将 OPC-UA 节点服务器注册到 LDS
registering OPC-UA Node server to LDS
你好,我正在尝试将我的 OPC-UA 服务器注册到本地 运行(目前)本地发现服务器。所以当我 运行 我的服务器 whit registerServerMethod
设置为 lds 我得到这个错误:
RegisterServer to the LDS has failed during secure connection => please check that you server certificate is trusted by the LDS. err: The connection has been rejected by server,
Please check that client certificate is trusted by server.
Err = (connect EINVAL 0.0.14.186:4840 - Local (0.0.0.0:0))
所以当我在 (opt/opcfoundation/ualds/pki/rejected/certs) 检查被拒绝的 LDS 文件夹时,没有证书被放置在那里。
我已经尝试了几种不同的证书,我已经将证书的副本放置在受信任的文件夹中,但到目前为止没有任何效果。我在 LDS 矿石上做错了什么我的服务器代码有什么问题吗:
/*global require,setInterval,console */
const opcua = require("node-opcua");
const { SecurityPolicy, OPCUACertificateManager } = require("node-opcua");
// Let's create an instance of OPCUAServer
const server = new opcua.OPCUAServer({
port: 4354, // the port of the listening socket of the server
resourcePath: "/UA/testserver1", // this path will be added to the endpoint resource name
buildInfo: {
productName: "testserver",
buildNumber: "0001",
buildDate: new Date(2020, 7, 9)
},
//certificate and key
certificateFile: "testcert2.pem",
privateKeyFile: "testkey2.pem",
//certificate manager
serverCertificateManager: new OPCUACertificateManager({
automaticallyAcceptUnknownCertificate: true,
rootFolder: "./certs",
}),
//security policies
securityPolicies: [SecurityPolicy.Basic256, SecurityPolicy.None],
securityModes: [opcua.MessageSecurityMode.SignAndEncrypt, opcua.MessageSecurityMode.None],
// setup LDS conncetion
registerServerMethod: 3, // regsiterservermethod 3 = LDS
discoveryServerEndpointUrl: "opc.tcp://localhost:4840",
});
function post_initialize() {
console.log("initialized");
function construct_my_address_space(server) {
const addressSpace = server.engine.addressSpace;
const namespace = addressSpace.getOwnNamespace();
// declare a new object
const device = namespace.addObject({
organizedBy: addressSpace.rootFolder.objects,
browseName: "MyDevice"
});
// add some variables
// add a variable named MyVariable1 to the newly created folder "MyDevice"
let variable1 = 1;
// emulate variable1 changing every 500 ms
setInterval(function () { variable1 += 1; }, 500);
namespace.addVariable({
componentOf: device,
browseName: "MyVariable1",
dataType: "Double",
value: {
get: function () {
return new opcua.Variant({ dataType: opcua.DataType.Double, value: variable1 });
}
}
});
// add a variable named MyVariable2 to the newly created folder "MyDevice"
let variable2 = 10.0;
namespace.addVariable({
componentOf: device,
nodeId: "ns=1;b=1020FFAA", // some opaque NodeId in namespace 4
browseName: "MyVariable2",
dataType: "Double",
value: {
get: function () {
return new opcua.Variant({ dataType: opcua.DataType.Double, value: variable2 });
},
set: function (variant) {
variable2 = parseFloat(variant.value);
return opcua.StatusCodes.Good;
}
}
});
const os = require("os");
/**
* returns the percentage of free memory on the running machine
* @return {double}
*/
function available_memory() {
// var value = process.memoryUsage().heapUsed / 1000000;
const percentageMemUsed = os.freemem() / os.totalmem() * 100.0;
return percentageMemUsed;
}
namespace.addVariable({
componentOf: device,
nodeId: "s=free_memory", // a string nodeID
browseName: "FreeMemory",
dataType: "Double",
value: {
get: function () { return new opcua.Variant({ dataType: opcua.DataType.Double, value: available_memory() }); }
}
});
}
construct_my_address_space(server);
server.start(function () {
console.log("Server is now listening ... ( press CTRL+C to stop)");
console.log("port ", server.endpoints[0].port);
const endpointUrl = server.endpoints[0].endpointDescriptions()[0].endpointUrl;
console.log(" the primary server endpoint url is ", endpointUrl);
});
}
server.initialize(post_initialize);
为了注册到本地发现服务器 (LDS),服务器需要建立安全连接。
安全连接意味着服务器和 LDS 交换它们的证书并验证它们。
虽然一些本地发现服务器可能被配置为自动接受新遇到的证书,但一些会执行严格检查并强制您的服务器证书是可信的。
您需要参考您的 LDS 文档来检查如何将您的服务器证书添加到您的 LDS 的受信任列表中。
证书可以是自签名的,也可以由证书颁发机构提供。在这种情况下,CA 的证书也必须添加到受信任的颁发者证书列表中。
[已添加]
如果需要,您可以 运行 LDS(基于 node-opcua)作为 docker 容器:
docker run -it -p 4840:4840 -v /tmp/lds-config:/root/.config -e HOSTNAME=`hostname` sterfive/lds:latest -
我遇到的问题是由于我的 PC 的主机名是一个数字,这导致超时,因此没有发送证书。
解决方案很简单,将我电脑的主机名更改为以字母开头的名称。
你好,我正在尝试将我的 OPC-UA 服务器注册到本地 运行(目前)本地发现服务器。所以当我 运行 我的服务器 whit registerServerMethod
设置为 lds 我得到这个错误:
RegisterServer to the LDS has failed during secure connection => please check that you server certificate is trusted by the LDS. err: The connection has been rejected by server,
Please check that client certificate is trusted by server.
Err = (connect EINVAL 0.0.14.186:4840 - Local (0.0.0.0:0))
所以当我在 (opt/opcfoundation/ualds/pki/rejected/certs) 检查被拒绝的 LDS 文件夹时,没有证书被放置在那里。
我已经尝试了几种不同的证书,我已经将证书的副本放置在受信任的文件夹中,但到目前为止没有任何效果。我在 LDS 矿石上做错了什么我的服务器代码有什么问题吗:
/*global require,setInterval,console */
const opcua = require("node-opcua");
const { SecurityPolicy, OPCUACertificateManager } = require("node-opcua");
// Let's create an instance of OPCUAServer
const server = new opcua.OPCUAServer({
port: 4354, // the port of the listening socket of the server
resourcePath: "/UA/testserver1", // this path will be added to the endpoint resource name
buildInfo: {
productName: "testserver",
buildNumber: "0001",
buildDate: new Date(2020, 7, 9)
},
//certificate and key
certificateFile: "testcert2.pem",
privateKeyFile: "testkey2.pem",
//certificate manager
serverCertificateManager: new OPCUACertificateManager({
automaticallyAcceptUnknownCertificate: true,
rootFolder: "./certs",
}),
//security policies
securityPolicies: [SecurityPolicy.Basic256, SecurityPolicy.None],
securityModes: [opcua.MessageSecurityMode.SignAndEncrypt, opcua.MessageSecurityMode.None],
// setup LDS conncetion
registerServerMethod: 3, // regsiterservermethod 3 = LDS
discoveryServerEndpointUrl: "opc.tcp://localhost:4840",
});
function post_initialize() {
console.log("initialized");
function construct_my_address_space(server) {
const addressSpace = server.engine.addressSpace;
const namespace = addressSpace.getOwnNamespace();
// declare a new object
const device = namespace.addObject({
organizedBy: addressSpace.rootFolder.objects,
browseName: "MyDevice"
});
// add some variables
// add a variable named MyVariable1 to the newly created folder "MyDevice"
let variable1 = 1;
// emulate variable1 changing every 500 ms
setInterval(function () { variable1 += 1; }, 500);
namespace.addVariable({
componentOf: device,
browseName: "MyVariable1",
dataType: "Double",
value: {
get: function () {
return new opcua.Variant({ dataType: opcua.DataType.Double, value: variable1 });
}
}
});
// add a variable named MyVariable2 to the newly created folder "MyDevice"
let variable2 = 10.0;
namespace.addVariable({
componentOf: device,
nodeId: "ns=1;b=1020FFAA", // some opaque NodeId in namespace 4
browseName: "MyVariable2",
dataType: "Double",
value: {
get: function () {
return new opcua.Variant({ dataType: opcua.DataType.Double, value: variable2 });
},
set: function (variant) {
variable2 = parseFloat(variant.value);
return opcua.StatusCodes.Good;
}
}
});
const os = require("os");
/**
* returns the percentage of free memory on the running machine
* @return {double}
*/
function available_memory() {
// var value = process.memoryUsage().heapUsed / 1000000;
const percentageMemUsed = os.freemem() / os.totalmem() * 100.0;
return percentageMemUsed;
}
namespace.addVariable({
componentOf: device,
nodeId: "s=free_memory", // a string nodeID
browseName: "FreeMemory",
dataType: "Double",
value: {
get: function () { return new opcua.Variant({ dataType: opcua.DataType.Double, value: available_memory() }); }
}
});
}
construct_my_address_space(server);
server.start(function () {
console.log("Server is now listening ... ( press CTRL+C to stop)");
console.log("port ", server.endpoints[0].port);
const endpointUrl = server.endpoints[0].endpointDescriptions()[0].endpointUrl;
console.log(" the primary server endpoint url is ", endpointUrl);
});
}
server.initialize(post_initialize);
为了注册到本地发现服务器 (LDS),服务器需要建立安全连接。 安全连接意味着服务器和 LDS 交换它们的证书并验证它们。
虽然一些本地发现服务器可能被配置为自动接受新遇到的证书,但一些会执行严格检查并强制您的服务器证书是可信的。
您需要参考您的 LDS 文档来检查如何将您的服务器证书添加到您的 LDS 的受信任列表中。
证书可以是自签名的,也可以由证书颁发机构提供。在这种情况下,CA 的证书也必须添加到受信任的颁发者证书列表中。
[已添加]
如果需要,您可以 运行 LDS(基于 node-opcua)作为 docker 容器:
docker run -it -p 4840:4840 -v /tmp/lds-config:/root/.config -e HOSTNAME=`hostname` sterfive/lds:latest -
我遇到的问题是由于我的 PC 的主机名是一个数字,这导致超时,因此没有发送证书。
解决方案很简单,将我电脑的主机名更改为以字母开头的名称。