sfcbd - Man Page
Small-Footprint CIM Broker (sfcb)
Synopsis
sfcbd [options]
Description
sfcb is a lightweight CIM daemon (aka CIMOM) that responds to CIM client requests for system management data and/or performs system management tasks. sfcb supports most of the standard CIM XML over http/https protocol. It is highly modular, allowing functionality to be easily added, removed or customized for different management applications. sfcb is specifically targetted for small embedded system that do not have the available CPU, memory or disk resources to support a full-blown enterprise-level CIMOM. That said, sfcb runs very well on a regular Linux/Unix system and supports most of the functions required by CIM clients to manage such the system. Supported CIM operations include:
GetClass | |
EnumerateClasses | |
EnumerateClassNames | |
GetInstance | |
DeleteInstance | |
CreateInstance | |
ModifyInstance | |
EnumerateInstances | |
EnumerateInstanceNames | |
InvokeMethod (MethodCall) | |
ExecQuery | |
Associators | |
AssociatorNames | |
References | |
ReferenceNames |
CIM process and lifecycle indications (aka 'events') are also supported.
Options
Supported command line options are:
- -c, --config-file=FILE
Specify an alternative configuration file. Default=/etc/sfcb/sfcb.cfg
- -d, --daemon
Run sfcbd (and child processes) in the background.
- -h, --help
Print help message and exit.
- -k, --color-trace
-k, --color-trace Color the trace output of each process
- -s, --collect-stats
Turn on runtime statistics collecting. If enabled then various sfcbd runtime statistics will be written to ./sfcbStat. Default is no statistics are collected.
- -t, --trace-components=NUM
Activate component-level tracing messages, where NUM is an OR-ed bitmask integer defining which component to trace. Specifying "-t ?" will list all the components and their associated integer bitmask.
- -v, --version
Prints version information and exits.
Configuration File
sfcbd reads the configuration file /etc/sfcb/sfcb.cfg (or the file specified with the -c option) at start up. The configuration file contains option : value pairs, one per line. For a complete list of options, see the default configuration file included with the sfcb package.
- httpPort
Local port that sfcbd should listen to receive HTTP (i.e. insecure) requests from CIM clients. Default=5988
- enableHttp
Whether sfcb should accept HTTP client connections. Default=true.
- httpProcs
Maximum number of simultaneous HTTP client connections before blocking new incoming HTTP requests. Default=8
- httpsPort
Local port that sfcbd should listen to receive HTTPS (i.e. secure) requests from CIM clients. Default=5989
- enableHttps
Whether sfcb should accept HTTPS client connections. Default=false.
- httpsProcs
Maximum number of simultaneous HTTPS client connections before blocking new incoming HTTPS requests. Default=8
- enableInterOp
Whether sfcb should provide the interop namespace for indication support. Default=true
- provProcs
Maximum number of simultaneous provider processes. After this point if a new incoming request requires loading a new provider, then one of the existing providers will first be automatically unloaded. Default=32
- doBasicAuth
Perform basic authentication on the client userid (obtained from the HTTP/HTTPS header) before allowing the request. Default=false (i.e. no client authentication performed).
- basicAuthLib
Name of the local library to call to authenticate the client userid. Default=sfcBasicAuthentication
- useChunking
Tell sfcbd to use HTTP/HTTPS 'chunking' to return large volumes of response data to the client in 'chunks', rather than buffering the data and sending it back all at once. Default=true
- keepaliveTimeout
Specify the maximum time in seconds an sfcb HTTP process will wait between two requests on one connection before terminating. Setting it to 0 will disable HTTP keep-alive. Default=0
- keepaliveMaxRequest
Specify the maximum number of consecutive request on one connection. Setting it to 0 will effectively disable HTTP keep-alive. Default=10
- registrationDir
Specify the registration directory, which contains the provider registration data, the staging area and the static repository. Default=/var/lib/sfcb/registration
- providerDirs
A space separated list of directories where sfcb is looking for provider libraries. Default=/usr/lib /usr/lib/cmpi /usr/lib64 /usr/lib64/cmpi
- providerSampleInterval
The interval in seconds at which the provider manager is checking for idle providers. Default: 30
- providerTimeoutInterval
The interval in seconds before an idle provider gets unloaded by the provider manager. Default: 60
- providerAutoGroup
If set to true, all providers residing in the same shared library will be executed in the same process unless another group has been specified in the provider registration file. Default: true
- sslCertificateFilePath
Specify the name of the file containing the server's certificate. The file must be in PEM format. This file is only required if enableHttps is set to true. Default= /etc/sfcb/server.pem
- sslKeyFilePath
Specify the name of the file containing the private key for the server's certificate. The file must be in PEM format and may not be passphrase-protected. This file is only required if enableHttps is set to true. Default=/etc/sfcb/file.pem
- sslClientTrustStore
Specify the name of the file or directory containing either the CA certificate issuing client certificates or self-signed certificates of the clients. This setting is only required if sslClientCertificate is set to accept or require.
If a file, it must be in PEM format.
If a directory, it must be in "hash format": each file in the directory should be named hash.0, where hash is the output of openssl x509 -hash. See the -CApath option in verify(1) from the openssl package for more information about the hash format.
Default=/etc/sfcb/client.pem
- sslClientCertificate
Specify the way sfcb handles client certificate based authentication. If set to ignore it will not request a certificate from the client. If set to accept it will request a certificate from the client but not fail if the client doesn't present one. If set to require it will refuse the client connection if the client doesn't present a certificate. Default=ignore
- certificateAuthLib
Name of the local library to call for client-certificate based user authentication. Called only if sslClientCertificate is not set to ignore. Default=sfcCertificateAuthentication
- traceLevel
Specify the trace level for sfcb. Can be overriden by setting environment variable SFCB_TRACE_LEVEL. Default:0.
- traceMask
Specify the trace mask for sfcb. Can be overriden by the command line option --trace-components. Default: 0.
- traceFile
Specify the trace file for sfcb. Can be overriden by setting environment variable SFCB_TRACE_FILE. Default: stderr.
Environment
- SFCB_PAUSE_PROVIDER
Specifies the name of the provider to pause after first being loaded to facilitate attaching a runtime debugger to the provider's process for debugging purposes.
- SFCB_PAUSE_CODEC
Specifies the name of the sfcb codec (currently only "http") to pause after first being started to facilitate attaching a runtime debugger to the process.
- SFCB_TRACE
Specifies the level of trace/debug messages for sfcb. Valid values are 0 (no trace messages), or 1 (key trace messages only) to 4 (all messages). A default value of 1 will be assumed, if this variable is not set.
[Note: SFCB_TRACE level is used in conjunction with sfcb's component-level tracing to control the level of detail of trace messages to display within each component]- SFCB_TRACE_FILE
By default sfcb trace messages are written to STDERR. Setting this envorinment variable causes the trace messages to be written to a file instead.
- SFCB_TRAP
If set this environment variable enables trap interrupts on x86 platforms to be generated by sfcb in special situations.
[Note: not currently ever used]- SFCB_LABELPROCS
If set to a positive integer value, enable the process labeling feature. This adds a description of each process' role to the process cmdline so that it appears in 'ps' output. The identifying info will be appended to the original arv data, following any passed arguments. The number of bytes appended is limited by the value of SFCB_LABELPROCS. A value of about 100 should be enough in most cases. A smaller value may truncate the data, but this may be desired. To disable, set the vaue to zero, or unset the env var.
- SBLIM_TRACE
Specifies the level of trace/debug messages for SBLIM providers. Valid values are 0 (no trace messages), or 1 (key trace messages only) to 4 (all messages).
[Note: this only applies to SBLIM providers written with explicit trace messages in their source code.]- SBLIM_TRACE_FILE
By default SBLIM provider trace messages are written to STDERR. Setting this envorinment variable causes the trace messages to be written to a file instead.
Files
- /etc/sfcb/sfcb.cfg
Default sfcb configuration file.
- /etc/sfcb/server.pem
SSL server certificate for sfcb.
- /etc/sfcb/file.pem
SSL private key file for sfcb.
- /etc/sfcb/client.pem
SSL client certificate / trust store for sfcb.
Libraries
- /usr/lib/libsfc* /usr/lib64/libsfc*
Binaries for sfcb runtime libraries.
- /usr/lib/cmpi/* /usr/lib64/cmpi/*
Binaries for providers.
Author
Adrian Schuur <schuur@de.ibm.com>
Conributors
Dr. Gareth S. Bestor <bestor@us.ibm.com>, | |
Viktor Mihajlovski <MIHAJLOV@de.ibm.com>, | |
Chris Buccella <buccella@linux.vnet.ibm.com> |
Bugs
The SBLIM project maintains a mailing list to which you should direct all questions regarding sfcb, sfcc, wbemcli, or any of the SBLIM providers. To subscribe to this mailing list visit
http://lists.sourceforge.net/lists/listinfo/sblim-devel
The SBLIM Project Bug tracking page can be found at
Copyright
(C) Copyright IBM Corp. 2004, 2005, 2009
Availability
The Small-Footprint CIM Broker (sfcb) is a part of the SBLIM project. The most recent version is available on the web at
See Also
sfcbmof(1), sfcbstage(1), sfcbunstage(1), sfcbrebos(1), genSslCert.sh(1), getSchema.sh(1), wbemcli(1)
Referenced By
genSslCert(1), getSchema(1), sfcbmof(1), sfcbrepos(1), sfcbstage(1), sfcbunstage(1), sfcbuuid(1).