1. 1. Downloading
      2. 2. Dependencies
      3. 3. Pre-Compile Configuration
      4. 4. Compiling
      5. 5. Running
    2. 6. Setting up the CIM repository
      1. 7. OpenPegasus configuration (optional, needs cimserver to be started)

1. Downloading

  • Download OpenPegasus CIM server from the OpenPegasus website
    • pegasus-M.m.R.tar.gz
  • Untar the archive:
    • $ tar xzvf pegasus-M.m.R.tar.gz
  • The examples below are based on the installation of OpenPegasus in a local directory (Example: /home/toto/pegasus-build).

2. Dependencies

Before you build, install, or run OpenPegasus, be sure you have the proper set of software it depends on. Currently OpenPegasus has the following dependencies:

  • GNUMAKE - To simplify the building of OpenPegasus across multiple platforms we have standardized on a set of build tools including: GNUMAKE. We are using GNUMAKE 3.79.1 successfully both in Windows and Linux environments. It is available from http://www.gnu.org.
  • FLEX and BISON - These tools were used to develop the MOF compiler and WQL parser. These tools are required only for development of the parsers, not for building OpenPegasus. Bison version 2.3 or later and flex version 2.5.4 or later are required.
  • DOC++ - The OpenPegasus documentation is taken from a combination of text files and header files themselves. This documentation is formatted with DOC++ and GAWK. These tools are required to build the interface documentation set.
  • ICU Internationalization libraries - These libraries are used as the basis for message catalogs for message internationalization. See the ICU website (http://icu.sourceforge.net) for more information on these libraries.
  • OpenSSL - If it is intended to use SSL on the communication protocol, the OpenSSL libraries are required (http://www.openssl.org).
  • OpenSLP - If you choose to use OpenSLP as your choice of SLP implementations, then it will need to be installed and available to OpenPegasus. Refer to the PEGASUS_USE_OPENSLP and PEGASUS_OPENSLP_HOME build variables in PEP 292, and the OpenSLP web site (http://www.openslp.org).
  • zlib - If you choose to enable the compressed repository feature with the PEGASUS_ENABLE_COMPRESSED_REPOSITORY build variable, you will need to install the gzip (GNU zip) compression utility. Refer to readme.compressed_repository in OpenPegasus source tree, and the gzip web site (http://www.gzip.org).

3. Pre-Compile Configuration

  • First of all, you must define the environment variables controling the compilation of OpenPegasus (You can find the full list of the variables on the OpenPegasus website in the PEP 277 document:
    • PEGASUS_ROOT: required, the path to the folder containing the source code of OpenPegasus (This variable must be defined for running too)
    • PEGASUS_HOME: required, the path to the folder which will contain the build result (i.e. excutables, libraries, repository, etc.)
    • PEGASUS_PLATFORM: required, the platform on which we build (Linux 32 bits: LINUX_IX86_GNU, Linux 64 bits Intel: LINUX_IA64_GNU, Linux 64 bits AMD: LINUX_X86_64_GNU, etc.)
  • ExecQuery() support (optional)
    • PEGASUS_ENABLE_EXECQUERY: enables ExceQuery() method support
  • SSL support (optional)
    • PEGASUS_HAS_SSL: enables SSL protocol support (https) for client/server connections (yes or no)
    • OPENSSL_HOME: required if SSL is enabled, the path to the folder containing the OpenSSL libraries and binaries (ex: /usr)
  • User authentication & authorization (optional)
    • PEGASUS_PAM_AUTHENTICATION: enables support for PAM-(Pluggable Authentication Modules) based authentication(true or false)
    • PEGASUS_ENABLE_USERGROUP_AUTHORIZATION: allows an administrator to restrict access to CIM operations to members of a designated set of groups. (true or false)
  • You can define the variables like this:
    • $ export <VARIABLE_NAME>=<VALUE>
  • Or (recommended, permanent) edit your global /etc/bashrc or /etc/bash_profile
  • Additionally you may want to extend your PATH variable by adding the path to the OpenPegasus binaries
    • $ export PATH=$PEGASUS_HOME/bin:$PATH
  • Example of /etc/bashrc file: 
    ...
# OpenPegasus environment variable definition
export PEGASUS_HOME=/home/toto/pegasus-build
export PEGASUS_ROOT=/home/toto/pegasus
export PEGASUS_PLATFORM=LINUX_IX86_GNU

# OpenPegasus SSL support
export OPENSSL_HOME=/usr
export PEGASUS_HAS_SSL=yes

# OpenPegasus User authentication & authorization
export PEGASUS_ENABLE_USERGROUP_AUTHORIZATION=true
export PEGASUS_PAM_AUTHENTICATION=true

# OpenPegasus ExecQuery() method support
export PEGASUS_ENABLE_EXECQUERY=true

# PATH
export PATH=$PEGASUS_HOME/bin:$PATH
...

4. Compiling

  • Now we can build. In OpenPegasus source directory execute the following: 
        $ make
    $ make repository
  • All the executables, libraries and configuration will be created in the directory pointed by PEGASUS_HOME.

5. Running

  • To start OpenPegasus, execute as root:
    • $ cimserver
  • To stop OpenPegasus, execute as root:
    • $ cimserver -s
  • Other useful commands:
    • cimconfig: runtime configuration of OpenPegasus
    • cimprovider: listing and management of registered providers

6. Setting up the CIM repository

It is recommended to update the CIM schema before the installation of providers.

  • Delete the existing root/cimv2 namespace first: 
        $ rm -rf $PEGASUS_HOME/repository/root#cimv2
  • Go to the DMTF website and download the lastest version of the CIM schema (zip archive of mof code, you can choose between final or experimental).
    Note: We experienced troubles with the CIM schema from the DMTF due to incompatibilities with the OpenPegasus mof compiler (cimmof). You may want to use the OpenDRIM retailed CIM schema instead.
  • Uncompress the downloaded zip file (anywhere but not in the pegasus repository!): 
        $ unzip cimvMm-MOFs.zip
    You should see a file called cimvMm.mof where you uncompressed the zip archive.

  • Create the root/cimv2 namespace and populate it with CIM schema (-aE if for allowing experimental schema): 
        $ cimmof -aE -n root/cimv2 cimvMm.mof
    Note: cimserver should be started before doing this operation.

The next step is required to be conformant to the Profile Registration Profile from the DMTF

  • Create the Interop namespace and populate it with CIM schema (CIM schema version should be the same with root/cimv2): 
        $ cimmof -aE -n Interop cimvMm.mof
    Note: cimserver should be started before doing this operation.

7. OpenPegasus configuration (optional, needs cimserver to be started)

  • In order to secure the administration of a system the following security mesures MUST be enforced.
  • The private keys should be kept secret and the certificates should be emitted from trusted entities, otherwise encrypting data is useless.
  • User authentication and authorization
    • The root user can always issue CIM requests.
    • $ cimconfig -s enableAuthentication=true -p // enables (recommended) / disables user authentication (needs OpenPegasus restart).
    • $ cimconfig -s authorizedUserGroups=<group1>,...,<groupN> -p // defines user authorization, authorizedUserGroups must be the list of user groups whose members may issue CIM requests (needs OpenPegasus restart).
    • For example create a group called pegasususers: $ groupadd pegasususers. authorizedUserGroups must be set to pegasususers. If user toto wants to issue CIM requests add him to this group: $ usermod -G pegasususers toto.
  • SSL connections
    • $ cimconfig -s enableHttpConnection=true/false -p // enables / disables (recommended) unsecure HTTP connections (needs OpenPegasus restart).
    • $ cimconfig -s enableHttpsConnection=true/false -p // enables (recommended) / disables secure HTTPS connections (needs OpenPegasus restart).
  • CIM server authentication
    • Authenticate a CIM server from a CIM client.
    • A CIM server private key and certificate come with OpenPegasus default installation.
    • $ cimconfig -g sslCertificateFilePath // gets the path to the current server certificate.
    • $ cimconfig -s sslCertificateFilePath=<newPath> -p // sets the server certificate to a new file (needs OpenPegasus restart).
    • $ cimconfig -g sslKeyFilePath // gets the path to the current server private key.
    • $ cimconfig -s sslKeyFilePath // sets the server private key to a new file (needs OpenPegasus restart).
    • The administrator should get the server certificate from a trusted entity. The CIM client will use this certificate to identify the CIM server. Note that the CIM client can also choose to trust the CIM server and to discard the authentication process, at your own risks.
  • CIM client authentication
    • Authenticate a CIM client from a CIM server.
    • $ cimconfig -g sslClientVerificationMode // gets the client authentication policy.
    • $ cimconfig -s sslClientVerificationMode=<newPolicy> -p // sets the client authentication policy (disabled, optional or required (recommended value), needs OpenPegasus restart).
    • The trusted client certificates are stored in a trust store which can be a single file or a directory (not functionnal in the current version of OpenPegasus: 2.6.1).
    • $ cimconfig -g sslTrustStore // gets the location of the trust store
    • $ cimconfig -s sslTrustStore=<newPath> -p // sets the location of the trust store (needs OpenPegasus restart).
    • $ cimconfig -s sslTrustStoreUserName=<trustedUser> -p // sets the name of the (single) trusted CIM client user (required if the trust store is a single file, needs OpenPegasus restart).
  • Generating private keys / certificates (RSA)
    • $ openssl genrsa -out private_key.pem <private_key_modulus> // the longer the modulus is, the stronger the encryption is (usually 512 or 1024)
    • $ openssl req -new -key private_key.pem -out certificate_request.csr
    • $ openssl x509 -in certificate_request.csr -out certificate.pem -req -signkey private_key.pem -days <number of days> // the number of days specifies the certificate expiration date