I implemented an access point for LDAS to pull data from the TCS lab EPICS frame archive (fb4:/frames) via rsync. The setup is analogous to what is already running at the 40m for automated backups. Here are the implementation details in case we want to replicate this in other W. Bridge labs.
Two lab machines are needed, the frame builder machine (fb4; 10.0.1.156) and a second machine to handle the network interfacing with the outside world (tcs-ws; 10.0.1.168).
1. Set up an NFS mount on tcs-ws to remotely access the frame archive on fb4.
i. NFS server-side setup:
a. Install the required packages
controls@fb4:~$ sudo apt-get install rpcbind nfs-common nfs-kernel-server
b. Add the following line to the file /etc/exports
c. Restart the NFS-related services
controls@fb4:~$ sudo /etc/init.d/rpcbind restart
controls@fb4:~$ sudo /etc/init.d/nfs-common restart
controls@fb4:~$ sudo /etc/init.d/nfs-kernel-server restart
ii. NFS client-side setup:
controls@tcs-ws:~$ sudo apt-get install rpcbind nfs-common
b. Add the following line to the file /etc/fstab
10.0.1.156:/frames /fb4/frames nfs rw,nofail,sync,hard,intr 0 0
c. Create the directory for the mount point, then set ownership and permissions
controls@tcs-ws:~$ sudo mkdir /fb4/frames
controls@tcs-ws:~$ sudo chmod -R 775 /fb4
controls@tcs-ws:~$ sudo chown -R controls.root /fb4
c. Mount the new network drive
controls@tcs-ws:~$ sudo mount -a
2. Configure the rsync daemon on tcs-ws.
i. Create a new file named /etc/rsyncd.conf with the following content. These settings match those of the 40m setup.
max connections = 10
read only = yes
log file = /var/tmp/rsyncd.log
list = yes
uid = controls
gid = controls
use chroot = yes
strict modes = yes
pid file = /var/run/rsyncd.pid
comment = For LDAS access to TCS lab frame files
read only = yes
path = /fb4/frames
hosts allow = ldas-grid.ligo.caltech.edu,localhost
ii. Kill, then restart the rsync daemon. The daemon may not be already running.
controls@tcs-ws:~$ sudo kill `cat /var/run/rsyncd.pid`
controls@tcs-ws:~$ sudo rsync --daemon
3. Open a port through the gateway firewall for LDAS to access.
To do this, configure a new port forwarding on the linksys gateway router in the usual way (access the router settings via http://10.0.1.1 from the web browser of any subnet machine). For the TCS lab, the external-facing gateway port 2046 is forwarded to port 873 of tcs-ws (the standard rsync port).
Security is handled by the tcs-ws rsync daemon. Its config file allows outside access to only the hostname ldas-grid.ligo.caltech.edu, and that access is read-only and restricted to the /fb4/frames directory.
For testing purposes, another outside machine name can be temporarily appended to the "hosts allow" parameter of /etc/rsyncd.conf. For example, I appended my office desktop machine. From the outside machine, the connectability of the rsync server can be tested with:
user@outside-hostname:~$rsync -dt rsync://220.127.116.11:2046/ldasaccess
If successful, the command will return an output similar to
drwxr-xr-x 4096 2017/08/28 16:13:31 .
drwxr-xr-x 4096 2017/11/14 02:30:38 full
drwxr-xr-x 4096 2017/08/28 16:13:38 trend
showing the contents of the frame archive.