From b28ba46980257d8cb4f3d915842cf83a2fbc125a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= Date: Tue, 24 Sep 2013 08:51:22 +0200 Subject: [PATCH] Add redirect.conf, with comments --- etc/openwsman.conf | 13 ++++++++++++ etc/redirect.conf | 53 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 etc/redirect.conf diff --git a/etc/openwsman.conf b/etc/openwsman.conf index 8888bd157..1cd2f585c 100644 --- a/etc/openwsman.conf +++ b/etc/openwsman.conf @@ -4,6 +4,7 @@ # ################################## [server] +# port to accept http requests port = 5985 # @@ -26,10 +27,18 @@ port = 5985 ipv4 = yes ipv6 = yes +# port to accept https requests #ssl_port = 5986 + +# the openwsman server certificate file, in .pem format ssl_cert_file = /etc/openwsman/servercert.pem +# the openwsman server private key, in .pem format ssl_key_file = /etc/openwsman/serverkey.pem + +# set these to enable digest authentication against a local datbase #digest_password_file = /etc/openwsman/digest_auth.passwd + +# set these to enable basic authentication against a local datbase #basic_password_file = /etc/openwsman/simple_auth.passwd min_threads = 4 @@ -101,3 +110,7 @@ verify_cert = no # boolean # omit_schema_optional = 0 + +# Redirect module, see redirect.conf for details +#[redirect] +#include='/etc/openwsman/redirect.conf' diff --git a/etc/redirect.conf b/etc/redirect.conf new file mode 100644 index 000000000..baba3e504 --- /dev/null +++ b/etc/redirect.conf @@ -0,0 +1,53 @@ +################################## +# +# settings for the Redirect plugin +# (WS-Management forwarding) +# +# This module can proxy/forward/redirect requests to another WS-Management server +# A typical scenario is Dell's "Integrated Dell Remote Access Controller" (iDRAC) +# which acts as a baseboard management controller (out of band management) but has +# it's own network configuration. +# +# The redirect plugin allows the host to forward WS-Management request to this +# controller. For the client, in-band (talking to host) and out of band (talking +# to iDrac) only differs in the resource URI. +################################## + +# server to redirect to +server='hostname-or-ip' +# port for server +port=443 + +# resource URI prefix, must be different from known prefixes +resource='http://schemas.dell.com/wbem/wscim/1/cim-schema/2' + +# credentials for the remote server +username='user' +password='pass' +authentication_method='basic' + +# path for SOAP requests +url_path='/wsman' + +cim_namespace='root/cimv2' + +# empty: http, non-empty: https +# +# Pass a string naming a file holding one or more certificates to verify the peer with. +# This makes sense only when used in combination with the noverifypeer=0 option +# If noverifypeer=1, cacert need not even indicate an accessible file. +cacert='dummy.pem' + +# if certificates need to be verified +noverifypeer=1 +noverifyhost=1 + +# File of the private key, in .pem format +sslkey= + +# File of your certificate, in .pem format +# With NSS or Secure Transport, this can also be the nickname of the certificate you wish +# to authenticate with as it is named in the security database. +# If you want to use a file from the current directory, please precede it with "./" prefix, +# in order to avoid confusion with a nickname. +cl_cert=