1. 1. Downloading
      2. 2. Pre-Compile Configuration
      3. 3. Compiling
      4. 4. Running
      5. 5. OpenPegasus configuration (optional)
      6. 6. OpenDRIM Common Library?
      7. 7. Setting up the CIM repository
      8. 8. OpenDRIM Providers

1. Downloading

  • Download OpenPegasus CIM server from the OpenPegasus website
    • pegasus-M.m.R.tar.gz
  • Untar the archive:
    • $ tar xzvf pegasus-M.m.R.tar.gz
  • The examples below are based on the installation of OpenPegasus in a local directory (Example: /home/toto/pegasus-build).

2. Pre-Compile Configuration

  • First of all, you must define the environment variables controling the compilation of OpenPegasus (You can find the full list of the variables on the OpenPegasus website in the PEP 277 document:
    • PEGASUS_ROOT: required, the path to the folder containing the source code of OpenPegasus (This variable must be defined for running too)
    • PEGASUS_HOME: required, the path to the folder which will contain the build result (i.e. excutables, libraries, repository, etc.)
    • PEGASUS_PLATFORM: required, the platform on which we build (Linux 32 bits: LINUX_IX86_GNU, Linux 64 bits Intel: LINUX_IA64_GNU, Linux 64 bits AMD: LINUX_X86_64_GNU, etc.)
  • ExecQuery() support (optional)
    • PEGASUS_ENABLE_EXECQUERY: enables ExceQuery() method support
  • SSL support (optional)
    • PEGASUS_HAS_SSL: enables SSL protocol support (https) for client/server connections (yes or no)
    • OPENSSL_HOME: required if SSL is enabled, the path to the folder containing the OpenSSL libraries and binaries (ex: /usr)
  • User authentication & authorization (optional)
    • PEGASUS_PAM_AUTHENTICATION: enables support for PAM-(Pluggable Authentication Modules) based authentication(true or false)
    • PEGASUS_ENABLE_USERGROUP_AUTHORIZATION: allows an administrator to restrict access to CIM operations to members of a designated set of groups. (true or false)
  • You can define the variables like this:
    • $ export <VARIABLE_NAME>=<VALUE>
  • Or (recommended, permanent) edit your global /etc/bashrc or /etc/bash_profile
  • Additionally you may want to extend your PATH variable by adding the path to the OpenPegasus binaries
    • $ export PATH=$PEGASUS_HOME/bin:$PATH
  • Example of /etc/bashrc file: 
    ...
# OpenPegasus environment variable definition
export PEGASUS_HOME=/home/toto/pegasus-build
export PEGASUS_ROOT=/home/toto/pegasus
export PEGASUS_PLATFORM=LINUX_IX86_GNU

# OpenPegasus SSL support
export OPENSSL_HOME=/usr
export PEGASUS_HAS_SSL=yes

# OpenPegasus User authentication & authorization
export PEGASUS_ENABLE_USERGROUP_AUTHORIZATION=true
export PEGASUS_PAM_AUTHENTICATION=true

# OpenPegasus ExecQuery() method support
export PEGASUS_ENABLE_EXECQUERY=true

# PATH
export PATH=/home/frederic/jdk1.5.0_07/bin:$PEGASUS_HOME/bin:/home/toto/sfcb-build/bin:/home/toto/sfcb-build/sbin:$PATH
...

3. Compiling

  • Now we can build. In OpenPegasus source directory execute the following:
    • $ make
    • $ make repository
  • All the executables, libraries and configuration will be created in the directory pointed by PEGASUS_HOME.

4. Running

  • To start OpenPegasus execute as root:
    • $ cimserver
  • To stop OpenPegasus:
    • $ cimserver -s
  • Other useful commands:
    • cimconfig: runtime configuration of OpenPegasus
    • cimprovider: listing and management of registered providers

5. OpenPegasus configuration (optional)

  • In order to secure the administration of a system the following security mesures MUST be enforced.
  • The private keys should be kept secret and the certificates should be emitted from trusted entities, otherwise encrypting data is useless.
  • User authentication and authorization
    • The root user can always issue CIM requests.
    • $ cimconfig -s enableAuthentication=true -p // enables (recommended) / disables user authentication (needs OpenPegasus restart).
    • $ cimconfig -s authorizedUserGroups=<group1>,...,<groupN> -p // defines user authorization, authorizedUserGroups must be the list of user groups whose members may issue CIM requests (needs OpenPegasus restart).
    • For example create a group called pegasususers: $ groupadd pegasususers. authorizedUserGroups must be set to pegasususers. If user toto wants to issue CIM requests add him to this group: $ usermod -G pegasususers toto.
  • SSL connections
    • $ cimconfig -s enableHttpConnection=true/false -p // enables / disables (recommended) unsecure HTTP connections (needs OpenPegasus restart).
    • $ cimconfig -s enableHttpsConnection=true/false -p // enables (recommended) / disables secure HTTPS connections (needs OpenPegasus restart).
  • CIM server authentication
    • Authenticate a CIM server from a CIM client.
    • A CIM server private key and certificate come with OpenPegasus default installation.
    • $ cimconfig -g sslCertificateFilePath // gets the path to the current server certificate.
    • $ cimconfig -s sslCertificateFilePath=<newPath> -p // sets the server certificate to a new file (needs OpenPegasus restart).
    • $ cimconfig -g sslKeyFilePath // gets the path to the current server private key.
    • $ cimconfig -s sslKeyFilePath // sets the server private key to a new file (needs OpenPegasus restart).
    • The administrator should get the server certificate from a trusted entity. The CIM client will use this certificate to identify the CIM server. Note that the CIM client can also choose to trust the CIM server and to discard the authentication process, at your own risks.
  • CIM client authentication
    • Authenticate a CIM client from a CIM server.
    • $ cimconfig -g sslClientVerificationMode // gets the client authentication policy.
    • $ cimconfig -s sslClientVerificationMode=<newPolicy> -p // sets the client authentication policy (disabled, optional or required (recommended value), needs OpenPegasus restart).
    • The trusted client certificates are stored in a trust store which can be a single file or a directory (not functionnal in the current version of OpenPegasus: 2.6.1).
    • $ cimconfig -g sslTrustStore // gets the location of the trust store
    • $ cimconfig -s sslTrustStore=<newPath> -p // sets the location of the trust store (needs OpenPegasus restart).
    • $ cimconfig -s sslTrustStoreUserName=<trustedUser> -p // sets the name of the (single) trusted CIM client user (required if the trust store is a single file, needs OpenPegasus restart).
  • Generating private keys / certificates (RSA)
    • $ openssl genrsa -out private_key.pem <private_key_modulus> // the longer the modulus is, the stronger the encryption is (usually 512 or 1024)
    • $ openssl req -new -key private_key.pem -out certificate_request.csr
    • $ openssl x509 -in certificate_request.csr -out certificate.pem -req -signkey private_key.pem -days <number of days> // the number of days specifies the certificate expiration date

6. OpenDRIM Common Library?

  • $ autoreconf --install
  • $ ./configure CIMSERVER=pegasus
  • $ make
  • $ make install or $ make install-strip (stripping makes the libraries smaller)

7. Setting up the CIM repository

  • It is recommended to update the CIM schema before the installation of providers.
  • You should delete the existing root/cimv2 namespace first:
    • $ rm -rf $PEGASUS_HOME/repository/root#cimv2
  • Go to the DMTF website and download the lastest version of the CIM schema (zip archive of mof code, you can choose between final or experimental).
  • Uncompress the downloaded zip file (anywhere but not in the pegasus repository!):
    • $ unzip cimvMm-MOFs.zip
    • You should see a file called cimvMm.mof where you uncompressed the zip archive.
    • Note: We experienced troubles with the CIM schema from the DMTF due to incompatibilities with the OpenPegasus mof compiler (cimmof). You may want to use the OpenDRIM retailed CIM schema instead.
  • Create the root/cimv2 namespace and populate it with CIM schema (-aE if for allowing experimental schema):
    • $ cimmof -aE -n root/cimv2 cimvMm.mof
  • The next steps are required to be conformant to the Profile Registration Profile from the DMTF
  • Create the Interop namespace and populate it with CIM schema (CIM schema version should be the same with root/cimv2):
    • $ cimmof -aE -n Interop cimvMm.mof
  • Install the Interop package
    • $ autoreconf --install
    • $ ./configure CIMSERVER=pegasus
    • $ make
    • $ make install or $ make install-strip (stripping makes the libraries smaller)
    • $ make postinstall

8. OpenDRIM Providers

  • $ autoreconf --install
  • $ ./configure CIMSERVER=pegasus
  • $ make
  • $ make install or $ make install-strip (stripping makes the libraries smaller)
  • $ make postinstall