On 7/12/23 08:59, Murray, Doug wrote:
Hi Michael, here at SLAC we’re planning to run both CA and PVA gateways concurrently on the same subnet using the same access control files. However, the documentation says the existing CA files (ACF/pvlist) are not fully compatible with the pvaGateway.
This is so. The non-default "EVALUATION ORDER DENY, ALLOW" is not
implemented at present. Mainly because I didn't know anyone was
using it. I believe I discussed this with SLAC folks at the time.
The specific concern is that several CA gateways are currently configured with the DENY,ALLOW evaluation order to support multiple gateway instances on the same subnet.
I believe that the original CA gateway instance became overloaded, so a second one was deployed to balance the load. Gateway 1 only provided access to half the PVs by denying access to some and granting access to others. Then gateway 2 was configured in the opposite way, granting access to those PVs denied by gateway 1 but denying access to the others.
So the two pvlist files are identical except for the "EVALUATION ORDER"?
The pvaGateway documentation clearly indicates that the DENY,ALLOW evaluation order is not supported, so I was going to suggest we use a single pvaGateway instance with its own ACF/pvlist. Do you have any suggestions or advice?
This would be the most expedient.
Although, if someone @SLAC wants to have a go. As I look at it
now, supporting the "DENY, ALLOW" order may be as simple as
conditionally reversing the order of the two regex checks.
(and adding unit test coverage)
https://github.com/mdavidsaver/p4p/blob/c042ab07ce34bc415271b0607dadb9fcd836d33c/src/p4p/asLib/pvlist.py#L138-L141
see also for the condition...
https://github.com/mdavidsaver/p4p/blob/c042ab07ce34bc415271b0607dadb9fcd836d33c/src/p4p/asLib/pvlist.py#L59-L63
Another question I have is if "EVALUATION ORDER" changes how a mis-match
is handled. So cross-checking with the CA gateway would be necessary.
- References:
- pvaGateway Access Control questions Murray, Doug via Core-talk
- Navigate by Date:
- Prev:
pvaGateway Access Control questions Murray, Doug via Core-talk
- Next:
Build failed: EPICS Base 7 base-7.0-966 AppVeyor via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
2025
- Navigate by Thread:
- Prev:
pvaGateway Access Control questions Murray, Doug via Core-talk
- Next:
Build failed: EPICS Base 7 base-7.0-966 AppVeyor via Core-talk
- Index:
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
2025
| 
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·