OpenLMI Presentation
OpenLMI stands for Open Linux Management Infrastructure.
It’s a new way to manage a set of servers remotely from a unique client.
There are two configuration steps:
- server side configuration that gives instructions to apply on a remotely managed server and
- client side configuration that details instructions for the client.
Server configuration
To allow remote server management, you need to install the OpenLMI package:
[srv]# yum install -y openlmi
Then, you need to start the component in charge of receiving orders (the object broker pegasus):
[srv]# systemctl start tog-pegasus [srv]# systemctl enable tog-pegasus
To be able to receive orders, the server firewall needs to be opened to WBEM port (Web-Based Enterprise Management):
[srv]# firewall-cmd --permanent --add-port 5989/tcp
Even though SELinux experts are working on it, it is still necessary to put SELinux in permissive mode for the time being:
[srv]# setenforce 0
Or, replace enforcing by permissive in the /etc/selinux/config file and reboot.
Finally, a password must be given to the pegasus user:
[srv]# passwd pegasus
Client configuration
To allow a client to manage a set of remote servers, you need to install the OpenLMI-tools package:
[clt]# yum install -y openlmi-tools
Then, you need to add a new yum repository in order to get the OpenLMI scripts easily:
[clt]# cd /etc/yum.repos.d [clt]# wget "http://www.openlmi.org/sites/default/files/repo/rhel7/noarch/openlmi-scripts.repo"
Now, you can install the OpenLMI scripts:
[clt]# yum install "openlmi-scripts*"
To allow the client to connect to the server, you need to get the certificate of the remote server (called here srv):
[clt]# scp root@srv:/etc/Pegasus/server.pem /etc/pki/ca-trust/source/anchors/srv-cert.pem
Finally, the certificate needs to be added to the client truststore:
[clt]# update-ca-trust extract
Configuration test
To test the configuration, type the following command to connect to the server (called here srv) from the client:
[clt]# lmi -h srv lmi> service show httpd.service username: pegasus password: Name=httpd.service Caption=The Apache HTTP Server Enabled=False Active=False Status=Stopped lmi> exit
Or, alternatively:
[clt]# lmi -h srv service show httpd.service username: pegasus password: Name=httpd.service Caption=The Apache HTTP Server Enabled=False Active=False Status=Stopped
Sources: Russ Doty’s blog and OpenLMI website.
Additional Resources
In addition, you can watch the following videos:
Leave a Reply
You must be logged in to post a comment.