Re: EPICS Docker Container

[Lucas Russo via Tech-talk <tech-talk@aps.anl.gov>]

Hi Florian,

Althought I can't specifically help you with your issue I wonder if the "-net host" docker run flag could help you here. In this way you won't need the CA gateway in the middle of your client/IOC server when running multiple IOCs on the same host. 

My group at the Brazilian Synchrotron is also using docker containers as a way of deploying our IOCs to the control system. Good to know there are more people working in the same way. 

PS: as a side note, ICALEPCS will have a workshop about containers in controls. Maybe this would be interesting for you: https://icalepcs2019.bnl.gov/workshops.html#12

Cheers!

Lucas

On Mon, Jul 8, 2019, 03:58 Florian Feldbauer via Tech-talk <tech-talk@aps.anl.gov> wrote:

Dear all,

at the collaboration meeting last month I presented, that we are looking
into Docker containers for deploying and managing our EPICS
installations for the PANDA experiment.
I have now tested several things with containers for IOCs, ca-gateway,
phoebus and the archive-engine (from phoebus).

@Heinz: During the meeting you asked how the containers get access to
network devices: Actually, this is quiet easy. if you use the bridge
network driver from Docker for the virtual network your containers live in,
NATing is enabled by default. (Otherwise CMS which are usually run
inside of containers could not get their updates ;-) ). So even if you
run mutliple IOCs on the same host, accessing network devices is no problem.
For access those IOCs via CA from a remote host you need a CA gateway as
well. I also tested access to serial devices with asyn+stream.

One thing which is not working for me at the moment is PVaccess. For CA
i add the option `-p 5064-5065:5064-5065 -p 5064-5065:5064-5065/udp` to
publish the CA ports of my container (either IOC or ca-gateway) to the
outside world.
For PVaccess I tried with `-p 5075:5075 -p 5076:5076/udp` but this was
not working. Accessing the IOC from the host directly (via the virual
network) works. So the IOC has a PVaccess server.
Did I miss some important ports for PVaccess or is this protocol working
differently when establishing connections?
The IOC is connected to a virtual network with its own IP address. The
ports are mapped to the physical ports of my host system. The remote
client only "sees" the physical connection of my host.

If anyone is interested in this work let me know! We will establish our
own docker registry server soon, where the images will be made available.

Best regards,
Florian

--
Dr. Florian Feldbauer

Ruhr-Universität Bochum
Experimentalphysik I AG
Universitätsstr. 150
Fach-Nr. 125
D-44801 Bochum

Office: NB 2/134
Phone:  (+49)234 / 32-23563
Fax:    (+49)234 / 32-14170
https://paluma.ruhr-uni-bochum.de