From: "Casper Ti. Vector" <caspervector@gmail.com>
To: supervision@list.skarnet.org
Subject: Re: logging services with shell interaction
Date: Sun, 24 Oct 2021 00:40:10 +0800 [thread overview]
Message-ID: <YXQ66sbHJ/FqdAIR@CasperVector> (raw)
In-Reply-To: <sl1as7$loi$1@ciao.gmane.io>
On Sat, Oct 23, 2021 at 05:48:23PM +0200, Ben Franksen wrote:
> Interesting, I didn't know you are from the accelerator community!
(Actually I have only been in this field for 2.5 years...)
> I agree. BTW, another detail is the special handling of certain control
> characters by procServ: ^X to restart the child, ^T to toggle auto-restart,
> and the possibility to disable some others like ^C and especially ^D; which
> is not only convenient but also avoids accidental restarts (people are used
> to ^D meaning "exit the shell").
These functionalities would need to be (and would perhaps have better
been) done outside of the `socat'/`recordio' pair, as separate commands
(like `s6-svc -k ...' or `touch .../down') or wrappers. `socat' simply
exits upon ^D/^C by default, so the IOC would not be hurt; I find this
enough to prevent most user errors, therefore more filtering of control
characters seems unnecessary.
> Our approach uses a somewhat hybrid mixture of several components. Since the
> OS is Debian we use systemd service units, one for each IOC. They are
> executing `/usr/bin/unshare -u sethostname %i runuser -u ioc -- softIOC-run
> %i` which fakes the host name to trick EPICS' Channel Access "Security" into
> the proper behavior, and then drops privileges. softIOC-run is the script of
> which I posted a simplified version, with the pipeline between procServ and
> multilog. Despite the disadvantages explained by Laurent, so far this works
> pretty well (I have never yet observed multilog to crash or otherwise
> misbehave). Finally, the configuration for all IOCs (name, which host do
> they run on, path to the startup script) all reside in a small database and
> there are scripts to automatically install everything, including automatic
> enabling and disabling of the service units.
Frankly I find the above a little over-complicated, even discounting the
part about CA security which we do not yet involve. I think you might
be going to find our paper (after publication; it is to be submitted the
next week) interesting in simplifying IOC management.
--
My current OpenPGP key:
RSA4096/0x227E8CAAB7AA186C (expires: 2022.09.20)
7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C
next prev parent reply other threads:[~2021-10-23 16:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 8:59 Ben Franksen
2021-10-19 23:27 ` Laurent Bercot
2021-10-20 7:53 ` Ben Franksen
2021-10-20 18:01 ` Casper Ti. Vector
2021-10-23 15:48 ` Ben Franksen
2021-10-23 16:40 ` Casper Ti. Vector [this message]
2021-10-24 20:36 ` Ben Franksen
2022-04-22 10:40 ` Casper Ti. Vector
2023-06-22 17:16 ` Casper Ti. Vector
2023-06-23 11:48 ` Ben Franksen
2023-06-23 12:30 ` Casper Ti. Vector
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YXQ66sbHJ/FqdAIR@CasperVector \
--to=caspervector@gmail.com \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).