/Experiment ODB tree: Difference between revisions

From MidasWiki
Jump to navigation Jump to search
No edit summary
 
(13 intermediate revisions by 3 users not shown)
Line 22: Line 22:
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  Experiment                      DIR
  Experiment                      DIR
     Name                       STRING  1    32    14s  0  RWD  midas
     Name                         STRING  1    32    14s  0  RWD  midas
     Buffer sizes               DIR
     Buffer sizes                 DIR
         SYSMSG                 DWORD  1    4    11h  0  RWD  100000
         SYSMSG                   DWORD  1    4    11h  0  RWD  100000
    Security                    DIR
        Enable non-localhost RPC BOOL    1    4    46s  0  RWD  n
        RPC ports                DIR
          ODBEdit              DWORD  1    4    38m  0  RWD  0
        RPC hosts                DIR
          Allowed hosts        STRING  10    256  38m  3  RWD
                                        [0]            localhost
                                        [1]
                                        [2]
                                        [3]
                                        [4]
                                        [5]
                                        [6]
                                        [7]
                                        [8]
                                        [9]
        Disable RPC hosts check  BOOL    1    4    46s  0  RWD  n




The following example shows the <span style="color: purple;">''/Experiment''</span> tree for a typical experiment :  
The following example shows the <span style="color: purple;">''/Experiment''</span> tree for a typical experiment:  


  [local:midas:R]/>ls -lrt /experiment
  [local:midas:R]/>ls -lrt /experiment
Line 33: Line 50:
  ---------------------------------------------------------------------------
  ---------------------------------------------------------------------------
  Experiment                      DIR
  Experiment                      DIR
     Name                       STRING  1    32    7s  0  RWD  midas
     Name                         STRING  1    32    7s  0  RWD  midas
     Buffer sizes               DIR
     <span style="color: purple;">Buffer sizes</span>                DIR
         SYSMSG                 DWORD  1    4    23h  0  RWD  100000
         SYSMSG                   DWORD  1    4    23h  0  RWD  100000
         SYSTEM                 DWORD  1    4    23h  0  RWD  640000000
         SYSTEM                   DWORD  1    4    23h  0  RWD  640000000
         BUF0                   DWORD  1    4    23h  0  RWD  80000000
         BUF0                     DWORD  1    4    23h  0  RWD  80000000
         BUF1                   DWORD  1    4    23h  0  RWD  80000000
         BUF1                     DWORD  1    4    23h  0  RWD  80000000
         .......    <span style="color: green;">''other user-defined buffers not shown ''</span>  
         .......    <span style="color: green;">''other user-defined buffers not shown ''</span>  
     CSS File                    STRING  1    1024 9h  0  RWD  mhttpd.css
     <span style="color: purple;">Security</span>                    DIR
     JS File                    STRING 1    1024 9h  0  RWD  mhttpd.js
        Enable non-localhost RPC BOOL    1    4    38m 0  RWD  n
    MAX_EVENT_SIZE              DWORD  1    4    23h 0  RWD  4194304
        <span style="color: purple;">RPC ports</span>                DIR
    Menu Buttons               STRING  1    1000 9h  0  RWD  Status, ODB, Messages, ELog, Alarms, Programs, History, Sequencer, Config, Help
            ODBEdit              DWORD  1    4     38m  0  RWD 0
     Start-Stop Buttons         BOOL    1    4    8h  0  RWD  y
            Logger              DWORD  1    4    35m 0  RWD  0
     Pause-Resume Buttons       BOOL    1    4    8h  0  RWD  n
            mhttpd               DWORD  1    4    23m 0  RWD  0
    
        <span style="color: purple;">RPC hosts</span>               DIR
     Transition debug flag       INT    1    4    23h  0  RWD  0
            Allowed hosts        STRING  10    256  38m  3  RWD
     Transition connect timeout INT    1    4    23h  0  RWD  10000
                                        [0]            localhost
     Transition timeout         INT    1    4    23h  0  RWD  120000
                                        [1]
     <span style="color: purple;">edit on start</span>               DIR
                                        [2]
         experiment number               DWORD  1    4    2h  0  RWD  9499
                                        [3]
         field                           STRING  1    32    2h  0  RWD  19000.2(0.0)G
                                        [4]
                                        [5]
                                        [6]
                                        [7]
                                        [8]
                                        [9]
        Disable RPC hosts check  BOOL    1    4    38m 0  RWD  n
     Start-Stop Buttons           BOOL    1    4    8h  0  RWD  y
     Pause-Resume Buttons         BOOL    1    4    8h  0  RWD  n
  <span style="color: purple;">Status items</span>                DIR
        Experiment Name -> /Experiment/Name
    MAX_EVENT_SIZE              DWORD  1    4    23h  0  RWD  4194304
    Midas server port            DWORD  1    4    3m  0   RWD  1175
     Transition debug flag       INT    1    4    23h  0  RWD  0
     Transition connect timeout   INT    1    4    23h  0  RWD  10000
     Transition timeout           INT    1    4    23h  0  RWD  120000
     <span style="color: purple;">edit on start</span>               DIR
         experiment number       DWORD  1    4    2h  0  RWD  9499
         field                   STRING  1    32    2h  0  RWD  19000.2(0.0)G
         comment-> /Experiment/run parameters/comment
         comment-> /Experiment/run parameters/comment
                                        STRING  1    80    2h  0  RWD  Testing with low beam
                                STRING  1    80    2h  0  RWD  Testing with low beam
         Number of channels -> /Run Parameters/number of channels
         Number of channels -> /Run Parameters/number of channels
                                        DWORD  1    4    2h  0  RWD  20
                                DWORD  1    4    2h  0  RWD  20
         Write Data -> /Logger/Write data
         Write Data -> /Logger/Write data
                                        BOOL    1    4    2h  0  RWD  n
                                BOOL    1    4    2h  0  RWD  n
         Number of cycles -> /Equipment/FIFO_acq/frontend/hardware/num cycles
         Number of cycles -> /Equipment/FIFO_acq/frontend/hardware/num cycles
                                        DWORD  1    4    2h  0  RWD  0
                                DWORD  1    4    2h  0  RWD  0
     <span style="color: purple;">Parameter Comments</span>         DIR                   
     <span style="color: purple;">Parameter Comments</span>           DIR                   
         field                           STRING  1    32    >99d 0  RWD  <i>Entered in Tesla unit</i>
         field                   STRING  1    32    >99d 0  RWD  <i>Entered in Tesla unit</i>
         Num cycles                     STRING  1    80    >99d 0  RWD  <i>Stop run after num cycles is reached. Enter 0 to disable (free running)</i>
         Num cycles               STRING  1    80    >99d 0  RWD  <i>Stop run after num cycles is reached. Enter 0 to disable (free running)</i>
     <span style="color: purple;">Run Parameters</span>             DIR
     <span style="color: purple;">Run Parameters</span>               DIR
         Comment                         STRING  1    80    2h  0  RWD  Testing with low beam
         Comment                 STRING  1    80    2h  0  RWD  Testing with low beam
         Run Description                 STRING  1    256  7h  0  RWD  Sequencer Tests
         Run Description         STRING  1    256  7h  0  RWD  Sequencer Tests
         Number of channels             DWORD  1    4    2h  0  RWD  20
         Number of channels       DWORD  1    4    2h  0  RWD  20
     <span style="color: purple;">Lock when running</span>           DIR
     <span style="color: purple;">Lock when running</span>           DIR
         Num channels -> /Run Parameters/number of channels
         Num channels -> /Run Parameters/number of channels
                                        DWORD  1    4    2h  0  RWD  20
                                DWORD  1    4    2h  0  RWD  20
     <span style="color: purple;">edit on sequence</span>           DIR
     <span style="color: purple;">edit on sequence</span>             DIR
         title                           STRING  1    128  2h  0  RWD  none
         title                   STRING  1    128  2h  0  RWD  none
         experiment number               DWORD  1    4    2h  0  RWD  9438
         experiment number       DWORD  1    4    2h  0  RWD  9438
         experimenter                   STRING  1    32    2h  0  RWD  gls
         experimenter             STRING  1    32    2h  0  RWD  gls
         sample                         STRING  1    36    2h  0  RWD  NA
         sample                   STRING  1    36    2h  0  RWD  NA
         run description -> /Experiment/run parameters/run description
         run description -> /Experiment/run parameters/run description
                                        STRING  1    256  7h  0  RWD  Sequencer Tests
                                STRING  1    256  7h  0  RWD  Sequencer Tests
         Write Data -> /Logger/Write data
         Write Data -> /Logger/Write data
                                        BOOL    1    4    2h  0  RWD  n
                                BOOL    1    4    2h  0  RWD  n
         Number of cycles -> /Equipment/FIFO_acq/frontend/hardware/num cycles
         Number of cycles -> /Equipment/FIFO_acq/frontend/hardware/num cycles
                                        DWORD  1    4    2h  0  RWD  0
                                DWORD  1    4    2h  0  RWD  0
     Prevent start on alarms     BOOL    1    4    22h  0  RWD  n
     Prevent start on alarms     BOOL    1    4    22h  0  RWD  n
     Prevent start on required   BOOL    1    4    22h  0  RWD  n
     Prevent start on required   BOOL    1    4    22h  0  RWD  n
     <span style="color: purple;">Status items</span>               DIR
     <span style="color: purple;">Status items</span>                 DIR
         Experiment Name -> /Experiment/Name
         Experiment Name -> /Experiment/Name
                                STRING  1    32    7s  0  RWD  midas
                                STRING  1    32    7s  0  RWD  midas
     Start-Stop Buttons         BOOL    1    4    5h  0  RWD  y
     Start-Stop Buttons           BOOL    1    4    5h  0  RWD  y
     Pause-Resume Buttons       BOOL    1    4    5h  0  RWD  n
     Pause-Resume Buttons         BOOL    1    4    5h  0  RWD  n




Line 104: Line 139:
</div>  
</div>  
This key in the [[#top|/Experiment tree]]
This key in the [[#top|/Experiment tree]]
contains the name of the experiment. Filled automatically when the ODB is created.
contains the name of the experiment. It is created by the MIDAS system when the ODB is created.


<br>
<br>
Line 114: Line 149:


This key in the [[#top|/Experiment tree]] is a subtree to contain the sizes of the  
This key in the [[#top|/Experiment tree]] is a subtree to contain the sizes of the  
Midas Buffers for the experiment. Created with default values. The sizes can be changed to optimize the memory usage. See '''[[Event Buffer]]''' Size(s) for details.  Other user-defined
Midas Buffers for the experiment. Created by the MIDAS system with default values. The sizes can be changed to optimize the memory usage. See '''[[Event Buffer]]''' Size(s) for details.  Other user-defined
buffers may be present (e.g. for '''[[event filtering]]''').
buffers may be present (e.g. for '''[[event filtering]]''').
<br>
<br>
Line 140: Line 175:
This key in the [[#Buffer Sizes|/Experiment/Buffer Sizes subtree]]
This key in the [[#Buffer Sizes|/Experiment/Buffer Sizes subtree]]
contains the size of SYSTEM buffer.  The default value of this key is
contains the size of SYSTEM buffer.  The default value of this key is
DEFAULT_BUFFER_SIZE = 32 MiBytes in [http://ladd00.triumf.ca/~daqweb/doc/midas-devel/doc/html/midas_8h_source.html midas.h].  
DEFAULT_BUFFER_SIZE = 32 MiB (defined in [http://ladd00.triumf.ca/~daqweb/doc/midas-devel/doc/html/midas_8h_source.html midas.h]).  
The actual SYSTEM buffer size is set by this key. See '''[[Event Buffer]]''' for details.
The actual SYSTEM buffer size is set by this key. To increase the SYSTEM buffer size (e.g. for very large events), see [[Event Buffer]].
<br>
<br>
--------
--------
Line 153: Line 188:
This key in the [[#top|/Experiment tree]]
This key in the [[#top|/Experiment tree]]
specifies the maximum event size that can be acquired. The default value of this key is
specifies the maximum event size that can be acquired. The default value of this key is
DEFAULT_MAX_EVENT_SIZE =  4 MiBytes in [http://ladd00.triumf.ca/~daqweb/doc/midas-devel/doc/html/midas_8h_source.html midas.h].  
DEFAULT_MAX_EVENT_SIZE =  4 MiB  (defined in [http://ladd00.triumf.ca/~daqweb/doc/midas-devel/doc/html/midas_8h_source.html midas.h]).  
The actual maximum event size is set by this key. (See also '''[[Event Buffer]]''').
The actual maximum event size is set by this key, and can be increased for larger events if needed (see  [[Event Buffer]] for more information).


<br>
<br>
Line 160: Line 195:
<br>
<br>


=== <span style="color: purple;">''Mongoose listening_port''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Default:'''  "8080r,8443s"
</div>
This key in the [[#top|/Experiment tree]] is created when [[mhttpd]] is run for the first time. It contains the listening ports for the secure
HTTPS/SSL server ([https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose]). The ports are the HTTP port (default 8080) which is to be redirected to the secure HTTPS port (default 8443).
If ports are supplied with the "--mg" option when starting  {{Utility|name=mhttpd}}, their values will overwrite the default values stored in this key. See [[mhttpd]] for details.
<br>
--------
<br>
=== <span style="color: purple;">''Mongoose access_control_list''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Default:'''  ""
</div>
This key in the [[#top|/Experiment tree]] is created when [[mhttpd]] is run for the first time. It contains the access control list (ACL) for the [https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose] web server.  By default, this key is empty and there is no access control.  The format of the ACL is described under access_control_list at
[https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/Options.md?at=develop Mongoose Configuration Options].
<br>
--------
<br>


=== <span style="color: purple;">''midas server port''</span>  ===
=== <span style="color: purple;">''midas server port''</span>  ===
Line 193: Line 201:
* '''Default:'''  1175
* '''Default:'''  1175
</div>  
</div>  
This key (added Aug 2015) will be for use with the [[mserver]] version (in git branch "feature/rpcsecurity" &  still being tested as of Aug 2015) that aims to improve network security for the MIDAS experiment.
This key contains the default value of the port used by [[mserver]]. This is set to MIDAS_TCP_PORT (1175 in midas.h).  A different port can be used by starting [[mserver]] with the -p argument.
<br>
--------
<br>
=== <span style="color: purple;">''CSS File''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Default:'''  "mhttpd.css"
</div>
This key in the [[#top|/Experiment tree]] contains the name of the [[Custom Page Features#MIDAS stylesheet|MIDAS stylesheet]] file for the use of those writing [[Custom Page|Custom Web Pages]].


This key is created when [[mserver]] is started for the first time. It contains the default value of the port used by [[mserver]]. This is set to MIDAS_TCP_PORT = 1175 ( midas.h).  A different port can be used by starting [[mserver]] with the -p argument.


;NOTE
: This key was added in May 2015 (see [[Security]]).


<br>
<br>
Line 215: Line 211:
<br>
<br>


=== <span style="color: purple;">''JS File''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Default:'''  "mhttpd.js"
</div>
This key in the [[#top|/Experiment tree]] contains the name of the [[mhttpd.js|Javascript library]] file for the use of those writing [[Custom Page|Custom Web Pages]].
<br>
--------
<br>
=== <span style="color: purple;">''Menu Buttons''</span>  ===
<div style="column-count:2;-moz-column-count:2;-webkit-column-count:2">
* '''Type:''' STRING
* '''Default:'''  "Status, ODB, Messages, ELog, Alarms, Programs, History, Sequencer, Chat, Config, Help"
</div>
This key in the [[#top|/Experiment tree]]
is added automatically by '''[[mhttpd]]''' to allow the Menu buttons that appear on the '''[[mhttpd|Main Status Page]]''' to be customized by
removing unnecessary buttons or by changing their order.
The Start/Stop/Pause/Resume buttons are not now included in  <span style="color: purple;">''Menu Buttons''</span>.
* To suppress/display the Start/Stop buttons use key [[#Start-Stop Buttons|Start-Stop Buttons]].
* To display/suppress the Pause/Resume buttons, use key [[#Pause-Resume Buttons|Pause-Resume Buttons]].
; Note
:If [[MSCB Page#MIDAS with MSCB support|MSCB support]] is built into MIDAS, the default will also include the MSCB Menu button (see [[MSCB Page]]).
<br>
--------
<br>


=== <span style="color: purple;">''Start-Stop Buttons''</span>  ===
=== <span style="color: purple;">''Start-Stop Buttons''</span>  ===
Line 266: Line 227:
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' BOOL
* '''Type:''' BOOL
* '''Default:''' n
* '''Default:''' (no default, must be manually created)
  </div>  
  </div>  
This key in the [[#top|/Experiment tree]] is added automatically by '''[[mhttpd]]'''.
This key in the [[#top|/Experiment tree]] can be created and set to "n" to hide the Pause/Resume buttons on the [[Status Page]] (so that only Start/Stop buttons will be visible). If the key doesn't exist, or is set to "y", the Pause/Resume buttons will be shown.
By default the Pause/Resume menu buttons do not appear on the [[Status Page]]. The user can allow these buttons
to appear during the run by setting this key to "y".




Line 380: Line 339:


This  optional subdirectory  in the [[#top|/Experiment tree]] may contain user-defined parameter comments that give more information about
This  optional subdirectory  in the [[#top|/Experiment tree]] may contain user-defined parameter comments that give more information about
the '''[[Edit-on-start Parameters]]'''.  
the '''[[Edit-on-start Parameters]]'''.  See [[Edit-on-start Parameters#edit-on-start parameter comments|creating parameter comments]] for details.


<br>
<br>
Line 429: Line 388:
</div>
</div>


This key in the [[#top|/Experiment tree]] is a subtree  which by default contains a link to the [[#Name|experiment name]]. Any links or keys
'''NOTE:'''
This key in the [[#top|/Experiment tree]] is a subtree  which by <b>default (Hmmm no!)</b> contains a link to the [[#Name|experiment name]]. Any links or keys
created by the user in this optional subdirectory will be displayed on the [[mhttpd]] main status page.  
created by the user in this optional subdirectory will be displayed on the [[mhttpd]] main status page.  
This subtree may not be present by default.
In order to make any ODB parameters visible in the status page, create first the subtree and a link to the experiment name inside this newly subtree such as:
cd /experiment
mkdir "Status items"
cd "Status items"
ln /experiment/name "Experiment Name"
Any following link to any ODB parameters will be displayed in the status page above the Equipment list.
<br>
<br>
--------
--------
<br>
<br>


=== <span style="color: purple;">''Security''</span> subtree ===
=== <span style="color: purple;">''Security''</span> subtree ===
Line 447: Line 416:




==== <span style="color: purple;">''Disable RPC hosts check''</span> ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' BOOL
* '''Default:'''  "n"
</div>
Setting the key to "n" (the default) causes access by unauthorized hosts to be prevented by the system checking the RPC access control list (see [[#RPC hosts subtree|RPC hosts/Allowed hosts]]).


==== <span style="color: purple;">''Password ''</span> ====
If MIDAS clients have to connect from random hosts (i.e. dynamically assigned random DHCP addresses), one can disable the host name checks by
setting this key to "y". This configuration is insecure and should only be done on a private network behind a firewall. See [https://midas.triumf.ca/elog/Midas/1080 Note 1080].
 
; NOTE
: This key was added August 2015. Used by [[mserver]] to improve network [[Security]] for the MIDAS experiment.
 
<br>
--------
<br>
 
==== <span style="color: purple;">''Enable non-localhost RPC''</span> ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Type:''' BOOL
* '''Default:'''   
* '''Default:'''  "n"
</div>  
</div>
This key in the [[#Security|/Experiment/Security subtree]]
The default value of this key is "n", denying access by external network connections.  If running an experiment that requires external network connections, this key must be set to "y" and the key [[#RPC hosts|RPC hosts]] must be filled. See [https://midas.triumf.ca/elog/Midas/1080 Note 1080].
contains the encrypted password. This Key is created when the {{Odbedit cmd|cmd=passwd}} is issued. See '''[[security]]''' for details.
 
; NOTE
: This key was added August 2015. Used by [[mserver]] to improve network [[Security]] for the MIDAS experiment.  


;Notes
<ol><li> Do not set this key except through the {{Odbedit cmd|cmd=passwd}}. Setting an unencrypted password will lock you out of the ODB unless {{Utility|name=odbedit}} is listed as an [[#Allowed programs|allowed program]].</li>
<li>This security feature is not proof against malicious access. See [[Security]] for details.
</ol>
<br>
<br>
--------
--------
<br>
<br>


==== <span style="color: purple;">''Allowed hosts''</span> subtree ====
==== <span style="color: purple;">''RPC ports''</span> subtree ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' DIR
* '''Type:''' DIR
</div>
</div>


This subtree in the [[#Security|/Experiment/Security subtree]] is created when the {{Odbedit cmd|cmd=passwd}} is issued. When created, this subtree is empty.
This subtree in the [[#Security subtree|/Experiment/Security subtree]] is new as of August 2015. It is created by the MIDAS system.  
Optionally, it may contain  user-defined names of remote hosts allowed to have free access (i.e. without password) to the current experiment. See '''[[Security #Allowed Hosts|allowed hosts]]'''.  
It is part of the improved security features of MIDAS (See '''[[Security]]'''). This subdirectory contains the names of MIDAS clients and their fixed TCP port numbers. When a client is started for the first time, an entry named for the client will be created in this subtree.
<br>
--------
<br>
 
===== <span style="color: purple;">''<client-name>''</span> =====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Default:'''  0
</div>
 
 
When a MIDAS client is started, a key will be created named for that client. It will contain the fixed TCP port number that the MIDAS client is using.
Clients started on the local host will have TCP port numbers of 0 (default).


;Note
Once a remote [[Frontend Operation|frontend]] is bound to a fixed port, appropriate openings can be made in the firewall, etc. Default port number value
* This security feature is not proof against malicious access. See [[Security]] for details.
will be 0 meaning "use random port", same as now. See [https://midas.triumf.ca/elog/Midas/1079].


;NOTE
: This feature was added  August 2015. It is part of the improved security features of MIDAS (See '''[[Security]]''').
<br>
<br>
--------
--------
<br>
<br>


==== <span style="color: purple;">''Allowed programs ''</span> subtree ====
==== <span style="color: purple;">''RPC hosts''</span> subtree ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' DIR
* '''Type:''' DIR
</div>
</div>


This subtree in the [[#Security|/Experiment/Security subtree]] is created when the {{Odbedit cmd|cmd=passwd}} is issued. When created, this subtree is empty.
This subtree in the [[#Security subtree|/Experiment/Security subtree]] is new as of August 2015. It is created by the MIDAS system.
Optionally, it may contain user-defined names of clients allowed to have free access (i.e. without password) to the current experiment. See '''[[Security #Allowed clients|allowed clients]]'''.
It is part of the improved security features of MIDAS (See '''[[Security]]''').
<br>
--------
<br>
 
<div id="Allowed hosts (rpc hosts)"></div>  <!-- need this because of duplicate "Allowed hosts" in "mhttpd hosts/" subtree -->
===== <span style="color: purple;">''Allowed hosts''</span> =====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING array
* '''Default:''' "localhost"
</div>
This key in the [[#RPC hosts subtree|/Experiment/Security/RPC hosts subtree]] is new as of August 2015 and is created by the system (i.e. midas.c).
 
It is part of the improved security features of MIDAS (See '''[[Security]]''') and is used to maintain a Network Access Control list.
The access control list array is self-growing - it will have at least 10 empty entries at the end at all times.
 
The default value for {{Odbpath|path=Allowed hosts[0]}} is "localhost", which will reject all external connections, even when permitted by [[#Enable external RPC connections|Enable external RPC connections]].  The user will be required to enter the names of all machines that will run midas clients in this array. See [https://midas.triumf.ca/elog/Midas/1090].


;Note
All clients' db_watch() routines watch the access control list and automatically reload it when it is changed, so there is no need to restart clients.
* This security feature is not proof against malicious access. See [[Security]] for details.


<br>
<br>
Line 494: Line 509:
<br>
<br>


==== <span style="color: purple;">''Web Password''</span> ====
 
 
<div style="background-color:silver">
== <span style="font-size:120%;">The following keys in the /Experiment tree are OBSOLETE:</span> ==
 
 
=== <span style="color: purple;">''midas http port''</span> ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Type:''' INT
* '''Default:'''   
* '''Status: OBSOLETE'''
* '''Default:'''  8080
</div>  
</div>  
This key in the [[#top|/Experiment tree]] is created when [[mhttpd]] is run for the first time. It contains the listening port for the HTTP server (default 8080). This will be redirected to the secure HTTPS port given by [[#midas https port|midas https port]] if the key [[#http redirect to https|http redirect to https]] is set to "y".


If '''[[Security #How to Setup Web Access Restrictions |web access restriction]]''' has been set up, this key in the [[#Security|/Experiment/Security subtree]]
If the http port are supplied with the "--http" option when starting  {{Utility|name=mhttpd}}, the port supplied will overwrite the default value stored in this key. See [[mhttpd]] for details.
will contain an encrypted password for Web server access. This key is created by using the {{Odbedit cmd|cmd=webpasswd}}.
 
;NOTE
: This [[Security]] feature was added to [[mhttpd]] in August 2015
: As of March 2020, this key has been deprecated in favour of the [[Webserver ODB tree]].
 
<br>
--------
<br>


If this key is present, the user will be requested to provide the "Web Password" when accessing the requested experiment in "Write Access" mode. The "Read Only Access" mode is still available (without a password) to all users.
=== <span style="color: purple;">''midas https port''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' INT
* '''Status: OBSOLETE'''
* '''Default:'''  8443
</div>
This key in the [[#top|/Experiment tree]] is created when [[mhttpd]] is run for the first time. It contains the listening port (default 8443) for the secure
HTTPS/SSL server ([https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose]).  


;Note
If the https port is supplied with the "--https" option when starting  {{Utility|name=mhttpd}}, the port supplied will overwrite the default value stored in this key. See [[mhttpd]] for details.
* This security feature is not proof against malicious access. See [[Security]] for details.


;NOTE
: This [[Security]] feature was added to [[mhttpd]] in August 2015
: As of March 2020, this key has been deprecated in favour of the [[Webserver ODB tree]].


<br>
<br>
Line 513: Line 552:
<br>
<br>


=== <span style="color: purple;">''http redirect to https''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' BOOL
* '''Status: OBSOLETE'''
* '''Default:'''  y
</div>
This key in the [[#top|/Experiment tree]] is created when [[mhttpd]] is run for the first time.  If set to "y", connections to the http port (specified by the key [[#midas http port|midas http port]] will be redirected to hte https port (specified by the key [[#midas https port|midas https port]], i.e. the listening port for the secure
HTTPS/SSL server ([https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose]).
;NOTE
: This [[Security]] feature was added to [[mhttpd]] in August 2015
: As of March 2020, this key has been deprecated in favour of the [[Webserver ODB tree]].
<br>
--------
<br>


==== <span style="color: purple;">''Disable RPC hosts check''</span> ====
==== <span style="color: purple;">''mhttpd hosts''</span> subtree ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' BOOL
* '''Type:''' DIR
* '''Default:''' "n"
* '''Status: OBSOLETE'''
</div>
</div>
This key has been added for the use of the [[mserver]] version (in git branch "feature/rpcsecurity" &  still being tested as of Aug 2015) that aims to improve network security for the MIDAS experiment.


If MIDAS clients have to connect from random hosts (i.e. dynamically assigned random DHCP addresses), one can disable the host name checks by
This subtree in the [[#Security subtree|/Experiment/Security subtree]] is new as of August 2015. It is created by the MIDAS system.
setting this key to "yes". This configuration is insecure and should only be done on a private network behind a firewall. See [https://midas.triumf.ca/elog/Midas/1080].
It is part of the improved security features of MIDAS (See '''[[Security]]''').
 
;NOTE
: As of March 2020, this key has been deprecated in favour of the [[Webserver ODB tree]].


<br>
<br>
Line 528: Line 586:
<br>
<br>


==== <span style="color: purple;">''Enable non-localhost RPC''</span> ====
<div id="Allowed hosts (mhttpd hosts)"></div>  <!-- need this because of duplicate "Allowed hosts" in "rpc hosts/" subtree -->
===== <span style="color: purple;">''Allowed hosts''</span> =====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' BOOL
* '''Type:''' STRING array
* '''Default:'''  "n"
* '''Status: OBSOLETE'''
* '''Default:'''  "localhost"
</div>
</div>
This key has been added for the use of the [[mserver]] version (in git branch "feature/rpcsecurity" &  still being tested as of Aug 2015) that aims to improve network security for the MIDAS experiment. The default value of this key will be "n", denying access by external network connectionsIf running an experiment that requires external network connections, this key must be set to "y" and the key [[#RPC hosts|RPC hosts]] must be filled. See [https://midas.triumf.ca/elog/Midas/1080].
This key in the [[#RPC hosts subtree|/Experiment/Security/mhttpd hosts subtree]] is new as of August 2015 and is created by the system (i.e. midas.c).
 
It is part of the improved security features of MIDAS (See '''[[Security]]''') and is used to maintain an access control list for [[mhttpd]].  An empty list means free access from everywhere. Access control is also controlled by the [[mhttpd]] "-a" command line arguments. Hosts supplied by the "-a" command line arguments are not added to the access control list by the system.
 
The access control list is watched by {{Utility|name=mhttpd}}, therefore there is no need to restart it after updating the list.
 
;NOTE
: As of March 2020, this key has been deprecated in favour of the [[Webserver ODB tree]].


<br>
<br>
Line 539: Line 606:
<br>
<br>


==== <span style="color: purple;">''Rpc hosts''</span> ====
 
 
=== <span style="color: purple;">''CSS File''</span> ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''  "mhttpd.css"
</div>
This key in the [[#top|/Experiment tree]] contains the name of the [[Custom Page Features#MIDAS stylesheet|MIDAS stylesheet]] file for the use of those writing [[Custom Page|Custom Web Pages]].
;NOTE
: Serving resource file is now done differently.  See [[Custom Page Features#MIDAS resource files|serving MIDAS resource file]]. Also mhttpd.css has be replaced by midas.css.
<br>
--------
<br>
=== <span style="color: purple;">''JS File''</span> ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''  "mhttpd.js"
</div>
This key in the [[#top|/Experiment tree]] contains the name of the [[mhttpd.js|Javascript library]] file for the use of those writing [[Custom Page|Custom Web Pages]].
;NOTE
: Serving resource file is now done differently. See [[Custom Page Features#MIDAS resource files|serving MIDAS resource files]].
<br>
--------
<br>
=== <span style="color: purple;">''Menu Buttons''</span>  ===
<div style="column-count:3;-moz-column-count:2;-webkit-column-count:2">
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''  "Status, ODB, Messages, ELog, Alarms, Programs, History, Sequencer, Chat, Config, Help"
</div>
This key in the [[#top|/Experiment tree]]
is added automatically by '''[[mhttpd]]''' to allow the Menu buttons that appear on the '''[[mhttpd|Main Status Page]]''' to be customized by
removing unnecessary buttons or by changing their order.
The Start/Stop/Pause/Resume buttons are not now included in  <span style="color: purple;">''Menu Buttons''</span>.
* To suppress/display the Start/Stop buttons use key [[#Start-Stop Buttons|Start-Stop Buttons]].
* To display/suppress the Pause/Resume buttons, use key [[#Pause-Resume Buttons|Pause-Resume Buttons]].
; Note
:If [[MSCB Page#MIDAS with MSCB support|MSCB support]] is built into MIDAS, the default will also include the MSCB Menu button (see [[MSCB Page]]).
<br>
--------
<br>
=== <span style="color: purple;">''Mongoose listening_port''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''  "8080r,8443s"
</div>
<br>
:This key in the [[#top|/Experiment tree]] existed for a short time in midas versions May-August 2015.
: It has been '''replaced by the ODB keys [[#midas http port|midas http port]] and [[#midas https port|midas https port]].'''
<br>
<span style="font-size:80%">
This key in the [[#top|/Experiment tree]] was created when [[mhttpd]] was run for the first time. It contained the listening ports for the secure
HTTPS/SSL server ([https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose]). The ports are the HTTP port (default 8080) which is to be redirected to the secure HTTPS port (default 8443).
If ports were supplied with the "--mg" option when starting  {{Utility|name=mhttpd}}, their values will overwrite the default values stored in this key. See [[mhttpd]] for details.
</span>
<br>
--------
<br>
=== <span style="color: purple;">''Mongoose access_control_list''</span>  ===
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''  ""
</div>
<br>
:This key in the [[#top|/Experiment tree]] existed for a short time in midas versions May-August 2015.
:'''Use the [[#mhttpd hosts subtree|mhttpd hosts/Allowed hosts]] access control list or the [[mhttpd]] "-a hostname" parameter to restrict access.'''
<br>
<span style="font-size:80%">
This key in the [[#top|/Experiment tree]] is created when [[mhttpd]] is run for the first time. It contains the access control list (ACL) for the [https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/?at=develop Mongoose] web server.  By default, this key is empty and there is no access control.  The format of the ACL is described under access_control_list at [https://bitbucket.org/tmidas/midas/src/ecb9a8537448a8a43f7f9a2bfdb82e578208cde3/doc/mongoose/Options.md?at=develop Mongoose Configuration Options].
</span>
<br>
--------
<br>
=== <span style="font-size:120%; font-style:bold">The following keys in the /Experiment/Security subdirectory are OBSOLETE - replaced by the [[Security|security features]] added Aug 2015</span> ===
==== <span style="color: purple;">''Password ''</span> ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''   
* '''Default:'''   
</div>
;Notes
<ol>
<li>This feature pre-dates the improved [[Security]] features (August 2015)</li>
<li> Do not set this key except through the {{Odbedit cmd|cmd=passwd}}. Setting an unencrypted password will lock you out of the ODB unless {{Utility|name=odbedit}} is listed in the [[#Allowed programs subtree|allowed programs subtree]].</li>
<li>This security feature is not proof against malicious access. See [[Security]] for details.</li>
</ol>
This optional key in the [[#Security|/Experiment/Security subtree]]
contains the encrypted password. This Key is created when the {{Odbedit cmd|cmd=passwd}} is issued. See [[Security#Restrict user access|Restrict user access]] for details.
<br>
--------
<br>
==== <span style="color: purple;">''Allowed Hosts''</span> subtree ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' DIR
</div>
;Notes
* This subtree pre-dates the improved [[Security]] features (August 2015) and is not to be confused with  [[#RPC hosts subtree|RPC hosts/Allowed hosts]] array.
* This security feature is not proof against malicious access. See [[Security]] for details.
This subtree in the  [[#Security|/Experiment/Security subtree]] is created when the {{Odbedit cmd|cmd=passwd}} is issued. When created, this subtree is empty.
Optionally, it may contain  user-defined names of remote hosts allowed to have free access (i.e. without password) to the current experiment.
<br>
--------
<br>
==== <span style="color: purple;">''Allowed programs ''</span> subtree ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' DIR
</div>
</div>
This key has been added for the use of the [[mserver]] version (in git branch "feature/rpcsecurity" &  still being tested as of Aug 2015) that aims to improve network security for the MIDAS experiment.  
 
Currently, the default access control list is empty, meaning that everybody is permitted access. The default will be changed to "localhost", which will reject all external connections, even when permitted by [[#Enable external RPC connections|Enable external RPC connections]].  The user will be required to enter the names of all machines that will run midas clients in
;Notes
this key. See [https://midas.triumf.ca/elog/Midas/1080].
* This subtree pre-dates the improved [[Security]] features (August 2015)
* This feature is not proof against malicious access. See [[Security]] for details.
 
 
This optional subtree  in the  [[#Security|/Experiment/Security subtree]] is created when the {{Odbedit cmd|cmd=passwd}} is issued. When created, this subtree is empty.
Optionally, it may contain user-defined names of clients allowed to have free access (i.e. without password) to the current experiment. See [[Security #Allowed programs]].


<br>
<br>
Line 552: Line 756:
<br>
<br>


==== <span style="color: purple;">''Rpc ports/<frontend-client-name>''</span> ====
==== <span style="color: purple;">''Web Password''</span> ====
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
<div style="column-count:3;-moz-column-count:3;-webkit-column-count:3">
* '''Type:''' STRING
* '''Type:''' STRING
* '''Status: OBSOLETE'''
* '''Default:'''   
* '''Default:'''   
</div>
</div>  
 
;Notes
* This key pre-dates (and has been superceded by)  the improved [[Security]] features (August 2015)
* This feature is not proof against malicious access. See [[Security]] for details.
 


This key will be for use with the [[mserver]] version (in git branch "feature/rpcsecurity" &  still being tested as of Aug 2015) that aims to improve network security for the MIDAS experiment.  
If [[Security#Restrict user access|restriction on user web access]] has been set up, this key in the [[#Security|/Experiment/Security subtree]]
This key has been added to fix the TCP port numbers for MIDAS programs, e.g.
will contain an encrypted password for Web server access. This key is created by using the {{Odbedit cmd|cmd=webpasswd}}.
{{Odbpath|path=/Experiment/Security/Rpc ports/fename}} = (int)5555


Once a remote [[Frontend Operation|frontend]] is bound to a fixed port, appropriate openings can be made in the firewall, etc. Default port number value
If this key is present, the user will be requested to provide the "Web Password" when accessing the requested experiment in "Write Access" mode. The "Read Only Access" mode is still available (without a password) to all users.
will be 0 meaning "use random port", same as now. See [https://midas.triumf.ca/elog/Midas/1079].




Line 570: Line 778:
<br>
<br>


</div> <!-- obsolete ..  silver -->
[[Category:ODB Tree]] [[Category:Experiment]] [[Category:Security]]
[[Category:ODB Tree]] [[Category:Experiment]] [[Category:Security]]

Latest revision as of 16:39, 4 March 2021


Links

Creating the /Experiment tree

The /Experiment ODB tree is created automatically when the ODB is first created.

Purpose

The /Experiment ODB tree contains information relevent to the experiment. Other optional keys are added by mhttpd or by the user to customize their experiment.


Examples

When initially created, the /Experiment tree contains the following keys:

[local:midas:S]/>ls -lrt /experiment
Key name                        Type    #Val  Size  Last Opn Mode Value
---------------------------------------------------------------------------
Experiment                      DIR
   Name                         STRING  1     32    14s  0   RWD  midas
   Buffer sizes                 DIR
       SYSMSG                   DWORD   1     4     11h  0   RWD  100000
   Security                     DIR
       Enable non-localhost RPC BOOL    1     4     46s  0   RWD  n
       RPC ports                DIR
          ODBEdit               DWORD   1     4     38m  0   RWD  0
       RPC hosts                DIR
          Allowed hosts         STRING  10    256   38m  3   RWD
                                        [0]             localhost
                                        [1]
                                        [2]
                                        [3]
                                        [4]
                                        [5]
                                        [6]
                                        [7]
                                        [8]
                                        [9]
       Disable RPC hosts check  BOOL    1     4     46s  0   RWD  n


The following example shows the /Experiment tree for a typical experiment:

[local:midas:R]/>ls -lrt /experiment
Key name                        Type    #Val  Size  Last Opn Mode Value
---------------------------------------------------------------------------
Experiment                      DIR
   Name                         STRING  1     32    7s   0   RWD  midas
   Buffer sizes                 DIR
       SYSMSG                   DWORD   1     4     23h  0   RWD  100000
       SYSTEM                   DWORD   1     4     23h  0   RWD  640000000
       BUF0                     DWORD   1     4     23h  0   RWD  80000000
       BUF1                     DWORD   1     4     23h  0   RWD  80000000
       .......    other user-defined buffers not shown  
   Security                     DIR
       Enable non-localhost RPC BOOL    1     4     38m  0   RWD  n
       RPC ports                DIR
           ODBEdit              DWORD   1     4     38m  0   RWD  0
           Logger               DWORD   1     4     35m  0   RWD  0
           mhttpd               DWORD   1     4     23m  0   RWD  0
       RPC hosts                DIR
           Allowed hosts        STRING  10    256   38m  3   RWD
                                        [0]             localhost
                                        [1]
                                        [2]
                                        [3]
                                        [4]
                                        [5]
                                        [6]
                                        [7]
                                        [8]
                                        [9]
       Disable RPC hosts check  BOOL    1     4     38m  0   RWD  n
   Start-Stop Buttons           BOOL    1     4     8h   0   RWD  y
   Pause-Resume Buttons         BOOL    1     4     8h   0   RWD  n
  Status items                DIR
       Experiment Name -> /Experiment/Name
   MAX_EVENT_SIZE               DWORD   1     4     23h  0   RWD  4194304
   Midas server port            DWORD   1     4     3m   0   RWD  1175
   Transition debug flag        INT     1     4     23h  0   RWD  0
   Transition connect timeout   INT     1     4     23h  0   RWD  10000
   Transition timeout           INT     1     4     23h  0   RWD  120000
   edit on start                DIR
       experiment number        DWORD   1     4     2h   0   RWD  9499
       field                    STRING  1     32    2h   0   RWD  19000.2(0.0)G
       comment-> /Experiment/run parameters/comment
                                STRING  1     80    2h   0   RWD  Testing with low beam
       Number of channels -> /Run Parameters/number of channels
                                DWORD   1     4     2h   0   RWD  20
       Write Data -> /Logger/Write data
                                BOOL    1     4     2h   0   RWD  n
       Number of cycles -> /Equipment/FIFO_acq/frontend/hardware/num cycles
                                DWORD   1     4     2h   0   RWD  0
   Parameter Comments           DIR                   
       field                    STRING  1     32    >99d 0   RWD  Entered in Tesla unit
       Num cycles               STRING  1     80    >99d 0   RWD  Stop run after num cycles is reached. Enter 0 to disable (free running)
   Run Parameters               DIR
       Comment                  STRING  1     80    2h   0   RWD  Testing with low beam
       Run Description          STRING  1     256   7h   0   RWD  Sequencer Tests
       Number of channels       DWORD   1     4     2h   0   RWD  20
   Lock when running            DIR
       Num channels -> /Run Parameters/number of channels
                                DWORD   1     4     2h   0   RWD  20
   edit on sequence             DIR
       title                    STRING  1     128   2h   0   RWD  none
       experiment number        DWORD   1     4     2h   0   RWD  9438
       experimenter             STRING  1     32    2h   0   RWD  gls
       sample                   STRING  1     36    2h   0   RWD  NA
       run description -> /Experiment/run parameters/run description
                                STRING  1     256   7h   0   RWD  Sequencer Tests
       Write Data -> /Logger/Write data
                                BOOL    1     4     2h   0   RWD  n
       Number of cycles -> /Equipment/FIFO_acq/frontend/hardware/num cycles
                                DWORD   1     4     2h   0   RWD  0
   Prevent start on alarms      BOOL    1     4     22h  0   RWD  n
   Prevent start on required    BOOL    1     4     22h  0   RWD  n
   Status items                 DIR
       Experiment Name -> /Experiment/Name
                                STRING  1     32    7s   0   RWD  midas
   Start-Stop Buttons           BOOL    1     4     5h   0   RWD  y
   Pause-Resume Buttons         BOOL    1     4     5h   0   RWD  n



Keys in /Experiment tree

The keys in the ODB /Experiment tree are described in the following sections.

Name

  • Type: STRING
  • Default:

This key in the /Experiment tree contains the name of the experiment. It is created by the MIDAS system when the ODB is created.




Buffer Sizes subtree

  • Type: DIR

This key in the /Experiment tree is a subtree to contain the sizes of the Midas Buffers for the experiment. Created by the MIDAS system with default values. The sizes can be changed to optimize the memory usage. See Event Buffer Size(s) for details. Other user-defined buffers may be present (e.g. for event filtering).



SYSMSG

  • Type: DWORD
  • Default: 100000 Bytes

This key in the /Experiment/Buffer Sizes subtree contains the size of SYSMSG buffer. This buffer is used for MIDAS messages. The default value of this key is defined by MESSAGE_BUFFER_SIZE in $MIDASSYS/include/msystem.h .




SYSTEM

  • Type: DWORD
  • Default: 32MiBytes

This key in the /Experiment/Buffer Sizes subtree contains the size of SYSTEM buffer. The default value of this key is DEFAULT_BUFFER_SIZE = 32 MiB (defined in midas.h). The actual SYSTEM buffer size is set by this key. To increase the SYSTEM buffer size (e.g. for very large events), see Event Buffer.



MAX_EVENT_SIZE

  • Type: DWORD
  • Default: 4MiBytes

This key in the /Experiment tree specifies the maximum event size that can be acquired. The default value of this key is DEFAULT_MAX_EVENT_SIZE = 4 MiB (defined in midas.h). The actual maximum event size is set by this key, and can be increased for larger events if needed (see Event Buffer for more information).





midas server port

  • Type: DWORD
  • Default: 1175

This key is created when mserver is started for the first time. It contains the default value of the port used by mserver. This is set to MIDAS_TCP_PORT = 1175 ( midas.h). A different port can be used by starting mserver with the -p argument.

NOTE
This key was added in May 2015 (see Security).





Start-Stop Buttons

  • Type: BOOL
  • Default: y

This key in the /Experiment tree is added automatically by mhttpd to allow the user to suppress the Start or Stop buttons from appearing on the Status Page. By default, Start/Stop buttons are shown.





Pause-Resume Buttons

  • Type: BOOL
  • Default: (no default, must be manually created)

This key in the /Experiment tree can be created and set to "n" to hide the Pause/Resume buttons on the Status Page (so that only Start/Stop buttons will be visible). If the key doesn't exist, or is set to "y", the Pause/Resume buttons will be shown.





Transition debug flag

  • Type: INT
  • Default: 0

This key in the /Experiment tree contains a flag that, if set to 1, causes messages reporting transition progress to be output.




Transition connect timeout

  • Type: INT
  • Default: 10000

This key in the /Experiment tree contains the value of timeout for remote rpc connect




Transition timeout

  • Type: INT
  • Default: 120000

This key in the /Experiment tree contains the value of timeout for transition



Prevent start on alarms

  • Type: BOOL
  • Default: "n"

This key in the /Experiment tree if set true will prevent the run from starting if an alarm is true, i.e. the run start procedure will fail if an alarm has been Triggered for a client, provided a valid alarms class has been entered in the client's Alarm class key.





Prevent start on required program

  • Type: BOOL
  • Default: "n"

This key in the /Experiment tree if set true ("y") will prevent the run from starting if one of the required clients is not running. A client is flagged as "required" by setting the ODB key Required to "y".





Edit on Sequence subtree

  • Type: DIR

This optional subdirectory in the /Experiment tree may contain user-defined parameters which will be displayed for editing at the start of each Sequence. See Edit-on-Sequence Parameters for details.




Edit on Start subtree

  • Type: DIR

This optional subdirectory in the /Experiment tree may contain user-defined parameters which will be displayed for editing at the beginning of each run. See Edit-on-start Parameters for details.




Lock when running subtree

  • Type: DIR

This optional subdirectory in the /Experiment tree contains user-defined links to ODB parameters to prevent them being changed when the run is in progress. See Lock when running for details.




Parameter Comments subtree

  • Type: DIR

This optional subdirectory in the /Experiment tree may contain user-defined parameter comments that give more information about the Edit-on-start Parameters. See creating parameter comments for details.




Run Parameters subtree

  • Type: DIR

This optional subdirectory in the /Experiment tree may contain user-defined parameters or parameter(s) with reserved names (i.e. Run Description).




Run Description

  • Type: STRING
  • Default:

This ODB key is used by the Sequencer RUNDESCRIPTION command to store the run description.





<parameter name>

  • Type: STRING
  • Default:

The user may define parameters here e.g. for linking as Edit-on-start or Edit-on-Sequence parameters.





Status items subtree

  • Type: DIR

NOTE: This key in the /Experiment tree is a subtree which by default (Hmmm no!) contains a link to the experiment name. Any links or keys created by the user in this optional subdirectory will be displayed on the mhttpd main status page.

This subtree may not be present by default. In order to make any ODB parameters visible in the status page, create first the subtree and a link to the experiment name inside this newly subtree such as:

cd /experiment
mkdir "Status items"
cd "Status items"
ln /experiment/name "Experiment Name"

Any following link to any ODB parameters will be displayed in the status page above the Equipment list.



Security subtree

  • Type: DIR

This optional subtree in the /Experiment tree is created when the odbedit commands passwd or webpasswd are issued. It enables a user to set up security features. See Security.




Disable RPC hosts check

  • Type: BOOL
  • Default: "n"


Setting the key to "n" (the default) causes access by unauthorized hosts to be prevented by the system checking the RPC access control list (see RPC hosts/Allowed hosts).

If MIDAS clients have to connect from random hosts (i.e. dynamically assigned random DHCP addresses), one can disable the host name checks by setting this key to "y". This configuration is insecure and should only be done on a private network behind a firewall. See Note 1080.

NOTE
This key was added August 2015. Used by mserver to improve network Security for the MIDAS experiment.




Enable non-localhost RPC

  • Type: BOOL
  • Default: "n"

The default value of this key is "n", denying access by external network connections. If running an experiment that requires external network connections, this key must be set to "y" and the key RPC hosts must be filled. See Note 1080.

NOTE
This key was added August 2015. Used by mserver to improve network Security for the MIDAS experiment.




RPC ports subtree

  • Type: DIR

This subtree in the /Experiment/Security subtree is new as of August 2015. It is created by the MIDAS system. It is part of the improved security features of MIDAS (See Security). This subdirectory contains the names of MIDAS clients and their fixed TCP port numbers. When a client is started for the first time, an entry named for the client will be created in this subtree.



<client-name>
  • Type: STRING
  • Default: 0


When a MIDAS client is started, a key will be created named for that client. It will contain the fixed TCP port number that the MIDAS client is using. Clients started on the local host will have TCP port numbers of 0 (default).

Once a remote frontend is bound to a fixed port, appropriate openings can be made in the firewall, etc. Default port number value will be 0 meaning "use random port", same as now. See [1].

NOTE
This feature was added August 2015. It is part of the improved security features of MIDAS (See Security).




RPC hosts subtree

  • Type: DIR

This subtree in the /Experiment/Security subtree is new as of August 2015. It is created by the MIDAS system. It is part of the improved security features of MIDAS (See Security).



Allowed hosts
  • Type: STRING array
  • Default: "localhost"

This key in the /Experiment/Security/RPC hosts subtree is new as of August 2015 and is created by the system (i.e. midas.c).

It is part of the improved security features of MIDAS (See Security) and is used to maintain a Network Access Control list. The access control list array is self-growing - it will have at least 10 empty entries at the end at all times.

The default value for Allowed hosts[0] is "localhost", which will reject all external connections, even when permitted by Enable external RPC connections. The user will be required to enter the names of all machines that will run midas clients in this array. See [2].

All clients' db_watch() routines watch the access control list and automatically reload it when it is changed, so there is no need to restart clients.





The following keys in the /Experiment tree are OBSOLETE:

midas http port

  • Type: INT
  • Status: OBSOLETE
  • Default: 8080

This key in the /Experiment tree is created when mhttpd is run for the first time. It contains the listening port for the HTTP server (default 8080). This will be redirected to the secure HTTPS port given by midas https port if the key http redirect to https is set to "y".

If the http port are supplied with the "--http" option when starting mhttpd, the port supplied will overwrite the default value stored in this key. See mhttpd for details.

NOTE
This Security feature was added to mhttpd in August 2015
As of March 2020, this key has been deprecated in favour of the Webserver ODB tree.




midas https port

  • Type: INT
  • Status: OBSOLETE
  • Default: 8443

This key in the /Experiment tree is created when mhttpd is run for the first time. It contains the listening port (default 8443) for the secure HTTPS/SSL server (Mongoose).

If the https port is supplied with the "--https" option when starting mhttpd, the port supplied will overwrite the default value stored in this key. See mhttpd for details.

NOTE
This Security feature was added to mhttpd in August 2015
As of March 2020, this key has been deprecated in favour of the Webserver ODB tree.




http redirect to https

  • Type: BOOL
  • Status: OBSOLETE
  • Default: y

This key in the /Experiment tree is created when mhttpd is run for the first time. If set to "y", connections to the http port (specified by the key midas http port will be redirected to hte https port (specified by the key midas https port, i.e. the listening port for the secure HTTPS/SSL server (Mongoose).


NOTE
This Security feature was added to mhttpd in August 2015
As of March 2020, this key has been deprecated in favour of the Webserver ODB tree.




mhttpd hosts subtree

  • Type: DIR
  • Status: OBSOLETE

This subtree in the /Experiment/Security subtree is new as of August 2015. It is created by the MIDAS system. It is part of the improved security features of MIDAS (See Security).

NOTE
As of March 2020, this key has been deprecated in favour of the Webserver ODB tree.




Allowed hosts
  • Type: STRING array
  • Status: OBSOLETE
  • Default: "localhost"

This key in the /Experiment/Security/mhttpd hosts subtree is new as of August 2015 and is created by the system (i.e. midas.c).

It is part of the improved security features of MIDAS (See Security) and is used to maintain an access control list for mhttpd. An empty list means free access from everywhere. Access control is also controlled by the mhttpd "-a" command line arguments. Hosts supplied by the "-a" command line arguments are not added to the access control list by the system.

The access control list is watched by mhttpd, therefore there is no need to restart it after updating the list.

NOTE
As of March 2020, this key has been deprecated in favour of the Webserver ODB tree.





CSS File

  • Type: STRING
  • Status: OBSOLETE
  • Default: "mhttpd.css"

This key in the /Experiment tree contains the name of the MIDAS stylesheet file for the use of those writing Custom Web Pages.


NOTE
Serving resource file is now done differently. See serving MIDAS resource file. Also mhttpd.css has be replaced by midas.css.





JS File

  • Type: STRING
  • Status: OBSOLETE
  • Default: "mhttpd.js"

This key in the /Experiment tree contains the name of the Javascript library file for the use of those writing Custom Web Pages.

NOTE
Serving resource file is now done differently. See serving MIDAS resource files.





Menu Buttons

  • Type: STRING
  • Status: OBSOLETE
  • Default: "Status, ODB, Messages, ELog, Alarms, Programs, History, Sequencer, Chat, Config, Help"

This key in the /Experiment tree is added automatically by mhttpd to allow the Menu buttons that appear on the Main Status Page to be customized by removing unnecessary buttons or by changing their order.

The Start/Stop/Pause/Resume buttons are not now included in Menu Buttons.


Note
If MSCB support is built into MIDAS, the default will also include the MSCB Menu button (see MSCB Page).




Mongoose listening_port

  • Type: STRING
  • Status: OBSOLETE
  • Default: "8080r,8443s"


This key in the /Experiment tree existed for a short time in midas versions May-August 2015.
It has been replaced by the ODB keys midas http port and midas https port.


This key in the /Experiment tree was created when mhttpd was run for the first time. It contained the listening ports for the secure HTTPS/SSL server (Mongoose). The ports are the HTTP port (default 8080) which is to be redirected to the secure HTTPS port (default 8443). If ports were supplied with the "--mg" option when starting mhttpd, their values will overwrite the default values stored in this key. See mhttpd for details.



Mongoose access_control_list

  • Type: STRING
  • Status: OBSOLETE
  • Default: ""


This key in the /Experiment tree existed for a short time in midas versions May-August 2015.
Use the mhttpd hosts/Allowed hosts access control list or the mhttpd "-a hostname" parameter to restrict access.


This key in the /Experiment tree is created when mhttpd is run for the first time. It contains the access control list (ACL) for the Mongoose web server. By default, this key is empty and there is no access control. The format of the ACL is described under access_control_list at Mongoose Configuration Options.




The following keys in the /Experiment/Security subdirectory are OBSOLETE - replaced by the security features added Aug 2015

Password

  • Type: STRING
  • Status: OBSOLETE
  • Default:
Notes
  1. This feature pre-dates the improved Security features (August 2015)
  2. Do not set this key except through the odbedit command passwd. Setting an unencrypted password will lock you out of the ODB unless odbedit is listed in the allowed programs subtree.
  3. This security feature is not proof against malicious access. See Security for details.

This optional key in the /Experiment/Security subtree contains the encrypted password. This Key is created when the odbedit command passwd is issued. See Restrict user access for details.




Allowed Hosts subtree

  • Type: DIR
Notes
  • This subtree pre-dates the improved Security features (August 2015) and is not to be confused with RPC hosts/Allowed hosts array.
  • This security feature is not proof against malicious access. See Security for details.


This subtree in the /Experiment/Security subtree is created when the odbedit command passwd is issued. When created, this subtree is empty. Optionally, it may contain user-defined names of remote hosts allowed to have free access (i.e. without password) to the current experiment.




Allowed programs subtree

  • Type: DIR
Notes
  • This subtree pre-dates the improved Security features (August 2015)
  • This feature is not proof against malicious access. See Security for details.


This optional subtree in the /Experiment/Security subtree is created when the odbedit command passwd is issued. When created, this subtree is empty. Optionally, it may contain user-defined names of clients allowed to have free access (i.e. without password) to the current experiment. See Security #Allowed programs.




Web Password

  • Type: STRING
  • Status: OBSOLETE
  • Default:
Notes
  • This key pre-dates (and has been superceded by) the improved Security features (August 2015)
  • This feature is not proof against malicious access. See Security for details.


If restriction on user web access has been set up, this key in the /Experiment/Security subtree will contain an encrypted password for Web server access. This key is created by using the odbedit command webpasswd.

If this key is present, the user will be requested to provide the "Web Password" when accessing the requested experiment in "Write Access" mode. The "Read Only Access" mode is still available (without a password) to all users.