Am 23.10.21 um 18:40 schrieb Casper Ti. Vector:
On Sat, Oct 23, 2021 at 05:48:23PM +0200, Ben Franksen wrote:
I agree. BTW, another detail is the special handling of certain control
characters by procServ: ^X to restart the child, ^T to toggle auto-restart,
and the possibility to disable some others like ^C and especially ^D; which
is not only convenient but also avoids accidental restarts (people are used
to ^D meaning "exit the shell").
These functionalities would need to be (and would perhaps have better
been) done outside of the `socat'/`recordio' pair, as separate commands
(like `s6-svc -k ...' or `touch .../down') or wrappers. `socat' simply
exits upon ^D/^C by default, so the IOC would not be hurt; I find this
enough to prevent most user errors, therefore more filtering of control
characters seems unnecessary.
Sure, there may be other solutions, it's just another one of those
details that need to be taken care of somehow.
Our approach uses a somewhat hybrid mixture of several components. Since the
OS is Debian we use systemd service units, one for each IOC. They are
executing `/usr/bin/unshare -u sethostname %i runuser -u ioc -- softIOC-run
%i` which fakes the host name to trick EPICS' Channel Access "Security" into
the proper behavior, and then drops privileges. softIOC-run is the script of
which I posted a simplified version, with the pipeline between procServ and
multilog. Despite the disadvantages explained by Laurent, so far this works
pretty well (I have never yet observed multilog to crash or otherwise
misbehave). Finally, the configuration for all IOCs (name, which host do
they run on, path to the startup script) all reside in a small database and
there are scripts to automatically install everything, including automatic
enabling and disabling of the service units.
Frankly I find the above a little over-complicated, even discounting the
part about CA security which we do not yet involve. I think you might
be going to find our paper (after publication; it is to be submitted the
next week) interesting in simplifying IOC management.
I am looking forward to it. You may want to post a link when it's done,
here or on the EPICS mailing list.
Cheers
Ben
--
I would rather have questions that cannot be answered, than answers that
cannot be questioned. -- Richard Feynman
