| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 2025 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 2025 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | RE: CA Gateway same VM as IOCs/Phoebus and Access/PVList Setup |
| From: | "Manoussakis, Adamandios via Tech-talk" <tech-talk at aps.anl.gov> |
| To: | EPICS tech-talk <tech-talk at aps.anl.gov> |
| Date: | Thu, 2 Dec 2021 02:33:18 +0000 |
|
Made some headway, seems like my understanding works. I was able to open multiple shells and export variables so that the IOC would get server port 5064, the ca gateway would get 5068 for server and 5064 for client and then my caget would
use 5068 for CA requests. I would like to keep my IOCs using 5064 as the default UDP port. Is there a way then to make the ca gateway use specific env variables similar to how the IOC has envSet in the iocboot? I wasn’t sure if I could do something like
CONFIG_ENV with ca gateway. I am planning with Phoebus to use the ini file to specify the port to use. From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of
Manoussakis, Adamandios via Tech-talk Just to clarify some, how do you handle when you set CAS_SERVER_PORT to something different than CA_SERVER_PORT on the same machine when using CA-GATEWAY. When I set CAS_SERVER_PORT=5068 for example, the gateway server binds to it but also all IOCs will bind to this server port. Which seems like any client will try to talk to both the gateway and the IOCs if I set CA_SERVER_PORT to say
5068. If I change it to 5064 they wont communicate properly, since the IOCs will be bound to 5068. Is there a way to make sure that the IOCs all bind to say 5064 and the ca gateway binds to 5068? This seems more simple if I have clients coming from a different subnet and use the gateway to jump the subnet since port 5064 can be used
but with different IPs on the gateway setup. But feels like I am missing something when I try to do it on the same machine. If I am misunderstanding how the networking works any clarification would be helpful.
Thanks Adam From: Tech-talk <tech-talk-bounces at aps.anl.gov>
On Behalf Of Manoussakis, Adamandios via Tech-talk Hey All, I am trying to make sure I understand how the CA Gateway networking setup works for running all pieces on the same PC(VM). Below is my ENV variables list that I setup, I am just using the basic access list and pv list examples (although
I did have a question about the access/pvlist) export EPICS_CA_AUTO_ADDR_LIST=NO export EPICS_CA_ADDR_LIST=localhost export EPICS_CA_MAX_ARRAY_BYTES=800000 export EPICS_CAS_INTF_ADDR_LIST=localhost export EPICS_CA_SERVER_PORT=5064 export EPICS_CAS_SERVER_PORT=5065 My understanding is that the CAS port is listening for requests from a client (in this case Phoebus). I also am running Ralphs script to handle multiple IOCs on the same PC so UDP packets sent to 5064 are being echoed out on all ports
(I think I need to block whichever port the CAS Server Port in this NAT Rule to stop looping). Below is how I think the setup is supposed to work but I am unsure as I havnt been successful yet.
Access/PV List files question: I am using the example files and for the access file the DEFAULT is where all requests go that aren’t listed as UAG or HAG? ASG(DEFAULT) { RULE(1,READ) } For the Pvlist, the first 3 regex is this covering any PV name basically? Does the next regex like Beam:.* then subset out from All to only Allowing the Beam 1 user to access these particular ones? EVALUATION ORDER ALLOW, DENY [0-9].* ALLOW [a-z].* ALLOW [A-Z].* ALLOW Beam:.* ALLOW Beam 1 PS.* ALLOW PowerSupply 1 gateway:.*Flag ALLOW GatewayAdmin test.* DENY ps\([0-9]\) ALIAS PSCurrent\1.ai PowerSupply 1 WARNING: This email violated LLNL's email security policy and has been modified. If you would like a list of blocked file types or for more information please see: |
