Closed kjwoodsISIS closed 8 years ago
Imported from trac issue 295. Created by skn09965 on 2014-02-25T10:53:35, last modified: 2014-03-26T13:42:59
Trac comment by sjb99183 on 2014-02-26 11:01:59:
== Local users == Since security is enforced by the gateway, any user on NDXLARMOR will be able to write to PV with or without the baton.
== Requesting the baton == If the baton is free and two clients request it at the same time, the process needs to be atomic so one gets it and the other’s request is not processed until the baton has been claimed.
If the baton is not free (and not held by the script server) and a client requests it, that client’s id needs to be cached, so if the baton holder relinquishes it, that client gets it rather than some other client who happened to request it while the first was waiting for it to be relinquished.
Multiple simultaneous requests are unlikely so there is no need for a proper queue. Instead, while a request is in progress, we just remember the most recent new request and when the current request succeeds or is rejected, we initiate that request.
In the GUI the user should see who has the baton. If we don’t implement a proper queue, they should also be able to see who, if anyone, is requesting the baton. If not held by the script server, the user can press a button to request it. The user then needs to see what is happening to their request:
If a user gets a request to relinquish the baton, they should be told who is requesting it.
== Grabbing the baton in an Emergency == A variant use-case is to make an emergency request to seize the baton. This should only be available to privileged users (e.g. the instrument scientist himself or support personnel, rather than visiting scientists). In an emergency, you simply request the baton (maybe enter your privileged password) and you get immediate control (the current holder gets no opportunity to refuse your request, the script server loses the baton too).
== Implementation == Implementing this would mean:
Trac comment by skn09965 on 2014-02-28 14:17:24:
'''Note:''' A baton-passing scheme has been implemented in the past at ISIS (e.g. on the old VMS-based control system). While many people seem to like the idea of a baton-passing system, experience shows that few people actually use it. In practice, it may be simpler to limit the use of a baton to the Script Server. In this scheme:
Trac comment by sjb99183 on 2014-03-03 09:42:44:
If only the script server holds the baton then things are much simpler.
There is still a PV that the script server writes to to gain and release the baton and the inst etc IOC still monitors it, but now it would modify access.txt to give write access to everyone (or all registered users) or to restrict it to the script server.
The GUI would just have a label to indicate whether the script server had the baton.
Seizing the baton in an emergency would be a matter of stopping the script server, although we would need to make sure that it always set the PV to release the baton.
Trac comment by skn09965 on 2014-03-20 16:57:19:
Ready for Review
Trac comment by mjc23 on 2014-03-25 13:30:17:
Can we put this in a proper document (wiki or !SharePoint) rather than in the comments of a ticket please?
Done! Content of this ticket placed here: [wiki:BatonPassing Some Ideas for Implementing Baton Passing]
As a support person, I want to investigate the requirements for a baton passing system, so that we have some option available if we decide to implement such a scheme.
'''Acceptance Criteria'''
'''Notes'''