openc3 7.1.1 → 7.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 719b55747a7004cc44da1976c3f15eec6c67a3fca702b56792862f59f02cb8b5
-  data.tar.gz: c80082e75c059dac71d15a56264cba9c968f82c494e564e33b598c75ac01a6c2
+  metadata.gz: 90e17f6bf28158ea786646171220e3c23aca07cce30559b3e64a29f83dabb50d
+  data.tar.gz: 9a13e73273ba67e7d6003a9578a34a8b1c0abadea3b8d4d369f1fd3803a4f0ec
 SHA512:
-  metadata.gz: 5b3c1ca82717f1debd25ab4a6ac0239aa9baee2b5f736f61b7f52103397b608ab3de8fd0d50e10f0a4481b507b2a519987a4c4c68f7d0f3770cd48f3e165b8eb
-  data.tar.gz: d2bc96742a2555be7c8149dd728155a76ba7c1a16474eb26a36388bdedaacc1fba9c447ab373beebd8fd58ac81248541531de1a163bc156be195c76e34b515f2
+  metadata.gz: eec5ccdb945747570717e5f60f9a89158d500d994f1fa5e6ebc81ed8bb263229950f10e1f277e0c68bf5d9fb531f3470354d45fda2164f7608c9ad22413b2022
+  data.tar.gz: a32f7675eacf6b41b345a4b5ae554292db011499d12a9e5e65173c514e5fac7e66da3bacea7ad5cf9a3738fcb96e3a82009997993fc70722d4a9ba4edd236261

data/data/config/command_modifiers.yaml

@@ -417,12 +417,12 @@ VALIDATOR:
                 return [False, "TGT PKT ITEM is 0"]
             self.cmd_acpt_cnt = tlm("INST HEALTH_STATUS CMD_ACPT_CNT")
             # Return true to indicate Success, false to indicate Failure,
-            # and nil to indicate Unknown. The second value is the optional message.
+            # and None to indicate Unknown. The second value is the optional message.
             return [True, None]
 
         def post_check(self, command):
             wait_check(f"INST HEALTH_STATUS CMD_ACPT_CNT > {self.cmd_acpt_cnt}", 10)
             # Return true to indicate Success, false to indicate Failure,
-            # and nil to indicate Unknown. The second value is the optional message.
+            # and None to indicate Unknown. The second value is the optional message.
             return [True, None]
   since: 5.19.0

data/data/config/item_modifiers.yaml

@@ -111,20 +111,27 @@ CONVERTED_DATA:
       values: \d+
 LIMITS:
   summary: Defines a set of limits for a telemetry item
-  description: If limits are violated a message is printed in the Command and Telemetry Server
+  description: |
+    If limits are violated a message is printed in the Command and Telemetry Server
     to indicate an item went out of limits. Other tools also use this information
     to update displays with different colored telemetry items or other useful information.
     The concept of "limits sets" is defined to allow for different limits values
     in different environments. For example, you might want tighter or looser limits
     on telemetry if your environment changes such as during thermal vacuum testing.
+
+    A DEFAULT limits set is required for every telemetry item with limits. If you
+    define additional named sets (e.g. TVAC), the DEFAULT set must be defined first.
+    Attempting to define a named set before DEFAULT will raise an error of the form
+    "DEFAULT limits set must be defined for TARGET PACKET ITEM before setting limits set NAME".
   example: |
     LIMITS DEFAULT 3 ENABLED -80.0 -70.0 60.0 80.0 -20.0 20.0
     LIMITS TVAC 3 ENABLED -80.0 -30.0 30.0 80.0
   parameters:
     - name: Limits Set
       required: true
-      description: Name of the limits set. If you have no unique limits sets use
-        the keyword DEFAULT.
+      description: Name of the limits set. A DEFAULT set is required and must be
+        defined before any other named sets for this item. If you have no unique
+        limits sets use the keyword DEFAULT.
       values: .+
     - name: Persistence
       required: true

data/lib/openc3/api/tlm_api.rb

@@ -457,6 +457,12 @@ module OpenC3
     alias subscribe_packet subscribe_packets
 
     # Get packets based on ID returned from subscribe_packet.
+    # Packets are ordered within each subscribed packet stream (target/packet pair)
+    # but are NOT interleaved by time across streams. If chronological order across
+    # streams is required, sort the returned array by the 'time' field. Sorting only
+    # orders the current batch - packets across separate get_packets calls may still
+    # arrive out of order, so subscribers needing global ordering must buffer and merge
+    # across calls.
     # @param id [String] ID returned from subscribe_packets or last call to get_packets
     # @param block [Integer] Unused - Blocking must be implemented at the client
     # @param count [Integer] Maximum number of packets to return from EACH packet stream

data/lib/openc3/microservices/microservice.rb

@@ -155,11 +155,26 @@ module OpenC3
 
         prefix = "#{@scope}/microservices/#{@name}/"
         file_count = 0
-        client.list_objects(bucket: bucket, prefix: prefix).each do |object|
-          response_target = OpenC3.sanitize_path(File.join(@temp_dir, object.key.split(prefix)[-1]))
-          FileUtils.mkdir_p(File.dirname(response_target))
-          client.get_object(bucket: bucket, key: object.key, path: response_target)
-          file_count += 1
+        # Tolerate transient object store failures during startup. On a busy or
+        # underpowered cluster the bucket store (e.g. MinIO) can be briefly
+        # unreachable while many microservices start at once. Rather than crash
+        # and CrashLoopBackOff (which can outlast deploy timeouts), retry for a
+        # bounded time before giving up.
+        startup_timeout = (ENV['OPENC3_MICROSERVICE_STARTUP_BUCKET_TIMEOUT'] || 60).to_f
+        startup_deadline = Time.now + startup_timeout
+        begin
+          file_count = 0
+          client.list_objects(bucket: bucket, prefix: prefix).each do |object|
+            response_target = OpenC3.sanitize_path(File.join(@temp_dir, object.key.split(prefix)[-1]))
+            FileUtils.mkdir_p(File.dirname(response_target))
+            client.get_object(bucket: bucket, key: object.key, path: response_target)
+            file_count += 1
+          end
+        rescue => error
+          raise if Time.now >= startup_deadline
+          @logger.warn("Microservice #{@name} startup: bucket access failed (#{error.class}: #{error.message}); retrying for up to #{startup_timeout.to_i}s")
+          sleep(5)
+          retry
         end
 
         # Adjust @work_dir to microservice files downloaded if files and a relative path

data/lib/openc3/operators/operator.rb

@@ -238,6 +238,11 @@ module OpenC3
 
       OperatorProcess.setup()
       @cycle_time = (ENV['OPERATOR_CYCLE_TIME'] and ENV['OPERATOR_CYCLE_TIME'].to_f) || CYCLE_TIME # time in seconds
+      # Maximum number of new microservices to start per cycle. This spreads a
+      # large startup burst (e.g. installing a plugin with many targets) across
+      # multiple cycles so the shared services (object store, redis) aren't
+      # stampeded by every microservice connecting at once. 0 = no limit.
+      @max_start_per_cycle = (ENV['OPENC3_OPERATOR_MAX_START_PER_CYCLE'] || 5).to_i
 
       @ruby_process_name = ENV['OPENC3_RUBY']
       if RUBY_ENGINE != 'ruby'
@@ -262,10 +267,17 @@ module OpenC3
     def start_new
       @mutex.synchronize do
         if @new_processes.length > 0
-          # Start all the processes
-          Logger.info("#{self.class} starting each new process...")
-          @new_processes.each { |_name, p| p.start }
-          @new_processes = {}
+          # Start at most @max_start_per_cycle processes this cycle; any
+          # remaining stay queued in @new_processes and start on later cycles.
+          # This avoids a startup stampede when many microservices appear at
+          # once (e.g. a plugin install) overwhelming the object store / redis.
+          start_names = @new_processes.keys
+          start_names = start_names[0...@max_start_per_cycle] if @max_start_per_cycle > 0
+          Logger.info("#{self.class} starting #{start_names.length} of #{@new_processes.length} new process(es)...")
+          start_names.each do |name|
+            @new_processes[name].start
+            @new_processes.delete(name)
+          end
         end
       end
     end
@@ -273,12 +285,22 @@ module OpenC3
     def respawn_changed
       @mutex.synchronize do
         if @changed_processes.length > 0
-          Logger.info("Cycling #{@changed_processes.length} changed microservices...")
-          shutdown_processes(@changed_processes)
+          # Cycle at most @max_start_per_cycle changed microservices this cycle;
+          # any remaining stay queued in @changed_processes and are cycled on
+          # later cycles. This avoids a restart stampede when many microservices
+          # change at once (e.g. a configmap change) overwhelming shared
+          # services. Processes not yet cycled keep running until their turn.
+          cycle_names = @changed_processes.keys
+          cycle_names = cycle_names[0...@max_start_per_cycle] if @max_start_per_cycle > 0
+          cycle = @changed_processes.slice(*cycle_names)
+          Logger.info("Cycling #{cycle.length} of #{@changed_processes.length} changed microservices...")
+          shutdown_processes(cycle)
           break if @shutdown
 
-          @changed_processes.each { |_name, p| p.start }
-          @changed_processes = {}
+          cycle_names.each do |name|
+            @changed_processes[name].start
+            @changed_processes.delete(name)
+          end
         end
       end
     end
@@ -295,8 +317,11 @@ module OpenC3
 
     def respawn_dead
       @mutex.synchronize do
-        @processes.each do |_name, p|
+        @processes.each do |name, p|
           break if @shutdown
+          # Skip processes still queued by the per-cycle start limit; they
+          # haven't been started yet so they aren't "dead" to be respawned.
+          next if @new_processes[name]
           p.output_increment
           unless p.alive?
             # Respawn process

data/lib/openc3/packets/packet_config.rb

@@ -437,12 +437,25 @@ module OpenC3
       if packet.id_items.length > 0
         key = []
         id_signature = ""
-        # Accessor class is part of the signature so packets in the same target
-        # with different accessors trigger unique_id_mode (different accessors
-        # decode the buffer differently, so the hash-lookup path is unsafe).
+        # Accessor class AND args are part of the signature so packets in the
+        # same target with different accessors -- or the same accessor class
+        # configured with different args -- trigger unique_id_mode. Different
+        # accessors (or same accessor, different args) decode the buffer
+        # differently, so the shared hash-lookup path is unsafe.
         packet.id_items.each do |item|
           key << item.id_value
-          id_signature << "__#{item.key}__#{item.bit_offset}__#{item.bit_size}__#{item.data_type}__#{packet.accessor.class.to_s}"
+          id_signature << "__#{item.key}__#{item.bit_offset}__#{item.bit_size}__#{item.data_type}__#{packet.accessor.class.to_s}__#{packet.accessor.args.inspect}"
+          # STRUCTURE-derived id_items are decoded by the parent's structure
+          # accessor (see Accessor#read_item), so include that accessor's class
+          # and args in the signature too.
+          if item.parent_item
+            parent = packet.get_item(item.parent_item)
+            structure = parent.structure
+            if structure
+              structure_accessor = structure.accessor
+              id_signature << "__#{structure_accessor.class.to_s}__#{structure_accessor.args.inspect}"
+            end
+          end
         end
         target_id_value_hash[key] = packet
         target_id_signature = id_signature_hash[packet.target_name]

data/lib/openc3/script/suite.rb

@@ -287,7 +287,7 @@ module OpenC3
       # Find all the script methods
       methods = []
       self.instance_methods.each do |method_name|
-        if /^test|^script|op_/.match?(method_name.to_s)
+        if /^test_|^script_|^op_/.match?(method_name.to_s)
           methods << method_name.to_s
         end
       end

data/lib/openc3/script/web_socket_api.rb

@@ -91,6 +91,10 @@ module OpenC3
     # Will subscribe to the channel based on @identifier
     def subscribe
       unless @subscribed
+        # Token is part of the identifier so it surfaces as params[:token] in
+        # ApplicationCable::Channel#authenticate_subscription! — ActionCable
+        # ignores `data` on `subscribe` commands.
+        @identifier['token'] = @authentication.token(include_bearer: false)
         json_hash = {}
         json_hash['command'] = 'subscribe'
         json_hash['identifier'] = JSON.generate(@identifier, allow_nan: true)
@@ -128,7 +132,7 @@ module OpenC3
     # Connect to the websocket with authorization in query params
     def connect
       disconnect()
-      final_url = @url + "?scope=#{@scope}&authorization=#{@authentication.get_otp(scope: @scope)}"
+      final_url = @url + "?scope=#{@scope}"
       @stream = WebSocketClientStream.new(final_url, @write_timeout, @read_timeout, @connect_timeout)
       @stream.headers = {
         'Sec-WebSocket-Protocol' => 'actioncable-v1-json, actioncable-unsupported',