HP WBEM Services for HP-UX and Linux System Administrator’s Guide HP-UX / Linux Manufacturing Part Number: B8465-90017 DEC 2003 U.S.A. © Copyright 2003 Hewlett-Packard Company. All rights reserved.
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty.
©copyright 1980, 1984, 1986 Novell, Inc. ©copyright 1986-1992 Sun Microsystems, Inc. ©copyright 1985-86, 1988 Massachusetts Institute of Technology. ©copyright 1989-93 The Open Software Foundation, Inc. ©copyright 1986 Digital Equipment Corporation. ©copyright 1990 Motorola, Inc. ©copyright 1990, 1991, 1992 Cornell University ©copyright 1989-1991 The University of Maryland ©copyright 1988 Carnegie Mellon University This product includes software developed by The Open Group OpenPegasus Project (http://www.
Contents 1. Overview of HP WBEM Services HP WBEM Services Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 HP WBEM Services Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2. How Does HP WBEM Services Work? Who Uses HP WBEM Services? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HP WBEM Services Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents HTTPS and HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 User Group Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Namespace Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 7. Troubleshooting Checklist for Troubleshooting HP WBEM Services . . . . . . . . . . . . . . . . . . . . . . . . . . . .
HP WBEM Services for HP-UX and Linux System Administrator’s Guide Preface This guide describes how a system administrator uses HP WBEM Services for HP-UX and Linux systems. The contents are as follows: • Chapter 1, Overview of WBEM Services, introduces WBEM Services: what it is, where it comes from, and how you can learn more about it. • Chapter 2, How Does WBEM Services Work?, gives you an idea of how providers and clients work.
• The Glossary defines terms you may encounter when using WBEM Services. Table 1 Printing History Printing Date Part Number December, 2003 B8463-90017 September, 2003 B8463-90012 September, 2002 B8463-90001 The printing date changes when a new edition is printed. (Minor corrections and updates which are incorporated at reprint do not cause the date to change.) The part number is revised when extensive technical changes are incorporated.
Overview of HP WBEM Services 1 Overview of HP WBEM Services This chapter introduces HP WBEM Services: what it is, where it comes from, and how you can learn more about it. HP WBEM Services acts as an information broker; it is a way that providers and clients can communicate. A provider is developed to offer access to a resource. The provider defines the resource and tells HP WBEM Services what information they will provide to clients, and what actions they will perform for clients.
Overview of HP WBEM Services HP WBEM Services Standards HP WBEM Services Standards HP WBEM Services implements DMTF WBEM standards. The three core standards used by HP WBEM Services are: • A data model, CIM, the Common Information Model standard The CIM specification is the language and methodology for describing management data. CIM is a conceptual information model for describing resources. It is not bound to a particular implementation, so HP WBEM Services can accept requests from other platforms.
Overview of HP WBEM Services HP WBEM Services Standards For more information about the HP WBEM Services HTTP Server, the ports reserved for HP WBEM Services, and other transport issues, see Chapter 6 “Security Considerations.” For more information about DMTF’s WBEM standards, see http://www.dmtf.org.
Overview of HP WBEM Services HP WBEM Services Architecture HP WBEM Services Architecture The four main components of HP WBEM Services are: • CIM server, the Common Information Model server CIM server interacts with providers. CIM server receives requests from management clients. It contacts the provider of that information, and waits for the provider’s response. It sends that response back to the client.
Overview of HP WBEM Services HP WBEM Services Architecture HP WBEM Services product includes an embedded HTTP server. This is not a web servers. It will receive only valid CIM messages, and reject any other HTTP request. For more information, see Chapter 6, Security Considerations.
Overview of HP WBEM Services HP WBEM Services Architecture 14 Chapter 1
How Does HP WBEM Services Work? 2 How Does HP WBEM Services Work? This chapter gives you an idea of how HP WBEM Services provide a management infrastructure so clients and providers can communicate. It outlines how providers register their resources’ properties (attributes or characteristics) and methods (capabilities, operations, or actions) with HP WBEM Services. It gives an overview of how clients use HP WBEM Services to make a request about a resource and receive a response.
How Does HP WBEM Services Work? Who Uses HP WBEM Services? Who Uses HP WBEM Services? Providers use HP WBEM Services to help their users manage particular things about their resource. Clients use HP WBEM Services to manage resources. Following information in provider documentation, developers write a software client to send requests to HP WBEM Services. HP WBEM Services conveys the request to the appropriate registered provider. The providers send information back to HP WBEM Services.
How Does HP WBEM Services Work? Who Uses HP WBEM Services? For example, One property of MyMother would be her unique Name and SocialSecurityNumber. Other properties might include Birthdate and PhoneNumber. • A shared library to invoke the actions that are offered to manage the resource. For example, It would be handy if the method callMother would remind me of her PhoneNumber when her Birthdate approaches.
How Does HP WBEM Services Work? Who Uses HP WBEM Services? • The namespace. For example, the osinfo request in Chapter 4 specifies the PG_OperatingSystem class in the root/cimv2 namespace. It is the responsibility of the resource’s provider to document the name of the resource and its properties and methods. Client developers can use the documentation to write client software. System Administrators use the documentation to decide whether to install the provider.
How Does HP WBEM Services Work? How HP WBEM Services Processes Requests How HP WBEM Services Processes Requests The client request is a CIM operation sent by HTTP to HP WBEM Services. The request is encoded in XML (eXtensible Markup Language). HP WBEM Service’s HTTP server listens for CIM messages on the wbem-http or the wbem-https port. 1. First, the client connects to HP WBEM Services’ HTTP server.
How Does HP WBEM Services Work? How HP WBEM Services Processes Requests For example, the osinfo request used in Chapter 4 has this class information: • Does this resource have a registered provider? If there is no provider registered for this resource, HP WBEM Services returns an error to the client. For example, the provider for the osinfo client request is the Operating System Provider. 4.
How Does HP WBEM Services Work? HP WBEM Indications HP WBEM Indications You can receive a notification from WBEM when an Event happens. An Event is the occurrence of a phenomenon of interest. An Event can be defined to indicate, for example, the occurrence of a disk write error, a failed authentication attempt, or even a mouse click.
How Does HP WBEM Services Work? HP WBEM Indications Figure 2-1 The Big Picture - HP WBEM Services Architecture Indication Generation You can receive a notification from WBEM when an Event happens. An Event is the occurrence of a phenomenon of interest. An Event can be defined to indicate, for example, the occurrence of a disk write error, a failed authentication attempt, or even a mouse click. An Indication is the representation of the occurrence of an Event.
How Does HP WBEM Services Work? HP WBEM Indications The abstract class CIM_Indication serves as the base class for all Indication classes. A CIM Indication Provider registers with the CIM Server to Generate indications of one or more classes. A CIM Indication Provider translates the detection of an Event into a CIM Indication and sends the Indication to the CIM Object Manager for further processing and delivery.
How Does HP WBEM Services Work? HP WBEM Indications A CIM-XML Indication Handler, functioning as a CIM Client, uses the DMTF CIM-XML protocol to send an Indication to each specified destination. When the CIM Server acts as a CIM Listener, the CIM Server functions as an HTTP Server to receive Indications as CIM Export Messages. A CIM Message is a well-defined request or response data packet used to exchange information between CIM Applications.
How Does HP WBEM Services Work? HP WBEM Indications Figure 2-2 Indication Architecture Indication Consumption A CIM Indication Consumer "consumes" the CIM data (e.g., an Indication) encapsulated in a CIM Export Message. For example, a Consumer may store the indication in an Event Database for further processing. An Indication Consumer registers with the CIM Listener to receive Indications. See Chapter 7, “Troubleshooting” for more information on troubleshooting WBEM Indications.
How Does HP WBEM Services Work? HP WBEM Indications 26 Chapter 2
HP WBEM Services Executables 3 HP WBEM Services Executables This section lists the commands, executable scripts, and daemon processes that are available with HP WBEM Services.
HP WBEM Services Executables HP WBEM Services Executables HP WBEM Services Executables Unless otherwise indicated, all commands, daemons and scripts are for both HP-UX and Linux. The list is in alphabetical order. Refer to the Man Pages, when available, for additional information.
HP WBEM Services Executables HP WBEM Services Executables • cimauth - authorize users for a specified namespace You can add, modify, or remove authorization per user, per namespace. Assign Read or Write permissions. (Write does not automatically include Read.) You can also list all authorizations. This command is only relevant if the property enableNamespaceAuthorization is set to true, which is not the default. (Set the enableNamespaceAuthorization property with the cimconfig command.
HP WBEM Services Executables HP WBEM Services Executables The list option can be executed by any user. You must have local root permission to use the other options. You can use cimprovider only when CIM Server is running. • cimserver - start or gracefully stop HP WBEM Services. After installation, you must start CIM Server with this command the first time. If the system is rebooted after that, CIM Server is intended to automatically restart.
HP WBEM Services Executables HP WBEM Services Executables • cimservera (HP-UX only)- cimservera is a standalone process that provides the cimserver with PAM Authentication services. cimservera is controlled solely by the cimserver, and as such has no user interface. • cimserverd (HP-UX only)- HP WBEM Services’ way to automatically restart itself in case of failure. cimserverd is not intended to be used by operators. Users can, however set the interval for cimserverd.
HP WBEM Services Executables HP WBEM Services Executables — rsautl - RSA utility to sign, verify, encrypt and decrypt data using the RSA algorithm — dsa - processes DSA keys — genrsa - generates an RSA private key — req - PKCS#10 certificate and certificate generating utility — verify - utility to verify certificates — x509 - certificate display and signing utility — dsaparam - DSA parameter manipulation and generation — rsa - processes RSA keys — version - prints OpenSSL version information You must have r
HP WBEM Services Executables HP WBEM Services Executables If you do not specify an input file, wbemexec will assume all information is coming from stdin. By default, the operation is executed on the local host, but the command allows specifying a different hostname. If no port number is specified, wbemexec first attempts to connect to the CIM Server on the default port for wbem-http service; if that fails, it tries the default port for wbem-https. By default, the request is sent as an HTTP/1.
HP WBEM Services Executables HP WBEM Services Executables 34 Chapter 3
Example of a Client Request 4 Example of a Client Request This chapter gives an example of a client request and the response. The request is for the EnumerateInstances operation on the PG_OperatingSystem class. Requests and responses are encoded in XML. For more information about XML, see http://www.dmtf.org/standards/WBEM. The following information is in a table format. The first column has line numbers for the actual request and response. The middle column may group several related lines.
Example of a Client Request Example Request Example Request Table 4-1 EnumerateInstances Request for PG_OperatingSystem Class 1 2 3 4
Example of a Client Request Example Request — The client must be able to connect to the system on the authorized port. — CIM Server must be running. — The user/password pair must pass authorization. — The request must have a properly formed header. — When the request is parsed, it must not contain xml errors. • Lines 4 and 5: At this point, HP WBEM Services considers the operation that is requested. If it is a supported operation, the process continues.
Example of a Client Request Example Response Example Response The table shows the response to the request to EnumerateInstances for PG_Operating System. The return value is a named instance. Named instances include both INSTANCENAME (the instance with its key properties) and INSTANCE (all the properties). Because this instance has so many properties, some of them have been cut from the example text. Table 4-2 EnumerateInstances Response for PG_OperatingSystem Class 1
Example of a Client Request Example Response Table 4-2 EnumerateInstances Response for PG_OperatingSystem Class 14 16 CIM_UnitaryComputerSystem 17 18 19 20 21 mycomputer.hp.
Example of a Client Request Example Response Table 4-2 EnumerateInstances Response for PG_OperatingSystem Class 31 32 33 CIM_UnitaryComputerSystem 34 35 36 37 38 mycomputer.hp.
Example of a Client Request Example Response Table 4-2 EnumerateInstances Response for PG_OperatingSystem Class 53 The current Operating System 54 55 56 57 58 This instance reflects the Operating System on which the CIMOM is executing (as distinguished from instances of other installed operating systems that could be run).
Example of a Client Request Example Response Table 4-2 EnumerateInstances Response for PG_OperatingSystem Class 71 72 Next property 73 2010924091618.000000-420 (datetime data type) 74 75 76 77 Next property 78 -420 (signed integer, 16 bit) 79 80 ... Several properties of the instance were removed from this example. ...
Installing and Setting up HP WBEM Services 5 Installing and Setting up HP WBEM Services This section describes the prerequisites and what system administrators should do before they actually use HP WBEM Services for HP-UX and Linux. NOTE Do not move or change any HP WBEM Services file locations! All directories are pre-determined. Provider and client developers need a stable file system. The files need to stay where they expect to see them.
Installing and Setting up HP WBEM Services • /etc/opt/hp/sslshare/file.pem • /var/opt/wbem/repository/root/ • /var/opt/wbem/repository/root#PG_InterOp/ • /var/opt/wbem/repository/root#PG_Internal/ • /var/opt/wbem/repository/root#cimv2/ • Linux Directory Structure: The first two files are the SSL certificates files. The next four are the directories for the repository files. 44 • /etc/opt/hp/sslshare/cert.pem • /etc/opt/hp/sslshare/file.
Installing and Setting up HP WBEM Services Certificate and Repository Backup Certificate and Repository Backup It is recommended that you back up the appropriate HP WBEM Services directory structure (HP-UX or Linux) on a regular basis. If these files are deleted, moved, or corrupted, you need to restore from the backup. If you don’t have a backup file for the SSL certificates files, you will need to re-install HP WBEM Services or re-create certificates using OpenSSL toolkit. See http://www.openssl.
Installing and Setting up HP WBEM Services Before Starting HP WBEM Services Before Starting HP WBEM Services For HP WBEM Services to work, these things must be present: • Configured ports: HP WBEM Services supports only ports 5988 (wbem_http) and 5989 (wbem_https). These two ports are specified by the Distributed Management Task Force and are registered with IANA (Internet Assigned Numbers Authority at http://www.iana.org).
Installing and Setting up HP WBEM Services Before Starting HP WBEM Services Do not move or change HP WBEM Services files. Their locations are predetermined. NOTE Providers Included with HP WBEM Services The following section details the providers that are shipped with HP WBEM Services. These providers are automatically installed with HP WBEM Services. NOTE To see a list of provider modules on your system, use the cimprovider -l command.
Installing and Setting up HP WBEM Services Before Starting HP WBEM Services This provider does not support the Reboot and Shutdown methods of the CIM_OperatingSystem class. The PG_OperatingSystem subclass adds the SystemUpTime and OperatingSystemCapability properties. NOTE • Computer System Provider The Computer System provider makes available basic computer system information such as computer name, status, and administrator contact information.
Installing and Setting up HP WBEM Services Before Starting HP WBEM Services normal practice used for creating non-DMTF defined subclasses (simply changing the superclass’s prefix from “CIM_” to some organization-specific string). • Process Provider The Process Provider makes available basic UNIX process information such as name of the executable image, process ID, priority, execution state, and various process resource utilization statistics.
Installing and Setting up HP WBEM Services Before Starting HP WBEM Services The Network Time Protocol Provider makes available server information used by the network time protocol service. This provider makes use of the PG_NTPService subclass of the CIM_Service class by adding the ServerAddress property. — ServerAddress specifies the name(s) or IP address(es) in dot notation format of the server(s) that provide(s) time to clients when requested.
Installing and Setting up HP WBEM Services Before Starting HP WBEM Services NOTE To see a list of provider modules on your system, use the cimprovider -l command. To see a provider in a particular module, use cimprovider -l -m Clients Included with HP WBEM Services The HP WBEM Services product includes a simple client you can use to exercise the infrastructure. After installing the infrastructure and the bundled providers, you can run it to check that things are running smoothly.
Installing and Setting up HP WBEM Services Starting and Stopping HP WBEM Services Starting and Stopping HP WBEM Services The CIM Server is designed to be always running and ready to serve CIM requests, unless a user command stops it. To see if the CIM Server is running, enter ps -ef|grep cimserver cimserver is a HP WBEM Services daemon process; it is designed to restart automatically when the operating system reboots, and stay running as long as the operating system is running.
Installing and Setting up HP WBEM Services Starting and Stopping HP WBEM Services On startup, you have the option of including parameters to specify configuration property values, but these settings will last only as long as the current process. Use the format =. For a more lasting value, change the shutdown timeout property value with cimconfig. For a list of properties and their default value, see the man page for the cimconfig command.
Installing and Setting up HP WBEM Services Maintaining the Repository Maintaining the Repository HP WBEM Services keeps definitions of the data about managed objects and their providers in its repository. The repository files located in /var/opt/wbem/repository/ for HP-UX and /var/cache/pegasus/repository/ for Linux are created as a by-product of the HP WBEM Services installation. They should never be deleted or moved. Four namespaces install with HP WBEM Services.
Installing and Setting up HP WBEM Services Maintaining the Repository 2. Move the repository directory. For HP-UX: mv /var/opt/wbem/repository /var/opt/wbem/repository.bak For Linux: mv /var/cache/pegasus/repository /var/cache/pegasus/repository.bak 3. Start the CIM Server. For HP-UX: cimserver For Linux: /sbin/service pegasus-wbem start 4. Run the init_repository script.
Installing and Setting up HP WBEM Services CIM Server Properties CIM Server Properties After HP WBEM Services is installed, you can configure these properties, using the cimconfig command. You must have privileged user (root) capabilities to modify properties. It is good practice to regularly backup the two property configuration files: For HP-UX: • /var/opt/wbem/cimserver_current.conf contains the current values that are not defaulted. • /var/opt/wbem/cimserver_planned.
Installing and Setting up HP WBEM Services CIM Server Properties • authorizedUserGroups - Set to user group names, group names are separated by a comma. The default is not set to any user group, means that all users on the system are authorized (if not restricted by setting enableNamespaceAuthorization) to access CIM resources. You can use user group authorization if you need the extra security of restricting access to CIM resources.
Installing and Setting up HP WBEM Services CIM Server Properties outstanding CIM operation requests before shutting down. If the specified timeout period expires, the CIM Server will shut down, even if there are still CIM operations in progress. Minimum value is 2 seconds. Default value is 10 seconds. • 58 enableSubscriptionsForNonprivilegedUsers - Set to true or false. The default, false, means that only a privileged user (superuser) will be allowed to create Indication Subscriptions.
Installing and Setting up HP WBEM Services The cimconfig Command The cimconfig Command The cimconfig command manages CIM Server configuration properties. The operations are executed on the CIM Server running on the local host. Use the cimconfig command to get, set, or unset CIM Server property values. Use the -l (list) option to see all properties and their values. An operation on a current property (cimconfig with -c option) takes effect immediately.
Installing and Setting up HP WBEM Services The cimconfig Command 60 Chapter 5
Security Considerations 6 Security Considerations This chapter describes HP WBEM Services security. Security is checked first at the communication path. HP WBEM Services has three pathways: NOTE • Local users with requests: If the user is on the same system as the HP WBEM Services, HP WBEM Services accepts the authentication already done by the system itself. See Local Authentication, below.
Security Considerations User Authentication User Authentication When a user request comes through HTTP (HyperText Transport Protocol) or HTTPS (HTTP Secure), the CIM Server determines whether this is a legitimate user on the system. If the request does not pass authentication, the request is rejected without processing. Local users are users on a system sending requests to HP WBEM Services on the same system. Remote users are users on a system sending requests to HP WBEM Services on another system.
Security Considerations User Authentication an authenticated user - with privileged access to the system running WBEM Services - will be allowed to issue requests to HP WBEM Services from a remote system. When HP WBEM Services installs, the CIM Server will be configured with a randomly-generated, self-signed certificate. If a self-signed server certificate does not give a sufficient level of trust, the system administrator can use a central Certificate Authority ( e.g. Verisign) to issue certificates.
Security Considerations HTTPS and HTTP HTTPS and HTTP By default, enableHttpsConnection is set to true, and HP WBEM Services listens on port 5989. You can set the HTTPS connection to false, and set the property enableHttpConnection to true to make HP WBEM Services listen on port 5988. Use the cimconfig command to reset the property file. To change properties temporarily, for just one session, start CIM Server with the cimserver command and use the command-line properties option.
Security Considerations User Group Authorization User Group Authorization User group authorization consists of establishing the already authenticated user is a member of one of the configured groups in the authorizedUserGroups configuration property. If the user is not authorized, the client request is rejected without processing and a authorization failure message is sent back.
Security Considerations Namespace Authorization Namespace Authorization CIM Services gives authenticated users controlled access to the entire CIM schema. It does not check security for specific resources, like individual classes and instances. However, you can choose to control each user’s access by requiring authorization for each user on each namespace.
Security Considerations Namespace Authorization EnumerateClassNames EnumerateInstances EnnumerateInstanceNames EnumerateQualifiers GetClass GetInstance GetProperty GetQualifier A summary of the operations is in Appendix B.
Security Considerations Namespace Authorization 68 Chapter 6
Troubleshooting 7 Troubleshooting This chapter is for people who are having trouble while trying to use HP WBEM Services. There is a short checklist of things to check before calling support. The HP WBEM Services messages are listed here.
Troubleshooting Checklist for Troubleshooting HP WBEM Services Checklist for Troubleshooting HP WBEM Services If you are having trouble with HP WBEM Services, try this checklist before calling Support: • Is CIM Server is running? Enter ps -ef|grep cimserver If it isn’t running, then you must start it. For HP-UX: enter cimserver (no options).
Troubleshooting Checklist for Troubleshooting HP WBEM Services If any of these files are missing, restore all the repository directories and files from your backup. If you cannot restore the repository directories, you will have to re-initialize the repository. This will return it to the state it was in when you installed HP WBEM Services, and you will lose any changes made since then. See Maintaining the Repository in Chapter 5.
Troubleshooting HP WBEM Services Messages HP WBEM Services Messages The HP WBEM Services messages are listed in four groups: syslog messages, standard CIM messages, and command messages, and SSL errors. General Syslog Messages HP WBEM Services puts the following messages in syslog: • When CIM Server starts up, it logs a message, for example: Jun 17 11:47:31 mysystem cimserver[5863]: Started HP WBEM Services for HP-UX B8465BA version A.02.00 on port 5989.
Troubleshooting HP WBEM Services Messages • If there is an error in the process-to-process communication between the cimserver and cimservera, it logs a message, for example HP WBEM Services puts the following messages in syslog: Dec 03 23:55:18 mysystem cimserverd[12517]: Error processing PAM Authentication request (OPERATION) where OPERATION could be on of: write, read, pipe, fork or dub2 Indication Service Syslog Messages • Message: "One or more invalid Subscription instances were ignored" This messag
Troubleshooting HP WBEM Services Messages This message may be logged upon a provider registration change (creation or modification of a PG_ProviderCapabilities instance), or when a provider has been enabled ("cimprovider -e" command). The substitution data $0 identifies the provider, and contains the value of the Provider Name property. The substitution data $1 identifies the subscription, and contains the values of the subscription Filter and Handler Name properties in the form "FilterName, HandlerName".
Troubleshooting HP WBEM Services Messages • 0 = CIM_ERR_SUCCESS The operation completed without error. • 1 = CIM_ERR_FAILED A general error occurred that is not covered by a more specific error code. • 2 = CIM_ERR_ACCESS_DENIED Access to a CIM resource was not available to the client. • 3 = CIM_ERR_INVALID_NAMESPACE The target namespace does not exist. • 4 = CIM_ERR_INVALID_PARAMETER One or more parameter values passed to the method were invalid.
Troubleshooting HP WBEM Services Messages • 13 = CIM_ERR_TYPE_MISMATCH The value supplied is not compatible with the type. • 14 = CIM_ERR_QUERY_LANGUAGE_NOT_SUPPORTED The query language is not recognized or supported. • 15 = CIM_ERR_INVALID_QUERY The query is not valid for the specified query language. • 16 = CIM_ERR_METHOD_NOT_AVAILABLE The extrinsic method could not be executed. • 17 = CIM_ERR_METHOD_NOT_FOUND The specified extrinsic method does not exist.
Troubleshooting HP WBEM Services Messages One or more parameter values passed to the method were invalid • CIM_ERR_METHOD_NOT_AVAILABLE The extrinsic method could not be executed. • CIM_ERR_METHOD_NOT_FOUND The specified extrinsic method does not exist. • CIM_ERR_INVALID_QUERY The query is not valid for the specified query language. • CIM_ERR_INVALID_SUPERCLASS Operation cannot be carried out because the specified superclass does not exist.
Troubleshooting HP WBEM Services Messages In the above example, you see these four components of the response: 1. CIM error code of 7 2. Translation to CIM_ERR_NOT_SUPPORTED 3. Expanded text message The requested operation is not supported 4.
Troubleshooting HP WBEM Services Messages 3. Expanded text message: One or more parameter values passed to the method were invalid 4. The non-standard additional message: Wrong number of keys HP WBEM Services Command Messages These messages come from the HP WBEM Services commands. They are written to stdout. cimauth Command Messages • Message: You must have superuser privilege to run this command.
Troubleshooting HP WBEM Services Messages To see if cimserver is running, enter: ps -ef|grep cimserver Perhaps an operator stopped it by command, but did not restart it. To start it. HP-UX: cimserver (no options). Linux: /sbin/service pegasus-wbem start cimconfig Command Messages • Message: Current value of properties can not be listed because the CIM Server is not running Check for cimserver using ps -ef|grep cimserver.
Troubleshooting HP WBEM Services Messages Check the spelling of the property name. Re-issue the command specifying a valid config property. For a list of properties, enter: cimconfig -l • Message: Specified property value is not valid. See the cimconfig man page for the range of allowed values for the property, and reissue the command with a valid value. • Message: Specified property cannot be modified. You are trying to modify a property that is not dynamic.
Troubleshooting HP WBEM Services Messages Linux: /sbin/service pegasus-wbem start cimmof Command Messages • Message: Warning: class already in repository (OK to ignore) The same class is already loaded, so you do not need to do it again. If you really want to replace this class, first delete it, then load your new MOF file. Message: Cannot connect to: mysystem: 5989. Command failed. CIM Server is not running. You tried to send a request to system mysystem, through port number 5989.
Troubleshooting HP WBEM Services Messages • Message: Could not find declaration for Qualifier named HP WBEM Services cannot find the qualifier name in the MOF file in the CIM repository. If it is your own MOF file, check the qualifier name in the MOF file you specified. If it is misspelled, correct it. To see all qualifiers, for HP-UX go to /var/opt/wbem/repository//qualifiers. For Linux go to /var/cache/pegasus/repository//qualifiers.
Troubleshooting HP WBEM Services Messages • Message: You must have superuser privilege to unregister providers. If you do not have root permissions (uid=0) on the local system, get a logon that does, or have such a privileged user to give you permission. (See Chapter 3; see the cimauth man page.
Troubleshooting HP WBEM Services Messages • Message: Unable to connect to CIM Server. CIM Server may not be running To see if cimserver is running, enter: ps -ef|grep cimserver Perhaps an operator stopped it by command, but did not restart it. To start it, do one of the following: HP-UX: cimserver (no options). Linux: /sbin/service pegasus-wbem start Perhaps someone has disabled both types of connection (HTTPS and HTTP).
Troubleshooting HP WBEM Services Messages The present server certificate file is missing, empty, or not readable. Restore the certificate file (/etc/opt/hp/sslshare/cert.pem) from backup, then start the CIM Server. — Could not get private key The present key file is missing, empty, or not readable. Restore the key file /etc/opt/hp/sslshare/file.pem from backup, then start the CIM Server. — Seed file does not exist (HP-UX only) Check the random seed file (ll /var/opt/wbem/comserver.
Troubleshooting HP WBEM Services Messages Linux: /sbin/service pegasus-wbem start wbemexec Command Messages • Message: Invalid input: expected XML request. Check the coding of the request. The input must be a valid CIM request encoded in XML according to the DMTF Specification for the Representation of CIM in XML. • Message: Invalid XML request Correct the XML request, and re-issue the command. Refer to the text following the message for more specific information about the invalid XML request.
Troubleshooting HP WBEM Services Messages — On the CIM Server host, enter uname -a to be sure you have specified the appropriate host name. Enter cimconfig -l -c to list current values of properties. See if the enabled connection is port HTTP or HTTPS. Now see if your request specified the corresponding port. By default, HTTPS (default type) enters port 5989; HTTP enters Port 5988. — You may not be authorized to connect to the CIM Server. See Chapter 3.
Troubleshooting HP WBEM Services Messages Check the . If it does not exists create a empty and set appropriate file permissions, then run ssltrustmgr script. • Message: certificate not found in The cert# specified may not exists or out of range Run ssltrustmgr -l to see all the certificates in the and then run sltrustmger -r with the correct cert#.
Troubleshooting HP WBEM Services Messages 90 Chapter 7
How Resources are Represented (CIM Schema) A How Resources are Represented (CIM Schema) The HP WBEM Services repository stores information about the managed resources. To register with HP WBEM Services, a provider must define its resource by the classes and subclasses that define it. Then the provider must describe the properties that it will expose, and the methods that it will support. The properties describe what a class is, the methods describe what it can do.
How Resources are Represented (CIM Schema) The class is the basic modeling unit. It is a collection or set of objects that have similar properties and purposes. Each class defines a certain type of managed object, for example operating systems or system memory. Objects in the class contain properties (describing what it is) and methods (what it can do). A class can contain other classes (its subclasses). It can also contain instances. Subclasses are grouped by similarities.
How Resources are Represented (CIM Schema) Consider how to uniquely identify a user account on a Unix system. You could use two key properties: the value of the user account’s Name property and the value of the system’s Name property. Consider also the identifying pair used to route your email to you: user-name@domain-name. Classes are either concrete or abstract. A concrete class (like CIM_Operating System) has real instances, particular computer systems.
How Resources are Represented (CIM Schema) 94 Appendix A
HP WBEM Services CIM Operations B HP WBEM Services CIM Operations HP WBEM Services for HP-UX supports a subset of the DMTF-defined CIM operations. If you are installing a client or provider, be sure these are sufficient operations.
HP WBEM Services CIM Operations The InvokeMethod Operation The InvokeMethod Operation The following operation is a way to invoking the class of methods called extrinsic methods. (This is the way HP WBEM Services supports extrinsic methods.) If a provider has registered with HP WBEM Services as a method provider, it will support the use of InvokeMethod. • InvokeMethod (Write) Takes a method name with input and output parameters, and an instance.
HP WBEM Services CIM Operations Operations Implemented by Providers Operations Implemented by Providers The following CIM operations are implemented by instance providers for the classes they support. The methods are intrinsic. If the provider does not support a particular method, the implementation returns CIM_ERR_NOT_SUPPORTED. • GetInstance (Read) Takes a namespace, classname, and key properties and values. Returns the instance with all its properties.
HP WBEM Services CIM Operations Operations on Properties Operations on Properties Operations on properties are listed below. • GetProperty (Read) Takes a namespace, classname, and key properties and values to specify an instance. Also takes the property desired. Returns the value of the property for the specified instance. • SetProperty (Write) Takes a namespace, classname, and key properties and values, to specify a class. Also takes the desired property and value.
HP WBEM Services CIM Operations Class Manipulation Operations Class Manipulation Operations The class manipulation operations can be used by CIM clients to explicitly manipulate schema. Schema manipulation can be done implicitly through a MOF file. When the MOF compiler loads a MOF file, the compiler will use a series of CreateClass Operations to create the classes contained in the file. Class manipulation operations are listed below: • GetClass (Read) Takes a namespace and classname.
HP WBEM Services CIM Operations Qualifier Operations Qualifier Operations Qualifier declaration operations are listed below: • GetQualifier (Read) Takes a namespace and a qualifier name. Returns the information on that qualifier, such as scope, flavor, and default value. (A qualifier is a modifier containing information that describes a class, an instance, a property, or a method.) • EnumerateQualifiers (Read) Takes a namespace. Returns all qualifiers defined in the specified namespace.
HP WBEM Services Configuration Options Security Disclaimer C HP WBEM Services Configuration Options Security Disclaimer As a security best practice, HP recommends that customers disable any network daemons that they do not use. Any daemons that are in use should be configured securely according to the threat environment in which they are located. This is a functionality vs. security risk tradeoff. The optimal configuration will vary depending on local threats and functionality requirements.
HP WBEM Services Configuration Options Security Disclaimer Default Security Default Security For ease-of-manageability, HP WBEM Services 2.0 defaults to 'functional' out-of-the-box, but provides several configuration options to the customer so that security risks may be minimized. • The HP WBEM Services CIM Server can be configured to only accept connections from local UNIX domain sockets.
HP WBEM Services Configuration Options Security Disclaimer Default Security Appendix C 103
HP WBEM Services Configuration Options Security Disclaimer Default Security 104 Appendix C
Glossary core model Glossary CIM (Common Information Model) A hierarchical object-based model developed by the DMTF that defines a large number of concepts common to most computer systems. See Common Information Model. CIM client A client application that issues CIM operation requests over HTTP and processes the responses. features of the class. For example, the class called Modem represents all the modems present in a system.
Glossary Desktop Management Interface (DMI) The core model is both domain- and platform-independent. Also see common model and extension schema. schema such as Microsoft® Windows NT®, UNIX®, and Microsoft® ExchangeServer. Also see common model and core model. Desktop Management Interface (DMI) extrinsic method A method defined on a CIM Class in some Schema that is unique to that class (versus intrinsic methods which apply across all classes). Also see intrinsic method. An initiative by the DMTF.
Glossary management information base (MIB) Inheritance is one of the features that allows the CIM classes to function as templates for actual managed objects in the CIM environment. instance A representation of a real-world managed object that belongs to a particular class, or a particular occurrence of an event. Instances contain actual data. instance provider A type of provider that supports instances of system- and property-specific classes.
Glossary management information format (MIF) database management information format (MIF) database Part of DMI that stores and manages information and passes it to management applications on request. MIFs define the standard manageable attributes of PC products in categories including PC systems, servers, printers, LAN adapters, modems, and software applications. Management Interface (MI) The MI allows DMI-enabled applications to access, manage and control desktop systems, components and peripherals.
Glossary superclass property A name/value pair that describes a unit of data for a class. Property names cannot begin with a digit and cannot contain white space. Property values must have a valid Managed Object Format (MOF) data type. property provider A type of provider that supports the retrieval and modification of the CIM properties. provider An executable that can return and/or set information, execute methods, generate indications, or respond to other requests regarding a given managed object.
Glossary HP WBEM (Web-Based Enterprise Management) HP WBEM (Web-Based Enterprise Management) An initiative based on a set of management and Internet standard technologies developed to unify the management of enterprise computing environments. HP WBEM provides the ability for the industry to deliver a well-integrated set of standard-based management tools leveraging the emerging technologies such as CIM and XML.
Index A architecture of WBEM Services, 12 associations, 93 authentication local users, 62 remote users, 62 authorization namespace, 66 authorization for CIM operations, 66 B backing up files, 54 C checklist for troubleshooting, 70 CIM HTTP WBEM Services standard, 10 CIM messages, 74 CIM operations authorizations, 66 CIM Operations over HTTP DMTF standard, 10 CIM repository, 12 CIM Server WBEM Services architecture, 12 CIM server properties, 56 cimauth command, 29 cimconfig command, 29 cimmof command, 29 cim
Index method, 92 methods, 92 ModifyClass operation, 99 ModifyInstance operation, 97 MOF Compiler, 12 properties of CIM server, 56 property, 92 provider requirements, 16 responsibilities, 17 N namespace, 93 namespace authorization, 57, 66 R repository files, 54 repository, initializing, 54 request example, 36 processing, 19 O object-oriented modeling, 91 openssl command, 31 operation CreateClass, 99 CreateInstance, 97 DeleteClass, 99 DeleteInstance, 97 DeleteQualifier, 100 EnumerateClasses, 99 EnumerateC
