a new production environment for lcls controls system n.
Skip this Video
Loading SlideShow in 5 Seconds..
A New Production Environment for LCLS Controls System PowerPoint Presentation
Download Presentation
A New Production Environment for LCLS Controls System

Loading in 2 Seconds...

play fullscreen
1 / 12

A New Production Environment for LCLS Controls System - PowerPoint PPT Presentation

  • Uploaded on

A New Production Environment for LCLS Controls System. Ernest and Jingchen. Migrated to Standalone Production Environment. Why needed? Wide open and vulnerable Dependent on SCCS services Not for production No 24/7 support Beyond our control Standalone?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'A New Production Environment for LCLS Controls System' - chione

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
migrated to standalone production environment
Migrated to Standalone Production Environment
  • Why needed?
    • Wide open and vulnerable
    • Dependent on SCCS services
      • Not for production
      • No 24/7 support
      • Beyond our control
  • Standalone?
    • The LCLS controls systems hosted on a secure and private network designed for production – CA network (Channel Access network)
    • All the services required by the controls system provided by MCC instead of SCCS
  • The goal:
    • To improve the reliability
    • To improve the security
    • To improve the performance
  • What missing: Transparency
services provided with ca
Services Provided with CA
  • NFS: file server for applications and data
  • DHCP: bootp for network setting
  • TFTP: loading up the kernel
  • NTP: time synchronization
  • DNS: “phone book” for network
  • NIS: Authentication server for account management (in progress)
  • Matlab License Server
  • A cluster of application servers: daemons, elog, archivers, high level apps and etc.
  • A cluster of OPIs: operational consoles
  • Software packages: required to build controls applications
  • Automated patching system
  • Backup/Restore
  • Network and system monitoring and diagnosis
  • User support
  • etc.
lcls prod02 the gateway to ca
lcls-prod02: the Gateway to CA
  • lcls-prod02
    • A public machine on DMZ network
    • Access to CA via lcls-prod02
    • Access to the public via lcls-prod02
  • Log in lcls-prod02
    • From any public node in SLAC, e.g., your office desktop
    • ssh lcls-prod02
      • No password needed if RSA set properly
      • Valid tokens:
        • type “tokens” to verify
        • kinit
lcls srv01 your host on ca
lcls-srv01: Your Host on CA
  • lcls-srv01
    • On CA network
    • Served by our services
  • Shared accounts
    • physics: a shared account for physicists
    • lclsops: a shared account for operations (e.g., operators in MCC)
  • How to get to CA?
    • from lcls-prod02
    • ssh physics@lcls-srv01
      • No password needed if RSA set properly
        • on lcls-prod02, type “ssh-keygen –t rsa”,
        • responds all prompts with Return
        • ask KenB to authorize you for access
    • You are in the world of CA: lclshome, matlab, lclsarch, and etc.
opis your operational consoles on ca
OPIs: Your Operational Consoles on CA
  • lcls-opi1[-4]
    • On CA network
    • In MCC, formerly called Kiosks
  • lcls-opi5[-x]
    • On CA network
    • In sectors
  • All are operations consoles and for production only
  • Log in as lclsops
    • No more AFS token issue
    • Login session always kept on unless power outage
    • Production environment properly set
  • Completely independent of SCCS services
    • No direct access to any public resources: email, WEB, your AFS home directory
    • Log in lcls-prod02 if needed for public resources
in the ca world
In the CA World …
  • lclshome, matlab, lclsarch, SCP button, and etc.
  • Software release
    • Developed in public AFS/NFS, CVS repository in AFS
    • Remote cvs

$ export CVSROOT=:ext:<username>@lcls-prod02:/afs/slac/g/lcls/cvs

$ cvs co <module>

$ cvs commit

  • A quick and dirty release if not in CVS

$ scp <username>@lcls-prod02:/<path>/<filename> .

No push from DMZ to CA for now

  • Public resource access
    • $ ssh <username>@lcls-prod02
      • WEB: firefox
      • Other applications in AFS
      • Your SLAC $HOME directory in AFS: /afs/slac/u/<group>/<username>
bash only
bash only
  • tcsh: SLAC default login shell
    • $HOME/.login
    • $HOME/.cshrc
  • bash: CA default login shell
    • $HOME/.bash_profile
    • $HOME/.bashrc

. /usr/local/lcls/epics/setup/epicsReset.bash

. /usr/local/lcls/tools/matlab/setup/matlabSetup.bash

  • Shell scripts:

#!/bin/bash -norc

production data
Production Data
  • /u1/lcls

[physics@lcls-srv01 ~]$ ls /u1/lcls

alh cmlog epics matlab physics slc sr_info tools

  • Transparent to all nodes on CA as R/W
    • OPIs
    • IOCs
  • Visible to nodes on DMZ as R Only
    • e.g., ssh lcls-prod02 from your office desktop
    • ls /mccfs2/u1/lcls
  • Availability to the public via protocols like http is under study
  • Data buffer
    • Any incremental data at high rate
      • Only reasonable amount of data kept online on CA
      • Old data will be staged over to SCCS for final storage in /nfs/slac/g/lcls
    • Log files trimmed on a regular basis
    • Other type of data kept online as long as needed
application filesystems
Application Filesystems
  • /usr/local/lcls
  • Transparent to all nodes on CA as R/W
  • Not visible to any node on public networks, including DMZ
  • Areas for physicists:
    • /usr/local/lcls/physics for applications
    • /u1/lcls/physics for data files
    • /home/physics – home directory for physics
the goal
The Goal
  • Robust
  • Secure
  • Optimized