accessing devices running on a server with 2 interfaces

# 6 years ago
philippeg	Hello, I ran some tests a few months ago by developping some widget on the computer where the tango-db was launched and TangoTest device ran. Now, I would like to use TangoTest running on a distant computer where run a tango-db. This Tango server has currently 2 network interfaces. Client <==[public network]==> Tango server <==[private network]==> computers I defined TANGO_HOST value to "SERVER:port" where SERVER is the public adress of the TANGO server, and I would like to know what else should be defined to access to attributes of the distant TangoTest. Currently, I checked that the TangoTest DS is registered on the DB and is running (it runs on the tango server). To test, we launched `taurusform sys/database/2` on the client, it displays the following windows: 1st and when clicking Ok If we try to launch atkpanel, we got the following error: `Cannot connect to the device. Check the device name you entered; Application will abort … Connection Exception : Severity: PANIC Origin: Connection.dev_import(sys/database/2) Description: Cannot import sys/database/2 : org.omg.CORBA.TRANSIENT: Retries exceeded, couldn't reconnect to [192.168.PRIVATE_IP]:20000 vmcid: 0x0 minor code: 0 completed: No Reason: TangoApi_CANNOT_IMPORT_DEVICE Severity: ERROR Origin: Connection.build_connection(sys/database/2) Reason: TangoApi_CANNOT_IMPORT_DEVICE` We understand this is more a network issue related to the fact that the server when runs the database has 2 interfaces and that [192.168.PRIVATE_IP] is an interface not accessible from the client. The computer running DS and the TANGO server are on same computer. The TANGO server seems to send the private network IP of the computer running the DS (its own IP) to the client. Is there somewhere where we can identify the IP that should be sent to a client? The goal would be to force to send the public IP to the client. Thank you - Philippe Edited 6 years ago

# 6 years ago

Hello,
I ran some tests a few months ago by developping some widget on the computer where the tango-db was launched and TangoTest device ran.

Now, I would like to use TangoTest running on a distant computer where run a tango-db. This Tango server has currently 2 network interfaces.

Client <==[public network]==> Tango server <==[private network]==> computers

I defined TANGO_HOST value to "SERVER:port" where SERVER is the public adress of the TANGO server, and I would like to know what else should be defined to access to attributes of the distant TangoTest.
Currently,

I checked that the TangoTest DS is registered on the DB and is running (it runs on the tango server).

To test, we launched `taurusform sys/database/2` on the client, it displays the following windows:
1st

and when clicking Ok

If we try to launch atkpanel, we got the following error:

Cannot connect to the device.
Check the device name you entered; Application will abort …
Connection Exception : Severity: PANIC
Origin: Connection.dev_import(sys/database/2)
Description: Cannot import sys/database/2 : 
org.omg.CORBA.TRANSIENT: Retries exceeded, couldn't reconnect to [192.168.PRIVATE_IP]:20000 vmcid: 0x0 minor code: 0 completed: No
Reason: TangoApi_CANNOT_IMPORT_DEVICE
Severity: ERROR
Origin: Connection.build_connection(sys/database/2)
Reason: TangoApi_CANNOT_IMPORT_DEVICE

We understand this is more a network issue related to the fact that the server when runs the database has 2 interfaces and that [192.168.PRIVATE_IP] is an interface not accessible from the client.

The computer running DS and the TANGO server are on same computer.
The TANGO server seems to send the private network IP of the computer running the DS (its own IP) to the client.
Is there somewhere where we can identify the IP that should be sent to a client? The goal would be to force to send the public IP to the client.

Thank you

- Philippe

Edited 6 years ago

# 6 years ago
Reynald	Hi Philippe, Could you run jive on the TANGO_HOST host (the one you are calling the Tango server)? Could you please check what jive reports as Device Info when you click on sys/database/2 node? What is displayed on the host and port fields? Is the DatabaseDs device sys/database/2 correctly exported? Kind regards, Reynald Rosenberg's Law: Software is easy to make, except when you want it to do something new. Corollary: The only software that's worth making is software that does something new.

# 6 years ago

Reynald

Hi Philippe,

Could you run jive on the TANGO_HOST host (the one you are calling the Tango server)?
Could you please check what jive reports as Device Info when you click on sys/database/2 node?
What is displayed on the host and port fields?
Is the DatabaseDs device sys/database/2 correctly exported?

Kind regards,
Reynald

Rosenberg's Law: Software is easy to make, except when you want it to do something new.
Corollary: The only software that's worth making is software that does something new.

# 6 years ago
Reynald	This reminds me a problem reported by Elettra at the beginning of this year… If the port number reported by jive for sys/database/2 device is not correct (not 20000 in your case), you can try to start the DatabaseDs with the following additional option in order to force omniORB to encode the port 20000 in the IOR as primary address: `-ORBendPointPublish giop:tcp::20000` You can even specify your public IP address too: `-ORBendPointPublish giop:tcp:123.0.1.2:20000` for instance. I hope this helps! Reynald Rosenberg's Law: Software is easy to make, except when you want it to do something new. Corollary: The only software that's worth making is software that does something new. Edited 6 years ago

# 6 years ago

Reynald

This reminds me a problem reported by Elettra at the beginning of this year…
If the port number reported by jive for sys/database/2 device is not correct (not 20000 in your case), you can try to start the DatabaseDs with the following additional option in order to force omniORB to encode the port 20000 in the IOR as primary address:

-ORBendPointPublish giop:tcp::20000

You can even specify your public IP address too:

-ORBendPointPublish giop:tcp:123.0.1.2:20000

for instance.

I hope this helps!

Reynald

Rosenberg's Law: Software is easy to make, except when you want it to do something new.
Corollary: The only software that's worth making is software that does something new.

Edited 6 years ago

# 6 years ago
Reynald	You can get more details on this subject on the omniORB documentation (section 5 - Machines with multiple IP addresses): http://omniorb.sourceforge.net/omni42/omniNames.html Rosenberg's Law: Software is easy to make, except when you want it to do something new. Corollary: The only software that's worth making is software that does something new.

# 6 years ago
philippeg	Hi Reynald, I confirm that I can run jive and atkpanel on the TANGO_HOST. Device_info reports the following lines: Device: sys/database/2 type_id: IDL:Tango/Device_4:1.0 iiop_version: 1.2 host: 192.168.[PRIVATE_IP] (192.168.[PRIVATE_IP]) port: 20000 Server: DataBaseds/2 Serer PID: 926 Exported: true last_exported: 27th September 2017 at 10:51:30 last_unexported: 17th August 2017 at 07:58:36 By the way, is there a special method to copy-paste the content of jive? I will first check the doc you gave, thank you for the link and your answers. :) - Philippe

# 6 years ago

philippeg

Hi Reynald,

I confirm that I can run jive and atkpanel on the TANGO_HOST.
Device_info reports the following lines:

Device: sys/database/2
type_id: IDL:Tango/Device_4:1.0
iiop_version: 1.2
host: 192.168.[PRIVATE_IP] (192.168.[PRIVATE_IP])
port: 20000
Server: DataBaseds/2
Serer PID: 926
Exported: true
last_exported: 27th September 2017 at 10:51:30
last_unexported: 17th August 2017 at 07:58:36

By the way, is there a special method to copy-paste the content of jive?

I will first check the doc you gave, thank you for the link and your answers. :)

- Philippe

# 6 years ago
philippeg	Ok, so since DataBaseds should be launched as dameon tango-db, I looked into /etc/init.d/tango-db and saw line 60: `DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT"` We could document this or modifying the /etc/init.d/tango-db file to make this automatically On the other hand, we could modify this like this: `HOST=$(/sbin/ifconfig eth0 \| grep 'inet addr:' \| cut -d: -f2 \| awk '{ print $1}') DAEMON_ARGS="2 -ORBendPoint giop:tcp:$HOST:$PORT"` However, it will always get the IP of eth0, and I am not happy with this… I will think about it. If anyone has a better idea, I'm not a daemon pro. - Philippe Edited 6 years ago

# 6 years ago

philippeg

Ok, so since DataBaseds should be launched as dameon tango-db, I looked into /etc/init.d/tango-db and saw line 60:

DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT"

We could document this or modifying the /etc/init.d/tango-db file to make this automatically
On the other hand, we could modify this like this:

HOST=$(/sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
DAEMON_ARGS="2 -ORBendPoint giop:tcp:$HOST:$PORT"

However, it will always get the IP of eth0, and I am not happy with this… I will think about it.
If anyone has a better idea, I'm not a daemon pro.

- Philippe

Edited 6 years ago

# 6 years ago
philippeg	In fact, this solution will not do it since we would like to use TANGO server from both public and private network. I understand this is not actually possible because of OmniORB? Am I right? I do not know very well CORBA and OmniORB but It sounds strange since the request should be managed at the network level and not at the application level. Did I miss something? - Philippe Edited 6 years ago

# 6 years ago

philippeg

In fact, this solution will not do it since we would like to use TANGO server from both public and private network.
I understand this is not actually possible because of OmniORB? Am I right?

I do not know very well CORBA and OmniORB but It sounds strange since the request should be managed at the network level and not at the application level. Did I miss something?

- Philippe

Edited 6 years ago

# 6 years ago
Reynald	Hi Philippe, I think you should be able to use TANGO from both public and private networks. omniORB is able to listen on all network interfaces. I think you should keep the following line in your DatabaseDs startup script: `DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT"` When you don't specify an address before the port number, omniORB will listen on all network interfaces (see this documentation: section 6.6) but will publish the first non-loopback network interface it can find in the IOR. If you specify an address before :$PORT, omniORB will listen only on that network interface, unless you specify one -ORBendPoint option for each network interface. What I was suggesting was to use: `-ORBendPointPublish giop:tcp:<public_ip_address>:$PORT` (Please note this is a different option -ORBendPointPublish) on top of `DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT"` So basically: `DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT -ORBendPointPublish giop:tcp:<public_ip_address>:$PORT"` With this option, you should be able to execute `atkpanel sys/database/2` from a client connected on the public interface. I don't know whether you can use -ORBendPointPublish options several times so you could publish as well the private network IP address in the IOR and then be able to run 'atkpanel sys/database/2' from your private network too. The DataBaseDs device is a special device and is not very often accessed like the other TANGO devices. There might be something to improve to publish all its host's IP addresses to the TANGO clients. Maybe something is missing in the case of DatabaseDs. Tango usually finds the Database server thanks to the TANGO_HOST environment variable which specifies the hostname and port where the DatabaseDs is listening, not via its device name. Please try first to do your tests on a standard device server instead of trying to connect to sys/database/2 via atkpanel. As far as I know, when you start a standard device server, it will listen by default on all network interfaces and should be accessible from all available networks where its host belongs to. Hoping this helps, Reynald Rosenberg's Law: Software is easy to make, except when you want it to do something new. Corollary: The only software that's worth making is software that does something new.

# 6 years ago

Reynald

Hi Philippe,

I think you should be able to use TANGO from both public and private networks.
omniORB is able to listen on all network interfaces.

I think you should keep the following line in your DatabaseDs startup script:

DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT"

When you don't specify an address before the port number, omniORB will listen on all network interfaces (see this documentation: section 6.6) but will publish the first non-loopback network interface it can find in the IOR.

If you specify an address before :$PORT, omniORB will listen only on that network interface, unless you specify one -ORBendPoint option for each network interface.

What I was suggesting was to use:

-ORBendPointPublish giop:tcp:<public_ip_address>:$PORT

(Please note this is a different option -ORBendPointPublish)
on top of

DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT"

So basically:

DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT -ORBendPointPublish giop:tcp:<public_ip_address>:$PORT"

With this option, you should be able to execute

atkpanel sys/database/2

from a client connected on the public interface.
I don't know whether you can use -ORBendPointPublish options several times so you could publish as well the private network IP address in the IOR and then be able to run 'atkpanel sys/database/2' from your private network too.

The DataBaseDs device is a special device and is not very often accessed like the other TANGO devices.
There might be something to improve to publish all its host's IP addresses to the TANGO clients. Maybe something is missing in the case of DatabaseDs.
Tango usually finds the Database server thanks to the TANGO_HOST environment variable which specifies the hostname and port where the DatabaseDs is listening, not via its device name.
Please try first to do your tests on a standard device server instead of trying to connect to sys/database/2 via atkpanel.

As far as I know, when you start a standard device server, it will listen by default on all network interfaces and should be accessible from all available networks where its host belongs to.

Hoping this helps,
Reynald

Rosenberg's Law: Software is easy to make, except when you want it to do something new.
Corollary: The only software that's worth making is software that does something new.

# 5 years ago
philippeg	By the way, thank you Reynald. For debian 9 which does not include ifconfig anymore, here are the modification I made into /etc/init.d/tango-db on line 59 to allow accessing a TANGO server filtered : `PRIVATE_IP_ADDRESS="$(ip addr \| grep "inet 192" \| cut -d/ -f1 \|awk '{print $2}')" PUBLIC_IP_ADDRESS="$(ip addr show eth0 \| grep "inet " \| cut -d/ -f1 \|awk '{print $2}')" DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT -ORBendPointPublish giop:tcp:$PRIVATE_IP_ADDRESS:$PORT -ORBendPointPublish giop:tcp:$PUBLIC_IP_ADDRESS:$PORT"` EDIT: addition of PRIVATE_IP_ADDRESS part - Philippe Edited 5 years ago

# 5 years ago

philippeg

By the way, thank you Reynald.

For debian 9 which does not include ifconfig anymore, here are the modification I made into /etc/init.d/tango-db on line 59 to allow accessing a TANGO server filtered :

PRIVATE_IP_ADDRESS="$(ip addr  | grep "inet 192" | cut -d/ -f1 |awk '{print $2}')"
PUBLIC_IP_ADDRESS="$(ip addr show eth0 | grep "inet " | cut -d/ -f1 |awk '{print $2}')"
DAEMON_ARGS="2 -ORBendPoint giop:tcp::$PORT -ORBendPointPublish giop:tcp:$PRIVATE_IP_ADDRESS:$PORT -ORBendPointPublish giop:tcp:$PUBLIC_IP_ADDRESS:$PORT"

EDIT: addition of PRIVATE_IP_ADDRESS part

- Philippe

Edited 5 years ago

# 5 years ago
philippeg	By the way, for astor, I used a similar trick by defining a static port into /etc/init.d/tango-starter: PORT=20001 DAEMON_ARGS=`hostname`" -ORBendPoint giop:tcp::$PORT" Seems to work, even if the static port definition is not an elegant solution. EDIT: correction of a typo into DAEMON_ARGS - Philippe Edited 5 years ago