ovbbcrcp

NAME

ovbbcrcp

- a tool to manage the Reverse Channel Proxy (RCP) and monitor RCP connections.

SYNOPSIS

ovbbcrcp -h|-help 

ovbbcrcp -v|-version 

ovbbcrcp -kill  

ovbbcrcp -status 

DESCRIPTION

You can use the ovbbcrcp tool to manage RCPs and monitor RCP connections. All HP BTO Software products that follow a client-server architecture use the Black Box Communication (BBC) component for communication. You can use a Reverse Channel Proxy (RCP) to satisfy the advanced security requirements for communication across trust zones separated by firewalls. An RCP allows you to establish a two-way communication (outbound and inbound) channel across a firewall configured to allow only outbound communication.

The RCP functions as a channel between the BBC server and the requests to the BBC server. An established RCP channel is referred to as a reverse channel. A reverse channel through which RCPs request the BBC server to initiate more reverse channels is referred to as a reverse administration channel.

You can deploy an RCP on one of the following:

• Client systems
• Dedicated RCP server

To establish a reverse channel, you must configure the BBC server, the BBC client, and the RCP.

Configuring a BBC Server to Enable RCP Communication

To enable communication from clients to the BBC server through an RCP, you must configure each BBC server. The BBC server loads the configuration from the bbc.<server> namespace, and establishes reverse administration channels during startup.

To configure a BBC server, use the following options:

ENABLE_REVERSE_ADMIN_CHANNELS

You can set this option to true to establish a permanent reverse administration channel with the RCPs specified in the RC_CHANNELS option. By default, this option is set to false for all BBC servers, except for the BBC Communication Broker (BBC CB).

For more information about this option, refer to the following example.

[bbc.cb]

ENABLE_REVERSE_ADMIN_CHANNELS=true

RC_CHANNELS=pnode:9090

The options specified in the example instructs BBC CB on the management server to contact the RCP on the pnode node and port 9090 when starting up.

RC_CHANNELS

Use this option to specify the list of RCPs with which you can establish reverse channels. If you specify the OvCoreID, BBC validates this ID against the core ID of the RCP. You can specify multiple RCPs by separating the RCPs using a semicolon (;).

You can specify the list of RCPs in the following format:

<RCP_hostname>:<RCP_port>[,<RCP_OvCoreID>][;<RCP2>.....]

In this syntax, <RCP_hostname> specifies the RCP host name, <RCP_port> specifies the RCP port number, and <RCP_OvCoreID> specifies the core ID of the RCP.

You must use the -ovrg server option with the ovconfchg command if the HP Operations server runs on a High Availability (HA) cluster. If the HP Operations server runs as an HA resource group, use the ovconfchg -ovrg server -ns bbc.cb -set RC_CHANNELS <value> command, where <value> specifies the RCPs specified in the RC_CHANNELS option.

RC_CHANNELS_CFG_FILES

Use this option to specify the list of configuration files. A configuration file can contain a list of one or more RCPs with which you can establish reverse channels. You must place the specified configuration files in the <OvDataDir>/conf.bbc directory, where <OvDataDir> specifies the name of the HP Operations data directory. You must use this option in place of the RC_CHANNELS option if you use multiple RCPs that require a frequent hostname change.

You can specify a list of configuration files by separating the configuration file names using a comma (,) in the following format:

<filename>[,<filename>....]

In this syntax, <filename> specifies the name of the configuration file.

Each line in the configuration file can contain only one RCP name. For each RCP, you must specify a port number. The OvCoreID is an optional parameter that you can specify.

It must be separated from the port number by a comma as follows:

<RCP_hostname>:<port>[,<RCP_OvCoreID>]

If you change only a few RCP host names inside one or more files specified in the RC_CHANNELS_CFG_FILES option, you must use the ovconfchg command to trigger the BBC server to refresh the configuration, as follows:

ovconfchg ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS true

RETRY_INTERVAL

Use this option to specify the retry interval in minutes to establish a reverse channel with an RCP.

Enabling Communication Broker Connections to the RCP

The Communication Broker (ovbbccb) runs with /var/opt/OV as the root directory. The name service relevant configuration files that are necessary to open Transmission Control Protocol (TCP) connections are present in the /etc directory. This prevents ovbbccb from creating connections to the RCP.

To resolve this problem, you must do the following:

• Create the directory named etc under /var/opt/OV.
• Copy the name service relevant configuration files (for example, resolv.conf, hosts, nsswitch.conf) from /etc to /var/opt/OV/etc.

Alternatively, you can disable the ovbbccb chroot feature by running the following command:

ovconfchg -ns bbc.cb -set CHROOT_PATH /

This method resolves the problem of preventing ovbbccb from creating connections to the RCP.

Configuring a BBC Client to Enable RCP Communication

To configure a BBC client, you must specify the hosts that must be connected through an RCP. You can specify the list of RCPs in the XPL configuration database under the bbc.http namespace. Use the syntax of the normal proxy configuration to specify the RCP configuration. If you do not specify the port number of the RCP, it is assumed that BBC CB is running on the current node. If you configure the OvCoreID, the BBC client verifies the OvCoreID of the RCP. If you do not specify the port number of the RCP in the configuration file or the BBC CB, BBC fails to open the connection to RCP.

You can configure a BBC client using the following option:

PROXY

Use this option to specify the RCP and port name for a hostname.

The format to specify this option is shown in the following example:

PROXY=pnode.hp.com:9090-(pnode.hp.com,*.noallow.hp.com)+(*.hp.com)

In this example, the parameters specified are as follows:

pnode.hp.com

Name of the RCP.

9090

Port number.

-(*.noallow.hp.com)

Specifies that the RCP must not be used to connect to all hostnames ending with .noallow.hp.com. You can separate multiple hostnames with commas (,) or semicolons (;).

+(*.hp.com)

Specifies that the specified RCP must be used to connect to all hostnames ending with .hp.com. You can separate multiple hostnames with commas (,) or semicolons (;).

The BBC client connects to the RCP that first matches the specified set of conditions.

In the example shown in this section, the BBC client connects to any host name that ends with .hp.com by using the RCP on the system pnode and the port 9090.

You can also use IP addresses instead of hostnames to specify the hosts. For example, +(15.*.*.*) specifies that the RCP must be used to connect to hosts with an IP address that starts with 15. You may not configure a normal proxy server and an RCP on the same system. You must also make sure that you specify the RCP system name in the list of hostnames for which the RCP must not be used. This helps to ease the communication through the RCP.

Configuring RCP

To configure RCP, you can use the following option in the bbc.rcp namespace:

SERVER_PORT

Use this option to specify the RCP port number.

Starting and Stopping RCPs

You can start or stop the RCP process by using the ovc command. This command registers the RCP process as ovbbcrcp under the RCP category.

By default, the ovbbcrcp process is not registered with HP Operations Control (OvCtrl).

You must register the ovbbcrcp process with the ovctrl daemon by using the following command.

$OvInstallDir/bin/ovcreg -add $OvInstallDir/newconfig/DataDir/conf/bbc/ovbbcrcp.xml

$OvInstallDir is the directory in which HP Operations Manager is installed.

To start the RCP process, use the following command:

ovc -start ovbbcrcp

To stop the RCP process, use the following command:

ovc -stop ovbbcrcp

Parameters

The ovbbcrcp command recognizes the following options:

-h|-help

Displays and describes the available options for the ovbbcrcp tool.

-v|version

Displays the version of the OV RCP.

-kill

Stops the RCP on the local node.

-status

Displays the RCP status.

AUTHOR

ovbbcrcp is developed by Hewlett-Packard Company.

EXIT STATUS

The following exit values are returned:

0

ovbbcrcp exited normally with no error.

1

Command syntax error was encountered. For possible values, refer to the command syntax.

2

Command partially successful.

3

Command failed. For details, see the command output.

4

Command to start RCP failed because of an existing RCP process.

6

RCP failed to start because of a bind exception on the RCP port to be opened.

100

Exception encountered that resulted in an RCP exit.

Corresponding error messages are written to stderror.

EXAMPLES

The following example shows you how to use the ovbbcrcp tool.

To display the status of the RCP:

ovbbcrcp -status

Status: OK

(Namespace, Port, Bind Address, Open Sockets)

  bbc.rcp	9090	ANY	1

 Admin Reverse Channel Connections Accepted 

  ovsolt9.india.hp.com:383  e91b67e4-a337-750a-163c-c3bbd2c257cc  BBC 06.00.030; ovbbccb 06.00.030

 Admin Reverse Channel Connections Opened 

 Normal Connections

Incoming  

localhost:55464  e91b67e4-a337-750a-163c-c3bbd2c257cc  BBC 06.00.030; ovbbcrcp 06.00.030

Outgoing 

 Queued CONNECT connections 

+-----------------------------------+--------------------+

|Source Address | Target Address

+-----------------------------------+--------------------

 HTTP Tunneled Connections 

+--------------------------+--------------------------+--+

| Source Address | Destination Address | Target Address|

+--------------------------+--------------------------+--+ 

See Also

ovbbccb(1)

COPYRIGHT

© Copyright 2001-2007 Hewlett-Packard Development Company, L.P.

HP shall not be liable for technical or editorial errors or omissions contained herein.