Operation¶
Arbiter Boot¶
When the arbiter is booted, it enters an Iddle state, trying to verify the status of the system.
While Iddle, the Status Message is not sent.
If all checks success, the arbiter will enter Normal mode.
If, after 30 seconds, system errors are still present, arbiter will enter Maintenance mode.
Status message¶
Once in Normal mode, the Arbiter will start sending the Status and Scores telemetry messages.
The frequency of these messages is configurable. They can also be disabled.
The status message contains information such as:
Arbitration ON/OFF
Selected autopilot
System BITs
etc.
While in Maintenance Mode, the Arbiter will send the Status message, even if it is disabled, but will not send the Scores messages.
Ready Status¶
After the Arbiter enters Normal mode, it will wait until a Ready Message from each autopilot is received. Only then the Arbitration will start.
Normal Arbitration start
If the Arbiter is in maintenance mode, the Arbitration will not start. Even if the Ready messages are recived.
Failed Arbitration start
Alive Status¶
Once arbitration starts, all autopilots are declared as alive by default, but it is possible that they are declared as Dead if a critical error is found.
APs being declared Dead
Tha arbiter will declare an autopilot dead if one of the following incidences is found:
One of the arbitration messages (including the Ready message) is not received for 0.1 seconds.
A Not Ready message is received.
A System Not OK error is raised on any of the autopilots, activating the FTS signal.
The watchdog signal for any autopilot is not ok.
Attention
Make sure to configure the sending of arbitration messages as High priority. Otherwise, the sending of the messages could be shortly interrupted by a higher priority task and the autopilot will be declared Dead.
APs being declared Dead when arbitration starts due to missed messages
A Dead autopilot can never be selected again as long as arbitration persists.
The Dead status is not reversible, it is necessary to reboot the whole system in order to recover a Dead autopilot.
If the number of Alive autopilots is 2 or less, relative arbitration variables are disabled (since at least 3 autopilots are needed).
If only one autopilot is Alive, it will be selected no matter the score.
If all autopilots are Dead, the Preferred autopilot will be selected.
Maintenance Mode¶
Maintenance mode is used for changing the Arbiter configuration.
Arbitration is disabled while in maintenance mode.
Arbiter will also enter maintenance Mode after a failed boot.
The reason of the failed boot can be checked in the Status message.