This plugin is based on the S2OPC open source library.
This section provides the connection-level configuration details of an OPC UA server.
Attribute | Description | Expected values | Mandatory |
---|---|---|---|
url | The server URL endpoint | “opc.tcp://<IP>:<port>[/sub/path]” e.g. “opc.tcp://10.5.0.1:4841” | YES |
appUri | The application URI | e.g. “urn:S2OPC:localhost” | YES |
productUri | The product URI | e.g. “urn:S2OPC:localhost” | YES |
appDescription | Application description | Any non-empty string. | YES |
localeId | The default language Id. | e.g. "en-US", "fr-FR", ... | YES |
namespaces | List of namespaces URI, starting at namespace 1. Thus, the array should contain only one name. (Array is kept for portability) | e.g. for 2 users namespaces (ns=1, ns=2): [ "urn:S2OPC:localhost", "urn:S2OPC:localhost_2" ] | YES |
policies | Array of accepted policies If no security is required: | YES | |
policies.securityMode | The security mode | A string among “None”, “Sign” and “SignAndEncrypt” (case insensitive) | YES |
policies.securityPolicy | The security policy | A string among “None”, “Basic256”, “Basic256Sha256”, “Aes128Sha256RsaOaep” and “Aes256Sha256RsaPss” | YES |
policies.userPolicies | The user policy If no security is required, "Anonymous" should be used | A string among “Anonymous”, “username”, “username_None”, “username_Basic256” | YES |
users | A map of 'user':'password'. If no user-authentication is required, it can be an empty object | e.g: {"user" : "password", "user2" : "xGt4sdE3Z+" } e.g: {} | YES |
certificates | Note: all certificate files are expected to be provided in subfolders under the $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv folder | YES | |
certificates.serverCertPath | The Server certificate filename (DER format). The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/server/ | e.g. "server_2k_cert.der" | YES |
certificates.serverKeyPath | The Server key filename (PEM format) The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/server/ | e.g. "server_2k_key.pem" | YES |
certificates.trusted_root | The list of trusted root certificates (DER). Can be empty. The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/trusted/ | e.g. [ "cacert.der" ] | NO |
certificates.trusted_intermediate | The list of trusted intermediate certificates (DER). Can be empty. The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/trusted/ | Same as “trusted_root” | NO |
certificates.revoked | The list of revoked certificates (DER). Can be empty. The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/revoked/ | Same as “trusted_root” | NO |
certificates.untrusted_root | The list of untrusted root certificates (DER). Can be empty. The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/untrusted/ | Same as “trusted_root” | NO |
certificates.untrusted_intermediate | The list of untrusted intermediate certificates (DER). Can be empty. The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/untrusted/ | Same as “trusted_root” | NO |
certificates.issued | The list of untrusted issued certificates (DER). Can be empty. The complete path for this file is $(FLEDGE_INSTALL)/data/etc/certs/s2opc_srv/issued/ | Same as “trusted_root” | NO |
{ "transport_layer":{ "url":"opc.tcp://localhost:4841/OPCUA/s2opc", "appUri":"urn:S2OPC:localhost", "productUri":"urn:S2OPC:localhost", "appDescription":"Application description", "localeId":"en-US", "namespaces":[ "urn:S2OPC:localhost" ], "policies":[ { "securityMode":"None", "securityPolicy":"None", "userPolicies":[ "anonymous" ] }, { "securityMode":"SignAndEncrypt", "securityPolicy":"Basic256Sha256", "userPolicies":[ "username_Basic256Sha256", "username_None" ] } ], "users":{ "user":"password", "user2":"xGt4sdE3Z+" }, "certificates":{ "serverCertPath":"server_2k_cert.der", "serverKeyPath":"server_2k_key.pem", "trusted_root":[ "cacert.der" ], "trusted_intermediate":[], "revoked":["cacrl.der"], "untrusted_root":[], "untrusted_intermediate":[], "issued":[] } } } |
A client requires knowledge of parameters provided in previous section to establish a secured channel with the server:
This section provides the user-level configuration details of an OPC UA server, once a client-server secured connection is established.
The endpoint (see "transport_layer.url
") is an OPC UA interface and provides several means of use by a client (Browse, Read, Write, Subscribe). The following items allow any connected client to access directly all server data without prior use of browsing, provided that it has knowledge of the PIVOT object it needs and there related types.
Interface specification:
All PIVOT objects are split on OPC UA server in one variable for each field. The variables are organized as follow:
ns=1;s=
<PIVOT_ID>
<PIVOT_ID>
IsOrganizedBy
"Root.Objects"
(= "i=85")ns=1;s=
<PIVOT_ID>/<FieldName>
<FieldName>
IsOrganizedBy
ns=1;s=
<PIVOT_ID>
Both TeleMeasure and TeleSignal use exactly the same OPC variables organization. They both represent data received from a south plugin and therefore only expose Read-Only Nodes.
FieldName | Type | Reading field | Default value | Details |
---|---|---|---|---|
Cause | UInt32 (Read-Only) | do_cot | Mandatory | See Cause of Transmission |
Confirmation | Boolean (Read-Only) | do_confirmation | false | |
Source | String (Read-Only) | do_source | "process" | "process" | "substituted" |
ComingFrom | String (Read-Only) | do_comingfrom | Mandatory | Any protocol name ("iec104" ,"opcua", ...) |
TmOrg | String (Read-Only) | do_ts_org | "genuine" | "genuine" | "substituted" |
TmValidity | String (Read-Only) | do_ts_validity | "good" | Validity of the Timestamp of Value "good" | "invalid" | "reserved" | "questionable" |
DetailQuality | UInt32 (Read-Only) | do_quality | 0 | OR-Mask of following values:
|
TimeQuality | UInt32 (Read-Only) | do_ts_quality | 0 | OR-Mask of following values:
|
SecondSinceEpoch | UInt64 (Read-Only) | do_ts | 0 | Number of seconds since Linux Epoch |
Value | (See below) (Read-Only) | do_value do_value_quality | Mandatory | (See below) |
<PIVOT_ID>
as provided in exchanged_data.datapoints[].pivot_id
section configuration.OpcUa_BadWaitingForInitialData
quality (0x80320000
) initial value until a valid value is received from FledgePower.Root.Objects
node of namespace 0 ( nodeId = i=85
).namespaces
" parameter.The ns=1;s=
<PIVOT_ID>
/Value
variable contains the pivot timestamp value (t.FractionOfSecond
+ t.SecondSinceEpoch
) is converted to OPC-UA timestamp (Unit= number of 100 nanosecond since Jan 1st,1600).
The timestamp is not optional in OPCUA. Thus, in case the timestamp were not provided by south layers, the OPC UA north plugin will set the timestamp to 0.
The ns=1;s=
<PIVOT_ID>
/Value
variable contains the pivot value <Root>.<type>.q.validity
field. It is represented as the OPC UA Quality of the variable, using the following conversion:
PIVOT Validity | OPC UA quality |
---|---|
good | OPC_UA_GOOD |
invalid | OPC_UA_BAD |
reserved | OPC_UA_BAD (not used) |
questionable | OPC_UA_UNCERTAIN |
The TeleControls represent commands received from an OPC UA client -connected to the North plugin- that must be sent to a south service. Therefore, they expose Read/Write variables that will be written by a client, except for the feedback of operation, which is Read-Only (Variable Reply
).
As a single PIVOT TC contains the information provided in several OPC variables, the following procedure has been defined to ensure atomicity of the operation. An OPC UA client must:
Trigger
. This must be executed after the previous write command was successfully completed.OpcUa node ( ns=1;s= <PIVOT_ID> / ...) | Type | Reading field | Details |
---|---|---|---|
String | co_id | co_id = PIVOT ID | |
String | co_type | co_type = "opcua_inc" | "opcua_apc" | "opcua_bsc" Other types not supported in current version. | |
Value | (See below) | co_value | (See below) |
Reply | Boolean | ro_reply / ro_id | Return value from the south service Quality:
Value :
Note that there is no timeout handled in the plugin itself. If the remote equipment never acknowledges the request, |
Trigger | UInt8 | co_test co_se | Writing this node triggers the TC with current values, current timestamp and the command flags depending on the
Examples:
|
Timestamp | co_ts | co_ts = timestamp (Number of seconds since Linux Epoch). The value is defined by local time when |
The base type of the value itself is static and depends on the configuration provide in "exchanged_data
" section.
PIVOT Type | TypeId of
| BaseDataType of
| Note |
---|---|---|---|
SPSTyp | opcua_sps | Boolean_Id (=1) | |
DPSTyp | opcua_dps | String_Id (=12) | Enum is shown as string encoded. |
BSCTyp | opcua_bsc | String_Id (=12) | |
MVTyp | opcua_mvi | Int32_Id (=6) | In that case, the "mag.f" field is ignored |
MVTyp | opcua_mvf | Float_Id (=10) | In that case, the "mag.i" field is ignored |
SPCTyp | opcua_spc | Boolean_Id (=1) | |
DPCTyp | opcua_dpc | Byte_Id (=2) | |
INCTyp | opcua_inc | Int32_Id (=6) | |
APCTyp | opcua_apc | Float_Id (=10) | |
BSCTyp | opcua_bsc | String_Id (=12) |