Experimental Physics and
Industrial Control System

"Manoussakis, Adamandios via Tech-talk" <tech-talk at aps.anl.gov> · Tue, 25 May 2021 00:53:59 +0000

Hey Jorn,

I checked nmap shows tcp ports 17665-17668 are open.  

I am able to caget records from the Server PC for scalar records, I did run into one issue of grabbing large arrays (checked the epics_ca_max_array_bytes) and still getting virtual circuit disconnected source file: ../getCopy.cpp but  I think that may be a separate issue from the http requests not being served.

I checked the server.xml file make sure the http connector was set to the port of the mgmt 17665, left the redirect port to 8443 (I assume this is an internal port for the mgmt webserver?)

I did setup the archiver and phoebus on a local network just to retest, works fine when everything is on the same subnet.  Is it possible that the http request is going to that 17665 port but the reply from the mgmt server is not coming back on the proper port?  I have noticed sometimes if I leave it trying to connect for a long time, it will load parts bits of the html page but the JS pieces never load when its going through this larger intranet.

-----Original Message-----
From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of Manoussakis, Adamandios via Tech-talk
Sent: Thursday, May 20, 2021 2:53 PM
To: Jörn Dreyer <j.dreyer at hzdr.de>
Cc: EPICS tech-talk <tech-talk at aps.anl.gov>
Subject: RE: Archiver Appliance mgmt tomcat issue

Thanks Jorn,

I will see what nmap returns, need to get it installed on that particular PC.  I did test to see if caget was working and I was able to retrieve data from the PC that is running the archiver/IOCs.  Seems like two separate things, really feels like it has to be something blocking the GET http request either on the network or archiver config.  The IOCs I have running are on the same PC that the archiver is running and the other Client PC is on another subnet.  Basically 172.21.80.20 (Client PC) and 172.21.100.50 (archiver PC).

-----Original Message-----
From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of Jörn Dreyer via Tech-talk
Sent: Tuesday, May 18, 2021 11:47 PM
To: tech-talk at aps.anl.gov
Subject: Re: Archiver Appliance mgmt tomcat issue

Hi Adam,

if you have nmap installed on the client PC you can check if the archiver port is accessible from the client with:

nmap -Pn -p 17600-17700 <archiver IP>

You might have to ask someone with root acces to the PC to issue this comnmand. 

If it shows the port 17665 it will tell you wether it is open, closed or filtered. Normaly all routers block trafic between different subnets. I gues only the ssh and ca-1/2 ports once got opened by your IT. If nmap shows the port as filtered, you have to ask your IT to open the port on the firewal/ router between the subnets. If it is shown as closed, then there is a firewall on the archiver server which blocks it.
Are you shure you contact the archiver server with caget? You can ask for info about a PV with cainfo:

cainfo -s 5 <PV name>

It will tell you from where it gets the PV. There might be a gateway server running somewhere that gives you access to the PV's from one of the subnets (PC?). Depending in which your IOC's are running this will hand over the PV's from one to the other subnet by being connected to both. Yoiu can also check in the archiver from wher it gets the PV's. Just go to the reporst page and click on details of one of teh PV's it recently archived. 

Regards,

Jörn

Am Mittwoch, 19. Mai 2021, 06:54:48 CEST schrieb Manoussakis, Adamandios via
Tech-talk:
> Hey Han,
> 
> Tried to switch the localhost with the ip but still didn’t have any success.
>  I did also try to switch back that server.xml port to 8080 just to 
> try but that didn’t help either.

> <Connector connectionTimeout="20000" port="17665" protocol="HTTP/1.1"
> redirectPort="8443"/>

> I will double check but caget,camonitor, caput seem to work fine from 
> the PC to the same PC that has the archiver from what I remember.  I 
> made sure the env variables are set on the client PC correctly.

> 
> From: Han Lee <jeonglee at lbl.gov>
> Sent: Tuesday, May 18, 2021 12:12 PM
> To: Manoussakis, Adamandios <manoussakis1 at llnl.gov>
> Cc: EPICS tech-talk <tech-talk at aps.anl.gov>
> Subject: Re: Archiver Appliance mgmt tomcat issue
> 
> Hi Adam,
> 
> Please change all localhost to your IP address, which you are using. 
> And let me know what it will be.

> Best,
> Han
> 
> On Tue, May 18, 2021 at 12:11 PM Manoussakis, Adamandios 
> <manoussakis1 at llnl.gov<mailto:manoussakis1 at llnl.gov>> wrote:
 Hi Han,  I am
> just running one appliance in the archiver.
> 
> <?xml version='1.0' encoding='utf-8'?>
> <!--
>   Took the contents from single\_machine\_install.sh, and modified
>   them according to our configuration.
> -->
> <appliances>
>    <appliance>
>      <identity>appliance0</identity>
>      <cluster_inetport>localhost:16670</cluster_inetport>
>     
> <mgmt_url>https://urldefense.us/v3/__http://localhost:17665/mgmt/bpl__
> ;!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIi
> B4nBG2THieQh0zifhj$ </mgmt_url<https://urldefense.us/v
> 3/__https://urldefense.us/v3/__http://localhost:17665/mgmt/bpl*3c/mgmt
> _url__;JQ!!G2kpM7uM-TzIFchu!nGHjiV__;Kg!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-
> eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIiB4nBG2THieQmf4cMFB$
> Krufmch60hRREQERG1iOhIHW8hK3q_uiY2WNnKyXHXlb2GK3Xr8C-vihqJWJZB$>>
> <engine_url>https://urldefense.us/v3/__http://localhost:17666/engine/b
> pl__;!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJE
> jFIiB4nBG2THieQnx9CbDP$
> </engine_url<https://urldefense.us/v3/__https://urldefens__;!!G2kpM7uM
> -TzIFchu!mAgqtCUr9AY-eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIiB4nBG2THieQ
> uwROKKu$
> e.us/v3/__https://urldefense.us/v3/__http://localhost:17666/engine/bpl
> *3c/engine_url__;JQ!!G2kpM7uM-TzIF__;Kg!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-
> eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIiB4nBG2THieQrza3wni$
> chu!nGHjiVKrufmch60hRREQERG1iOhIHW8hK3q_uiY2WNnKyXHXlb2GK3Xr8C-vikIRxz
> mH$>>
> <etl_url>https://urldefense.us/v3/__http://localhost:17667/etl/bpl__;!
> !G2kpM7uM-TzIFchu!mAgqtCUr9AY-eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIiB4
> nBG2THieQol8xDuy$ </etl_url<https://urldefense.us/v3/_
> _https://urldefense.us/v3/__http://localhost:17667/etl/bpl*3c/etl_url_
> _;JQ!!G2kpM7uM-TzIFchu!nGHjiVKrufm__;Kg!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-
> eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIiB4nBG2THieQlCWc1dy$
> ch60hRREQERG1iOhIHW8hK3q_uiY2WNnKyXHXlb2GK3Xr8C-vig9oXHpy$>>
> <retrieval_url>https://urldefense.us/v3/__http://localhost:17668/retri
> eval/bpl__;!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-eiorWkCP40zuHBEBV1hNbFAPUFHH
> 2DKeJEjFIiB4nBG2THieQnM563dw$ </retrieval_url<https:// 
> urldefense.us/v3/__https://urldefense.us/v3/__http://localhost:17668/r
> etrieval/bpl*3c/retrieval_url__;JQ__;Kg!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-
> eiorWkCP40zuHBEBV1hNbFAPUFHH2DKeJEjFIiB4nBG2THieQhHJnG9C$
> !!G2kpM7uM-TzIFchu!nGHjiVKrufmch60hRREQERG1iOhIHW8hK3q_uiY2WNnKyXHXlb2
> GK3Xr8
> C-vikwJsRIs$>>
> <data_retrieval_url>https://urldefense.us/v3/__http://localhost:17668/
> retrieval__;!!G2kpM7uM-TzIFchu!mAgqtCUr9AY-eiorWkCP40zuHBEBV1hNbFAPUFH
> H2DKeJEjFIiB4nBG2THieQgCpSgNk$ </data_retrieval_url<ht 
> tps://urldefense.us/v3/__http:/localhost:17668/retrieval*3c/data_retri
> eval_u
> rl__;JQ!!G2kpM7uM-TzIFchu!nGHjiVKrufmch60hRREQERG1iOhIHW8hK3q_uiY2WNnK
> yXHXlb
> 2GK3Xr8C-vijp3qJkt$>> </appliance>
> </appliances>
> 
> 
> From: Han Lee <jeonglee at lbl.gov<mailto:jeonglee at lbl.gov>>
> Sent: Tuesday, May 18, 2021 10:49 AM
> To: Manoussakis, Adamandios
> <manoussakis1 at llnl.gov<mailto:manoussakis1 at llnl.gov>>
 Cc: EPICS tech-talk
> <tech-talk at aps.anl.gov<mailto:tech-talk at aps.anl.gov>> Subject: Re: 
> Archiver Appliance mgmt tomcat issue
> 
> Hi Adam,
> 
> Can you share your appliances.xml file? I want to see how you define them.
> 
> Best,
> Han
> 
> 
> On Tue, May 18, 2021 at 9:46 AM Manoussakis, Adamandios via Tech-talk 
> <tech-talk at aps.anl.gov<mailto:tech-talk at aps.anl.gov>> wrote:
 Hi Andrew,
> 
> 
> Sorry for the confusion on the ips, the internal network we run this 
> on does route properly. I am able to ping the corresponding computers 
> and also we have another web server running that I am able get to.  I 
> don’t think it’s the web browser or Phoebus, since I have tried just 
> doing direct queries through python and not getting a response either.
> I asked our IT again and there shouldn’t be anything blocking.

> 
> On May 18, 2021, at 8:23 AM, Johnson, Andrew N.
> <anj at anl.gov<mailto:anj at anl.gov>> wrote:
  HI Adam,
> 
> On May 18, 2021, at 2:01 AM, Manoussakis, Adamandios via Tech-talk 
> <tech-talk at aps.anl.gov<mailto:tech-talk at aps.anl.gov>> wrote:

> I am trying to figure out why I cannot access the front end interface 
> of the archiver 
> (192.168.3.50:17665/mgmt/ui/index.html<https://urldefense.us/v3/__http
> :/192
> .168.3.50:17665/mgmt/ui/index.html__;!!G2kpM7uM-TzIFchu!gHpAie0-gSo81L
> il6dDD
> HZ78eCLRM7TIjxF_ndJZ7UaRy1osZ2d0VUfl4XW1MNI25aU9$>) from another subnet. 
> Locally it works perfectly fine, able to archive PVs and retrieve with 
> Phoebus for example or even using python.  When I try to get the web 
> page to serve up on another PC that is not on the same subnet
> 192.168.2.25(PC) and 192.168.3.50(Archiver) for example it seems like 
> the request gets stuck.  Some possible debugging has led to the JS not 
> being loaded properly on the web browsers but I have looked for 
> anything that would block on the network and cant seem to find any issue.

> The IP addresses that you are using (192.168.*.*) are in the Private 
> IP range, and are often not
> routable<https://urldefense.us/v3/__https:/serverfault.com/questions/8
> 96456
> /what-makes-a-private-ip-address-not-routable/896457__;!!G2kpM7uM-TzIF
> chu!iW
> g8k_-fgpyqbpoepJc3XNYfOaeHk5JBqGhlUqLwyjWPQ6X0miQJSIqcL5SRtM5bny_B$>
> (at least when it comes to transit over the public internet). Do you 
> know for sure that your routers are properly configured to pass 
> packets between these subnets? Can you ping between them (both ways) 
> and make some kind of a TCP connection (e.g. ssh or telnet) with devices in the other subnet?

> I know nothing about the internals of the Archiver Appliance, tomcat, 
> or the Java network stack, but it’s conceivable that something there 
> (or even in a
> firewall) might also be preventing packets from the other private 
> network from being delivered or sent.

> Just an idea, I might be completely wrong though.
> 
> - Andrew
> 
> --
> Complexity comes for free, simplicity you have to work for.
> 
> 
> 
> --
> Jeong Han Lee, Dr.rer.nat.
> Staff Scientist and Engineer
> Lawrence Berkeley National Laboratory
> 1 Cyclotron Road Mailstop 46R0161
> Berkeley, CA 94720, United States
> Tel :+1-510-486-6163
> Cell:+1-510-384-3868
> 
> 
> --
> Jeong Han Lee, Dr.rer.nat.
> Staff Scientist and Engineer
> Lawrence Berkeley National Laboratory
> 1 Cyclotron Road Mailstop 46R0161
> Berkeley, CA 94720, United States
> Tel :+1-510-486-6163
> Cell:+1-510-384-3868

Experimental Physics and Industrial Control System

Experimental Physics and
Industrial Control System