From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 30708 invoked from network); 23 Oct 2021 16:40:23 -0000
Received: from alyss.skarnet.org (95.142.172.232)
  by inbox.vuxu.org with ESMTPUTF8; 23 Oct 2021 16:40:23 -0000
Received: (qmail 10322 invoked by uid 89); 23 Oct 2021 16:40:49 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
Sender: <supervision@list.skarnet.org>
Precedence: bulk
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Id: <supervision.list.skarnet.org>
Received: (qmail 10315 invoked from network); 23 Oct 2021 16:40:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:date:to:subject:message-id:mail-followup-to:references
         :mime-version:content-disposition:in-reply-to;
        bh=vG+cE4fG8jRLzRMtcX17RhyStE2can2z4OryX0LPJPY=;
        b=NetLbZOzEc0vxiVFP05MEqsm7KdJnIuuunw7seFIT1Zl9HQSgtUKDwrMcKDuj1Wnw5
         0TwEX85uDACsl8NROoHYLMjU/2dchrlzaMrhnU3JxRWq+WGi7TJlsKHW2Pbrd4VsxYDD
         nRInD7YuXZpV/3ZkrEpXgRyY20/CJeiFCNVTKGYY65bsPZDFcORUE6SImQr5/ZfapW8X
         O6lTwVsRM6fYLhX58WwdrgRUiBfYyiy+mjp7tsEhOH2RNqFBUw6gZDYohiNsuS2u//Iq
         Egx5HGptyKbfiCG0rnbLLIHdlL+S1bzBXBiMiZ/Bio2jUomPsJ+XLf5FhLMRdc7eCMIL
         QY1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:date:to:subject:message-id:mail-followup-to
         :references:mime-version:content-disposition:in-reply-to;
        bh=vG+cE4fG8jRLzRMtcX17RhyStE2can2z4OryX0LPJPY=;
        b=vvCb+QD7mFq+Ip0JNuIdA6psBTXq18e31CsMTPF71SM+BmN2V6cXMVFW55WVfvzWag
         Z0SMWs34taD+xyQhxWSAt3FagUspiuJ2jj8BsuCw1bzS8KMk8ijOZckvhIj0yY6OdNQH
         6GkY4M4rMAi5QaqrTy55aK6v6uBn/PSM6zVA1XwLBYbJGz6w4aFJfuuP2sCDKAVpi46P
         4Eum5mVj6J/4UkWOJBgS1qO0Y3FOgKMSmtmmOelCnmcIGaA1r4vhPRhChusZV5cx5W8U
         ki8N0eghqlAAb3IYXWAcvI/t4ltWag0+JnuFluk4bJCZU6rSxyZgZQDivNBVaqfV5v5A
         D7zw==
X-Gm-Message-State: AOAM530sPtyb3kDAIP7NHg/R31A7j3HguUVMkln20hW+tJywCiU2hapa
	+6T2g8QpYPgETcu53XZNZLKqR97tdmh6Cw==
X-Google-Smtp-Source: ABdhPJw8S8gjm0oPpDBCw59AY9KkSuuNi9ToaModQPxTr9rdSFPK2evbJgzetZxbajCc2iFeOGv7fg==
X-Received: by 2002:a17:90a:e57:: with SMTP id p23mr7923575pja.154.1635007220539;
        Sat, 23 Oct 2021 09:40:20 -0700 (PDT)
From: "Casper Ti. Vector" <caspervector@gmail.com>
X-Google-Original-From: "Casper Ti. Vector" <CasperVector@gmail.com>
Date: Sun, 24 Oct 2021 00:40:10 +0800
To: supervision@list.skarnet.org
Subject: Re: logging services with shell interaction
Message-ID: <YXQ66sbHJ/FqdAIR@CasperVector>
Mail-Followup-To: supervision@list.skarnet.org
References: <skm1ef$nq9$1@ciao.gmane.io>
 <emba464994-2a6f-4713-af9e-68f4e93b785a@elzian>
 <skohum$a4l$1@ciao.gmane.io>
 <YXBZeTL4uBncSDl/@CasperVector>
 <sl1as7$loi$1@ciao.gmane.io>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <sl1as7$loi$1@ciao.gmane.io>

On Sat, Oct 23, 2021 at 05:48:23PM +0200, Ben Franksen wrote:
> Interesting, I didn't know you are from the accelerator community!

(Actually I have only been in this field for 2.5 years...)

> I agree. BTW, another detail is the special handling of certain control
> characters by procServ: ^X to restart the child, ^T to toggle auto-restart,
> and the possibility to disable some others like ^C and especially ^D; which
> is not only convenient but also avoids accidental restarts (people are used
> to ^D meaning "exit the shell").

These functionalities would need to be (and would perhaps have better
been) done outside of the `socat'/`recordio' pair, as separate commands
(like `s6-svc -k ...' or `touch .../down') or wrappers.  `socat' simply
exits upon ^D/^C by default, so the IOC would not be hurt; I find this
enough to prevent most user errors, therefore more filtering of control
characters seems unnecessary.

> Our approach uses a somewhat hybrid mixture of several components. Since the
> OS is Debian we use systemd service units, one for each IOC. They are
> executing `/usr/bin/unshare -u sethostname %i runuser -u ioc -- softIOC-run
> %i` which fakes the host name to trick EPICS' Channel Access "Security" into
> the proper behavior, and then drops privileges. softIOC-run is the script of
> which I posted a simplified version, with the pipeline between procServ and
> multilog. Despite the disadvantages explained by Laurent, so far this works
> pretty well (I have never yet observed multilog to crash or otherwise
> misbehave). Finally, the configuration for all IOCs (name, which host do
> they run on, path to the startup script) all reside in a small database and
> there are scripts to automatically install everything, including automatic
> enabling and disabling of the service units.

Frankly I find the above a little over-complicated, even discounting the
part about CA security which we do not yet involve.  I think you might
be going to find our paper (after publication; it is to be submitted the
next week) interesting in simplifying IOC management.

-- 
My current OpenPGP key:
RSA4096/0x227E8CAAB7AA186C (expires: 2022.09.20)
7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C