MQTT and GraphQL Gateway for OPC UA

Here is an OPC UA gateway with which you can access your OPC UA values via MQTT and GraphQL (HTTP). If you have an OPC UA server in your PLC, or a SCADA system with an OPC UA server, you can query data from there via MQTT and GraphQL (HTTP). In addition, the gateway can also log value changes from OPC UA nodes in an InfluxDB. The archived values can then also be queried via GraphQL.

Open-source

Runs anywhere: Linux, Windows, Mac, …

Here is a single jar version of the gateway.

Example MQTT Client:

Example MQTT Topics:

opc/unified/node/1/16.687.1.0.0.0
opc/unified/node:Value/1/16.687.1.0.0.0
opc/unified/node:Pretty/1/16.687.1.0.0.0
opc/unified/path/Tags/HMI_Tag_3
opc/oa/node:Value/2/ExampleDP_Float.ExampleDP_Arg1
opc/oa/node:value/2/ExampleDP_Float.ExampleDP_Arg1
opc/oa/node:Json/2/ExampleDP_Float.ExampleDP_Arg1
opc/oa/node:json/2/ExampleDP_Float.ExampleDP_Arg1

Example GraphQL Queries:

Here are some Videos/Demos:

Enable OPC UA Server in WinCC Unified

In the TIA Portal you have to enable “Operate as OPC Server” in the Runtime Settings of your project. Download and restart the runtime, and then the OPC UA Server is listening on opc.tcp://localhost:4890.

You need to have a user which has a role with the OPC-UA read and write access permission.

When you try to connect with a client the client will send the certificate to the server and typically the certificate is rejected by the server. To trust the certificate you have to move the certificate from the “Rejected” folder to the “Trusted” folder.

C:\Program Files\Siemens\Automation\WinCCUnified\bin\PKI\Rejected\certs

C:\Program Files\Siemens\Automation\WinCCUnified\bin\PKI\Trusted\certs

How to disable security in WinCC Unified OPC UA Server…

Caution! Don’t do this in a productive environment!

Add a security police “None” to the OPC UA configuration file.

On Windows you can find the file here: “C:\Program Files\Siemens\Automation\WinCCUnified\bin\OpcUaServerRTIL.xml”

<SecurityProfileUris>
<SecurityProfile>
<ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#None</ProfileUri>
<Enabled>true</Enabled>
</SecurityProfile>
...
</SecurityProfileUris>

Mount Disk Image on Linux

If you have created a backup of a disk with dd:

dd if=/dev/sdb of=image.img bs=4096

then you can create loop back devices with partitions:

losetup -f -P ./image.img 
losetup -a

then you can mount partition:

mount /dev/loop0p1 /mnt/disk

Another hint: Copy files with tar so that permissions and users are persevered:

tar cf - . | (cd /destination; tar xvf -)

tar cf - . | ssh root@server2 "tar xf - -C /destination/"

How to view remote traces with RTILtraceViewer from a SIMATIC HMI Unified Comfort Panel…

First you have to enable the Trace forwareder on the panel

Then you have to start a tool on the host where you have installed TIA with Unified (change IP to your Panel IP):

"c:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceTool.exe" -mode receiver -host 192.168.210.128 -tcp

Then you can start the trace viewer on the PC:

"C:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceViewer.exe"

How to enable remote docker API…

Create a file “override.conf” in /etc/systemd/system/docker.service.d

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376

Reload and restart the Docker daemon:

systemctl daemon-reload
systemctl restart docker.service

Now you can connect for example the Siemens Industrial Edge Publisher to the Docker engine and create a Industrial App from images on your Docker host.

Generate QR Code Image in WinCC OA …

Add a label object into your screen and add some lines of code to get a QR image. In this example a mobile phone app will scan the QR code and send username and password via a GraphQL server to WinCC OA and set it on datapoints (username and password should additionally be encrypted).

#uses "CtrlQRCode"

string g_code;

main()
{
  g_code = createUuid();
  strreplace(g_code,"{", "");
  strreplace(g_code,"}", "");
  DebugTN(g_code);

  string fpath = PROJ_PATH+"/pictures/";
  string fname = "login_qr_code_"+myUiNumber();
  int ret = createQRCodeFile(g_code, fpath+fname);
  this.image=fname+".png";

  dpConnect("work", false, "QRLogin.code", "QRLogin.usr", "QRLogin.pwd");
}

void work(string dp, string code, string dp1, string usr, string dp2, string pwd)
{
  if (code == g_code)
  {
    setInputFocus(myModuleName(), myPanelName(), txt_username.name());
    txt_username.text = usr;
    setInputFocus(myModuleName(), myPanelName(), txt_password.name());
    txt_password.text = pwd;
    m_loginFrameworkController.doContinue();
  }
}