Many tools to manage HP-UX now come with a Web-based interface. Managing Web servers is a task normally associated with a Web administrator. The reality of the situation is that a significant number of administrative applications come with either cut-down Web server software built in to the application, or the necessary configuration files to allow the application to be hosted under an existing Web server daemon. The daemon process associated with the majority of Web servers is a process called httpd
. This daemon will be listening on multiple network ports for incoming requests to display and manipulate Web pages. At its heart, the httpd
process has a configuration file that will document which ports the daemon is to listen on. Don't be surprised if you find multiple httpd
processes on your system. As mentioned previously, many administrative applications come with HP-UX that include a Web-server component:
root@hpeos002[] # ps -ef | grep http
root 2059 1 0 11:42:35 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
webadmin 2066 2059 0 11:42:36 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
webadmin 2064 2059 0 11:42:35 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
www 2335 2330 0 11:43:01 ? 0:00 /opt/hpws/apache/bin/httpd -d /opt/hpws/apache -k start
webadmin 2069 2059 0 11:42:36 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
webadmin 2062 2059 0 11:42:35 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
www 2336 2330 0 11:43:02 ? 0:00 /opt/hpws/apache/bin/httpd -d /opt/hpws/apache -k start
root 2330 1 0 11:43:01 ? 0:00 /opt/hpws/apache/bin/httpd -d /opt/hpws/apache -k start
www 2331 2330 0 11:43:01 ? 0:00 /opt/hpws/apache/bin/httpd -d /opt/hpws/apache -k start
root 3543 3521 4 13:18:27 pts/0 0:00 grep http
root@hpeos002[] #
On this system, we can see that there are essentially two variants of Web-server daemons running: One is Web-server software located under the /usr/obam/server
directory structure, and the other is located under the /opt/hpws/apache
directory structure. These are the two predominant Web servers that come standard with HP-UX. The first one is known as the ObAM-Apache Web server and is used by administrative tools such as Partition Manager. As the name might suggest, this is a variant of the popular Apache Web-server software. In fact, it is simply a cut-down version of this software without the built-in ability to support concepts such as virtual hosts. The second Web server we see on this system is the full-blown Apache Web-server software that is available free with HP-UX 11i. This includes:
HP-UX Apache-based Web Server
HP-UX Webmin-based Administration
HP-UX Tomcat-based Servlet Engine
HP-UX XML Web Server Tools
For more details and access to download this free product, see http://software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE.
The confusing part is “why are there two Web servers in the first place?” The main reason is that the additional administrative tools that come with HP-UX want to provide a convenient interface to manage their product. That interface is a Web-based interface supporting programming languages such as XML, HTML, Java, and so on. The complicating factor is that these additional tools could use essentially the same configuration files as any other Web-server-based products. If these additional tools were to add their configuration files to your Web infrastructure, it could potentially ruin your company's Web portal, possibly causing your company's entire Web site to crash. This would not be a good advertisement for a new administrative tool. As a result, many of these tools come with a cut-down Web server with their own configuration files and associated Web pages. That is exactly the situation we have on the machine above. Neither Web server is started on HP-UX by default. Here's what we need to establish:
Where the configuration files for these daemons are located.
How to configure the basic functionality of the Web server itself.
How to interface with the tools they support.
This is the basic structure of this chapter. We won't go into writing HTML and CGI scripts, because I feel that such tasks are not necessarily the job of a CSE for HP-UX. We look at the basic operation of the two common Web servers we saw on the HP-UX system above: the ObAM-Apache Web server and the full-blown Apache Web server. Please note that other administrative tools may use their own Web-server software located in different directories. The idea of this chapter is to give you an insight into the most common features of a typical httpd.conf
configuration file, wherever it is located. We finish this discussion with a look at some future developments in the area of Web servers to support HP-UX administrative tasks.
The Object Action Manager framework has given us excellent system management tools, such as SAM, in the past. Recently, the number of tools that have come under the ObAM umbrella has increased; we have seen Partition Manager and Service Control Manager (up to version 2.5) to name but two.
The implementation of the Apache Web server for ObAM is located under the /usr/obam/server
directory. This is the ServerRoot
; the top-level directory under which the server's configuration, error, and logfiles are kept. Whenever I reference a directory name, I reference it as a subdirectory under ServerRoot
. The daemon process for the ObAM-Apache Web server is the process httpd
. The configuration file for the daemon is conf/httpd.conf
. The configuration file works straight out of the box for just about any installation. The ObAM-Apache Web server is simple and straightforward; it doesn't have many Dynamic Shared Modules and doesn't come with encryption capabilities (SSL = Secure Sockets Layer), so we don't need to worry about digital certificates and the like. The main issue we experience when trying to start up the ObAM-Apache Web server is that it starts up only if we have DNS configured. Part of the configuration file allows access to the Web server only if your node belongs to a DNS domain. It achieves this by using an Allow
directive that limits who has access to this server:
root@hpeos002[conf] # pwd /usr/obam/server/conf root@hpeos002[conf] # more httpd.conf # # Controls who can get stuff from this server. # Order allow,deny # Change below to reflect domains that may access this server. # This greatly increases security if it is used. System names may be # inserted instead of domain names in order to restrict access to a set # of specifice systems: Allow from <system1>{ <system N>}*. Remember to # restart (#/usr/obam/server/bin/apachectl restart) the server after changing # anything in this file. Allow from insert_domain_here AuthName "HPUX Administration Tools" AuthType Basic </Directory> # # DirectoryIndex: Name of the file or files to use as a pre-written HTML # directory index. Separate multiple entries with spaces. ... root@hpeos002[conf] #
The first time we run the startup script /sbin/init.d/webadmin start
, it fills in the domain name with the domain name it finds inside /etc/resolv.conf
. It fails if we do not explicitly configure the domain
keyword, even though it is not technically required if you have a searchlist. First, we set up the startup configuration file to ensure that the httpd
processes start at boot time:
root@hpeos002[conf] # vi /etc/rc.config.d/webadmin #!/sbin/sh # $Header: /kahlua_src/web/server/etc/webadmin 72.1 1999/09/16 03:51:04 lancer E xp $ # WebAdmin application server configuration. # # WEBADMIN: Set to 1 to start the WebAdmin application server. # WEBADMIN=1 root@hpeos002[conf] #
And then we can attempt to start the daemons:
root@hpeos002[conf] # /sbin/init.d/webadmin start
ERROR: No domain is defined in /etc/resolv.conf
root@hpeos002[conf] #
As you can see, this seems strange, even though DNS is configured and working.
root@hpeos002[conf] # nslookup hpeos002 Name Server: hpeos004.maabof.com Address: 192.168.0.35 Trying DNS Name: hpeos002.maabof.com Address: 192.168.0.34 root@hpeos002[conf] # cat /etc/resolv.conf search maabof.com nameserver 192.168.0.35 # master nameserver 192.168.0.34 # slave root@hpeos002[conf] #
It's a minor thing, but one worth knowing. Once we define our domain
in /etc/resolv.conf
, we have no trouble setting up the daemons:
root@hpeos002[conf] # vi /etc/resolv.conf domain maabof.com search maabof.com nameserver 192.168.0.35 # master nameserver 192.168.0.34 # slave root@hpeos002[conf] # /sbin/init.d/webadmin start /usr/obam/server/bin/apachectl start: httpd started
We can now see what the webadmin
startup script has inserted into my httpd.conf
file:
root@hpeos002[conf] # more httpd.conf ... # restart (#/usr/obam/server/bin/apachectl restart) the server after changing # anything in this file. Allow from maabof.com AuthName "HPUX Administration Tools" AuthType Basic </Directory> ... root@hpeos002[conf] #
This limits access to this Web server to machines inside my domain. If you don't have DNS configured but still want to start up the ObAM-Apache Web server, then a workaround is to edit the httpd.conf
file directly (keep a backup copy beforehand). The default text the /sbin/init.d/webadmin
script is looking for is Allow from insert_domain_here
. If you change that to simply say Allow from all
, the startup script will not even check for the existence of /etc/resolv.conf
.
root@hpeos002[conf] # vi httpd.conf ... # Change below to reflect domains that may access this server. # This greatly increases security if it is used. System names may be # inserted instead of domain names in order to restrict access to a set # of specifice systems: Allow from <system1>{ <system N>}*. Remember to # restart (#/usr/obam/server/bin/apachectl restart) the server after changing # anything in this file. Allow from all AuthName "HPUX Administration Tools" AuthType Basic ... root@hpeos002[conf] #
This does have a security implication in that any machine on your network can browse to this Web server. You could put in a list of hostnames, as you can see in the comments in the file. Some people would say that because you are not participating in a DNS network, it is highly unlikely you will be connected to the external Internet. I can see their point, but you need to appreciate and accept that before enabling this.
If you are going to make any changes to the httpd.conf
file, you should check the syntax of the httpd.conf
file (using the /usr/obam/server/bin/apachectl
command) before restarting the httpd
daemons. Anything other than a Syntax OK
from a configtest
normally stops the daemons from starting up.
root@hpeos002[conf] # ../bin/apachectl configtest Syntax OK root@hpeos002[conf] # ../bin/apachectl restart ../bin/apachectl restart: httpd restarted root@hpeos002[conf] #
By default, the ObAM-Apache Web server starts up four httpd
daemons:
root@hpeos002[conf] # ps -ef | grep httpd
root 4428 4100 3 13:44:03 pts/0 0:00 grep httpd
webadmin 4425 4421 0 13:43:11 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
root 4421 1 0 13:43:11 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
webadmin 4424 4421 0 13:43:11 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
webadmin 4423 4421 0 13:43:11 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
webadmin 4422 4421 0 13:43:11 ? 0:00 /usr/obam/server/bin/httpd -f /usr/obam/server/conf/httpd.conf
root@hpeos002[conf] #
The StartServers
directive in the httpd.conf
file controls this:
root@hpeos002[conf] # vi httpd.conf ... # # Server-pool size regulation. Rather than making you guess how many # server processes you need, Apache dynamically adapts to the load it # sees --- that is, it tries to maintain enough server processes to # handle the current load, plus a few spare servers to handle transient # load spikes (e.g., multiple simultaneous requests from a single # Netscape browser). # # It does this by periodically checking how many servers are waiting # for a request. If there are fewer than MinSpareServers, it creates # a new spare. If there are more than MaxSpareServers, some of the # spares die off. The default values are probably OK for most sites. # MinSpareServers 1 MaxSpareServers 4 # # Number of servers to start initially --- should be a reasonable ballpark # figure. # StartServers 4 # ... root@hpeos002[conf] #
Now that the daemon processes are running, we should be able to browse to the default Web page. Before we do that, we need to know the port number that the httpd
daemons are listening on. Unlike the normal Apache configuration (which listens on port 80), the ObAM-Apache configuration listens on a non-standard port number = 1188:
root@hpeos002[conf] # vi httpd.conf ... # # Port: The port to which the standalone server listens. For # ports < 1023, you will need httpd to be run as root initially. # Port 1188 ... root@hpeos002[conf] #
The last piece of information we need to know is whether there is a default Web page to view once we get there. The location of documents sourced by the daemons is controlled via the DocumentRoot
directive:
root@hpeos002[conf] # grep DocumentRoot httpd.conf # DocumentRoot: The directory out of which you will serve your DocumentRoot "/opt/webadmin" # This should be changed to whatever you set DocumentRoot to. # DocumentRoot /www/docs/host.some_domain.com root@hpeos002[conf] # root@hpeos002[conf] # ll /opt/webadmin total 4 dr-xr-xr-x 3 bin bin 1024 Aug 21 2002 jpi drwxr-xr-x 3 root sys 96 Aug 21 2002 mx dr-xr-xr-x 3 bin bin 96 Aug 21 2002 obam dr-xr-xr-x 4 bin bin 1024 Aug 21 2002 parmgr root@hpeos002[conf] #
The default page that the Web server displays is controlled by the DirectoryIndex
directive. Normally, this defaults to a file called index.html
.
root@hpeos002[conf] grep DirectoryIndex httpd.conf
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
DirectoryIndex index.html
root@hpeos002[conf]
As you can see, there is much in the way of an index.html
file in our DocumentRoot
directory, so if we were to browse to http://www.maabof.com:1188/, we probably wouldn't see very much except some directory names (see Figure 22-1).
As you can see, this isn't particularly interesting. The applications that use the ObAM-Apache Web server put their own Web pages under DocumentRoot
. One of those applications is Partition Manager:
root@hpeos002[conf] # ll /opt/webadmin/parmgr
total 50
-r--r--r-- 1 bin bin 69 Dec 17 2001 .htaccess
dr-xr-xr-x 2 bin bin 2048 Aug 21 2002 graphics
dr-xr-xr-x 3 bin bin 96 Aug 21 2002 help
-r--r--r-- 1 bin bin 1151 Dec 17 2001 index.html
-r-sr-xr-x 1 root bin 16384 Dec 17 2001 startParMgr.cgi
-r--r--r-- 1 bin bin 3774 Dec 17 2001 web_launch.html
root@hpeos002[conf] #
As we can see in Figure 22-2, there is an index.html
file in this directory, so we should see a Web page if we browse there:
Likewise, for any other applications that will make use of this simple Web server, e.g., Service Control Manager (up to version 2.5), we can navigate to http://<server>:1188/mx/
. These applications require a plug-in to be applied to your local Web browser. This can be obtained via the main Web page itself. For Partition Manager (see above), the icon to press would be Configure Browser. From that page, there are instructions on how to download the plug-in and configure it for your browser (see Figure 22-3):
Once configured, you can continue to use the browser to manage that particular application.
The full-blown Apache Web server is not started by default on HP-UX. With the current version of the software, the startup configuration file for the Apache Web server is /etc/rc.config.d/hpws_apacheconf
(formerly it was called simply /etc/rc.config.d/apacheconf
):
root@hpeos002[] # cat /etc/rc.config.d/hpws_apacheconf
# Apache Web Server configuration file
# Set HPWS_APACHE_START to 1 to have the Apache web server started by
# the init process.
HPWS_APACHE_START=0
# Set HPWS_APACHE_HOME to the location of the Apache web server.
# Default is /opt/hpws/apache
HPWS_APACHE_HOME=/opt/hpws/apache
root@hpeos002[] #
Previous versions of the Apache product would have had a single configuration file to control the startup of the Tomcat Servlet engine and Webmin administration tool. All three products have separate startup configuration files:
root@hpeos002[] # cd /etc/rc.config.d root@hpeos002[rc.config.d] # ll hpws* -r--r--r-- 1 bin bin 280 Oct 24 18:26 hpws_apacheconf -r--r--r-- 1 bin bin 437 Dec 10 2002 hpws_tomcatconf -r--r--r-- 1 bin bin 247 Dec 10 2002 hpws_webminconf root@hpeos002[rc.config.d] #
The Apache Web server product is installed under /opt/hpws/apache
. The configuration file is similar to the ObAM-Apache configuration file. As this is the full-blown product, there are more options as well as the possibility of loading additional Apache modules to enable features such as SSL, and so on. The configuration file resides under /opt/hpws/apache/conf
. There should be an httpd-std.default
file as well as the http.conf
file. The configuration file follows the same layout as the ObAM-Apache configuration file with Global Environment
directives, e.g., SystemRoot
, and so on, followed by the Main Server
configuration and then the Virtual Hosts
configuration. This configuration file also has an additional section titled HP-UX Apache-based Web Server Documentation
, which references various directories under /opt/hpws/hp_docs
and /usr/share
for online documentation available via the Web browser itself. This section also includes additional configuration files such as ldap.conf
, cache.conf
and ssl.conf
if necessary.
Something to be aware of is that the Apache does not restrict access to simply my domain in the same way as the ObAM-Apache server did.
root@hpeos002[conf] # pwd /opt/hpws/apache/conf root@hpeos002[conf] # more httpd.conf ... ### Section 2: 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a ... # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> ... root@hpeos002[conf] #
As part of the installation process, a number of directives are set up that you may wish to look at:
root@hpeos002[conf] # grep -e ServerName -e ServerAdmin httpd.conf # ServerAdmin: Your address, where problems with the server should be ServerAdmin [email protected] # ServerName gives the name and port that the server uses to identify itself. ServerName hpeos002.maabof.com:80 # ServerName directive. # Set to "EMail" to also include a mailto: link to the ServerAdmin. # your Apache version number and your ServerAdmin email address regardless # ServerAdmin [email protected] # ServerName dummy-host.example.com root@hpeos002[conf] #
You may wish to change the ServerAdmin
directive to a valid email address, or alternately to set up an alias for the www
email account to direct it to the appropriate place. The ServerName
gives you an idea of which port the main Web server listens on by default, port = 80. Instead of using the Port
directive, the Listen
directive is used to tell the daemon which to bind the main daemon to. The logfile enabled by default is simply the error logfile:
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error_log
You might want to look at enabling the access and referrer log files as well.
# The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file. # #CustomLog logs/access_log common # # If you would like to have agent and referer logfiles, uncomment the # following directives. # #CustomLog logs/referer_log referer #CustomLog logs/agent_log agent # # If you prefer a single logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # #CustomLog logs/access_log combined
When we are ready to start the daemon, we can first check the syntax (not the logic) of our logfile with the httpd
command. The new version of the software uses the –t
option instead of configtest
:
root@hpeos002[conf] # ../bin/httpd -t Syntax OK root@hpeos002[conf] # root@hpeos002[conf] # /sbin/init.d/hpws_apache start Apache Started.. root@hpeos002[conf] #
The default Web page for Apache is a bit more interesting than the null page for the ObAM-Apache server (see Figure 22-4).
There are numerous links to help in setting up the Web server. An exceptionally useful link is to Administer
the Web server using a browser interface. This is not enabled by default. This is the software component known as Webmin
. Getting it up and running is relatively straightforward; we simply edit the startup configuration file and run the startup script.
root@hpeos002[conf] # vi /etc/rc.config.d/hpws_webminconf # Webmin configuration file # Set HPWS_WEBMIN_START to 1 to have the Webmin started by the # init process. HPWS_WEBMIN_START=1 # Set HPWS_WEBMIN_HOME to the location of the Webmin. # Default is /opt/hpws/webmin HPWS_WEBMIN_HOME=/opt/hpws/webmin root@hpeos002[conf] # root@hpeos002[conf] # /sbin/init.d/hpws_webmin start Webmin Started.. root@hpeos002[conf] #
We can now navigate via the Administer
hotlink on the default Web page of browse directly to http://www.maabof.com:10000 where we will be asked to log in (username = admin password = hp.com) (see Figure 22-5).
At this point, we are getting into configuring Web servers and Virtual Hosts, HTML, XML, the htpasswd
command, and the like—a path we never intended going down. With our Web server up and running, we can finish our discussion here.
This short chapter was intended to introduce the concept of using Web servers on HP-UX. HP provides ObAM management tools via a cut-down version of the ever-popular Apache Web server. The full-blown Apache Web server is a free addition to HP-UX, and the configuration file straight out of the box can get a Web server up and running quickly and easily. The default Web page offers extensive help in setting up and managing a Web server. HP looks to be continuing and expanding its use of a Web interface to manage HP-UX. Service Control Manager is currently at version 3.00.04, which utilizes a new standard for management tools known as WBEM, Web-Based Enterprise Management. WBEM allows customers to manage their systems consistently across multiple platforms and operating systems, providing integrated solutions that optimize your infrastructure for greater operational efficiency. WBEM enables management applications to retrieve system information and request system operations wherever and whenever required. See http://www.hp.com/large/infrastructure/management/wbem/ for more details. At its core, Service Control Manager utilizes a Tomcat Web server. Service Control Manager has components that run on HP-UX as well as Linux. From a Central Management Station, we can manage up to 1024 nodes. The software integrated into Service Control Manager includes the following:
System Administration Manager (SAM)
Ignite-UX
Software Distributor-UX (SD-UX)
Event Monitoring Service (EMS)
System Inventory Manager (SIM)
Security Patch Check
Process Resource Manager (PRM)
HP-UX Workload Manager (WLM)
Partition Manager
Serviceguard Manager
Kernel Configuration
Common HP-UX and Linux commands
This is the future of System Management!
3.15.237.123