NAME
ovbbcrcp
- a tool to manage the Reverse Channel Proxy (RCP) and monitor RCP connections.
SYNOPSIS
ovbbcrcp -h|-help
ovbbcrcp -v|-version
ovbbcrcp -kill
ovbbcrcp -status
DESCRIPTION
You can use the ovbbcrcp
tool to manage RCPs and
monitor RCP connections. All HP BTO Software products that follow a
client-server architecture use the Black Box Communication (BBC)
component for communication. You can use a Reverse Channel Proxy
(RCP) to satisfy the advanced security requirements for
communication across trust zones separated by firewalls. An RCP
allows you to establish a two-way communication (outbound and
inbound) channel across a firewall configured to allow only
outbound communication.
The RCP functions as a channel between the BBC server and the requests to the BBC server. An established RCP channel is referred to as a reverse channel. A reverse channel through which RCPs request the BBC server to initiate more reverse channels is referred to as a reverse administration channel.
You can deploy an RCP on one of the following:
To establish a reverse channel, you must configure the BBC server, the BBC client, and the RCP.
Configuring a BBC Server to Enable RCP Communication
To enable communication from clients to the BBC server through
an RCP, you must configure each BBC server. The BBC server loads
the configuration from the
bbc.<
server
>
namespace, and establishes reverse administration channels during
startup.
To configure a BBC server, use the following options:
ENABLE_REVERSE_ADMIN_CHANNELS
true
to establish a
permanent reverse administration channel with the RCPs specified in
the RC_CHANNELS
option. By default, this option is set
to false
for all BBC servers, except for the BBC
Communication Broker (BBC CB).
For more information about this option, refer to the following example.
[bbc.cb]
ENABLE_REVERSE_ADMIN_CHANNELS=true
RC_CHANNELS=pnode:9090
The options specified in the example instructs BBC CB on the
management server to contact the RCP on the pnode
node
and port 9090 when starting up.
RC_CHANNELS
;
).
You can specify the list of RCPs in the following format:
<
RCP_hostname
>:<
RCP_port
>[,<
RCP_OvCoreID
>][;<
RCP2
>.....]
In this syntax,
<
RCP_hostname
>
specifies the RCP host name,
<
RCP_port
>
specifies the RCP port number, and
<
RCP_OvCoreID
>
specifies the core ID of the RCP.
You must use the -ovrg server
option with the
ovconfchg
command if the HP Operations server runs on
a High Availability (HA) cluster. If the HP Operations server runs
as an HA resource group, use the ovconfchg -ovrg server -ns
bbc.cb -set RC_CHANNELS
<
value
>
command,
where <
value
>
specifies the RCPs specified in the RC_CHANNELS
option.
RC_CHANNELS_CFG_FILES
<
OvDataDir
>/conf.bbc
directory, where
<
OvDataDir
>
specifies the name of the HP Operations data directory. You must
use this option in place of the RC_CHANNELS
option if
you use multiple RCPs that require a frequent hostname change.
You can specify a list of configuration files by separating the
configuration file names using a comma (,
) in the
following format:
<
filename
>[,<
filename
>....]
In this syntax,
<
filename
>
specifies the name of the configuration file.
Each line in the configuration file can contain only one RCP
name. For each RCP, you must specify a port number. The
OvCoreID
is an optional parameter that you can
specify.
It must be separated from the port number by a comma as follows:
<
RCP_hostname
>:<
port
>[,<
RCP_OvCoreID
>]
If you change only a few RCP host names inside one or more files
specified in the RC_CHANNELS_CFG_FILES
option, you
must use the ovconfchg
command to trigger the BBC
server to refresh the configuration, as follows:
ovconfchg ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS
true
RETRY_INTERVAL
Enabling Communication Broker Connections to the RCP
The Communication Broker (ovbbccb
) runs with
/var/opt/OV
as the root directory. The name service
relevant configuration files that are necessary to open
Transmission Control Protocol (TCP) connections are present in the
/etc directory.
This prevents ovbbccb
from creating connections to the RCP.
To resolve this problem, you must do the following:
etc
under
/var/opt/OV
.resolv.conf
, hosts
,
nsswitch.conf
) from /etc
to
/var/opt/OV/etc
.Alternatively, you can disable the ovbbccb chroot
feature by running the following command:
ovconfchg -ns bbc.cb -set CHROOT_PATH /
This method resolves the problem of preventing ovbbccb from creating connections to the RCP.
Configuring a BBC Client to Enable RCP Communication
To configure a BBC client, you must specify the hosts that must
be connected through an RCP. You can specify the list of RCPs in
the XPL configuration database under the bbc.http
namespace. Use the syntax of the normal proxy configuration to
specify the RCP configuration. If you do not specify the port
number of the RCP, it is assumed that BBC CB is running on the
current node. If you configure the OvCoreID, the BBC client
verifies the OvCoreID of the RCP. If you do not specify the port
number of the RCP in the configuration file or the BBC CB, BBC
fails to open the connection to RCP.
You can configure a BBC client using the following option:
PROXY
The format to specify this option is shown in the following example:
PROXY=pnode.hp.com:9090-(pnode.hp.com,*.noallow.hp.com)+(*.hp.com)
In this example, the parameters specified are as follows:
pnode.hp.com
9090
-(*.noallow.hp.com)
.noallow.hp.com
. You can
separate multiple hostnames with commas (,
) or
semicolons (;
).
+(*.hp.com)
.hp.com
. You can separate
multiple hostnames with commas (,
) or semicolons
(;
).The BBC client connects to the RCP that first matches the specified set of conditions.
In the example shown in this section, the BBC client connects to
any host name that ends with .hp.com
by using the RCP
on the system pnode
and the port
9090.
You can also use IP addresses instead of hostnames to specify
the hosts. For example, +(15.*.*.*)
specifies that the
RCP must be used to connect to hosts with an IP address that starts
with 15. You may not configure a normal proxy server and an RCP on
the same system. You must also make sure that you specify the RCP
system name in the list of hostnames for which the RCP must not be
used. This helps to ease the communication through the RCP.
Configuring RCP
To configure RCP, you can use the following option in the
bbc.rcp
namespace:
SERVER_PORT
Starting and Stopping RCPs
You can start or stop the RCP process by using the
ovc
command. This command registers the RCP process as
ovbbcrcp
under the RCP
category.
By default, the ovbbcrcp
process is not registered
with HP Operations Control (OvCtrl).
You must register the ovbbcrcp
process with the
ovctrl daemon
by using the following command.
$OvInstallDir/bin/ovcreg -add
$OvInstallDir/newconfig/DataDir/conf/bbc/ovbbcrcp.xml
$OvInstallDir
is the directory in which HP
Operations Manager is installed.
To start the RCP process, use the following command:
ovc -start ovbbcrcp
To stop the RCP process, use the following command:
ovc -stop ovbbcrcp
Parameters
The ovbbcrcp
command recognizes the following
options:
-h|-help
ovbbcrcp
tool.
-v|version
-kill
-status
AUTHOR
ovbbcrcp
is developed by Hewlett-Packard
Company.
EXIT STATUS
The following exit values are returned:
0
ovbbcrcp
exited normally with no error.
1
2
3
4
6
100
Corresponding error messages are written to
stderror
.
EXAMPLES
The following example shows you how to use the
ovbbcrcp
tool.
To display the status of the RCP:
ovbbcrcp -status
Status: OK
(Namespace, Port, Bind Address, Open Sockets)
bbc.rcp 9090 ANY 1
Admin Reverse Channel Connections Accepted
ovsolt9.india.hp.com:383 e91b67e4-a337-750a-163c-c3bbd2c257cc BBC 06.00.030; ovbbccb 06.00.030
Admin Reverse Channel Connections Opened
Normal Connections
Incoming
localhost:55464 e91b67e4-a337-750a-163c-c3bbd2c257cc BBC 06.00.030; ovbbcrcp 06.00.030
Outgoing
Queued CONNECT connections
+-----------------------------------+--------------------+
|Source Address | Target Address
+-----------------------------------+--------------------
HTTP Tunneled Connections
+--------------------------+--------------------------+--+
| Source Address | Destination Address | Target Address|
+--------------------------+--------------------------+--+
See Also
COPYRIGHT
© Copyright 2001-2007 Hewlett-Packard Development Company, L.P.
HP shall not be liable for technical or editorial errors or omissions contained herein.