OPC-UA Adapter
The OPC-UA adapter provides connectivity to any OPC-UA compliant server, making it the most versatile adapter for industrial systems.
Overview
The OPC-UA adapter supports:
- Address Space Browsing: Discover available nodes
- Value Reads: Current values with quality and timestamp
- Subscriptions: Real-time value change notifications
- Historical Access: HDA queries (if server supports)
- Method Calls: Execute OPC-UA methods
Prerequisites
- OPC-UA Server: Any UA-compliant server
- Network Access: Reach the OPC-UA endpoint (typically port 4840 or 62541)
- Security Credentials: Based on server configuration
- Server Certificate: For encrypted connections
Configuration
Basic Configuration
adapter:
type: opc-ua
name: opc-ua-plc-1
connection:
endpoint: opc.tcp://plc-server:4840
security:
mode: SignAndEncrypt
policy: Basic256Sha256
authentication:
type: username
username: ${OPCUA_USER}
password: ${OPCUA_PASS}
Security Modes
| Mode | Description |
|------|-------------|
| None | No security (not recommended) |
| Sign | Messages signed but not encrypted |
| SignAndEncrypt | Full security (recommended) |
Security Policies
| Policy | Description |
|--------|-------------|
| None | No encryption |
| Basic128Rsa15 | Legacy (deprecated) |
| Basic256 | Good security |
| Basic256Sha256 | Recommended |
| Aes128_Sha256_RsaOaep | Modern |
| Aes256_Sha256_RsaPss | Highest security |
Authentication Types
Anonymous
authentication:
type: anonymous
Username/Password
authentication:
type: username
username: operator
password: ${PASSWORD}
Certificate
authentication:
type: certificate
certificate: /etc/conduit/certs/client.der
privateKey: /etc/conduit/certs/client.pem
Address Space Discovery
Auto-Discovery
discovery:
enabled: true
interval: 600 # seconds
startNode: "ns=2;s=Device1"
depth: 10
nodeClasses:
- Variable
- Object
Browse Filters
discovery:
filters:
include:
- "ns=2;*"
- "ns=3;s=Production/*"
exclude:
- "*Diagnostics*"
- "*_Internal*"
Node Mapping
Map node IDs to friendly names:
nodeMappings:
"ns=2;s=Device1.Temperature": "Tank1_Temperature"
"ns=2;s=Device1.Pressure": "Tank1_Pressure"
"ns=3;i=1001": "LineSpeed"
Reading Values
Batch Reads
reads:
batchSize: 100
timeout: 5000 # ms
maxAge: 0 # 0 = latest value
Read Attributes
Configure which attributes to read:
reads:
attributes:
- Value
- SourceTimestamp
- ServerTimestamp
- StatusCode
Subscriptions
For real-time monitoring:
subscriptions:
enabled: true
publishingInterval: 1000 # ms
lifetimeCount: 10000
maxKeepAliveCount: 10
maxNotificationsPerPublish: 1000
priority: 0
monitoredItems:
samplingInterval: 500 # ms
queueSize: 10
discardOldest: true
Subscription Patterns
subscriptions:
patterns:
- "ns=2;s=Production/*"
- "ns=2;s=*/Temperature"
- "ns=2;s=*/Pressure"
Historical Access (HDA)
If the server supports OPC-UA Historical Access:
historicalAccess:
enabled: true
readRaw:
enabled: true
maxValues: 10000
readProcessed:
enabled: true
aggregates:
- Average
- Minimum
- Maximum
- Count
HDA Query Translation
NQE: "Show average temperature for Tank1 over the last hour"
Becomes HDA ReadProcessed request with:
- Aggregate: Average
- Start: Now - 1 hour
- End: Now
- Processing interval: Query-specified
Certificate Management
Client Certificate
Generate or provide a client certificate:
certificates:
application:
uri: "urn:conduit:adapter:opc-ua"
name: "Conduit OPC-UA Adapter"
store:
type: directory
path: /etc/conduit/pki
auto:
generate: true
keySize: 2048
validity: 365 # days
Trust Server Certificate
certificates:
trustAll: false # Don't do this in production!
trusted:
- /etc/conduit/pki/trusted/server.der
autoAccept:
enabled: false # Manually approve unknown certs
Data Type Handling
Type Mapping
typeMapping:
Double: float64
Float: float32
Int32: int32
UInt32: uint32
Boolean: bool
String: string
DateTime: timestamp
ByteString: binary
Array Handling
arrays:
maxLength: 1000
flatten: false # Keep as arrays
Performance Tuning
Connection Settings
connection:
sessionTimeout: 60000 # ms
requestTimeout: 10000 # ms
connectTimeout: 5000 # ms
reconnect:
enabled: true
interval: 5000
maxAttempts: -1 # Infinite
Channel Settings
channel:
maxMessageSize: 16777216 # 16MB
maxChunkCount: 32
maxArrayLength: 65535
maxStringLength: 65535
Troubleshooting
Connection Issues
BadSecurityChecksFailed
- Server doesn't trust client certificate
- Import client cert to server's trusted store
BadIdentityTokenRejected
- Invalid credentials
- User not authorized on server
BadCertificateUntrusted
- Client doesn't trust server certificate
- Add server cert to trusted store
Discovery Issues
Nodes Not Found
- Check start node exists
- Verify browse permissions
- Increase depth setting
Performance Issues
High Latency
- Reduce batch size
- Enable subscriptions for frequently read nodes
- Check network latency
Memory Usage
- Reduce subscription queue sizes
- Limit discovery depth
- Filter discovered nodes
Example: Siemens S7-1500
adapter:
type: opc-ua
name: siemens-s7-1500
connection:
endpoint: opc.tcp://192.168.1.100:4840
security:
mode: SignAndEncrypt
policy: Basic256Sha256
authentication:
type: username
username: OpcUaClient
password: ${SIEMENS_PASS}
discovery:
startNode: "ns=3;s=\"DataBlock\""
depth: 5
subscriptions:
enabled: true
publishingInterval: 100
patterns:
- "ns=3;s=\"DB_Process\".*"
Example: Rockwell FactoryTalk
adapter:
type: opc-ua
name: factorytalk-linx
connection:
endpoint: opc.tcp://ftlinx-server:4840
security:
mode: None # FactoryTalk Linx default
authentication:
type: anonymous
discovery:
startNode: "ns=2;s=Online"
Next Steps
- Modbus Adapter - Connect to Modbus devices
- MQTT Adapter - Subscribe to MQTT
- Architecture - How adapters work