Production PV Gateways

A list of the various LCLS, LCLS-II, FACET, and Test Facilities gateways managed by EED Systems Group.

Name	Purpose	PVs served	Host	CAS port	Beacon Port	Beacon sent to	Document/Comment	Upgrade Status
LCLS
gwEbeamServe	Serving LCLS PVs (Ebeam) to Photon	Readonly Write for selected PVs	lcls-daemon3	5080	5081	172.21.40.63 (Photon Gateway Subnet)	Design Admin Allow all Deny OTRS:DMP1:695:.*	Upgrade to 64-bit EPICS7 22 Aug 2019
gwEbeamServeWF	Serving LCLS PVs (Ebeam) to Photon	Readonly Write for selected PVs	lcls-daemon3	5079	5081	172.21.40.63 (Photon Gateway Subnet)	Deny all Allow OTRS:DMP1:695:.* (dedicated to serve XTCAV OTRDMP camera image PV)	Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLS4FACET	Serving LCLS PVs to FACET	Readonly	lcls-daemon10	5070	5069	172.27.75.255 (FACETCA)	Design Admin	Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLS4LCLSII	Serving LCLS PVs to LCLS-II	Read and Write	lcls-daemon10	5060	5069	172.27.131.255 ( LCLS2IOC) and 172.27.11.255 (MCCSRV		Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLSPUB	Serving LCLS PVs to public	Readonly	lcls-prod01	5068	5069	134.79.151.255 (DMZ)	Admin	Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLSARCH0	Serving LCLS and LCLS-II PVs to Archiver on DMZ	Readonly	lcls-prod01	5076	5069	134.79.151.255 (DMZ)	.* ALLOW (default) Deny a list refer gwLCLSARCH*.dat	Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLSARCH1	Serving LCLS and LCLS-II PVs to Archiver on DMZ	Readonly	lcls-prod01	5077	5069	134.79.151.255 (DMZ)	.* DENY Allow portion in the list refer gwLCLSARCH*.dat	Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLSARCH2	Serving LCLS and LCLS-II PVs to Archiver on DMZ	Readonly	lcls-prod01	5078	5069	134.79.151.255 (DMZ)	.* DENY Allow portion in the list refer gwLCLSARCH*.dat	Upgrade to 64-bit EPICS7 22 Aug 2019
gwLCLSARCH3	Serving LCLS and LCLS-II PVs to Archiver on DMZ	Readonly	lcls-prod01	5079	5069	134.79.151.255 (DMZ)	.* DENY Allow portion in the list refer gwLCLSARCH*.dat	Upgrade to 64-bit EPICS7 22 Aug 2019
LCLS-II
gwLCLSII4LCLS	Serving LCLS-II PVs to LCLS	Read and Write	lcls2-daemon10	5060	5069	172.27.3.255 ( LCLSIOC) and 172.27.11.255 (MCCSRV)		Upgrade to 64-bit EPICS7 22 Aug 2019
FACET
gwFACET4LCLS	Serving FACET PVs to LCLS	Readonly	facet-daemon1	5070	5069	172.27.11.255 (LCLSCA)	Design Admin	Upgrade to 64-bit EPICS7
gwFACETPUB	Serving FACET PVs to public	Readonly	lcls-prod01	5063	5069	134.79.151.255 (DMZ)	Design	Upgrade to 64-bit EPICS7 22 Aug 2019
gwEXP2FACET	Serving Fedora based PCOEdge Camera PVs in B244 to FACET controls	Readonly Write allowed from facet-srv20 to slac-dev-fed	lcls-prod01	5062	5069	facet-srv*: 172.27.72.28 172.27.72.22 172.27.72.23	Not in use currently	Upgrade to 64-bit EPICS7
gwFACETARCH	Serving FACET PVs to Archiver on DMZ	Readonly	lcls-prod01	5075	5069	134.79.151.255 (DMZ)	Allow all	Upgrade to 64-bit EPICS7 22 Aug 2019
Test Facilities
gwACCTESTPUB	Serving Test Facilities PV to public	Readonly	testfac-daemon2	5048	5049	134.79.219.255 (LCLSDEV)	doc	Upgrade to 64-bit EPICS7
Cryo
gwCRYO4LCLS	Serving Cryo PVs to LCLS	Read and Write	cryo-daemon1	5061	5069	172.27.43.255 172.27.11.255 134.79.151.21	.* ALLOW .* ALLOW CANWRITE	Upgrade to 64-bit EPICS7 22 Aug 2019

LCLS Gateway Test Procedures

lcls-daemon3

gwEbeamServe:

Change /etc/init.d/st.gwEbeamServe on lcls-daemon3 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwEbeamServe64

Restart gateway:

[laci@lcls-daemon3]$ /etc/init.d/st.gwEbeamServe restart

Verify that all LCLSIOC subnet PVs except for OTRS:DMP1:695:* PVs can be seen from Photon/PCDS subnet clients.

gwEbeamServeWF:

Change /etc/init.d/st.gwEbeamServeWF on lcls-daemon3 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwEbeamServeWF64

Restart gateway:

[laci@lcls-daemon3]$ /etc/init.d/st.gwEbeamServeWF restart

Verify that only OTRS:DMP1:695:* PVs can be seen from Photon/PCDS subnet clients.

lcls-daemon10

gwLCLS4FACET:

Change /etc/init.d/st.gwLCLS4FACET on lcls-daemon10 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwLCLS4FACET64

Restart gateway:

[laci@lcls-daemon10]$ /etc/init.d/st.gwLCLS4FACET restart

Verify that LCLSIOC subnet PVs can be seen from FACETCA subnet clients.

gwLCLS4LCLSII:

Change /etc/init.d/st.gwLCLS4LCLSII on lcls-daemon10 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwLCLS4LCLSII_64

Restart gateway:

[laci@lcls-daemon10]$ /etc/init.d/st.gwLCLS4LCLSII restart

Verify that LCLSIOC subnet PVs can be seen from LCLS2IOC subnet clients.

lcls-prod01

gwLCLSPUB:

Change /etc/init.d/st.gwLCLSPUB on lcls-prod01 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSPUB64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwLCLSPUB restart

Verify that LCLS production PVs can be seen when running lclshome on LCLSDEV/LCLSDMZ nodes (e.g., mcclogin).

gwLCLSARCH0:

Archiver Gateways should be stopped and restarted one at a time to independently verify that ACLs are working properly.

Change /etc/init.d/st.gwLCLSARCH0 on lcls-prod01 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSARCH0_64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwLCLSARCH0 restart

lcls-home->Network (Global)->PV Gateway Diag
Check /nfs/slac/g/lcls/tools/gateway/gwEbeamServe.log
Verify that the following PV patterns are archived in the LCLS Archiver according to the permissions below:

[laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwLCLSARCH0.dat
...
# allow everthing, deny patterns
EVALUATION ORDER ALLOW, DENY
.* ALLOW
^[A-Za-z0-9]+:UND1:.*    DENY
^[A-Za-z0-9]+:LTU1:.*    DENY
^[A-Za-z0-9]+:LTU0:.*    DENY
^[A-Za-z0-9]+:DMP1:.*    DENY
^[A-Za-z0-9]+:IN20:.*    DENY
^[A-Za-z0-9]+:BSY0:.*    DENY
^[A-Za-z0-9]+:BSYA:.*    DENY
^[A-Za-z0-9]+:MCC0:.*    DENY
^[A-Za-z0-9]+:SYS0:.*    DENY
^[A-Za-z0-9]+:LR20:.*    DENY
^[A-Za-z0-9]+:NEH:.*     DENY
^[A-Za-z0-9]+:NEH1:.*    DENY
^[A-Za-z0-9]+:FEH:.*     DENY
^[A-Za-z0-9]+:FEH1:.*    DENY
^[A-Za-z0-9]+:FEE1:.*    DENY
^[A-Za-z0-9]+:SYS2:.*    DENY
^[A-Za-z0-9]+:CLTH:.*    DENY
^[A-Za-z0-9]+:GUNB:.*    DENY
^[A-Za-z0-9]+:LGUN:.*    DENY
^[A-Za-z0-9]+:ALH2:.*    DENY
^[A-Za-z0-9]+:ALH0:.*    DENY
^[A-Za-z0-9]+:ACR0:.*    DENY
^[A-Za-z0-9]+:GBL0:.*    DENY
^[A-Za-z0-9]+:R02:.*     DENY
^[A-Za-z0-9]+:XRT1:.*    DENY

gwLCLSARCH1:

Archiver Gateways should be stopped and restarted one at a time to independently verify that ACLs are working properly.

Change /etc/init.d/st.gwLCLSARCH1 on lcls-daemon10 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSARCH1_64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwLCLSARCH1 restart

Verify that the following PV patterns are archived in the LCLS Archiver according to the permissions below:

[laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwLCLSARCH1.dat
...
# deny everything, allow the patterns 
# For every allow pattern here, we should have a deny pattern in gwLCLSARCH0.dat; otherwise we'll get duplicate PVs
EVALUATION ORDER DENY, ALLOW
.* DENY
^[A-Za-z0-9]+:UND1:.*    ALLOW
^[A-Za-z0-9]+:LTU1:.*    ALLOW
^[A-Za-z0-9]+:LTU0:.*    ALLOW
^[A-Za-z0-9]+:DMP1:.*    ALLOW
^[A-Za-z0-9]+:IN20:.*    ALLOW
^[A-Za-z0-9]+:BSY0:.*    ALLOW
^[A-Za-z0-9]+:BSYA:.*    ALLOW
GWLCLSARCH1:.*         ALLOW

gwLCLSARCH2:

Archiver Gateways should be stopped and restarted one at a time to independently verify that ACLs are working properly.

Change /etc/init.d/st.gwLCLSARCH2 on lcls-prod01 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSARCH2_64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwLCLSARCH2 restart

Verify that the following PV patterns are archived in the LCLS Archiver according to the permissions below:

[laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwLCLSARCH2.dat
...
# deny everything, allow the patterns 
# For every allow pattern here, we should have a deny pattern in gwLCLSARCH0.dat; otherwise we'll get duplicate PVs
EVALUATION ORDER DENY, ALLOW
.* DENY
^[A-Za-z0-9]+:MCC0:.*    ALLOW
^[A-Za-z0-9]+:SYS0:.*    ALLOW
^[A-Za-z0-9]+:LR20:.*    ALLOW
^[A-Za-z0-9]+:NEH:.*     ALLOW
^[A-Za-z0-9]+:NEH1:.*    ALLOW
^[A-Za-z0-9]+:FEH:.*     ALLOW
^[A-Za-z0-9]+:FEH1:.*    ALLOW
^[A-Za-z0-9]+:FEE1:.*    ALLOW
^[A-Za-z0-9]+:ALH0:.*    ALLOW 
^[A-Za-z0-9]+:ACR0:.*    ALLOW 
^[A-Za-z0-9]+:GBL0:.*    ALLOW 
^[A-Za-z0-9]+:R02:.*     ALLOW 
^[A-Za-z0-9]+:XRT1:.*    ALLOW 
GWLCLSARCH2:.*         ALLOW

gwLCLSARCH3:

Archiver Gateways should be stopped and restarted one at a time to independently verify that ACLs are working properly.

Change /etc/init.d/st.gwLCLSARCH3 on lcls-daemon10 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwLCLSARCH3_64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwLCLSARCH3 restart

Verify that the following PV patterns are archived in the LCLS Archiver according to the permissions below:

[laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwLCLSARCH3.dat
...
# deny everything, allow the patterns 
# For every allow pattern here, we should have a deny pattern in gwLCLSARCH0.dat; otherwise we'll get duplicate PVs
EVALUATION ORDER DENY, ALLOW
.* DENY
^[A-Za-z0-9]+:SYS2:.*    ALLOW
^[A-Za-z0-9]+:CLTH:.*    ALLOW
^[A-Za-z0-9]+:GUNB:.*    ALLOW
^[A-Za-z0-9]+:LGUN:.*    ALLOW
^[A-Za-z0-9]+:ALH2:.*    ALLOW
GWLCLSARCH3:.*         ALLOW

lcls2-daemon10

gwLCLSII4LCLS:

Change /etc/init.d/st.gwLCLSII4LCLS on lcls2-daemon10 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwLCLSII4LCLS64

Restart gateway:

[laci@lcls2-daemon10]$ /etc/init.d/st.gwLCLSII4LCLS restart

Verify that LCLS2IOC subnet PVs are readable and writable from LCLSIOC subnet clients.

FACET Gateway Test Procedures

facet-daemon1

gwFACET4LCLS:

Change /etc/init.d/st.gwFACET4LCLS on facet-daemon1 to use CMDPATH=/usr/local/facet/tools/gateway/script/st.gwFACET4LCLS64

Restart gateway:

[flaci@facet-daemon1]$ /etc/init.d/st.gwFACET4LCLS restart

Verify that FACETCA subnet PVs can be seen from LCLSIOC subnet clients.

lcls-prod01

gwFACETPUB:

Change /etc/init.d/st.gwFACETPUB on lcls-prod01 to use CMDPATH=/afs/slac/g/lcls/tools/gateway/script/st.gwFACETPUB64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwFACETPUB restart

Verify that FACETCA subnet PVs can be seen when running facethome on LCLSDEV/LCLSDMZ nodes (e.g., mcclogin).

gwEXP2FACET:

Change /etc/init.d/st.gwEXP2FACET on lcls-prod01 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwEXP2FACET64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwEXP2FACET restart

gwEXP2FACET not currently in use.

gwFACETARCH:

Change /etc/init.d/st.gwFACETARCH on lcls-daemon10 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwFACETARCH64

Restart gateway:

[laci@lcls-prod01]$ /etc/init.d/st.gwFACETARCH restart

Verify that the following PV patterns are archived in the FACET Archiver according to the permissions below:

[laci@lcls-prod01]$ cat $TOOLS/gateway/config/gwFACETARCH.dat
...
# support the gateway internal statistics
# Serve all FACET PVs 
.*  ALLOW

Test Facilities Gateway Test Procedures

testfac-daemon2

gwACCTESTPUB:

Change /etc/init.d/st.gwACCTESTPUB on testfac-daemon2 to use CMDPATH=/afs/slac/g/acctest/tools/gateway/script/st.gwACCTESTPUB64

Restart gateway:

[acctf@testfac-daemon2]$ /etc/init.d/st.gwACCTESTPUB restart

Verify that ACCTESTFAC subnet PVs can be seen when running xtahome on LCLSDEV/LCLSDMZ nodes (e.g., mcclogin).

Cryo Gateway Test Procedures

cryo-daemon1

gwCRYO4LCLS:

Change /etc/init.d/st.gwCRYO4LCLS on cryo-daemon1 to use CMDPATH=/usr/local/lcls/tools/gateway/script/st.gwCRYO4LCLS64

Restart gateway:

[laci@cryo-daemon1]$ /etc/init.d/st.gwCRYO4LCLS restart

Verify that CRYOSRV subnet PVs can be seen from LCLSIOC and LCLS2IOC subnet clients.

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.

Related issues