Versions Compared

Old Version 14

changes.mady.by.user Jason Browne

Saved on

compared with

New Version Current

changes.mady.by.user Gill Houghton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Chariot MQTT Server Web UI provides multiple configuration pages on the left navigation panel.

  • GENERAL
  •  ADMINISTRATIVE
  • MQTT ServerBackup/Restore

    Anchor
    Accounts Configuration
    Accounts Configuration

    ...

    The Users page allows for the creating, updating , and deleting of Chariot Users. A Chariot User may log into the Chariot Web UI and perform different actions based the the Roles assigned to that User. The main Chariot Users page shows a table of existing Chariot Users. Users can be added by clicking the "Add User" button, or they can be edited by clicking on the individual User in the table.

    ...

    The Roles page allows for the creating, updating, and deleting of Chariot Roles.  A Chariot Role is a collection of permissions that authorized viewing, editing , and/or controlling the Chariot MQTT Server. The main Chariot Roles page shows a table of existing Chariot Roles.  Roles can be added by clicking the "Add Role" button, or they can be edited by clicking on the individual Role in the table.

    ...

    • Name
      • A unique name for the Chariot Role.
    • Permissions
      • A list of permissions for the Chariot Role.
      • Permissions have the form <domain>:<action>
        • The <domain> represents a service within Chariot that can be interacted with through the Chariot UI.
          Some examples are:
          • user
            • The User Service for managing Chariot UI users
            • See the Chariot UI under the "Users" tab
          • role
            • The Role Service for managing Chariot UI roles
            • See the Chariot UI under the "Roles" tab
          • mqttuser
            • The MQTT User Service for managing MQTT Credentials
            • See the Chariot UI under the "MQTT Account Credentials" tab
          • system
            • The System Service for configuring Server Name, HTTP, Certificates , and Backup/Restore
            • See the Chariot UI under the Web Server, Backup , or Certificates pages
          • server
            • The MQTT Server Service for configuring and controlling the MQTT server
            • See the Chariot UI under the "MQTT Server Configuration" tab
          • license
            • The Licensing Service for licensing the Chariot MQTT Server software
            • See the Chariot UI under the "License" tab
        • The <action> represents the scope of this permission for the associated domain.
          The available actions are:
          • read
            • The permission to read/view resources, configurations, and/or data
          • create
            • The permission to create new resources and/or configurations
          • update
            • The permission to update resources and/or configurations
          • delete
            • The permission to delete resources and/or configurations
          • action
            • The permission to perform any actions available from a service within Chariot (such as starting/stopping the MQTT server or activating a license)

    ...

    MQTT Account Credentials also contain the access control lists (ACLs) that control which MQTT topics a client can publish and/or subscribe on. MQTT Accounts Account Credentials can be added by clicking the "Add Credential" button, or they can be edited by clicking on the individual Credential in the table.

    Tip

    From Chariot release 2.5.0, to avoid manual configuration, the required ACLs can be generated from the Main Navigation > MQTT > Sparkplug > Tools menu and will automatically → Tools. Clicking one of the available options will provide a modal that will help you automatically generate ACLS to be added to the MQTT Account Credentials.

     

    Add Credential

    Clicking the "Add Credential" button will display a modal form for creating a new MQTT Credential.

    ...

    Chariot can be configured to use an LDAP server for MQTT client authentication and authorization instead of Chariot's MQTT Account Credentials.

    Tip

    This feature is available in Chariot v2.4.2 and newer

    Review the LDAP for MQTT Clients for configuration details

    ...

    Anchor
    MQTT Server Configuration
    MQTT Server Configuration

    ...

    Server Configuration

    The MQTT Server Configuration page contains two tabs: Configuration and Bridging.

    ...

    • Enable Non-secure
      • Whether to enable non-secure client connections over plain TCP.
    • Non-secure Port
      • The port that the MQTT Server will listen on for non-secure connections.
    • Enable Secure
      • Whether to enable Secure client connections over SSL/TLS.
    • Secure Port
      • The port that the MQTT Server will listen on for secure connections.
    • Enable WebSocket
      • Whether to enable non-secure client connections over WebSockets.
    • WebSocket Port
      • The port that the MQTT Server will listen on for non-secure WebSocket connections.
    • Enable Secure WebSocket
      • Whether to enable secure client connections over WebSockets.
    • Secure WebSocket Port
      • The port that the MQTT Server will listen on for secure WebSocket connections.
    • Bind Address
      • The address that the MQTT Server will listen on for MQTT connections.
    • Allow Anonymous
      • Whether to allow anonymous connections (no username and password).
      Anonymous
      • Whether to allow anonymous connections (no username and password).
    • Anonymous MQTT Credentials
      • The MQTT Credentials to use for anonymous client's ACLs

    Advanced Options >

    • Enforce Unique LWT Topics (added in release 2.7.0)
      • Whether to enforce a connecting client's LWT topic is not currently registered with another client.
      • Any connection client with an LWT matching any of the "Unique Topic Filters" will have their connection attempt rejected if there is an existing active client with the same LWT topic connected to the server.
    • Unique LWT Topic Filters (add in release 2.7.0)
      • Unique LWT topic filters to use.
      • Support the # wildcard ie. MyLWT/#
      Anonymous MQTT Credentials
      • The MQTT Credentials to use for anonymous client's ACLs

    The "Update" button in the bottom right can be clicked to update the MQTT Server configuration once all changes have been made.  An update will restart the MQTT server.

    ...

    To edit an existing bridge client, select the client from the UI. To add a new bridge client , select click "Add Bridge Client".

    The form contains the following fields:

    ...

    The "Delete Certificates" button can be used to remove the certificate and key from the Chariot MQTT Server and revert to a "SSL Not Setup" state.

    Anchor
    Backup
    Backup
    Backup

    ...

    This page allows for the backup and restore of Chariot configuration data.

    ...