Provided by: pcp_5.3.6-1build1_amd64 bug

NAME

       pmproxy - proxy for performance metrics collector and querying

SYNOPSIS

       pmproxy  [-AdfFt?]   [-c  conffile]  [-C  certdb]  [-h host[,host ...]  [-i ipaddress] [-l
       logfile] [-L bytes] [-M certname] [-p port[,port ...]  [-P passfile] [-r  port[,port  ...]
       [-s sockname] [-U username] [-x outfile]

DESCRIPTION

       pmproxy  acts  as a protocol proxy, allowing Performance Co-Pilot (PCP) monitoring clients
       to connect to one or more pmcd(1) and/or redis-server(1) instances via pmproxy.

       In its default mode of operation, on platforms supporting this, pmproxy provides the  REST
       API  for  all  PCP  services  (see  PMWEBAPI(3)  for  details) and interfaces to the fast,
       scalable time series query capabilities offered  by  PCP  in  conjunction  with  a  redis-
       server(1) (see pmseries(1) for details).

       pmproxy  can  be deployed in a firewall domain, or on a cluster ``head'' node where the IP
       (Internet Protocol) address of the hosts where pmcd and/or redis-server are running may be
       unknown  to  the  PCP  monitoring  clients,  but  where the IP address of the host running
       pmproxy is known to these clients.  Similarly, the clients may have  network  connectivity
       only  to  the host where pmproxy is running, while there is network connectivity from that
       host to the hosts of interest where pmcd and/or redis-server are running.

       The behaviour of the PCP monitoring clients  is  controlled  by  either  the  PMPROXY_HOST
       environment  variable  or through the extended hostname specification (see PCPIntro(1) for
       details).  If neither of these mechanisms  is  used,  clients  will  make  their  PMAPI(3)
       connections  directly  to  pmcd.   If the proxy hostname syntax is used or PMPROXY_HOST is
       set, then this should be the hostname or  IP  address  of  the  system  where  pmproxy  is
       running,  and  the  clients  will  connect  to pmcd or redis-server indirectly through the
       protocol proxy services of pmproxy.

OPTIONS

       The available command line options are:

       -A   Disable service advertisement.  By default, pmproxy will advertise  its  presence  on
            the  network  using any available mechanisms (such as Avahi/DNS-SD), assisting remote
            monitoring tools with finding it.  These mechanisms are disabled with this option.

       -c conffile, --config=conffile
            Specify the path to an optional configuration conffile, with format as  described  in
            the  ``CONFIGURATION'' section.  This option implies pmproxy is running in timeseries
            mode.

       -C certdb, --certdb=certdb
            Specify  the  path  to  the  Network  Security  Services  certificate  database,  for
            (optional)  secure connections.  This option implies pmproxy is running in deprecated
            mode.  The default is /etc/pki/nssdb.  Refer also to the -P option.  If it  does  not
            already  exist,  this  database  can  be created using the certutil(1) utility.  This
            process and other certificate database maintenance information  is  provided  in  the
            PCPIntro(1) manual page and the online PCP tutorials.

       -d, --deprecated
            By  default  pmproxy  prefers to run in the new timeseries mode, providing REST APIs,
            asynchronous network I/O, scalable time series, and secure connections using OpenSSL.
            However,  legacy  deployments  may  wish  to  use  the  original  synchronous pmproxy
            implementation using NSS and libpcp networking;  this  can  be  achieved  using  this
            option.  Note that the -d and -t options are mutually exclusive.

       -f, --foreground
            By  default  pmproxy  is started as a daemon.  The -f option indicates that it should
            run in the foreground.  This is most useful when trying  to  diagnose  problems  with
            establishing connections.

       -F, --systemd
            Like  -f,  the  -F  option  runs  pmproxy  in  the  foreground,  but  also  does some
            housekeeping (like create a ``pid'' file and change user id).  This is  intended  for
            use  when  pmproxy  is  launched from systemd(1) and the daemonizing has already been
            done by systemd(1) and does not need to be done again by pmproxy, which is  the  case
            when neither -f nor -F is specified.

            At most one of -f and -F may be specified.

       -h host, --redishost=host
            Specify  an  alternate  Redis host to connect to for time series querying, overriding
            any  configuration  file  settings.   This  option  implies  pmproxy  is  running  in
            timeseries mode.

       -i ipaddress, --interface=ipaddress
            This  option is usually only used on hosts with more than one network interface (very
            common for firewall and ``head'' node hosts where pmproxy is likely to be deployed to
            arbitrate  access  to  an  internal network).  If no -i options are specified pmproxy
            accepts PCP client connections on any of its host's IP addresses.  The -i  option  is
            used  to  specify  explicitly  an  IP  address  that PCP client connections should be
            accepted on.  ipaddress should be in the standard  dotted  form  (e.g.  100.23.45.6).
            The  -i option may be used multiple times to define a list of IP addresses.  When one
            or more -i options is specified, attempted connections made on any other IP addresses
            will be refused.

       -l logfile, --log=logfile
            By  default a log file named pmproxy.log is written in the current directory.  The -l
            option causes the log file to be written to a given logfile instead of  the  default.
            If  this  logfile  cannot  be  created  or  is not writable, output is written to the
            standard error instead.

       -L bytes
            PDUs received by pmproxy from PCP monitoring clients are restricted to a maximum size
            of 65536 bytes by default to defend against Denial of Service attacks.  The -L option
            may be used to change the maximum incoming PDU size.

       -M certname, --certname=certname
            By default pmproxy will try to use a certificate called PCP Collector certificate  in
            its server role.  The -M option allows this certificate certname to be changed.  This
            option implies pmproxy is running in deprecated mode.

       -p port, --port=port
            Specify an alternate port number to listen on for client  connections.   The  default
            value is 44322.

       -P passfile, --passfile=passfile
            Specify  the  path to a passfile containing the Network Security Services certificate
            database password for (optional) secure  connections,  and  for  databases  that  are
            password  protected.   This  option  implies  pmproxy  is running in deprecated mode.
            Refer also to the -C option.  When using this option, great care should be  exercised
            to  ensure appropriate ownership ("pcp" user, typically) and permissions on this file
            (0400, so as to be unreadable by any user other than the  user  running  the  pmproxy
            process).

       -r port, --redisport=port
            Specify  an  alternate  Redis  port  number  to  connect to for time series querying,
            overriding any configuration file settings.  This option implies pmproxy  is  running
            in timeseries mode.

       -s sockname, --socket=sockname
            Specify  the path to a local unix domain socket (for platforms supporting this socket
            family only).  The default value is $PCP_RUN_DIR/pmproxy.socket.  This option implies
            pmproxy is running in timeseries mode.

       -t, --timeseries
            Operate  in automatic archive timeseries discovery mode.  This mode of operation will
            enable the PMWEBAPI(3) REST APIs, detect system archives created by  pmlogger(1)  and
            import  them  into  a  redis-server(1)  automatically, for fast, scalable time series
            querying described in pmseries(1).

       -U username, --username=username
            Assume the identity of the given username before starting to accept incoming  packets
            from PCP monitoring clients.

       -x outfile
            Before  the  pmproxy logfile can be opened, pmproxy may encounter a fatal error which
            prevents it from starting.  By default the output describing this error  is  sent  to
            /dev/tty but it may redirected to outfile.

       -?, --help
            Display usage message and exit.

CONFIGURATION

       When  running  in  the  timeseries  mode of operation, runtime configuration is relatively
       complex and typically handled via the  $PCP_SYSCONF_DIR/pmproxy/pmproxy.conf  file.   This
       file  is  in  the common ``ini'' format, with section headers and individual variables and
       values with each section.  The configuration file installed as part of PCP documents every
       available section and option.

       At a high level, the [pmproxy] section can be used to explicitly enable or disable each of
       the different protocols.

       The [redis] section allows connection information for one  or  more  backing  redis-server
       processes  to  be  configured  (hostnames  and ports).  Note to access multiple (scalable)
       Redis servers, the servers variable in this section  can  be  a  comma-separated  list  of
       hostname:port  pairs.   Alternatively,  it  can be a single redis-server host that will be
       queried using the "CLUSTER INFO"  command  to  automatically  configure  multiple  backing
       hosts, described at https://redis.io/topics/cluster-spec.

       In  earlier  versions  of  PCP (before 6) an alternative configuration setting section was
       used for this purpose - Redis servers were specified in the [pmseries] section and this is
       still accepted as a fallback for backwards compatibility.

STARTING AND STOPPING PMPROXY

       Normally,  pmproxy  is  started  automatically at boot time and stopped when the system is
       being brought down.  Under certain circumstances it is necessary to start or stop  pmproxy
       manually.  To do this one must become superuser and type

       # $PCP_RC_DIR/pmproxy start

       to start pmproxy, or

       # $PCP_RC_DIR/pmproxy stop

       to  stop  pmproxy.  Starting pmproxy when it is already running is the same as stopping it
       and then starting it again.

       Normally pmproxy listens for PCP client connections on TCP/IP port number 44322  (as  well
       as  44323  with  timeseries  enabled)  registered  at  https://www.iana.org/.   Either the
       environment variable PMPROXY_PORT or the -p command line option may  be  used  to  specify
       alternative  port  number(s) when pmproxy is started; in each case, the specification is a
       comma-separated list of one or more numerical port numbers.  Should both methods  be  used
       or multiple -p options appear on the command line, pmproxy will listen on the union of the
       set of ports specified via all -p options and the PMPROXY_PORT environment  variable.   If
       non-default  ports  are used with pmproxy care should be taken to ensure that PMPROXY_PORT
       is also set in the environment of any client application that will connect to pmproxy,  or
       that the extended host specification syntax is used (see PCPIntro(1) for details).

DIAGNOSTICS

       If  pmproxy is already running the message "Error: OpenRequestSocket bind: Address already
       in use" will appear.  This may also appear if pmproxy was  shutdown  with  an  outstanding
       request  from  a  client.   In  this case, a request socket has been left in the TIME_WAIT
       state and until the system closes it down (after some  timeout  period)  it  will  not  be
       possible to run pmproxy.

       In  addition  to  the  standard  PCP  debugging  options,  see pmdbg(1), pmproxy currently
       supports the debugging option context for tracing client connections and disconnections.

FILES

       PCP_PMPROXYOPTIONS_PATH
            command line options for pmproxy  when  launched  from  $PCP_RC_DIR/pmproxy  All  the
            command line option lines should start with a hyphen as the first character.

       $PCP_SYSCONFIG_DIR/pmproxy
            Environment  variables  that will be set when pmproxy executes.  Only settings of the
            form "PMPROXY_VARIABLE=value" will be honoured.

       ./pmproxy.log
            (or $PCP_LOG_DIR/pmproxy/pmproxy.log when started automatically)
            All messages and diagnostics are directed here

       /etc/pki/tls
            default OpenSSL certificate database directory, used for optional Secure Socket Layer
            connections  in  timeseries mode of operation.  These certificates can be created and
            queried using the openssl tool, amongst others.

       /etc/pki/nssdb
            default Network Sercity Services (NSS) database directory, used for  optional  Secure
            Socket  Layer  connections  in  deprecated  mode  of operation.  This database can be
            created and queried using the NSS certutil tool, amongst others.  This is  only  used
            when pmproxy is running in deprecated mode.

ENVIRONMENT

       In  addition  to  the  PCP  environment variables described in the PCP ENVIRONMENT section
       below, there are several environment variables that influence the interactions  between  a
       PCP monitoring client, pmproxy and pmcd.

       PMCD_PORT
              For  the  PCP  monitoring  client  this  (or  the default port number) is passed to
              pmproxy and used to connect to pmcd.  In the environment of  pmproxy  PMCD_PORT  is
              not used.

       PMPROXY_HOST
              For  the PCP monitoring client this is the hostname or IP address of the host where
              pmproxy is running.  In recent versions of PCP (since  version  3)  this  has  been
              superseded by the extended hostname syntax (see PCPIntro(1) for details).

       PMPROXY_PORT
              For  the  PCP  monitoring  client  this  is  the  port on which pmproxy will accept
              connections.  The default is 44322, as well as 44323 with timeseries enabled.

       PMCD_CONNECT_TIMEOUT, PMCD_RECONNECT_TIMEOUT and PMCD_REQUEST_TIMEOUT
              (see  PCPIntro(1))  For  the  PCP  monitoring  client,  setting  these  environment
              variables  will  modify  the  timeouts used for interactions between the client and
              pmproxy (independent of  which  pmcd  is  being  used).   For  pmproxy  these  same
              environment  variables  control  the  timeouts  between  pmproxy  and  all  pmcd(1)
              instances (independent of which monitoring client is involved).

       If set to the value 1, the PMPROXY_LOCAL environment variable will cause pmproxy to run in
       a localhost-only mode of operation, where it binds only to the loopback interface.

       The  PMPROXY_MAXPENDING  variable  can  be set to indicate the maximum length to which the
       queue of pending client connections may grow.

PCP ENVIRONMENT

       Environment variables with the prefix PCP_ are used to parameterize the file and directory
       names used by PCP.  On each installation, the file /etc/pcp.conf contains the local values
       for these variables.  The $PCP_CONF  variable  may  be  used  to  specify  an  alternative
       configuration file, as described in pcp.conf(5).

       For environment variables affecting PCP tools, see pmGetOptions(3).

SEE ALSO

       PCPIntro(1),  pmcd(1),  pmdbg(1),  pmlogger(1),  pmseries(1),  redis-server(1),  PMAPI(3),
       PMWEBAPI(3), pmGetOptions(3), pcp.conf(5) and pcp.env(5).