OpenLMI Quick Start Guide
All the instructions on this page assume the user to run the Fedora, Red Hat Enterprise Linux, CentOS or derived distribution.
OpenLMI can be installed by installing the openlmi package. This is a metapackage that installs the OpenLMI infrastructure and a base set of OpenLMI Providers. Additional Providers and other packages can be installed later.
# yum install openlmi
Start the CIMOM
The OpenLMI CIMOM runs as a service. For security reasons, services are not automatically started. You will need to start the CIMOM manually, using the command:
# systemctl start tog-pegasus.service
To have the service automatically started when the system boots, use the command:
# systemctl enable tog-pegasus.service
You will then need to open the appropriate firewall ports to allow remote access. This can be done from the firewall GUI by selecting the WBEM-https service, or can be done from the command line by entering:
# firewall-cmd --add-port 5989/tcp
You will probably want to open this port permanently:
# firewall-cmd --permanent --add-port 5989/tcp
All the OpenLMI functionality should work in SELinux enforcing mode. Any AVC message in the audit log or even a failure caused by the SELinux denial should be considered a bug and reported in the Red Hat Bugzilla or the OpenLMI upstream Trac. To put SELinux into permissive mode temporarily run:
# setenforce 0
You next need to configure the users for remote access. The Pegasus CIMOM can accept either root or pegasus as users (configuring OpenPegasus to use other users is beyond the scope of this article). You can do one or both of the following actions; doing both will enable using OpenLMI calls using either root or pegasus as the user.
- The user pegasus is created – without a password – when you install OpenLMI. To use the pegasus user you need to add a password by using the command
# passwd pegasus
(as root) and then giving it a password.
Install LMIShell, the OpenLMI Client
The OpenLMI client consists of the LMIShell environment and a set of system management scripts. The OpenLMI client is installed on the client system – that is, the system that will be used to manage other systems. You don’t need to install the OpenLMI client on managed systems, and you don’t need to install OpenLMI Providers on the client system. A single system with the OpenLMI client installed can manage multiple servers.
To install the OpenLMI client on a Fedora 20 system, simply install the openlmi-scripts package:
# yum install 'openlmi-scripts*'
To install the full set of LMIShell scripts on a RHEL 7 system, first install the EPEL repository by going to http://download.fedoraproject.org/pub/epel/beta/7/x86_64/repoview/epel-release.html downloading the package and installing it. This will configure your system to install packages from the EPEL for RHEL 7 repository.
Next, install LMIShell with the scripts:
# yum install 'openlmi-scripts\*'
This will install the LMIShell framework from RHEL 7 and all the LMIShell scripts from the EPEL repository. If you have already installed LMIShell it will simply install the scripts from EPEL.
In order to access a remote LMI managed system, you will need to copy the Pegasus server certificate to the client system. This can be done with:
# scp root@managed-machine:/etc/Pegasus/ca.crt \ /etc/pki/ca-trust/source/anchors/managed-machine-cert.pem
Where “managed-machine” is the name of the managed system. You then need to:
# update-ca-trust extract
to update the local certificate store of managing system to include the certificate from the managed one.
Note that the certificate contains the system name. For OpenLMI to work correctly you need to assign a unique hostname to each server and then access the server by hostname rather than IP address.
Try It Out
At this point you should be ready to go! Test the installation by running an LMI command from a system with the LMIShell client and scripts installed; (replace example.com with the actual system name):
# lmi -h example.com lmi> hwinfo username: pegasus password: Hostname: managed-system Chassis Type: Desktop Manufacturer: Chassis Manufacturer Model: System Version (System Product Name) Serial Number: Chassis Serial Number Asset Tag: Asset-1234567890 CPU: AMD Phenom(tm) II X3 715 Processor Topology: 1 cpu(s), 3 core(s), 1 thread(s) Max Freq: 2800 MHz Arch: x86_64 Memory: 8 GB Slots: 4 used, N/A total lmi>
To configure Open Pegasus to be used by other users as well as other more advanced configurations, refer to the OpenPegasus Administrator’s Guide.
There is a separate document describing how to configure the Pegasus access control with FreeIPA HBAC.