Project

General

Profile

Conventions and Tools » History » Version 23

Eric Flumerfelt, 06/10/2014 12:18 PM

1 1 Peter Shanahan
h1. Conventions and Tools
2 1 Peter Shanahan
3 1 Peter Shanahan
h2. Overview
4 1 Peter Shanahan
5 1 Peter Shanahan
The user interface environment to the DAQ system is hosted in VNC servers running on DAQ cluster computers at various sites.  Users interact with these via VNC viewers hosted on control room desktops, and for experts, on their own desktop or laptop.  
6 1 Peter Shanahan
7 3 Peter Shanahan
The NovaControlRoom package contains icons and scripts to automatically set up the needed ssh tunnels, and launch the VNC viewers.  See "docdb-8406":http://nova-docdb.fnal.gov:8080/cgi-bin/RetrieveFile?docid=8406;filename=UsingDesktopVNCIcons.pdf for a User's Guide.
8 1 Peter Shanahan
9 9 Peter Shanahan
h3. VNC Servers
10 9 Peter Shanahan
11 11 Peter Shanahan
To set up VNC servers for the control room, see the [[VNCSetup| VNC Setup How-To]].
12 10 Peter Shanahan
13 10 Peter Shanahan
h3. VNC Viewers
14 10 Peter Shanahan
15 10 Peter Shanahan
16 10 Peter Shanahan
The command to start a viewer is including in the script launched by the desktop icons described in the User's Manual mentioned above, but the underlying command is of the form
17 10 Peter Shanahan
<pre> vncviewer -Fullscreen -Shared -passwd ~/.vnc/passwd :<NN> </pre>
18 10 Peter Shanahan
where
19 10 Peter Shanahan
<pre> -Fullscreen # starts in full screen mode
20 10 Peter Shanahan
 -Shared # keeps other users from getting disconnected from the server when you connet
21 10 Peter Shanahan
 NN # two-digit port number (relative to 5900) </pre>
22 9 Peter Shanahan
23 13 Peter Shanahan
h2. Conventions
24 1 Peter Shanahan
25 4 Peter Shanahan
h3. VNC Servers
26 4 Peter Shanahan
27 1 Peter Shanahan
In the current model (as of 2013-04-09), we run up to 4 VNC servers for each detector.  In order to allow for different desktop environments on a single host machine, each VNC server on is run under a different account, using a dedicated port.  We tend to use certain servers for particular functions, but this is subject to change.
28 1 Peter Shanahan
29 8 Peter Shanahan
30 6 Peter Shanahan
| *Station* |*Functions* | *Account* | *Port*|
31 5 Peter Shanahan
| 1 | Run Control
32 1 Peter Shanahan
    Message Logger | novacr01 | 5951 |
33 5 Peter Shanahan
| 2 | Event Display
34 1 Peter Shanahan
  Online Monitoring
35 2 Peter Shanahan
  APD Cooling GUI  | novacr02 | 5952 |
36 5 Peter Shanahan
| 3 | Ganglia | novacr03 | 5953 |
37 2 Peter Shanahan
38 9 Peter Shanahan
The servers for each of these is set up to occupy a 2x2 monitor grid, with total pixel count 3840x2160. 
39 9 Peter Shanahan
40 9 Peter Shanahan
Two VNC servers run on the nova-daq-04 Control Room desktop in the Fermilab 12th floor control room, hosting webcam displays.
41 9 Peter Shanahan
42 17 Peter Shanahan
Note that VNC has a port base of 5900.  However, in addition to the VNC connection itself, it also uses a port for the X11 connection 100 higher than the VNC port.  Since general X11 connections use ports starting at 6010, and assuming less than 40 open connections is a safe bet, a good assumption for VNC port ranges that avoid conflicts with X11 would be 5900-5909 and 5950-5999.  
43 5 Peter Shanahan
44 9 Peter Shanahan
The table below gives the VNC server host name used for each detector:
45 9 Peter Shanahan
46 8 Peter Shanahan
| *Detector* | *Host* |
47 8 Peter Shanahan
| NDOS | novadaq-ctrl-master |
48 16 Peter Shanahan
| NDSBTest | novadaq-nsbapd-master |
49 14 Peter Shanahan
|  FarDet | novadaq-far-master-02 |
50 23 Eric Flumerfelt
| NearDet | novadaq-near-master |
51 8 Peter Shanahan
52 8 Peter Shanahan
53 1 Peter Shanahan
h3. ssh Tunnels
54 5 Peter Shanahan
55 18 Peter Shanahan
ssh tunnels are required to access the port for a VNC server on a remote host (e.g., novacr01@novadaq-ctrl-master.fnal.gov for station 1 on NDOS) from a localhost (e.g., your laptop, or a control room desktop).  Once launched, the tunnel can remain active indefinitely.  The ssh command has the form
56 5 Peter Shanahan
<pre>ssh -L <local_port>:localhost:<remote_port> -N -f -l <remote account> <remote host> </pre> 
57 12 Peter Shanahan
The ssh tunnel is authenticated using a kerberos ticket on the localhost, usually for a special use (i.e., non-personal) principle.  That principle must be in the k5login file for the remote account, and the remote host must be directly reachable from the localhost (i.e., the localhost must be in the fnal.gov domain.)
58 5 Peter Shanahan
59 7 Peter Shanahan
Since a single desktop will often have connections to the "same" display on multiple detectors, we need to have localhost port assignments vary by detector.  The scheme in use by the NovaControlRoom package is
60 1 Peter Shanahan
61 8 Peter Shanahan
| *Station* | *Detector* |*Remote Port* | *Local Port* |
62 1 Peter Shanahan
| 1 | NDOS | 5951 | 5961 |
63 1 Peter Shanahan
| 2 | NDOS | 5952 | 5962 |
64 7 Peter Shanahan
| 3 | NDOS | 5953 | 5963 |
65 8 Peter Shanahan
| 1 | NDSBTest | 5951 | 5971 |
66 8 Peter Shanahan
| 2 | NDSBTest | 5952 | 5972 |
67 8 Peter Shanahan
| 3 | NDSBTest | 5953 | 5973 |
68 5 Peter Shanahan
| 1 | FarDet | 5951 | 5981 |
69 7 Peter Shanahan
| 2 | FarDet | 5952 | 5982 |
70 7 Peter Shanahan
| 3 | FarDet | 5953 | 5983 |
71 23 Eric Flumerfelt
| 1 | NearDet | 5951 | 5991 |
72 23 Eric Flumerfelt
| 2 | NearDet | 5952 | 5992 |
73 23 Eric Flumerfelt
| 3 | NearDet | 5953 | 5993 |
74 9 Peter Shanahan
75 9 Peter Shanahan
76 9 Peter Shanahan
h2. Example
77 19 Eric Flumerfelt
78 20 Eric Flumerfelt
*EXPERTS ONLY*
79 19 Eric Flumerfelt
On Windows, using RealVNC Viewer (renamed to vncviewer.exe), MIT Kerberos for Windows, and plink; the following batch file (FarDet1.bat) connects to the first screen of the Far Detector:
80 19 Eric Flumerfelt
Start plink -ssh -L 5981:localhost:5981 <Principal>@<Gateway> "ssh -L 5981:localhost:5951 -N novacr01@novadaq-far-master-02.fnal.gov"
81 19 Eric Flumerfelt
pause
82 19 Eric Flumerfelt
start vncviewer -Shared -passwd passwd localhost:81
83 19 Eric Flumerfelt
84 19 Eric Flumerfelt
passwd is a file with the MD5'd VNC viewer password, and <Gateway> is a machine connected to the Fermilab network accessible from the outside. Using the tables above, it is possible to connect to any detector/station combination.