-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
30 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,60 +1,41 @@ | ||
| # beamline bl01t IOC Instances and Services | ||
|
|
||
| This repository holds the a definition of beamline bl01t IOC Instances and services. Each sub folder of the `services` directory contains a helm chart for a specific service or IOC. | ||
| This repository holds the a definition of beamline bl01t IOC Instances and services. It is a example of how to deploy epics-containers IOCs using docker compose for those facilities that are not using Kubernetes. It also serves as a local test environment for a set of IOCs. | ||
|
|
||
| NOTE: in order to take advantage of version control, you must deploy these services using the edge-containers-cli. This will ensure that the services are deployed from a specific tag of this repository and that the version number is recorded in the cluster. | ||
| The top level compose.yml file represents a set of IOCs that would be deployed to a single IOC server. | ||
|
|
||
| See https://github.com/epics-containers/edge-containers-cli for more information. | ||
| For this example we have a single compose file. However, if you wanted to keep all IOCs for a beamline in a single repo but deploy to multiple servers, then each server would have its own named compose file. | ||
|
|
||
| ## updating to docker compose | ||
| ## deploying IOCs | ||
|
|
||
| This is an experimental 'beamline' that is demonstrating use of compose | ||
| to replace our home grown `ec` deployment tool and make the configuation | ||
| To deploy IOCs to a server, clone this repo and run the following command from the repo root: | ||
|
|
||
| - more widely understood | ||
| - far more flexible | ||
| ```bash | ||
| docker-compose --profile deploy up --detach | ||
| ``` | ||
|
|
||
| # compose goals | ||
| or for a multiple server repo: | ||
| ```bash | ||
| docker-compose --profile deploy -f my_server_01.yml up --detach | ||
| ``` | ||
|
|
||
| To launch a development environment on a workstation, including phoebus: | ||
| ```bash | ||
| UIDGID=0:0 COMPOSE_PROFILE=develop docker-compose up | ||
| ``` | ||
| (UIDGID should be 0:0 for podman and your user id/gid for docker) | ||
|
|
||
| ## compose goals | ||
|
|
||
| These goals for switching to compose have all been met: | ||
|
|
||
| - be as DRY as possible | ||
| - work with podman-compose as well as docker-compose | ||
| - work with docker-compose controlling either docker or podman | ||
| - enable isolated testing where PVs are not availble to the whole subnet | ||
| - include profiles for: | ||
| - local testing - including phoebus | ||
| - include separate profiles for: | ||
| - local testing - including phoebus OPI | ||
| - deployment to a beamline server - this would need either: | ||
| - network host on the IOCs | ||
| - a ca-gateway | ||
| - structure so that there is a compose file per server | ||
|
|
||
| # difficulties | ||
|
|
||
| To make this work for both podman and docker you can share the network | ||
| namespace between all IOCs and phoebus. Not a great solution. | ||
| use `channel_access` network in bl01t-ea-test-01. | ||
| add `network_mode: service:bl01t-ea-test-01`. | ||
| this run phoebus inside the container | ||
| podman does not need the shared network namespace and I believe this | ||
| is because all containers have the same IP but docker containers | ||
| are bridged to each other via NAT. | ||
| perhaps the tidiest solution is to run phoebus inside for podman | ||
| and with host=net for docker. Again I'm not too sure why this works for docker, | ||
| but certainly docker container IPs are routable (and broadcastable) from the | ||
| host and apparently this means all ports are open to the host. | ||
| The key issue with CA is that the search response contains a random PORT | ||
| for the virtual circuit to be set up and this random port has no range | ||
| constraints I can find - thus you cannot use port openning to enable | ||
| the virtual circuit creation | ||
| see https://docs.epics-controls.org/en/latest/internal/ca_protocol.html#overall-server-operation | ||
| An additional thorn is that running X11 forwarding to inside a container | ||
| network works for both podman/docker on ubuntu but is failing on DLS workstations | ||
| with podman. | ||
| THUS I HAVE NO SOLUTION FOR DLS WORKSTATIONS. | ||
|
|
||
| summary of likely approaches: | ||
|
|
||
| - docker: | ||
| - run phoebus with host network | ||
| - podman: | ||
| - try to get x11 working in a container at DLS and use that | ||
| - or use net host for IOCs like we used to but make it easy to pick | ||
| a different EPICS_CA_SERVER_PORT | ||
| - remove need for custom code/scripts to deploy/manage the IOCs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters