Re: logging services with shell interaction

From: Ben Franksen <>
Date: Sun, 24 Oct 2021 22:36:06 +0200

Am 23.10.21 um 18:40 schrieb Casper Ti. Vector:
> On Sat, Oct 23, 2021 at 05:48:23PM +0200, Ben Franksen wrote:
>> I agree. BTW, another detail is the special handling of certain control
>> characters by procServ: ^X to restart the child, ^T to toggle auto-restart,
>> and the possibility to disable some others like ^C and especially ^D; which
>> is not only convenient but also avoids accidental restarts (people are used
>> to ^D meaning "exit the shell").
> These functionalities would need to be (and would perhaps have better
> been) done outside of the `socat'/`recordio' pair, as separate commands
> (like `s6-svc -k ...' or `touch .../down') or wrappers. `socat' simply
> exits upon ^D/^C by default, so the IOC would not be hurt; I find this
> enough to prevent most user errors, therefore more filtering of control
> characters seems unnecessary.

Sure, there may be other solutions, it's just another one of those
details that need to be taken care of somehow.

>> Our approach uses a somewhat hybrid mixture of several components. Since the
>> OS is Debian we use systemd service units, one for each IOC. They are
>> executing `/usr/bin/unshare -u sethostname %i runuser -u ioc -- softIOC-run
>> %i` which fakes the host name to trick EPICS' Channel Access "Security" into
>> the proper behavior, and then drops privileges. softIOC-run is the script of
>> which I posted a simplified version, with the pipeline between procServ and
>> multilog. Despite the disadvantages explained by Laurent, so far this works
>> pretty well (I have never yet observed multilog to crash or otherwise
>> misbehave). Finally, the configuration for all IOCs (name, which host do
>> they run on, path to the startup script) all reside in a small database and
>> there are scripts to automatically install everything, including automatic
>> enabling and disabling of the service units.
> Frankly I find the above a little over-complicated, even discounting the
> part about CA security which we do not yet involve. I think you might
> be going to find our paper (after publication; it is to be submitted the
> next week) interesting in simplifying IOC management.

I am looking forward to it. You may want to post a link when it's done,
here or on the EPICS mailing list.

I would rather have questions that cannot be answered, than answers that
cannot be questioned.  -- Richard Feynman
Received on Sun Oct 24 2021 - 22:36:06 CEST

This archive was generated by hypermail 2.4.0 : Sun Oct 24 2021 - 22:36:43 CEST