focal (1) pmproxy.1.gz

Provided by: pcp_5.0.3-1_amd64 bug

NAME

       pmproxy - proxy for performance metrics collector and querying

SYNOPSIS

       pmproxy  [-Aft?]   [-C  dirname] [-i ipaddress] [-l logfile] [-L bytes] [-M certname] [-p port[,port ...]
       [-P passfile] [-U username] [-x file]

DESCRIPTION

       pmproxy acts as a protocol proxy, allowing Performance Co-Pilot (PCP) monitoring clients  to  connect  to
       one or more pmcd(1) and/or redis-server(1) instances via pmproxy.

       In its default mode of operation, on platforms supporting this, pmproxy provides the REST API for all PCP
       services (see  PMWEBAPI(3)  for  details)  and  interfaces  to  the  fast,  scalable  time  series  query
       capabilities offered by PCP in conjunction with a redis-server(1) (see pmseries(1) for details).

       pmproxy  can  be  deployed  in  a  firewall  domain, or on a cluster ``head'' node where the IP (Internet
       Protocol) address of the hosts where pmcd and/or redis-server are running  may  be  unknown  to  the  PCP
       monitoring  clients,  but  where  the  IP  address of the host running pmproxy is known to these clients.
       Similarly, the clients may have network connectivity only to the host where  pmproxy  is  running,  while
       there  is network connectivity from that host to the hosts of interest where pmcd and/or redis-server are
       running.

       The behaviour of the PCP monitoring clients is controlled by either the PMPROXY_HOST environment variable
       or  through  the  extended  hostname  specification  (see  PCPIntro(1) for details).  If neither of these
       mechanisms is used, clients will make their PMAPI(3) connections directly to pmcd.  If the proxy hostname
       syntax is used or PMPROXY_HOST is set, then this should be the hostname or IP address of the system where
       pmproxy is running, and the clients will connect to pmcd or redis-server indirectly through the  protocol
       proxy services of pmproxy.

OPTIONS

       The available command line options are:

       -A   Disable service advertisement.  By default, pmproxy will advertise its presence on the network using
            any available mechanisms (such as Avahi/DNS-SD), assisting remote monitoring tools with finding  it.
            These mechanisms are disabled with this option.

       -c file, --config=file
            Specify   the   path   to   an  optional  configuration  file,  with  format  as  described  in  the
            ``CONFIGURATION'' section.  This option implies pmproxy is running in timeseries mode.

       -C dirname, --certpath=dirname
            Specify the path to the Network  Security  Services  certificate  database,  for  (optional)  secure
            connections.   This  option  implies  pmproxy  is  running  in  deprecated  mode.   The  default  is
            /etc/pki/nssdb.  Refer also to the -P option.  If it does not already exist, this  database  can  be
            created  using  the  certutil  utility.   This  process  and  other certificate database maintenance
            information is provided in the PCPIntro(1) manual page and the online PCP tutorials.

       -d, --deprecated
            By default pmproxy prefers to run in the new timeseries  mode,  providing  REST  APIs,  asynchronous
            network  I/O,  scalable  time  series,  and  secure  connections  using  OpenSSL.   However,  legacy
            deployments may wish to use the original synchronous pmproxy implementation  using  NSS  and  libpcp
            networking;  this  can  be achieved using this option.  Note that the -d and -t options are mutually
            exclusive.

       -f, --foreground
            By default pmproxy is started as a daemon.  The -f option  indicates  that  it  should  run  in  the
            foreground.  This is most useful when trying to diagnose problems with establishing connections.

       -h host, --redishost=host
            Specify an alternate Redis host to connect to for time series querying, overriding any configuration
            file settings.  This option implies pmproxy is running in timeseries mode.

       -i ipaddress
            This option is usually only used on hosts with more than one  network  interface  (very  common  for
            firewall  and  ``head''  node hosts where pmproxy is likely to be deployed to arbitrate access to an
            internal network).  If no -i options are specified pmproxy accepts PCP client connections on any  of
            its  host's IP addresses.  The -i option is used to specify explicitly an IP address that PCP client
            connections should be  accepted  on.   ipaddress  should  be  in  the  standard  dotted  form  (e.g.
            100.23.45.6).   The -i option may be used multiple times to define a list of IP addresses.  When one
            or more -i options is specified, attempted connections made  on  any  other  IP  addresses  will  be
            refused.

       -l file, --log=file
            By  default  a log file named pmproxy.log is written in the current directory.  The -l option causes
            the log file to be written to a given file instead of the default.  If this file cannot  be  created
            or is not writable, output is written to the standard error instead.

       -L bytes
            PDUs received by pmproxy from PCP monitoring clients are restricted to a maximum size of 65536 bytes
            by default to defend against Denial of Service attacks.  The -L option may be  used  to  change  the
            maximum incoming PDU size.

       -M name, --certname=name
            By  default  pmproxy  will  try  to use a certificate called PCP Collector certificate in its server
            role.  The -M option allows this certficate name to be changed.   This  option  implies  pmproxy  is
            running in deprecated mode.

       -p port, --redisport=port
            Specify  an  alternate  Redis  port  number  to  connect to for time series querying, overriding any
            configuration file settings.  This option implies pmproxy is running in timeseries mode.

       -P file, --passfile=file
            Specify the path to a file containing the Network Security Services  certificate  database  password
            for  (optional)  secure  connections,  and  for  databases that are password protected.  This option
            implies pmproxy is running in deprecated mode.  Refer also  to  the  -C  option.   When  using  this
            option,  great  care should be exercised to ensure appropriate ownership ("pcp" user, typically) and
            permissions on this file (0400, so as to be unreadable by any user other than the user  running  the
            pmproxy process).

       -s sockname, --socket=sockname
            Specify  the  path to a local unix domain socket (for platforms supporting this socket family only).
            The default value is  $PCP_RUN_DIR/pmproxy.socket.   This  option  implies  pmproxy  is  running  in
            timeseries mode.

       -t, --timeseries
            Operate  in  automatic  archive  timeseries  discovery mode.  This mode of operation will enable the
            PMWEBAPI(3) REST APIs, detect system archives created by pmlogger(1) and import them into  a  redis-
            server(1) automatically, for fast, scalable time series querying described in pmseries(1).

       -U user, --username=user
            Assume the identity of the given user before starting to accept incoming packets from PCP monitoring
            clients.

       -x file
            Before the pmproxy logfile can be opened, pmproxy may encounter a fatal error which prevents it from
            starting.   By default the output describing this error is sent to /dev/tty but it may redirected to
            file.

CONFIGURATION

       When running in the timeseries mode  of  operation,  runtime  configuration  is  relatively  complex  and
       typically handled via the $PCP_SYSCONF_DIR/pmproxy/pmproxy.conf file.  This file is in the common ``ini''
       format, with section headers and individual variables and values with each  section.   The  configuration
       file installed as part of PCP documents every available section and option.

       At  a high level, the [pmproxy] section can be used to explicitly enable or disable each of the different
       protocols.

       The [pmseries] section allows connection information for one or more backing redis-server processes to be
       configured (hostnames and ports).  Note to access multiple (scalable) Redis servers, the servers variable
       in this section can be a comma-separated list of hostname:port pairs.  Alternatively, it can be a  single
       redis-server  host  that  will  be  queried  using  the "CLUSTER INFO" command to automatically configure
       multiple backing hosts, described at https://redis.io/topics/cluster-spec.

STARTING AND STOPPING PMPROXY

       Normally, pmproxy is started automatically at boot time and stopped when  the  system  is  being  brought
       down.   Under  certain  circumstances  it is necessary to start or stop pmproxy manually.  To do this one
       must become superuser and type

       # $PCP_RC_DIR/pmproxy start

       to start pmproxy, or

       # $PCP_RC_DIR/pmproxy stop

       to stop pmproxy.  Starting pmproxy when it is already running  is  the  same  as  stopping  it  and  then
       starting it again.

       Normally  pmproxy  listens  for PCP client connections on TCP/IP port number 44322 (as well as 44323 with
       timeseries enabled) registered at https://www.iana.org/.  Either the environment variable PMPROXY_PORT -p
       command line option may be used to specify alternative port number(s) when PMPROXY_PORT or the -p command
       line option may be used to specify alternative port number(s) when pmproxy is started; in each case,  the
       specification  is  a  comma-separated list of one or more numerical port numbers.  Should both methods be
       used or multiple -p options appear on the command line, pmproxy will listen on the union of  the  set  of
       ports  specified  via all -p options and the PMPROXY_PORT environment variable.  If non-default ports are
       used with pmproxy care should be taken to ensure that PMPROXY_PORT is also set in the environment of  any
       client  application  that will connect to pmproxy, or that the extended host specification syntax is used
       (see PCPIntro(1) for details).

DIAGNOSTICS

       If pmproxy is already running the message "Error: OpenRequestSocket bind: Address already  in  use"  will
       appear.  This may also appear if pmproxy was shutdown with an outstanding request from a client.  In this
       case, a request socket has been left in the TIME_WAIT state and until the system closes  it  down  (after
       some timeout period) it will not be possible to run pmproxy.

       In addition to the standard PCP debugging options, see pmdbg(1), pmproxy currently supports the debugging
       option context for tracing client connections and disconnections.

FILES

       PCP_PMPROXYOPTIONS_PATH
            command line options for pmproxy when launched from $PCP_RC_DIR/pmproxy All the command line  option
            lines should start with a hyphen as the first character.

       $PCP_SYSCONFIG_DIR/pmproxy
            additional  environment variables that will be set when pmproxy executes.  Only settings of the form
            "PMPROXY_VARIABLE=value" will be honoured.

       ./pmproxy.log
            (or $PCP_LOG_DIR/pmproxy/pmproxy.log when started automatically)
            All messages and diagnostics are directed here

       /etc/pki/tls
            default OpenSSL certificate database directory, used for optional Secure Socket Layer connections in
            timeseries mode of operation.  These certificates can be created and queried using the openssl tool,
            amongst others.

       /etc/pki/nssdb
            default Network Sercity Services (NSS) database directory, used for  optional  Secure  Socket  Layer
            connections in deprecated mode of operation.  This database can be created and queried using the NSS
            certutil tool, amongst others.  This is only used when pmproxy is running in deprecated mode.

ENVIRONMENT

       In addition to the PCP environment variables described in the PCP ENVIRONMENT section  below,  there  are
       several  environment  variables  that influence the interactions between a PCP monitoring client, pmproxy
       and pmcd.

       PMCD_PORT
              For the PCP monitoring client this (or the default port number) is passed to pmproxy and  used  to
              connect to pmcd.  In the environment of pmproxy PMCD_PORT is not used.

       PMPROXY_HOST
              For  the  PCP  monitoring  client  this is the hostname or IP address of the host where pmproxy is
              running.  In recent versions of PCP (since version 3) this has been  superseded  by  the  extended
              hostname syntax (see PCPIntro(1) for details).

       PMPROXY_PORT
              For  the  PCP  monitoring  client  this is the port on which pmproxy will accept connections.  The
              default is 44322, as well as 44323 with timeseries enabled.

       PMCD_CONNECT_TIMEOUT, PMCD_RECONNECT_TIMEOUT and PMCD_REQUEST_TIMEOUT
              (see PCPIntro(1)) For the PCP monitoring client, setting these environment variables  will  modify
              the  timeouts  used  for interactions between the client and pmproxy (independent of which pmcd is
              being used).  For pmproxy these same environment variables control the  timeouts  between  pmproxy
              and all pmcd(1) instances (independent of which monitoring client is involved).

       If  set  to the value 1, the PMPROXY_LOCAL environment variable will cause pmproxy to run in a localhost-
       only mode of operation, where it binds only to the loopback interface.

       The PMPROXY_MAXPENDING variable can be set to indicate the maximum length to which the queue  of  pending
       client connections may grow.

PCP ENVIRONMENT

       Environment  variables with the prefix PCP_ are used to parameterize the file and directory names used by
       PCP.  On each installation, the file /etc/pcp.conf contains the local values for  these  variables.   The
       $PCP_CONF variable may be used to specify an alternative configuration file, as described in pcp.conf(5).

       For environment variables affecting PCP tools, see pmGetOptions(3).

SEE ALSO

       PCPIntro(1),   pmcd(1),  pmdbg(1),  pmlogger(1),  pmseries(1),  redis-server(1),  PMAPI(3),  PMWEBAPI(3),
       pmGetOptions(3), pcp.conf(5) and pcp.env(5).