On Sat, Oct 23, 2021 at 05:48:23PM +0200, Ben Franksen wrote: > Interesting, I didn't know you are from the accelerator community!
(Actually I have only been in this field for 2.5 years...) > I agree. BTW, another detail is the special handling of certain control > characters by procServ: ^X to restart the child, ^T to toggle auto-restart, > and the possibility to disable some others like ^C and especially ^D; which > is not only convenient but also avoids accidental restarts (people are used > to ^D meaning "exit the shell"). These functionalities would need to be (and would perhaps have better been) done outside of the `socat'/`recordio' pair, as separate commands (like `s6-svc -k ...' or `touch .../down') or wrappers. `socat' simply exits upon ^D/^C by default, so the IOC would not be hurt; I find this enough to prevent most user errors, therefore more filtering of control characters seems unnecessary. > Our approach uses a somewhat hybrid mixture of several components. Since the > OS is Debian we use systemd service units, one for each IOC. They are > executing `/usr/bin/unshare -u sethostname %i runuser -u ioc -- softIOC-run > %i` which fakes the host name to trick EPICS' Channel Access "Security" into > the proper behavior, and then drops privileges. softIOC-run is the script of > which I posted a simplified version, with the pipeline between procServ and > multilog. Despite the disadvantages explained by Laurent, so far this works > pretty well (I have never yet observed multilog to crash or otherwise > misbehave). Finally, the configuration for all IOCs (name, which host do > they run on, path to the startup script) all reside in a small database and > there are scripts to automatically install everything, including automatic > enabling and disabling of the service units. Frankly I find the above a little over-complicated, even discounting the part about CA security which we do not yet involve. I think you might be going to find our paper (after publication; it is to be submitted the next week) interesting in simplifying IOC management. -- My current OpenPGP key: RSA4096/0x227E8CAAB7AA186C (expires: 2022.09.20) 7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C