Re: How can I get a PV from an external server from inside a docker container?

[Pete Jemian via Tech-talk <tech-talk at aps.anl.gov>]

Using `bridge` networking, my docker containers (same subnet, different workstations) can `caget` from each other.

https://urldefense.us/v3/__https://github.com/prjemian/epics-docker/blob/c6694c6d86e50976124761380464fc817495bc5a/v1.1/n3_synApps/Makefile*L32-L35__;Iw!!G_uCfscf7eWS!bctj3a7LPUv0Nr2nrngAV9MpfTHcYyvxuf_gi1KVIiMxKsZPF2uZKQhI85epj-fQOGINUn-1OMaLtJFwtKif$ 

On 3/26/2024 3:57 PM, Florian Feldbauer via Tech-talk wrote:
> Hey,
>
> Am 26.03.2024 um 21:49 schrieb Érico Nogueira Rolim:
> > On 26/03/2024 15:08, Florian Feldbauer via Tech-talk wrote:
> > > Hey,
> > >
> > > just for completeness, if you know the IP addresses of all your IOCs you can also use the default docker network and set the Environment variables
> > > EPICS_CA_AUTO_ADDR_LIST no
> > > EPICS_CA_ADDR_LIST <list of all CA server IP addresses>
> > >
> > > In this case, the udp broadcast part of CA seems to be omitted and CA checks the list of IPs directly.
> > You can also combine them, so EPICS_CA_AUTO_ADDR_LIST=YES so hosts reachable by broadcast Just Work, and EPICS_CA_ADDR_LIST for when it isn't an option (this is relevant when outside of containers as well).
> >
> >
> > > At least this worked in my very first tests with containerization of our clients (Archiver, Alarm system, .....)
> > > But of course this approach is rather error prone and you need to change your config every time an IP address changes/is being added.
> > If you want to avoid running your IOC with "network_mode: host", IIRC you can also try adding the broadcast address (last address of the netmask) of your relevant network interfaces to EPICS_CA_ADDR_LIST. That way the CA client doesn't need to enumerate the interfaces in order to find them out, but you also don't need a static knowledge of all IOC hosts.
> but broadcasts do not get forwarded from the virtual docker network to the physical one, so setting EPICS_CA_ADDR_LIST to the "external" broadcast address does not work.
> > > On the other hand, this is the only way I know of if running docker in rootless mode.
> > Does rootless docker not support setting the network to host mode? I'd strongly recommend podman for that use case, then. IMHO it does a much better job at the "rootless container" need for multiple reasons, including supporting host network mode without any issues.
> Rootless docker (as well as podman according to my tests) do not support network_mode host or MACVLAN. So the IOC inside the container is not able to send UDP broadcasts to the external network.
>
>
> > > Cheers,
> > > Florian
> > >
> > >
> > > Am 26.03.2024 um 09:59 schrieb Carsten Winkler via Tech-talk:
> > > > Re: How can I get a PV from an external server from inside a docker container?
> > > >
> > > > Hello Dale, hello Florian,
> > > >
> > > >
> > > > many thanks for your helpful advises. Now I could solve the issue simply by adding "network_mode: host" to the service "epicsbase".
> > > >
> > > > Now my working docker-compose.yml  looks like:
> > > >
> > > >
> > > > services:
> > > >     epicsbase:
> > > >        image: softioc
> > > >        container_name: epicsbase
> > > >        volumes:
> > > >           - ./epicsbase/db:/usr/local/db
> > > >        working_dir: /usr/local/epics
> > > >        command:
> > > >           - /bin/sh
> > > >           - -c
> > > >           - |
> > > >           echo start first Soft IOC
> > > >           screen -d -m /usr/local/epics/epics-base/bin/linux-x86_64/softIoc -D /usr/local/epics/epics-base/dbd/softIoc.dbd -d /usr/local/db/test.db
> > > >           tail -f /dev/null # keep alive
> > > >
> > > >    network_mode: host
> > > >
> > > >
> > > > Best regards
> > > > Carsten
> > > >
> > > >
> > > >     --------------------Ursprüngliche Nachricht--------------------
> > > >     *Von:* Carsten Winkler <carsten.winkler at helmholtz-berlin.de>
> > > >     *Gesendet:* Montag 25. März 2024 14:55
> > > >     *An:* tech-talk at aps.anl.gov
> > > >     *Betreff:* How can I get a PV from an external server from inside a docker container?
> > > >
> > > >     Hello,
> > > >
> > > >     I have 3 SoftIOCs.
> > > >         1.) local host       = 193.100.100.100 with PV: "local_pv"
> > > >         2.) external host  = 192.200.200.200 with PV: "external_pv"
> > > >         3.) docker container    on local host   with PV: "docker_pv"
> > > >
> > > >     From local host I can read all PVs (caget local_pv external_pv docker_pv). 👍
> > > >     From inside the docker container I can read the local_pv and the docker_pv
> > > >     but not the external_pv. 🤔
> > > >
> > > >     Here is my docker compose configuration:
> > > >
> > > >     services:
> > > >         epicsbase:
> > > >            image: softioc
> > > >            container_name: epicsbase
> > > >            volumes:
> > > >               - ./epicsbase/db:/usr/local/db
> > > >            working_dir: /usr/local/epics
> > > >            command:
> > > >               - /bin/sh
> > > >               - -c
> > > >               - |
> > > >               echo start first Soft IOC
> > > >               screen -d -m /usr/local/epics/epics-base/bin/linux-x86_64/softIoc -D /usr/local/epics/epics-base/dbd/softIoc.dbd -d /usr/local/db/test.db
> > > >               tail -f /dev/null # keep alive
> > > >            networks:
> > > >               - ioc-net
> > > >     networks:
> > > >         ioc-net:
> > > >
> > > >     From inside the docker container I have also already tried EPICS_CA_AUTO_ADDR_LIST / EPICS_CA_ADDR_LIST. Unfortunately without success.
> > > >     With and without these environment variables I only get the local_pv and the docker_pv.
> > > >
> > > >     How can I also read the external_pv from inside the docker container?
> > > >
> > > >     Best regards
> > > >     Carsten
> > > --
> > > Ruhr-Universität Bochum
> > > AG der Experimentalphysik I
> > > Dr. Florian Feldbauer
> > > NB 2/131 / Fach 125
> > > Universitätsstr. 150
> > > D-44801 Bochum
> > >
> > > Office: NB 2/134
> > > Phone:  (+49)234 / 32-23563
> > > Fax:    (+49)234 / 32-14170
> > > https://urldefense.us/v3/__https://paluma.ruhr-uni-bochum.de__;!!G_uCfscf7eWS!bctj3a7LPUv0Nr2nrngAV9MpfTHcYyvxuf_gi1KVIiMxKsZPF2uZKQhI85epj-fQOGINUn-1OMaLtC-yiGZy$ 
> >
> >
> > Aviso Legal: Esta mensagem e seus anexos podem conter informações confidenciais e/ou de uso restrito. Observe atentamente seu conteúdo e considere eventual consulta ao remetente antes de copiá-la, divulgá-la ou distribuí-la. Se você recebeu esta mensagem por engano, por favor avise o remetente e apague-a imediatamente.
> >
> > Disclaimer: This email and its attachments may contain confidential and/or privileged information. Observe its content carefully and consider possible querying to the sender before copying, disclosing or distributing it. If you have received this email by mistake, please notify the sender and delete it immediately.
> --
> Ruhr-Universität Bochum
> AG der Experimentalphysik I
> Dr. Florian Feldbauer
> NB 2/131 / Fach 125
> Universitätsstr. 150
> D-44801 Bochum
>
> Office: NB 2/134
> Phone:  (+49)234 / 32-23563
> Fax:    (+49)234 / 32-14170
> https://urldefense.us/v3/__https://paluma.ruhr-uni-bochum.de__;!!G_uCfscf7eWS!bctj3a7LPUv0Nr2nrngAV9MpfTHcYyvxuf_gi1KVIiMxKsZPF2uZKQhI85epj-fQOGINUn-1OMaLtC-yiGZy$ 
--
----------------------------------------------------------
Pete R. Jemian, Ph.D.                 <jemian at anl.gov>
Beam line Controls and Data Acquisition (BC, aka BCDA)
Advanced Photon Source,    Argonne National Laboratory
Argonne, IL  60439                    630 - 252 - 3189
-----------------------------------------------------------
      Education is the one thing for which people
         are willing to pay yet not receive.
-----------------------------------------------------------