Yet another failed attempt at using SNMP for monitoring application-level services led me to WS-Management, an HTTP/SOAP-based protocol meant to replace SNMP. DS-Management might not be the first protocol to attempt usurping SNMP, but this one looks promising. Widespread support and implementation is claimed by Microsoft, and a reasonably mature open-source implementation -- Openwsman -- is sponsored by SuSE.
Documentation for Openwsman unfortunately seems rather lacking. It took some poking around, but I was able to get a basic client-server session going under openSUSE 10.3. Here's how:
First, add the development channel for openwsman and install the openwsman packages:
sudo smart channel --add http://download.opensuse.org/repositories/home:/kwk:/Management/openSUSE_10.3/home:kwk:Management.repo
sudo smart update home_kwk_Management
sudo smart install openwsman openwsman-client openwsman-server wsmancli openwsman-yast
If you run into PGP key problems, try disabling PGP key checking first:
smart config --set rpm-check-signatures=false
The openwsman-server package installs openwsmand -- a stand-alone server providing WS-Management services. We'll need to configure the authentication system before running the server. I was unable to get things going with the default Basic authentication, but Digest worked for me:
htdigest2 -c /etc/openwsman/digest_auth.passwd OPENWSMAN admin
Adding password for admin in realm OPENWSMAN.
New password: test
Re-type new password: test
Now edit the Openwsman config file to use Digest authentication. The config file is under /etc/openwsman/openwsman.conf and should be altered to look something like this (note that we've uncommented the 'digest_password_file' option):
[server]
port = 8889
#ssl_port = 8888
ssl_cert_file = /etc/openwsman/servercert.pem
ssl_key_file = /etc/openwsman/serverkey.pem
digest_password_file = /etc/openwsman/digest_auth.passwd
#basic_password_file = /etc/openwsman/simple_auth.passwd
min_threads = 4
max_threads = 10
#use_digest is OBSOLETED, see below.
#
# Authentication backend for BASIC authentication. Default is to read a configuration file defined with 'basic_password_file'
#
basic_authenticator = libwsman_pam_auth.so
basic_authenticator_arg = openwsman
[client]
port = 8889
agent = openwsman 0.6.0
#
# settings for the CIM plugin
#
[cim]
default_cim_namespace = root/cimv2
# The following are in part fake namespaces for some publicly available CIM implementations.
vendor_namespaces = OpenWBEM=http://schema.openwbem.org/wbem/wscim/1/cim-schema/2,Linux=http://sblim.sf.net/wbem/wscim/1/cim-schema/2,OMC=http://schema.omc-project.org/wbem/wscim/1/cim-schema/2
# CIMOM host, default is localhost
# host = localhost
# CIMOM port, default is 5988
# port = 5988
Okay, now we can run the server:
sudo /usr/sbin/openwsmand -d
We can now connect to the server using a few simple Ruby commands. Open an interactive ruby session (using irb) and enter the following:
require 'rwsman'
client = WsMan::Client.new('http', 'localhost', 8889, '/wsman', 'admin', 'test')
client_opt = WsMan::ClientOption.new
identify = client.identify(client_opt)
puts identify.rawxml
If everything worked, you should get a response that looks something like this:
http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd
Openwsman Project
1.5.9
The identify object returned by the client also exposes product_version, protocol_version, and product_vendor methods that return their respective values from the parsed XML data.
With the YAST plugin installed, Openwsman can access diagnostic information about your SuSE system. For example try this:
client_opt.property_add('ycp', '{ import "SuSERelease"; return SuSERelease::ReleaseInformation("/"); }' )
result = client.invoke('http://schema.opensuse.org/YaST/wsman-schema/10-3/YCP', 'eval', client_opt)
puts "SUSE Version: #{result.body}"
