Mai 14, 2020

Configuration of OPC UA in Regul PLC

Configuration of OPC UA in Regul PLC

The REGUL OPC UA server provides developers with instruments to read and write access to data from IEC applications running on Regul RX00 series programmable logic controllers.

Transferring Various Data Types

Organization of Server Address Space

The server displays in its address space both data and data types. For example, an application running on a controller has the following data types:

TYPE composite_t :
STRUCT
m_i : INT;
m_f : REAL;
m_s : STRING;
END_STRUCT
END_TYPE
TYPE super_composite_t :
STRUCT
m_sub1 : composite_t;
m_q : INT;
m_sub2 : composite_t;
m_z : REAL;
m_sub3 : composite_t;
END_STRUCT
END_TYPE
and the following variables:
cmp : composite_t;
sup : super_composite_t;

In this case, TypeDefinition nodes shown in Figure 1 will be present in the address space of the UA server

Figure 1. Representation of data types in address space

All IEC 61131-3 application data will be located under the Root.Objects.IEC_DATA node (Figure 2)

Figure 2. Application Data

Translation of Elementary Data Types

Elementary data types from IEC applications are translated into UA protocol data types according to table 1.

IECUANode IDNote
BOOLBoolean0:01
BITByte0:03
BYTEByte0:03
WORDUInt160:05
DWORDUInt320:07
LWORDUInt640:09
SINTSByte0:02
INTInt160:04
DINTInt320:06
LINTInt640:08
USINTByte0:03
UINTUInt160:05
UDINTUInt320:07
ULINTUInt640:09
REALFloat0:10
LREALDouble0:11
STRINGString0:12
WSTRINGString0:12
TIMEUInt320:07number of milliseconds past 00:00
DATEDateTime0:13
DATEANDTIMEDateTime0:13
TIMEOFDAYDateTime0:13only time is set; date = current
Translation of an Enumerated Type

If an enumerated type (ENUMERATED) is defined in an IEC application:

TYPE COLOR_ENUM_TYPE :
(
RED := 10,
GREEN := 20,
YELLOW := 30,
BLUE := 40,
BROWN := 50
);
END_TYPE

then in the UA server the data type corresponding to this enumeration will be generated. It will be located in the address space in the form of a node: Types.DataTypes.BaseDataType.Enumeration.COLOR_ENUM_TYPE.

Mapping Arrays of Structures in the Address Space of the UA Server

If the composite_t super_composite_t structures from the previous examples are defined in the application running on the controller, and there are also arrays consisting of these structures:

arr_comp : ARRAY[1..5] OF composite_t;
arr_sup_comp : ARRAY[1..10] OF super_composite_t;

then in the UA server the type definitions generated for such data will appear. An example of data types generated for arrays of structures, as well as an example of data arrays of structures are shown in Figure 3.

Figure 3. Data types and data

Elementary data arrays are represented according to the UA standard data model. In the Variable representing an array, the ValueRank attribute is 1, and the Value attribute contains an array of a given dimension, consisting of elementary types.

Configuring OPC UA Server

PLC Connection

To start working with the configurator, you must connect to the controller through a network scanner (see „EPSILON LD SOFTWARE. User Guide“, section „Connecting the controller to the network“).

Enabling OPC UA Server

By default, the OPC UA server is disabled, so you must start the server by following these steps:

  • In Epsilon LD, on the main tab of the device settings, go to the Files In the Execution area, click the  (Refresh) button. A window displays the tree of files available on the controller. Find the etc folder (Figure 4)

Figure 4. File exchange between PC and controller

  • In the etc folder, find the cfg file. Use the button << to copy this file from the controller to the PC (from Execution to Host)
  • Open the cfg file on your PC. In the [PsOpcUaServer] section, add a line with the value Enable = 1
  • In Epsilon LD, on the Files tab, use the button >> to copy the changed file from the PC to the controller (from Host to Execution)
  • Reboot the controller (using the power on / off reset or the reboot command on the PLC Shell tab)
OPC UA Configurator

The OPC UA Configurator, built into the Epsilon LD development environment, implements a standard data access interface.

The configurator provides the following features (Figure 5):

  • Unload of the server certificate from the controller (certificate storage path etc / … / own / certs) (Download certificate from controller …)
  • Add / remove server / client certificates:
    • management of issuers (publishers) certificates (ISSUERS CERTS …)
    • management of the list of revoked certificates (CERT REVOCATION LIST …)
    • management of trusted certificates (TRUSTED CERTS …)
    • management of the list of trusted revoked certificates (TRUSTED REVOCATION LIST …)
  • Configuration of server operation logging parameters (Trace …)
  • Configuration of endpoint parameters (Endpoint …)
  • User access level parameters (Users …)
Epsilon LD - OPC UA certificates

Figure 5. OPC UA Configurator Tab

Certificate field

To establish a connection between the client and the OPC UA server, the server certificate must be in the list of client trusted certificates (TRUSTED CERTS), and the client certificate should be in the list of trusted server certificates (TRUSTED CERTS). To do this, follow these steps:

  • upload the server certificate (storage path – etc / … / server / own / certs) from the PLC using the button  (specifying the save path) to add it to the client trust certificate group (TRUSTED CERTS);
  • upload the client certificate (TRUSTED CERTS) and / or issuers CA certificates (ISSUERS CERTS) to the PLC.

Note: The storage location of server certificates on the PLC is etc / … / own / certs – public certificate * .der, etc / … / own / private – private certificate * .pem.

Settings

Regul OPC UA server keeps two event logs:

  • First log: UA stack trace messages. This log displays messages about the operation of the UA stack.
  • Second log: messages that are displayed in Epsilon LD. Messages about the operation of the PLC application (start / stop of the application, debug messages about the initialization of variables etc) are displayed in this log.
Trace

Use the button to open the Trace Settings window (Figure 6).

Figure 6. Trace Options window

To configure the UA stack trace, check the Enable box in the corresponding field (the trace is off by default), which allows changing the level of logging details (see table 2). In the Level field (for filtering events), select a value from the drop-down list that shows which messages will be displayed in the log.

LevelDescription
NONEMessages are not displayed
ERRORError messages generated during exception handling are displayed
WARNINGWarnings about an undesirable situation; attention must be paid
SYSTEMMessages from system services
INFOGeneral informational messages about what is happening. Normal operation.
DEBUGMessages used during debugging
CONTENTMore detailed messages (full text) used during debugging
ALLAll messages

To configure UA server tracing, select the Enable checkbox in the corresponding field (by default, tracing is disabled). In the Level field, from the drop-down list, select the required completeness of information to be displayed in Epsilon LD (see table 3).

LevelDescription
No TraceNo logging
ErrorsError messages are displayed
WarningWarning on the unwanted situations
InfoInformation messages on the operation

Specify trace file limits in the Maximum number of trace files and Maximum number of records in the trace file fields.

Event logs are stored in files whose name and location are specified in the parameter:

<Trace>
<UaAppTraceFile>/mnt/user/archive/logs/regul_ua_server.log</UaAppTraceFile>

Writing to the current stack trace file ends when the number of messages exceeds the value of the UaAppTraceMaxEntries parameter (Maximum number of records in the trace file). After that, a new trace file is created with a name that differs by digital ending (index). The creation of new trace files ends when it exceeds the value of the UaAppTraceMaxBackup parameter (Maximum number of trace files).

For example, for the given parameters:

<UaAppTraceMaxEntries>100000</UaAppTraceMaxEntries>

<UaAppTraceMaxBackup>5</UaAppTraceMaxBackup>

Trace messages will be recorded sequentially in files:

regul_ua_server.log
regul_ua_server_1.log
regul_ua_server_2.log
regul_ua_server_3.log
regul_ua_server_4.log

After the number of messages in the regul_ua_server_4.log file exceeds 100000, the messages will be recorded again in the regul_ua_server.log file (in a ring).

Endpoint

Use the button to open the Connection Point Settings window (Figure 7).

Epsilon LD - OPC UA endpoint options

Figure 7. Endpoint setup example

Select the Enable access point check box. In the URL field, instead of [NodeName], enter the IP address of the controller through which the connection will be established (port for opening incoming TCP connections: 48010). Checking the box in the Automatically trust all client certificates line allows all certificates from this controller to automatically inherit trust.

Endpoint

You can link objects to the user profile to which he will have access to manage and monitor parameters. Opposite the Users line, click the button to restrict password access to remote clients – in this case, after starting the client, a window for entering the password appears (Figure 8).

Figure 8. Configuring permissions for a user

Files and Directories Used by the OPC UA Component

All settings of the OPC UA component, the list of users, certificate files are located in the directory: etc/OpcUA.

In Epsilon LD, on the main tab of the device settings, go to the Files tab. In the Execution area, click the   (Refresh) button. A window displays the tree of files available on the controller. Find the etc -> OpcUA folder (Figure 9).

Epsilon LD - File access

Figure 9. Location of the OPC UA component directories on the controller

The path to the server configuration file UA /etc/OpcUA/ServerConfig.xml.

Path to certificate store and revocation lists /etc/OpcUA /ua_certificates / …

The path to the user description file /etc/OpcUA/users.txt.

The OPC UA directory structure on the controller is shown below (Figure 10).

Figure 10. Directory structure of the OPC UA component on the controller

Configuring Connections with OPC UA Clients

When authenticating, establishing a secure connection, and exchanging messages, UA applications use X509 Version 3 certificates encoded in DER (*.der) format. The server automatically generates self-signed controller certificates. To successfully connect UA, the client needs to import self-signed certificates into the group of their trusted certificates (TRUSTED).

This is enough to verify the certificate provided by the server to the client at the stage of establishing the connection.

Configuring Connections with OPC UA Clients

To organize data transfer via OPC UA protocol, you need to add Symbol Configuration in the Epsilon LD program. To do this, select the Add object -> Character configuration … in the Application context menu (Figure 11).

Figure 11. Context menu

The Add Symbolic Configuration window opens, where select the OPC UA Feature Support check box and click the Add button (Figure 12).

Figure 12. Adding a Symbol Configuration

Select the Symbol configuration object that appears in the device tree and double-click the name to open the tab. If you added the OPC UA Feature Support setting during the addition, select the Settings tab and check the corresponding box (Figure 13).

Figure 13. Additional confirmation for the support of Symbol Configuration

Initially, a tab with a sign may be displayed on the tab, indicating that it is necessary to compile to detect errors (Figure 14).

Figure 14. Warning message

If compilation is successful, a folder tree will be displayed. From the folder tree, select the desired one (PLC_PRG, GVC, etc.) and in it open the list of variables to add defined in the IEC application (Figure 15). Select the checkbox next to those variables with which the OPC UA protocol will interact.

Epsilon LD - OPC UA Symbol configuration

Figure 15. Adding variables

Impact of Other Applications on the OPC UA Server

Several applications can work in the controller at the same time. Each application will have its own data type system and its own data. For example, if two applications with the names Application and Application_1 are running in the controller, then the application data will be located in the address space under the directories Root.Objects.IEC_DATA.Application and Root.Objects.IEC_DATA.Application_1, respectively (Figure 16).

Figure 16. Application data

When you start or stop the application, the address space of the UA server changes. In this case, the UA client receives a standard event (Event Notification) of the GeneralModelChangeEventType type, in addition, when the application is stopped, the quality of the data received from this application will change to BAD. In response to receiving this event, the client must re-execute the data subscription procedures, as it is possible that the client was subscribed to the data the source of which was the stopped application, or it is possible that new data appeared in the address space in which the client is interested. Also, after receiving the GeneralModelChangeEventType event, the client can perform operations to browse the server address space (browse).

Troubleshooting

For analysis and diagnostics of the component’s operation, a log of its operation is provided; the details of messages are determined by its configuration. Component operation log files are saved on the controller in the controller component operation logs directory. You can get these files by connecting to the controller with an FTP client at ftp://plclogs:service@plc/, where plc is the address of the controller.

Client Can’t Establish Connection to the Server

Signs of this condition: UA server is working, there are no errors in the log, but the client cannot establish a connection.

Most often, the client cannot establish a connection because the client certificate is not among the trusted ones. You can determine this by checking the ua_certificates/rejected directory. It is possible that this directory contains a newly appeared client certificate file. If so, then the easiest solution to this problem is to transfer the client certificate file from the rejected directory to the trusted directory. Similarly, a situation is possible where the PsOpcUaServer certificate is not among the certificates trusted by the UA client. In this case, you should also check the rejected directory of the client certificate store and take steps to add the PsOpcUaServer certificate to the trusted list.

User Variables are not Displayed

Signs of this condition: the client successfully connected to the UA server, the system variables located in the Root.Objects.Server directory are visible, but the Root.Objects.IEC_DATA directory is empty.

The possible reason is that in the IEC application in the Symbol Configuration section, the user did not check the variables with checkmarks as available for VarAccess. In this case, you need to stop the application, recompile it, mark the variables as available in the Symbol Configuration section, and restart the IEC application.

Table of Contents

Tutorial