Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance.
RPM and DEB packages are provided for the installation of OMI on most enterprise Linux distributions. To install OMI, download the correct package for your Linux computer. Choose from:
- 32-bit (x86) or 64-bit (x64) architecture
- OpenSSL version 0.9.8, 1.0.x or 1.1.x (to determine your OpenSSL version, run:
openssl version) - RPM or Debian package format
You can download and install OMI from the Releases page. While version numbers change from release to release, the following downloads illustrates the package types for OMI:
| Platform | Release | Architecture | SSL | Filename |
|---|---|---|---|---|
| Linux | Debian | x64 | 1.1.0 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_110.ulinux.x64.deb |
| Linux | Debian | x64 | 1.0.0 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_100.ulinux.x64.deb |
| Linux | Debian | x64 | 0.9.8 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_098.ulinux.x64.deb |
| Linux | RPM | x64 | 1.1.0 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_110.ulinux.x64.rpm |
| Linux | RPM | x64 | 1.0.0 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_100.ulinux.x64.rpm |
| Linux | RPM | x64 | 0.9.8 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_098.ulinux.x64.rpm |
| Linux | Debian | x86 | 1.0.0 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_100.ulinux.x86.deb |
| Linux | Debian | x86 | 0.9.8 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_098.ulinux.x86.deb |
| Linux | RPM | x86 | 1.0.0 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_100.ulinux.x86.rpm |
| Linux | RPM | x86 | 0.9.8 | omi-MAJOR.MINOR.PATCH-BUILD.ssl_098.ulinux.x86.rpm |
Note: MAJOR, MINOR, PATCH, and BUILD refer to the version number information for the specific version of OMI that you wish to install.
Alternatively, you can now also download from Microsoft Repo. Instructions
on setting this up can be found here. Follow the instructions for your platform. You can then use your platform's package tool to install OMI (i.e. sudo apt-get install omi or sudo yum install omi).
The latest version of all supported platform packages can also be found here, but where possible we recommend downloading from the Microsoft Repo.
We support most modern Linux platforms (and some that aren't so modern). That said, our formal tested matrix of Linux platforms includes the following:
- CentOS 5, 6, and 7 (x86 and x64)
- Debian 6, 7, 8 (x86 and x64) and Debian 9 x64
- Oracle Linux 5, 6, and 7 (x86 and x64)
- Red Hat Enterprise Linux Server 5 and 6, and 7 (x86 and x64)
- Note: Red Hat 7.1 or later also runs on the PPC platform
- SUSE Linux Enterprise Server 10, 11, and 12 (x86 and x64)
- Ubuntu 12.04 LTS, 14.04 LTS, and 16.04 LTS (x86 and x64)
As well as the Linux platforms supported, OMI is also tested to work on the following platforms:
- AIX 6.1 and 7.1
- HPUX 11.31 (ia64 only)
- Solaris 10 and 11 (Sparc and x86)
- For RPM based systems (RedHat, Oracle, CentOS, SuSE):
sudo rpm -Uvh ./omi-1.3.0-2.ssl_100.ulinux.x64.rpm
- For DPKG based systems (Debian, Ubuntu, etc.):
sudo dpkg -i ./omi-1.3.0-2.ssl_100.ulinux.x64.deb
Note: 1.3.0-2 is just an example, you should use the latest release version of OMI.
To download the source code to OMI for build purposes or to further develop OMI, please see repository Build-omi.
- Setup of credentials for NTLM authentication is covered in setup-ntlm-omi
- Setup of credentials for Kerberos authentication is covered in setup-kerberos-omi
Installing OMI configures a daemon named "omid" which can be
controlled with standard service controllers: service or
systemctl. Additionally, a service control script can be found at:
/opt/omi/bin/service_control
Restarting OMI: sudo /opt/omi/bin/service_control restart
To test that OMI is functional locally, the omicli command be used:
sudo /opt/omi/bin/omicli ei root/omi OMI_Identify
This command enumerates all instances of the OMI_Identify class in the root/omi namespace.
OMI's server configuration is set in the file:
/etc/opt/omi/conf/omiserver.conf. Important configuration
properties include:
| Property | Purpose |
|---|---|
| httpsport | The HTTPs port(s) to listen on. The default is 5986. Multiple ports can be defined as a comma-separated list |
| httpport | The HTTP port to listen on. It is recommended that HTTP remain disabled (httpport=0) to prevent unencrypted communication |
| loglevel | The logging option for MI server. Valid options are: ERROR, WARNING, INFO, DEBUG, VERBOSE (debug build), default value is: WARNING |
| agentDebugging | When true, each provider runs in its own omiagent process; when false, all providers run in same omiagent process, default value is: false. |
| AuthorizedGroups | Setting for authorized user groups, for example: AuthorizedGroups=SCX\scx local admins, SCX\domain users, omi_allowed_group; its format is separated by commas, please check Allow Deny Handling for more detail. |
| UnauthorizedGroups | Setting for unauthorized user groups, for example: UnauthorizedGroups=SCX\denied domain users, omi_denied_group; its format is separated by commas, please check Allow Deny Handling for more detail. |
| pemfile | The certificate to use for TLS/SSL communication |
| keyfile | The private key that corresponds to the TLS/SSL certificate |
| NoSSLv2 | When true, the SSLv2 protocol is disabled |
| NoSSLv3 | When true, the SSLv3 protocol is disabled. If NoSSLv2 and NoSSLv3 are both set to true, only TLS encryption will be negotiated |
| NoTLSv1_0 | When true, the TLSv1.0 protocol is disabled |
| NoTLSv1_1 | When true, and if available on the platform, the TLSv1.1 protocol is disabled |
| NoTLSv1_2 | When true, and if available on the platform, the TLSv1.2 protocol is disabled |
| sslciphersuite | The prioritized list of allowed SSL/TLS ciphers. For example, set sslciphersuite=ALL:!SSLv2:!SSLv3:!TLSv1:!RC4-MD5:!RC4-SHA:!SEED-SHA in /etc/opt/omi/conf/omiserver.conf to disable all SSLv2,SSLv3,TLSv1 ciphers and 3 weak ciphers: RC4-MD5,RC4-SHA,SEED-SHA; then run sudo /opt/omi/bin/service_control restart to take effect, for more information, check man ciphers or search internet with openssl man ciphers |
Similar to configuring the server, the client configuration file is located at /etc/opt/omi/conf/omicli.conf.
/opt/omi/bin/omicli ei root/omi OMI_Identify --auth Basic --hostname yourlinuxhostname -u root -p rootpwd --port 5985
/opt/omi/bin/omicli ei root/cimv2 Win32_Environment --auth Basic --hostname yourwinmachine -u administrator -p adminpassword --port 5985
winrm enumerate http://schemas.microsoft.com/wbem/wscim/1/cim-schema/2/OMI_Identify?__cimnamespace=root/omi -r:http://yourlinuxhostname:5985 -auth:Basic -u:root -p:"rootpassword" -skipcncheck -skipcacheck -encoding:utf-8 -unencrypted
Note: If your root password contains escaped character like 'rootpa^ssword', you need to use double quotes like -p:"rootpa^ssword" for winrm on Windows. These escaped characters need to use double quotes after '-p:' :
%^&<>|'`,;=()!"\[].*?
OMI Provider examples:
| Provider Name | Official Site |
|---|---|
| PowerShell Desired State Configuration - for Linux | DSC |
| System Center Cross Platform Provider for Operations Manager | SCXcore |
| PowerShell Remoting Protocol | PSRP |
| Docker Monitoring Agent for OMI Server | Docker Provider |
| MySQL Monitoring Agent for OMI Server | MySQL Provider |
| Apache Monitoring Agent for OMI Server | Apache Provider |
| Python Script Provider for OMI Server | Python Provider |
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
