. The Pegasus Directory Structure
20 6. Installation
21 7. Building Pegasus
22 8. Populate the Repository
23 9. The MU Utility
24 10. Notes about Building Pegasus on Linux
25 11. Notes on building Pegasus with SSL
26 12. Building Pegasus on Windows 2000 or Windows XP With Microsoft Visual C++
27 13. Installing the Pegasus HTML Test Client
28 14. Development with Pegasus and Pegasus Tools
29 15. Commands
30 16. Creating SSL certifications.
|
31 konrad.r 1.17 17. Configuring Pegasus to use SSL
|
32 konrad.r 1.18 18. Configuring Pegasus to use PAM
33 19. Testing with ICU enabled
34 20. Documentation
35 21. Participate
|
36 karl 1.11
37
38
39
40 1. Overview:
41 ============
42
43 OpenPegasus (also refered to as Pegasus):
44
|
45 karl 1.5 Pegasus is an open-source object manager for DMTF CIM objects. It is written
46 in C++ and includes the Object manager, a set of defined interfaces, and SDKs
47 for both client, providers, and services extensions. It is maintained
48 consistent with the DMTF CIM and WBEM specifications except for any exceptions
49 noted in the documentation.
|
50 karl 1.1
51 This distribution represents a work in progress towards building a Pegasus
|
52 mike 1.3 release. Pegasus is open source and is covered under the following license.
|
53 karl 1.1 This version is incomplete and is directed towards evaluators and developers
54 of the Pegasus Architecture.
55
56 Pegasus is being developed and maintained under the auspices of The Open
57 Group. Pegasus is maintained under the license defined in the doc directory
58 (LICENSE) of this release. This licensing is intended to support as wide a
59 distribution as possible with minimal demands on the users.
60
|
61 karl 1.11 This distribution represents a snapshot of the current work. Currently Pegasus
|
62 karl 1.1 is in phase 1 of a multiphase development project. This snapshot is primarily
63 for developers and for evaluation of the project.
64
|
65 mike 1.3 More information on this project, access to the CVS, and documentation on
66 Pegasus are available from the OpenGroup WEB site.
|
67 karl 1.1
68 There are separate files in the release for
69
|
70 karl 1.11 History of releases - HISTORY
71 What's new for this release - WHATSNEW
72 What's Broken - BUGS
|
73 karl 1.1
74 In addition, the roadmap for Pegasus and further information on the project is
75 available on The Opengroup Pegasus WEB Site.
76
|
77 karl 1.11 http://www.openpegasus.org
78
79
80 2. Availability of Pegasus:
81 ============================
82
83 Pegasus is distributed as open source. The distribution is available via
84 CVS and snapshot images in tar and zip file formats.
85
86 The source code from CVS can be found at the following Open Group CVS server;
87
88 cvs.opengroup.org:/cvs/MSB
89
90 using the password authenticating server option (pserve).
91
92 Anonymous access for read is with the name and password "anon" as follows:
93
94 %export CVSROOT=:pserver:anon@cvs.opengroup.org:/cvs/MSB
95 %cvs login
96
97 When requested, enter the password "anon"
|
98 karl 1.1
|
99 karl 1.11 The source tree is in the directory pegasus. To check out the complete Pegasus
100 source tree just type:
|
101 karl 1.1
|
102 karl 1.11 cvs co pegasus
|
103 karl 1.1
|
104 karl 1.11 A Pegasus directory will be created under the current directory and populated
105 with the complete source tree and documentation. To get the latest updates
106 after a checkout just type this from Pegasus root:
|
107 karl 1.1
|
108 karl 1.11 cvs update -d
|
109 mike 1.3
110
|
111 karl 1.11 Active contributors to Pegasus have write access to the CVS repository.
112 If you are interested in contributing back to the Pegasus project,
113 (i.e. write (checkin) access to CVS) please request access from either
114 Martin Kirk (m.kirk@opengroup.org) or Karl Schopmeyer (k.schopmeyer@opengroup.org).
|
115 karl 1.1
|
116 karl 1.11
117 3. Pegasus Major Components:
118 =============================
|
119 mike 1.3
|
120 karl 1.1 The major components of Pegasus are:
121
|
122 mike 1.3 Pegasus Server - WBEM/CIM Server with interfaces for providers and clients
|
123 karl 1.1
|
124 karl 1.5 Pegasus Repositories - Today Pegasus provides a defined class repository
125 interface and a simple file based class repository. It also includes
126 an instance repository. Note that these repository were created for
127 functionality, not efficieny. It is expected that they will be replaced
|
128 karl 1.11 with other implementations of the respository function as the need arises.
|
129 mike 1.3
|
130 karl 1.4 Pegasus Client SDK - Tools for building Pegasus clients based on the Pegasus
131 C++ interfaces and using the WBEM HTTP/XML protocols or directly
|
132 mike 1.3 interfacing with Pegasus.
133
|
134 karl 1.4 Pegasus Test Clients - Simple test clients being developed as part of the
|
135 mike 1.3 Pegasus development process
136
|
137 karl 1.4 Pegasus HTML Test Client - To aid in testing we created a test client for
138 Pegasus that uses a WEB server (ex. Apache) with a set of CGI modules and
139 HTML to allow the entry of Pegasus operations from a WEB browser as forms
|
140 karl 1.11 and the receipt of the response as WEB pages. This has proven useful as a
|
141 mike 1.3 test tool and can be used for a wide variety of demonstrations.
|
142 karl 1.1
|
143 karl 1.11 Pegasus Provider SDK - Tools for building Pegasus providers using the Pegasus
|
144 karl 1.5 C++ interfaces.
145
|
146 karl 1.11 Pegasus Providers - Providers to illustrate the use of Pegasus services including
147 providers for test and demonstration.
|
148 karl 1.1
|
149 karl 1.11 Pegasus Service Extensions - Common services for use by other Pegasus
150 components to extend Pegasus capabilites.
|
151 karl 1.1
|
152 karl 1.5 Pegasus MOF Compiler - FA standalone compiler for MOF files that can be used
|
153 karl 1.11 to install MOF into the Pegasus schema repository and also to check syntax.
154 There is also a tool to extract the MOF from the repository.
|
155 karl 1.1
|
156 karl 1.11
157 4. Pegasus Dependencies:
158 =========================
|
159 karl 1.1
160 We have worked to minimize the dependence of Pegasus on other software
|
161 karl 1.11 packages and tools. Currently Pegasus has the following dependencies:
|
162 karl 1.1
|
163 mike 1.7 1. GNUMAKE - To simplify the building of Pegasus across multiple platforms we
164 have standardized on a set of build tools including: GNUMAKE. We are using
|
165 kumpf 1.12 GNUMAKE 3.79.1 successfully both in Windows and Linux environments.
|
166 karl 1.1
|
167 mike 1.7 GNUMAKE is available from
|
168 karl 1.1
169 http://www.gnu.org
170
|
171 mike 1.7
|
172 karl 1.11 2. MU.EXE - To minimize the difference between Linux and Windows for GNUMAKE,
|
173 mike 1.7 we have created a utility called MU.exe. This utility is required for
|
174 karl 1.11 Pegasus make with ONLY Windows environment. It is provided as an alternative to
|
175 mike 1.7 requiring a number of UNIX utilities (SH, RM, etc.) on the windows platform
176 and effectively provides the functions of these utilities that GNUMAKE
177 needs. MU is not required on UNIX or LINUX platforms.
178
179 NOTE: The binary for MU.EXE is not distributed in the Pegasus bin directory.
180 You must build it separately. MU source code is part of the distribution
181 in the directory src/utils/MU with its own make file. You must compile MU
182 before you initiate the Pegausu make.
183
|
184 karl 1.11 NOTE: A copy of the binary is made available as a zip file on the Pegasus
185 WEB site.
186
187 Again, MU is used ONLY if you are using Windows.
188
|
189 mike 1.7
|
190 karl 1.11 3. FLEX and BISON - These tools were used to develop the MOF compiler and WQL
191 parser. Anybody intending to recompile the compiler or parser from scratch
192 will be required to have these tools. They are only required if changes need
193 to be made to the files for parsing and compiling.
|
194 mike 1.7
195 4. DOC++ - The Pegasus documentation is taken from a combination of text files
196 and the Pegasus header files themselves. This documentation is formatted
197 with DOC++ and GAWK. These tools are required if the documentation is to
198 be recreated but we expect that only the core team will be recreating
199 documentaiton.
|
200 mike 1.3
|
201 karl 1.11
202 5. The Pegasus Directory Structure
203 ===================================
|
204 karl 1.1
|
205 karl 1.4 Pegasus is distributed as a complete directory structure that should be
|
206 mike 1.3 installed either from one of the snapshots or from CVS.
|
207 karl 1.1
208 This structure is generally as follows
|
209 mike 1.3
|
210 karl 1.4 Pegasus Pegasus Root directory
|
211 karl 1.5
212 cgi Source for the Pegasus WEB Based Test client
|
213 karl 1.11 cgi-bin CGI Directories for WEB demonstration.
214 This directory is normally empty but can
215 be populated from the runtime with the make
216 from cgi.
217 htdocs HTML Pages for Pegasus WEB emonstration
|
218 karl 1.5 doc Miscellaneous Pegasus Documents.
|
219 karl 1.11 DevManual Source and build files for developers' manual
|
220 karl 1.4 mak General make files (used by other makes)
|
221 karl 1.1 src All Pegasus Source Files
|
222 karl 1.14 ACEExample Test directrory with examples of the use of ACE (obsolete).
|
223 karl 1.11 Clients Source for various test clients and client SDK
|
224 karl 1.4 CGICLIENT Pegasus test client that uses a WEB browser
|
225 karl 1.14 JAVA Java Client support modules
|
226 karl 1.1 Pegasus
|
227 karl 1.4 Client Pegasus Client API Tests
|
228 karl 1.1 depends
229 tests
230 Common Pegasus Common Functions (C++ source and headers
231 tests Test programs for the common functions
|
232 karl 1.14 Compiler Pegasus MOF compiler
233 Config TBD
234 Consumer TBD
235 ControlProvidersImplementation of Pegasus internal providers
236 ExportClient TBD
237 ExportServer TBD
238 Handler TBD
239 HandlerService TBD
240 IndicationService TBD
241 Listener TBD
|
242 karl 1.1 Protocol Pegasus Client HTTP/XML Protocol Modules
243 depends
|
244 karl 1.11 Provider Pegasus Provider interface functions
|
245 karl 1.14 ProviderManager Provider Manager service that manages providers
246 ProviderManager2Pluggable Provider Manager service
|
247 karl 1.11 Repository Pegasus Repository Interfaces and Simple Repository
|
248 karl 1.1 tests Tests for Repository Functions
|
249 karl 1.14 Security TBD
|
250 karl 1.1 Server Pegasus Server Modules
|
251 karl 1.14 WQL TBD
|
252 karl 1.11 Providers Pegasus test and required providers
|
253 karl 1.14 generic TBD this and following
254 IndicationConsumer
255 Linux
256 ManaedSystem
257 slp
258 statistic
259 sample
260 testproviders
261
262 Server Pegasus executable build
263 slp
264 StandardIncludes
265 tools MU and other utilities written for Pegasus support
266 Unsupported Code that is made available but is not supported or included
267 in the normal make.
268 WMIMapper Pegasus implementation that implements mapping to Microsoft
269 WMI objects.
|
270 karl 1.5
271 Runtime Directories
|
272 karl 1.11 $PEGASUS_HOME$ Home directory for runtime. All compiler, linker
|
273 karl 1.5 documentation creation, etc. is put here.
|
274 karl 1.11 bin Destination for executable and DLL modules from
275 Pegasus build
276 Manual HTML output of the Pegasus Manual
277 lib Destination for Pegasus LIB modules
278 obj Destination for object modules
279 repository This Directory contains the created repository
|
280 karl 1.5
|
281 karl 1.1
|
282 karl 1.11 6. Installation
283 ================
|
284 karl 1.1
|
285 karl 1.11 Pegasus today is provided only as a source distribution.
|
286 karl 1.1
|
287 karl 1.11 To install Pegasus, you must check it out using CVS (Common Version System)
288 or download the snapshot. You download, compile, and use it.
289
290 For the snapshot, the installation of Pegasus involves expanding the snapshot
291 distribution files, building the runtime, the test files and test clients, and
292 building the repository.
|
293 karl 1.1
|
294 karl 1.4
|
295 karl 1.11 7. Building Pegasus
296 =====================
|
297 mike 1.7
298 1. Check that you have requisite programs (listed in Pegasus Dependencies).
299
|
300 karl 1.11 These include GNU Make, MU.EXE (if using Windows), Flex, and Bison (Flex
301 and Bison only required if changes will be made to the MOF compiler or WQL
302 parser).
|
303 mike 1.7
304 Be sure these are on your path.
305
|
306 karl 1.11
307 2. Define the following three environment variables:
308
309 PEGASUS_ROOT - this should be the "pegasus" directory you've pulled from CVS
|
310 mike 1.7
311 PEGASUS_HOME - to point to a directory to contain output binary files
|
312 karl 1.11 (e.g., set it to $HOME/pegasus_home). Then the output will go into
313 $HOME/pegasus_home/bin and $HOME/pegasus_home/lib
|
314 mike 1.7
315 PEGASUS_PLATFORM - this must be set to a supported platform identifier.
316
|
317 karl 1.11 This identifier has the following form:
318
319 <Operating-System>_<Architecture>_<Compiler>
|
320 mike 1.7
|
321 karl 1.11 For example (Linux on IA32 platform using the GNU Compiler):
322 LINUX_IX86_GNU
323
324 For a complete list, refer to the platform_ make files found in directory
325 pegasus/mak
|
326 mike 1.7
327
328 Note: if you plan on doing parallel builds, you might consider setting
329 PEGASUS_HOME to something like this:
330
|
331 karl 1.11 $HOME/pegasus_home_LINUX_IX86_GNU
|
332 mike 1.7
333 That way, the output of each build will be placed in its own directory.
334
335 3. Now place $PEGASUS_HOME/bin on your path
336
337 and
338
|
339 karl 1.11 Place $PEGASUS_HOME/lib on your LD_LIBRARY_PATH (for Unix only).
340 For RedHat/SuSE/UL, edit /etc/ld.so.conf and add $PEGASUS_HOME/lib
|
341 mike 1.7
|
342 karl 1.11 4. Change to the root of the Pegasus distrubution and type "make"
343 (where make refers to GNU make).
|
344 karl 1.1
|
345 karl 1.11 5. Then create the repository, which is needed to serve data.
|
346 mike 1.9 "make repository"
347
348 6. To test the build type "make tests".
|
349 karl 1.1
|
350 mike 1.7 The following make targets are supported:
|
351 karl 1.1
|
352 mike 1.7 <default> - Build everything.
353 clean - Clean out all objects, libs, and executables.
354 depend - Create the dependencies.
|
355 mike 1.9 repository - Create the repository in $PEGASUS_HOME/repository
|
356 mike 1.7 tests - Execute all tests (except client server tests).
357 rebuild - clean, depend, <default>
358 world - depend, <default>
|
359 karl 1.1
|
360 karl 1.4 The Pegasus Client server tests are executed separately from the above because
361 they require the initiation of separate process for the Pegasus server and
|
362 karl 1.11 Pegasus client. To execute these tests please refer to the scripts in
363 pegasus/mak/BuildMakefile - refer to the prestarttests and poststarttests.
|
364 karl 1.1
|
365 karl 1.4 For information on particular installation characteristics, tools, etc. for
|
366 karl 1.6 each platform see the appropriate sections below:
|
367 karl 1.1
368 Generally the build commands are as follows:
369
|
370 karl 1.6 1. There is a Makefile in the Pegasus root directory. Simply executing
|
371 karl 1.11 make in the Pegasus root directory will make everything. "make rebuild"
|
372 karl 1.6 will clean and rebuild everything. The "make rebuild" will also populate
373 the repository with the current CIM Schemas.
|
374 karl 1.1
|
375 karl 1.6 2. To test a fresh release, go to the pegasus root and type
|
376 karl 1.1
|
377 karl 1.11 "make world".
|
378 karl 1.1
379
|
380 karl 1.6 This will build dependencies, build binaries, and then run all
|
381 karl 1.4 tests except the Client/Server tests.
|
382 karl 1.1
|
383 karl 1.6 3. To execute the basic test suite that is shipped with pegasus type
|
384 karl 1.1
|
385 karl 1.11 "make tests". This also reintalls the repository.
|
386 karl 1.1
|
387 karl 1.4 Running "make -s tests" suppresses extraneous output such as the
388 enter/leave directory messages.
|
389 karl 1.1
|
390 karl 1.11 4. "make clean" removes all object and library files from the structure.
391
392
393 5. A new build system has been added to Pegasus where a new CVS checkout is done,
394 built, and tests are run. Do it by: "make -f mak/BuildMakefile cleanbuild"
395
396
397 8. Populate the Repository
398 ===========================
399
400 Before using Pegasus you must populate the repository with the providers. The makefile
401 does it all for you, but in case you are wondering what it does or how to do it
402 manually:
403
404 1. Register the MOF (Managed Object Format) file describing the skeleton of the object.
405 2. Register a second MOF which only points out which lib*.so file to be loaded when a
406 specific object is activated.
407
408 This is done automatically for the providers included in Pegasus by doing:
409 make repository.
410
411 karl 1.11 The 'make repository' in pegasus/Schemas does three things
412 Runs MOF compiler (cimmofl) on:
413 -Schema v2.7
414 Generates the CIM Schema v2.7 in the repository (skeleton of CIM objects)
415 -PG_InterOp
416 Internal to Pegasus schema for operating (shutdown, add users, etc)
417 CIM_Indication’s (SNMP, Events, Alert, Threshold, etc)
418 -PG_ManagedSystem
419 Registers included CIM Providers (libOSProvider.so, libDNSProvider.so, … )
420 in Pegasus (which are located in src/Providers)
421
422 For more information about using the MOF compiler, refer to user's manual on the
423 openpegasus.org.
|
424 karl 1.1
|
425 karl 1.11
426 9. The MU Utility
427 ===================
|
428 karl 1.1
|
429 karl 1.4 In order to provide a consistent build structure across multiple platforms, we
430 developed a small utility to provide a consistent set of small utilities
431 across these platforms. The MU utilityis a simple utility that contains many
432 commands. For example:
|
433 karl 1.1
434
435 C:\> mu rm myfile.cpp yourfile.cpp
436
437
438 You may type "mu" to get a list of valid commands. Here are some
439 of them:
440
441
|
442 karl 1.2 rm, rmdirhier, mkdirhier, echo, touch, pwd, copy, move, compare depend
|
443 karl 1.1
444
445 The MU utility supports globing (expansion of wildcards) so
446 you can do things like this:
447
448
449 C:\> mu rm *.obj *.exe
450
|
451 karl 1.4 MU is required to build under the Windows environment.MU is available as part
452 of the distribution of Pegasus.
|
453 karl 1.1
454
|
455 karl 1.11 10. Notes about Building Pegasus on Linux
456 ===========================================
457
458 No problem. Just make sure you have the environment variables set.
459
|
460 karl 1.1
|
461 karl 1.11 11. Notes about Building Pegasus with SSL
462 ==========================================
|
463 karl 1.1
|
464 karl 1.11 To build with SSL you need the OpenSSL libraries and header files. Make sure
465 you have them in a standard directory so Pegasus can find them. If that's not
466 the case, set the environment varialble OPENSSL_HOME= to point where your OpenSSL
467 installation is.
468
469 Also have the PEGASUS_HAS_SSL=yes variable set. Then just run 'make' in Pegasus
470 directory and you will have Pegasus with SSL enabled. See section "Creating SSL
471 certificates" for more information of how to use SSL.
472
473
474 12. Building Pegasus on Windows 2000 (SP3 or later recommended) or Windows XP
475 With Microsoft Visual C++
476 ======================================================================
477
478 Today we build Pegasus on Windows using a set of make files contained
479 in the source distribution, the Microsoft compilers (DevStudio 5.x is not
480 supported, Visual Studio 6.0, SP5 supported) and the GNUMAKE make utility.The
481 following is the basic setup steps for the environment.
482
483
484 Setup the environment variables and path for the Micrososft Visual C compiler.
485 karl 1.11 Typically this can be done by running the VCVARS32.BAT file supplied with
486 Microsoft Visual C++. (contained in the same directory as cl.exe).
487
488 For Windows, try the following for an example environment:
489
490 REM call the standard Microsoft .bat for VC 6 setup.
491 call 'C:/Program Files/Microsoft Visual Studio/VC98/Bin/Vcvars32.bat'
492 REM Set debug to something if you want compile in debug mode
493 set PEGASUS_DEBUG=true
494 REM set PEGASUS_ROOT to top of source tree
495 set PEGASUS_ROOT=C:/cimom/pegasus
496 REM set PEGASUS_HOME to where you want repository and executables
497 set PEGASUS_HOME=%PEGASUS_ROOT%
498 REM setup the path to the runtime files.
499 set path=%path%;%PEGASUS_HOME%/bin
|
500 karl 1.1
|
501 karl 1.11 13. Installing the Pegasus HTML Test Client:
502 =============================================
|
503 karl 1.1
|
504 karl 1.4 This is a separate test tool that allows Pegasus requests to be initiated from
505 any WEB browser and that uses a WEB browser, CGI scritps and HTML pages for
506 the formating and connections. It requires a WEB server, etc. The
507 instructions for setting up this environment are maintained in a separate
508 readme in the CGI directory.
|
509 karl 1.1
|
510 karl 1.11
511 14. Development with Pegasus and Pegasus Tools:
512 ================================================
|
513 karl 1.1
514 ATTN: This section needs to be completed. It should reference the more
515 complete documentation
|
516 karl 1.11 ATTN: Write about providers?
|
517 karl 1.1
|
518 karl 1.11
519 15. Commands:
520 =============
521
522 The manpages for each of the commands are in rpm/manLinux/man1.Z directory (on CVS)
523
524 To see simple help for each of the commands, use the "-h" flag.
525 Examples:
526 bin/cimserver –s (Shuts it down)
527 bin/cimserver traceLevel=4 traceComponents=ALL (starts server with config flags)
528 bin/cimprovider –l –s (lists providers and their status)
529 bin/cimprovider –e –m OperatingSystemModule (enables the OperatingSystem provider)
530 bin/cimuser –a –u guest –w ThePassword
531 bin/cimuser –l (lists the users)
532 bin/tomof CIM_Config (extract CIM_Config from repository and present it in MOF type)
533
534
535 16. Creating SSL certifications
536 ================================
537
|
538 konrad.r 1.17 Please follow section 11, titled "Notes about Building Pegasus with SSL"
539 before embarking on this endeavour.
540
|
541 karl 1.11 Type these commands in your shell to create the SSL certifications. The PEGASUS_ROOT
542 and PEGASUS_HOME have to be set to your respective installation and source directory.
543
544 CN="Common Name"
545 EMAIL="test@email.address"
546 HOSTNAME=`uname -n`
547 sed -e "s/$CN/$HOSTNAME/" \
|
548 konrad.r 1.16 -e "s/$EMAIL/root@$HOSTNAME/" $PEGASUS_ROOT/src/Server/ssl.cnf \
|
549 karl 1.11 > $PEGASUS_HOME/ssl.cnf
550 chmod 644 $PEGASUS_HOME/ssl.cnf
551 chown bin $PEGASUS_HOME/ssl.cnf
552 chgrp bin $PEGASUS_HOME/ssl.cnf
553
554 /usr/bin/openssl req -x509 -days 365 -newkey rsa:512 \
555 -nodes -config $PEGASUS_HOME/ssl.cnf \
556 -keyout $PEGASUS_HOME/key.pem -out $PEGASUS_HOME/cert.pem
557
558 cat $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem > $PEGASUS_HOME/server.pem
|
559 konrad.r 1.16 cp $PEGASUS_HOME/cert.pem $PEGASUS_HOME/client.pem
|
560 karl 1.11 rm $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem
561
|
562 konrad.r 1.17 17. Configuring Pegasus to use SSL
563 ================================
564
565 Please follow section 11 and 16 before reading this section.
566
567 To configure Pegasus to take advantage of SSL, configure
|
568 konrad.r 1.19 CIMserver to have the following configuration options set to:
|
569 konrad.r 1.17
570 sslTrustFilePath=client.pem
571 sslCertificateFilePath=server.pem
572 sslKeyFilePath=file.pem
573 httpsPort=5989
574 enableHttpsConnection=true
575
|
576 konrad.r 1.19 using the 'cimconfig' utility:
577
578 cimconfig -p -s enableHttpsConnection=true
579
|
580 konrad.r 1.17 (The client.pem and server.pem are the certifications
581 files created per the steps in the earlier section).
582
583 For good riddance you might consider closing down
|
584 konrad.r 1.19 the cleartext 5988 port. Modify your CIMserver to
585 (using 'cimconfig') to have the option:
|
586 konrad.r 1.17
587 enableHttpConnection=false
588
|
589 konrad.r 1.18 18.PAM Authentication
590 ===================
591
592 In order to use PAM Authentication you have to compile Pegasus
593 with one extra enviroment flags:
594
595 PEGASUS_PAM_AUTHENTICATION=1
596
597 You can also set the PEGASUS_ALWAYS_USE_PAM=1 flag to disable
598 Pegasus password authentication using a flag text-file (recommended).
599
600 After compiling (refer to section 17 for details), follow these two
601 important steps:
602
603 a). Copy the rpm/wbem file in-to /etc/pam.d directory.
604 This notifies PAM what kind of libraries to use when authenticating
605 Pegasus.
|
606 konrad.r 1.19 b). Modify CIMserver configuration options:
|
607 konrad.r 1.18
608 usePAMAuthentication=true
609 enableAuthentication=true
610
611 And if you want to allow 'root' (*not recommended*)
612 enableRemotePrivilegedUserAccess=true
|
613 konrad.r 1.19
614 using the 'cimconfig' operation, such as:
615
616 cimconfig -p -s usePAMAuthentication=true
|
617 konrad.r 1.18
618 The user is authenticated using HTTP Basic method, thererfore it is
619 strongly suggested you use SSL connection instead of normal HTTP connection.
620 Refer to section 16 for more details on creating and using SSL keys.
621
622 19. Testing with ICU enabled:
|
623 humberto 1.13 ==============================
|
624 karl 1.11
|
625 humberto 1.13 ICU (International Compoments for Unicode) refers to the set of libraries that
626 Pegasus uses to run globalized. For example: these libraries are used to
627 load messages in different languages, format currency and numbers according to
628 a specific locale etc. In order to enable globalization in Pegasus, Pegasus
629 must be built with ICU enabled, ie. the right environment variables must be
630 set prior to running "make". Refer to the GlobalizationHOWTO.htm in the docs
631 directory for details. That said, when users run "make poststarttests"
632 to verify the integrity of a Pegasus download, a series of tests are run that
633 require the cimserver to be running. These tests currently depend on specific
634 messages returned from the server. When ICU is enabled, all messages come
635 from the resource bundles and these usually do not match the hardcoded
636 default messages within Pegasus. These hardcoded default messages
637 are what the various test programs expect in order to complete
638 successfully. If the ICU enabled server is started without
639 disabling message loading from the bundles, "make poststartests" will fail.
640 In order to run "make poststarttests" successfully with ICU enabled, an
641 environment variable called PEGASUS_USE_DEFAULT_MESSAGES must exist prior to
642 starting the server. Once this is defined, when the cimserver starts, all
643 messages generated will be the default hardcoded messages. This will enable
644 "make poststarttests" to complete successfully. Once "make poststarttests" is
645 complete, you should stop the cimserver and then undefine PEGASUS_USE_DEFAULT_MESSAGES.
646 humberto 1.13 If this variable is left defined, Pegasus will not be able to load messages
647 using ICU resource bundles.
648
|
649 konrad.r 1.18 20. Documentation:
|
650 karl 1.11 ===================
|
651 karl 1.1
|
652 karl 1.4 The documentation is currently in preperation. The preliminary documentation
653 is not provided with this snapshot but is avialable from the OpenGroup Pegasus
654 WEB pages. The current documentation is maintained both as a manual created
|
655 karl 1.5 under the tool DOC++ in the runtime subdirectory manual/html and as other
656 miscelaneous documentation in the doc directory.
|
657 karl 1.4
658 Note that the Pegasus WEB site at The Open Group will be the source of most
659 documentation in the future and today is the source of most discussion and
660 design documentation.
|
661 karl 1.1
|
662 karl 1.11
|
663 konrad.r 1.18 21. Participate!
|
664 karl 1.11 =================
|
665 mike 1.7
|
666 karl 1.4 We are looking for people who want to join the Pegasus work group and
|
667 karl 1.11 contribute to effort of getting this Pegasus off the ground. Please join
668 the mailing list by visiting www.openpegasus.org, and click on Mailing Lists.
|