Add redirect.conf, with comments

Openwsman · Sep 24, 2013 · b28ba46 · b28ba46
1 parent f9ce59e
commit b28ba46
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 0 deletions.
diff --git a/etc/openwsman.conf b/etc/openwsman.conf
@@ -4,6 +4,7 @@
 #
 ##################################
 [server]
+# port to accept http requests
 port = 5985
 
 #
@@ -26,10 +27,18 @@ port = 5985
 ipv4 = yes
 ipv6 = yes
 
+# port to accept https requests
 #ssl_port = 5986
+
+# the openwsman server certificate file, in .pem format
 ssl_cert_file = /etc/openwsman/servercert.pem
+# the openwsman server private key, in .pem format
 ssl_key_file = /etc/openwsman/serverkey.pem
+
+# set these to enable digest authentication against a local datbase
 #digest_password_file = /etc/openwsman/digest_auth.passwd
+
+# set these to enable basic authentication against a local datbase
 #basic_password_file = /etc/openwsman/simple_auth.passwd
 
 min_threads = 4
@@ -101,3 +110,7 @@ verify_cert = no
 
 # boolean
 # omit_schema_optional = 0
+
+# Redirect module, see redirect.conf for details
+#[redirect]
+#include='/etc/openwsman/redirect.conf'
diff --git a/etc/redirect.conf b/etc/redirect.conf
@@ -0,0 +1,53 @@
+##################################
+#
+# settings for the Redirect plugin
+# (WS-Management forwarding)
+#
+# This module can proxy/forward/redirect requests to another WS-Management server
+# A typical scenario is Dell's "Integrated Dell Remote Access Controller" (iDRAC)
+# which acts as a baseboard management controller (out of band management) but has
+# it's own network configuration.
+#
+# The redirect plugin allows the host to forward WS-Management request to this
+# controller. For the client, in-band (talking to host) and out of band (talking
+# to iDrac) only differs in the resource URI.
+##################################
+
+# server to redirect to
+server='hostname-or-ip'
+# port for server
+port=443
+
+# resource URI prefix, must be different from known prefixes
+resource='http://schemas.dell.com/wbem/wscim/1/cim-schema/2'
+
+# credentials for the remote server
+username='user'
+password='pass'
+authentication_method='basic'
+
+# path for SOAP requests
+url_path='/wsman'
+
+cim_namespace='root/cimv2'
+
+# empty: http, non-empty: https
+#
+# Pass a string naming a file holding one or more certificates to verify the peer with.
+# This makes sense only when used in combination with the noverifypeer=0 option
+# If noverifypeer=1, cacert need not even indicate an accessible file.
+cacert='dummy.pem'
+
+# if certificates need to be verified
+noverifypeer=1
+noverifyhost=1
+
+# File of the private key, in .pem format
+sslkey=
+
+# File of your certificate, in .pem format
+# With NSS or Secure Transport, this can also be the nickname of the certificate you wish
+# to authenticate with as it is named in the security database.
+# If you want to use a file from the current directory, please precede it with "./" prefix,
+# in order to avoid confusion with a nickname.
+cl_cert=