Versions Compared

Old Version 10

changes.mady.by.user Pascual, Patrick James

Saved on

compared with

New Version 11

changes.mady.by.user Pascual, Patrick James

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A list of the various LCLS, LCLS-II, FACET, and Test Facilities gateways managed by EED Systems Group.

 

NamePurpose PVs served Host
CAS port
Beacon Port
Beacon sent to Document/Comment
LCLS
gwEbeamServe

Serving LCLS PVs (Ebeam) to Photon

Readonly

Write for selected PVs

lcls-daemon350805081

172.21.40.63

(Photon Gateway Subnet)

Design

Admin

Allow all

Deny OTRS:DMP1:695:.*

gwEbeamServeWF

Serving LCLS PVs (Ebeam) to Photon

Readonly

Write for selected PVs

lcls-daemon350795081

172.21.40.63

(Photon Gateway Subnet)

Deny all

Allow OTRS:DMP1:695:.*

(dedicated to serve XTCAV OTRDMP camera image PV)

gwLCLS4FACETServing LCLS PVs to FACETReadonlylcls-daemon1050705069

172.27.75.255

(FACETCA)

Design

Admin

gwLCLS4LCLSIIServing LCLS PVs to LCLS-IIRead and Writelcls-daemon1050605069172.27.131.255 ( LCLS2IOC) and 172.27.11.255 (MCCSRV 
gwLCLSPUBServing LCLS PVs to publicReadonlylcls-prod0150685069

134.79.151.255

(DMZ)

Admin

gwLCLSARCH0Serving LCLS and LCLS-II PVs to Archiver on DMZReadonlylcls-prod0150765069

134.79.151.255

(DMZ)

.* ALLOW (default)

Deny a list

refer gwLCLSARCH*.dat

 

 

gwLCLSARCH1Serving LCLS and LCLS-II PVs to Archiver on DMZReadonlylcls-prod0150775069

134.79.151.255

(DMZ)

.* DENY

Allow portion in the list

refer gwLCLSARCH*.dat

gwLCLSARCH2Serving LCLS and LCLS-II PVs to Archiver on DMZReadonlylcls-prod0150785069

134.79.151.255

(DMZ)

.* DENY

Allow portion in the list

refer gwLCLSARCH*.dat

gwLCLSARCH3Serving LCLS and LCLS-II PVs to Archiver on DMZReadonlylcls-prod0150795069

134.79.151.255

(DMZ)

.* DENY

Allow portion in the list

refer gwLCLSARCH*.dat

LCLS-II
gwLCLSII4LCLSServing LCLS-II PVs to LCLSRead and Writelcls2-daemon1050605069172.27.3.255 ( LCLSIOC) and 172.27.11.255 (MCCSRV) 
FACET
gwFACET4LCLSServing FACET PVs to LCLSReadonlyfacet-daemon150705069

172.27.11.255

(LCLSCA)

Design

Admin

gwFACETPUBServing FACET PVs to publicReadonlylcls-prod0150635069

134.79.151.255

(DMZ)

 Design
gwEXP2FACETServing Fedora based PCOEdge Camera PVs in B244 to FACET controls

Readonly

Write allowed from facet-srv20 to slac-dev-fed

lcls-prod0150625069

facet-srv*:

172.27.72.28 172.27.72.22 172.27.72.23

Not in use currently
gwFACETARCHServing FACET PVs to Archiver on DMZReadonlylcls-prod0150755069

134.79.151.255

(DMZ)

Allow all

 

Test Facilities
gwACCTESTPUBServing Test Facilities PV to publicReadonlytestfac-daemon250485049

134.79.219.255

(LCLSDEV)

doc

...

  1. Change /etc/init.d/st.gwLCLSPUB on lcls-prod01 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSPUB64

  2. Restart gateway:

    Code Block
    languagebash
    themeMidnight
    [laci@lcls-prod01]$ /etc/init.d/st.gwLCLSPUB restart
  3. Verify that LCLS production PVs can be seen when running lclshome on LCLSDEV/LCLSDMZ nodes (e.g., mcclogin).

gwLCLSARCH0:

Note
titleArchiver Gateways

Archiver Gateways should be stopped and restarted one at a time to independently verify that ACLs are working properly.

  1. Change /etc/init.d/st.gwLCLSARCH0 on lcls-prod01 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSARCH0_64

  2. Restart gateway:

    Code Block
    languagebash
    themeMidnight
    [laci@lcls-prod01]$ /etc/init.d/st.gwLCLSARCH0 restart

  3. Verify that LCLSIOC and LCLS2IOC PVs except for the following that the PV patterns are being archived in the LCLS Archiver according to the permissions below:

    Code Block
    languagebash
    themeMidnight
    linenumberstrue
    [laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwLCLSARCH0.dat
...
# allow everthing, deny patterns
EVALUATION ORDER ALLOW, DENY
.* ALLOW
^[A-Za-z0-9]+:UND1:.*    DENY
^[A-Za-z0-9]+:LTU1:.*    DENY
^[A-Za-z0-9]+:LTU0:.*    DENY
^[A-Za-z0-9]+:DMP1:.*    DENY
^[A-Za-z0-9]+:IN20:.*    DENY
^[A-Za-z0-9]+:BSY0:.*    DENY
^[A-Za-z0-9]+:BSYA:.*    DENY
^[A-Za-z0-9]+:MCC0:.*    DENY
^[A-Za-z0-9]+:SYS0:.*    DENY
^[A-Za-z0-9]+:LR20:.*    DENY
^[A-Za-z0-9]+:NEH:.*     DENY
^[A-Za-z0-9]+:NEH1:.*    DENY
^[A-Za-z0-9]+:FEH:.*     DENY
^[A-Za-z0-9]+:FEH1:.*    DENY
^[A-Za-z0-9]+:FEE1:.*    DENY
^[A-Za-z0-9]+:SYS2:.*    DENY
^[A-Za-z0-9]+:CLTH:.*    DENY
^[A-Za-z0-9]+:GUNB:.*    DENY
^[A-Za-z0-9]+:LGUN:.*    DENY
^[A-Za-z0-9]+:ALH2:.*    DENY
^[A-Za-z0-9]+:ALH0:.*    DENY
^[A-Za-z0-9]+:ACR0:.*    DENY
^[A-Za-z0-9]+:GBL0:.*    DENY
^[A-Za-z0-9]+:R02:.*     DENY
^[A-Za-z0-9]+:XRT1:.*    DENY

gwLCLSARCH1:

Note
titleArchiver Gateways

Archiver Gateways should be stopped and restarted one at a time to independently verify that ACLs are working properly.

  1. Change /etc/init.d/st.gwLCLS4LCLSIIgwLCLSARCH1 on lcls-daemon10 to use CMDPATH=/usrafs/slac/localg/lcls/tools/gateway/script/st.gwLCLS4LCLSIIgwLCLSARCH1_64

  2. Restart gateway:

    Code Block
    languagebash
    themeMidnight
    [laci@lcls-prod01]$ /etc/init.d/st.gwLCLS4LCLSIIgwLCLSARCH1 restart

  3. Verify

    that LCLS PVs can be seen from LCLS2IOC subnet clients.

...

  1. that the PV patterns are archived in the LCLS Archiver according to the permissions below:

    Code Block
    languagebash
    themeMidnight
    [laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwLCLSARCH1.dat
...
# deny everything, allow the patterns 
# For every allow pattern here, we should have a deny pattern in gwLCLSARCH0.dat; otherwise we'll get duplicate PVs
EVALUATION ORDER DENY, ALLOW
.* DENY
^[A-Za-z0-9]+:UND1:.*    ALLOW
^[A-Za-z0-9]+:LTU1:.*    ALLOW
^[A-Za-z0-9]+:LTU0:.*    ALLOW
^[A-Za-z0-9]+:DMP1:.*    ALLOW
^[A-Za-z0-9]+:IN20:.*    ALLOW
^[A-Za-z0-9]+:BSY0:.*    ALLOW
^[A-Za-z0-9]+:BSYA:.*    ALLOW
GWLCLSARCH1:.*         ALLOW

gwLCLSARCH2:

  1. Change /etc/init.d/st.gwLCLS4LCLSII on lcls-daemon10 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwLCLS4LCLSII_64

  2. Restart gateway:

    Code Block
    languagebash
    themeMidnight
    [laci@lcls-daemon10]$ /etc/init.d/st.gwLCLS4LCLSII restart
  3. Verify that LCLS PVs can be seen from LCLS2IOC subnet clients.

...