Project

General

Profile

Channel Access Gateway for Mu2e DCS » History » Version 5

« Previous - Version 5/9 (diff) - Next » - Current version
Glenn Horton-Smith, 11/12/2019 11:38 AM
Add example manual setup


Channel Access Gateway for Mu2e DCS

Overview

We will use Channel Access PV gateway for three things:

1. Connecting to PVs on different subnets with only one TCP port open between them (e.g., development systems at SYDET, test beam, FCC, and the Mu2e building). (Useful for development, not needed for production.)

2. Reducing network traffic by aggregating redundant requests for the same variable and streamlining channel discovery.

3. Added security and channel logging.

To do this, we run a single gateway process on one computer on each subnet listening on server port 5069, and set it to use EPICS_CA_AUTO_ADDR_LIST=YES and EPICS_CA_ADDR_LIST=(subnet multicast addresses) with standard ports.

All other clients on every network will run with EPICS_CA_AUTO_ADDR_LIST=NO in order to accomplish goal 2, and EPICS_CA_ADDR_LIST="" (blank), and EPICS_CA_NAME_SERVERS="(ip address of gateway machine 1):5069 (ip address of gateway machine 2):5069 (ip address of gateway machine 3):5069..." in order to accomplish goals 1 and 3.

Example of manual setup (very rough)

start:
 - Log in to mu2edaq01
 - $ . /mu2e/ups/setup
 - $ setup  epics v3_15_5 -q e14
 - $ caget Mu2e_Weather_1/temperature_degF
 - Does it produce output like "Mu2e_Weather_1/temperature_degF 14.8031"? :
   - Yes:
     - cainfo Mu2e_Weather_1/temperature_degF:
"""        
Mu2e_Weather_1/temperature_degF
    State:            connected
    Host:             mu2edaq12-data.fnal.gov:5064
    Access:           read, write
    Native data type: DBF_DOUBLE
    Request type:     DBR_DOUBLE
    Element count:    1
""" 
     - $ export EPICS_CA_ADDR_LIST=''
     - $ export EPICS_CA_AUTO_ADDR_LIST=''
     - $ caget Mu2e_Weather_1/temperature_degF
""" 
CA.Client.Exception...............................................
    Warning: "Empty PV search address list" 
    Source File: ../udpiiu.cpp line 372
    Current Time: Tue Nov 12 2019 11:14:19.431250568
..................................................................
Channel connect timed out: 'Mu2e_Weather_1/temperature_degF' not found.
""" 
     - $ export EPICS_CA_NAME_SERVERS=mu2edaq01.fnal.gov:5069
     - $ caget Mu2e_Weather_1/temperature_degF
       -- same result
     - $ ca-gateway/bin/linux-x86_64/gateway -sport 5069 -server
     - $ caget Mu2e_Weather_1/temperature_degF
"""     
Mu2e_Weather_1/temperature_degF 15.9175
""" 
     - $ cainfo Mu2e_Weather_1/temperature_degF
""" 
Mu2e_Weather_1/temperature_degF
    State:            connected
    Host:             mu2edaq01-ctrl.fnal.gov:5069
    Access:           read, no write
    Native data type: DBF_DOUBLE
    Request type:     DBR_DOUBLE
    Element count:    1
""" 
     - SUCCESS! Now try it on another network
     - $ ssh -K mu2edcs@mu2epix01
     - $ source /opt/epics/setup
     - $ caget Mu2e_Weather_1/temperature_degF
""" 
Channel connect timed out: 'Mu2e_Weather_1/temperature_degF' not found.
""" 
     - $ export EPICS_CA_NAME_SERVERS=mu2edaq01.fnal.gov:5069
     - $ caget Mu2e_Weather_1/temperature_degF
"""     
CAC: Unable to connect because "No route to host" 
Channel connect timed out: 'Mu2e_Weather_1/temperature_degF' not found.
CAC TCP socket shutdown error was Transport endpoint is not connected
""" 
     - logout from mu2edcs@mu2pix01
     - $ ssh -K -R 5068:localhost:5069 mu2edcs@mu2epix01
     - $ source /opt/epics/setup
     - $ export EPICS_CA_NAME_SERVERS=localhost:5068
     - $ caget Mu2e_Weather_1/temperature_degF
"""     
Mu2e_Weather_1/temperature_degF 15.7241
""" 
     - $ cainfo Mu2e_Weather_1/temperature_degF
""" 
Mu2e_Weather_1/temperature_degF
    State:            connected
    Host:             localhost:5068
    Access:           read, no write
    Native data type: DBF_DOUBLE
    Request type:     DBR_DOUBLE
    Element count:    1
""" 
     - SUCCESS!

  - No, didn't work?
     - ... to be written

Alternate approach using ssh

Ssh tunnels could be used as an alternative to opening port 5069 to access from specific machines. This would introduce an administrative burden in assigning separate ports for each tunnel on each network and in maintaining a system to start and keep alive the ssh tunnels.

--- or equivalently ---

Temporary setup (2019-05-02)

We don't have port 5069 open for direct connections to mu2edaq01 from mu2epix01 yet, so for demonstration purposes there is an ssh tunnel connecting a server running on port 5068 on mu2edaq01 to 5068 on mu2epix01.

Here is a minimal working example that works on mu2epix01 to access variables that are served by IOCs on the FCC test stand subnet:

Connect to mu2epix01 and issue commands:

. /opt/epics/setup
export EPICS_CA_NAME_SERVERS=localhost:5068
caget Mu2e_CompStatus_daq01/voltages_ok Mu2e_CompStatus_daq04/voltages_ok

Result:

Mu2e_CompStatus_daq01/voltages_ok OK
Mu2e_CompStatus_daq04/voltages_ok OK