Port 20008 is used to download a project from TIA Portal to the runtime.
So, if you want to do a remote download then this port has to be open.
How to view remote traces with RTILtraceViewer from a SIMATIC HMI Unified Comfort Panel…
First you have to enable the Trace forwareder on the panel
Then you have to start a tool on the host where you have installed TIA with Unified (change IP to your Panel IP):
"c:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceTool.exe" -mode receiver -host 192.168.210.128 -tcpThen you can start the trace viewer on the PC:
"C:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceViewer.exe"How to enable remote docker API…
Create a file “override.conf” in /etc/systemd/system/docker.service.d
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376Reload and restart the Docker daemon:
systemctl daemon-reload
systemctl restart docker.serviceNow you can connect for example the Siemens Industrial Edge Publisher to the Docker engine and create a Industrial App from images on your Docker host.
Mount NFS share on Windows…
Linux: /etc/exports add a line /home/vogler *(rw,no_subtree_check,insecure) exports -a In this example we do it very insecure...
Windows: mount -o anon <hostname>:/home/vogler z:
Generate QR Code Image in WinCC OA …
Add a label object into your screen and add some lines of code to get a QR image. In this example a mobile phone app will scan the QR code and send username and password via a GraphQL server to WinCC OA and set it on datapoints (username and password should additionally be encrypted).
#uses "CtrlQRCode"
string g_code;
main()
{
g_code = createUuid();
strreplace(g_code,"{", "");
strreplace(g_code,"}", "");
DebugTN(g_code);
string fpath = PROJ_PATH+"/pictures/";
string fname = "login_qr_code_"+myUiNumber();
int ret = createQRCodeFile(g_code, fpath+fname);
this.image=fname+".png";
dpConnect("work", false, "QRLogin.code", "QRLogin.usr", "QRLogin.pwd");
}
void work(string dp, string code, string dp1, string usr, string dp2, string pwd)
{
if (code == g_code)
{
setInputFocus(myModuleName(), myPanelName(), txt_username.name());
txt_username.text = usr;
setInputFocus(myModuleName(), myPanelName(), txt_password.name());
txt_password.text = pwd;
m_loginFrameworkController.doContinue();
}
}
Simple GraphQL requests…
A GraphQL server can also be queried with a simple GET request:
wget -O - "https://server.rocworks.at/graphql?query=query { getTag(name: \"Input\") { tag { current { value time } } } }"SSH Keep Alive
Lot of times my ssh session get broken because I didn’t do anything for a while. Sometimes I have started “top” just that the connection does not get broken because of inactivity. But this is not really what I wanna do everytime. Luckily the SSH client can be configured to send alive telegrams for every session so that you do not need to pass arguments every time you open a SSH conneciton.
Following settings will make the SSH client to send alive telegrams to the other side every 60 seconds, and give up if it doesn’t receive any response after 2 tries.
~/.ssh/config
Host *
ServerAliveInterval 60
ServerAliveCountMax 2
Nginx & Certbot (Letsencrypt) via Docker…
Initially you have to init the certbot and get the certificate manually.
# Directories used:
/var/www
/var/www/certbot # handshake sites from certbot
/etc/letsencrypt # certificates are stored here# Initialize Certbot:
docker run --rm -ti \
-v /var/www:/var/www \
-v /etc/letsencrypt:/etc/letsencrypt \
certbot/certbot certonly --webroot -w /var/www/certbot -d <yor-domain-name> --email your.email@something.com The letsencrypt and the www directory must be mounted on both containers. Certbot will check the certificates every 12h and nginx must reload the configuration periodically.
nginx:
image: nginx:1.17.8
ports:
- 80:80
- 443:443
volumes:
- /var/www:/var/www
- /etc/nginx.conf:/etc/nginx/nginx.conf
- /etc/letsencrypt:/etc/letsencrypt
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- /var/www:/var/www
- /etc/letsencrypt:/etc/letsencrypt
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${1}; done;'"Nginx must be configured to publish the certbots well-known sites for the handshake and your sites must be configured to use the certificates from letsencrypt.
server {
listen 80;
server_name <your-domain-name>;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name vcm.winccoa.at;
ssl_certificate /etc/letsencrypt/live/<your-domain-name>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<your-domain-name>/privkey.pem;
root /var/www;
index index.html;
location / {
try_files $uri $uri/ =404;
}WinCC OA on Docker, Dockerfiles and Howto’s…
This repository on Github contains Dockerfiles and samples to build Docker images for WinCC OA products.
Build Docker Image
Download and unzip the CentOS WinCC OA rpm’s to the centos/software directory.
Only put those WinCC OA rpm’s into the directory which you want to have installed in your image. For a minimum image you only need the base packag of WinCC OA.
WinCC_OA_3.16-base-rhel-0-17.x86_64.rpm
Build your WinCC OA Docker image with:
docker build -t winccoa:3.16 .
WinCC OA Project in a Container
The project should be mounted on /proj/start as a volume to your docker container.
And you may also mount a shield file to your docker container.
Example how to startup a WinCC OA project in a container:
docker run -d
--name winccoa
--hostname winccoa-server
-v ~/shield.txt:/opt/WinCC_OA/3.16/shield.txt
-v /proj/DemoApplication_3.16:/proj/start
-p 5678:5678
winccoa:3.16 WinCC OA Gedi in a Container
To start a WinCC OA client application like a Gedi or a User-Interface you have to adapt your config file so that the proxy settings point to the WinCC OA server container. You can just create a copy of your config file (e.g. config.ui) and adapt the settings.
[general]
data = "winccoa-server"
event = "winccoa-server"
mxProxy = "winccoa-server <your-docker-host-name>:5678 cert" Then you can startup a Gedi/Ui with:
docker run --rm
-e DISPLAY=$DISPLAY
-v /tmp/.X11-unix:/tmp/.X11-unix
-v /proj/DemoApplication_3.16:/proj/default
-v /proj/DemoApplication_3.16/config/config.ui:/proj/default/config/config
winccoa:3.16
WCCOAui -autoreg -m gedi -proj default Sure you can also use a copy of your project directory (or a git checkout if you use git) and adapt the config file.
Start Project Administration as Container
With the Project Administration you can create a new project in the /proj directory.
docker run -ti --rm
-e DISPLAY=$DISPLAY
-v /tmp/.X11-unix:/tmp/.X11-unix
-v /proj:/proj
winccoa:3.16
WCCOAui -projAdminDistributed Managers and Kubernetes
For sure what we have done with the Gedi can also be done with Control-Managers and Drivers. And in theory that can also be done with Kubernetes and so you can run your SCADA project in a Kubernetes Cluster.
Use GraphQL in WinCC OA …
This is a simple example how to query a GraphQL server from WinCC OA ctrl via HTTP.
{
string url = "https://server.rocworks.at/graphql";
string query = "query($tag: String!){getTag(name: $tag){tag{current{value}}}}";
mapping variables = makeMapping("tag", "Input");
mapping content = makeMapping("query", query, "variables", variables);
mapping data = makeMapping(
"headers", makeMapping("Content-Type", "application/json"),
"content", jsonEncode(content)
);
mapping result;
netPost(url, data, result);
if (result["httpStatusText"]=="OK") {
DebugTN(result["content"]);
}
else {
return "Error";
}
}Output:
{
"data": {
"getTag": {
"tag": {
"current": {
"value": 280.87696028711866
}
}
}
}
}