Attention

You are viewing an older version of the documentation. The latest version is v3.3.

Edge Control Server Application

The EC Server application provides an OPC UA server that can be launched without code modification. A configuration file is used to define the server launch parameters. The server can create nodes from an XML document that describes a UANodeSet. This section describes the command-line and configuration parameters.

The server uses the open62541 library API interface for all communications. You can enable security by specifying the necessary certificate and public/private keys information in the configuration. The private keys can be stored either in a file or in HW-based TPM storage.

A configuration file defines the server runtime parameters and the XML file describes the node set that will be loaded.

The configuration files use the XML format. All elements and attributes are case-sensitive; so, make sure that the files are properly formatted.

Note

Any unknown parameters in a configuration file will be ignored.

Table of Contents

• Edge Control Server Application

  • EC Server - Application Command-line Parameters

    • ec-server: server XML file

  • EC-Server - Configuration Parameters

    • ec-server: Port

    • ec-server: IterateIntervalMicroSec

    • ec-server: ThreadCoreAffinity

    • ec-server: ThreadSchedPriority

    • ec-server: Security

    • ec-server: KeyStore

    • ec-server: ServerCertificate

    • ec-server: ServerPrivateKey

    • ec-server: ServerApplicationUri

    • ec-server: ClientCertificate

    • ec-server: Slot

    • ec-server: UserPin

    • ec-server: KeyLabel

  • EC Server - Test Configuration Files

EC Server - Application Command-line Parameters

The EC Server application takes a single command-line parameter - the name of the configuration file to be loaded. Note that when executing the application using sudo it may be necessary to specify the LD_LIBRARY_PATH environment variable if it is not already set for root. Without this environment variable, the server may not be able to load.

ec-server: server XML file

This parameter lists the xml file that will be loaded when the application launches. Other server parameters are listed as elements in the xml file. It is recommended to name the file as server.xml. However, the filename can be any valid filename with the extension xml.

Example:

sudo -E LD_LIBRARY_PATH=/usr/local/lib/ ./ec-server server.xml

EC-Server - Configuration Parameters

This is an example of the contents of a server XML configuration file.

Example:

<UAServer>
        <Port>4841</Port>
        <NodesetFile>config.xml</NodesetFile>
    <IterateIntervalMicroSec>10000</IterateIntervalMicroSec>
        <ThreadCoreAffinity>1</ThreadCoreAffinity>
        <ThreadSchedPriority>50</ThreadSchedPriority>
        <Security>certificate</Security>
        <KeyStore>File</KeyStore>
        <ServerCertificate>..config/test/server-certificate.der</ServerCertificate>
        <ServerPrivateKey>../config/test/server-private-key.der</ServerPrivateKey>
        <ServerApplicationUri>urn:intel.ecs.server.application</ServerApplicationUri>
        <ClientCertificate>../config/test/client-certificate.der</ClientCertificate>
        <Slot>1</Slot>
        <UserPin>123456</UserPin>
        <KeyLabel>opcua_key</KeyLabel>
</UAServer>

ec-server: Port

This parameter defines the port from which The server will launch. If the parameter is not specified, the server will launch from the default port, that is 4840.

Example:

<Port>4841</Port>

ec-server: IterateIntervalMicroSec

This parameter sets the frequency at which the server will iterate to update node values. This value is in microseconds. On some systems, if the iteration value is too low, the system will become unresponsive as it cannot process faster.

Example: This example sets the iteration value to 10 milliseconds.

<IterateIntervalMicroSec>10000</IterateIntervalMicroSec>

ec-server: ThreadCoreAffinity

This parameter sets the core affinity of the real-time thread.

Example: This example sets the core affinity to 1.

<ThreadCoreAffinity>1</ThreadCoreAffinity>

ec-server: ThreadSchedPriority

This parameter sets the priority of the real-time thread.

Example: This example sets the priority value to 50.

<ThreadSchedPriority>50</ThreadSchedPriority>

ec-server: Security

This optional parameter indicates whether the server should allow connections anonymously or use sign and encrypt security. If set to anonymous, the server will allow clients to connect to the server anonymously. If set to certificate, the server will use sign and encrypt security. The default value is anonymous.

Example:

<Security>certificate</Security>

ec-server: KeyStore

This parameter specifies how the server private key is stored. If Security is set to anonymous, this parameter will not have any effect and need not be specified. If Security is set to certificate, specify the KeyStore. If KeyStore is set to File, the server private key is stored as a file in the file system and contains the actual key in binary format. If the KeyStore is set to TEP, the server private key is stored as a file in the file system and contains the key after it has been encrypted by TEP. If you use TEP as a key store, make sure TEP is installed on the system. For more details on encrypting the key and storing in the TEP, see the key store example.

Example:

KeyStore: File

ec-server: ServerCertificate

This parameter indicates the location where the server certificate is stored in the file system. Define ServerCertificate, if Security is set to certificate. The server certificate is needed for OPC UA sign and encrypt security.

Example:

<ServerCertificate>..config/test/server-certificate.der</ServerCertificate>

ec-server: ServerPrivateKey

This parameter indicates the location where the server private key is stored in the file system. Define ServerPrivateKey, if Security is set to certificate. The server private key is needed for OPC UA sign and encrypt security. The server private key can contain the actual key in binary format or the key after it has been encrypted by TEP. See the “KeyStore” parameter for more information.

Example:

<ServerPrivateKey>../config/test/server-private-key.der</ServerPrivateKey>

ec-server: ServerApplicationUri

This parameter defines the URI specified in the server certificate. Define ServerApplicationUri, if Security is set to certificate. The server application URI is needed for OPC UA sign and encrypt security.

Example:

<ServerApplicationUri>urn:intel.ecs.server.application</ServerApplicationUri>

ec-server: ClientCertificate

This parameter indicates the location where the client certificate is stored in the file system. Define ClientCertificate, if Security is set to certificate. The client certificate is needed for OPC UA sign and encrypt security. This certificate will be added to the server’s trust list.

Example:

<ClientCertificate>../config/test/client-certificate.der</ClientCertificate>

ec-server: Slot

This parameter defines the slot number used by TEP to encrypt and decrypt the server private key. Specify Slot, if KeyStore is set to TEP.

Example:

<Slot>1</Slot>

ec-server: UserPin

This parameter defines the user pin that TEP uses to authorize encryption and decryption of the server private key. If KeyStore is set to TEP, specify UserPin.

Example:

<UserPin>123456</UserPin>

ec-server: KeyLabel

This parameter defines the label used find the AES key in TEP. If KeyStore is set to TEP, specify KeyLabel. The TEP AES key is used to encrypt and decrypt the server private key.

Example:

<KeyLabel>opcua_key</KeyLabel>

EC Server - Test Configuration Files

The following configuration files can be found in /opt/ec-protocol-bridge/config:

• ec-server-config.xml: EC Server configuration