From 1d4b8873e8c9984b9e04f27a8f011190c73ec6df Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Sat, 29 Jun 2024 09:08:22 +0100 Subject: [PATCH] update readme --- README.md | 71 ++++++++++++++++++------------------------------- include/ioc.yml | 4 +++ 2 files changed, 30 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 46fec50..68de4c8 100644 --- a/README.md +++ b/README.md @@ -1,60 +1,41 @@ # beamline bl01t IOC Instances and Services -This repository holds the a definition of beamline bl01t IOC Instances and services. Each sub folder of the `services` directory contains a helm chart for a specific service or IOC. +This repository holds the a definition of beamline bl01t IOC Instances and services. It is a example of how to deploy epics-containers IOCs using docker compose for those facilities that are not using Kubernetes. It also serves as a local test environment for a set of IOCs. -NOTE: in order to take advantage of version control, you must deploy these services using the edge-containers-cli. This will ensure that the services are deployed from a specific tag of this repository and that the version number is recorded in the cluster. + The top level compose.yml file represents a set of IOCs that would be deployed to a single IOC server. -See https://github.com/epics-containers/edge-containers-cli for more information. + For this example we have a single compose file. However, if you wanted to keep all IOCs for a beamline in a single repo but deploy to multiple servers, then each server would have its own named compose file. -## updating to docker compose +## deploying IOCs -This is an experimental 'beamline' that is demonstrating use of compose -to replace our home grown `ec` deployment tool and make the configuation +To deploy IOCs to a server, clone this repo and run the following command from the repo root: -- more widely understood -- far more flexible +```bash +docker-compose --profile deploy up --detach +``` -# compose goals +or for a multiple server repo: +```bash +docker-compose --profile deploy -f my_server_01.yml up --detach +``` + +To launch a development environment on a workstation, including phoebus: +```bash +UIDGID=0:0 COMPOSE_PROFILE=develop docker-compose up +``` +(UIDGID should be 0:0 for podman and your user id/gid for docker) + +## compose goals + +These goals for switching to compose have all been met: - be as DRY as possible -- work with podman-compose as well as docker-compose +- work with docker-compose controlling either docker or podman - enable isolated testing where PVs are not availble to the whole subnet -- include profiles for: - - local testing - including phoebus +- include separate profiles for: + - local testing - including phoebus OPI - deployment to a beamline server - this would need either: - network host on the IOCs - a ca-gateway - structure so that there is a compose file per server - -# difficulties - -To make this work for both podman and docker you can share the network -namespace between all IOCs and phoebus. Not a great solution. - use `channel_access` network in bl01t-ea-test-01. - add `network_mode: service:bl01t-ea-test-01`. -this run phoebus inside the container - podman does not need the shared network namespace and I believe this - is because all containers have the same IP but docker containers - are bridged to each other via NAT. -perhaps the tidiest solution is to run phoebus inside for podman -and with host=net for docker. Again I'm not too sure why this works for docker, -but certainly docker container IPs are routable (and broadcastable) from the -host and apparently this means all ports are open to the host. -The key issue with CA is that the search response contains a random PORT -for the virtual circuit to be set up and this random port has no range -constraints I can find - thus you cannot use port openning to enable -the virtual circuit creation -see https://docs.epics-controls.org/en/latest/internal/ca_protocol.html#overall-server-operation -An additional thorn is that running X11 forwarding to inside a container -network works for both podman/docker on ubuntu but is failing on DLS workstations -with podman. -THUS I HAVE NO SOLUTION FOR DLS WORKSTATIONS. - -summary of likely approaches: - -- docker: - - run phoebus with host network -- podman: - - try to get x11 working in a container at DLS and use that - - or use net host for IOCs like we used to but make it easy to pick - a different EPICS_CA_SERVER_PORT +- remove need for custom code/scripts to deploy/manage the IOCs diff --git a/include/ioc.yml b/include/ioc.yml index 453e74d..b4502f9 100644 --- a/include/ioc.yml +++ b/include/ioc.yml @@ -2,6 +2,10 @@ # # For use with 'extends' in each individual IOC service description +include: + - networks.yml + - volumes.yml + services: # linux IOCs that run in a container ##########################################