[Lerftest-ctrls] LERF access changes for Monday Dec 10th and near future

Bianchini, Carolina carolina at slac.stanford.edu
Sat Dec 8 00:48:01 EST 2018 

Sorry Wesley, just read this email but you have the PV, it is already up and running:)
Let me know if you need anything else.
Thanks,
Carolina
From: Lerftest-ctrls <lerftest-ctrls-bounces at jlab.org> On Behalf Of Wesley Moore
Sent: Friday, December 7, 2018 11:28 AM
To: lerftest-ctrls at jlab.org
Subject: [Lerftest-ctrls] LERF access changes for Monday Dec 10th and near future


All,



We've got to start applying the changes required to put in engineered controls over remote write-access.  Recall the 4 areas we have to address are:

  *   PLC logic
  *   FPGA firmware
  *   IOC/application code
  *   Channel Access



Changes planned for Monday:

  *   Option to use PLC mode switch to restrict remote editing (switch settings: run/rem/prog).

     *   (CAROLINA) I'd like to have a PV readback for this tag as soon as possible.

  *   Restrict filesystem write-access to lclsapp1 and lclsapp2 only.  This may require reboots on VDI hosts and control room to ensure read-only NFS.
  *   Access to lclsapp1/2 will start be granted by request.

     *   To handle this, we have to move/remove the ssh keys for softegr and laci.
     *   After being granted access, you will be able to ssh to lclsapp1/2 and sudo into softegr or laci account.
     *   I expect this to be fairly flexible for the time-being, but that will change.

For channel access, we are in the process of building the access control file (acf) that will need to be loaded by all IOCs.  The acf and caputlog config will need to be installed in the near future.  The EPICS_CA_ADDR_LIST will have to be updated to include a jlab ca_gateway.  I'm sorting out the correct hostname for that.
As things firm up and I have better dates and description of the full implementation.  I will post to this mailing-list.  Please bear with us while we work through this.  We are trying to make it as streamline as possible and keep the environment impact to an absolute minimum.

Wesley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/lerftest-ctrls/attachments/20181208/82c1e68f/attachment-0001.html>

More information about the Lerftest-ctrls mailing list