Linux PC¶
IDCP is an EPICS application that runs on an IOC <https://docs.epics-controls.org/en/latest/guides/EPICS_Intro.html?highlight=IOC#ioc-software-components>.
This document describes how to set up a PC with Linux for this IOC.
IDCP is tested on a Debian 12 (“bookworm”) Linux system.
HTTP Proxy settings¶
Hint
The following information is specific for the BESSY II site, see also Sites.
At the HZB networks, in order to be able to connect to debian repositories set the environment variables:
export http_proxy=http://proxy.blc.bessy.de:3128
export https_proxy=http://proxy.blc.bessy.de:3128
Basic setup¶
Download a netinst ISO file here or from this link:
Packages¶
Here is a set of commands to install all the required packages. Note that with this list you can not only run IDCP but also build IDCP:
sudo bash
apt-get install openssh-server
systemctl enable ssh
apt-get install apt-file
apt-file update
apt-get install bind9-host
apt-get install mercurial
apt-get install darcs
apt-get install wget
apt-get install python3-pip
apt-get install w3m
apt-get install neovim
apt-get install bash-completion
apt-get install rsync
apt-get install libpopt-dev
apt-get install re2c
apt-get install python3-yaml
apt-get install ripgrep
apt-get install fd-find
apt-get install python3-venv
apt-get install libyaml-libyaml-perl
apt-get install can-utils
apt-get install git
apt-get install ntp
apt-get install ntpstat
apt-get install ntpsec-ntpdate
apt-get install chrony
apt-get install procserv
apt-get install autofs
apt-get install sshfs
<ctrl-d>
NTP setup¶
The PC needs a working NTP setup for correct timestamps. Here we use “chrony”.
You can test if chrony is working with these commands:
chronyc sources
chronyc tracking
IOC user setup¶
The IOC should run as a specific user. I recomment to install a user “ioc” with these commands:
sudo groupadd -g 27000 iocs
sudo useradd ioc -g iocs -m -s /bin/bash -u 27001
sudo passwd ioc
The ioc user must have rights to start processes with real-time priorities. As root user create a file
/etc/security/limits.d/security-limits-softIOC.conf with this content:
ioc - rtprio unlimited
ioc - memlock unlimited
ioc - core unlimited
The ioc user also needs some sudo rights. Create file /etc/sudoers.d/ioc
with this content:
ioc ALL= NOPASSWD: /bin/systemctl restart ioc@*
ioc ALL= NOPASSWD: /bin/systemctl stop ioc@*
ioc ALL= NOPASSWD: /bin/systemctl start ioc@*
ioc ALL= NOPASSWD: /bin/systemctl status ioc@*
Access to remote file system¶
You usually want to store your files not locally on the Linux PC but on a file server.
Here I describe a method to do this with sshfs. You can, of course, also do this with NFS or Samba.
First you need a user “ioc” on your fileserver with the same user-id as the user “ioc” on your Linux PC.
You have to create an ssh key for user “ioc” without a passphrase on the Linux PC. This key must be added to file “$HOME/.ssh/authorized_keys” in the home of user “ioc” on the file server.
Now it should be possible to log from the PC on the fileserver with ssh, ensure that this works without the need to enter a password or passphrase:
ssh ioc@FILESERVER
Now add the ssh key of user “ioc” also to user “root”.
Warning
The following command overwrites files that may already exist in directory “.ssh” of user root.
sudo bash
cd $HOME
mkdir -p .ssh
cd .ssh
cp -a -i -b /home/ioc/.ssh/* .
<ctrl-d>
Hint
The server names in the following autofs configuration is specific for the BESSY II site, see also Sites.
Now configure sshfs for the automounter. In this example directory “/opt/IOC” on the file server is locally mounted on directory “/mnt/nfs-blc-IOC” on the Linux PC:
sudo bash
echo 'nfs-blc-IOC -fstype=fuse,rw,allow_other :sshfs\#ioc@nfs.blc.bessy.de\:/opt/IOC' > /etc/autofs.sshfs
echo "/mnt /etc/autofs.sshfs uid=$(id -u ioc),gid=$(id -g ioc),--timeout=60,--ghost" | sudo tee -a /etc/auto.master
sudo systemctl restart autofs
<ctrl-d>
Now test if everything works:
ls -l /mnt/nfs-blc-IOC
You should see the files from directory “/opt/IOC” on the server.
Install EPICS Base¶
This is done here in order to have the utilities:
caget
caput
camonitor
caRepeater
Prepare a directory:
sudo mkdir -p /opt/EPICS
sudo chown ioc:ioc /opt/EPICS
mkdir -p /opt/EPICS/3.15.9
cd /opt/EPICS/3.15.9
Download and build base:
wget https://epics.anl.gov/download/base/base-3.15.9.tar.gz
tar -xzf base-3.15.9.tar.gz
rm *.tar.gz
mv base-3.15.9 base
make -C base -sj install
Make base utilities available:
echo 'PATH=/opt/EPICS/3.15.9/base/bin/linux-x86_64:$PATH' >> $HOME/.bashrc
Set up caRepeater¶
Then enter:
sudo cp /opt/EPICS/3.15.9/base/bin/linux-x86_64/caRepeater.service /etc/systemd/system
sudo chmod 664 /etc/systemd/system/caRepeater.service
sudo systemctl daemon-reload
sudo systemctl enable caRepeater
sudo systemctl start caRepeater
Set up script directory¶
Enter:
sudo mkdir /opt/idcp-scripts
sudo chown ioc:ioc /opt/idcp-scripts
Now provided the idcp source code is at directory IDCP-DIR, copy the CAN Bus initialization script like this:
cp -a IDCP-DIR/scripts/idcp-init-pcan-builtin.sh /opt/idcp-scripts
Copy the IOC start script with this command:
cp -a IDCP-DIR/scripts/start-ioc.sh /opt/idcp-scripts
Note that this script expects the idcp application at directory
/opt/IOC/idcp/links/$1 where $1 is the idcp key, for example idcp12.
Set up CAN bus initialization¶
Copy the CAN Bus service file like this:
sudo cp -a IDCP-DIR/scripts/service/idcp-init-pcan-builtin.service /etc/systemd/system
sudo chmod 664 /etc/systemd/system/idcp-init-pcan-builtin.service
sudo systemctl daemon-reload
sudo systemctl enable idcp-init-pcan-builtin
sudo systemctl start idcp-init-pcan-builtin
Set up IOC autostart¶
Copy the IOC service file like this:
sudo cp -a IDCP-DIR/scripts/service/ioc@.service /etc/systemd/system
sudo chmod 664 /etc/systemd/system/ioc@.service
sudo systemctl daemon-reload
To enable the ioc you must know the idcp key. Here is an example for the UE48 undulator, which is “idcp12”:
sudo systemctl enable ioc@idcp12
sudo systemctl start ioc@idcp12
Console access¶
For now, you can access the IOC console with this command:
telnet localhost 12345
In order to leave the telnet session enter:
<ctrl-]>
q