WS-Management + Openwsman + openSUSE + Ruby

Yet another failed attempt at using SNMP for monitoring application-level services led me to WS-Management, an HTTP/SOAP-based protocol meant to replace SNMP. DS-Management might not be the first protocol to attempt usurping SNMP, but this one looks promising. Widespread support and implementation is claimed by Microsoft, and a reasonably mature open-source implementation -- Openwsman -- is sponsored by SuSE.

Documentation for Openwsman unfortunately seems rather lacking. It took some poking around, but I was able to get a basic client-server session going under openSUSE 10.3. Here's how:

First, add the development channel for openwsman and install the openwsman packages:

sudo smart channel --add http://download.opensuse.org/repositories/home:/kwk:/Management/openSUSE_10.3/home:kwk:Management.repo
sudo smart update home_kwk_Management
sudo smart install openwsman openwsman-client openwsman-server wsmancli openwsman-yast

If you run into PGP key problems, try disabling PGP key checking first:

smart config --set rpm-check-signatures=false

The openwsman-server package installs openwsmand -- a stand-alone server providing WS-Management services. We'll need to configure the authentication system before running the server. I was unable to get things going with the default Basic authentication, but Digest worked for me:

htdigest2 -c /etc/openwsman/digest_auth.passwd OPENWSMAN admin
Adding password for admin in realm OPENWSMAN.
New password: test
Re-type new password: test

Now edit the Openwsman config file to use Digest authentication. The config file is under /etc/openwsman/openwsman.conf and should be altered to look something like this (note that we've uncommented the 'digest_password_file' option):

[server]
port = 8889
#ssl_port = 8888
ssl_cert_file = /etc/openwsman/servercert.pem
ssl_key_file = /etc/openwsman/serverkey.pem
digest_password_file = /etc/openwsman/digest_auth.passwd
#basic_password_file = /etc/openwsman/simple_auth.passwd

min_threads = 4
max_threads = 10

#use_digest is OBSOLETED, see below.

#
# Authentication backend for BASIC authentication. Default is to read a configuration file defined with 'basic_password_file'
#

basic_authenticator = libwsman_pam_auth.so
basic_authenticator_arg = openwsman


[client]
port = 8889
agent = openwsman 0.6.0

#
# settings for the CIM plugin
#

[cim]
default_cim_namespace = root/cimv2

# The following are in part fake namespaces for some publicly available CIM implementations.
vendor_namespaces = OpenWBEM=http://schema.openwbem.org/wbem/wscim/1/cim-schema/2,Linux=http://sblim.sf.net/wbem/wscim/1/cim-schema/2,OMC=http://schema.omc-project.org/wbem/wscim/1/cim-schema/2

# CIMOM host, default is localhost
# host = localhost

# CIMOM port, default is 5988
# port = 5988

Okay, now we can run the server:

sudo /usr/sbin/openwsmand -d

We can now connect to the server using a few simple Ruby commands. Open an interactive ruby session (using irb) and enter the following:

require 'rwsman'
client = WsMan::Client.new('http', 'localhost', 8889, '/wsman', 'admin', 'test')
client_opt = WsMan::ClientOption.new
identify = client.identify(client_opt)
puts identify.rawxml

If everything worked, you should get a response that looks something like this:

 
 
   
     http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
     Openwsman Project
     1.5.9
   
 

The identify object returned by the client also exposes product_version, protocol_version, and product_vendor methods that return their respective values from the parsed XML data.

With the YAST plugin installed, Openwsman can access diagnostic information about your SuSE system. For example try this:

client_opt.property_add('ycp', '{ import "SuSERelease"; return SuSERelease::ReleaseInformation("/"); }' )
result = client.invoke('http://schema.opensuse.org/YaST/wsman-schema/10-3/YCP', 'eval', client_opt)
puts "SUSE Version: #{result.body}"