--- alias: installation-guide-connectiotinstallation tags: - connect iot description: "This document outlines steps for installing and configuring the Connect IoT system, including package deployment and Automation Manager setup" --- # Connect IoT Installation The **Connect IoT Installation** requires post installation steps that are described in this document. !!! note While this method provides a direct installation method for Connect Iot, Critical Manufacturing recommends using the automatic deployment method, which you can read about in [[user-guide-automation-manager-configure-deployment]]. ## Package Repository As described in the System Requirements, Connect IoT requires a Package Repository to store all binaries and respective versions. Currently, two types of repositories are supported (`NPM` and `Directory`), each with their advantages and disadvantages. | Type | Advantages | Disadvantages | | --------- | ------------------------------------------------------------ | ------------------------------------------------------------ | | NPM | Authentication with roles
Web-Server-Based
Well defined Api
Commercial solutions with support | Must install/configure/maintain server
Commercial solutions/support is not free
Internet connection may be required
Updating packages requires unpublish + publish (development + hotfixes) | | Directory | Free
Easy to prepare
Easy to retrieve/change packages
No internet/ports required | Must be available in all IoT computers (mount)
Authentication based on ACL
Anyone with permissions can simply delete everything | Table: Package Repository types ## Deploy Connect IoT Packages ### Package Selection Run the setup wizard and select the package `Cmf.ConnectIoT.Packages` from the dropdown and select **Next**. ![Deploy Connect IoT Packages - Package Selection](images/setup_01.png) If you have any previously exported configuration file, you can import it. Nevertheless, continue to the **Next** step. ### Connect IoT Configuration In the **NPM Server Repository** group, fill out the fields as described below: * **Is Enabled** - specify if the packages should be published to an NPM Repository. * **Address** - full address (including port) of the server (must support NPM api). * **Tag** - tag to mark the packages. * **Registry User** - username with publish permissions. * **Registry User Password** - password of the user indicated in the previous field. * **Registry User Email** - email to associate to the user that will publish the packages. In the **Directory Repository** group, define the following options: * **Is Enabled** - specify if the packages should be published to a Directory Repository. * **Location** - directory full path (if the directory does not exist, it will be created). ![Deploy Connect IoT Packages - Connect IoT Configurations](images/setup_02.png) ### MES Configurations Define the configurations for the MES system: * **Tenant Name** - tenant name used to connect to the MES system. * **HostName or IP Address** - address where the MES system is installed. * **Port** - port address for the MES system. * **Use SSL** - whether SSL will be used. In the **User Account** group, fill out the details for the user that will access the system: * **User Account** - user account to access the MES system. * **User Password** - user password to access the MES system. ![Deploy Connect IoT Packages - MES Configurations](images/setup_03.png) Select **Next** to continue. ### Connect IoT Repository Settings In the **Repository Settings** group, define whether to use Configure Repository Settings, as well as the type of Repository to use: * **Npm** * **Directory** In the **Temporary Files** group, select whether the temporary files should be removed. Select **Next** to continue. ![Deploy Connect IoT Packages - Connect IoT Repository Settings](images/setup_04.png) ### Connect IoT Managers Configurations In the **Manager Selection** group, insert the Automation Manager IDs (one entry per line), and define the base directory where the Managers will be running. Finally, define whether the Manager should be installed as a service. Below, in the **Automation Manager User Settings** group, define the user credentials (username and password) to be used to run the Automation Manager. ![Deploy Connect IoT Packages - Connect IoT Managers Configurations](images/setup_05.png) Select **Next** to review the installation summary, and then continue with the installation process until the end. ## Manually Deploy Packages Sometimes, there is the need to manually deploy packages - example: Customization packages, so it is important to understand how to accomplish this task. ### Directory Repository It is fairly simple to deploy a package or even a set of packages: 1. Copy the file(s) into the directory you are using as the Directory Repository (the one used in the installation of the previous section). 2. Execute the `.rebuildDatabase.ps1` PowerShell script that was created during the installation: ![Rebuild database Powershell script](images/rebuild.png) 3. The database is now updated will all the available packages. !!! note The script fully updates the content of the directory, so you can delete/add/update the packages and run the script. ### NPM Repository If the NPM server is configured with authentication roles for publishing, make sure you log in first: ```bash npm login --registry= ``` Then, and for each of the packages you intend to publish, run the command: ```bash npm publish --registry= --tag= ``` ![Running npm commands](images/publish.png) ## Install Automation Manager As of version 7.2, it is possible to download, from the `Automation Manager` entity page, a zip compressed file fully prepared to be used, so, installing the Automation Manager has never been easier. After downloading the file using the respective wizard, simply extract all the contents into the destination directory. The final step is to install the automation as a Windows Service. For this feature, execute the PowerShell script that is located in `scripts\InstallService.ps1` as an administrator (requirement to create Windows Services), and answer the questions. ![Install Automation Manager](images/installService.png) !!! info .Net Framework 3.5 or higher is required for a correct installation of the Automation Manager. ## Troubleshooting ### Untrusted Certification Authority When you get one of the following errors: * "Unable to verify the first certificate" * "Unable to get local issuer certificate" it means you are connecting to an SSL enabled host and most likely, the server certificate was issued by a Untrusted Certificate Authority. To fix this issue, you need to create a text file, named `extra_ca_vertificate.txt`, with the entire chain of certificates (in `.pem` format), which is needed to allow the server certificate to be validated. This file must contain the full certificate chain, including, in order: 1. The Root Certificate 2. The Intermediate Certificate 3. The Server Certificate If you only have certificates in `.pfx` format, you can use OpenSSL to convert them: ```bash openssl pkcs12 -in file.pfx -out file.pem -nodes ``` The structure of the final file should look like this, in the order listed above: ```text # Root Certificate -----BEGIN CERTIFICATE----- bGUgQ28xEDAOBgNVBAsMB3RlY2hvcHMxCzAJBgNVBAMMAmNhMSAwHgYJKoZIhvcN AQkBFhFjZXJ0c0BleGFtcGxlLmNvbTAeFw0xOTA1MTcxMDQ5NTRaFw00NjEwMDEx ... oEGp4U7q1UGmGfmXKiT/gsxJB6bbD6kO1SVdE+706WLg1vN4cLj1jvIr00jhWt41 sJtjAyB64zRVeS5Ic7Vidv6UDMM= -----END CERTIFICATE----- # Intermediate Certificate -----BEGIN CERTIFICATE----- MDQ5NTRaMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExDzANBgNVBAcMBkJv c3RvbjETMBEGA1UECgwKRXhhbXBsZSBDbzEQMA4GA1UECwwHdGVjaG9wczELMAkG ... knyZpJnYVisd5NUVmjWNSlK/S6eA/Ka9LxFUhjRt0MMcXP91YHp6+rgsigZt5c3V aBM3yGsn3YQnttUNp2dQwBgNpH9= -----END CERTIFICATE----- # Server Certificate -----BEGIN CERTIFICATE----- BwmQEGpD6ECCjPXZLH38KLCpSLzzQEqz0tulvDtRIGlEPLsdlWMLnwbQPG/TJ2M5 Gpezb90Lqfi6POObEIO3/3dAewgn4xhW6aZHf6yWgtM7gdQIJpRXK2T8ZGWv1LMz ... KAjgC4ttj4DlJfljq61DlegE/0BbAtqNiQ3er9NB/wor3ET5eOO/12Ly1eotiHd5 /rkm+ENnvbNWk4w+LzHXfejtSAh= -----END CERTIFICATE----- ``` Once the file is ready, set the location into the `NODE_EXTRA_CA_CERTS` environment variable: ```bash set NODE_EXTRA_CA_CERTS=c:\certificates\extra_ca_certificates.txt ``` As an alternative, you can disable the certificate integrity check. This will not disable security, but will use the certificate exactly as received. However, this option should **only** be used in a development environment. ```bash set NODE_TLS_REJECT_UNAUTHORIZED=0 ``` !!! note The environment variables should be defined as a persistent wide definition. The commands explained in this section are temporary and will only be valid during the session of the command window.