When OpenWBEM CIMOM (owcimomd) starts, it reads it run-time configuration
from the openwbem.conf
file. The
openwbem.conf
file is located in the
/etc/openwbem
directory.
Any setting that has the options commented out with a semicolon (;) or pound sign (#) uses the default setting.
When making changes to this file, you can use any text editor that saves the file in a format that is native to the platform you are using.
You can change any of the settings in the
openwbem.conf
file. This section discusses the
following configuration settings:
When changing the Authentication configuration, there are several things that you can control:
Who can access the CIMOM
What authentication module is used
See the following settings:
Directs the http_server to allow local authentication without supplying a password, relying on local system file permissions.
You can use this setting with the Basic or Digest settings.
http_server.allow_local_authentication
=
option
Option |
Description |
---|---|
true |
Enables local authentication. This is the default setting. |
false |
Disables local authentication. |
http_server.allow_local_authentication
= true
Specifies a location for the password file. This is required if the http_server.use_digest setting is enabled.
http_server.digest_password_file =
path_filename
The following is the default path and filename for the digest password file:
/etc/openwbem/digest_auth.passwd
http_server.digest_password_file =
/etc/openwbem/digest_auth.passwd
Determines whether the server should attempt to authenticate clients with SSL Client Certificate verification.
This setting is disabled by default.
http_server.ssl_client_verification
=
option
http_server.ssl_client_verification
= disabled
Specifies a directory containing the OpenSSL trust store.
http_server.ssl_trust_store =
path
The following is the default path for the trust store file.
/etc/openwbem/truststore
http_server.ssl_trust_store =
/etc/openwbem/truststore
Directs the HTTP server to use Digest authentication, which bypasses the Basic authentication mechanism. To use digest, you must set up the digest password file using owdigestgenpass.
Digest doesn’t use the authentication module specified by the owcimomd.authentication_module configuration setting.
http_server.use_digest =
option
Option |
Description |
---|---|
false |
Enables the Basic authentication mechanism. This is the default setting. |
true |
Disables the Basic authentication mechanism. |
http_server.use_digest = false
Specifies the username of the user that has access to all Common
Information Model (CIM) data in all namespaces maintained by the
owcimomd. This user can be used to administer the
/root/security
name space, which is where
all ACL user rights are stored.
ACL processing is not enabled until the
OpenWBEM_Acl1.0.mof
file has been imported.
owcimomd.ACL_superuser =
username
owcimomd.ACL_superuser = root
Enables or disables anonymous logins to owcimomd.
owcimomd.allow_anonymous =
option
owcimomd.allowed_anonymous = false
Specifies a list of users who are allowed to access owcimomd data.
owcimomd.allowed_users =
option
owcimomd.allowed_users = bcwhitely jkcarey
jlanderson
Specifies the authentication module that is used by owcimomd. This setting should be an absolute path to the shared library containing the authentication module.
owcimomd.authentication_module =
path_filename
The following is the default path and filename for the authentication modules:
/usr/lib/openwbem/authentication/libpamauthentication.so
owcimomd.authentication_module =
/usr/lib/openwbem/authentication/libpamauthentication.so
The http_server.SSL_cert and the http_server.SSL_key settings specify the location of the file or files that contains the host's private key and the certificate that is used by OpenSSL for HTTPS communications.
The .pem
files are located in the following default
location:
/etc/openwbem/servercert.pem
/etc/openwbem/serverkey.pem
http_server.SSL_cert =
path_filename
or
http_server.SSL_key =
path_filename
![]() | Note |
---|---|
Both the key and certificate can be in the same file. In this case, the values of http_server.SSL_cert and http_server.SSL_key would be the same. |
http_server.SSL_cert =
/etc/openwbem/servercert.pem
http_server.SSL_key =
/etc/openwbem/servercert.pem
http_server.SSL_key =
/etc/openwbem/serverkey.pem
The http_server.http_port and server.https_port settings specify the port number that owcimomd listens on for all HTTP and HTTPS communications.
http_server.http_port =
option
or
http_server.https_port =
option
These settings disable the HTTP port and enable port 5989 for HTTPS communications:
http_server.http_port = -1
http_server.https_port = 5989
The following log settings in the owcimomd.conf
file let you specify where and how much logging occurs, the type of
errors logged, and the log size, filename, and format:
If you want to set up debug logging, see Section 9.2.5, “Configuring Debug Logging”.
If you want to set up additional logs, see Section 9.2.6, “Configuring Additional Logs”.
Specifies the categories the log outputs.
log.main.categories =
option
Option |
Description |
---|---|
|
Specifies the categories to be logged using a space delimited list. The categories used in owcimomd are:
For more information about these options, see Section 9.2.4.4, “log.main.level”. If specified in this option, the predefined categories are not treated as levels, but as independent categories. No default is available; and if a category is not set, no categories are logged and the log.main.level setting is used. |
* |
All categories are logged. This is the default setting. |
log.main.categories = FATAL ERROR INFO
Specifies the components that the log outputs.
log.main.components =
option
log.main.components = owcimomd nssd
Specifies the format (text mixed with printf() style conversion specifiers) of the log messages.
log.main.format =
conversion_specifier
It is possible to change the minimum field width, the maximum field width, and justification. The optional format modifier is placed between the percent sign (%) and the conversion character. The first optional format modifier is the left justification flag, which is the minus (-) character. The optional minimum field width modifier follows, which is an integer that represents the minimum number of characters to output. If the data item requires fewer characters, it is padded with spaces on either the left or the right, according to the justification flag. If the data item is larger than the minimum field width, the field is expanded to accommodate the data.
The maximum field width modifier is designated by a period (.) followed by a decimal constant. If the data item is longer than the maximum field, then the extra characters are removed from the beginning of the data item (by default) or from the end (if the left justification flag was specified).
Log4j TTCC layout:
"%r [%t] %-5p %c -
%m"
Similar to TTCC but with some fixed-size fields:
"%-6r [%15.15t] %-5p
%30.30c - %m"
XML output conforming to log4j.dtd 1.2, which can be processed by Chainsaw (if used, this must be on one line; it is split up here for readability):
"<log4j:event logger="%c"
timestamp="%d{%s%Q}"
level="%p" thread="%t">
<log4j:message>%e</log4j:message>
<log4j:locationInfo class="" method=""
file="%F"
line="%L"/></log4j:event>"
The following is the default:
log.main.format =
[%t]%m
Specifies the level the log outputs. If set, the log outputs all predefined categories at and above the specified level.
log.main.level =
option
log.main. level = ERROR
Specifies the location of the log file owcimomd uses when the log.main.type setting option specifies that logging is sent to a file.
log.main.location =
path_filename
log.main.location =
/system/cimom/var/owcimomd.log
Specifies the amount of backup logs that are kept before the oldest is erased.
log.main.backup_index =
option
log.main.max_backup_index = 1
Specifies the maximum size (in KB) that the owcimomd log can grow to.
log.main.max_file_size =
option
Option |
Description |
---|---|
|
Limits the log to a certain size in KB. |
0 |
Lets the log grow to an unlimited size. This is the default setting. |
log.main.max_file_size = 0
Specifies the type of main log owcimomd uses.
log.main.type =
option
log.main.type = syslog
If owcimomd is run in debug mode, then the debug log is active with the following settings:
log.debug.categories = *
log.debug.components = *
log.debug.format = [%t]
%m
log.debug.level = *
log.debug.type = stderr
If you want a color version of the debug log, use the following ASCII escape codes:
log.debug.format =
\x1b[1;37;40m[\x1b[1;31;40m%-.6t\x1b[1;37;40m]\x1b[1;32;40m
%m\x1b[0;37;40m
If you want to use additional colors, use the following codes with the log.debug.format command:
Table 9.3. Additional Color Codes for the log.debug.format Command
If you want to create additional logs, list the log names under this setting:
owcimomd.additional_logs =
logname
Separate multiple lognames spaces.
owcimomd.additional_logs =
logname
For each log, the following settings apply:
log.
log_name
.categories
log.
log_name
.components
log.
log_name
.format
log.
log_name
.level
log.
log_name
.location
log.
log_name
.max_backup_index
log.
log_name
.max_file_size
owcimomd.additional_logs = errorlog1 errorlog2
errorlog3