From dda098f6344ddb622ef9dbb43d769a283717f869 Mon Sep 17 00:00:00 2001
From: Serge Bazanski <q3k@q3k.org>
Date: Sat, 28 Sep 2024 10:22:40 +0200
Subject: [PATCH] succd: early refuse unsafe operations

---
 succbone/succd/process.go            |  8 ++++----
 succbone/succd/process_controller.go | 10 ++++++++++
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/succbone/succd/process.go b/succbone/succd/process.go
index 550792b..9e59c90 100644
--- a/succbone/succd/process.go
+++ b/succbone/succd/process.go
@@ -106,21 +106,21 @@ func (d *daemon) processOnce(_ context.Context) error {
 			// Unrealistic result, Pirani probe probably disconnected. Failsafe mode.
 			if !d.safety.failsafe {
 				d.safety.failsafe = true
-				klog.Errorf("Pirani probe seems disconnected; enabling failsafe mode")
+				klog.Errorf("SAFETY: Pirani probe seems disconnected; enabling failsafe mode")
 			}
 		}
 		if d.safety.failsafe && mbar > 1e2 {
 			d.safety.failsafe = false
-			klog.Infof("Pirani probe value (%s) is plausible again; quitting failsafe mode", formatMbar(mbar))
+			klog.Infof("SAFETY: Pirani probe value (%s) is plausible again; quitting failsafe mode", formatMbar(mbar))
 		}
 
 		if !d.safety.highPressure && mbar >= 1e-1 {
 			d.safety.highPressure = true
-			klog.Warningf("Pressure is too high (%s mbar); enabling diffusion pump lockout", formatMbar(mbar))
+			klog.Warningf("SAFETY: Pressure is too high (%s mbar); enabling diffusion pump lockout", formatMbar(mbar))
 		}
 		if d.safety.highPressure && mbar < (1e-1)-(1e-2) {
 			d.safety.highPressure = false
-			klog.Infof("Pressure is low enough (%s mbar) for diffusion pump operation; quitting diffusion pump lockout", formatMbar(mbar))
+			klog.Infof("SAFETY: Pressure is low enough (%s mbar) for diffusion pump operation; quitting diffusion pump lockout", formatMbar(mbar))
 		}
 	} else {
 		d.safety.failsafe = true
diff --git a/succbone/succd/process_controller.go b/succbone/succd/process_controller.go
index 2a228f5..0c0abc6 100644
--- a/succbone/succd/process_controller.go
+++ b/succbone/succd/process_controller.go
@@ -1,5 +1,7 @@
 package main
 
+import "k8s.io/klog"
+
 // daemonController is the control/data interface passed on to external system
 // controllers, eg. the web interface.
 //
@@ -27,12 +29,20 @@ func (d *daemon) snapshot() *daemonState {
 func (d *daemon) rpSet(state bool) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
+	if !state && d.dpOn {
+		klog.Errorf("SAFETY: Refusing to disable roughing pump while diffusion pump is active")
+		return
+	}
 	d.rpOn = state
 }
 
 func (d *daemon) dpSet(state bool) {
 	d.mu.Lock()
 	defer d.mu.Unlock()
+	if state && (d.safety.failsafe || d.safety.highPressure) {
+		klog.Errorf("SAFETY: Refusing to enable diffusion pump with safety alerts present")
+		return
+	}
 	d.dpOn = state
 }