openwsman / wsmancli Goto Github PK

Openwsman command line client

License: BSD 3-Clause "New" or "Revised" License

Shell 0.20% C 98.73% Makefile 1.08%

wsmancli's Introduction

How to compile and run openwsman from GIT ?

After checking out the project from git, create a build directory with

mkdir build

cd into it

cd build
cmake ..
make

See package/openwsman.spec.in for running cmake in 'release' mode

Most likely you will need to install some of the packages, depending on the distribution you are running.

Pre-build (RPM) packages for many distributions are available at the openSUSE build service

Packages and other software needed:

libxml2
sblim-sfcc (from the sblim project)
swig and python for python binding support
other development packages like cmake, gcc, etc.

After all packages are installed, compile everything and install. The server can run as a daemon, which would require root access; But it can be run in the foreground with debugging messages printed to stdout as well. This the help output when you run:

/usr/sbin/openwsmand --help
Usage:
openwsmand [OPTION...] WS-Management Server

Help Options:
 -?, --help                   Show help options

Application Options:
 -n, --no-plugins             Do not load any plugins
 -d, --debug                  Start daemon in foreground and turn on debugging
 -s, --syslog=0-6             Set the verbosity of syslog output.
 -c, --config-file=<file>     Alternate configuration file

Starting from version 0.1.1 a configuration file is needed. you can find an example in the ./etc directory. The configuration file has the following syntax:

[server]
port = 5985
#ssl_port = 5986
ssl_cert_file = /etc/openwsman/servercert.pem
ssl_key_file = /etc/openwsman/serverkey.pem
#digest_password_file = /etc/openwsman/digest_auth.passwd
basic_password_file = /etc/openwsman/simple_auth.passwd
enum_idle_timeout = 5000

max_threads = 1

#use_digest is OBSOLETED, see below.

#
# Authentication backend for BASIC authentication. Default is to read a configuration file defined with 'basic_password_file'
#

#basic_authenticator = libwsman_pam_auth.so
#basic_authenticator_arg = openwsman


[client]
port = 5988
agent = openwsman 2.2.4

[cim]
default_cim_namespace = root/cimv2

# The following are in part fake namespaces for some publicly available CIM implementations.
vendor_namespaces = OpenWBEM=http://schema.openwbem.org/wbem/wscim/1/cim-schema/2,Linux=http://sblim.sf.net/wbem/wscim/1/cim-schema/2,OMC=http://schema.omc-project.org/wbem/wscim/1/cim-schema/2,Reef=http://reef.sblim.sf.net/wbem/wscim/1/cim-schema/2,CWS=http://cws.sblim.sf.net/wbem/wscim/1/cim-schema/2

To run in SSL mode you need to enable the SSL port and create certificates and adapt the configuration with the correct path to the files.

To start the server in the foreground, run:

/usr/sbin/openwsmand  -d

You can also specify the configuration file to be used on the command line using the -c option.

On the client side, which has the following options

/usr/bin/wsman --help-all

Usage:
  wsman [Option...] <action> <Resource Uri>

Help Options
 -?, --help
 --help-all                                      Show help options
 --help-enumeration                              Enumeration Options
 --help-tests                                    Test Cases
 --help-cim                                      CIM Options
 --help-flags                                    Request Flags
 --help-event                                    Subscription Options

Enumeration
 -m, --max-elements=<max number of elements>     Max Elements Per Pull/Optimized Enumeration
 -o, --optimize                                  Optimize enumeration results
 -E, --estimate-count                            Return estimation of total items
 -M, --enum-mode=epr|objepr                      Enumeration Mode
 -U, --enum-context=<enum context>               Enumeration Context (For use with Pull and Release)

Tests
 -f, --from-file=<file name>                     Send request from file
 -R, --print-request                             print request on stdout
 -Q, --request                                   Only output reqest. Not send it.
 -S, --step                                      Do not perform multiple operations (do not pull data when enumerating)

CIM
 -N, --namespace=<namespace>                     CIM Namespace (default is root/cimv2)
 -B, --binding-enum-mode=none|include|exclude    CIM binding Enumeration Mode
 -T, --cim-extensions                            Show CIM Extensions
 -W, --references                                CIM References
 -w, --associators                               CIM Associators

Flags
 -x, --filter=<filter>                           Filter
 -D, --dialect=<dialect>                         Filter Dialect
 -t, --operation-timeout=<time in sec>           Operation timeout in seconds
 -e, --max-envelope-size=<size>                  maximal envelope size
 -F, --fragment=<fragment>                       Fragment (Supported Dialects: XPATH)

Event subscription
 -G, --delivery-mode=<mode>                      Four delivery modes available: push/pushwithack/events/pull
 -Z, --notification-uri=<uri>                    Where notifications are sent
 -r, --subscription-expiry-time=<seconds>        subscription expiry time in seconds
 -H, --heartbeat=<seconds>                       Send hearbeat in an interval
 -l, --bookmark                                  Send bookmark
 -i, --subscription-identifier=<uuid:XXX>        Used to specify which subscription
 -L, --notify-reference-properties=<xs:anyURI>   Notify Reference Properties

Application Options
 -d, --debug=1-6                                 Set the verbosity of debugging output.
 -c, --cacert=<filename>                         Certificate file to verify the peer
 -A, --cert=<filename>                           Certificate file. The certificate must be in PEM format.
 -K, --sslkey=<key>                              SSL Key.
 -u, --username=<username>                       User name
 -g, --path=<path>                               Path
 -J, --input=<filename>                          File with resource for Create and Put operations in XML, can be a SOAP envelope
 -p, --password=<password>                       Password
 -h, --hostname=<hostname>                       Host name
 -b, --endpoint=<url>                            End point
 -P, --port=<port>                               Server Port
 -X, --proxy=<proxy>                             Proxy name
 -Y, --proxyauth=<proxyauth>                     Proxy user:pwd
 -y, --auth=<basic|digest|gss>                   Authentication Method
 -a, --method=<custom method>                    Method (Works only with 'invoke')
 -k, --prop=<key=val>                            Properties with key value pairs (For 'put', 'invoke' and 'create')
 -C, --config-file=<file>                        Alternate configuration file
 -O, --out-file=<file>                           Write output to file
 -V, --noverifypeer                              Not to verify peer certificate
 -v, --noverifyhost                              Not to verify hostname
 -I, --transport-timeout=<time in sec>           Transport timeout in seconds

To create a password file, use the htpasswd and htdigest utilities from the Apache distribution.

You can connect to the server with the following command, which is part of the DMTF WS-Management specification

wsman identify -h <hostname> --port 5988 -u wsman --password secret

The above command should give the following result:

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:wsmid="http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd">
 <s:Header/>
 <s:Body>
  <wsmid:IdentifyResponse>
   <wsmid:ProtocolVersion>http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd</wsmid:ProtocolVersion>
   <wsmid:ProductVendor>openwsman</wsmid:ProductVendor>
   <wsmid:ProductVersion>2.2.4</wsmid:ProductVersion>
  </wsmid:IdentifyResponse>
 </s:Body>
</s:Envelope>

wsmancli's People

Contributors

Stargazers

Watchers

Forkers

xiaoqing-wei kolbma korizza zsalab bmwiedemann leslie-wang vcrhonek zirui-chen

wsmancli's Issues

read user/password from environment when available

Just add the following as the first statements to main() in wsman.c

username=getenv("WSMAN_USER");
password=getenv("WSMAN_PASS");

Now user/password are read from environment when available but can be overridden on the command line. Makes sense as ps would otherwise show passwords to all users.

compilation error: initialization of ‘char’ from ‘void *’

Compilation of file 'wsman.c' raises following error (at least with gcc version 8.20):
error: initialization of ‘char’ from ‘void *’ makes integer from pointer without a cast [-Werror=int-conversion]

The error comes from the use of NULL value for short_name field of u_option_entry_t in line 227.
It should be replaced by the value 0.

wsman.c.diff.txt

Tag for 2.5.0

Hi,

Would it be possible to create a tag and a release on github for wsmancli version 2.5.0 ?

Thanks.

wsmancli returns zero even when failing to connect

This was found on wsmancli 2.3.0

wsmancli seems to always return zero, even if an action like failing to connect occurs. For example:

wsman enumerate
http://intel.com/wbem/wscim/1/ips-schema/1/IPS_KVMRedirectionSettingData
-h 10.0.0.30 -P 16992 -u admin -p passw0rd1
Connection failed. response code = 0
Couldn't connect to server

echo $?
0

This makes it difficult to do things like run bash scripts where multiple wsman commands are invovled. There's no way, for example, to bail out if wsman runs into a problem.

--help* options return error code.

When executing any of the --help commands, wsman outputs the help text but then returns an error code.

wsman --help
Usage:
  wsman [Option...] <action> <Resource Uri>

Help Options
  -?, --help
  --help-all                                      Show help options
  --help-enumeration                              Enumeration Options
  --help-tests                                    Test Cases
  --help-cim                                      CIM Options
  --help-flags                                    Request Flags
  --help-event                                    Subscription Options

Application Options
  --non-interactive                               Non interactive mode, don't ask for credentials
  -q, --version                                   Display application version
  -d, --debug=1-6                                 Set the verbosity of debugging output.
  -j, --encoding                                  Set request message encoding
  -c, --cacert=<filename>                         Certificate file to verify the peer
  -A, --cert=<filename>                           Certificate file. The certificate must be in PEM format.
  -K, --sslkey=<key>                              SSL Key.
  -u, --username=<username>                       User name
  -g, --path=<path>                               Service Path (default: 'wsman')
  -J, --input=<filename>                          File with resource for Create and Put operations in XML, can be a SOAP envelope
  -p, --password=<password>                       User Password
  -h, --hostname=<hostname>                       Host name
  -b, --endpoint=<url>                            End point
  -P, --port=<port>                               Server Port
  -X, --proxy=<proxy>                             Proxy name
  -Y, --proxyauth=<proxyauth>                     Proxy user:pwd
  -y, --auth=<basic|digest|gss>                   Authentication Method
  -a, --method=<custom method>                    Method (Works only with 'invoke')
  -k, --prop=<key=val>                            Properties with key value pairs (For 'put', 'invoke' and 'create')
  -C, --config-file=<file>                        Alternate configuration file
  -O, --out-file=<file>                           Write output to file
  -V, --noverifypeer                              Not to verify peer certificate
  -v, --noverifyhost                              Not to verify hostname
  -I, --transport-timeout=<time in sec>           Transport timeout in seconds

Unknown option --help


jkyle at metaverse in ~/Projects/Ruby/homebrew/Library/Formula (wsmancli)
$ echo $?
1

Centos 7 - wsman: symbol lookup error: /lib64/libwsman_client.so.4: undefined symbol: key_value_create

yum list installed | grep ws
libwsman1.x86_64 2.6.3-6.git4391e5c.el7_6 @base
wsmancli.x86_64 2.6.0-2.el7 @base

key_value_create referenced in:
/usr/lib/64/libwsman_client.so.4.0.0
/usr/lib/64/libwsman.so.1.0.0

Run wsman command on RHEL7.X, but get authentication.verify_peer error

wsman identify -h localhost -P 5986 -u root -p iforgot --debug=6

Jun 24 04:01:23 cl->authentication.verify_peer: 1
Jun 24 04:01:23 Error = 43 (A libcurl function was given a bad argument); curl_easy_setopt(CURLOPT_SSL_VERIFYHOST) failed
Connection failed. response code = 0

rpm -qa|grep wsman

wsmancli-2.3.0-4.el7.x86_64
openwsman-server-2.3.6-13.el7.x86_64
libwsman1-2.3.6-13.el7.x86_64
openwsman-client-2.3.6-13.el7.x86_64

systemctl status openwsmand.service

openwsmand.service - Openwsman WS-Management Service
Loaded: loaded (/usr/lib/systemd/system/openwsmand.service; disabled)
Active: active (running) since Wed 2015-06-24 03:35:25 EDT; 28min ago
Main PID: 142809 (openwsmand)
CGroup: /system.slice/openwsmand.service
â””â”€142809 /usr/sbin/openwsmand -S

Jun 24 03:35:25 gha2.usa.hp.com systemd[1]: PID file /var/run/wsmand.pid not readable (yet?) after start.
Jun 24 03:35:25 gha2.usa.hp.com systemd[1]: Started Openwsman WS-Management Service.

I check the source of wsmancli and found the error should be caused by cl->authentication.verify_peer = 1. But I can't find the exact meaning of this verify_peer=1.

sol redirection/amtterm

Hi,

I'm aware that amttern is not part of openwsman, but I didn't find a
better place to look for people who know about vPro/amt and Linux,
so maybe someone here can help.

I guess amtterm is known to all of you, and it still seems to be
the only non-GUI program for accessing the SOL console in Linux
(and seemingly the only working client at all, I just tested
meshCommander, and it's SOL implemenration is a nightmare...).

Now, amtterm seems to have stopped working with amt 12.x. It still
is fine on our 11.x clients, but on our new Optiplex 7070 with
amt 12.x it cannot authenticate

amtterm: NONE -> CONNECT (connection to host)
ipv4 192.168.1.43 [192.168.1.43] 16994 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> AUTH (session authentication)
amtterm: AUTH -> ERROR (failure)
amtterm: ERROR: session authentication failed

All other tools like wsman, wsamt, amtctrl still work fine, kvm
with any vnc client does, too, just amtterm doesn't.

I already asked Gerd, but he doesn't have vPro hardware and no time
to look into amtterm again.

So I wonder if someone here might have the skills and would be willing
to either take a look at the amtterm code (it's really quite short)
or write some cli SOL client as replacement, as part of the wsmancli
package. This could make a lot people happy in future, because the
more 12.x hosts are sold, the more linux users will run into this problem.

cu,
Frank