Merge pull request #16 from epics-containers/configurable-net

Make EPICS CA PORTS and the network subnet configurable

.env

@@ -0,0 +1,17 @@
+# Environment variables for the EPICS IOC ports. Pick unique values
+# to allow multiple compose beamlines to run on the same host.
+EPICS_CA_SERVER_PORT=5094
+EPICS_CA_REPEATER_PORT=5095
+EPICS_PVA_SERVER_PORT=5105
+
+# unique subnet for this compose project, broadcast must match the subnet
+CA_SUBNET=170.200.0.0/16
+CA_BROADCAST=170.200.255.255
+
+# EPICS name server configuration - do not change
+EPICS_PVA_NAME_SERVERS=localhost:${EPICS_PVA_SERVER_PORT}
+EPICS_CA_NAME_SERVERS=localhost:${EPICS_CA_SERVER_PORT}
+
+# clients outside of containers should use this address list
+# to access local containers with this configuration and with default ports too
+EPICS_CA_ADDR_LIST="127.0.0.1:${EPICS_PVA_SERVER_PORT} 127.0.0.1:5064"

.gitignore

@@ -9,3 +9,8 @@ venv*
 # and is created at runtime by IOCs using PVI
 opi/auto-generated/*
 !opi/auto-generated/README.md
+
+# these files are generated from templates
+# when sourcing environment.sh
+services/pvagw/config/pvagw.config
+services/phoebus/config/settings.ini

compose.yaml

@@ -27,3 +27,22 @@ include:
 
   # deploy profile only
   - services/epics-opis/compose.yml
+
+services:
+  init:
+    image: ubuntu
+    security_opt:
+      - label=disable
+    restart: never
+    volumes:
+      - .:/workspace
+    command: /bin/bash -c "/workspace/include/init.sh"
+    environment:
+      - EPICS_CA_SERVER_PORT
+      - EPICS_CA_REPEATER_PORT
+      - EPICS_PVA_SERVER_PORT
+      - CA_SUBNET
+      - CA_BROADCAST
+      - EPICS_PVA_NAME_SERVERS
+      - EPICS_CA_NAME_SERVERS
+      - EPICS_CA_ADDR_LIST

environment.sh

@@ -7,7 +7,6 @@
 # docker compose may be backed by podman or docker container engines, see
 # https://epics-containers.github.io/main/tutorials/setup_workstation.html.
 
-
 # This script must be sourced
 if [ "$0" = "$BASH_SOURCE" ]; then
     echo "ERROR: Please source this script (source ./environment.sh)"
@@ -29,7 +28,6 @@ else
     unset DOCKER_HOST
     docker=docker
 fi
-
 echo using $docker as container engine
 
 # ensure local container users can access X11 server
@@ -39,7 +37,7 @@ xhost +SI:localuser:$(id -un)
 
 # set user id for the phoebus container for easy X11 forwarding.
 export UIDGID=$USER_ID:$USER_GID
-# choose test profile for docker compose
+# default to the test profile for docker compose
 export COMPOSE_PROFILES=test
 # for test profile our ca-gateway publishes PVS on the loopback interface
 export EPICS_CA_ADDR_LIST=127.0.0.1

include/init.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+root=$(realpath $(dirname $0)/..)
+
+echo "setting up configuration file for pva gateway"
+
+cat $root/services/pvagw/config/pvagw.template |
+  sed -e "s/172.20.255.255/$CA_BROADCAST/g" \
+      -e "s/5075/$EPICS_PVA_SERVER_PORT/g" > \
+      $root/services/pvagw/config/pvagw.config
+
+echo "setting up configuration file for phoebus"
+
+cat $root/services/phoebus/config/settings.template |
+  sed -e "s/5064/$EPICS_CA_SERVER_PORT/g" \
+      -e "s/5065/$EPICS_CA_REPEATER_PORT/g" \
+      -e "s/5075/$EPICS_PVA_SERVER_PORT/g" > \
+      $root/services/phoebus/config/settings.ini

include/ioc.yml

@@ -26,6 +26,9 @@ services:
       IOC_LOCATION: localhost
       BEAMLINE: bl01t
       IOC_GROUP: bl01t
+      EPICS_CA_SERVER_PORT: ${EPICS_CA_SERVER_PORT}
+      EPICS_CA_REPEATER_PORT: ${EPICS_CA_REPEATER_PORT}
+      EPICS_PVA_SERVER_PORT: ${EPICS_PVA_SERVER_PORT}
 
     tty: true
     stdin_open: true
@@ -39,9 +42,6 @@ services:
 
     networks:
       - channel_access
-    expose:
-      - "5064-5065/udp"
-      - "5064-5065"
 
   # proxy services that each manage an RTEMS hard IOC ##########################
   rtems_ioc:

include/networks.yml

@@ -1,7 +1,6 @@
 networks:
   channel_access:
-    name: "channel_access"
     ipam:
       driver: default
       config:
-        - subnet: "172.20.0.0/16"
+        - subnet: "${CA_SUBNET}"

opi/demo.bob

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--Saved on 2024-07-30 13:33:45 by root-->
+<!--Saved on 2024-12-02 19:37:07 by root-->
 <display version="2.0.0">
   <name>Example IOCs</name>
   <width>388</width>
@@ -372,47 +372,6 @@
       <tooltip>$(text)</tooltip>
     </widget>
   </widget>
-  <widget type="image" version="2.0.0">
-    <name>Image</name>
-    <pv_name>BL01T-DI-CAM-01:ARR:ArrayData</pv_name>
-    <x>396</x>
-    <y>36</y>
-    <width>670</width>
-    <height>670</height>
-    <show_toolbar>true</show_toolbar>
-    <x_axis>
-      <visible>false</visible>
-      <title>SimDetector Image</title>
-      <minimum>0.0</minimum>
-      <maximum>1024.0</maximum>
-      <title_font>
-        <font name="Default Bold" family="Liberation Sans" style="BOLD" size="14.0">
-        </font>
-      </title_font>
-      <scale_font>
-        <font name="Default" family="Liberation Sans" style="REGULAR" size="14.0">
-        </font>
-      </scale_font>
-    </x_axis>
-    <y_axis>
-      <visible>false</visible>
-      <title>Y</title>
-      <minimum>0.0</minimum>
-      <maximum>1024.0</maximum>
-      <title_font>
-        <font name="Default Bold" family="Liberation Sans" style="BOLD" size="14.0">
-        </font>
-      </title_font>
-      <scale_font>
-        <font name="Default" family="Liberation Sans" style="REGULAR" size="14.0">
-        </font>
-      </scale_font>
-    </y_axis>
-    <data_width>1024</data_width>
-    <data_height>1024</data_height>
-    <unsigned>true</unsigned>
-    <cursor_crosshair>true</cursor_crosshair>
-  </widget>
   <widget type="group" version="3.0.0">
     <name>Autogenerated Engineering Screens</name>
     <macros>
@@ -579,4 +538,45 @@
       <y>77</y>
     </widget>
   </widget>
+  <widget type="image" version="2.0.0">
+    <name>Image_1</name>
+    <pv_name>pva://BL01T-DI-CAM-01:PVA:OUTPUT</pv_name>
+    <x>402</x>
+    <y>36</y>
+    <width>670</width>
+    <height>670</height>
+    <show_toolbar>true</show_toolbar>
+    <x_axis>
+      <visible>false</visible>
+      <title>SimDetector Image</title>
+      <minimum>0.0</minimum>
+      <maximum>1024.0</maximum>
+      <title_font>
+        <font name="Default Bold" family="Liberation Sans" style="BOLD" size="14.0">
+        </font>
+      </title_font>
+      <scale_font>
+        <font name="Default" family="Liberation Sans" style="REGULAR" size="14.0">
+        </font>
+      </scale_font>
+    </x_axis>
+    <y_axis>
+      <visible>false</visible>
+      <title>Y</title>
+      <minimum>0.0</minimum>
+      <maximum>1024.0</maximum>
+      <title_font>
+        <font name="Default Bold" family="Liberation Sans" style="BOLD" size="14.0">
+        </font>
+      </title_font>
+      <scale_font>
+        <font name="Default" family="Liberation Sans" style="REGULAR" size="14.0">
+        </font>
+      </scale_font>
+    </y_axis>
+    <data_width>1024</data_width>
+    <data_height>1024</data_height>
+    <unsigned>true</unsigned>
+    <cursor_crosshair>true</cursor_crosshair>
+  </widget>
 </display>

services/bl01t-di-cam-01/config/ioc.yaml

@@ -22,6 +22,7 @@ entities:
       dbpf BL01T-DI-CAM-01:ARR:EnableCallbacks 1
       dbpf BL01T-DI-CAM-01:PROC:EnableCallbacks 1
       dbpf BL01T-DI-CAM-01:ROI:EnableCallbacks 1
+      dbpf BL01T-DI-CAM-01:PVA:EnableCallbacks 1
       dbpf BL01T-DI-CAM-01:DET:Acquire 1
 
   - type: ADCore.NDROI

services/gateway/compose.yml

@@ -15,17 +15,18 @@ services:
 
     image: ghcr.io/epics-containers/docker-ca-gateway:2.1.3ec1
 
-    expose:
-      - 5064-5065/udp
-      - 5064-5065
-
     security_opt:
       - label=disable
 
     ports:
       # bind to localhost to isolate channel access to this host only
-      - 127.0.0.1:5064:5064/udp
-      - 127.0.0.1:5064-5065:5064-5065
+      - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT}/udp
+      - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT}
+      - 127.0.0.1:${EPICS_CA_REPEATER_PORT}:${EPICS_CA_REPEATER_PORT}
+
+    environment:
+      EPICS_CA_SERVER_PORT: ${EPICS_CA_SERVER_PORT}
+      EPICS_CA_REPEATER_PORT: ${EPICS_CA_REPEATER_PORT}
 
     restart: unless-stopped
 
@@ -36,7 +37,7 @@ services:
       - source: ca-gateway_config
         target: /config
 
-    command: -cip 172.20.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1
+    command: -cip ${CA_BROADCAST} -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1
 
     profiles:
       - test
@@ -62,10 +63,11 @@ services:
 
     ports:
     # TODO - I need to look into safe config for per server ca-gateways
-    - 127.0.0.1:5064:5064/udp
-    - 127.0.0.1:5064-5065:5064-5065
+      - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT}/udp
+      - 127.0.0.1:${EPICS_CA_SERVER_PORT}:${EPICS_CA_SERVER_PORT}
+      - 127.0.0.1:${EPICS_CA_REPEATER_PORT}:${EPICS_CA_REPEATER_PORT}
 
-    command: -cip 172.20.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1
+    command: -cip ${CA_BROADCAST} -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1
 
     profiles:
       - deploy

services/phoebus/compose.yml

@@ -5,14 +5,17 @@ services:
   phoebus:
     container_name: phoebus
     image: ghcr.io/epics-containers/ec-phoebus:4.7.3ec2
+    depends_on:
+      - init
     environment:
       DISPLAY: $DISPLAY
+      UIDGID: ${UIDGID:-0:0} # defaults to working with rootless
+
     tty: true
     # pick a server port for phoebus so it does not reconnect to existing phoebus
     command: phoebus-product/phoebus.sh -settings /config/settings.ini -resource /opi/demo.bob -server 7010
     volumes:
       - /tmp/.X11-unix:/tmp/.X11-unix
-      - ~/.Xauthority:/root/.Xauthority
       - ../../opi:/opi
       - ../../..:/workspaces
 

services/phoebus/config/settings.template

@@ -0,0 +1,6 @@
+# using localhost for channel access to isolate it to the host for development
+org.phoebus.pv.ca/addr_list=127.0.0.1:5064
+org.phoebus.pv.ca/server_port=5064
+org.phoebus.pv.ca/repeater_port=5065
+org.phoebus.pv.pva/server_port=5075
+org.phoebus.pv.pva/epics_pva_name_servers=127.0.0.1:5075

services/pvagw/compose.yml

@@ -9,14 +9,18 @@ services:
 
     image: ghcr.io/epics-containers/ec-p4p:4.1.12ec1
 
-    expose:
-      - 5076/udp
-      - 5075
+    depends_on:
+      - init
+
+    security_opt:
+      - label=disable
 
     ports:
-      # bind to localhost to isolate channel access to this host only
-      - 127.0.0.1:5076:5076/udp
-      - 127.0.0.1:5075:5075
+      - 127.0.0.1:${EPICS_PVA_SERVER_PORT}:${EPICS_PVA_SERVER_PORT}
+
+    environment:
+      - EPICS_PVA_SERVER_PORT=${EPICS_PVA_SERVER_PORT}
+      - EPICS_PVAS_SERVER_PORT=${EPICS_PVA_SERVER_PORT}
 
     restart: unless-stopped
 
@@ -30,10 +34,8 @@ services:
     command: -c "pvagw /config/pvagw.config --debug"
 
     profiles:
-    # PVAcess cannot set up channels into a container yet, so we are using
-    # ndstdarrys instead of ndpva for now
-    # https://github.com/epics-base/pvAccessCPP/issues/197
-      - removed
+      - test
+      - dev
 
   # per server pvagw for deployment #############################################
   pvagw-deploy:
@@ -42,8 +44,7 @@ services:
 
     ports:
     # TODO investigate how to configure this for deployment
-    - 127.0.0.1:5076:5076/udp
-    - 127.0.0.1:5075:5075
+      - 127.0.0.1:${EPICS_PVA_SERVER_PORT}:${EPICS_PVA_SERVER_PORT}
 
     command: -c "pvagw /config/pvagw.config"