Skip to content

PVWS

Jump to bottom Edit New page
Jack Harper edited this page Apr 15, 2025 · 17 revisions

PVWS

(PV Web socket)

we run a PVWS instance on NDAEXTWEB4 for the Web Dashboard

this is done with a native tomcat service (rather than a container) following the PVWS instructions, though it could be run as a container in the future.

Updating

Things to consider when updating Tomcat/PVWS:

  • Tomcat installer from https://tomcat.apache.org/download-90.cgi installed in C:\Program Files\Apache Software Foundation\Tomcat 9.0
  • pvws - we are using the latest nightly .war as of 01/11/24 - to update download this and place in the tomcat dir\webapps folder and restart the service
  • jdk 21 from https://adoptium.net/en-GB/ installed in C:\Program Files\Eclipse Adoptium\jdk-21.0.5.11-hotspot

Setting up PVWS on a machine from scratch

  1. install tomcat as a windows service, running on port 7777 using the wizard:

image

During the installer expand +Tomcat when it asks you which components to install, and tick the option which starts tomcat on startup.

  1. copy pvws.war to the webapps directory in the tomcat directory (usually C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps)
  2. in your tomcat\bin directory, we need to add the EPICS_CA variables that specify the gateway address so PVWS knows where to look for PVs. this is done by running Tomcat9.exe with the //US (update server) flag ie: C:\Program Files\Apache Software Foundation\Tomcat 9.0\bin>Tomcat9.exe //US ++Environment EPICS_CA_AUTO_ADDR_LIST=NO;EPICS_CA_ADDR_LIST=<ip> where ip is the gateway address. (more info on this command here) note, don't do this in powershell as it tries to interpret the arguments as separate commands.
  3. create a .pfx file if you need a new certificate by using Windows' certificate manager -> wherever the cert is -> all tasks -> export
  • no, do not export the private key
  • "personal information exchange", include all certificates in the certification path if possible: true, delete the private key if export is successful: false, export all extended properties: false, enable certificate privacy: false

Note

when finished you'll need to add local service to the users that can read this file like so:

image

  1. edit server.xml to contain these lines:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true"
               maxParameterCount="1000" Server=" " 
			   scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="file:///C:/PROGRA~1/APACHE~1/TOMCAT~1.0/dataweb.pfx" keystoreType="PKCS12" keystorePass="<keeper:.pfx keystore password for PVWS tomcat instance on NDAEXTWEB3>"
               >
    </Connector>

this will start a https connector using the .pfx file generated from the certificate.

  1. go to services.msc and hit restart on the tomcat service then navigate to https://<machine name>:7777/pvws - this should present the PVWS test page.
  2. update the max message size to 131072 as per "increasing maximum message size" of https://github.com/ornl-epics/pvws?tab=readme-ov-file#running-under-tomcat - this should be done in C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\pvws\WEB-INF\web.xml
  3. restart the service again
  4. if you want the web dashboard to permanently use this, update https://github.com/ISISComputingGroup/WebDashboard/blob/main/.env

Gateway

A gateway runs on NDAEXTWEB4 which is needed to only allow PVWS to access some PVs but not others.

This runs under the task scheduler as making a .bat run as a Windows service is not trivial.

# GW config for web dashboard
# This is an explicit allowlist to allow the web dashboard to look at a handful of PVS ie. some blockserver, some DAE and some INSTETC. 

EVALUATION ORDER DENY, ALLOW

.* DENY


# Beam currents/instlists
AC:TS1:BEAM:CURR ALLOW
AC:TS2:BEAM:CURR ALLOW
AC:MUON:BEAM:CURR ALLOW
CS:INSTLIST  ALLOW 

# These are blocks for instruments and developer machines
[^:]+:[^:]+:CS:SB:.*  ALLOW 

# These are dashboard PVs for instruments and developer machines
[^:]+:[^:]+:CS:DASHBOARD:.*  ALLOW 

# Shutter statuses
[^:]+:[^:]+:CS:SHUTTER  ALLOW 

# Time of day
[^:]+:[^:]+:TIME_OF_DAY  ALLOW 

# blockserver config details
[^:]+:[^:]+:CS:BLOCKSERVER:WD_CONF_DETAILS  ALLOW 

# current config name

[^:]+:[^:]+:CS:BLOCKSERVER:CURR_CONFIG_NAME  ALLOW 

# DAE PVs

[^:]+:[^:]+:DAE:RUNSTATE_STR  ALLOW 
[^:]+:[^:]+:DAE:RUNNUMBER  ALLOW 
[^:]+:[^:]+:DAE:GOODFRAMES  ALLOW 
[^:]+:[^:]+:DAE:RAWFRAMES  ALLOW 
[^:]+:[^:]+:DAE:COUNTRATE  ALLOW 
[^:]+:[^:]+:DAE:_RBNUMBER  ALLOW 
[^:]+:[^:]+:DAE:BEAMCURRENT  ALLOW 
[^:]+:[^:]+:DAE:TOTALUAMPS  ALLOW 
[^:]+:[^:]+:DAE:MONITORCOUNTS  ALLOW 
[^:]+:[^:]+:DAE:MONITORSPECTRUM  ALLOW 
[^:]+:[^:]+:DAE:MONITORTO  ALLOW 
[^:]+:[^:]+:DAE:MONITORFROM  ALLOW 
[^:]+:[^:]+:DAE:NUMSPECTRA  ALLOW 
[^:]+:[^:]+:DAE:NUMTIMECHANNELS  ALLOW 
[^:]+:[^:]+:DAE:SIM_MODE  ALLOW 
[^:]+:[^:]+:DAE:STARTTIME  ALLOW 
[^:]+:[^:]+:DAE:RUNDURATION  ALLOW 
[^:]+:[^:]+:DAE:PERIOD  ALLOW 
[^:]+:[^:]+:DAE:RAWFRAMES_PD  ALLOW 
[^:]+:[^:]+:DAE:NUMPERIODS  ALLOW 
[^:]+:[^:]+:DAE:RUNDURATION_PD  ALLOW 
[^:]+:[^:]+:DAE:PERIODSEQ  ALLOW 
[^:]+:[^:]+:DAE:GOODFRAMES_PD  ALLOW 
[^:]+:[^:]+:DAE:DAEMEMORYUSED  ALLOW 
[^:]+:[^:]+:DAE:DAETIMINGSOURCE  ALLOW 
[^:]+:[^:]+:DAE:EVENTS  ALLOW 

# These are sanitised PVs so they can be hidden at the isisdae level.
[^:]+:[^:]+:DAE:WDTITLE  ALLOW 
[^:]+:[^:]+:DAE:WDUSERS  ALLOW
Add a custom footer
Add a custom sidebar
Clone this wiki locally