Skip to content

Connect IoT Installation#

The Connect IoT Installation requires post installation steps that are described in this document.

Note

While this method provides a direct installation method for Connect Iot, Critical Manufacturing recommends using the automatic deployment method, which you can read about in Configure Automation Manager Deployment.

Package Repository#

As described in the System Requirements, Connect IoT requires a Package Repository to store all binaries and respective versions.

Currently, two types of repositories are supported (NPM and Directory), each with their advantages and disadvantages.

Type Advantages Disadvantages
NPM Authentication with roles
Web-Server-Based
Well defined Api
Commercial solutions with support		 Must install/configure/maintain server
Commercial solutions/support is not free
Internet connection may be required
Updating packages requires unpublish + publish (development + hotfixes)
Directory Free
Easy to prepare
Easy to retrieve/change packages
No internet/ports required		 Must be available in all IoT computers (mount)
Authentication based on ACL
Anyone with permissions can simply delete everything

Table: Package Repository types

Deploy Connect IoT Packages#

Package Selection#

Run the setup wizard and select the package Cmf.ConnectIoT.Packages from the dropdown and select Next.

Deploy Connect IoT Packages - Package Selection

If you have any previously exported configuration file, you can import it. Nevertheless, continue to the Next step.

Connect IoT Configuration#

In the NPM Server Repository group, fill out the fields as described below:

  • Is Enabled - specify if the packages should be published to an NPM Repository.
  • Address - full address (including port) of the server (must support NPM api).
  • Tag - tag to mark the packages.
  • Registry User - username with publish permissions.
  • Registry User Password - password of the user indicated in the previous field.
  • Registry User Email - email to associate to the user that will publish the packages.

In the Directory Repository group, define the following options:

  • Is Enabled - specify if the packages should be published to a Directory Repository.
  • Location - directory full path (if the directory does not exist, it will be created).

Deploy Connect IoT Packages - Connect IoT Configurations

MES Configurations#

Define the configurations for the MES system:

  • Tenant Name - tenant name used to connect to the MES system.
  • HostName or IP Address - address where the MES system is installed.
  • Port - port address for the MES system.
  • Use SSL - whether SSL will be used.

In the User Account group, fill out the details for the user that will access the system:

  • User Account - user account to access the MES system.
  • User Password - user password to access the MES system.

Deploy Connect IoT Packages - MES Configurations

Select Next to continue.

Connect IoT Repository Settings#

In the Repository Settings group, define whether to use Configure Repository Settings, as well as the type of Repository to use:

  • Npm
  • Directory

In the Temporary Files group, select whether the temporary files should be removed.

Select Next to continue.

Deploy Connect IoT Packages - Connect IoT Repository Settings

Connect IoT Managers Configurations#

In the Manager Selection group, insert the Automation Manager IDs (one entry per line), and define the base directory where the Managers will be running.

Finally, define whether the Manager should be installed as a service.

Below, in the Automation Manager User Settings group, define the user credentials (username and password) to be used to run the Automation Manager.

Deploy Connect IoT Packages - Connect IoT Managers Configurations

Select Next to review the installation summary, and then continue with the installation process until the end.

Manually Deploy Packages#

Sometimes, there is the need to manually deploy packages - example: Customization packages, so it is important to understand how to accomplish this task.

Directory Repository#

It is fairly simple to deploy a package or even a set of packages:

  1. Copy the file(s) into the directory you are using as the Directory Repository (the one used in the installation of the previous section).

  2. Execute the .rebuildDatabase.ps1 PowerShell script that was created during the installation:

    Rebuild database Powershell script

  3. The database is now updated will all the available packages.

Note

The script fully updates the content of the directory, so you can delete/add/update the packages and run the script.

NPM Repository#

If the NPM server is configured with authentication roles for publishing, make sure you log in first:

npm login --registry=<url>

Then, and for each of the packages you intend to publish, run the command:

npm publish <package> --registry=<url> --tag=<tag>

Running npm commands

Install Automation Manager#

As of version 7.2, it is possible to download, from the Automation Manager entity page, a zip compressed file fully prepared to be used, so, installing the Automation Manager has never been easier.

After downloading the file using the respective wizard, simply extract all the contents into the destination directory.

The final step is to install the automation as a Windows Service. For this feature, execute the PowerShell script that is located in scripts\InstallService.ps1 as an administrator (requirement to create Windows Services), and answer the questions.

Install Automation Manager

Info

.Net Framework 3.5 or higher is required for a correct installation of the Automation Manager.

Troubleshooting#

"Unable to verify the first certificate"#

"Unable to get local issuer certificate"#

When you get any of these errors, this means you are connecting to an SSL enabled host and most likely, the server certificate was issued by a non trusted certificate authority.

To fix this issue, you need to create a text file will the entire chain of certificates (in .pem format), which is needed to allow the server certificate to be validated.

If you only have certificates in .pfx format, you can use OpenSSL to convert them:

openssl pkcs12 -in file.pfx -out file.pem -nodes

The structure of the final file is expected to be something like this:

-----BEGIN CERTIFICATE-----
bGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxCzAJBgNVBAMMAmNhMSAwHgYJKoZIhvcN
AQkBFhFjZXJ0c0BleGFtcGxlLmNvbTAeFw0xOTA1MTcxMDQ5NTRaFw00NjEwMDEx
...
oEGp4U7q1UGmGfmXKiT/gsxJB6bbD6kO1SVdE+706WLg1vN4cLj1jvIr00jhWt41
sJtjAyB64zRVeS5Ic7Vidv6UDMM=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MDQ5NTRaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJv
c3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkG
...
knyZpJnYVisd5NUVmjWNSlK/S6eA/Ka9LxFUhjRt0MMcXP91YHp6+rgsigZt5c3V
aBM3yGsn3YQnttUNp2dQwBgNpH9=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
BwmQEGpD6ECCjPXZLH38KLCpSLzzQEqz0tulvDtRIGlEPLsdlWMLnwbQPG/TJ2M5
Gpezb90Lqfi6POObEIO3/3dAewgn4xhW6aZHf6yWgtM7gdQIJpRXK2T8ZGWv1LMz
...
KAjgC4ttj4DlJfljq61DlegE/0BbAtqNiQ3er9NB/wor3ET5eOO/12Ly1eotiHd5
/rkm+ENnvbNWk4w+LzHXfejtSAh=
-----END CERTIFICATE-----

Then, set the location of this file into the NODE_EXTRA_CA_CERTS environment variable:

set NODE_EXTRA_CA_CERTS=c:\certificates\extra_ca_certificates.txt

As an alternative, you can disable the certificate integrity check. This will not disable security, but will use the certificate exactly as received. However, this option should only be used in a development environment.

set NODE_TLS_REJECT_UNAUTHORIZED=0

Note

The environment variables should be defined as a persistent wide definition. The commands explained in this section are temporary and will only be valid during the session of the command window.