OpenLMI of Linux system operation and maintenance tool

One, before

OpenLMI (full name Open Linux Management Infrastructure) is an open Linux management infrastructure. OpenLMI is an open source project for managing a common infrastructure for Linux system administration. It builds on existing tools and acts as an abstraction layer to hide most of the complexity of the underlying system from system administrators. OpenLMI distributes a set of services that can be accessed locally or remotely and provides multiple language bindings, standard APIs, and standard scripting interfaces that can be used to manage and monitor hardware, operating systems, and system services. OpenLMI aims to improve the use of WBEM Standard Linux system management, providing common infrastructure for managing Linux systems. It also allows users to configure, manage, and monitor hardware, operating systems, and system services, and can help users quickly and massively deploy system storage, install and remove software packages, and manage networks. In this regard, let's sort out the deployment process and usage methods of OpenLMI for the reference of relevant students.

OpenLMI allows users to:

Configure, manage and monitor the operation of servers and virtual machines;

configure, manage and monitor local or remote operating systems;

configure, manage and monitor local or remote storage and networks;

use C/C++, Python, Java or command line interface to call the system manage.

Fedora is currently the main development platform for OpenLMI. It is supported starting from Fedora 18. It is recommended to use Fedora 21 and later versions, which can provide all functional components. RHEL and CentOS are supported from version 7. Openlmi cannot be installed under centos6. These two release versions can provide most functional components. Note that users need to install the openlmi package through the epel software source. SuSE Linux is supported starting from version 12 and can provide some functional components. Two distributions, Debian and Ubuntu, are pending.

Resource reference: OpenLMI ; openlmi-pcp ; Python openlmi ; fedoraproject

2. Software introduction

1) Product introduction

OpenLMI is a service configuration management and application deployment tool for the Linux platform . Its functions are similar to the current industry configuration management tools Chef, Puppet, and Saltstack. OpenLMI is designed to provide a common management interface for production servers running Red Hat Enterprise Linux on physical and virtual machines. The main functions of OpenLMI include managing storage devices, networking, system services, user accounts, hardware and software configuration, power management, and Active Directory interaction. OpenLMI provides a complete set of agent programs including: controller, client program and command-line tool code, which consists of the following three components :

System Management Agents: These agents are installed on managed systems , that is, servers that need to be monitored. Used to query, modify and monitor system operation. Agents can be installed on the servers or virtual machines that need to be controlled, and then the OpenLMI controller will manage these agents and provide related interfaces. System management agents are usually called LMI Providers or CIM Providers (CIM Providers).

Standard Object Broker (OpenLMI object broker): It is responsible for managing the broker and providing an interface to it. Standard Object Agent is also known as CIM Object Monitor or CIMOM .

Client applications and scripts : Client applications and scripts call the system management agent through the standard object proxy, which uses XML technology for https connections, which is also considered secure by OpenLMI because it uses TLS (HTTPS) for encrypted communication. Among them, LMIshell is a client client program, which mainly includes group command line tools, lmi interactive commands, and script tools in other languages. Its function is to call LMI Providers through OpenLMI object broker. This client accesses CIMOM by using WBEM + HTTPS protocol.

2) Managed system installation and configuration

The managed system is the system you want to monitor and manage using the OpenLMI client tool. OpenLMI provides a series of RPM packages for distribution, including CIMOM, various CIM providers, and client applications. We deploy and install OpenLMI on the managed system , the process will use TCP 5989 (wbem-https):

#安装软件包
yum install openlmi -y
或
yum install tog-pegasus -y  #安装 OpenPegasus CIMOM 及其系统的所有依赖项，并为 peg asus 用户创建一个用户帐户。
yum install openlmi-{
    
    storage,networking,service,account,powermanagement}  #安装用于存储、网络、服务、帐户和电源管理的 CIM 提供程序

#打开防火墙的 5989 端口

firewall-cmd --permanent --add-port 5989/tcp
iptables -I INPUT 1 -p tcp --dport 5989 -j ACCEPT

#设置 Selinux 为 permissive 模式

setenforce 0

#设置 pegasus 用户密码

passwd pegasus    #默认情况下，只有 pegasus 用户才能远程和本地访问 CIMOM

#设置远程访问权限，自定义被允许连接到 OpenPegasus CIMOM 的用户列表，修改配置文件

vim /etc/Pegasus/access.conf   #修改把下面一行；

#ALL EXCEPT pegasus:wbemNetwork   //修改为

ALL EXCEPT root pegasus:wbemNetwork

#启动服务
systemctl start tog-pegasus   #启动tog-pegasus.service服务来启动 OpenPegasus CIMOM
systemctl enable tog-pegasus

3) Client configuration

Clients access CIMOM using OpenLMI using the Web-Based Enterprise Management (WBEM) protocol, which runs over the HTTP transport layer. Standard HTTP basic authentication is performed in this protocol, which means that username and password are transmitted with the request. Therefore, the OpenPegasus CIMOM needs to be configured to communicate using HTTPS to ensure secure authentication. A Secure Sockets Layer (SSL) or Transport Layer Security (TLS) certificate is required on the managed system to establish encrypted channels.

yum install openlmi-tools  #交互式安装LMIShell，用于访问 OpenPegasus 提供的 CIM 对象，以及它对系统的所有依赖项

yum install 'openlmi-scripts*'

#说明：目前 OpenLMI 脚本文件主要包括如下模块：

 OpenLMI-account ：用户帐户管理模块

 OpenLMI-logicalfile: 文件和目录管理模块

 OpenLMI-networking: 网络配置管理模块

 OpenLMI-powermanagement: 电源管理模块

 OpenLMI-service: 服务系统管理模块

 OpenLMI-storage: 存储管理模块

 OpenLMI-hardware: 硬件信息检索模块

 OpenLMI-software : 软件管理模块

 OpenLMI-journald : 系统日志管理模块

 #设置 ca

 scp root@ server1:/etc/Pegasus/server.pem /etc/pki/ca-trust/source/anchors/client2-cert.pem

 update-ca-trust extract
 
 systemctl restart tog-pegasus.service

4) lmi command description

lmi command format: lmi [options]

Main options:

 ---hosts-file <hosts> 路径包含目标主机名的文件。 每个主机都必须列在一行

 --user <user> 目标主机所使用的用户名

 --same-credentials 所有主机使用一个认证文件

 -n --noverify 不验证 SSL 证书

 -v 屏幕显示输出信息

 --trace 显示回溯上的错误

 -c --config-file <config> 路径为用户配置文件

 -h --host <host> 目标主机名称

 --notrace 禁止显示回溯

 --log-file <log_file> 输出日志文件

 -N --no-headings 不打印表格标题

 -L --lister-format (table | csv) 输出使用 table 或者 CSV 格式

Note: lmi interactive mode supports the following subcommands:

file: management of data formats such as file systems
help: print help information
hwinfo: display collected hardware information.
system : Display collected system information.
sssd: sssd system service management function.
selinux: selinux management.
group : User group management function.
service : System service management.
storage: Basic storage device information.
sw : System software management.
net: network service management
power: system power management
user: user management
journald: system log
realmd: manage AD or Kerberos realm members.
locale; Set keyboard layout, language, time zone, time and other functions.

Note: The number of subcommands supported by different Linux distributions varies, among which Fedora 21 has the largest number and most complete functions. The user enters lmi in the terminal to enter the interactive environment, and then enters "?" or the help command to get a list of subcommands and other help.

5) Command use

1. Check the host hardware configuration
To check the host hardware, use the interactive mode for the local host, and enter the hwinfo subcommand at the lmi> prompt

 hwinfo system ：获取主机名称。
 hwinfo motherboard：获取主板信息。
 hwinfo cpu：获取 CPU 信息。
 hwinfo memory：获取内存信息。
 hwinfo [all] ：获取所有信息。
 hwinfo pci：获取 pci 插槽信息。
 hwinfo disks: 获取磁盘信息。

2. Check the software: lmi> system

The collected content includes: operating system version information, firewall configuration, network interface information, kernel version, time zone, SElinux status, log system, system language, etc. The following is an example, Listing 2 is the operation process and output interface.

 lmi 的 service 子命令可以用来查看、启动、停止、重新启动本地和远程服务。下面是两个例子。 查看运程主机服务运行情况，使用如下命令：

 lmi> service show httpd.service

 Name=httpd

 Caption=The Apache HTTP Server

 Enabled=No

 Status=Running

 停止一个本地服务，使用如下命令：

 lmi> service stop sshd.service

 说明：service 命令其他主要参数包括：

 list 打印所有服务列表

 show 显示服务运行情况

 start 启动一个服务

 stop 停止一个服务

 restart 重新启动一个服务

 reload 重新加载一个服务配置


 lmi> sw show pkg php   #查看一个软件包详情

 lmi> sw install httpd    #安装一个软件包

 lmi> sw update nmap   # 升级一个软件包

 lmi> sw remove nmap    #删除一个软件包
 

3. View storage: lmi>storage list

lmi> storage tree  #树形结构显示存储设备列表
lmi>  storage show /dev/disk/by-id/ata-VBOX_HARDDISK_VB289545a2-5d00c206-part1 #查看具体某个存储详情

4. Check the network

lmi>net device list

#设置网络接口新的 ip 地址

lmi> net address replace enp0s3 192.168.0.130 24

#激活一个网络接口

lmi> net activate enp0s3

#设置 dns 服务器 ip 地址

lmi> net dns add enp0s3 192.168.0.1

5. User management

#查看用户

 lmi> user list

 #查看已经存在的用户组列表

 lmi>group list

 #添加一个用户

 lmi> user create myql

 #查看已经某用户详情列表

 lmi> user show myq1

 #删除一个用户

 lmi> user delete myq1

6) Direct command mode

Except for interactive mode. You can also use the direct command mode, which executes faster:

lmi -h managedsystem.mydomain.org service list – all   #显示所有的服务列表

lmi -h managedsystem.mydomain.org storage raid create 5 /dev/sdb /dev/sdd /dev/sde  # 设置远程主机上的 raid 存储