This is an automated email from the ASF dual-hosted git repository.
CritasWang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iotdb-docs.git
The following commit(s) were added to refs/heads/main by this push:
new 8781a27d add unsupport none security in opcus (#1081)
8781a27d is described below
commit 8781a27d2724c907303cf5e6abfbb4bd99f653fc
Author: leto-b <[email protected]>
AuthorDate: Wed Apr 22 12:09:56 2026 +0800
add unsupport none security in opcus (#1081)
---
src/.vuepress/public/img/opc-ua-un-none-1.png | Bin 0 -> 92486 bytes
src/.vuepress/public/img/opc-ua-un-none-2.png | Bin 0 -> 17121 bytes
.../Master/Tree/API/Programming-OPC-UA_timecho.md | 94 +++++++++++++++++----
.../V1.3.x/API/Programming-OPC-UA_timecho.md | 34 +++++++-
.../dev-1.3/API/Programming-OPC-UA_timecho.md | 34 +++++++-
.../latest/API/Programming-OPC-UA_timecho.md | 66 ++++++++++++++-
.../Master/Tree/API/Programming-OPC-UA_timecho.md | 61 +++++++++----
.../V1.3.x/API/Programming-OPC-UA_timecho.md | 32 ++++++-
.../dev-1.3/API/Programming-OPC-UA_timecho.md | 32 ++++++-
.../latest/API/Programming-OPC-UA_timecho.md | 31 ++++++-
10 files changed, 339 insertions(+), 45 deletions(-)
diff --git a/src/.vuepress/public/img/opc-ua-un-none-1.png
b/src/.vuepress/public/img/opc-ua-un-none-1.png
new file mode 100644
index 00000000..0d29120b
Binary files /dev/null and b/src/.vuepress/public/img/opc-ua-un-none-1.png
differ
diff --git a/src/.vuepress/public/img/opc-ua-un-none-2.png
b/src/.vuepress/public/img/opc-ua-un-none-2.png
new file mode 100644
index 00000000..cb276ade
Binary files /dev/null and b/src/.vuepress/public/img/opc-ua-un-none-2.png
differ
diff --git a/src/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
b/src/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
index 80b5446b..7d139aea 100644
--- a/src/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
+++ b/src/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
@@ -61,22 +61,22 @@ CREATE PIPE p1
#### 2.1.2 Parameters
-| **Parameter** | **Description**
[...]
-| ------------------------------------ |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
-| sink | OPC UA SINK
[...]
-| sink.opcua.model | OPC UA operational mode
[...]
-| sink.opcua.tcp.port | OPC UA TCP port
[...]
-| sink.opcua.https.port | OPC UA HTTPS port
[...]
-| sink.opcua.security.dir | OPC UA key and certificate directory
[...]
+| **Parameter** | **Description**
[...]
+| ------------------------------------ |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
+| sink | OPC UA SINK
[...]
+| sink.opcua.model | OPC UA operational mode
[...]
+| sink.opcua.tcp.port | OPC UA TCP port
[...]
+| sink.opcua.https.port | OPC UA HTTPS port
[...]
+| sink.opcua.security.dir | OPC UA key and certificate directory
[...]
| opcua.security-policy | Security policy used for OPC UA
connections (case-insensitive). Multiple policies can be configured and
separated by commas. After configuring one policy, clients can only connect
using that policy. Default implementation supports `None` and `Basic256Sha256`.
Should be set to a non-`None` policy by default. `None` policy is only for
debugging (convenient but insecure; not recommended for production). Note:
Supported since V2.0.8, only for client-ser [...]
-| sink.opcua.enable-anonymous-access | Whether OPC UA allows anonymous access
[...]
-| sink.user | User (OPC UA allowed user)
[...]
-| sink.password | Password (OPC UA allowed password)
[...]
+| sink.opcua.enable-anonymous-access | Whether OPC UA allows anonymous access
[...]
+| sink.user | User (OPC UA allowed user)
[...]
+| sink.password | Password (OPC UA allowed password)
[...]
| opcua.with-quality | Whether OPC UA publishes data in value
+ quality mode. When enabled, system processes data as follows:1. Both value
and quality present → Push directly to OPC UA Server.2. Only value present →
Quality automatically filled as UNCERTAIN (default, configurable).3. Only
quality present → Ignore write (no processing).4. Non-value/quality fields
present → Ignore data and log warning (configurable log frequency to avoid
high-frequency interference).5. Qual [...]
-| opcua.value-name | Effective when `with-quality` = true,
specifies the name of the value point. **Note**: Supported since V2.0.8, only
for client-server mode
[...]
-| opcua.quality-name | Effective when `with-quality` = true,
specifies the name of the quality point. **Note**: Supported since V2.0.8, only
for client-server mode
[...]
-| opcua.default-quality | When no quality is provided, specify
`GOOD`/`UNCERTAIN`/`BAD` via SQL parameter. **Note**: Supported since V2.0.8,
only for client-server mode
[...]
-| opcua.timeout-seconds | Client connection timeout in seconds
(effective only when IoTDB acts as client). **Note**: Supported since V2.0.8,
only for client-server mode
[...]
+| opcua.value-name | Effective when `with-quality` = true,
specifies the name of the value point. **Note**: Supported since V2.0.8, only
for client-server mode
[...]
+| opcua.quality-name | Effective when `with-quality` = true,
specifies the name of the quality point. **Note**: Supported since V2.0.8, only
for client-server mode
[...]
+| opcua.default-quality | When no quality is provided, specify
`GOOD`/`UNCERTAIN`/`BAD` via SQL parameter. **Note**: Supported since V2.0.8,
only for client-server mode
[...]
+| opcua.timeout-seconds | Client connection timeout in seconds
(effective only when IoTDB acts as client). **Note**: Supported since V2.0.8,
only for client-server mode
[...]
#### 2.1.3 Example
@@ -110,12 +110,13 @@ In this mode, IoTDB's stream processing engine
establishes a connection with the
2. Install UAExpert and configure certificate information.
##### 2.2.1.2 Quick Start
-
+###### 2.2.1.2.1 Scenarios Supporting the None Security Policy
1. Start OPC UA service using SQL (detailed syntax see [IoTDB OPC Server
Syntax](./Programming-OPC-UA_timecho.md#_2-1-语法)):
```SQL
-CREATE PIPE p1 WITH SINK ('sink'='opc-ua-sink');
+create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+Note: Since version V2.0.8.1, None is no longer supported by default. To use
it, you must manually enable it via the security-policy parameter as shown
above.
2. Write some data:
@@ -124,9 +125,70 @@ INSERT INTO root.test.db(time, s2) VALUES(NOW(), 2);
```
3. Configure UAExpert to connect to IoTDB (password matches `sink.password`
configured above, e.g., root/TimechoDB@2021):
+
+ ::: center
+
+ <img src="/img/OPCUA18.png" alt="" style="width: 60%;"/>
+
+ :::
+
+ ::: center
+
+ <img src="/img/OPCUA04.png" alt="" style="width: 60%;"/>
+
+ :::
+
4. Trust the server certificate, then view written data under Objects folder
on the left:
+
+ ::: center
+
+ <img src="/img/OPCUA05.png" alt="" style="width: 60%;"/>
+
+ :::
+
+ ::: center
+
+ <img src="/img/OPCUA17.png" alt="" style="width: 60%;"/>
+
+ :::
+
+ Note: Since the SecurityPolicy is set to None, mutual certificate trust is
not required. For production environments, it is recommended to use a non-None
SecurityPolicy for connection, which requires mutual certificate trust. For
operations, refer to the Pub/Sub mode section below. In the Client/Server
certificate directory (search for the keyword keyStore in the printed logs),
move the contents in reject to trusted/certs. Follow the sequence: connect →
move server directory → connect [...]
+
+
5. Drag left nodes to the middle to display latest value:
+ ::: center
+
+ <img src="/img/OPCUA07.png" alt="" style="width: 60%;"/>
+
+ :::
+
+###### 2.2.1.2.2 Scenarios Not Supporting the None Security Policy
+1. Use the following SQL to create and start the OPC UA service.
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+
+ Note: Since version V2.0.8.1, OpcUaSink no longer supports None mode by
default for security considerations.
+
+2. Insert some test data.
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. Configure the IoTDB connection in UAExpert:
+
+ - Do not access the URL directly; endpoints must be discovered using the
Discover method
+ - The client first sends a GetEndpoints request with the None policy to
retrieve the endpoint list
+ - It then selects the corresponding encrypted endpoint based on the
configured Basic256Sha256 + SignAndEncrypt to establish an encrypted connection
+
+ 
+
+4. Use the same username and password configuration as above. After selecting
the relevant connection mode (Sign / Sign & Encrypt), if the following prompt
appears, click Ignore to connect directly.
+
+ 
+
+
#### 2.2.2 Pub/Sub Mode
In this mode, IoTDB's stream processing engine sends data change events to the
OPC UA Server (Server) via OPC UA Sink. These events are published to the
server's message queue and managed via Event Nodes. Other OPC UA clients
(Clients) can subscribe to these Event Nodes to receive notifications when data
changes.
diff --git a/src/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
b/src/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
index 31890ac5..5cca37d1 100644
--- a/src/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
+++ b/src/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
@@ -92,13 +92,16 @@ In this mode, IoTDB's stream processing engine establishes
a connection with the
2. Install UAExpert and fill in your own certificate information.
#### Quick Start
+##### Scenarios Supporting the None Security Policy
1. Use the following SQL to create and start the OPC UA Sink in client-server
mode. For detailed syntax, please refer to: [IoTDB OPC Server Syntax](#syntax)
```sql
- create pipe p1 with sink ('sink'='opc-ua-sink');
+ create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+ Note: Since version V1.3.7.2, None is no longer supported by default. To
use it, you must manually enable it via the security-policy parameter as shown
above.
+
2. Write some data.
```sql
@@ -135,6 +138,9 @@ In this mode, IoTDB's stream processing engine establishes
a connection with the
:::
+ Note: Since the SecurityPolicy is set to None, mutual certificate trust is
not required. For production environments, it is recommended to use a non-None
SecurityPolicy for connection, which requires mutual certificate trust. For
operations, refer to the Pub/Sub mode section below. In the Client/Server
certificate directory (search for the keyword keyStore in the printed logs),
move the contents in reject to trusted/certs. Follow the sequence: connect →
move server directory → connect [...]
+
+
5. You can drag the node on the left to the center and display the latest
value of that node:
::: center
@@ -143,6 +149,32 @@ In this mode, IoTDB's stream processing engine establishes
a connection with the
:::
+##### Scenarios Not Supporting the None Security Policy
+1. Use the following SQL to create and start the OPC UA service.
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+
+ Note: Since version V1.3.7.2, OpcUaSink no longer supports None mode by
default for security considerations.
+
+2. Insert some test data.
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. Configure the IoTDB connection in UAExpert:
+
+ - Do not access the URL directly; endpoints must be discovered using the
Discover method
+ - The client first sends a GetEndpoints request with the None policy to
retrieve the endpoint list
+ - It then selects the corresponding encrypted endpoint based on the
configured Basic256Sha256 + SignAndEncrypt to establish an encrypted connection
+
+ 
+
+4. Use the same username and password configuration as above. After selecting
the relevant connection mode (Sign / Sign & Encrypt), if the following prompt
appears, click Ignore to connect directly.
+
+ 
+
+
### Pub / Sub Mode
In this mode, IoTDB's stream processing engine sends data change events to the
OPC UA Server through an OPC UA Sink. These events are published to the
server's message queue and managed through Event Nodes. Other OPC UA Clients
can subscribe to these Event Nodes to receive notifications upon data changes.
diff --git a/src/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
b/src/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
index 31890ac5..5cca37d1 100644
--- a/src/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
+++ b/src/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
@@ -92,13 +92,16 @@ In this mode, IoTDB's stream processing engine establishes
a connection with the
2. Install UAExpert and fill in your own certificate information.
#### Quick Start
+##### Scenarios Supporting the None Security Policy
1. Use the following SQL to create and start the OPC UA Sink in client-server
mode. For detailed syntax, please refer to: [IoTDB OPC Server Syntax](#syntax)
```sql
- create pipe p1 with sink ('sink'='opc-ua-sink');
+ create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+ Note: Since version V1.3.7.2, None is no longer supported by default. To
use it, you must manually enable it via the security-policy parameter as shown
above.
+
2. Write some data.
```sql
@@ -135,6 +138,9 @@ In this mode, IoTDB's stream processing engine establishes
a connection with the
:::
+ Note: Since the SecurityPolicy is set to None, mutual certificate trust is
not required. For production environments, it is recommended to use a non-None
SecurityPolicy for connection, which requires mutual certificate trust. For
operations, refer to the Pub/Sub mode section below. In the Client/Server
certificate directory (search for the keyword keyStore in the printed logs),
move the contents in reject to trusted/certs. Follow the sequence: connect →
move server directory → connect [...]
+
+
5. You can drag the node on the left to the center and display the latest
value of that node:
::: center
@@ -143,6 +149,32 @@ In this mode, IoTDB's stream processing engine establishes
a connection with the
:::
+##### Scenarios Not Supporting the None Security Policy
+1. Use the following SQL to create and start the OPC UA service.
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+
+ Note: Since version V1.3.7.2, OpcUaSink no longer supports None mode by
default for security considerations.
+
+2. Insert some test data.
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. Configure the IoTDB connection in UAExpert:
+
+ - Do not access the URL directly; endpoints must be discovered using the
Discover method
+ - The client first sends a GetEndpoints request with the None policy to
retrieve the endpoint list
+ - It then selects the corresponding encrypted endpoint based on the
configured Basic256Sha256 + SignAndEncrypt to establish an encrypted connection
+
+ 
+
+4. Use the same username and password configuration as above. After selecting
the relevant connection mode (Sign / Sign & Encrypt), if the following prompt
appears, click Ignore to connect directly.
+
+ 
+
+
### Pub / Sub Mode
In this mode, IoTDB's stream processing engine sends data change events to the
OPC UA Server through an OPC UA Sink. These events are published to the
server's message queue and managed through Event Nodes. Other OPC UA Clients
can subscribe to these Event Nodes to receive notifications upon data changes.
diff --git a/src/UserGuide/latest/API/Programming-OPC-UA_timecho.md
b/src/UserGuide/latest/API/Programming-OPC-UA_timecho.md
index 149f989e..7d139aea 100644
--- a/src/UserGuide/latest/API/Programming-OPC-UA_timecho.md
+++ b/src/UserGuide/latest/API/Programming-OPC-UA_timecho.md
@@ -110,12 +110,13 @@ In this mode, IoTDB's stream processing engine
establishes a connection with the
2. Install UAExpert and configure certificate information.
##### 2.2.1.2 Quick Start
-
+###### 2.2.1.2.1 Scenarios Supporting the None Security Policy
1. Start OPC UA service using SQL (detailed syntax see [IoTDB OPC Server
Syntax](./Programming-OPC-UA_timecho.md#_2-1-语法)):
```SQL
-CREATE PIPE p1 WITH SINK ('sink'='opc-ua-sink');
+create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+Note: Since version V2.0.8.1, None is no longer supported by default. To use
it, you must manually enable it via the security-policy parameter as shown
above.
2. Write some data:
@@ -124,9 +125,70 @@ INSERT INTO root.test.db(time, s2) VALUES(NOW(), 2);
```
3. Configure UAExpert to connect to IoTDB (password matches `sink.password`
configured above, e.g., root/TimechoDB@2021):
+
+ ::: center
+
+ <img src="/img/OPCUA18.png" alt="" style="width: 60%;"/>
+
+ :::
+
+ ::: center
+
+ <img src="/img/OPCUA04.png" alt="" style="width: 60%;"/>
+
+ :::
+
4. Trust the server certificate, then view written data under Objects folder
on the left:
+
+ ::: center
+
+ <img src="/img/OPCUA05.png" alt="" style="width: 60%;"/>
+
+ :::
+
+ ::: center
+
+ <img src="/img/OPCUA17.png" alt="" style="width: 60%;"/>
+
+ :::
+
+ Note: Since the SecurityPolicy is set to None, mutual certificate trust is
not required. For production environments, it is recommended to use a non-None
SecurityPolicy for connection, which requires mutual certificate trust. For
operations, refer to the Pub/Sub mode section below. In the Client/Server
certificate directory (search for the keyword keyStore in the printed logs),
move the contents in reject to trusted/certs. Follow the sequence: connect →
move server directory → connect [...]
+
+
5. Drag left nodes to the middle to display latest value:
+ ::: center
+
+ <img src="/img/OPCUA07.png" alt="" style="width: 60%;"/>
+
+ :::
+
+###### 2.2.1.2.2 Scenarios Not Supporting the None Security Policy
+1. Use the following SQL to create and start the OPC UA service.
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+
+ Note: Since version V2.0.8.1, OpcUaSink no longer supports None mode by
default for security considerations.
+
+2. Insert some test data.
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. Configure the IoTDB connection in UAExpert:
+
+ - Do not access the URL directly; endpoints must be discovered using the
Discover method
+ - The client first sends a GetEndpoints request with the None policy to
retrieve the endpoint list
+ - It then selects the corresponding encrypted endpoint based on the
configured Basic256Sha256 + SignAndEncrypt to establish an encrypted connection
+
+ 
+
+4. Use the same username and password configuration as above. After selecting
the relevant connection mode (Sign / Sign & Encrypt), if the following prompt
appears, click Ignore to connect directly.
+
+ 
+
+
#### 2.2.2 Pub/Sub Mode
In this mode, IoTDB's stream processing engine sends data change events to the
OPC UA Server (Server) via OPC UA Sink. These events are published to the
server's message queue and managed via Event Nodes. Other OPC UA clients
(Clients) can subscribe to these Event Nodes to receive notifications when data
changes.
diff --git a/src/zh/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
b/src/zh/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
index cb545a4d..f53d8d03 100644
--- a/src/zh/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
+++ b/src/zh/UserGuide/Master/Tree/API/Programming-OPC-UA_timecho.md
@@ -61,22 +61,22 @@ create pipe p1
#### 2.1.2 参数
-| **参数** | **描述**
[...]
-| ------------------------------------ |
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[...]
-| sink | OPC UA SINK
[...]
-| sink.opcua.model | OPC UA 使用的模式
[...]
-| sink.opcua.tcp.port | OPC UA 的 TCP 端口
[...]
-| sink.opcua.https.port | OPC UA 的 HTTPS 端口
[...]
-| sink.opcua.security.dir | OPC UA 的密钥及证书目录
[...]
-| opcua.security-policy | OPC UA
连接使用的安全策略,不区分大小写。可以配置多个,用`,`连接。配置一个安全策略后,client
才能用对应的策略连接。当前实现默认支持`None`和`Basic256Sha256`策略,应该默认改为任意的非`None`策略,`None`策略在调试环境中单独配置,因为`None`策略虽然不需移动证书,操作方便,但是不安全,生产环境的
server 不建议支持该策略。注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
|
String(安全性依次递增):<br>`None`<br>`Basic128Rsa15`<br>`Basic256`<br>`Basic256Sha256`<br>`Aes128_Sha256
[...]
-| sink.opcua.enable-anonymous-access | OPC UA 是否允许匿名访问
[...]
-| sink.user | 用户,这里指 OPC UA 的允许用户
[...]
-| sink.password | 密码,这里指 OPC UA 的允许密码
[...]
+| **参数** | **描述**
| **取值范围**
[...]
+| ------------------------------------
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------
[...]
+| sink | OPC UA SINK
|
String: opc-ua-sink
[...]
+| sink.opcua.model | OPC UA 使用的模式
|
String: client-server / pub-sub
[...]
+| sink.opcua.tcp.port | OPC UA 的 TCP 端口
|
Integer: [0, 65536]
[...]
+| sink.opcua.https.port | OPC UA 的 HTTPS 端口
|
Integer: [0, 65536]
[...]
+| sink.opcua.security.dir | OPC UA 的密钥及证书目录
|
String: Path,支持绝对及相对目录
[...]
+| opcua.security-policy | OPC UA
连接使用的安全策略,不区分大小写。可以配置多个,用`,`连接。配置一个安全策略后,client
才能用对应的策略连接。当前实现默认支持`None`和`Basic256Sha256`策略,应该默认改为任意的非`None`策略,`None`策略在调试环境中单独配置,因为`None`策略虽然不需移动证书,操作方便,但是不安全,生产环境的
server 不建议支持该策略。注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
|
String(安全性依次递增):<br>`None`<br>`Basic128Rsa15`<br>`Basic256`<br>`Basic256Sha256`<br>`Aes128_Sha256_RsaO
[...]
+| sink.opcua.enable-anonymous-access | OPC UA 是否允许匿名访问
|
Boolean
[...]
+| sink.user | 用户,这里指 OPC UA 的允许用户
|
String
[...]
+| sink.password | 密码,这里指 OPC UA 的允许密码
|
String
[...]
| opcua.with-quality | OPC UA 的测点发布是否为 value + quality
模式。启用配置后,系统将按以下规则处理写入数据:<br>1. 同时包含 value 和 quality,则直接推送至 OPC UA Server。<br>2.
仅包含 value,则 quality 自动填充为 UNCERTAIN(默认值,支持自定义配置)。<br>3. 仅包含
quality,则该写入被忽略,不进行任何处理。<br>4. 包含非 value/quality
字段,则忽略该数据,并记录警告日志(日志频率可配置,避免高频干扰)。<br>5. quality 类型限制:目前仅支持布尔类型(true 表示
GOOD,false 表示 BAD); 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式 | Boolean
[...]
-| opcua.value-name | With-quality 为 true 时生效,表示 value 测点的名字。
注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
[...]
-| opcua.quality-name | With-quality 为 true 时生效,表示 quality
测点的名字。 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
[...]
-| opcua.default-quality | 没有 quality 时,可以通过 SQL
参数指定`GOOD`/`UNCERTAIN`/`BAD`。 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
[...]
-| opcua.timeout-seconds | Client 连接 server 的超时秒数,仅在 IoTDB 为
client 时生效 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
[...]
+| opcua.value-name | With-quality 为 true 时生效,表示 value 测点的名字。
注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
|
String
[...]
+| opcua.quality-name | With-quality 为 true 时生效,表示 quality
测点的名字。 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
| String
[...]
+| opcua.default-quality | 没有 quality 时,可以通过 SQL
参数指定`GOOD`/`UNCERTAIN`/`BAD`。 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
| String:`GOOD`/`UNCERTAIN`/`BAD`
[...]
+| opcua.timeout-seconds | Client 连接 server 的超时秒数,仅在 IoTDB 为
client 时生效 注意:V2.0.8 起支持该参数,且仅支持 client-server 模式
| Long
[...]
#### 2.1.3 示例
@@ -107,16 +107,18 @@ start pipe p1;
2. 安装 UAExpert,填写自身的证书等信息。
##### 2.2.1.2 快速开始
+###### 2.2.1.2.1 支持 None 安全策略的场景
1. 使用如下 sql,启动 OPC UA 服务。详细语法参见上文:[IoTDB OPC
Server语法](./Programming-OPC-UA_timecho.md#_2-1-语法)
```SQL
-create pipe p1 with sink ('sink'='opc-ua-sink');
+create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+注意:在 2.0.8.1 及以上版本中,默认不再支持 `None`,如需使用必须通过 `security-policy` 参数手动开启,如上所示。
2. 写入部分数据。
```SQL
-insert into root.test.db(time, s2) values(now(), 2)
+insert into root.test.db(time, s2) values(now(), 2);
```
3. 在 UAExpert 中配置 iotdb 的连接,其中 password 填写为上述参数配置中 sink.password
中设定的密码(此处用户名、密码以2.3小节示例中配置的 root/root 为例):
@@ -139,12 +141,37 @@ insert into root.test.db(time, s2) values(now(), 2)
<img src="/img/OPCUA06.png" alt="" style="width: 60%;"/>
</div>
+注意:由于此处配置的 `SecurityPolicy` 为 `None`,因此不需要相互信任证书。生产环境建议使用非 `None` 的
`SecurityPolicy` 进行连接,此时需要相互信任证书,操作步骤可以见下文 `Pub/Sub` 模式,在 `Client/Server`
的证书目录下(可以在打印的日志中找 keyStore 关键词),将 reject 的内容挪到 `trusted/certs`下即可,采用连接、移动
server 目录、连接、移动 client 目录、连接的顺序。
+
5. 可以将左侧节点拖动到中间,并展示该节点的最新值:
<div align="center">
<img src="/img/OPCUA07.png" alt="" style="width: 60%;"/>
</div>
+###### 2.2.1.2.2 不支持 None 安全策略的场景
+1. 使用如下 sql,创建并启动 OPC UA 服务。
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+ 注意:从 2.0.8.1 版本开始,`OpcUaSink` 出于安全考虑,默认不再支持 `None` 模式。
+
+2. 写入部分数据。
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. 在 UAExpert 中配置 IoTDB 连接:
+ - 不可直接访问 `URL`,必须通过 `Discover` 方式发现端点
+ - 客户端会先使用 `None` 策略发送 `GetEndpoints` 请求获取端点列表
+ - 再根据配置的 `Basic256Sha256 + SignAndEncrypt` 选择对应加密端点建立加密连接
+
+
+
+4. 用户名密码配置同上,点击相关的连接模式后(`Sign` / `Sign & Encrypt`),如果出现以下内容,点 `Ignore` 直接连。
+
+
+
#### 2.2.2 Pub / Sub 模式
在这种模式下,IoTDB的流处理引擎通过 OPC UA Sink 向OPC UA
服务器(Server)发送数据变更事件。这些事件被发布到服务器的消息队列中,并通过事件节点 (Event Node) 进行管理。其他OPC
UA客户端(Client)可以订阅这些事件节点,以便在数据变更时接收通知。
diff --git a/src/zh/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
b/src/zh/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
index 917b211e..6661ae16 100644
--- a/src/zh/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
+++ b/src/zh/UserGuide/V1.3.x/API/Programming-OPC-UA_timecho.md
@@ -93,12 +93,13 @@ start pipe p1;
2. 安装 UAExpert,填写自身的证书等信息。
#### 快速开始
-
+##### 支持 None 安全策略的场景
1. 使用如下 sql,创建并启动 client-server 模式的 OPC UA Sink。详细语法参见上文:[IoTDB OPC
Server语法](#语法)
```SQL
-create pipe p1 with sink ('sink'='opc-ua-sink');
+create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+注意:在 V1.3.7.2 及以上版本中,默认不再支持 `None`,如需使用必须通过 `security-policy` 参数手动开启,如上所示。
2. 写入部分数据。
@@ -106,7 +107,7 @@ create pipe p1 with sink ('sink'='opc-ua-sink');
insert into root.test.db(time, s2) values(now(), 2)
```
- 此处自动创建元数据开启。
+此处自动创建元数据开启。
3. 在 UAExpert 中配置 iotdb 的连接,其中 password 填写为上述参数配置中 sink.password
中设定的密码(此处以默认密码root为例):
@@ -128,12 +129,37 @@ insert into root.test.db(time, s2) values(now(), 2)
<img src="/img/OPCUA06.png" alt="" style="width: 60%;"/>
</div>
+注意:由于此处配置的 `SecurityPolicy` 为 `None`,因此不需要相互信任证书。生产环境建议使用非 `None` 的
`SecurityPolicy` 进行连接,此时需要相互信任证书,操作步骤可以见下文 `Pub/Sub` 模式,在 `Client/Server`
的证书目录下(可以在打印的日志中找 keyStore 关键词),将 reject 的内容挪到 `trusted/certs`下即可,采用连接、移动
server 目录、连接、移动 client 目录、连接的顺序。
+
5. 可以将左侧节点拖动到中间,并展示该节点的最新值:
<div align="center">
<img src="/img/OPCUA07.png" alt="" style="width: 60%;"/>
</div>
+##### 不支持 None 安全策略的场景
+1. 使用如下 sql,创建并启动 OPC UA 服务。
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+ 注意:从 V1.3.7.2 版本开始,`OpcUaSink` 出于安全考虑,默认不再支持 `None` 模式。
+
+2. 写入部分数据。
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. 在 UAExpert 中配置 IoTDB 连接:
+ - 不可直接访问 `URL`,必须通过 `Discover` 方式发现端点
+ - 客户端会先使用 `None` 策略发送 `GetEndpoints` 请求获取端点列表
+ - 再根据配置的 `Basic256Sha256 + SignAndEncrypt` 选择对应加密端点建立加密连接
+
+
+
+4. 用户名密码配置同上,点击相关的连接模式后(`Sign` / `Sign & Encrypt`),如果出现以下内容,点 `Ignore` 直接连。
+
+
+
### Pub / Sub 模式
在这种模式下,IoTDB的流处理引擎通过 OPC UA Sink 向OPC UA
服务器(Server)发送数据变更事件。这些事件被发布到服务器的消息队列中,并通过事件节点 (Event Node) 进行管理。其他OPC
UA客户端(Client)可以订阅这些事件节点,以便在数据变更时接收通知。
diff --git a/src/zh/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
b/src/zh/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
index 917b211e..6661ae16 100644
--- a/src/zh/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
+++ b/src/zh/UserGuide/dev-1.3/API/Programming-OPC-UA_timecho.md
@@ -93,12 +93,13 @@ start pipe p1;
2. 安装 UAExpert,填写自身的证书等信息。
#### 快速开始
-
+##### 支持 None 安全策略的场景
1. 使用如下 sql,创建并启动 client-server 模式的 OPC UA Sink。详细语法参见上文:[IoTDB OPC
Server语法](#语法)
```SQL
-create pipe p1 with sink ('sink'='opc-ua-sink');
+create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+注意:在 V1.3.7.2 及以上版本中,默认不再支持 `None`,如需使用必须通过 `security-policy` 参数手动开启,如上所示。
2. 写入部分数据。
@@ -106,7 +107,7 @@ create pipe p1 with sink ('sink'='opc-ua-sink');
insert into root.test.db(time, s2) values(now(), 2)
```
- 此处自动创建元数据开启。
+此处自动创建元数据开启。
3. 在 UAExpert 中配置 iotdb 的连接,其中 password 填写为上述参数配置中 sink.password
中设定的密码(此处以默认密码root为例):
@@ -128,12 +129,37 @@ insert into root.test.db(time, s2) values(now(), 2)
<img src="/img/OPCUA06.png" alt="" style="width: 60%;"/>
</div>
+注意:由于此处配置的 `SecurityPolicy` 为 `None`,因此不需要相互信任证书。生产环境建议使用非 `None` 的
`SecurityPolicy` 进行连接,此时需要相互信任证书,操作步骤可以见下文 `Pub/Sub` 模式,在 `Client/Server`
的证书目录下(可以在打印的日志中找 keyStore 关键词),将 reject 的内容挪到 `trusted/certs`下即可,采用连接、移动
server 目录、连接、移动 client 目录、连接的顺序。
+
5. 可以将左侧节点拖动到中间,并展示该节点的最新值:
<div align="center">
<img src="/img/OPCUA07.png" alt="" style="width: 60%;"/>
</div>
+##### 不支持 None 安全策略的场景
+1. 使用如下 sql,创建并启动 OPC UA 服务。
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+ 注意:从 V1.3.7.2 版本开始,`OpcUaSink` 出于安全考虑,默认不再支持 `None` 模式。
+
+2. 写入部分数据。
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. 在 UAExpert 中配置 IoTDB 连接:
+ - 不可直接访问 `URL`,必须通过 `Discover` 方式发现端点
+ - 客户端会先使用 `None` 策略发送 `GetEndpoints` 请求获取端点列表
+ - 再根据配置的 `Basic256Sha256 + SignAndEncrypt` 选择对应加密端点建立加密连接
+
+
+
+4. 用户名密码配置同上,点击相关的连接模式后(`Sign` / `Sign & Encrypt`),如果出现以下内容,点 `Ignore` 直接连。
+
+
+
### Pub / Sub 模式
在这种模式下,IoTDB的流处理引擎通过 OPC UA Sink 向OPC UA
服务器(Server)发送数据变更事件。这些事件被发布到服务器的消息队列中,并通过事件节点 (Event Node) 进行管理。其他OPC
UA客户端(Client)可以订阅这些事件节点,以便在数据变更时接收通知。
diff --git a/src/zh/UserGuide/latest/API/Programming-OPC-UA_timecho.md
b/src/zh/UserGuide/latest/API/Programming-OPC-UA_timecho.md
index 6a7d2678..f53d8d03 100644
--- a/src/zh/UserGuide/latest/API/Programming-OPC-UA_timecho.md
+++ b/src/zh/UserGuide/latest/API/Programming-OPC-UA_timecho.md
@@ -107,16 +107,18 @@ start pipe p1;
2. 安装 UAExpert,填写自身的证书等信息。
##### 2.2.1.2 快速开始
+###### 2.2.1.2.1 支持 None 安全策略的场景
1. 使用如下 sql,启动 OPC UA 服务。详细语法参见上文:[IoTDB OPC
Server语法](./Programming-OPC-UA_timecho.md#_2-1-语法)
```SQL
-create pipe p1 with sink ('sink'='opc-ua-sink');
+create pipe p1 with sink ('sink'='opc-ua-sink',
'opcua.security-policy'='AES128_SHA256_RSAOAEP, AES256_SHA256_RSAPSS,
BASIC256SHA256, NONE');
```
+注意:在 2.0.8.1 及以上版本中,默认不再支持 `None`,如需使用必须通过 `security-policy` 参数手动开启,如上所示。
2. 写入部分数据。
```SQL
-insert into root.test.db(time, s2) values(now(), 2)
+insert into root.test.db(time, s2) values(now(), 2);
```
3. 在 UAExpert 中配置 iotdb 的连接,其中 password 填写为上述参数配置中 sink.password
中设定的密码(此处用户名、密码以2.3小节示例中配置的 root/root 为例):
@@ -139,12 +141,37 @@ insert into root.test.db(time, s2) values(now(), 2)
<img src="/img/OPCUA06.png" alt="" style="width: 60%;"/>
</div>
+注意:由于此处配置的 `SecurityPolicy` 为 `None`,因此不需要相互信任证书。生产环境建议使用非 `None` 的
`SecurityPolicy` 进行连接,此时需要相互信任证书,操作步骤可以见下文 `Pub/Sub` 模式,在 `Client/Server`
的证书目录下(可以在打印的日志中找 keyStore 关键词),将 reject 的内容挪到 `trusted/certs`下即可,采用连接、移动
server 目录、连接、移动 client 目录、连接的顺序。
+
5. 可以将左侧节点拖动到中间,并展示该节点的最新值:
<div align="center">
<img src="/img/OPCUA07.png" alt="" style="width: 60%;"/>
</div>
+###### 2.2.1.2.2 不支持 None 安全策略的场景
+1. 使用如下 sql,创建并启动 OPC UA 服务。
+ ```SQL
+ create pipe p1 with sink ('sink'='opc-ua-sink');
+ ```
+ 注意:从 2.0.8.1 版本开始,`OpcUaSink` 出于安全考虑,默认不再支持 `None` 模式。
+
+2. 写入部分数据。
+ ```SQL
+ insert into root.test.db(time, s2) values(now(), 2);
+ ```
+
+3. 在 UAExpert 中配置 IoTDB 连接:
+ - 不可直接访问 `URL`,必须通过 `Discover` 方式发现端点
+ - 客户端会先使用 `None` 策略发送 `GetEndpoints` 请求获取端点列表
+ - 再根据配置的 `Basic256Sha256 + SignAndEncrypt` 选择对应加密端点建立加密连接
+
+
+
+4. 用户名密码配置同上,点击相关的连接模式后(`Sign` / `Sign & Encrypt`),如果出现以下内容,点 `Ignore` 直接连。
+
+
+
#### 2.2.2 Pub / Sub 模式
在这种模式下,IoTDB的流处理引擎通过 OPC UA Sink 向OPC UA
服务器(Server)发送数据变更事件。这些事件被发布到服务器的消息队列中,并通过事件节点 (Event Node) 进行管理。其他OPC
UA客户端(Client)可以订阅这些事件节点,以便在数据变更时接收通知。
