ovbbcrcp()ovbbcrcp()NAMEovbbcrcp - a tool to manage Reverse Channel Proxy (RCP) and monitor RCP
connections.
SYNOPSISovbbcrcp -h|-help
ovbbcrcp -v|-version
ovbbcrcp-kill
ovbbcrcp-status
DESCRIPTION
You can use the ovbbcrcp tool to manage RCPs and monitor RCP connec‐
tions. All OpenView (OV) products that follow a client-server architec‐
ture use the Black Box Communication (BBC) component for communication.
You can use a Reverse Channel Proxy (RCP) to satisfy the advanced secu‐
rity requirements for communication across trust zones separated by
firewalls. An RCP allows you to establish a two-way communication (out‐
bound and inbound) channel across a firewall configured to allow only
outbound communication.
The RCP functions as a channel between the BBC server and the requests
to the BBC server. An established RCP channel is referred to as a
reverse channel. A reverse channel through which RCPs request the BBC
server to initiate more reverse channels is referred to as a reverse
administration channel.
You can deploy an RCP on one of the following:
Any client systems
A dedicated RCP server
To establish a reverse channel, you must configure the BBC server, the
BBC client, and the RCP.
Configuring a BBC Server to Enable RCP Communication
To enable communication from clients to the BBC server through an RCP,
you must configure each BBC server. The BBC server loads the configura‐
tion from the bbc.<server> namespace and establishes reverse adminis‐
tration channels during startup. Use the following options to configure
a BBC server:
ENABLE_REVERSE_ADMIN_CHANNELS- You can set this option to true to
establish a permanent reverse administration channel with the RCPs
specified in the RC_CHANNELS option. By default, this option is set to
false for all BBC servers, except for the BBC Communication Broker (BBC
CB). Refer to the following example for more information about this
option.
[bbc.cb]
ENABLE_REVERSE_ADMIN_CHANNELS=true
RC_CHANNELS=pnode:9090
The options specified in the example instructs BBC CB on the management
server to contact the RCP on the pnode node and port 9090 when starting
up.
RC_CHANNELS- Use this option to specify the list of RCPs with which you
can establish reverse channels. If the OvCoreID is specified, BBC vali‐
dates this ID against the core ID of the RCP. You can specify multiple
RCPs by separating the RCPs using the semicolon (;). You can specify
the list of RCPs in the following format.
<RCP_hostname>:<RCP_port>[,<RCP_OvCoreID>][;<RCP2>.....], where
<RCP_hostname> specifies the RCP host name, <RCP_port> specifies the
RCP port number, and <RCP_OvCoreID> specifies the core ID of the RCP.
You must use the -ovrg server option with the ovconfchg command if the
OVO server runs on a High Availability (HA) cluster. If the OVO server
runs as an HA resource group, then use the ovconfchg -ovrg server -ns
bbc.cb -set RC_CHANNELS <value> command, where <value> specifies the
RCPs specified in the RC_CHANNELS option.
RC_CHANNELS_CFG_FILES- Use this option to specify the list of configu‐
ration files. A configuration file can contain a list of one or more
RCPs with which you can establish reverse channels. You must place the
specified configuration files in the <OvDataDir>/conf.bbc directory,
where <OvDataDir> specifies the name of the OpenView data directory.
You must use this option in place of the RC_CHANNELS option if you use
multiple RCPs that require a frequent hostname change. You can specify
a list of configuration files by separating the configuration file
names using the comma (,) in the following format:
<filename>[,<filename>....], where <filename> specifies the name of the
configuration file.
Each line in the configuration file can contain only one RCP name. For
each RCP, you must specify a port number. The OvCoreID is an optional
parameter that you can specify, which must be separated from the port
number by a comma as follows. <RCP_hostname>:<port>[,<RCP_OvCoreID>]
If you change only a few RCP host names inside one or more files speci‐
fied in the RC_CHANNELS_CFG_FILES option, you must use the ovconfchg
command to trigger the BBC server to refresh the configuration as fol‐
lows.
ovconfchg ns bbc.cb -set ENABLE_REVERSE_ADMIN_CHANNELS true.
RETRY_INTERVAL- Use this option to specify the retry interval in min‐
utes to establish a reverse channel with an RCP.
Enabling Communication Broker Connections to the RCP
The Communication Broker (ovbbccb) runs with /var/opt/OV as the root
directory. The name service relevant configuration files that are nec‐
essary to open Transmission Control Protocol (TCP) connections are
present in the /etc directory. This prevents ovbbccb from creating con‐
nections to the RCP. You must do as follows to resolve this problem:
Create the directory named etc under /var/opt/OV
Copy the name service relevant configuration files (for example, files
such as resolv.conf, hosts, nsswitch.conf) from /etc to /var/opt/OV/etc
Alternatively, you can also disable the ovbbccb chroot feature by run‐
ning the following command. This method resolves the problem of pre‐
venting ovbbccb from creating connections to the RCP.
ovconfchg -ns bbc.cb -set CHROOT_PATH /
Configuring a BBC Client to Enable RCP Communication
To configure a BBC client, you must specify the hosts that must be con‐
nected through an RCP. You can specify the list of RCPs in the XPL con‐
figuration database under the bbc.http namespace. Use the syntax of the
normal proxy configuration to specify the RCP configuration. If you do
not specify the port number of the RCP, it is assumed that BBC CB is
running on the current node. If you configure the OvCoreID, BBC Client
verifies the OvCoreID of the RCP. If the port number of the RCP is not
specified in the configuration file or BBC CB, BBC fails to open the
connection to RCP.
You can configure a BBC client using the following options:
PROXY- Use this option to specify the RCP and port name for a hostname.
The format to specify this option is shown in the following example:
PROXY=pnode.hp.com:9090-(pnode.hp.com,*.noallow.hp.com)+(*.hp.com)
In the example shown above, the parameters specified are as follows:
pnode.hp.com is the name of the RCP
9090 is the port number
-(*.noallow.hp.com) specifies that the RCP must not be used to connect
to all hostnames ending with .noallow.hp.com. You can separate multiple
hostnames with commas (,) or semicolons (;).
+(*.hp.com) specifies that the specified RCP must be used to connect to
all hostnames ending with .hp.com. You can separate multiple hostnames
with commas (,)or semicolons (;).
The BBC client connects to the RCP that first matches the specified set
of conditions.
In the example shown in this section, the BBC client connects to any
host name that ends with .hp.com by using the RCP on the system pnode
and the port 9090.
You can also use IP addresses instead of hostnames to specify the
hosts. For example, +(15.*.*.*) specifies that the RCP must be used to
connect to hosts with an IP address that starts with 15. You must not
configure a normal proxy server and an RCP on the same system. You must
also make sure that you specify the RCP system name in the list of
hostnames for which the RCP must not be used. This helps to ease the
communication through the RCP.
Configuring RCP
You can use the following option in the bbc.rcp namespace to configure
RCP.
SERVER_PORT- Use this option to specify the RCP port number.
Starting and Stopping RCPs
You can start or stop the RCP process by using the ovc command. This
command registers the RCP process as ovbbcrcp under the RCP category.
By default, the ovbbcrcp process is not registered with OpenView Con‐
trol (OvCtrl). You must register the ovbbcrcp process with the ovctrl
daemon by using the following command.
$OvInstallDir/bin/ovcreg -add $OvInstallDir/newcon‐
fig/DataDir/conf/bbc/ovbbcrcp.xml
$OvInstallDir is the directory in which HP OpenView Operations (OVO) is
installed.
Refer to the following commands to start or stop an process:
ovc -start ovbbcrcp- Use this command to start the RCP process.
ovc -stop ovbbcrcp- Use this command to stop the RCP process.
Parameters
The ovbbcrcp command recognizes the following options:
-h|-help
Displays and describes the available options for the ovbbcrcp
tool.
-v|version
Displays the version of the OV RCP.
-kill
Stops the RCP on the local node.
-status
Displays the RCP status.
AUTHORovbbcrcp is developed by Hewlett-Packard Company.
EXIT STATUS
The following exit values are returned:
0
ovbbcrcp exited normally with no error.
1
Command syntax error encountered. Refer to command syntax for
more details on possible values.
2
Command partially successful.
3
Command failed. See command output for additional information.
4
The command to start RCP failed due to an existing RCP process.
6
The RCP failed to start due to a bind exception on the RCP port
to be opened.
100
An exception encountered resulted in an RCP exit.
Corresponding error messages are written to stderror.
EXAMPLES
The following example shows you how to use the ovbbcrcp tool.
To display the status of the RCP:
ovbbcrcp-status
Status: OK
(Namespace, Port, Bind Address, Open Sockets)
bbc.rcp 9090 ANY 1
Admin Reverse Channel Connections Accepted
ovsolt9.india.hp.com:383 e91b67e4-a337-750a-163c-c3bbd2c257cc BBC
06.00.030; ovbbccb 06.00.030
Admin Reverse Channel Connections Opened
Normal Connections
Incoming
localhost:55464 e91b67e4-a337-750a-163c-c3bbd2c257cc BBC 06.00.030;
ovbbcrcp 06.00.030
Outgoing
Queued CONNECT connections
+-----------------------------------+--------------------+
|Source Address | Target Address
+-----------------------------------+--------------------
HTTP Tunnelled Connections
+--------------------------+--------------------------+--+
| Source Address | Destination Address | Target Address|
+--------------------------+--------------------------+--+
SEE ALSO
ovbbccb
COPYRIGHT
(c) Copyright 2001-2007 Hewlett-Packard Development Company, L.P.
HP shall not be liable for technical or editorial errors or omissions
contained herein.
ovbbcrcp()