This plugin is based on the S2OPC open source library.
OPC UA server protocol stack configuration
Connection configuration
This section provides the connection-level configuration details of an OPC UA server.
Attributes definition
| Attribute | Description | Expected values | Mandatory |
|---|---|---|---|
| url | The server URL endpoint | “opc.tcp://<IP>:<port>[/sub/path]” e.g. “opc.tcp://10.5.0.1:4841” | YES |
| appUri | The application URI | e.g. “urn:S2OPC:localhost” | YES |
| productUri | The product URI | e.g. “urn:S2OPC:localhost” | YES |
| appDescription | Application description | Any non-empty string. | YES |
| localeId | The default language Id. | e.g. "en-US", "fr-FR", ... | YES |
| namespaces | List of namespaces URI, starting at namespace 1. Thus, the array should contain only one name. (Array is kept for portability) | e.g. for 2 users namespaces (ns=1, ns=2): [ "urn:S2OPC:localhost", "urn:S2OPC:localhost_2" ] | YES |
| policies | Array of accepted policies If no security is required: | YES | |
| policies.securityMode | The security mode | A string among “None”, “Sign” and “SignAndEncrypt” (case insensitive) | YES |
| policies.securityPolicy | The security policy | A string among “None”, “Basic256”, “Basic256Sha256”, “Aes128Sha256RsaOaep” and “Aes256Sha256RsaPss” | YES |
| policies.userPolicies | The user policy If no security is required, "Anonymous" should be used | A string among “Anonymous”, “username”, “username_None”, “username_Basic256” | YES |
| users | A map of 'user':'password'. If no user-authentication is required, it can be an empty object | e.g: {"user" : "password", "user2" : "xGt4sdE3Z+" } e.g: {} | YES |
| certificates | Note: all certificate files are expected to be provided in the $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv folder | NO | |
| certificates.serverCertPath | The Server certificate filename (DER format) | e.g. "server_2k_cert.der" | NO |
| certificates.serverKeyPath | The Server key filename (PEM format) | e.g. "server_2k_key.pem" | NO |
| certificates.trusted_root | The list of trusted root certificates (DER) | e.g. [ "cacert.der" ] | NO |
| certificates.trusted_intermediate | The list of trusted intermediate certificates (DER) | Same as “trusted_root” | NO |
| certificates.revoked | The list of revoked certificates (DER) | Same as “trusted_root” | NO |
| certificates.untrusted_root | The list of untrusted root certificates (DER) | Same as “trusted_root” | NO |
| certificates.untrusted_intermediate | The list of untrusted intermediate certificates (DER) | Same as “trusted_root” | NO |
| certificates.issued | The list of untrusted issued certificates (DER) | Same as “trusted_root” | NO |
Configuration JSON structure
| Code Block | ||
|---|---|---|
| ||
{
"transport_layer":{
"url":"opc.tcp://localhost:4841/OPCUA/s2opc",
"appUri":"urn:S2OPC:localhost",
"productUri":"urn:S2OPC:localhost",
"appDescription":"Application description",
"localeId":"en-US",
"namespaces":[ "urn:S2OPC:localhost" ],
"policies":[
{
"securityMode":"None",
"securityPolicy":"None",
"userPolicies":[
"anonymous"
]
},
{
"securityMode":"SignAndEncrypt",
"securityPolicy":"Basic256Sha256",
"userPolicies":[
"username_Basic256Sha256",
"username_None"
]
}
],
"users":{ "user":"password", "user2":"xGt4sdE3Z+" },
"certificates":{
"serverCertPath":"server_2k_cert.der",
"serverKeyPath":"server_2k_key.pem",
"trusted_root":[ "cacert.der" ],
"trusted_intermediate":[],
"revoked":["cacrl.der"],
"untrusted_root":[],
"untrusted_intermediate":[],
"issued":[]
}
}
} |
OPC UA server endpoint interface
Connection
A client requires knowledge of parameters provided in previous section to establish a secured channel with the server:
- Endpoint URL
- Server certificate (It is the responsibility of the client to ensure it is connecting to the expected server)
- User login/password, if applicable.
Endpoint
This section provides the user-level configuration details of an OPC UA server, once a client-server secured connection is established.
The endpoint (see "transport_layer.url") is an OPC UA interface and provides several means of use by a client (Browse, Read, Write, Subscribe). The following items allow any connected client to access directly all server data without prior use of browsing, provided that it has knowledge of the PIVOT object it needs and there related types.
Interface specification:
| NodeId | BrowseName/ DisplayName | IsOrganizedBy | NodeClass | Type | Reading field | Default value | Details |
|---|---|---|---|---|---|---|---|
| <PIVOT_ID> |
(= "i=85") |
| do_id | Parent folder for each PIVOT data | ||
| Cause | ns=1;s=<PIVOT_ID> | Variable | UInt32 (Read-Only) | do_cot | Mandatory | See Cause of Transmission |
| Confirmation | ns=1;s=<PIVOT_ID> | Variable | Boolean (Read-Only) | do_confirmation | false | |
| Source | ns=1;s=<PIVOT_ID> | Variable | String (Read-Only) | do_source | "process" | "process" | "substituted" |
| ComingFrom | ns=1;s=<PIVOT_ID> | Variable | String (Read-Only) | do_comingfrom | Mandatory | Any protocol name ("iec104" ,"opcua", ...) |
| TmOrg | ns=1;s=<PIVOT_ID> | Variable | String (Read-Only) | do_ts_org | Mandatory | "genuine" | "substituted" |
| TmValidity | ns=1;s=<PIVOT_ID> | Variable | String (Read-Only) | do_ts_validity | Mandatory | Validity of the Timestamp of Value "good" | "invalid" | "reserved" | "questionable" |
| DetailQuality | ns=1;s=<PIVOT_ID> | Variable | UInt32 (Read-Only) | do_quality | 0 | OR-Mask of following values:
|
| TimeQuality | ns=1;s=<PIVOT_ID> | Variable | UInt32 (Read-Only) | do_ts_quality | 0 | OR-Mask of following values:
|
| Value | ns=1;s=<PIVOT_ID> | Variable | (See below) | do_value do_value_quality | Mandatory | (See below) |
With <PIVOT_ID> as provided in exchanged_data.datapoints[].pivot_id section configuration.
Notes:
- All read-only variables have a
OpcUa_BadWaitingForInitialDataquality (0x80320000) initial value until a valid value is received from FledgePower. - All non-mandatory values will be set automatically by the server if not received from a south device.
- If a mandatory value is missing, then the whole PIVOT object is not updated.
- As a standard OPC UA server, all functional data are organized under the
Root.Objectsnode of namespace 0 ( nodeId =i=85). - All data are stored under the namespace 1. Its URI is configured in protocol "
namespaces" parameter.
Value content and metadata
PIVOT timestamp
The ns=1;s=<PIVOT_ID>/Value variable contains the pivot timestamp value (t.FractionOfSecond + t.SecondSinceEpoch) is converted to OPC-UA timestamp (Unit= number of 100 nanosecond since Jan 1st,1600).
The timestamp is not optional in OPCUA. Thus, in case the timestamp were not provided by south layers, the OPC UA north plugin will set the timestamp to 0.
PIVOT value validity
The ns=1;s=<PIVOT_ID>/Value variable contains the pivot value <Root<.<type>.q.validity field. It is represented as the OPC UA Quality of the variable, using the following conversion:
| PIVOT Validity | OPC UA quality |
|---|---|
| good | OPC_UA_GOOD |
| invalid | OPC_UA_BAD |
| reserved | OPC_UA_BAD (not used) |
| questionable | OPC_UA_UNCERTAIN |
PIVOT variant value
The base type of the value itself is static and depends on the configuration provide in "exchanged_data" section.
| PIVOT Type | TypeId of
| BaseDataType of
| Note |
|---|---|---|---|
| SPSTyp | opcua_sps | Boolean_Id (=1) | |
| DPSTyp | opcua_dps | String_Id (=12) | Enum is shown as string encoded. |
| BSCTyp | opcua_bsc | TBD | Not supported in current version |
| MVTyp | opcua_mvi | Int32_Id (=6) | In that case, the "mag.f" field is ignored |
| MVTyp | opcua_mvf | Float_Id (=10) | In that case, the "mag.i" field is ignored |
| SPCTyp | opcua_spc | Boolean_Id (=1) | Not supported in current version |
| DPCTyp | opcua_dpc | Byte_Id (=2) | Not supported in current version |
| INCTyp | opcua_inc | Int32_Id (=6) | Not supported in current version |
| APCTyp | opcua_apc | Float_Id (=10) | Not supported in current version |
| BSCTyp | opcua_bsc | TBD | Not supported in current version |