add gateways service

opi/phoebus-launch.sh

@@ -2,63 +2,49 @@
 
 # A launcher for the phoebus container that allows X11 forwarding
 
-thisdir=$(realpath $(dirname ${BASH_SOURCE[0]}))
-workspace=$(realpath ${thisdir}/..)
-
-if module load phoebus 2>/dev/null; then
-    echo "Using phoebus module"
-
-    # settings for p99
-    settings="
-    -resource ${workspace}/opi/p99-beamline.opi
-    -settings ${workspace}/opi/settings.ini
+# To customise for your own kubernetes namespace change the following variables
+OPIS_IP=172.23.177.192          # IP address of the epics-opis service
+GATEWAYS_IP=172.23.177.194      # IP address of the gateways service
+SYNOPTIC=p99-beamline.bob
+
+# These should not need to be changed:
+CA=9064 PVA=9065
+
+if [[ -n $TUNNEL ]]; then
+    echo "
+    For Tunnel to $GATEWAYS_IP run this command in another terminal:-
+    ssh -L $CA:$GATEWAYS_IP:$CA -L $PVA:$GATEWAYS_IP:$PVA ${FED_ID:-_FedId_}@${DLS_WS:-_Workstation_} sleep 99d
     "
+    GATEWAYS_IP=localhost
+fi
 
-    set -x
-    phoebus.sh ${settings} "${@}"
+# decide on docker or podman based on what is available
+if [[ $(docker --version 2>/dev/null) == *Docker* && -z $PODMAN ]]; then
+    docker=docker
+    args="--user $(id -u):$(id -g) "
+    xhost +SI:localuser:$(id -un) # allow local user uid to access X11 server
 else
-    echo "No phoebus module found, using a container"
-
-    if [[ $(docker --version 2>/dev/null) == *Docker* ]]; then
-        docker=docker
-    else
-        docker=podman
-        args="--security-opt=label=type:container_runtime_t"
-    fi
-
-    XSOCK=/tmp/.X11-unix # X11 socket (but we mount the whole of tmp)
-    XAUTH=/tmp/.container.xauth.$USER
-    touch $XAUTH
-    xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
-    chmod 777 $XAUTH
-
-    x11="
-    -e DISPLAY
-    -v $XAUTH:$XAUTH
-    -e XAUTHORITY=$XAUTH
-    --net host
-    "
+    docker=podman
+fi
 
-    args=${args}"
-    -it
-    "
 
-    export MYHOME=/home/${USER}
-    # mount in your own home dir in same folder for access to external files
-    mounts="
-    -v=/tmp:/tmp
-    -v=${MYHOME}/.ssh:/root/.ssh
-    -v=${MYHOME}:${MYHOME}
-    -v=${workspace}:/workspace
-    "
+x11="-e DISPLAY -v /tmp:/tmp --net=host"
+args+="--rm --name phoebus --security-opt label=disable"
+args+=" -v $(realpath $(dirname $0)):/workspace/"
 
-    # settings for p99
-    settings="
-    -resource /workspace/opi/p99-beamline.opi
-    -settings /workspace/opi/settings.ini
-    "
+echo "
+org.phoebus.pv.pva/epics_pva_name_servers=$GATEWAYS_IP:$PVA
+org.phoebus.pv.ca/name_servers=$GATEWAYS_IP:$CA
+" > /tmp/settings.ini
 
-    set -x
-    $docker run ${mounts} ${args} ${x11} ghcr.io/epics-containers/ec-phoebus:latest ${settings} "${@}"
+# settings for p47
+settings="
+-resource http://$OPIS_IP/$SYNOPTIC
+-settings /tmp/settings.ini
+"
 
-fi
+echo "Starting phoebus container ..."
+set -x
+$docker run ${args} ${x11} \
+  ghcr.io/epics-containers/ec-phoebus:latest \
+  ${settings} "${@}" &> /tmp/phoebus.log &

services/bl99p-mo-ioc-01/values.yaml

@@ -1,6 +1,6 @@
 # yaml-language-server: $schema=https://github.com/epics-containers/ec-helm-charts/releases/download/3.4.4/ioc-instance.schema.json#/$defs/service
 ioc-instance:
-  image: ghcr.io/epics-containers/ioc-pmac-release:2024.11.1
+  image: ghcr.io/epics-containers/ioc-pmac-runtime:2024.11.1
 
   # NOTE: the following are suggestions to help with debugging IOCs
   # 1. replace the runtime container with the developer version

services/cagateway/Chart.yaml → services/gateways/Chart.yaml

@@ -1,7 +1,7 @@
 # A Helm Chart for a ca-gateway service
 # This is hard coded into the module right now TODO: make a oci chart for this
 apiVersion: v2
-name: ec-gateway
+name: ec-gateways
 version: 1.0.0
 
 type: application

services/gateways/README.md

@@ -0,0 +1,9 @@
+# gateways
+
+PVA and CA gateway services running in two containers in a single pod, with single service exposing both on different ports.
+
+To deploy this (for now - eventually we should have a oci helm chart for these):
+
+```bash
+helm upgrade --install gateways services/gateways
+```

services/gateways/config/README.md

@@ -0,0 +1,3 @@
+Default configuration for the gateways.
+
+Mount this folder as a configMap over /config to override these defaults.

services/gateways/config/get_ioc_ips.py

@@ -0,0 +1,55 @@
+#!/usr/bin/env python
+
+"""
+Prints a list of cluster IPs of IOCs running in the current namespace.
+"""
+
+import argparse
+
+from kubernetes import client, config
+
+
+def get_ioc_ips(v1: client.CoreV1Api):
+    """Get the list cluster IPs of IOCs running in a namespace
+
+    Args:
+        v1: kubernetes client
+        namespace: namespace to get the IOCs from
+    """
+    ips = set()
+
+    # get the current namespace
+    ns_path = "/var/run/secrets/kubernetes.io/serviceaccount/namespace"
+    with open(ns_path) as f:
+        current_namespace = f.read().strip()
+
+    # get the pods in the namespace
+    ret = v1.list_namespaced_pod(current_namespace)
+    for pod in ret.items:
+        if "is_ioc" in pod.metadata.labels:
+            ips.add(pod.status.pod_ip)
+
+    return ips
+
+
+def main():
+    args = parse_args()
+
+    # configure K8S and make a Core API client
+    config.load_incluster_config()
+    v1 = client.CoreV1Api()
+
+    ips = get_ioc_ips(v1)
+    ip_str = args.sep.join(ips)
+
+    print(ip_str)
+
+
+def parse_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--sep", type=str, default=" ")
+    return parser.parse_args()
+
+
+if __name__ == "__main__":
+    main()

services/gateways/config/pvagw.template

@@ -0,0 +1,34 @@
+/* pvagw configuration template
+ *
+ * requires replacement of IOC server address list for gw client side
+ * and SERVER PORT for gw server side
+ *
+ */
+{
+    "version":2,
+    "readOnly":false,
+    "clients":[
+        {
+            "name":"theclient",
+            "provider":"pva",
+            "addrlist":"PVA_ADDR_LIST",
+            "autoaddrlist":false,
+            "serverport":5075,
+            "bcastport":5076
+        }
+    ],
+    "servers":[
+        {
+            "name":"theserver",
+            "clients":["theclient"],
+            /* "interface":["127.0.0.1"], */
+            /* "addrlist":"127.255.255.255", */
+            "autoaddrlist":false,
+            "serverport":PVA_SERVER_PORT,
+            /* "bcastport":5076, */
+            "statusprefix":"sts:"
+            /* "access":"some.acf", */
+            /* "pvlist":"some.pvlist", */
+        }
+    ]
+}

services/gateways/config/start-ca.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# IP lists for IOCS (blank if get_ioc_ips.py fails)
+export IPS="$(python3 /config/get_ioc_ips.py)"
+export EPICS_CA_ADDR_LIST=${IPS:-127.0.0.1}
+
+# PORTS for CA and PVA
+export CA_SERVER_PORT=${CA_SERVER_PORT:-5064}
+export PVA_SERVER_PORT=${PVA_SERVER_PORT:-5075}
+
+# DEBUGGING
+CA_DEBUG=${CA_DEBUG:-0}
+PVA_DEBUG=${PVA_DEBUG:-0}
+
+# don't pass -cip if EPICS_CA_AUTO_ADDR_LIST is YES
+if [[ EPICS_CA_AUTO_ADDR_LIST == "NO" ]]; then
+  cip="-cip ${EPICS_CA_ADDR_LIST}"
+fi
+
+# start the CA Gateway
+/epics/ca-gateway/bin/linux-x86_64/gateway -sport ${CA_SERVER_PORT} $cip \
+   -pvlist /config/pvlist -access /config/access \
+   -log /dev/stdout -debug ${CA_DEBUG:-0}

services/gateways/config/start-pva.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# IP lists for IOCS (blank if get_ioc_ips.py fails)
+export IPS="$(python3 /config/get_ioc_ips.py)"
+export EPICS_PVA_ADDR_LIST=${IPS:-127.0.0.1}
+export EPICS_CA_ADDR_LIST=${IPS:-127.0.0.1}
+
+# PORTS for CA and PVA
+export CA_SERVER_PORT=${CA_SERVER_PORT:-5064}
+export PVA_SERVER_PORT=${PVA_SERVER_PORT:-5075}
+
+# DEBUGGING
+CA_DEBUG=${CA_DEBUG:-0}
+PVA_DEBUG=${PVA_DEBUG:-0}
+
+# fix up the templated pva gateway config
+cat /config/pvagw.template |
+  sed \
+    -e "s/PVA_ADDR_LIST/${EPICS_PVA_ADDR_LIST}/" \
+    -e "s/PVA_SERVER_PORT/${PVA_SERVER_PORT}/" \
+    > /tmp/pvagw.config
+
+# background the PVA Gateway
+pvagw /tmp/pvagw.config