Configuration of OPC UA in Redul PLC
The REDUL OPC UA server provides developers with instruments to read and write access to data from IEC applications running on Redul BX00 series programmable logic controllers.
Transferring Various Data Types
Organization of Server Address Space
The server displays in its address space both data and data types. For example, an application running on a controller has the following data types:
TYPE composite_t :
m_i : INT;
m_f : REAL;
m_s : STRING;
TYPE super_composite_t :
m_sub1 : composite_t;
m_q : INT;
m_sub2 : composite_t;
m_z : REAL;
m_sub3 : composite_t;
cmp : composite_t;
sup : super_composite_t;
In this case, TypeDefinition nodes shown in Figure 1 will be present in the address space of the UA server
Figure 1. Representation of data types in address space
All IEC 61131-3 application data will be located under the Root.Objects.IEC_DATA node (Figure 2)
Figure 2. Application Data
Translation of Elementary Data Types
Elementary data types from IEC applications are translated into UA protocol data types according to table 1.
Translation of an Enumerated Type
If an enumerated type (ENUMERATED) is defined in an IEC application:
TYPE COLOR_ENUM_TYPE :
RED := 10,
GREEN := 20,
YELLOW := 30,
BLUE := 40,
BROWN := 50
then in the UA server the data type corresponding to this enumeration will be generated. It will be located in the address space in the form of a node: Types.DataTypes.BaseDataType.Enumeration.COLOR_ENUM_TYPE.
Mapping Arrays of Structures in the Address Space of the UA Server
If the composite_t super_composite_t structures from the previous examples are defined in the application running on the controller, and there are also arrays consisting of these structures:
arr_comp : ARRAY[1..5] OF composite_t;
arr_sup_comp : ARRAY[1..10] OF super_composite_t;
then in the UA server the type definitions generated for such data will appear. An example of data types generated for arrays of structures, as well as an example of data arrays of structures are shown in Figure 3.
Figure 3. Data types and data
Elementary data arrays are represented according to the UA standard data model. In the Variable representing an array, the ValueRank attribute is 1, and the Value attribute contains an array of a given dimension, consisting of elementary types.
Configuring OPC UA Server
To start working with the configurator, you must connect to the controller through a network scanner (see “SIGMA LD SOFTWARE. User Guide”, section “Connecting the controller to the network”).
Enabling OPC UA Server
By default, the OPC UA server is disabled, so you must start the server by following these steps:
- In Sigma LD, on the main tab of the device settings, go to the Files In the Execution area, click the (Refresh) button. A window displays the tree of files available on the controller. Find the etc folder (Figure 4)
Figure 4. File exchange between PC and controller
- In the etc folder, find the cfg file. Use the button << to copy this file from the controller to the PC (from Execution to Host)
- Open the cfg file on your PC. In the [PsOpcUaServer] section, add a line with the value Enable = 1
- In Sigma LD, on the Files tab, use the button >> to copy the changed file from the PC to the controller (from Host to Execution)
- Reboot the controller (using the power on / off reset or the reboot command on the PLC Shell tab)
OPC UA Configurator
The OPC UA Configurator, built into the Sigma LD development environment, implements a standard data access interface.
The configurator provides the following features (Figure 5):
- Unload of the server certificate from the controller (certificate storage path etc / … / own / certs) (Download certificate from controller …)
- Add / remove server / client certificates:
- management of issuers (publishers) certificates (ISSUERS CERTS …)
- management of the list of revoked certificates (CERT REVOCATION LIST …)
- management of trusted certificates (TRUSTED CERTS …)
- management of the list of trusted revoked certificates (TRUSTED REVOCATION LIST …)
- Configuration of server operation logging parameters (Trace …)
- Configuration of endpoint parameters (Endpoint …)
- User access level parameters (Users …)
Figure 5. OPC UA Configurator Tab
To establish a connection between the client and the OPC UA server, the server certificate must be in the list of client trusted certificates (TRUSTED CERTS), and the client certificate should be in the list of trusted server certificates (TRUSTED CERTS). To do this, follow these steps:
- upload the server certificate (storage path – etc / … / server / own / certs) from the PLC using the button (specifying the save path) to add it to the client trust certificate group (TRUSTED CERTS);
- upload the client certificate (TRUSTED CERTS) and / or issuers CA certificates (ISSUERS CERTS) to the PLC.
Note: The storage location of server certificates on the PLC is etc / … / own / certs – public certificate * .der, etc / … / own / private – private certificate * .pem.
Redul OPC UA server keeps two event logs:
- First log: UA stack trace messages. This log displays messages about the operation of the UA stack.
- Second log: messages that are displayed in Sigma LD. Messages about the operation of the PLC application (start / stop of the application, debug messages about the initialization of variables etc) are displayed in this log.
Figure 6. Trace Options window
To configure the UA stack trace, check the Enable box in the corresponding field (the trace is off by default), which allows changing the level of logging details (see table 2). In the Level field (for filtering events), select a value from the drop-down list that shows which messages will be displayed in the log.
To configure UA server tracing, select the Enable checkbox in the corresponding field (by default, tracing is disabled). In the Level field, from the drop-down list, select the required completeness of information to be displayed in Sigma LD (see table 3).
Specify trace file limits in the Maximum number of trace files and Maximum number of records in the trace file fields.
Event logs are stored in files whose name and location are specified in the parameter:
Writing to the current stack trace file ends when the number of messages exceeds the value of the UaAppTraceMaxEntries parameter (Maximum number of records in the trace file). After that, a new trace file is created with a name that differs by digital ending (index). The creation of new trace files ends when it exceeds the value of the UaAppTraceMaxBackup parameter (Maximum number of trace files).
For example, for the given parameters:
Trace messages will be recorded sequentially in files:
After the number of messages in the redul_ua_server_4.log file exceeds 100000, the messages will be recorded again in the redul_ua_server.log file (in a ring).
Figure 7. Endpoint setup example
Select the Enable access point check box. In the URL field, instead of [NodeName], enter the IP address of the controller through which the connection will be established (port for opening incoming TCP connections: 48010). Checking the box in the Automatically trust all client certificates line allows all certificates from this controller to automatically inherit trust.
Figure 8. Configuring permissions for a user
Files and Directories Used by the OPC UA Component
All settings of the OPC UA component, the list of users, certificate files are located in the directory: etc/OpcUA.
In Sigma LD, on the main tab of the device settings, go to the Files tab. In the Execution area, click the (Refresh) button. A window displays the tree of files available on the controller. Find the etc -> OpcUA folder (Figure 9).
Figure 9. Location of the OPC UA component directories on the controller
The path to the server configuration file UA /etc/OpcUA/ServerConfig.xml.
Path to certificate store and revocation lists /etc/OpcUA /ua_certificates / …
The path to the user description file /etc/OpcUA/users.txt.
The OPC UA directory structure on the controller is shown below (Figure 10).
Figure 10. Directory structure of the OPC UA component on the controller
Configuring Connections with OPC UA Clients
When authenticating, establishing a secure connection, and exchanging messages, UA applications use X509 Version 3 certificates encoded in DER (*.der) format. The server automatically generates self-signed controller certificates. To successfully connect UA, the client needs to import self-signed certificates into the group of their trusted certificates (TRUSTED).
This is enough to verify the certificate provided by the server to the client at the stage of establishing the connection.
Configuring Connections with OPC UA Clients
To organize data transfer via OPC UA protocol, you need to add Symbol Configuration in the Sigma LD program. To do this, select the Add object -> Character configuration … in the Application context menu (Figure 11).
Figure 11. Context menu
The Add Symbolic Configuration window opens, where select the OPC UA Feature Support check box and click the Add button (Figure 12).
Figure 12. Adding a Symbol Configuration
Select the Symbol configuration object that appears in the device tree and double-click the name to open the tab. If you added the OPC UA Feature Support setting during the addition, select the Settings tab and check the corresponding box (Figure 13).
Figure 13. Additional confirmation for the support of Symbol Configuration
Initially, a tab with a sign may be displayed on the tab, indicating that it is necessary to compile to detect errors (Figure 14).
Figure 14. Warning message
If compilation is successful, a folder tree will be displayed. From the folder tree, select the desired one (PLC_PRG, GVC, etc.) and in it open the list of variables to add defined in the IEC application (Figure 15). Select the checkbox next to those variables with which the OPC UA protocol will interact.
Figure 15. Adding variables
Impact of Other Applications on the OPC UA Server
Several applications can work in the controller at the same time. Each application will have its own data type system and its own data. For example, if two applications with the names Application and Application_1 are running in the controller, then the application data will be located in the address space under the directories Root.Objects.IEC_DATA.Application and Root.Objects.IEC_DATA.Application_1, respectively (Figure 16).
Figure 16. Application data
When you start or stop the application, the address space of the UA server changes. In this case, the UA client receives a standard event (Event Notification) of the GeneralModelChangeEventType type, in addition, when the application is stopped, the quality of the data received from this application will change to BAD. In response to receiving this event, the client must re-execute the data subscription procedures, as it is possible that the client was subscribed to the data the source of which was the stopped application, or it is possible that new data appeared in the address space in which the client is interested. Also, after receiving the GeneralModelChangeEventType event, the client can perform operations to browse the server address space (browse).
For analysis and diagnostics of the component’s operation, a log of its operation is provided; the details of messages are determined by its configuration. Component operation log files are saved on the controller in the controller component operation logs directory. You can get these files by connecting to the controller with an FTP client at ftp://plclogs:service@plc/, where plc is the address of the controller.
Client Can’t Establish Connection to the Server
Signs of this condition: UA server is working, there are no errors in the log, but the client cannot establish a connection.
Most often, the client cannot establish a connection because the client certificate is not among the trusted ones. You can determine this by checking the ua_certificates/rejected directory. It is possible that this directory contains a newly appeared client certificate file. If so, then the easiest solution to this problem is to transfer the client certificate file from the rejected directory to the trusted directory. Similarly, a situation is possible where the PsOpcUaServer certificate is not among the certificates trusted by the UA client. In this case, you should also check the rejected directory of the client certificate store and take steps to add the PsOpcUaServer certificate to the trusted list.
User Variables are not Displayed
Signs of this condition: the client successfully connected to the UA server, the system variables located in the Root.Objects.Server directory are visible, but the Root.Objects.IEC_DATA directory is empty.
The possible reason is that in the IEC application in the Symbol Configuration section, the user did not check the variables with checkmarks as available for VarAccess. In this case, you need to stop the application, recompile it, mark the variables as available in the Symbol Configuration section, and restart the IEC application.