Hvrremotelistener

From HVR
Jump to: navigation, search
Commands
Previous: hvrrefresh
Next: hvrretryfailed
Command Reference

Name

hvrremotelistener – HVR Remote Listener.

Synopsis

hvrremotelistener [-options] portnum [access_conf.xml]

Description

SC-Hvr-RemoteListener 4343-CreateService.png

HVR Remote Listener listens on a TCP/IP port number and invokes an hvr process for each connection. The mechanism is the same as that of the Unix daemon inetd.

On Windows HVR Remote Listener is a Windows Service which is administered with option -a.

The account under which it is installed must be member of the Administrator group, and must be granted privilege to act as part of the Operating System (SeTcbPrivilege). The service can either run as the default system account, or (if option -P is used) can run under the HVR account which created the Windows Service.

On Unix and Linux HVR Remote Listener runs as a daemon which can be started with option -d and killed with option -k.

Optionally, after the port number an access configuration file can be specified. This can be used to authenticate the identity of incoming connections using SSL. For example, the following contents will restrict access to only connections from a certain hub machine:

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hvraccess SYSTEM "hvraccess.dtd">
<hvraccess>
  <allow>
    <from> <host>myhub</host> <ssl remote_cert="hub"/> </from>
  </allow>
</hvraccess>


Options

Parameter Description
-ax
Windows
Administration operations for Microsoft Windows system service. Values of x can be:
c Create the HVR Remote listener system service.
s Start the HVR Remote listener system service.
h Halt (stop) the system service.
d Destroy the system service.

Several -ax operations can be supplied together; allowed combinations are e.g. -acs (create and start) or -ahd (halt and destroy). Operations -as and -ah can also be performed from the Manage ▶ Services and Applications ▶ Services window of Windows.

-A
Unix & Linux
Remote HVR connections should only authenticate login/password supplied from hub, but should not change from the current Operating System username to that login. This option can be combined with the -p option (PAM) if the PAM service recognizes login names which are not known to the Operating System. In that case the inetd service should be configured to start the HVR slave as the correct Operating System user (instead of root).
-cclus\clusgrp
Windows
Enroll the Remote Listener Service in a Windows cluster named clus in the cluster group clusgrp. Once the service is enrolled in the cluster it should only be stopped and started with the Windows cluster dialogs instead of the service being stopped and started directly (in the Windows Services dialog or with options -as or -ah). In Windows failover clusters clsgrp is the network name of the item under Services and Applications. The group chosen should also contain the remote location; either the DBMS service for the remote database or the shared storage for a file location's top directory and state directory. The service needs to be created (with option -ac) on each node in the cluster. This service will act as a 'Generic Service' resource within the cluster. This option must be used with option -a.
-d Start hvrremotelistener as a daemon process.
-Ename=value Set environment variable name to value value for the HVR processes started by this service.
-i Interactive invocation. HVR Remote Listener stays attached to the terminal instead of redirecting its output to a log file.
-k Stop hvrremotelistener daemon using the process–id in $HVR_CONFIG/files/hvrremotelistenerport.pid.
-Kpair SSL encryption using two files (public certificate and private key) to match public certificate supplied by /SslRemoteCertificate. If pair is relative, then it is found in directory $HVR_HOME/lib/cert. Value pair specifies two files; the names of these files are calculated by removing any extension from pair and then adding extensions .pub_cert and .priv_key. For example, option -Khvr refers to files $HVR_HOME/lib/cert/hvr.pub_cert and $HVR_HOME/lib/cert/hvr.priv_key.
-N Do not authenticate passwords or change the current user name. Disabling password authentication is a security hole, but may be useful as a temporary measure. For example, if a configuration problem is causing an 'incorrect password' error, then this option will bypass that check.
-ppamsrv
Unix & Linux
Use Pluggable Authentication Module pamsrv for login password authentication of remote HVR connections. PAM is a service provided by several Operation Systems as an alternative to regular login/password authentication, e.g. checking the /etc/passwd file. Often -plogin will configure hvr slaves to check passwords in the same way as the operating system. Available PAM services can be found in file /etc/pam.conf or directory /etc/pam.d.
-Ppwd
Windows
Configure HVR Remote Listener service to run under the current login HVR account using password pwd, instead of under the default system login account. May only be supplied with option -ac. Empty passwords are not allowed. The password is kept (hidden) within the Microsoft Windows OS and must be re–entered if passwords change.
-Uuser Limits the HVR slave so it only accepts connections which are able to supply the password for account user. Multiple -U options can be supplied.
Note: HVR Remote Listener is supported on Unix and Linux but it is more common on these machines to start remote HVR executables using the inetd or xinetd process.

When HVR Remote Listener is executed as a Windows service the errors are written to the Windows event log. See screen Programs ▶ AdminitrativeTools ▶ EventViewer ▶ Log ▶ Application.

Custom HVR Password Validation

When hvrremotelistener is used for remote connections (option -r) it must validate passwords. This can be customized if the executable file hvrvalidpw exists in $HVR_HOME/lib/. HVR will then invoke this command without arguments and will supply the login and password as stdin, separated by spaces. If hvrvalidpw returns with exit code 0, then the password is accepted. For more information, see hvrvalidpw.

Examples

Windows

To create and start a Windows listener service to listen on port number 4343:

c:\> hvrremotelistener -acs 4343
Unix & Linux

To run hvrremotelistener interactively so that it listens on a Unix machine, use the following command. Note that option -N is used to disable password authentication; this is necessary when running as an unprivileged user because only root has permission to check passwords.

$ hvrremotelistener -i -N 4343 

Files

Folder-icon.png HVR_HOME
├─ Folder-icon.png bin
├─ hvr Executable for remote HVR service.
└─ hvrremotelistener HVR Remote Listener executable.
└─ Folder-icon.png lib
├─ hvrpasswd Password file employed by hvrvalidpwfile.
├─ hvrvalidpw Used by HVR for user authentication.
├─ hvrvalidpwfile The plugin file for private password file authentication.
├─ hvrvalidpwldap The plugin file for LDAP authentication.
├─ hvrvalidpwldap.conf Configuration for LDAP authentication plugin.
└─ hvrvalidpwldap.conf_example Example configuration file for LDAP authentication plugin.
 
Folder-icon.png HVR_CONFIG
├─ Folder-icon.png files
└─ hvrremotelistenerport_node.pid Process–id of daemon started with option -d.
└─ Folder-icon.png log
└─ Folder-icon.png hvrremotelistener
└─ hvrremotelistenerport.log Logfile for daemon started with -d.

See Also

Command hvr runtime engine.