Provided by: pcp_5.0.3-1_amd64 bug

NAME

       pmproxy - proxy for performance metrics collector and querying

SYNOPSIS

       pmproxy  [-Aft?]   [-C  dirname]  [-i ipaddress] [-l logfile] [-L bytes] [-M certname] [-p
       port[,port ...]  [-P passfile] [-U username] [-x file]

DESCRIPTION

       pmproxy acts as a protocol proxy, allowing Performance Co-Pilot (PCP)  monitoring  clients
       to connect to one or more pmcd(1) and/or redis-server(1) instances via pmproxy.

       In  its default mode of operation, on platforms supporting this, pmproxy provides the REST
       API for all PCP services (see  PMWEBAPI(3)  for  details)  and  interfaces  to  the  fast,
       scalable  time  series  query  capabilities  offered  by  PCP in conjunction with a redis-
       server(1) (see pmseries(1) for details).

       pmproxy can be deployed in a firewall domain, or on a cluster ``head'' node where  the  IP
       (Internet Protocol) address of the hosts where pmcd and/or redis-server are running may be
       unknown to the PCP monitoring clients, but where  the  IP  address  of  the  host  running
       pmproxy  is  known to these clients.  Similarly, the clients may have network connectivity
       only to the host where pmproxy is running, while there is network connectivity  from  that
       host to the hosts of interest where pmcd and/or redis-server are running.

       The  behaviour  of  the  PCP  monitoring  clients is controlled by either the PMPROXY_HOST
       environment variable or through the extended hostname specification (see  PCPIntro(1)  for
       details).   If  neither  of  these  mechanisms  is  used, clients will make their PMAPI(3)
       connections directly to pmcd.  If the proxy hostname syntax is  used  or  PMPROXY_HOST  is
       set,  then  this  should  be  the  hostname  or  IP address of the system where pmproxy is
       running, and the clients will connect to  pmcd  or  redis-server  indirectly  through  the
       protocol proxy services of pmproxy.

OPTIONS

       The available command line options are:

       -A   Disable  service  advertisement.   By default, pmproxy will advertise its presence on
            the network using any available mechanisms (such as Avahi/DNS-SD),  assisting  remote
            monitoring tools with finding it.  These mechanisms are disabled with this option.

       -c file, --config=file
            Specify  the  path to an optional configuration file, with format as described in the
            ``CONFIGURATION'' section.  This option implies  pmproxy  is  running  in  timeseries
            mode.

       -C dirname, --certpath=dirname
            Specify  the  path  to  the  Network  Security  Services  certificate  database,  for
            (optional) secure connections.  This option implies pmproxy is running in  deprecated
            mode.   The  default is /etc/pki/nssdb.  Refer also to the -P option.  If it does not
            already exist, this database can be created using the certutil utility.  This process
            and other certificate database maintenance information is provided in the PCPIntro(1)
            manual page and the online PCP tutorials.

       -d, --deprecated
            By default pmproxy prefers to run in the new timeseries mode,  providing  REST  APIs,
            asynchronous network I/O, scalable time series, and secure connections using OpenSSL.
            However, legacy  deployments  may  wish  to  use  the  original  synchronous  pmproxy
            implementation  using  NSS  and  libpcp  networking;  this can be achieved using this
            option.  Note that the -d and -t options are mutually exclusive.

       -f, --foreground
            By default pmproxy is started as a daemon.  The -f option indicates  that  it  should
            run  in  the  foreground.   This is most useful when trying to diagnose problems with
            establishing connections.

       -h host, --redishost=host
            Specify an alternate Redis host to connect to for time  series  querying,  overriding
            any  configuration  file  settings.   This  option  implies  pmproxy  is  running  in
            timeseries mode.

       -i ipaddress
            This option is usually only used on hosts with more than one network interface  (very
            common for firewall and ``head'' node hosts where pmproxy is likely to be deployed to
            arbitrate access to an internal network).  If no -i  options  are  specified  pmproxy
            accepts  PCP  client connections on any of its host's IP addresses.  The -i option is
            used to specify explicitly an IP  address  that  PCP  client  connections  should  be
            accepted  on.   ipaddress  should  be in the standard dotted form (e.g. 100.23.45.6).
            The -i option may be used multiple times to define a list of IP addresses.  When  one
            or more -i options is specified, attempted connections made on any other IP addresses
            will be refused.

       -l file, --log=file
            By default a log file named pmproxy.log is written in the current directory.  The  -l
            option  causes the log file to be written to a given file instead of the default.  If
            this file cannot be created or is not writable, output is  written  to  the  standard
            error instead.

       -L bytes
            PDUs received by pmproxy from PCP monitoring clients are restricted to a maximum size
            of 65536 bytes by default to defend against Denial of Service attacks.  The -L option
            may be used to change the maximum incoming PDU size.

       -M name, --certname=name
            By  default pmproxy will try to use a certificate called PCP Collector certificate in
            its server role.  The -M option allows this certficate  name  to  be  changed.   This
            option implies pmproxy is running in deprecated mode.

       -p port, --redisport=port
            Specify  an  alternate  Redis  port  number  to  connect to for time series querying,
            overriding any configuration file settings.  This option implies pmproxy  is  running
            in timeseries mode.

       -P file, --passfile=file
            Specify  the  path  to  a  file  containing the Network Security Services certificate
            database password for (optional) secure  connections,  and  for  databases  that  are
            password  protected.   This  option  implies  pmproxy  is running in deprecated mode.
            Refer also to the -C option.  When using this option, great care should be  exercised
            to  ensure appropriate ownership ("pcp" user, typically) and permissions on this file
            (0400, so as to be unreadable by any user other than the  user  running  the  pmproxy
            process).

       -s sockname, --socket=sockname
            Specify  the path to a local unix domain socket (for platforms supporting this socket
            family only).  The default value is $PCP_RUN_DIR/pmproxy.socket.  This option implies
            pmproxy is running in timeseries mode.

       -t, --timeseries
            Operate  in automatic archive timeseries discovery mode.  This mode of operation will
            enable the PMWEBAPI(3) REST APIs, detect system archives created by  pmlogger(1)  and
            import  them  into  a  redis-server(1)  automatically, for fast, scalable time series
            querying described in pmseries(1).

       -U user, --username=user
            Assume the identity of the given user before starting to accept incoming packets from
            PCP monitoring clients.

       -x file
            Before  the  pmproxy logfile can be opened, pmproxy may encounter a fatal error which
            prevents it from starting.  By default the output describing this error  is  sent  to
            /dev/tty but it may redirected to file.

CONFIGURATION

       When  running  in  the  timeseries  mode of operation, runtime configuration is relatively
       complex and typically handled via the  $PCP_SYSCONF_DIR/pmproxy/pmproxy.conf  file.   This
       file  is  in  the common ``ini'' format, with section headers and individual variables and
       values with each section.  The configuration file installed as part of PCP documents every
       available section and option.

       At a high level, the [pmproxy] section can be used to explicitly enable or disable each of
       the different protocols.

       The [pmseries] section allows connection information for one or more backing  redis-server
       processes  to  be  configured  (hostnames  and ports).  Note to access multiple (scalable)
       Redis servers, the servers variable in this section  can  be  a  comma-separated  list  of
       hostname:port  pairs.   Alternatively,  it  can be a single redis-server host that will be
       queried using the "CLUSTER INFO"  command  to  automatically  configure  multiple  backing
       hosts, described at https://redis.io/topics/cluster-spec.

STARTING AND STOPPING PMPROXY

       Normally,  pmproxy  is  started  automatically at boot time and stopped when the system is
       being brought down.  Under certain circumstances it is necessary to start or stop  pmproxy
       manually.  To do this one must become superuser and type

       # $PCP_RC_DIR/pmproxy start

       to start pmproxy, or

       # $PCP_RC_DIR/pmproxy stop

       to  stop  pmproxy.  Starting pmproxy when it is already running is the same as stopping it
       and then starting it again.

       Normally pmproxy listens for PCP client connections on TCP/IP port number 44322  (as  well
       as  44323  with  timeseries  enabled)  registered  at  https://www.iana.org/.   Either the
       environment  variable  PMPROXY_PORT  -p  command  line  option  may  be  used  to  specify
       alternative  port number(s) when PMPROXY_PORT or the -p command line option may be used to
       specify  alternative  port  number(s)  when  pmproxy  is  started;  in  each   case,   the
       specification  is  a  comma-separated  list of one or more numerical port numbers.  Should
       both methods be used or multiple -p options appear  on  the  command  line,  pmproxy  will
       listen  on the union of the set of ports specified via all -p options and the PMPROXY_PORT
       environment variable.  If non-default ports are used with pmproxy care should be taken  to
       ensure  that  PMPROXY_PORT  is  also set in the environment of any client application that
       will connect to pmproxy, or that the extended  host  specification  syntax  is  used  (see
       PCPIntro(1) for details).

DIAGNOSTICS

       If  pmproxy is already running the message "Error: OpenRequestSocket bind: Address already
       in use" will appear.  This may also appear if pmproxy was  shutdown  with  an  outstanding
       request  from  a  client.   In  this case, a request socket has been left in the TIME_WAIT
       state and until the system closes it down (after some  timeout  period)  it  will  not  be
       possible to run pmproxy.

       In  addition  to  the  standard  PCP  debugging  options,  see pmdbg(1), pmproxy currently
       supports the debugging option context for tracing client connections and disconnections.

FILES

       PCP_PMPROXYOPTIONS_PATH
            command line options for pmproxy  when  launched  from  $PCP_RC_DIR/pmproxy  All  the
            command line option lines should start with a hyphen as the first character.

       $PCP_SYSCONFIG_DIR/pmproxy
            additional  environment  variables  that  will  be  set  when pmproxy executes.  Only
            settings of the form "PMPROXY_VARIABLE=value" will be honoured.

       ./pmproxy.log
            (or $PCP_LOG_DIR/pmproxy/pmproxy.log when started automatically)
            All messages and diagnostics are directed here

       /etc/pki/tls
            default OpenSSL certificate database directory, used for optional Secure Socket Layer
            connections  in  timeseries mode of operation.  These certificates can be created and
            queried using the openssl tool, amongst others.

       /etc/pki/nssdb
            default Network Sercity Services (NSS) database directory, used for  optional  Secure
            Socket  Layer  connections  in  deprecated  mode  of operation.  This database can be
            created and queried using the NSS certutil tool, amongst others.  This is  only  used
            when pmproxy is running in deprecated mode.

ENVIRONMENT

       In  addition  to  the  PCP  environment variables described in the PCP ENVIRONMENT section
       below, there are several environment variables that influence the interactions  between  a
       PCP monitoring client, pmproxy and pmcd.

       PMCD_PORT
              For  the  PCP  monitoring  client  this  (or  the default port number) is passed to
              pmproxy and used to connect to pmcd.  In the environment of  pmproxy  PMCD_PORT  is
              not used.

       PMPROXY_HOST
              For  the PCP monitoring client this is the hostname or IP address of the host where
              pmproxy is running.  In recent versions of PCP (since  version  3)  this  has  been
              superseded by the extended hostname syntax (see PCPIntro(1) for details).

       PMPROXY_PORT
              For  the  PCP  monitoring  client  this  is  the  port on which pmproxy will accept
              connections.  The default is 44322, as well as 44323 with timeseries enabled.

       PMCD_CONNECT_TIMEOUT, PMCD_RECONNECT_TIMEOUT and PMCD_REQUEST_TIMEOUT
              (see  PCPIntro(1))  For  the  PCP  monitoring  client,  setting  these  environment
              variables  will  modify  the  timeouts used for interactions between the client and
              pmproxy (independent of  which  pmcd  is  being  used).   For  pmproxy  these  same
              environment  variables  control  the  timeouts  between  pmproxy  and  all  pmcd(1)
              instances (independent of which monitoring client is involved).

       If set to the value 1, the PMPROXY_LOCAL environment variable will cause pmproxy to run in
       a localhost-only mode of operation, where it binds only to the loopback interface.

       The  PMPROXY_MAXPENDING  variable  can  be set to indicate the maximum length to which the
       queue of pending client connections may grow.

PCP ENVIRONMENT

       Environment variables with the prefix PCP_ are used to parameterize the file and directory
       names used by PCP.  On each installation, the file /etc/pcp.conf contains the local values
       for these variables.  The $PCP_CONF  variable  may  be  used  to  specify  an  alternative
       configuration file, as described in pcp.conf(5).

       For environment variables affecting PCP tools, see pmGetOptions(3).

SEE ALSO

       PCPIntro(1),  pmcd(1),  pmdbg(1),  pmlogger(1),  pmseries(1),  redis-server(1),  PMAPI(3),
       PMWEBAPI(3), pmGetOptions(3), pcp.conf(5) and pcp.env(5).