Relay output off on comms timeout?
-
I wonder what would happen for a Relay Actuator (as shown among the examples) if the communication with the controller is lost. Then the outputs may be active forever.
So, I believe an actuator like this should not be trusted to activate anything critical (heaters, pumps etc.) unless I add functionality to turn off the output in case of communication timeout. I guess I can not count on existing controllers to keep sending regular updates to the output state, so I don't know how I could even detect communcation timeout. What do you recommend?
-
I wonder what would happen for a Relay Actuator (as shown among the examples) if the communication with the controller is lost. Then the outputs may be active forever.
So, I believe an actuator like this should not be trusted to activate anything critical (heaters, pumps etc.) unless I add functionality to turn off the output in case of communication timeout. I guess I can not count on existing controllers to keep sending regular updates to the output state, so I don't know how I could even detect communcation timeout. What do you recommend?
@lassenie I agree. If the relay is controlling something critical the node should have as much as possible of:
- Turn relay off if power is lost (relay should default to shut off if it has no signal/power)
- Default relay to off when starting after power loss / reset
- Use watchdog to reset the node if the sketch hangs
- Use a timer to turn relay off after some appropriate interval if no signal is received from the controller
- Add a hardware watchdog, like discussed here
-
@lassenie I agree. If the relay is controlling something critical the node should have as much as possible of:
- Turn relay off if power is lost (relay should default to shut off if it has no signal/power)
- Default relay to off when starting after power loss / reset
- Use watchdog to reset the node if the sketch hangs
- Use a timer to turn relay off after some appropriate interval if no signal is received from the controller
- Add a hardware watchdog, like discussed here
@mfalkvidd Thank you for your valuable suggestions - they all look very relevant.
Perhaps I am overlooking something in the documentation, but I wonder if any existing controllers out there will get the node's relay outputs in the right state again after a node restart, if it always starts up in off state.
Besides that, how can I reliably detect communication in the node, such as I_HEARTBEAT/I_HEARTBEAT_RESPONSE? As far as I know, such internal messages do not arrive through the recieve(...) API function. I will need to see some incoming messages (also from existing controller implementations) - otherwise I would get timeouts.
Best regards
Lasse
