Pegasus Enhancement Proposal (PEP)
PEP #: 237
Title: Recommended OpenPegasus 2.5.1 Build and Configuration Options for Selected Platforms
Version: 1.8
Created: 05 October 2005
Authors: Denise Eckstein
Status: Approved
Abstract: This PEP defines a set of recommended options for building,
testing and running OpenPegasus 2.5.1 on a selected set of platforms. In this
version of the PEP, platform-specific configuration options have been documented
for the following platforms: Linux, HP-UX and OpenVMS.
Note 1: The recommendations defined in this PEP
are not intended to document the feature set included in any vendor's
OpenPegasus-based product. Rather, the purpose of this PEP is to provide
input to vendors when making product decisions.
Definition of the Problem
OpenPegasus supports a large number of build and runtime options. Determining
which options to use can be challenging. The purpose of this PEP is to simplify
the build, testing and administration of OpenPegasus 2.5.1 by providing
a recommended, tested set of options.
Proposed Solution
Security Considerations
- To avoid introducing security vulnerabilities, vendors must never ship
providers incompatible with the security assumptions used in their deployment.
For example, providers designed for a single-user deployment that don't perform
authorization must not be shipped with a CIM Server that expects the
providers to perform authorization. Note that this authorization burden is
considerably lighter if the provider is registered as 'run as requestor'
and if the CIM Server enables that feature. See
PEP#223 - Security Coding Guidelines for additional details.
- Vendors should ensure they configure the CIM Server consistently with
the security requirements of their deployment.
Terminology Notes
- In this document, the term "Not Set" is used to indicate that the a value
for the environment variable has not been defined. "Set" is used to
indicate that the value must be defined, but the actual value of the variable
is not checked.
Environment Variable Settings for Building OpenPegasus 2.5.1
Definitions
ICU_INSTALL
Description: When set, points to the directory
containing the
ICU (International Components for Unicode) libraries.
Note that the 'lib' sub-directory is appended to this
variable. This is used during build to link to ICU.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: This environment variable is
only used if PEGASUS_HAS_MESSAGES is set. Refer to
PEGASUS_HAS_MESSAGES for additional details.
ICU_ROOT
Description: When set, points to the root directory
of the
ICU (International Components for Unicode) source tree (ie.
the directory before the source directory in the ICU distribution).
This is used during build
to compile against the ICU header files.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: This environment variable is
only used if PEGASUS_HAS_MESSAGES is set. Refer to
PEGASUS_HAS_MESSAGES for additional details.
OPENSSL_BIN
Description: Specifies the location of the OpenSSL binary
directory.
Default Value: Not Set
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: No. If PEGASUS_HAS_SSL is set and OPENSSL_BIN is
not defined, OPENSSL_BIN will be set to $(OPENSSL_HOME)/bin.
OPENSSL_HOME
Description: Specifies the location of the OpenSSL
SDK directory. This directory must contain the OpenSSL include
directory, $(OPENSSL_HOME)/include, and the OpenSSL library directory,
$(OPENSSL_HOME)/lib.
Default Value: Not Set
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: Yes, if PEGASUS_HAS_SSL is set.
PEGASUS_CIM_SCHEMA
Description: This variable is used internally by the OpenPegasus
development team when upgrading the OpenPegasus build environment to a new
version of the CIM Schema.
Default Value: CIM29
Recommended Value (Development Build): CIM29
Recommended Value (Release Build): CIM29
Required: No
Considerations: Additional code changes may be required when
upgrading or downgrading the CIM Schema version from CIM29.
PEGASUS_CLASS_CACHE_SIZE
Description: This environment variable gives the size of the
class cache used by CIM repository. This variable defines the size of the
class cache (i.e., the maximum number of classes that may be
included). If this variable is set to 0, class caching is disabled.
More specifically this feature is not included as part of the
OpenPegasus build.
Default Value: 8
Recommended Value (Development Build): 8
Recommended Value (Release Build): 8
Required: No
PEGASUS_DEBUG
Description: Builds a debug version of OpenPegasus.
Concurrently, this flag controls
a) enabling compiler specific debug flags and b) the inclusion of
debug-specific functionality.
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_DEFAULT_ENABLE_OOP
Description: When this variable is set to false, by default,
Providers are run in the cimserver process (forceProviderProcesses=false).
If this value is set true, Providers are run out-of-process by default.
Default Value: true for HP-UX and Linux, false for other
platforms
Recommended Value (Development Build): true (HP-UX, Linux)
Recommended Value (Release Build): true (HP-UX, Linux)
Required: NoConsiderations: This environment variable
can be used to change the "hard-coded" default setting for the
forceProviderProcesses configuration value.
Refer to the definition of forceProviderProcesses for additional information.
PEGASUS_DISABLE_CQL
Description: When
this variable is set, support for Indication Subscription filters that have CQL as the language
is disabled. It does not remove CQL from the build.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Set
Required: No
PEGASUS_DISABLE_DEPRECATED_INTERFACES
Description: Removes deprecated symbol definitions from Pegasus
runtime libraries.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: If this option is set, the resulting Pegasus
libraries will not be binary compatible with clients and providers built
using interface definitions from prior releases. This option may be used to
slightly reduce binary footprint in an environment where compatibility is
not required.
PEGASUS_DISABLE_INSTANCE_QUALIFIERS
Description: In the CIM Infrastructure Specification, version 2.3,
the DMTF clarified that instance-level qualifiers are not allowed. In
Version 1.2 of the Specification CIM Operations over HTTP, use of the
IncludeQualifiers parameter has been DEPRECATED.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Existing CIM Clients may depend on qualifiers being
returned in the response. In this case, the
PEGASUS_DISABLE_INSTANCE_QUALIFIERS should not be set. If this flag is
set, the value of the IncludeQualifiers parameter passed on the GetInstance
and EnumerateInstance operations is ignored and qualifiers are not returned.
Disabling the return of qualifiers as part of a CIM Instance will improve
performance.
PEGASUS_DISABLE_LOCAL_DOMAIN_SOCKET
Description: Disables support for local (same-system)
connections over a Unix domain socket. If this option is NOT set, the CIM
Server is built to allow connections to be established using a
domain socket rather than a TCP port.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: (1) In high-threat environments, a customer
may want to disable all ports or reduce the number of exposed network ports.
Supporting a local connection mechanism using Unix domain socket allows the CIM Server to continue to receive and process requests from local
CIM Clients. (2) Enabling this option may
result in lose of functionality when sslClientVerificationMode = required.
(3) The "LOCAL_DOMAIN_SOCKET" functionality has not been
implemented for Windows. Therefore, by default, this option is
"Set" for Windows.
PEGASUS_DISABLE_PERFINST
Description: Builds a version of OpenPegasus that disables support for gathering performance data.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Set
Required: No
Considerations: The CIM_ObjectManager.GatherStatisticalData
property is used to control statistic gathering. Once enabled,
statistical data can be viewed by retrieving instances of the
CIM_StatisticalData class.
PEGASUS_DISABLE_PRIVILEGED_TESTS
Description: This variable is used only in the development environment to
restrict the level of testing performed by default. If set, tests that require the CIM Server to run in a privileged mode will not be run. Setting this
variable allows developers, without privileged access, to successfully run a
subset of the OpenPegasus test suit. This variable does not affect CIM
Server functionality. It merely controls the level of testings.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): N/A
Required: No
Considerations: Enabling this variable will significantly reduce
the testing of security related features (e.g., authentication,
authorization).
PEGASUS_DISABLE_PROV_USERCTXT
Description: Builds a version of OpenPegasus that disables
supports for the Provider User Context feature. This feature allows a
Provider to choose the user context in
which it is invoked, including the ability to run in the context of the user
requesting an operation.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: The Provider User Context feature may be
disabled by compiling with the PEGASUS_DISABLE_PROV_USERCTXT flag defined.
In this case, the Provider Registration Manager rejects provider
registration requests that specify a UserContext property value. The user
context in which providers run is then unchanged by this enhancement. Some
platforms, such as OS/400 and z/OS may define the
PEGASUS_DISABLE_PROV_USERCTXT as part of the platform configuration, since
these platforms already set the provider user context on a per-thread basis.
When the Provider User Context feature is enabled, support for each of the
User Context types may be disabled individually. Provider registration fails
when an unsupported UserContext value is specified. Individual user context
models are disabled with these compile flags:
- PEGASUS_DISABLE_PROV_USERCTXT_REQUESTOR
- PEGASUS_DISABLE_PROV_USERCTXT_DESIGNATED
- PEGASUS_DISABLE_PROV_USERCTXT_PRIVILEGED
- PEGASUS_DISABLE_PROV_USERCTXT_CIMSERVER
Please refer to SecurityGuidelinesForDevelopers.html / PEP223 for a discussion
of the rationale/advantages of user context providers to many platforms.
PEGASUS_DISABLE_PROV_USERCTXT_CIMSERVER
Description: Builds a version of OpenPegasus that disables
support for the Provider User Context "CIM Server" option.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Support for the "CIM Server" option allows a
Provider to be invoked with the same
user context as the CIM Server. This model supports providers that are
released together with the CIM Server and for which the CIM Server's user
context is known to be acceptable. The provider retains full responsibility
for authorizing requesting users.
PEGASUS_DISABLE_PROV_USERCTXT_DESIGNATED
Description: Builds a version of OpenPegasus that disables
support for the Provider User Context "Designated" option.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Support for the "Privileged" option allows
a Provider to be
invoked in the context of a single, designated user. This option allows a
provider to run in a consistent user context with an appropriate level of
privilege. The provider retains full responsibility for authorizing
requesting users.
PEGASUS_DISABLE_PROV_USERCTXT_PRIVILEGED
Description: Builds a version of OpenPegasus that disables
support for the Provider User Context "Privileged" option.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Support for the "Privileged" option allows
a Provider to be invoked in the context of a
privileged user, potentially escalating the privilege of the requesting
user. The provider retains full responsibility for authorizing requesting
users. The Privileged User model is much like the Designated User model,
except that it clearly declares a privilege requirement and it allows such a
provider to be written in a way that is portable across platforms for which
the privileged user name differs.
PEGASUS_DISABLE_PROV_USERCTXT_REQUESTOR
Description: Builds a version of OpenPegasus that will not allow
a Provider to run as the "Requestor".
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Support for the "Requestor" option allows a
Provider to be invoked in the context of the user requesting an operation.
This option reduces the complexity of writing a provider, because
authorization checks that the provider previously had to perform can instead
be performed by the underlying platform or managed resource. This reduction
in complexity is accompanied by an increase in the security of the solution,
because the redundant authorization checks in the provider are likely to
miss cases or get out of sync with the authorization model of the managed
resource or underlying platform.
PEGASUS_DISABLE_SLP - OBSOLETE - NOT SUPPORTED
Description: Starting with
OpenPegasus 2.5.1, this variable is no longer supported. Please refer
to PEGASUS_ENABLE_SLP for details on configuring SLP support in OpenPegasus.
The PEGASUS_DISABLE_SLP environment variable can
be used to disable support for SLP on platforms that, by default, include SLP. Refer to the definition of
PEGASUS_ENABLE_SLP for additional information.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: The
PEGASUS_DISABLE_SLP variable should never be used in conjunction with the
PEGASUS_ENABLE_SLP variable. A build error will occur if both
variables are explicitly set.
PEGASUS_EMANATE_INCLUDE_DIR
PEGASUS_EMANATE_LIB_DIR
Description: Specifies the location of the EMANATE lib directory.
Default Value: Not Set
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: Yes. If PEGASUS_USE_EMANATE is defined. Otherwise
this value is not used.
Considerations: Refer to the description of PEGASUS_USE_EMANATE for
additional details.
PEGASUS_ENABLE_CMPI_PROVIDER_MANAGER
Description: If set, a version of OpenPegasus that supports
CMPI providers and their dependent components is built.
Default Value: Not Set
Recommended Value (Development Build): Set (Linux Platform Only)
Recommended Value (Release Build): Set (Linux Platform Only)
Required: No
PEGASUS_ENABLE_COMPRESSED_REPOSITORY
PEGASUS_ENABLE_EXECQUERY
Description: When
this environment variable is set, processing of ExecQuery operations is
enabled. When not set, ExecQuery operation requests get a NotSupported
response. (Note: The PEGASUS_ENABLE_EXECQUERY environment variable controls
the definition of the PEGASUS_DISABLE_EXECQUERY compile macro.)
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_ENABLE_EMAIL_HANDLER
Description: When this environment variable is set, an E-Mail
Indication Handler is built as part of the OpenPegasus build. The
E-Mail Indication Handler can be used to delivered CIM Indications to a designated e-mail
address.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: If PEGASUS_ENABLE_EMAIL_HANDLER is not set when
OpenPegasus is built,
a request to create an Email Indication Handler instance will be rejected
will the error CIM_ERR_NOT_SUPPORTED.
PEGASUS_ENABLE_JMPI_PROVIDER_MANAGER
Description: If set, a version of OpenPegasus that supports
JMPI providers and their dependent
components
is built.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_ENABLE_OBJECT_NORMALIZATION
Description: If set, builds in support so that objects
returned from provider instance operations can be validated.
The enableNormalization must also be set to 'true' (default)
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: If PEGASUS_ENABLE_OBJECT_NORMALIZATION is set, two new
configuration options are defined: enableNormalization and
excludeModulesFromNormalization.
PEGASUS_ENABLE_REMOTE_CMPI
Description: If set, a version of OpenPegasus that supports
Remote CMPI providers and their dependent
components
is built.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_ENABLE_SLP
Description: This
variable controls of the inclusion of SLP functionality in the OpenPegasus
build. When this environment variable is set to 'true', SLP
functionality will be included as part of the OpenPegasus build. If
this variable is set to 'false', the SLP functionality will not be included.
All other values are considered invalid and will result in a build error
(e.g., "PEGASUS_ENABLE_SLP ($(PEGASUS_ENABLE_SLP)) invalid, must be true or
false").
Default Value: 'true' for Windows; 'false' for all other Platforms
Recommended Value (Development Build): 'true' for Windows;
'false' for all other Platforms
Recommended Value (Release Build):
Required: No
PEGASUS_ENABLE_SORTED_DIFF
Description: This controls if the DIFFSORT function
is used rather than a simple DIFF of the test results files
to the static results file. Set to 'true' enables the sorted
diffs of results to static results files. Otherwise results
in regular diffs of results to static results files.
See Pegasus bug 2283 for background information concerning
this config variable.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_ENABLE_SYSTEM_LOG_HANDER
Description: When this environment variable is set, a SysLog Indication Handler is built as part of the OpenPegasus build. The
SysLog Indication Handler can be used to delivered CIM Indications to the
system log file.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: If PEGASUS_ENABLE_SYSTEM_LOG_HANDLER is not set
when OpenPegasus is built, a request to create a SysLog Indication Handler instance
will be rejected with the error CIM_ERR_NOT_SUPPORTED.
PEGASUS_ENABLE_SSLV2
Description: By default, support for the SSLV2 protocol is
disabled in OpenPegasus 2.5. The option can be used to build a version of
OpenPegasus that supports SSLV2. This variable affects how SSL contexts are constructed for both the CIM Server and CIM
Clients.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Unless SSLV2 is required for backward compatibility, enabling
this protocol is not recommended (SSLV3 or later is preferred).
PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
Description: Builds a version of OpenPegasus that allows an
administrator to restrict access to CIM operations to members of a
designated
set of groups. Refer to the
authorizedUserGroups configuration option for additional details.
Default Value: Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Set
Required: No
PEGASUS_EXTRA_C_FLAGS
Description: This environment variable allows a developer to
specify an additional set of flags to be included on the C compile
command line.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_EXTRA_CXX_FLAGS
Description: This environment variable allows a developer to
specify an additional set of flags to be included on the C++ compile command
line.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_EXTRA_LINK_FLAGS
Description: This environment variable allows a developer to
specify an additional set of flags to be included on the link command line.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_HAS_MESSAGES
Description: When set (to anything) during the build,
OpenPegasus compiles with localization support. The
ICU (International Components for Unicode) variables,
ICU_ROOT and ICU_INSTALL, indicate that the
localization support is based on ICU. Only ICU is supported
at this time.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: If the PEGASUS_HAS_MESSAGES is not
set, OpenPegasus is built without localization support. This means that
all messages sent by the CIM Server and the CLIs are in English.
ICU is an open source project at
http://oss.software.ibm.com/icu.
Only English tran/slations are included with the OpenPegasus distribution.
The OpenPegasus distribution does not provide translated messages. But,
enabling for ICU would allow vendor to provide the translations. Refer to
the OpenPegasus Release README for additional information regarding the use
of ICU. Although, in OpenPegasus 2.3.2, experience with localization support
has been limited to a select set of platforms, wider platform adoption of
this technology is planned for 2.5.
PEGASUS_HAS_SSL
Description: If set, a version of OpenPegasus that supports
SSL (i.e., https) is built.
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Set
Required: No
Considerations: Support for SSL in OpenPegasus is dependent on
the OpenSSL software developed by the
OpenSSL Project (http://www.openssl.org/).
If the PEGASUS_HAS_SSL variable is set, the variable OPENSSL_HOME must also be defined.
The OPENSSL_HOME variable is used, by the OpenPegasus build, to determine the
location of the OpenSSL include files, libraries and binaries.
PEGASUS_HOME
Description: Specifies the location of the
OpenPegasus working directory. The OpenPegasus
build will use this directory as the default location
for files generated during the build (e.g., binaries,
libraries, objects).
Default Value: None
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: Yes
Considerations: The error "PEGASUS_HOME environment variable
undefined" is returned if the PEGASUS_HOME environment variable is not set.
This variable is also used during runtime. Refer to the section titled
"Environment Variable Settings for Running OpenPegasus 2.3.2 on Linux" for
additional details.
PEGASUS_INDICATIONS_Q_THRESHOLD
Description: Controls if indications providers are stalled if the indications
service queue is too large. It can be set to any positive value. If not set providers
are never stalled. This implies that the indications service queue may become as
large as necessary to hold all the indications generated. If set to any value then
providers are stalled by forcing them to sleep when they try to deliver an indication
and the indications service queue exceeds this value. They are resumed when the queue
count falls 10 percent below this value. Stall and resume log entries are made to
inform the administrator the condition has occurred.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Use of this setting may have unintended
side-effects when using Out-of-Process Providers including delayed
processing of CIM Operation Requests.
PEGASUS_MAX_THREADS_PER_SVC_QUEUE
Description: Controls the maximum number of threads allowed
per message service queue. It is allowed to range between 1 and
MAX_THREADS_PER_SVC_QUEUE_LIMIT (currently 5000) as set in
pegasus/src/Pegasus/Common/MessageQueueService.cpp. If set to 0 (zero)
the max threads per service queue is then set to
MAX_THREADS_PER_SVC_QUEUE_LIMIT. If set larger than the
MAX_THREADS_PER_SVC_QUEUE_LIMIT it is set equal to
MAX_THREADS_PER_SVC_QUEUE_LIMIT. There are no other limits on the total number
of threads that can exist within the system at this time. When the server starts
there on the order of 10 to 20 message service queues created dependent upon
build options.
Default Value: 5
Recommended Value (Development Build): 5
Recommended Value (Release Build): 5
Required: No
Considerations: This flag affects consumption of system resources.
Not setting, or inappropriately setting this value, may cause the cimserver
to hang or crash.
PEGASUS_ROOT
Description: Specifies the location of the directory
that corresponds to "pegasus" source directory defined in the
OpenPegasus CVS source tree. This environment variable is
used by the OpenPegasus build to locate the required build
and source files (e.g., $(PEGASUS_ROOT)/mak and
$(PEGASUS_ROOT)/src).
Default Value: None
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: Yes
Considerations: The error "PEGASUS_ROOT environment
variable undefined" is returned if the PEGASUS_ROOT
environment variable is not set.
PEGASUS_NET_SNMP_INCLUDE_DIR
Description: Specifies the location of the NET-SNMP include
directory.
Default Value: Not Set
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: Yes. If PEGASUS_USE_NET_SNMP is defined. Otherwise
this value is not used.
PEGASUS_NET_SNMP_DIR
Description: Specifies the location of the NET-SNMP libdirectory.
Default Value: Not Set
Recommended Value (Development Build): No Specific Recommendation
Recommended Value (Release Build): No Specific Recommendation
Required: Yes. If PEGASUS_USE_NET_SNMP is defined. Otherwise
this value is not used.
PEGASUS_NOASSERTS
Description: Defines the NDEBUG compilation macro, which
causes the preprocessor to remove PEGASUS_ASSERT() statements.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Set
Required: No
PEGASUS_OPENSLP_HOME
PEGASUS_PAM_AUTHENTICATION
Description: Enables support for PAM-(Pluggable Authentication Modules)
based authentication.
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Set
Required: No
Considerations: Support for PAM in OpenPegasus is dependent on
platform support for PAM.
PEGASUS_PLATFORM
Description: Describes the target platform for the
build. The list of supported values for this variable
is defined in pegasus/mak/config.mak.
Default Value: None
| Platform |
Recommended Value
Development Build |
Recommended Value
Release Build |
| Linux IA32 |
LINUX_IX86_GNU |
LINUX_IX86_GNU |
| Linux IA64 |
LINUX_IA64_GNU |
LINUX_IA64_GNU |
| Linux X86_64 |
LINUX_X86_64_GNU |
LINUX_X86_64_GNU |
| HP-UX PA-RISC |
HPUX_PARISC_ACC |
HPUX_PARISC_ACC |
| HP-UX IPF |
HPUX_IA64_ACC |
HPUX_IA64_ACC |
| OpenVMS Alpha |
VMS_ALPHA_DECCXX |
VMS_ALPHA_DECCXX |
| OpenVMS IA64 |
VMS_IA64_DECCXX |
VMS_IA64_DECCXX |
Required: Yes
Considerations: The error "PEGASUS_PLATFORM
environment variable undefined." is returned if the PEGASUS_PLATFORM
environment variable is not set.
PEGASUS_REPOSITORY_MODE
Description: This variable defines the default mode used to
create repositories that are constructed as part of the automated build
tests. It does not affect the runtime environment. Valid values include: XML (causes
the repository to be built in XML mode); BIN (causes
the repository to be built in binary mode). Use cimconfig to
modify the runtime environment.
Default Value: XML
Recommended Value (Development Build): XML
Recommended Value (Release Build): XML
Required: No
PEGASUS_SNIA_EXTENSIONS
Description: This
variable is used to enable a set of workarounds that support the use of OpenPegasus
in the SNIA Test Environment.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: The functionality enabled with this
variable is experimental and subject to change.
PEGASUS_TEST_USER_DEFINED
Description: This variable is only used for testing. If this
variable is set, the tests will assume that the user "pegtest" is defined
as a valid user and can be used for certificate-based authentication
testing.
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Not Set
Required: No
PEGASUS_TEST_USER_ID/PEGASUS_TEST_USER_PASS
Description: These variables are only used for testing. These
variables allow the developer to define a valid, non-privileged user name and password
on the test system that can be used as part of the OpenPegasus automated
test scripts to perform authentication and authorization testing.
These variables are only used for testing and NOT part of the release.
Default Value: guest/guest
Recommended Value (Development Build): No Recommentation
Recommended Value (Release Build): Not Used
Required: No
PEGASUS_USE_DEBUG_BUILD_OPTIONS
Description: The PEGASUS_DEBUG flag is used to control a variety
of settings, including compile options, assertion enablement, method
definitions for testing, and diagnostic output. The
PEGASUS_USE_DEBUG_BUILD_OPTIONS variable can be used to enable just the
compiler specific debug options (e.g., -g in g++) .
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: This variable is automatically set
if PEGASUS_DEBUG is set.
PEGASUS_USE_EMANATE
Description: EMANATE,
http://www.snmp.com/products/emanate.html, is an SNMP Research
International product that supports SNMPv1, SNMPv2c, and SNMPv3. If the
PEGASUS_USE_EMANATE variable is defined, the
OpenPegasus SNMP Handler will use the EMANATE libraries to send traps to
the SNMP Management application. The EMANATE libraries are NOT
included as part of OpenPegasus.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Either the PEGASUS_USE_NET_SNMP or
PEGASUS_USE_EMANATE variable must be set for the SNMP Handler to be
supported.
PEGASUS_USE_NET_SNMP
Description: NET-SNMP,
http://net-snmp.sourceforge.net, is an OSS implementation of a
suite of applications used to implement
SNMP v1,
SNMP v2c and
SNMP v3 using both IPv4
and IPv6. If the PEGASUS_USE_NET_SNMP variable is defined, the
OpenPegasus SNMP Handler will use the NET-SNMP libraries to send traps to
the SNMP Management application. The NET-SNMP libraries are NOT
included as part of OpenPegasus.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Considerations: Either the PEGASUS_USE_NET_SNMP or
PEGASUS_USE_EMANATE variable must be set for the SNMP Handler to be
supported.
PEGASUS_USE_OPENSLP
Description: OpenSLP,
http://openslp.org, is an open-source implementation of
Service Location Protocol. If the PEGASUS_USE_OPENSLP variable is
defined, OpenPegasus will be built to use the OpenSLP implementation
of SLP instead of the internal OpenPegasus implementation of SLP.
The OpenSLP libaries are NOT included as part of OpenPegasus.
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Set
Required: No
Considerations:
PEGASUS_USE_PAM_STANDALONE_PROC
Description: Moves the processing of PAM requests from
the CIM Server process to a separate process managed by the
CIM Server.
Default Value: Not Set
Recommended Value (Development Build): Set
Recommended Value (Release Build): Set
Required: No
Considerations: If PAM Authentication is enabled, the PAM
API is used, during the processing of each request, to authenticate
the client. This level of use makes the CIM Server extremely
sensitive to memory leaks in the PAM library. In addition,
certain PAM modules are not thread-safe. If your platform
is experiencing problems with PAM Authentication, use of option
may provide a work-around. PEGASUS_USE_PAM_STANDALONE_PROC requires
PEGASUS_PAM_AUTHENTICATION to be set.
PEGASUS_USE_RELEASE_CONFIG_OPTIONS
Description:
If set, OpenPegasus is built using the "Release Build"
configuration options. By default, OpenPegasus is built using the
"Development Build" configuration options.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Set
Required: No
Considerations: (1)The PEGASUS_USE_RELEASE_CONFIG_OPTIONS variable allows a platform
vendor to easily toggle between two sets of configurations options, a set of
options tuned for the development/debug ("Development Build") environment and a set
of options tuned for the production environment
("Release Build"). Refer the section titled "Configuration
Properties" for additional detail. (2) For each configuration variable,
the "Recommended Value (Release Build)" value defines the recommended
settings to use for a "Release Build". Please refer to the
description of each variable for additional information.
PEGASUS_USE_RELEASE_DIRS
Description: If set, OpenPegasus is built using
the "Release Build" directory definitions. By default,
OpenPegasus is built using the "Development Build" directory
definitions.
Default Value: Not Set
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Set
Required: No
Considerations:
The PEGASUS_USE_RELEASE_DIRS variable allows a platform vendor to easily
toggle between two sets of directory definitions, a set tuned for the
development/debug ("Development Build") environment and a set
tuned for the production environment
("Release Build"). Refer the section titled "Configuration
Properties" for additional detail.
PEGASUS_USE_SYSLOGS
Description: If set, OpenPegasus will be built
to send log messages to the system logger (syslog).
Otherwise, log messages will be sent to OpenPegasus
specific log files.
Recommended Value (Development Build): Set
Recommended Value (Release Build): Set
Required: No
Considerations: This variable is currently
not implemented as an environment variable. To use
the option -DPEGASUS_USE_SYSLOGS must
be explicitly included in the appropriate platform
makefile (pegasus/mak/platform_*.mak).
PEGASUS_WINDOWS_SDK_HOME
Description: Thsi variable should be set to point
to the Microsoft Platform SDK on Windows if using a compiler
version [ 1300 (i.e. VC6). If using VC7 or VC8, this flag does
not need to be set, as the necessary libraries are already
included.
Recommended Value (Development Build): Not Set
Recommended Value (Release Build): Not Set
Required: No
Examples Building a Linux IA32 (#IA64) Development/Debug Version
export PEGASUS_ROOT=/home/pegasusbld/pegasus
export PEGASUS_HOME=/home/pegasusbld/pegasus/build
export PEGASUS_PLATFORM=LINUX_IX86_GNU
#export PEGASUS_PLATFORM=LINUX_IA64_GNU
export PEGASUS_PAM_AUTHENTICATION=true
export PEGASUS_USE_PAM_STANDALONE_PROC=true
export PEGASUS_HAS_SSL=yes
export OPENSSL_HOME=/usr/include/openssl
export PEGASUS_DEBUG=TRUEexport ENABLE_CMPI_PROVIDER_MANAGER=true
export PEGASUS_ENABLE_USERGROUP_AUTHORIZATION=true
export PEGASUS_USE_SYSLOGS=true
export PATH=/home/pegasusbld:/home/pegasusbld/pegasus/build/bin:/usr/local/bin:$PATH
Building a Linux IA32 (#IA64) Production Release Version
export PEGASUS_ROOT=/home/pegasusbld/pegasus
export PEGASUS_HOME=/home/pegasusbld/pegasus/build
export PEGASUS_PLATFORM=LINUX_IX86_GNU
#export PEGASUS_PLATFORM=LINUX_IA64_GNUexport PEGASUS_DISABLE_CQL=true
export PEGASUS_DISABLE_DEPRECATED_INTERFACES=true
export PEGASUS_PAM_AUTHENTICATION=true
export PEGASUS_USE_PAM_STANDALONE_PROC=true
export PEGASUS_HAS_SSL=yes
export OPENSSL_HOME=/usr/include/openssl
export PEGASUS_USE_RELEASE_CONFIG_OPTIONS=true
export PEGASUS_USE_RELEASE_DIRS=true
export PEGASUS_NOASSERTS=true
export ENABLE_CMPI_PROVIDER_MANAGER=true
export PEGASUS_ENABLE_USERGROUP_AUTHORIZATION=true
export PEGASUS_USE_SYSLOGS=true
export PATH=/home/pegasusbld:/home/pegasusbld/pegasus/build/bin:/usr/local/bin:$PATH
Environment Variable Settings for Running OpenPegasus 2.5.1
Definitions
PEGASUS_HOME
Description: There are multiple options for
configuring the location of OpenPegasus runtime
files (e.g., configuration files, libraries,
repository, executables). If no other option is
specified, OpenPegasus will attempt to use the value
PEGASUS_HOME.
Default Value: "."
Recommended Value (Development Build): The same value defined at build time.
Recommended Value (Release Build): Not Set
Required: No
Considerations: Although this variable can be useful in a
development environment use of this environment variable is not
recommended in a production environment. Instead, the use of
configuration properties to explicitly set the location of
runtime files and directories is recommended.
PEGASUS_MSG_HOME
Description: This value is not used by the CIM Server.
The CIM Server uses the messageDir configuration parameter to locate the directory
where the ICU resource bundles. However, CIM Client applications must rely on
an alternative mechanism to locate this directory.
Default Value: if $PEGASUS_HOME is set then "$PEGASUS_HOME/msg"
else "."
Recommended Value (Development Build): $PEGASUS_HOME/msg
Recommended Value (Release Build): Not Set
Required: No
Considerations: Use of the PEGASUS_MSG_HOME environment is not
recommended in a production environment, CIM Client application developers
are encouraged to use MessageLoader::setPegasusMsgHome(String home) to
explicitly set the directory where the ICU resource bundles are located.
Configuration Properties
Notation
This section describes the notation used to define the
configuration properties.
Default Value
The value of Default Value is the OpenPegasus
default setting for this configuration option. This
value is used if a platform-specific setting is not
defined.
Recommended Default Value
The PEGASUS_USE_RELEASE_CONFIG_OPTIONS variable allows a platform vendor
to easily toggle between two sets of configurations options, a set of options
tuned for the development/debug ("Development Build") environment and a set
of options tuned for the production environment
("Release Build"). The value of
Recommended Value (Development Build)
is the recommended default value for use in a development/
debug environment. The value of
Recommended Value (Release Build) is the recommended
default value for use in a production environment.
Recommend To Be Fixed/Hidden
Configuration options can be defined as fixed or
hidden. A "fix" configuration option is set at build time
and cannot be changed without rebuilding. "Fixed" configuration
options are not displayed using the cimconfig command. This
feature can be used by vendors to limit OpenPegasus
functionality and configurability.
A "hidden" configuration option is an option that is
configurable (i.e., "not fixed"), but not externally
advertised using the cimconfig command. The "hidden"
feature can be used to define "internal use only"
configuration options.
Dynamic?
If yes, the value of the configuration option can be
changed without stopping and restarting the CIM Server.
Directory Specifications
Note that the variables included in the following table
(e.g., $LOGDIR) are for documentation purposes only and have been defined to
simplify the description of the configuration options. In particular,
these variables DO NOT correspond to environment variables implemented in the
OpenPegasus code. Default values for the following variables are platform
and vendor dependent and not documented in this PEP.
| |
| $LOGDIR |
| $PROVIDERDIRS |
| $REPOSITORYDIR |
| $CERTIFICATEDIR |
| $LOCALAUTHDIR |
| $TRACEDIR |
| $CONFIGDIR |
| $PIDFILE |
| $RANDOMDIR |
| $SOCKETDIR |
| $MESSAGEDIR |
Definitions
authorizedUserGroups
Description: If
the authorizedUserGroups property is set, the value is interpreted as
a list of comma-separated user groups whose members may issue CIM requests.
A user who is not a member of any of these groups is restricted from issuing
CIM requests, with the exception of privileged users (root user). If the
authorizedUserGroups property is not set, any user may issue CIM
requests.
Default Value: blank
Recommended Default Value (Development Build): blank
Recommended Default Value (Release Build): blank
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Example: #
cimconfig -s authorizedUserGroups=users,systemusers -p
Considerations: This feature is available only when the
OpenPegasus source is compiled with the flag
PEGASUS_ENABLE_USERGROUP_AUTHORIZATION set.
daemon
Description: This option enables/disables forking of the
code to create a background daemon process.
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): true
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/Yes
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
enableAssociationTraversal
Description: If true, the CIM Server will support
the fourn association traversal operators: Associators,
AssociatorNames,References, and ReferenceNames.
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): true
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: There is still an outstanding
Provider Registration issues that restricts the degree to
which separate Providers can register for Associations.
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
enableAuthentication
Description: If true, a Client must be authenticated
to access the CIM Server.
Recommended Default Value (Development Build): false
Recommended Default Value (Release Build): true
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
enableBinaryRepository
enableHttpConnection
Description: If true, allows connections to
the CIM Server using the HTTP protocol
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations:
Enabling HTTP will allow clients to connect with security
properties different than those associated with encrypted SSL traffic, and
its configured SSL authentication or other security behavior.
This option should
only be enabled in environments where sending the HTTP Request and HTTP Response as
clear text messages does not introduce a security risk. Note that if authentication is enabled (enableAuthentication),
user names and passwords will be included in the text of the HTTP
message.
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
enableHttpsConnection
Description: If true, allows connections to
the CIM Server using the HTTPS protocol (HTTP using
Secure Socket Layer encryption)
Default Value: false
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): true
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: For this option to work,
the environment variable PEGASUS_HAS_SSL must have
been set when CIM Server was built.
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
enableIndicationService
Description: If true, the CIM Server will support
CIM Indications.
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): true
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
enableNamespaceAuthorization
Description: If true, the CIM Server restricts
access to namespaces based on configured user authorizations
[user authorizations may be configured using the cimauth command]
Default Value: false
Recommended Default Value (Development Build): false
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations:
This option offers limited functionality and, in most environments,
expensive to administer. It's use is not recommended.
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
enableNormalization
Description: If true, objects returned from instance providers
are validated and normalized.
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations:
- Any errors encountered during normalization result in a CIMException with
the status code set to CIM_ERR_FAILED and a meaningful, context specific error
description (messages will be localized). Providers that catch the exception
have an opportunity to handle the error. Otherwise, the exception is passed to
the Provider Manager and becomes the response for that Provider.
- Provider Modules that are listed on the excludeModulesFromNormalization
configuration option are excluded from normalization.
- Since the concept of normalization is relatively new to OpenPegasus and it
establishes and enforces rules for objects returned by providers, it should only
apply to providers written against the SDK in which it was introduced (or
later). Therefore only Provider Modules that have the following InterfaceType
and InterfaceVersion combination will be subject to normalization:
- 'C++Default' / 2.5.0 or greater
- 'CMPI' / 2.0.0 or greater
- 'JMPI' / 1.0.0 or greater
Source Configuration File: Pegasus/Config/NormalizationPropertyOwner.cpp
enableRemotePrivilegedUserAccess
Description: If true, the CIM Server allows
access by a privileged user from a remote system
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): true
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: Many management operations require
privileged user access. Disabling remote access by
privileged user could significantly affect functionality.
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
enableSSLExportClientVerification
Description: If true, the CIM Server allows HTTPS connection
for CIMExport requests on the port specified by the service name
"wbem-exp-https".
Default Value: false
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
enableSubscriptionsForNonprivilegedUsers
Description: If
true, operations (create instance, modify instance, delete instance, get
instance, enumerate instances, enumerate instance names) on indication
filter, listener destination, and subscription instances may be performed by
non-privileged users. Otherwise, these operations may only be performed on
these instances by privileged users.
Default Value: true
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: This option has meaning only if
enableIndicationService=true.
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
excludeModulesFromNormalization
Description: If the excludeModulesfromNormalization property
is set, the value is interpreted as a list of comma-separated Provider
Module names (as specified in PG_ProviderModule.Name) to exclude
from validation and normalization.
Default Value: ""
Recommended Default Value (Development Build): ""
Recommended Default Value (Release Build): ""
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: All objects managed by all providers will
be excluded from validation and normalization if its module name
appears in this list.
Source Configuration File: Pegasus/Config/NormalizationPropertyOwner.cpp
exportSSLTrustStore
Description: Specifies the location of the OpenSSL truststore
for Indications. Consistent with the OpenSSL implementation, a truststore
can be either a file or directory. If the truststore is a directory, all the
certificates within the directory are considered trusted.
Default Value: indication_trust.pem
Recommended Default Value (Development Build): indication_trust.pem
Recommended Default Value (Release Build): $CERTIFICATEDIR/indication_trust.pem
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
forceProviderProcesses
Description: If true, the CIM Server runs Providers in separate
processes rather than loading and calling Provider libraries directly within
the CIM Server process.
Default Value: Dependent on the value of PEGASUS_DEFAULT_ENABLE_OOP
Recommended Default Value (Development Build):true (HP-UX, Linux)
Recommended Default Value (Release Build): true (HP-UX, Linux)
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: In a dynamic, potentially multi-vendor, environment,
the ability to run Providers in separate processes can significantly
increase the stability, maintainability and supportability of the overall
solution. Running Providers in separate process spaces: (1) helps
isolate components (i.e., cimserver and Providers) from a catastrophic
failure (segmentation faults, memory leaks) of a single Provider and (2)
reduces the risk of accidental or malicious sharing of sensitive data among
Providers. This benefit comes at a cost. Moving Providers out of
the cimserver process increases communication costs and can significantly
increase response time. Actual results will vary, but it is common for
response times to increase by a factor of 2.
Note 1: When forceProviderProcesses is true, the CIM Server will load each
Provider Module (i.e., library) into a separate process. Providers in
different Provider Modules cannot depend on a communication mechanism that
requires them to run in the same process space.
Note 2: Although the catastrophic failure of an Out-Of-Process (OOP)
Provider Module will not result in a failure of the CIM Server process,
if the failed OOP Provider Module included Indication Providers, Indications
may be lost. If logging is enabled, the CIM Server will log a message
informing administrators of what happened and what corrective actions can be
taken.
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
home
Description: If set, this configuration option defines
the runtime default value for PEGASUS_HOME.
Default Value: "./"
Recommended Default Value (Development Build)"./"
Recommended Default Value (Release Build)""
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
httpPort
Description: OpenPegasus first attempts to look up the
port number for HTTP using getservbyname for the 'wbem-http' service.
The httpPort configuration setting is used only when the
getservbyname lookup fails.
Default Value: blank
Recommended Default Value (Development Build): blank
Recommended Default Value (Release Build): blank
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations: (1) The use of 5988 for WBEM HTTP is
recommended by the DMTF. This port has been registered with
IANA.
In a production environment, the recommendation is to use
/etc/services to configure the value of this port. (2)
With the release of OpenPegasus 2.5, the default values for httpPort was changed from 5988
to "". This
change was made to allow the OpenPegasus to differentiate between a default
setting of 5988 and a customer-defined setting of 5988. With this
change,
if the port number is explicitly set, the configured port will be used regardless
of the settings in /etc/services. If no port number is specified, the server
will continue to use the value in /etc/services.
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
httpsPort
Description:
OpenPegasus first attempts to look up the port number for HTTPS using
getservbyname for the 'wbem-https' service. The httpsPort configuration
setting is used only when the getservbyname lookup fails.
Default Value: blank
Recommended Default Value (Development Build): blank
Recommended Default Value (Release Build): blank
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations: (1)The use of 5989 for WBEM HTTPS is
recommended by the DMTF. This port has been registered with
IANA.
In a production environment, the recommendation is to use
/etc/services to configure the value of this port.(2)
With the release of OpenPegasus 2.5, the default values for httpPort was
changed from 5989 to "". This
change was made to allow the OpenPegasus to differentiate between a default
setting of 5989 and a customer-defined setting of 5989. With this
change,
if the port number is explicitly set, the configured port will be used regardless
of the settings in /etc/services. If no port number is specified, the server
will continue to use the value in /etc/services.
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
logdir
Description: Specifies the name of the directory
to be used for the OpenPegasus specific log files.
Recommended Default Value (Development Build): logs
Recommended Default Value (Release Build): $LOGDIR
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: Yes
Considerations:
Source Configuration File: Pegsus/Config/LogPropertyOwner.cpp
logLevel
Description: Defines the desired level of logging.
Valid values include: TRACE, INFORMATION, WARNING, SEVERE,
FATAL.
Default Value: "INFORMATION"
Recommended Default Value (Development Build): "INFORMATION"
Recommended Default Value (Release Build): "SEVERE"
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: Yes
Considerations:
Source Configuration File: Pegsus/Config/LogPropertyOwner.cpp
maxProviderProcesses
Description: Limits
the number of provider processes (see 'forceProviderProcesses) that may run
concurrently. A 'maxProviderProcesses' value of '0' indicates that the
number of Provider Agent processes is unlimited
Default Value: 0
Recommended Default Value (Development Build): 0
Recommended Default Value (Release Build): 0
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/Yes
Dynamic?: No
Considerations:
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
messageDir
Description: Specifies the name of the directory to be used for
the OpenPegasus translated messages.
Default Value: msg
Recommended Default Value (Development Build): msg
Recommended Default Value (Release Build): $MESSAGEDIR/msg
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations: Only used when message localization is enabled.
See PEGASUS_HAS_MESSAGES for details.
Source Configuration File: FileSystemPropertyOwner.cpp
providerDir
Description: Specifies the names of the directories
that contains Provider executables.
Recommended Default Value (Development Build): lib
Recommended Default Value (Release Build): $PROVIDERDIRS
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations: The CIM Server runs as a privileged user.
And, since Providers run in the same process space as the CIM
Server, Providers also have privileged access to the system.
Allowing a registered Provider’s executable to be replaced with
malicious code would result in a critical security defect,
giving a malicious user privileged access to the system.
Adminstrators are responsible for ensuring that only trusted Providers
are loaded into providerDir. In order to simplify the management
task associated with securing Provider executable, the value
of providerDir can be fixed at build time (i.e., set to one or more
fixed, well-known locations).
Source Configuration File: Pegasus/Config/FileSystemPropertyOwner.cpp
repositoryDir
Description: Specifies the name of the directory
to be used for the OpenPegasus repository.
Recommended Default Value (Development Build): repository
Recommended Default Value (Release Build): $REPOSITORYDIR/repository
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations:
Source Configuration File: Pegasus/Config/FileSystemPropertyOwner.cpp
repositoryIsDefaultInstanceProvider
Description: If true, the Repository functions
as the Instance Provider for all classes for which there
is not an explicitly registered Provider. This flag is
also used to control the behavior of the repository when
processing association operators.
Recommended Default Value (Development Build): true
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/Yes
Dynamic?: No
Considerations: This flag can be used to configure the CIM Server to allow
the Repository to be used by CIM Clients and CIM Providers as
a dynamic data store. The setting of this flag will
significantly affect CIM Server behavior as viewed
by the CIM Client.
The following issues should be considered when setting
repositoryIsDefaultInstanceProvider=true:
- Authorization. The repository has no concept of which users
(or components) are authorized to perform which operations.
- Appearance of instrumentation. A client application cannot
determine whether instrumentation exists for a given CIM class. For example,
imagine a client issues a CreateInstance operation on a Disk class for
which no provider is registered. The instance will be stored in the repository, and the client gets a "success" response. Does that mean a
disk device has been created on the server? Even worse, when another
client issues an EnumerateInstances operation, the spurious Disk instance
is returned. With repositoryIsDefaultInstanceProvider=false, the
CreateInstance operation above would have returned a NOT_SUPPORTED
error.
- Potential for inconsistent data. Using the repository as
a data cache increases the probability that a client will see stale
or incorrect data. A provider can better control the correlation
between the data returned and the current state of the underlying
managed resource (whether or not the provider caches the data).
The following issues should be considered when setting
repositoryIsDefaultInstanceProvider=false:
- Provider Availability. Certain Providers have been developed
to use the Repository as a dynamic data store. These Providers are
currently not supported on system where this flag is disabled. E.g., the Common
Diagnostics Model (CDM) Provider (http://developer.intel.com/design/servers/cdm/)
relies on use of the Repository to store instances
of CIM_DiagnosticSetting. If this flag set to false, this Provider
will not function correctly. Note that this feature is supported by other WBEM implementation.
Therefore, disabling this feature can increase the cost of migrating
existing Providers to OpenPegasus.
Source Configuration File: Pegasus/Config/RepositoryPropertyOwner.cpp
shutdownTimeout
Description: When a cimserver -s shutdown command is issued,
specifies the maximum time in seconds for the CIM Server to
complete outstanding CIM operation requests before shutting down;
if the specified timeout period expires, the CIM Server will shut
down, even if there are still CIM operations in progress.
Minimum value is 2 seconds.
Recommended Default Value (Development Build): 10
Recommended Default Value (Release Build): 10
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: Yes
Considerations:
Source Configuration File: Pegasus/Config/ShutdownPropertyOwner.cpp
slp
Description: When set to true, OpenPegasus activates an SLP SA
and issues DMTF defined SLP advertisements to this SA on startup.
Default Value: false
Recommended Default Value (Development Build): false
Recommended Default Value (Release Build): false
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/DefaultPropertyTableLinux.h |
| HP-UX |
Pegasus/Config/DefaultPropertyTableHpux.h |
| OpenVMS |
Pegasus/Config/DefaultPropertyTableVms.h |
sslCertificateFilePath
Description: Contains the CIM Server SSL Certificate.
Recommended Default Value (Development Build): server.pem
Recommended Default Value (Release Build): $CERTIFICATEDIR/server.pem"
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations:For a more detailed look at SSL options and their
ramifications, please see the SSL guidelines.
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
sslClientVerificationMode
Description: Describes the desired level of support for
certificate-based authentication.
- “required” –
The server requires certificate-based client authentication. A client
MUST present a trusted certificate in order to access the CIM Server. If the client fails to send a certificate or
sends an untrusted certificate, the connection will be rejected.
- “optional” –
The server supports, but does not require, certificate-based client
authentication. The server will request and attempt to validate a client certificate,
however the connection will be accepted even if no certificate is sent or an untrusted
certificate is sent. The server will then seek to authenticate the client
via an authentication header.
- “disabled” – The server does not support certificate-based
client authentication.
Recommended Default Value (Development Build): optional
Recommended Default Value (Release Build): disabled
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: (1)
This property is only used if enableHttpsConnection is
"true".(2) If the platform does not support
PEGASUS_LOCAL_DOMAIN_SOCKET, OpenPegasus attempts to use either HTTPS or
HTTP to establish a local connection (connectLocal). For platforms
that do not support PEGASUS_LOCAL_DOMAIN_SOCKET, Clients which use
connectLocal, such as cimconfig -l -c, cimprovider -l -s and cimserver -s,
will not work if the "sslClientVerificationMode" variable is set to
"required" and HTTP is disabled. For these platforms, the recommended
course of action is to change the property value to "optional."
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
sslKeyFilePath
Description: Contains the private key for the CIM Server SSL Certificate.
Recommended Default Value (Development Build): file.pem
Recommended Default Value (Release Build): $CERTIFICATEDIR/file.pem
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Considerations: File should be readable only by the user the cimserver is
running as and/or privileged users. The file should be writeable only by a
privileged user.
Source Configuration File: Pegasus/Config/SecurityPropertyOwner.cpp
sslTrustStore
Description: Specifies the location of the OpenSSL truststore.
Consistent with the OpenSSL implementation, a truststore can be either a
file or directory.
If the truststore is a directory, all the certificates
within the directory are considered trusted.
Recommended Default Value (Development Build): client.pem
Recommended Default Value (Release Build): $CERTIFICATEDIR/client.pem
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: No
Source Configuration File: Pegsus/Config/SecurityPropertyOwner.cpp
sslTrustStoreUserName
Specifies the system user name to be associated
with all certificate-based authenticated requests.
Recommended Default Value (Development Build): NONE
Recommended Default Value (Release Build): NONE
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/No
Dynamic?: No
Considerations: This
property has no default; for security reasons, the system administrator must
explicitly specify this value. This feature allows a single user name to
be specified. This user will be associated with all certificates in the
truststore. In the future, OpenPegasus will allow a system administrator
to associate a distinct user name with each certificate.
Source Configuration File: Pegsus/Config/SecurityPropertyOwner.cpp
traceComponents
Defines the components to be traced.
Default Value: ""
Recommended Default Value (Development Build): ""
Recommended Default Value (Release Build): ""
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/Yes
Dynamic?: Yes
Source Configuration File: Pegasus/Config/TracePropertyOwner.cpp
traceFilePath
Specifies the location of the OpenPegasus trace
file.
Default Value: cimserver.trc
Recommended Default Value (Development Build): cimserver.trc
Recommended Default Value (Release Build): $TRACEDIR/cimserver.trc
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): Yes
Dynamic?: Yes
Source Configuration File: Pegasus/Config/TracePropertyOwner.cpp
traceLevel
Description: Defines the desired level of tracing.
Valid values include: 1, 2, 3, 4, 5.
Default Value: 1
Recommended Default Value (Development Build): 1
Recommended Default Value (Release Build): 1
Recommend To Be Fixed/Hidden (Development Build): No/No
Recommend To Be Fixed/Hidden (Release Build): No/Yes
Dynamic?: Yes
Source Configuration File: Pegasus/Config/TracePropertyOwner.cpp
Configuration Constants
Definitions
static char CURRENT_CONFIG_FILE [] =
Default file name for the current configuration file.
Recommended
Default Value (Development Build): cimserver_current.conf
Recommended Default Value (Release Build): $CONFIGDIR/cimserver_current.conf
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/ConfigFileDirLinux.h |
| HP-UX |
ConfigFileDirHpux.h |
| OpenVMS |
Pegasus/Config/ConfigFileDirVms.h |
static char PLANNED_CONFIG_FILE [] =
Description: Default file name for the planned configuration file.
Recommended Default Value (Development Build): cimserver_planned.conf
Recommended Default Value (Release Build): $CONFIGDIR/cimserver_planned.conf
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/ConfigFileDirLinux.h |
| HP-UX |
Pegasus/Config/ConfigFileDirHpux.h |
| OpenVMS |
Pegasus/Config/ConfigFileDirVms.h |
static char CIMSERVER_START_FILE [] =
Description: This is for the default file name for the cimserver startup
file containing the PID.
Default Value: /tmp/cimserver_start.conf
Recommended Default Value (Development Build): /tmp/cimserver_start.conf
Recommended Default Value (Release Build): $PIDFILE
Dynamic?: No
| Platform |
Source Configuration File |
| Linux |
Pegasus/Config/ConfigFileDirLinux.h |
| HP-UX |
Pegasus/Config/ConfigFileDirHpux.h |
| OpenVMS |
Pegasus/Config/ConfigFileDirVms.h |
Configuration Macros
Definitions
PEGASUS_SSLCLIENT_CERTIFICATEFILE
Description:
Recommended Default Value (Development Build): client.pem
Recommended Default Value (Release Build): $CERTIFICATEDIR/client.pem
Dynamic?: No
Source Configuration File: Pegasus/Common/Constants.h
PEGASUS_SSLCLIENT_RANDOMFILE
Description: On platforms that do not support /dev/random or
/dev/urandom, OpenSSL will use this file to seed the PRNG (Pseudo-Random
Number Generator). This PEGASUS_SSLCLIENT_RANDOMFILE defines the default CIM
Client random file.
Recommended Default Value (Development Build): ssl.rnd
Recommended Default Value (Release Build): $RANDOMDIR/ssl.rnd
Dynamic?: No
Considerations: Use of this variable requires PEGASUS_HAS_SSL to be set. CIM Client use of a shared random file is
not recommended. On systems where /dev/random or /dev/urandom are not
available, CIM Clients are encouraged to generate a unique random file which
contains sufficient entropy.
Source Configuration File: Pegasus/Common/Constants.h
PEGASUS_SSLSERVER_RANDOMFILE
Description: On platforms that do not support /dev/random or
/dev/urandom, OpenSSL will use this file to seed the PRNG (Pseudo-Random
Number Generator). This PEGASUS_SSLSERVER_RANDOMFILE defines the CIM Server
random file.
Recommended Default Value (Development Build): cimserver.rnd
Recommended Default Value (Release Build): $RANDOMDIR/cimserver.rnd
Dynamic?: No
Considerations: (1)Use of this variable requires PEGASUS_HAS_SSL to be set.
(2) On systems where /dev/random or /dev/urandom are not
available, CIM Server vendors need to be sure that the cimserver.rnd file
contains sufficient entropy and is uniquely generated for each system.
Source Configuration File: Pegasus/Common/Constants.h
PEGASUS_LOCAL_AUTH_DIR
Description: For local connections (i.e., connectLocal), OpenPegasus
uses a file-based authentication mechanism.
Recommended Default Value (Development Build): /tmp
Recommended Default Value (Release Build): $LOCALAUTHDIR/localauth
Dynamic?: No
Source Configuration File: Pegasus/Common/Constants.h
PEGASUS_LOCAL_DOMAIN_SOCKET_PATH
Description:
Recommended Default Value (Development Build): /tmp/cimxml.socket
Recommended Default Value (Release Build): $SOCKETDIR/cimxml.socket
Dynamic?: No
Source Configuration File: Pegasus/Common/Constants.h
Version History
| Version |
Date |
Author |
Change Description |
| 1.0 |
05 Oct 2005 |
Denise Eckstein |
Initial Submission based on PEP 200. |
| 1.1 |
01 Feb 2006 |
Denise Eckstein |
Added entries for PEGASUS_DISABLE_INSTANCE_QUALIFIERS,
PEGASUS_USE_DEBUG_BUILD_OPTIONS, PEGASUS_DEFAULT_ENABLE_OOP,
PEGASUS_DISABLE_PRIVILEGED_TESTS, PEGASUS_TEST_USER_DEFINED,
PEGASUS_USE_EMANATE, PEGASUS_EMANATE_INCLUDE_DIR, PEGASUS_EMANATE_LIB_DIR,
PEGASUS_NET_SNMP_INCLUDE_DIR, PEGASUS_NET_SNMP_LIB_DIR.
Added "Terminology Notes" section.
Changed Recommended Default Value (Release Build) for
PEGASUS_DISABLE_PERFINST to Set.
Removed columns in table describing platform/vendor specific
directory locations.
|
| 1.2 |
17 Feb 2006 |
Denise Eckstein |
Added entries for PEGASUS_CLASS_CACHE_SIZE, PEGASUS_USE_OPENSLP,
PEGASUS_OPENSLP_HOME, PEGASUS_TEST_USER_ID, PEGASUS_TEST_USER_PASSWORD,
PEGASUS_TEST_USER_ID/PEGASUS_TEST_USER_PASS
Marked PEGASUS_DISABLE_SLP and not supported and updated the
description of PEGASUS_ENABLE_SLP.
Added 2006 Copyright.
|
| 1.3 |
17 Feb 2006 |
Denise Eckstein |
Added Note to Security "Considerations" section.
|
| 1.4 |
01 Mar 2006 |
Denise Eckstein |
Made editorial change to the PEGASUS_ENABLE_SSLV2 "Considerations"
comment and PEGASUS_ENABLE_USERGROUP_AUTHORIZATION "Description".
Added "Considerations" section to definitions of
PEGASUS_DEFAULT_ENABLE_OOP and forceProviderProcesses. |
| 1.5 |
09 Mar 2006 |
Denise Eckstein |
Minor editing changes to forceProviderProcesses "Considerations" section.
|
| 1.6 |
13 Mar 2006 |
Denise Eckstein |
Added Note to forceProviderProcesses "Considerations" section.
Added a comment to the "Considerations" section of PEGASUS_EMANATE_INCLUDE_DIR
and PEGASUS_EMANATE_LIB_DIR to refer to the description of PEGASUS_USE_EMANATE
of additional details.
Added reference to configuration options enableNormalization and
excludeModulesFromNormalization to the "Considerations" section of PEGASUS_ENABLE_OBJECT_NORMALIZER. |
| 1.7 |
19 Mar 2006 |
Denise Eckstein |
Added second Note to forceProviderProcesses "Considerations" section.
|
| 1.8 |
22 Mar 2006 |
Denise Eckstein |
Changed named of environment variable from PEGASUS_ENABLE_OBJECT_NORMALIZER to
PEGASUS_ENABLE_OBJECT_NORMALIZATION. In description, changed
value of enableNormalization from 'yes' to 'true'.
Added descriptions for enableNormalization and excludeModulesFromNormalization configuration options.
Changed values for forceProviderProcesses to be consistent with
PEGASUS_DEFAULT_ENABLE_OOP values.
Per Ballot Discussion fixed typo in description of PEGASUS_ENABLE_OBJECT_NORMALIZER and
authorizedUserGroups.
APPROVED - Ballot 114 - March 24, 2006
|
Copyright (c) 2004 EMC Corporation; Hewlett-Packard Development Company, L.P.; IBM Corp.; The Open Group; VERITAS Software Corporation
Copyright (c) 2006 Hewlett-Packard Development
Company, L.P.; IBM Corp.; EMC Corporation; Symantec Corporation; The Open Group.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including without
limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software, and to permit persons to whom
the Software is furnished to do so, subject to the following conditions:
THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN ALL
COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
"AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Template last modified: January 20th 2004 by Martin Kirk
Template version: 1.6