OpenLMI on RHEL 7 Beta

Posted on January 8, 2014 by Russell Doty

Getting Started

OpenLMI is under active development, and its first public release on Red Hat Enterprise Linux is with the Red Hat Enterprise Linux 7 Beta.

Install OpenLMI

Install

OpenLMI can be installed by installing the openlmi package. This is a metapackage that installs the OpenLMI infrastructure and a base set of OpenLMI Providers. Additional Providers and other packages can be installed later.

$ yum install openlmi

Start the CIMOM

The OpenLMI CIMOM runs as a service. For security reasons, services are not automatically started. You will need to start the CIMOM manually, using the command:

$ systemctl start tog-pegasus.service

To have the service automatically started when the system boots, use the command:

$ systemctl enable tog-pegasus.service

Firewall

You will then need to open the appropriate firewall ports to allow remote access. This can be done from the firewall GUI by selecting the WBEM-https service, or can be done from the command line by entering:

$ firewall-cmd --add-port 5989/tcp

You will probably want to open this port permanently:

$ firewall-cmd --permanent --add-port 5989/tcp

SELinux

You may need to set SELinux to permissive mode:

$ setenforce 0

Remote Access

You next need to configure the users for remote access. The Pegasus CIMOM can accept either root or pegasus as users (configuring Pegasus to use other users is beyond the scope of this article). You can do one or both of the following actions; doing both will enable using OpenLMI calls using either root or pegasus as the user.

  • The user pegasus is created – without a password – when you install OpenLMI. To use the pegasus user you need to add a password by using the command passwd pegasus (as root) and then giving it a password.
  • Alternatively, you can edit the Pegasus access configuration file to allow root access:
    • Edit the file /etc/Pegasus/access.conf
    • Change the line “ALL EXCEPT pegasus:wbemNetwork” to “ALL EXCEPT root pegasus:wbemNetwork” and save the file.

Install OpenLMI Client

Client Software (updated)

The OpenLMI client consists of the LMIShell environment and a set of system management scripts. The OpenLMI client is installed on the client system – that is, the system that will be used to manage other systems. You don’t need to install the OpenLMI client on managed systems, and you don’t need to install OpenLMI Providers on the client system.

The easiest way to use LMIShell is to use Fedora 20 for your client system – Fedora 20 includes LMIShell and all the management scripts. These management scripts are under active development, and their interfaces were not considered sufficiently mature to include in RHEL 7 Beta. They should be included in a future release.

There are two parts to the client tools provided by the OpenLMI project. The first is the LMIShell, which is a powerful, python-based scripting environment made available in the openlmi-tools package.

You can install this package with the command:

$ yum install openlmi-tools

The second part of the client tool is the OpenLMI scripts, which are a set of Python scripts and simple shell command wrappers (using the ‘lmi’ metacommand tool) to provide very simple interaction with OpenLMI-managed systems. Because these scripts are actively evolving they are not included in the RHEL 7 Beta, and must be downloaded and installed separately:

First, download http://www.openlmi.org/sites/default/files/repo/rhel7/noarch/openlmi-scripts.repo to /etc/yum.repos.d on your local system.

Then yum install “openlmi-scripts*”. (Note the quotes around “openlmi-scripts*”.)

These scripts require openlmi-tools, which is included as a dependency and is automatically installed when you install the scripts if it has not already been installed.

Server Certificate

In order to access a remote LMI managed system, you will need to copy the Pegasus server certificate to the client system. This can be done with:

# scp root@managed-machine:/etc/Pegasus/server.pem
/etc/pki/ca-trust/source/anchors/managed-machine-cert.pem

Where “managed-machine” is the name of the managed system. You then need to:

# update-ca-trust extract

Try It Out

At this point you should be ready to go! Test the installation by running an LMI command from a system with the LMIShell client and scripts installed; this sample will be explained in future articles (replace managed-system with the actual system name):

# lmi -h managed-system
lmi> hwinfo cpu
username: pegasus
password:

CPU: AMD Phenom(tm) 9550 Quad-Core Processor
Topology: 1 cpu(s), 1 core(s), 1 thread(s)
Max Freq: 3000 MHz
Arch: x86_64
lmi>

About Russell Doty

A technology strategist and product manager at Red Hat, working on the next generation of open source systems.
This entry was posted in System Management. Bookmark the permalink.

1 Response to OpenLMI on RHEL 7 Beta

  1. Russ Doty says:
    January 10, 2014 at 4:24 pm

    Note: instructions for installing OpenLMI on Red Hat Enterprise Linux 7 Beta have been updated to include installing LMIShell scripts from an external repository.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s