Writing Tcl Scripts For Alarm Actions; The Tcl Scripting Environment - Extreme Networks EPICenter Software Installation Manual

Writing Tcl Scripts for Alarm Actions

An EPICenter alarm can call a Tcl function as an alarm action. This Tcl function can be a user-defined
Tcl script that is executed in the EPICenter server.
There is an example script in the
example.tcl
You can access the EPICenter alarm variables for use in your script, as demonstrated in the example
script. These variables are defined in Table 4 on page 132.

The Tcl Scripting Environment

The scripting environment for alarm actions is a fully operational Tcl environment. In this environment,
a Tcl action script can save states across multiple alarms using global variables, access alarm instance
data, access event log data, and access other EPICenter server-side data. In order to protect the
EPICenter server from malicious or erroneous alarm action scripts, the alarm script execution
environment uses the "safe interpreter" ability of the Tcl system.
The safe interpreter is a slave of the main EPICenter server-side Tcl interpreter (master interpreter). The
functions of the safe interpreter are restricted so that it cannot do harm to the overall EPICenter server.
A safe interpreter creates a private "sandbox" in which the alarm action scripts executes. The master
interpreter hides certain functions from the scripts inside the sandbox. The master interpreter performs
some other functions on behalf of the slave interpreter. By performing functions for the slave, the master
has a chance to check to see if the slave's request is valid. If not, the master rejects the slave's request.
The following table summarizes the Tcl commands that are deemed dangerous for use by a Tcl alarm
action script. Some of these commands are removed entirely from the Alarm Tcl environment. Others
are aliases so that the master interpreter can intercept the command call to provide restricted operations.
Table 5: Command Restrictions in EPICenter Tcl Safe Interpreter
Tcl
Command
cd
file
pwd
exec
glob
socket
exit
load
source
EPICenter Software Installation and User Guide
<epicenter_install_dir>/user/alarms
that you can use as a guide to writing a Tcl function for an alarm action.
Hidden Explicit
in Safe Hide by Alias in
Interp EPICenter Master
✔
✔
✔
✔
✔
✔
✔
✔
✔
Description
Not allowed
✔
Only allow: attime, attributes (read-only), dirname, executable,
exists, extension, isdirectory, isfile, join, lstat, mtime,
nativename, owned, pathtype, readable, readlink, rootname,
size, split, stat, tail, type, volume, writable
Not allowed
Not allowed
✔
Full functions
✔
No server-side socket, client socket is opened in async mode;
the opened client socket is placed in nonblocking mode using
the default buffer size; the number of open socket is restricted
Not allowed
Not allowed
✔
Only from standard $tcl_library and user/alarm
directory, and subdirectories
Writing Tcl Scripts for Alarm Actions
directory called
155