Provided by: pcp_3.8.12ubuntu1_amd64 
NAME
pmwebd - bridge client PMAPI to HTTP
SYNOPSIS
pmwebd [-p port] [-4] [-6] [-t timeout] [-R resdir] [-c number] [-h hostname] [-a archive] [-L] [-N] [-K
spec] [-A archdir] [-f] [-l logfile] [-U username] [-x file] [-v] [-?]
DESCRIPTION
pmwebd is a long-running network daemon. It binds a subset of the Performance Co-Pilot (PCP) client API
(PMAPI) to RESTful web applications using the HTTP (PMWEBAPI) protocol. Web clients request a URI with
the prefix /pmapi to access the bindings. pmwebd creates dynamic PCP contexts as requested by a dynamic
pool of remote clients, and maintains them as long as the clients regularly reconnect to request PMAPI
operations. Otherwise, PCP contexts are closed after a timeout. Permanent contexts may be requested on
the command line.
In addition to the API binding, pmwebd may be optionally configured as a simple HTTP file server, in
order to feed the web application itself to a web browser. URIs not matching the /pmapi prefix are
mapped to files under the configured resource directory, if the -R option was given.
The options to pmwebd are as follows.
-p port
Set the TCP port number on which pmwebd will listen for HTTP requests. The default is 44323.
-4 or -6
Listen only on IPv4 or IPv6. By default, pmwebd will listen on both protocols, if possible.
-R resdir
Activate file serving beneath the given resource directory. All regular files there may be read &
transcribed to remote clients. By default, file serving is disabled.
-t timeout
Set the maximum timeout (in seconds) after the last operation on a web context, before it is
closed by pwmebd. A smaller timeout may be requested by the web client.
-c number
Reset the next PMWEBAPI permanent context identifier as given. The default is 1.
-h hostname or -a archive or -L
Assign the next permanent PMWEBAPI context identifier to a PMAPI connection to the given host
(with an extended syntax as given in PCPIntro(1)), or archive file, or the PM_CONTEXT_LOCAL.
-A archdir
Limit remote new-context requests for archives to beneath the given directory. By default, only
files beneath the initial working directory may be accessed.
-N Disable creation of new PMWEBAPI contexts via HTTP requests, leaving only permanent ones
accessible.
-K spec
When fetching metrics from a local context, the -K option may be used to control the DSO PMDAs
that should be made accessible. The spec argument conforms to the syntax described in
__pmSpecLocalPMDA(3). More than one -K option may be used.
-f By default pmwebd is started as a daemon. The -f option indicates that it should run in the
foreground. This is most useful when trying to diagnose problems with establishing connections.
-l logfile
By default a log file named pmwebd.log is written in the current directory. The -l option causes
the log file to be written to logfile instead of the default. If the log file cannot be created
or is not writable, output is written to the standard error instead.
-U username
Assume the identity of username before starting to accept incoming requests from web clients.
-x file
Before the pmwebd logfile can be opened, pmwebd may encounter a fatal error which prevents it from
starting. By default, the output describing this error is sent to /dev/tty but it may redirected
to file.
-v Increase the verbosity of the pmwebd program as it logs to its standard error.
-? Show pmwebd invocation help and exit.
SECURITY
The current release of pmwebd is suitable for direct exposure to trusted networks only, due to several
security limitations. Most or all of these limitations may be worked around by use of a web application
firewall (for example, an Apache HTTPD proxy), which would add the constraints and capabilities absent
within pmwebd. Such configuration is beyond the scope of this document.
encryption/confidentiality
The pmwebd program is does not currently support HTTPS (SSL/TLS), so the HTTP traffic is not
protected against network-level attacks.
authentication
The PMAPI layer does not possess a mandatory authentication mechanism, so any remote connection
can access any metric exposed by suchly connected PMAPI contexts. However, a new host-context
string may use authentication clauses of the longer host URLs, for example
pcps://hostname?method=plain&user=userid&pass=password.
inbound admission control
The pmwebd program does not impose ACLs on the origin or rate of its incoming requests. It may be
possible for some clients to starve others.
outbound admission control
The pmwebd program does not impose ACLs on outbound connections when a new PMAPI context is
created for a remote third-party PMCD. For an archive type context, the files must be located
under the pmwebd current directory, or another directory specified by -A. One may entirely
disable remotely specified PMAPI context creation using the -N option; in this case, specify a
static set of contexts using the -h , -a , and/or -L options. You may assign them arbitrary
context numbers with the -c option.
context ownership
Authenticated PCP contexts are protected by requiring the same HTTP PLAIN/simple userid/password
credentials for related /pmapi requests. However, unauthenticated contexts for different web
clients are kept distinct only by the assignment of large pseudorandom identifiers. It may be
possible to find these by brute-force search or other techniques, thereby letting a web client
impersonate another. For more privacy of the permanent contexts, use the -c option to reset their
starting web context identifiers to a number much different from 1. On the other hand, context
ownership is not that precious, since there exist no state-destructive operations for them, except
perhaps instance profile settings.
STARTING AND STOPPING PMWEBD
Normally, pmwebd is started automatically at boot time and stopped when the system is being brought down.
Under certain circumstances it is necessary to start or stop pmwebd manually. To do this one must become
superuser and type
# $PCP_RC_DIR/pmwebd start
to start pmwebd, or
# $PCP_RC_DIR/pmwebd stop
to stop pmwebd. Starting pmwebd when it is already running is the same as stopping it and then starting
it again.
FILES
PCP_PMWEBDOPTIONS_PATH
command line options and environment variable settings for pmwebd when launched from
$PCP_RC_DIR/pmwebd All the command line option lines should start with a hyphen as the first
character. This file can also contain environment variable settings of the form "VARIABLE=value".
./pmwebd.log
(or $PCP_LOG_DIR/pmwebd/pmwebd.log when started automatically)
All messages and diagnostics are directed here
PCP ENVIRONMENT
Environment variables with the prefix PCP_ are used to parameterize the file and directory names used by
PCP. On each installation, the file /etc/pcp.conf contains the local values for these variables. The
$PCP_CONF variable may be used to specify an alternative configuration file, as described in pcp.conf(5).
SEE ALSO
PCPIntro(1), PMAPI(3), PMWEBAPI(3), pcp.conf(5), pcp.env(5) and pmns(5).
Performance Co-Pilot PCP PMWEBD(1)