Thanks Yong for the tips, yes that was a typo on the EPICS_CA_ADDR_LIST.
I have tried manually running Ralphs script (chmod 755) with sudo ifdown ens33 / sudo ifup ens33 to bring down/up the interface. I am seeing the script exit returning 1 which seems like its never reaching the adding of the rules to the iptables.
jetson@ubuntu:/etc/network/if-up.d$ sudo ifup ens33
Listening on LPF/ens33/00:0c:29:c6:6f:a0
Sending on LPF/ens33/00:0c:29:c6:6f:a0
Sending on Socket/fallback
DHCPREQUEST of 192.168.252.132 on ens33 to 255.255.255.255 port 67 (xid=0x2a8e39b)
DHCPACK of 192.168.252.132 from 192.168.252.254
RTNETLINK answers: File exists
/sbin/dhclient-script: 8: /etc/dhcp/dhclient-exit-hooks.d/chrony: /usr/lib/chrony/chrony-helper: not found
bound to 192.168.252.132 -- renewal in 789 seconds.
run-parts: /etc/network/if-up.d/ioc exited with return code 1
Failed to bring up ens33.
I would assume the added broadcast rules from the script would show up in the list iptables -L -v if it ran successfully.
Chain INPUT (policy ACCEPT 143K packets, 110M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- any any anywhere anywhere
0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- any docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 92977 packets, 12M bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
Thanks again everyone for your input.
-----Original Message-----
From: Hu, Yong <yhu at bnl.gov>
Sent: Thursday, March 18, 2021 5:30 PM
To: Manoussakis, Adamandios <manoussakis1 at llnl.gov>; J. Lewis Muir <jlmuir at imca-cat.org>
Cc: tech-talk at aps.anl.gov
Subject: Re: Multiple IOCs on one host Issue
A few comments and suggestions:
1. You had a typo (I guess EPICS_CA_AUTO_ADDR means to be EPICS_CA_AUTO_ADDR_LIST) although the typo probably does not make a difference in your case.
2. As Mark River said in another thread, you really do not need to set EPICS_CA_ADDR_LIST on the IOC Host.
3. Ralph's iptables trick is really the least invasive if you or your IT professional colleagues can make it work.
4. Since you have difficulty making the iptables-trick work, you could try this invasive and nasty method which I occasionally used for Lab tests (just for test, not good for massive production):
1) on the Host 192.168.2.100, in the first IOC's startup script (st.cmd), add this line: epicsEnvSet("EPICS_CA_SERVER_PORT", "5066"). In the second IOC's startup script, add this line: epicsEnvSet("EPICS_CA_SERVER_PORT", "5067"). In the third IOC ...
Basically each IOC has its unique CA Server port instead of the default 5064. After an IOC starts up successfully, type "epicsPrtEnvParams" (or epicsEnvShow) under the EPICS IOC shell to verify your all kinds of EPICS_CA* settings.
2) on the Client 192.168.1.50, do something like this: export EPICS_CA_ADDR_LIST=192.168.2.100:5066 192.168.2.100:5067 192.168.2.100:5068
Basically EPICS_CA_ADDR_LIST a list of Host:EPICS_CA_SERVER_PORT. Again, type "echo $ EPICS_CA_ADDR_LIST " to make sure the settings of EPICS_CA_ADDR_LIST is really what you expect.
This nasty method works for nasty networking.
Cheers,
Yong
On 3/18/21, 6:34 PM, "Tech-talk on behalf of Manoussakis, Adamandios via Tech-talk" <tech-talk-bounces at aps.anl.gov on behalf of tech-talk at aps.anl.gov> wrote:
Hi Lewis,
Env Vars are
Host setup
EPICS_CA_ADDR_LIST=Client IP
EPICS_CA_AUTO_ADDR=YES
Client setup
EPICS_CA_ADDR_LIST=Host IP
EPICS_CA_AUTO_ADDR=YES
I don't think the env variables are the cause in this case but I did try looking at the iptables --list and --list-rules after manually running Ralphs script with sudo and wasn't seeing the added rules from the script. I would think its possible to manually sudo run the script to get them added but I am not that familiar with it.
-----Original Message-----
From: J. Lewis Muir <jlmuir at imca-cat.org>
Sent: Thursday, March 18, 2021 3:02 PM
To: Manoussakis, Adamandios <manoussakis1 at llnl.gov>
Cc: 'Ralph Lange' <ralph.lange at gmx.de>; tech-talk at aps.anl.gov
Subject: Re: Multiple IOCs on one host Issue
On 03/18, Manoussakis, Adamandios via Tech-talk wrote:
> Setup is as follows:
>
> Client 192.168.1.50
> Client running caget PV1
> Env variable CA_ADDR is set to the host ip and CA_AUTO is set to YES
>
> Host 192.168.2.100
> Host running 4-5 IOCs (script is in both of the
> /etc/network/if-up/down.d folders and have been made executable) Env
> variable CA_ADDR is set to the client ip and CA_AUTO is set to YES
Those aren't the right environment variables. You might be abbreviating the names on purpose, but I would recommend you state the exact names you're using so that no one has to guess what you mean, and also just in case you've got a typo in any of them.
Lewis
- Replies:
- Re: Multiple IOCs on one host Issue Ralph Lange via Tech-talk
- References:
- Multiple IOCs on one host Issue Manoussakis, Adamandios via Tech-talk
- Re: Multiple IOCs on one host Issue Jeong Han Lee via Tech-talk
- Re: Multiple IOCs on one host Issue Jeong Han Lee via Tech-talk
- RE: Multiple IOCs on one host Issue Manoussakis, Adamandios via Tech-talk
- Re: Multiple IOCs on one host Issue Mark Rivers via Tech-talk
- Re: Multiple IOCs on one host Issue Ralph Lange via Tech-talk
- RE: Multiple IOCs on one host Issue Mark Rivers via Tech-talk
- RE: Multiple IOCs on one host Issue Manoussakis, Adamandios via Tech-talk
- Re: Multiple IOCs on one host Issue J. Lewis Muir via Tech-talk
- RE: Multiple IOCs on one host Issue Manoussakis, Adamandios via Tech-talk
- Re: Multiple IOCs on one host Issue Hu, Yong via Tech-talk
- Navigate by Date:
- Prev:
Job Opening at SLAC National Accelerator Laboratory Zelazny, Michael Stanley via Tech-talk
- Next:
Regarding using area detector for webcam integration to the control system Siddharth Vardhan Pratihast via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Multiple IOCs on one host Issue Hu, Yong via Tech-talk
- Next:
Re: Multiple IOCs on one host Issue Ralph Lange via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
|