OPC UA Plug-in#
The OPC UA plug-in is designed to exchange data with an OPC UA data source via a client-server interface or a publisher and subscriber interface. This plug-in utilizes the open62541 library API interface for all communications. You can enable security by specifying the necessary certificate and public/private keys information in the configuration. This collateral may be stored either in a file or in HW-based TPM storage.
An ECI Protocol Bridge configuration file is used to define the plug-ins that are loaded and their runtime parameters. This section will describe the configuration parameters for the OPC UA plug-in.
A configuration file uses the YAML format. All elements and attributes are case-sensitive; so, make sure that the files are properly formatted. For more details on YAML formatting, see the various guides on the Internet.
Important
For deterministic PubSub over TSN, a platform with at least four cores is strongly recommended.
Attention
This plug-in assigns CPU affinity and requires elevated permissions to run correctly. Make sure that you have elevated permissions to execute the EC Protocol Bridge.
Note: Any unknown parameters in a configuration file will simply be ignored.
OPC UA - Plug-in-Level Configuration Parameters#
There are four parameters at plug-in level to configure real-time thread settings: RT thread core affinity and schedule priority for the broadcaster and listener threads, and RT thread core affinity and schedule priority for the client read and write threads.
There are three optional OPC UA parameter: client, publisher, and subscriber. However, at least one parameter must be specified.
opc ua: dx-core-affinity#
This optional parameter represents the CPU core assigned to the real-time broadcaster and listener threads. This value should be an integer between 0 and the number of available cores minus 1.
By default, this value is set to 0.
Example:
cli-core-affinity: 1
opc ua: dx-sched-priority#
This optional parameter represents the priority assigned to the real-time client read and write threads.
Use priority values in the range between 50 and 75. All real-time thread priorities are relative to each other. A higher priority thread is able to preempt a thread with a lower value. All existing plug-in have been designed to execute most effectively within this priority range.
By default, this value is set to 60.
Example:
cli-sched-priority: 60
opc ua: cli-core-affinity#
This optional parameter represents the CPU core assigned to the real-time client read and write threads. This value should be an integer between 0 to -1.
By default, this value is set to 0.
Example:
cli-core-affinity: 1
opc ua: cli-sched-priority#
This optional parameter represents the priority assigned to the real-time client read and write threads.
Use priority values in the range between 50 and 75. All real-time thread priorities are relative to each other. A higher priority thread is able to preempt a thread with a lower value. All existing plug-in have been designed to execute most effectively within this priority range.
By default, this value is set to 59.
Example:
cli-sched-priority: 59
OPC UA - Client Configuration Parameters#
opc ua client: client#
This parameter is the parent of the OPC UA client/server definitions. The client parameter is a YAML list.
Example:
client:
-
The following are the child parameters of the client:
opc ua client: server-uri#
This mandatory parameter within client represents an OPC UA server to which the plug-in client will connect to read and write data.
Example:
server-uri: "opc.tcp://localhost:53530/OPCUA/SimulationServer"
opc ua client: check-connection-sec#
This optional parameter represents the frequency, in seconds, at which the OPC UA client should check and potentially restore its connection to an OPC UA server.
By default, this value is set to 600.
Example:
check-connection-sec: 300
opc ua client: security#
This optional parameter indicates whether the client should allow connections anonymously or use sign and encrypt security. If set to anonymous, the client will connect to the server anonymously. If set to certificate, the client will use sign and encrypt security to connect to the server. The default value is anonymous.
Example:
security: certificate
opc ua client: server-certificate#
This parameter indicates the location where the server certificate is stored in the file system. Define server-certificate, if security is set to certificate. The server certificate is needed for OPC UA sign and encrypt security.
Example:
server-certificate: ../config/server-certificate.der
opc ua client: client-certificate#
This parameter indicates the location where the client certificate is stored in the file system. Define client-certificate, if security is set to certificate. The client certificate is needed for OPC UA sign and encrypt security.
Example:
client-certificate: ../config/client-certificate.der
opc ua client: client-application-uri#
This parameter defines the URI specified in the client certificate. Define this parameter, if security is set to certificate. The client application URI is needed for OPC UA sign and encrypt security.
Example:
client-application-uri: urn:intel.eci.client.application
opc ua client: client-private-key#
This parameter indicates the location where the client private key is stored in the file system. Define this parameter, if security is set to certificate. The client private key is needed for OPC UA sign and encrypt security. The client private key can contain the actual key in binary format or the key after it has been encrypted by TEP. See the``key-store`` parameter for more information.
Example:
client-private-key: ../config/client-private-key.der
opc ua client: key-store#
This parameter specifies how the client private key is stored. If security is set to anonymous, key-store will not have any effect and is not required. If security is set to certificate, specify the key-store. If key-store is set to File, the client private key is stored as a file in the file system and contains the actual key in binary format. If the key-store is set to TEP, the client private key is stored as a file in the file system and contains the key after it has been encrypted by TEP. If you use TEP as a key store, make sure TEP is installed on the system. For more details on encrypting the key and storing in the TEP, see the key store example.
Example:
key-store: File
opc ua client: slot#
This parameter defines the slot number used by TEP to encrypt and decrypt the client private key. Specify slot, if key-store` is set to ``TEP.
Example:
slot: 1
opc ua client: user-pin#
This parameter defines the user pin used by TEP to encrypt and decrypt the client private key. Specify user-pin, if key-store` is set to ``TEP.
Example:
user-pin: 123456
opc ua client: key-label#
This parameter defines the label used to find the AES key in TEP. Specify key-label, if key-store` is set to ``TEP. The TEP AES key is used to encrypt and decrypt the client private key.
Example:
key-label: opcua_key
opc ua client: monitor-nodes#
This optional parameter represents a list of OPC UA node variable subscriptions that the plug-in client will monitor for updates. When the value of one of these nodes changes, the client is immediately notified of the update and the data received. Only one variable node may be monitored per list item.
There are three mandatory monitor-nodes child parameters: dataset-id, node-name, and namespace.
Example:
monitor-nodes:
-
opc ua: monitor-nodes: dataset-id#
This mandatory parameter represents a mapping between a single OPC UA variable node and a dataset containing a single field.
Example:
dataset-id: opcua-client-input
opc ua: monitor-nodes: node-name#
This mandatory parameter represents the name of an OPC UA variable node.
Example:
node-name: Int32
opc ua: monitor-nodes: namespace#
This mandatory parameter represents the namespace of an OPC UA variable node.
Example:
namespace: 6
opc ua: read-nodeset#
This optional parameter represents an OPC UA Nodeset that the plug-in client will use to read data.
Example:
read-nodeset:
-
There are four read-nodeset child parameters: polling-interval-ms, sync-start-offset-ms, dataset-id, and nodes.
read-nodeset: polling-interval-ms#
This mandatory parameter represents the the polling interval, in milliseconds, for client reads. The value must be a positive integer less than 65535.
Example:
polling-interval-ms: 1000
read-nodeset: sync-start-offset-ms#
This optional parameter represents the offset, in milliseconds, from the synchronized start delay clock for client reads. The value must be a positive integer less than 65535.
Example:
sync-start-offset-ms: 10
read-nodeset: dataset-id#
This mandatory parameter represents a mapping between the OPC UA nodeset and a plug-in dataset. To define a proper configuration, it is important to understand how a mapping or reference is established.
Example:
read-nodeset:
dataset-id: opcua-client-input
The specified dataset-id must match a previous dataset definition for the plug-in. For example:
Example:
dataset:
-
dataset-id: opcua-client-input
read-nodeset: nodes#
This mandatory parameter represents the list of OPC UA nodeset field nodes that are mapped to the plug-in dataset dataset-fields. The order of the child nodes must match the order of the dataset dataset-fields definition. The nodes parameter is a YAML list.
Example:
nodes:
-
There are two mandatory nodes child parameters: node-name and namespace. These two child parameters define the address of an OPC UA data node.
read-nodeset: node-name#
This mandatory parameter represents the name of a node within the OPC UA nodeset.
Example:
node-name: Int32
read-nodeset: namespace#
This mandatory parameter represents the namespace of a node within the OPC UA nodeset.
Example:
namespace: 6
Each OPC UA node maps to a dataset dataset-fields definition and must be in the same sequence.
Example:
dataset:
-
dataset-id: opcua-client-read-ds
dataset-fields:
-
datafld-id: fld-int32
datatype: int32
-
datafld-id: fld-float
datatype: float
configuration:
client:
-
server-uri: "opc.tcp://localhost:53530/OPCUA/SimulationServer"
read-nodeset:
dataset-id: opcua-client-read-ds
polling-interval-ms: 500
nodes:
-
node-name: Int32
namespace: 6
-
node-name: Float
namespace: 6
Note that the Int32 node corresponds to the fld-int32 dataset field definition and the Float corresponds to fld-float. These definitions are positional and would cause an error if not properly defined. Consider the nodeset as the OPC UA field definition and the dataset fields as the temporary internal storage location for the data being read.
opc ua: write-nodeset#
This optional parameter represents an OPC UA Nodeset that the plug-in client will use to write data.
Example:
write-nodeset:
There are three write-nodeset child parameters: sync-start-offset-ms, dataset-id, and nodes.
write-nodeset: sync-start-offset-ms#
This optional parameter represents the offset, in milliseconds, from the synchronized start delay clock for client reads. The value must be a positive integer less than 65535.
Example:
sync-start-offset-ms: 10
write-nodeset: dataset-id#
This mandatory parameter represents a mapping between the OPC UA nodeset and a plug-in dataset. To define a proper configuration, it is important to understand how a mapping or reference is established.
Example:
dataset-id: opcua-client-output
The specified dataset-id must match a previous dataset definition for the plug-in. For example:
Example:
dataset:
-
dataset-id: opcua-client-output
write-nodeset: nodes#
This mandatory parameter represents the list of OPC UA nodeset field nodes that are mapped to the plug-in dataset dataset-fields. The order of the child nodes must match the order of the dataset dataset-fields definition. The nodes parameter is a YAML list.
Example:
nodes:
-
There are two mandatory nodes child parameters: node-name and namespace. These two child parameters define the address of an OPC UA data node.
write-nodeset: node-name#
This mandatory parameter, within nodes, represents the name of a node within the OPC UA nodeset.
Example:
node-name: Int32
write-nodeset: namespace#
This mandatory parameter represents the namespace of a node within the OPC UA nodeset.
Example:
namespace: 6
Each OPC UA node maps to a dataset dataset-fields definition and must be in the same sequence.
OPC UA - Publisher Configuration Parameters#
This parameter is the parent for OPC UA PubSub publisher definitions. The publisher parameter is a YAML list, it is however currently limited to a single publisher. Configuring more than one publisher will generate errors.
Example:
publisher:
-
There are several publisher child parameters, which are explained here:
opc ua publisher - input-dataset-id#
This mandatory parameter defines the dataset that is input to supply data to the OPC UA publisher.
Example:
input-dataset-id: ds-opcua-in
opc ua publisher - transport-protocol#
This mandatory parameter must be one of the following values:
UDP: User Datagram Protocol (UDP) is a Transport Layer protocol. Unlike TCP, it is an unreliable and connectionless protocol.
ETH: Ethernet (ETH) is a Transport Layer protocol that uses TCP.
ETF: Earliest TxTime First (ETF) allows control over the instant when a packet is dequeued from the traffic control layer and when packets leave the network interface card (NIC). This is used for OPC UA PubSub over TSN.
Example:
transport-protocol: ETF
opc ua publisher - network-interface#
This mandatory parameter represents the name of NIC. Use lo for testing with the loopback interface. This parameter must be left blank for UDP.
Example:
network-interface: lo
opc ua publisher - network-url#
This mandatory parameter should be set to the network URL of the target PubSub subscriber. It typically takes the form of opc.eth:// followed by the MAC address of the subscriber’s NIC, for example, opc.eth://xx-xx-xx-xx-xx-xx. Multicast over Ethernet or loopback can specify the value, opc.eth://ff-ff-ff-ff-ff-ff, while multicast over UDP can specify the value, opc.udp://224.0.0.22:4840.
Example:
network-url: "opc.eth://ff-ff-ff-ff-ff-ff"
opc ua publisher - server-port#
This mandatory parameter represents the network port used. Using PubSub requires that the plug-in launch an internal OPC UA Server. Each instance of an OPC UA Server, therefore each OPC UA plug-in, running on a compute node must use a unique server port address. This value should be an integer between 1 and 65534. It is recommended to pick a well-known value or a value that is not already registered. See the list of TCP and UDP port numbers.
Example:
server-port: 62541
opc ua publisher - publisher-id#
This mandatory parameter with writer-group-id and dataset-writer-id form a set of unique identifiers for a PubSub publisher and subscriber pair. Subscribers will receive data only from publishers that have the same matching values. This value should be an integer between 1 and 65534.
Example:
subscriber-id: 2235
opc ua publisher - writer-group-id#
This mandatory parameter with publisher-id and dataset-writer-id form a set of unique identifiers for a PubSub publisher and subscriber pair. Subscribers will receive data only from publishers that have the same matching values. This value should be an integer between 1 and 65534.
Example:
writer-group-id: 100
opc ua publisher - dataset-writer-id#
This mandatory parameter with publisher-id and writer-group-id form a set of unique identifiers for a PubSub publisher and subscriber pair. Subscribers will receive data only from publishers that have the same matching values. This value should be an integer between 1 and 65534.
Example:
dataset-writer-id: 1234
opc ua publisher - cycle-time-us#
This mandatory parameter indicates the interval of the publisher in milliseconds. The value should be between 1 and 4,294,967,295.
Example:
cycle-time-us: 500000
opc ua publisher - svr-sync-start-offset-ms#
This optional parameter represents the offset, in milliseconds, from the synchronized start delay clock for copying queued data to the publisher server. The value must be a positive integer less than 65535. The default value is 1000 ms.
Example:
svr-sync-start-offset-ms: 10
opc ua publisher - sub-sync-start-offset-ms#
This optional parameter represents the offset, in milliseconds, from the synchronized start delay clock for publishing. The value must be a positive integer less than 65535. The default value is 0 ms.
Example:
sub-sync-start-offset-ms: 10
opc ua publisher - socket-priority#
This optional parameter represents the network socket priority. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 3.
By default, this value is set to 3.
Example:
socket-priority: 3
opc ua publisher - security-type#
This optional parameter represents the type of security to be used for PubSub publisher encryption. The valid values are:
0 - No security (default)
1 - AES128 keys stored in a clear text file
2 - AES128 keys stored in an encrypted file that is decrypted by TPM
3 - AES256 keys stored in a clear text file
4 - AES256 keys stored in an encrypted file that is decrypted by TPM
5 - AES128 keys stored in TPM (** Note:** This feature is not yet implemented in ECI 2.5)
6 - AES256 keys stored in TPM (** Note:** This feature is not yet implemented in ECI 2.5)
Example:
security-type: 3
opc ua publisher - keys-file#
This parameter represents the location of the file containing the keys used for PubSub encryption. This parameter is required when security-type is set to 1, 2, 3, or 4. The value of this parameter must specify a valid key file.
Example:
keys-file: ../config/security/pubsub256.key
This text file contains two keys: the encryption key on the first line and the signing key on the second line. These keys may be generated using openssl. For example:
openssl enc -aes256 -pbkdf2 -iter 100000 -nosalt -p -pass pass:encrypt
openssl enc -aes256 -pbkdf2 -iter 100000 -nosalt -p -pass pass:signing
The contents of this file look similar to:
80CD04F471AF3A8BC77D7B459E0102018D3B2BAE381350F83A4A2BA69A41DCC8
AE9B4A3D8BE08F39BFBB7275DA1E32BF36CF1E11778A592F8D92E096E2641D4A
opc ua publisher - slot#
This parameter defines the slot number used to find the key in the TPM. This parameter is required when security-type is set to 2, 4, 5, or 6.
Example:
slot: 1
opc ua publisher - user-pin#
This parameter defines the user pin used to find the key in the TPM. This parameter is required when security-type is set to 2, 4, 5, or 6.
Example:
user-pin: 123456
opc ua publisher - encrypt-key-label#
This parameter defines the label used to find the AES encryption in the TPM. This parameter is required when security-type is set to 2, 4, 5, or 6. The AES key is used to decrypt the keys file for security-type: 2 and 4, and is used to encrypt the PubSub data for security-type: 5 and 6.
Example:
encrypt-key-label: enc_key
opc ua publisher - signing-key-label#
This parameter defines the label used to find the AES signing key in the TPM. This parameter is required when security-type is set to 5 or 6. This RSA key is used to sign the PubSub data packet.
Example:
signing-label: sign_key
Note
This parameter is not yet supported in ECI 2.5.
opc ua publisher - hmac-key-label#
This parameter defines the label used to find the HMAC key in the TPM. This parameter is required when security-type is set to 5 or 6. This key is used to verify the hash of PubSub data packet.
Example:
hmac-label: hmac_key
Note
This parameter is not yet supported in ECI 2.5.
opc ua publisher - pub-core-affinity#
This optional parameter represents the CPU core to be assigned to the PubSub publish thread. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. This value should be an integer between 0 and the number of available cores minus 1.
By default, this value is set to 2.
Example:
pub-core-affinity: 2
opc ua publisher - pub-sched-priority#
The Publisher Schedule Priority parameter, along with Application Schedule Priority, controls internal thread priorities within the plug-in. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance along with the other values used by the EC Protocol Bridge and other plug-ins, and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 78.
By default, this value is set to 78.
Example:
pub-sched-priority: 78
opc ua publisher - pub-sleep-pct#
The Publisher Sleep Percentage parameter is the timeslice percentage of the cycle time that the publisher is permitted to use. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 60.
By default, this value is set to 60.
Example:
pub-sleep-pct: 60
opc ua publisher - app-core-affinity#
This optional parameter represents the CPU core to be assigned to the PubSub app publish thread. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. This value should be an integer between 0 and the number of available cores minus 1.
By default, this value is set to 3.
Example:
app-core-affinity: 3
opc ua publisher - app-sched-priority#
The Application Schedule Priority parameter, along with Publisher Schedule Priority, controls internal thread priorities within the plug-in. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance along with the other values used by the EC Protocol Bridge and other plug-ins, and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 75.
By default, this value is set to 75.
Example:
pub-sched-priority: 78
opc ua publisher - app-sleep-pct#
Application Sleep Percentage is the timeslice percentage of the cycle time that the publisher’s data input process is permitted to use. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance along with the other values used by the EC Protocol Bridge and other plug-ins, and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 30.
By default, this value is set to 30.
Example:
app-sleep-pct: 30
opc ua publisher - qbv-offset#
This parameter determines the time offset between synchronized nodes. This parameter is only relevant for publishers using the ETF Transport Protocol for PubSub over TSN. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 25000.
By default, this value is set to 25000.
Example:
qbv-offset: 25000
OPC UA - Subscriber Configuration Parameters#
This parameter is the parent for OPC UA PubSub subscriber definitions. The subscriber parameter is a YAML list, it is however currently limited to a single subscriber. Configuring more than one subscriber will generate errors.
Example:
subscriber:
-
There are several subscriber child parameters, which are explained here:
opc ua subscriber - output-dataset-id#
This mandatory parameter defines the dataset that receives data output from OPC UA subscriber.
Example:
output-dataset-id: ds-opcua-out
opc ua subscriber - transport-protocol#
This mandatory parameter must be one of the following values:
UDP: User Datagram Protocol (UDP) is a Transport Layer protocol. Unlike TCP, it is an unreliable and connectionless protocol.
ETH: Ethernet (ETH) is a Transport Layer protocol that uses TCP.
ETF: Earliest TxTime First (ETF) allows control over the instant when a packet is dequeued from the traffic control layer and when packets leave the network interface card (NIC). This is used for OPC UA PubSub over TSN.
Example:
transport-protocol: ETF
opc ua subscriber - network-interface#
This mandatory parameter represents the name of NIC. Use lo for testing with the loopback interface. This parameter must be left blank for UDP.
Example:
network-interface: lo
opc ua subscriber - network-url#
This mandatory parameter should be set to the network URL of the target PubSub subscriber. It typically takes the form of opc.eth:// followed by the MAC address of the subscriber’s NIC, for example, opc.eth://xx-xx-xx-xx-xx-xx. Multicast over Ethernet or loopback can specify the value, opc.eth://ff-ff-ff-ff-ff-ff, while multicast over UDP can specify the value, opc.udp://224.0.0.22:4840.
Example:
network-url: "opc.eth://ff-ff-ff-ff-ff-ff"
opc ua subscriber - server-port#
This mandatory parameter represents the network port used. Using PubSub requires that the plug-in launch an internal OPC UA Server. Each instance of an OPC UA Server, therefore each OPC UA plug-in, running on a compute node must use a unique server port address. This value should be an integer between 1 and 65534. It is recommended to pick a well-known value or a value that is not already registered. See the list of TCP and UDP port numbers.
Example:
server-port: 62541
opc ua subscriber - publisher-id#
This mandatory parameter with writer-group-id and dataset-writer-id form a set of unique identifiers for a PubSub publisher and subscriber pair. Subscribers will receive data only from publishers that have the same matching values. This value should be an integer between 1 and 65534.
Example:
subscriber-id: 2235
opc ua subscriber - writer-group-id#
This mandatory parameter with publisher-id and dataset-writer-id form a set of unique identifiers for a PubSub publisher and subscriber pair. Subscribers will receive data only from publishers that have the same matching values. This value should be an integer between 1 and 65534.
Example:
writer-group-id: 100
opc ua subscriber - dataset-writer-id#
This mandatory parameter with publisher-id and writer-group-id form a set of unique identifiers for a PubSub publisher and subscriber pair. Subscribers will receive data only from publishers that have the same matching values. This value should be an integer between 1 and 65534.
Example:
dataset-writer-id: 1234
opc ua subscriber - cycle-time-us#
This mandatory parameter indicates the interval of the publisher in milliseconds. The value should be between 1 and 4,294,967,295.
Example:
cycle-time-us: 500000
opc ua subscriber - svr-sync-start-offset-ms#
This optional parameter represents the offset, in milliseconds, from the synchronized start delay clock for copying subscriber server data to queue. The value must be a positive integer less than 65535. The default value is 1000 ms.
Example:
svr-sync-start-offset-ms: 10
opc ua subscriber - sub-sync-start-offset-ms#
This optional parameter represents the offset, in milliseconds, from the synchronized start delay clock for subscribing. The value must be a positive integer less than 65535. The default value is 0 ms.
Example:
sub-sync-start-offset-ms: 10
opc ua subscriber - security-type#
This optional parameter represents the type of security to be used for PubSub subscriber decryption. The valid values are:
0 - No security (default)
1 - AES128 keys stored in a clear text file
2 - AES128 keys stored in an encrypted file that is decrypted by TPM
3 - AES256 keys stored in a clear text file
4 - AES256 keys stored in an encrypted file that is decrypted by TPM
5 - AES128 keys stored in TPM (** Note:** This feature is not yet implemented in ECI 2.5)
6 - AES256 keys stored in TPM (** Note:** This feature is not yet implemented in ECI 2.5)
Example:
security-type: 3
opc ua subscriber - keys-file#
This parameter represents the location of the file containing the keys used for PubSub encryption. This parameter is required when security-type is set to 1, 2, 3, or 4. The value of this parameter must specify a valid key file.
Example:
keys-file: ../config/security/pubsub256.key
This text file contains two keys: the encryption key on the first line and the signing key on the second line. These keys may be generated using openssl. For example:
openssl enc -aes256 -pbkdf2 -iter 100000 -nosalt -p -pass pass:encrypt
openssl enc -aes256 -pbkdf2 -iter 100000 -nosalt -p -pass pass:signing
The contents of this file look similar to:
80CD04F471AF3A8BC77D7B459E0102018D3B2BAE381350F83A4A2BA69A41DCC8
AE9B4A3D8BE08F39BFBB7275DA1E32BF36CF1E11778A592F8D92E096E2641D4A
opc ua subscriber - slot#
This parameter defines the slot number used to find the key in the TPM. This parameter is required when security-type is set to 2, 4, 5, or 6.
Example:
slot: 1
opc ua subscriber - user-pin#
This parameter defines the user pin used to find the key in the TPM. This parameter is required when security-type is set to 2, 4, 5, or 6.
Example:
user-pin: 123456
opc ua subscriber - encrypt-key-label#
This parameter defines the label used to find the AES encryption in the TPM. This parameter is required when security-type is set to 2, 4, 5, or 6. The AES key is used to decrypt the keys file for security-type: 2 and 4, and is used to encrypt the PubSub data for security-type: 5 and 6.
Example:
encrypt-key-label: enc_key
opc ua subscriber - signing-key-label#
This parameter defines the label used to find the AES signing key in the TPM. This parameter is required when security-type is set to 5 or 6. This RSA key is used to sign the PubSub data packet.
Example:
signing-label: sign_key
Note
This parameter is not yet supported in ECI 2.5.
opc ua subscriber - hmac-key-label#
This parameter defines the label used to find the HMAC key in the TPM. This parameter is required when security-type is set to 5 or 6. This key is used to verify the hash of PubSub data packet.
Example:
hmac-label: hmac_key
Note
This parameter is not yet supported in ECI 2.5.
opc ua subscriber - sub-core-affinity#
This optional parameter represents the CPU core to be assigned to the PubSub subscribe thread. This parameter is only relevant for subscribers using the ETF Transport Protocol for PubSub over TSN. This value should be an integer between 0 and the number of available cores minus 1.
By default, this value is set to 2.
Example:
sub-core-affinity: 2
opc ua subscriber - sub-sched-priority#
The Subscriber Schedule Priority parameter, along with Application Schedule Priority, controls internal thread priorities within the plug-in. This parameter is only relevant for subscribers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance along with the other values used by the EC Protocol Bridge and other plug-ins, and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 81.
By default, this value is set to 81.
Example:
sub-sched-priority: 81
opc ua subscriber - sub-sleep-pct#
The Subscriber Sleep Percentage parameter is the timeslice percentage of the cycle time that the subscriber is permitted to use. This parameter is only relevant for subscribers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 0.
By default, this value is set to 0.
Example:
sub-sleep-pct: 0
opc ua subscriber - app-core-affinity#
This optional parameter represents the CPU core to be assigned to the PubSub app subscribe thread. This parameter is only relevant for subscribers using the ETF Transport Protocol for PubSub over TSN. This value should be an integer between 0 and the number of available cores minus 1.
By default, this value is set to 3.
Example:
app-core-affinity: 3
opc ua subscriber - app-sched-priority#
The Application Schedule Priority parameter, along with Subscriber Schedule Priority, controls internal thread priorities within the plug-in. This parameter is only relevant for subscribers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance along with the other values used by the EC Protocol Bridge and other plug-ins, and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 75.
By default, this value is set to 75.
Example:
app-sched-priority: 75
opc ua subscriber - app-sleep-pct#
Application Sleep Percentage is the timeslice percentage of the cycle time that the subscriber’s data extraction process is permitted to use. This parameter is only relevant for subscribers using the ETF Transport Protocol for PubSub over TSN. This value must be balanced for best performance along with the other values used by the EC Protocol Bridge and other plug-ins, and can be determined only after extensive benchmark testing. The description of this parameter is not in the scope. Hence, it is recommended to use the predetermined value of 30.
By default, this value is set to 30.
Example:
app-sleep-pct: 30
OPC UA - Putting it all together#
This section provides the sample configuration snippets for client read and write as well as publisher and subscriber. This section also provides the list of example configuration files, which can be used for testing.
Client Monitor Node Configuration Example#
plugin-id: plg-opcua
filename: libplgopcua.so
dataset:
-
dataset-id: opcua-ds1
dataset-fields:
-
datafld-id: fld-int32
datatype: int32
-
dataset-id: opcua-ds2
dataset-fields:
-
datafld-id: fld-timestamp
datatype: datetime
configuration:
client:
-
server-uri: "opc.tcp://localhost:53530/OPCUA/SimulationServer"
monitor-nodes:
-
dataset-id: opcua-ds1
node-name: Counter
namespace: 3
-
dataset-id: opcua-ds2
node-name: 2258 # UA_NS0ID_SERVER_SERVERSTATUS_CURRENTTIME
namespace: 0
Client Read Configuration Example#
plugin-id: plg-opcua
filename: libplgopcua.so
dataset:
-
dataset-id: opcua-client-read-ds
dataset-fields:
-
datafld-id: fld-int32
datatype: int32
-
datafld-id: fld-float
datatype: float
-
datafld-id: fld-string
datatype: string
configuration:
client:
-
server-uri: "opc.tcp://localhost:53530/OPCUA/SimulationServer"
read-nodeset:
dataset-id: opcua-client-read-ds
polling-interval-ms: 500
nodeset:
-
node-name: Int32
namespace: 6
-
node-name: Float
namespace: 6
-
node-name: String
namespace: 6
Client Write Configuration Example#
plugin-id: plg-opcua
filename: libplgopcua.so
dataset:
-
dataset-id: opcua-sim-ds
listener-dataset-id: sim-ds
configuration:
client:
-
server-uri: "opc.tcp://localhost:53530/OPCUA/SimulationServer"
write-nodeset:
dataset-id: opcua-sim-ds
nodeset:
-
node-name: Int32
namespace: 6
-
node-name: Float
namespace: 6
-
node-name: String
namespace: 6
Publisher ETF Configuration Example#
plugin-id: plg-opcua
filename: libplgopcua.so
dataset:
-
dataset-id: opcua-pub-ds
listener-dataset-id: opcua-client-read-ds
configuration:
publisher:
-
cycle-time-us: 500000
input-dataset-id: opcua-pub-ds
transport-protocol: ETF
network-interface: eno1
network-url: "opc.eth://ff-ff-ff-ff-ff-ff"
server-port: 62541
publisher-id: 2235
writer-group-id: 100
dataset-writer-id: 1234
Subscriber ETF Configuration Example#
plugin-id: plg-opcua
filename: libplgopcua.so
dataset:
-
dataset-id: opcua-sub-ds
dataset-fields:
-
datafld-id: fld-int32
datatype: int32
-
datafld-id: fld-float
datatype: float
-
datafld-id: fld-string
datatype: string
configuration:
subscriber:
-
cycle-time-us: 500000
output-dataset-id: opcua-sub-ds
transport-protocol: ETF
network-interface: eno1
network-url: "opc.eth://ff-ff-ff-ff-ff-ff"
server-port: 62542
publisher-id: 2235
writer-group-id: 100
dataset-writer-id: 1234
OPC UA - Test Configuration Files#
The following configuration files can be found in /opt/ec-protocol-bridge/config:
opc-cli-rw-secure-key-store.yaml: Client read and write, with security certificates in TPMopc-cli-rw-secure.yaml: Client read and write, with security certificates on the file systemopc-cli-rw.yaml: Client read and writeopc-pubsub-etf-loopback.yaml: Publish and subscribe over ETF, on a single compute node