Skip to content

Commit

Permalink
Merge pull request #10 from epics-containers/aug-update
Browse files Browse the repository at this point in the history
update all services to latest container image versions
  • Loading branch information
gilesknap authored Aug 23, 2024
2 parents 50e6e4f + ce1f50b commit 3bc9002
Show file tree
Hide file tree
Showing 15 changed files with 235 additions and 7 deletions.
48 changes: 48 additions & 0 deletions opi/phoebus-launch.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#!/bin/bash

# A launcher for the phoebus container that allows X11 forwarding

thisdir=$(realpath $(dirname ${BASH_SOURCE[0]}))
workspace=$(realpath ${thisdir}/..)

if [[ $(docker --version 2>/dev/null) == *Docker* ]]; then
docker=docker
else
docker=podman
args="--security-opt=label=type:container_runtime_t"
fi

XSOCK=/tmp/.X11-unix # X11 socket (but we mount the whole of tmp)
XAUTH=/tmp/.container.xauth.$USER
touch $XAUTH
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
chmod 777 $XAUTH

x11="
-e DISPLAY
-v $XAUTH:$XAUTH
-e XAUTHORITY=$XAUTH
--net host
"

args=${args}"
-it
"

export MYHOME=/home/${USER}
# mount in your own home dir in same folder for access to external files
mounts="
-v=/tmp:/tmp
-v=${MYHOME}/.ssh:/root/.ssh
-v=${MYHOME}:${MYHOME}
-v=${workspace}:/workspace
"

# settings for p47
settings="
-resource /workspace/opi/p47-beamline.opi
-settings /workspace/opi/settings.ini
"

set -x
$docker run ${mounts} ${args} ${x11} ghcr.io/epics-containers/ec-phoebus:latest ${settings} "${@}"
2 changes: 2 additions & 0 deletions opi/settings.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# bl47p-ea-serv-01.diamond.ac.uk
org.phoebus.pv.ca/addr_list=172.23.242.47
4 changes: 2 additions & 2 deletions services/.ioc_template/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ ioc-instance:
# this adds tools and compilers to the container so you
# can experiment in the cluster to fix the issue
#
# image: ghcr.io/epics-containers/ioc-adsimdetector-developer:2024.4.1
# image: ghcr.io/epics-containers/ioc-adsimdetector-developer:2024.9.1

# 2. override the entry point to be a sleep infinity
# this means you can now use 'ec exec' to get a shell
Expand All @@ -18,4 +18,4 @@ ioc-instance:
# is fixed.
#
# startCommand: sleep
# startArgs: infinity
# startArgs: infinity
2 changes: 1 addition & 1 deletion services/bl47p-ea-dcam-01/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://github.com/epics-containers/ec-helm-charts/releases/download/3.4.4/ioc-instance.schema.json#/$defs/service

ioc-instance:
image: ghcr.io/epics-containers/ioc-adaravis-runtime:2024.7.2b1
image: ghcr.io/epics-containers/ioc-adaravis-runtime:2024.9.1
2 changes: 1 addition & 1 deletion services/bl47p-ea-dcam-02/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://github.com/epics-containers/ec-helm-charts/releases/download/3.4.4/ioc-instance.schema.json#/$defs/service

ioc-instance:
image: ghcr.io/epics-containers/ioc-adaravis-runtime:2024.7.2b1
image: ghcr.io/epics-containers/ioc-adaravis-runtime:2024.9.1
2 changes: 1 addition & 1 deletion services/bl47p-ea-panda-01/values.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# yaml-language-server: $schema=https://github.com/epics-containers/ec-helm-charts/releases/download/3.4.4/ioc-instance.schema.json#/$defs/service

ioc-instance:
image: ghcr.io/pandablocks/pandablocks-ioc:0.5.0
image: ghcr.io/pandablocks/pandablocks-ioc:0.9.0
iocConfig: /epics/ioc
2 changes: 1 addition & 1 deletion services/bl47p-mo-ioc-01/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# yaml-language-server: $schema=https://github.com/epics-containers/ec-helm-charts/releases/download/3.4.4/ioc-instance.schema.json#/$defs/service

ioc-instance:
image: ghcr.io/epics-containers/ioc-pmac-runtime:2024.8.1
image: ghcr.io/epics-containers/ioc-pmac-runtime:2024.9.1
7 changes: 7 additions & 0 deletions services/cagateway/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# A Helm Chart for a ca-gateway service
# This is hard coded into the module right now TODO: make a oci chart for this
apiVersion: v2
name: ec-gateway
version: 1.0.0

type: application
59 changes: 59 additions & 0 deletions services/cagateway/compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# When deploying IOCs to a server with docker, the choice is:
#
# 1. Use host network so their PVs available on the subnet
# 2. Run a ca-gateway on each server and add all servers to client's
# EPICS_CA_ADDR_LIST
#
# at present the only available option for podman is to use host network

services:

# ca-gateway for development #################################################

ca-gateway: &ca-gateway

image: ghcr.io/epics-containers/docker-ca-gateway:2.1.3ec1

expose:
- 5064-5065/udp
- 5064-5065

ports:
# bind to localhost to isolate channel access to this host only
- 127.0.0.1:5064:5064/udp
- 127.0.0.1:5064-5065:5064-5065

restart: unless-stopped

networks:
channel_access:
ipv4_address: 172.20.255.254

configs:
- source: ca-gateway_config
target: /config

command: -cip 172.20.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1

profiles:
- develop

# per server ca-gateway for deployment #######################################
ca-gateway-deploy:

<<: *ca-gateway

ports:
# TODO - drop the IP address but also set up pvlist to make sure there
# are no loops - I need to look into safe config for per server ca-gateways
- 127.0.0.1:5064:5064/udp
- 127.0.0.1:5064-5065:5064-5065

command: -cip 172.20.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1

profiles:
- deploy

configs:
ca-gateway_config:
file: ./config
6 changes: 6 additions & 0 deletions services/cagateway/config/access
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# See /EPICS/extensions/src/gateway/GATEWAY.access for more detailed example

ASG(DEFAULT) {
RULE(1,READ)
RULE(1,WRITE)
}
9 changes: 9 additions & 0 deletions services/cagateway/config/pvlist
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# See /EPICS/extensions/src/gateway/GATEWAY.pvlist for more detailed example

EVALUATION ORDER ALLOW, DENY

BL47P.* ALLOW

# [0-9].* ALLOW
# [a-z].* ALLOW
# [A-Z].* ALLOW
10 changes: 10 additions & 0 deletions services/cagateway/templates/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config
labels:
app: {{ .Release.Name }}
data:

# contents of the ioc instance config folder
{{ (.Files.Glob "config/*").AsConfig | indent 2 }}
86 changes: 86 additions & 0 deletions services/cagateway/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ .Release.Name }}
enabled: 'true'
ioc_group: p47
is_ioc: 'true'
location: bl47p
name: {{ .Release.Name }}
namespace: p47-beamline
spec:
replicas: 1
selector:
matchLabels:
app: {{ .Release.Name }}
template:
metadata:
creationTimestamp: null
labels:
app: {{ .Release.Name }}
ioc_group: p47
is_ioc: 'true'
location: bl47p
rollme: goWO0
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beamline
operator: In
values:
- bl47p
containers:
- command:
- bash
args:
- "-c"
- "/epics/gateway -sport 9064 -cip 172.23.255.255 -pvlist /config/pvlist -access /config/access -log /dev/stdout -debug 1"
env:
- name: IOC_NAME
value: {{ .Release.Name }}
- name: IOC_LOCATION
value: bl47p
- name: IOC_GROUP
value: p47
image: {{ .Values.image }}
imagePullPolicy: Always
name: {{ .Release.Name }}
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
stdin: true
tty: true
volumeMounts:
- mountPath: /config
name: config-volume
hostNetwork: true
restartPolicy: Always
terminationGracePeriodSeconds: 3
tolerations:
- effect: NoSchedule
key: beamline
operator: Equal
value: bl47p
- effect: NoSchedule
key: location
operator: Equal
value: bl47p
- effect: NoSchedule
key: nodetype
operator: Equal
value: training-rig
volumes:
- configMap:
defaultMode: 420
name: {{ .Release.Name }}-config
name: config-volume
1 change: 1 addition & 0 deletions services/cagateway/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
image: ghcr.io/epics-containers/docker-ca-gateway-debug:2.1.3ec1
2 changes: 1 addition & 1 deletion services/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ global:
ioc-instance:
# useHostNetwork - use host network for IOC - required for Channel Access
# to work outside of the cluster
hostNetwork: true
hostNetwork: false

# affinity and tolerations to get the right nodes on pollux
securityContext:
Expand Down

0 comments on commit 3bc9002

Please sign in to comment.