diff --git a/.gitignore b/.gitignore index 82f9275..983bf4a 100644 --- a/.gitignore +++ b/.gitignore @@ -122,7 +122,6 @@ celerybeat.pid *.sage.py # Environments -.env .venv env/ venv/ diff --git a/template/.env b/template/.env new file mode 100644 index 0000000..6f88e68 --- /dev/null +++ b/template/.env @@ -0,0 +1,17 @@ +# Environment variables for the EPICS IOC ports. Pick unique values +# to allow multiple compose beamlines to run on the same host. +EPICS_CA_SERVER_PORT=5094 +EPICS_CA_REPEATER_PORT=5095 +EPICS_PVA_SERVER_PORT=5105 + +# unique subnet for this compose project, broadcast must match the subnet +CA_SUBNET=170.200.0.0/16 +CA_BROADCAST=170.200.255.255 + +# EPICS name server configuration - do not change +EPICS_PVA_NAME_SERVERS=localhost:${EPICS_PVA_SERVER_PORT} +EPICS_CA_NAME_SERVERS=localhost:${EPICS_CA_SERVER_PORT} + +# clients outside of containers should use this address list +# to access local containers with this configuration and with default ports too +EPICS_CA_ADDR_LIST="127.0.0.1:${EPICS_PVA_SERVER_PORT} 127.0.0.1:5064" diff --git a/template/.gitignore b/template/.gitignore index 6236544..122d083 100644 --- a/template/.gitignore +++ b/template/.gitignore @@ -9,3 +9,8 @@ venv* # and is created at runtime by IOCs using PVI opi/auto-generated/* !opi/auto-generated/README.md + +# these files are generated from templates +# when sourcing environment.sh +services/pvagw/config/pvagw.config +services/phoebus/config/settings.ini diff --git a/template/compose.yaml b/template/compose.yaml index 7efbd59..8d6930c 100644 --- a/template/compose.yaml +++ b/template/compose.yaml @@ -15,12 +15,34 @@ # include: - # test and deploy profiles - - services/example-test-01/compose.yml - - services/gateway/compose.yml + # all profiles + - services/example-test-01/compose.yml + - services/gateway/compose.yml + - services/pvagw/compose.yml - # dev and test profiles - - services/phoebus/compose.yml + # dev and test profiles + - services/phoebus/compose.yml - # deploy profile only - - services/epics-opis/compose.yml + # deploy profile only + - services/epics-opis/compose.yml + + +services: + # define an init service to set up phoebus and pvagw config files + init: + image: ubuntu + security_opt: + - label=disable + restart: never + volumes: + - .:/workspace + command: /bin/bash -c "/workspace/include/init.sh" + environment: + - EPICS_CA_SERVER_PORT + - EPICS_CA_REPEATER_PORT + - EPICS_PVA_SERVER_PORT + - CA_SUBNET + - CA_BROADCAST + - EPICS_PVA_NAME_SERVERS + - EPICS_CA_NAME_SERVERS + - EPICS_CA_ADDR_LIST diff --git a/template/environment.sh b/template/environment.sh index 7bae73c..211899f 100644 --- a/template/environment.sh +++ b/template/environment.sh @@ -7,7 +7,6 @@ # docker compose may be backed by podman or docker container engines, see # https://epics-containers.github.io/main/tutorials/setup_workstation.html. - # This script must be sourced if [ "$0" = "$BASH_SOURCE" ]; then echo "ERROR: Please source this script (source ./environment.sh)" @@ -20,7 +19,7 @@ if [[ $(module avail docker-compose 2>/dev/null) != "" ]] ; then fi # podman vs docker differences. -if podman version &> /dev/null; then +if podman version &> /dev/null && [[ -z $USE_DOCKER ]] ; then USER_ID=0; USER_GID=0 DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock docker=podman @@ -29,7 +28,6 @@ else unset DOCKER_HOST docker=docker fi - echo using $docker as container engine # ensure local container users can access X11 server @@ -39,9 +37,9 @@ xhost +SI:localuser:$(id -un) # set user id for the phoebus container for easy X11 forwarding. export UIDGID=$USER_ID:$USER_GID -# choose test profile for docker compose +# default to the test profile for docker compose export COMPOSE_PROFILES=test # for test profile our ca-gateway publishes PVS on the loopback interface export EPICS_CA_ADDR_LIST=127.0.0.1 # make a short alias for docker-compose for convenience -alias dc='docker compose' +alias dc='$docker compose' diff --git a/template/include/init.sh b/template/include/init.sh new file mode 100755 index 0000000..c2abe47 --- /dev/null +++ b/template/include/init.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +root=$(realpath $(dirname $0)/..) + +echo "setting up configuration file for pva gateway" + +cat $root/services/pvagw/config/pvagw.template | + sed -e "s/172.20.255.255/$CA_BROADCAST/g" \ + -e "s/5075/$EPICS_PVA_SERVER_PORT/g" > \ + $root/services/pvagw/config/pvagw.config + +echo "setting up configuration file for phoebus" + +cat $root/services/phoebus/config/settings.template | + sed -e "s/5064/$EPICS_CA_SERVER_PORT/g" \ + -e "s/5065/$EPICS_CA_REPEATER_PORT/g" \ + -e "s/5075/$EPICS_PVA_SERVER_PORT/g" > \ + $root/services/phoebus/config/settings.ini \ No newline at end of file diff --git a/template/include/ioc.yml.jinja b/template/include/ioc.yml.jinja index 378fcb0..1dc96c7 100644 --- a/template/include/ioc.yml.jinja +++ b/template/include/ioc.yml.jinja @@ -14,6 +14,9 @@ services: # should be (used by machine IOCs) this is for parity (but redundant). location: localhost + security_opt: + - label=disable + # NOTE: blank environment vars should be overriden in individual IOCs environment: IOCSH_PS1: @@ -23,6 +26,9 @@ services: IOC_LOCATION: localhost BEAMLINE: {{ services }} IOC_GROUP: {{ services }} + EPICS_CA_SERVER_PORT: ${EPICS_CA_SERVER_PORT} + EPICS_CA_REPEATER_PORT: ${EPICS_CA_REPEATER_PORT} + EPICS_PVA_SERVER_PORT: ${EPICS_PVA_SERVER_PORT} tty: true stdin_open: true @@ -36,9 +42,6 @@ services: networks: - channel_access - expose: - - "5064-5065/udp" - - "5064-5065" # proxy services that each manage an RTEMS hard IOC ########################## rtems_ioc: diff --git a/template/include/networks.yml b/template/include/networks.yml index 6d9ce15..f0647a8 100644 --- a/template/include/networks.yml +++ b/template/include/networks.yml @@ -1,7 +1,6 @@ networks: channel_access: - name: "channel_access" ipam: driver: default config: - - subnet: "172.20.0.0/16" + - subnet: "${CA_SUBNET}" diff --git a/template/opi/auto-generated/README.md b/template/opi/auto-generated/README.md deleted file mode 100644 index c78dc29..0000000 --- a/template/opi/auto-generated/README.md +++ /dev/null @@ -1,9 +0,0 @@ -OPI Files -========= - -All files under the opi/auto-generated folder will be generated by PVI at IOC runtime. - -These files are not committed to git and any changes made to them will be lost when the related IOC is restarted. - -To make custom opi files, create them in the opi root folder or other subfolders of opi. - diff --git a/template/services/.ioc_template/compose.yml b/template/services/.ioc_template/compose.yml index 8ca79b5..6183ded 100644 --- a/template/services/.ioc_template/compose.yml +++ b/template/services/.ioc_template/compose.yml @@ -1,6 +1,6 @@ services: - replace_me: + ioc_default_name: extends: service: linux_ioc @@ -12,18 +12,18 @@ services: version: 0.1.0 environment: - IOCSH_PS1: replace_me > - IOC_NAME: replace_me + IOCSH_PS1: ioc_default_name > + IOC_NAME: ioc_default_name volumes: - - ../../opi/auto-generated/replace_me:/epics/opi + - ../../opi/auto-generated/ioc_default_name:/epics/opi configs: - - source: replace_me_config + - source: ioc_default_name_config target: epics/ioc/config configs: - replace_me_config: + ioc_default_name_config: file: ./config include: diff --git a/template/services/gateway/compose.yml b/template/services/gateway/compose.yml index b75d967..6bd18ed 100644 --- a/template/services/gateway/compose.yml +++ b/template/services/gateway/compose.yml @@ -15,14 +15,18 @@ services: image: ghcr.io/epics-containers/docker-ca-gateway:2.1.3ec1 - expose: - - 5064-5065/udp - - 5064-5065 + security_opt: + - label=disable ports: # bind to localhost to isolate channel access to this host only - - 127.0.0.1:5064:5064/udp - - 127.0.0.1:5064-5065:5064-5065 + - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT}/udp + - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT} + - 127.0.0.1:${EPICS_CA_REPEATER_PORT}:${EPICS_CA_REPEATER_PORT} + + environment: + EPICS_CA_SERVER_PORT: ${EPICS_CA_SERVER_PORT} + EPICS_CA_REPEATER_PORT: ${EPICS_CA_REPEATER_PORT} restart: unless-stopped @@ -33,7 +37,7 @@ services: - source: ca-gateway_config target: /config - command: -cip 172.20.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1 + command: -cip ${CA_BROADCAST} -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1 profiles: - test @@ -59,10 +63,11 @@ services: ports: # TODO - I need to look into safe config for per server ca-gateways - - 127.0.0.1:5064:5064/udp - - 127.0.0.1:5064-5065:5064-5065 + - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT}/udp + - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT} + - 127.0.0.1:${EPICS_CA_REPEATER_PORT}:${EPICS_CA_REPEATER_PORT} - command: -cip 172.20.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1 + command: -cip ${CA_BROADCAST} -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1 profiles: - deploy diff --git a/template/services/phoebus/compose.yml b/template/services/phoebus/compose.yml index d979983..634cf42 100644 --- a/template/services/phoebus/compose.yml +++ b/template/services/phoebus/compose.yml @@ -5,17 +5,23 @@ services: phoebus: container_name: phoebus image: ghcr.io/epics-containers/ec-phoebus:4.7.3ec2 + depends_on: + - init environment: DISPLAY: $DISPLAY + UIDGID: ${UIDGID:-0:0} # defaults to working with rootless + tty: true # pick a server port for phoebus so it does not reconnect to existing phoebus command: phoebus-product/phoebus.sh -settings /config/settings.ini -resource /opi/demo.bob -server 7010 volumes: - /tmp/.X11-unix:/tmp/.X11-unix - - ~/.Xauthority:/root/.Xauthority - ../../opi:/opi - ../../..:/workspaces + security_opt: + - label=disable + # for X11 to work we need to run as the same UID as the host # IMPORTANT: set UIDGID to your host user:group e.g. 1000:1000 # BUT: always to 0:0 if you are using podman diff --git a/template/services/phoebus/config/settings.ini b/template/services/phoebus/config/settings.ini index c4d462b..72c989f 100644 --- a/template/services/phoebus/config/settings.ini +++ b/template/services/phoebus/config/settings.ini @@ -1,4 +1,6 @@ # using localhost for channel access to isolate it to the host for development - -# TODO restore this once we have PVA gateway and IOCS running in the CNI -org.phoebus.pv.ca/addr_list=127.0.0.1 +org.phoebus.pv.ca/addr_list=127.0.0.1:5094 +org.phoebus.pv.ca/server_port=5094 +org.phoebus.pv.ca/repeater_port=5095 +org.phoebus.pv.pva/server_port=5106 +org.phoebus.pv.pva/epics_pva_name_servers=127.0.0.1:5106 diff --git a/template/services/phoebus/config/settings.template b/template/services/phoebus/config/settings.template new file mode 100644 index 0000000..21dadbe --- /dev/null +++ b/template/services/phoebus/config/settings.template @@ -0,0 +1,6 @@ +# using localhost for channel access to isolate it to the host for development +org.phoebus.pv.ca/addr_list=127.0.0.1:5064 +org.phoebus.pv.ca/server_port=5064 +org.phoebus.pv.ca/repeater_port=5065 +org.phoebus.pv.pva/server_port=5075 +org.phoebus.pv.pva/epics_pva_name_servers=127.0.0.1:5075 diff --git a/template/services/pvagw/compose.yml b/template/services/pvagw/compose.yml index f029c5a..da73d4c 100644 --- a/template/services/pvagw/compose.yml +++ b/template/services/pvagw/compose.yml @@ -9,14 +9,18 @@ services: image: ghcr.io/epics-containers/ec-p4p:4.1.12ec1 - expose: - - 5076/udp - - 5075 + depends_on: + - init + + security_opt: + - label=disable ports: - # bind to localhost to isolate channel access to this host only - - 127.0.0.1:5076:5076/udp - - 127.0.0.1:5075:5075 + - 127.0.0.1:${EPICS_PVA_SERVER_PORT}:${EPICS_PVA_SERVER_PORT} + + environment: + - EPICS_PVA_SERVER_PORT=${EPICS_PVA_SERVER_PORT} + - EPICS_PVAS_SERVER_PORT=${EPICS_PVA_SERVER_PORT} restart: unless-stopped @@ -30,10 +34,8 @@ services: command: -c "pvagw /config/pvagw.config --debug" profiles: - # PVAcess cannot set up channels into a container yet, so we are using - # ndstdarrys instead of ndpva for now - # https://github.com/epics-base/pvAccessCPP/issues/197 - - removed + - test + - dev # per server pvagw for deployment ############################################# pvagw-deploy: @@ -42,8 +44,7 @@ services: ports: # TODO investigate how to configure this for deployment - - 127.0.0.1:5076:5076/udp - - 127.0.0.1:5075:5075 + - 127.0.0.1:${EPICS_PVA_SERVER_PORT}:${EPICS_PVA_SERVER_PORT} command: -c "pvagw /config/pvagw.config" diff --git a/template/services/pvagw/config/pvagw.config b/template/services/pvagw/config/pvagw.config index 0d442e2..d0a440f 100644 --- a/template/services/pvagw/config/pvagw.config +++ b/template/services/pvagw/config/pvagw.config @@ -1,9 +1,5 @@ /* Example pvagw configuration * - * GW Server listens on: localhost:5076 and attempts to bind 5075 - * GW Client searches to: 172.20.255.255/16:5076 - * An additional server listening on 5.6.7.8 serves only gateway - * status PVs. */ { "version":2, @@ -12,9 +8,9 @@ { "name":"theclient", "provider":"pva", - "addrlist":"172.20.255.255", + "addrlist":"170.200.255.255", "autoaddrlist":false, - "serverport":5075, + "serverport":5106, "bcastport":5076 } ], @@ -25,7 +21,7 @@ /* "interface":["127.0.0.1"], */ /* "addrlist":"127.255.255.255", */ "autoaddrlist":false, - "serverport":5075, + "serverport":5106, "bcastport":5076, "statusprefix":"sts:" /* "access":"some.acf", */ diff --git a/template/services/pvagw/config/pvagw.template b/template/services/pvagw/config/pvagw.template new file mode 100644 index 0000000..0d442e2 --- /dev/null +++ b/template/services/pvagw/config/pvagw.template @@ -0,0 +1,35 @@ +/* Example pvagw configuration + * + * GW Server listens on: localhost:5076 and attempts to bind 5075 + * GW Client searches to: 172.20.255.255/16:5076 + * An additional server listening on 5.6.7.8 serves only gateway + * status PVs. + */ +{ + "version":2, + "readOnly":false, + "clients":[ + { + "name":"theclient", + "provider":"pva", + "addrlist":"172.20.255.255", + "autoaddrlist":false, + "serverport":5075, + "bcastport":5076 + } + ], + "servers":[ + { + "name":"theserver", + "clients":["theclient"], + /* "interface":["127.0.0.1"], */ + /* "addrlist":"127.255.255.255", */ + "autoaddrlist":false, + "serverport":5075, + "bcastport":5076, + "statusprefix":"sts:" + /* "access":"some.acf", */ + /* "pvlist":"some.pvlist", */ + } + ] +} \ No newline at end of file