...

The Chariot MQTT Server Web UI provides multiple configuration pages on the left navigation panel.

• GENERAL
  • Backup
  • Web Server
  • Certificates
•  ADMINISTRATIVE
  • User Accounts
  • User Sources
  • MQTT Accounts
  • License
• MQTT ServerBackup/Restore
  • License
  • Web Server
  • Certificates
  • • Server Configuration

  Anchor
  Accounts Configuration Accounts Configuration

  User Accounts

  The User Accounts page allows for the creating, updating and deleting of Users and Roles

  ...

  The Users page allows for the creating, updating , and deleting of Chariot Users.   A Chariot User may log into the Chariot Web UI and perform different actions based the the Roles assigned to that User.   The main Chariot Users page shows a table of existing Chariot Users.   Users can be added by clicking the "Add User" button, or they can be edited by clicking on the individual User in the table.

  ...

  Note
  By default, a User with the Username admin and Password password will be created

  The "AddSave" button in the bottom right of the form can be clicked to create the User.

  ...

  Clicking on the edit icon on a Chariot User in the table will display a modal form for editing the Chariot User.

  Image Modified

  Image Modified

  Leaving the password empty will retain the existing users password.

  ...

  The Roles page allows for the creating, updating, and deleting of Chariot Roles.  A Chariot Role is a collection of permissions that authorized viewing, editing , and/or controlling the Chariot MQTT Server. The main Chariot Roles page shows a table of existing Chariot Roles.  Roles can be added by clicking the "Add Role" button, or they can be edited by clicking on the individual Role in the table.

  
  

  Image Modified

  Add Role

  Clicking the "Add Role" button will display a modal form for creating a new Chariot Role.

  Image Modified

  The form contains the following fields:

  • Name
    • A unique name for the Chariot Role.
  • Permissions
    • A list of permissions for the Chariot Role.
    • Permissions have the form <domain>:<action>
      
      • The <domain> represents a service within Chariot that can be interacted with through the Chariot UI.
        Some examples are:
        • user
          • The User Service for managing Chariot UI users
          • See the Chariot UI under the "Users" tab
        • role
          • The Role Service for managing Chariot UI roles
          • See the Chariot UI under the "Roles" tab
        • mqttuser
          • The MQTT User Service for managing MQTT Credentials
          • See the Chariot UI under the "MQTT Account Credentials" tab
        • system
          • The System Service for configuring Server Name, HTTP, Certificates , and Backup/Restore
          • See the Chariot UI under the "System" tabWeb Server, Backup or Certificates pages
        • server
          
          • The MQTT Server Service for configuring and controlling the MQTT server
          • See the Chariot UI under the "MQTT Server Configuration" tab
        • license
          
          • The Licensing Service for licensing the Chariot MQTT Server software
          • See the Chariot UI under the "License" tab
      • The <action> represents the scope of this permission for the associated domain.
        The available actions are:
        
        • read
          • The permission to read/view resources, configurations, and/or data
        • create
          • The permission to create new resources and/or configurations
        • update
          • The permission to update resources and/or configurations
        • delete
          • The permission to delete resources and/or configurations
        • action
          • The permission to perform any actions available from a service within Chariot (such as starting/stopping the MQTT server or activating a license)

  The "AddSave" button in the bottom right of the form can be clicked to create the Role.

  ...

  Clicking on the edit icon on a Chariot Role in the table will display a modal form for editing the Chariot Role.

  Image Modified

  Image Modified

  The "UpdateSave" button in the bottom right can be clicked to update the Chariot Role once all changes have been made.

  ...

  Tip
  This feature is available in Chariot v2.4.2 and newer Review the LDAP and Microsoft Active Directory for Chariot UI/REST Users for configuration details

  Image Modified

  Anchor
  MQTT Accounts MQTT Accounts

  ...

  The MQTT Accounts page contains two tabs: MQTT Credentials and LDAP

  MQTT Account Credentials are the credentials that clients will use to authenticate when establishing an MQTT connection to the Chariot MQTT Server.

  MQTT Account Credentials also contain the access control lists (ACLs) that control which MQTT topics a client can publish and/or subscribe on. MQTT Account Credentials can be added by clicking the "Add Credential" button, or they can be edited by clicking on the individual Credential in the table.

  Tip
  From Chariot release 2.5.0, to avoid manual configuration, the required ACLs can be generated from the Main Navigation > → MQTT → Sparkplug > Tools menu and will automatically → Tools. Clicking one of the available options will provide a modal that will help you automatically generate ACLS to be added to the MQTT Account Credentials.

  Image Modified

  Add Credential

  Clicking the "Add Credential" button will display a modal form for creating a new MQTT Credential.

  Image Modified

  The form contains the following fields:

  ...

  • #
    
    • Allows publish or subscribe on all topics
  • STATE/123
    • Allows publish or subscribe on the specific topic "STATE/123"
  • spBv1.0/#
    • Allows publish or subscribe on all topics that start with "spBv1.0/", such as "spBv1.0/g1/DDATA/e1/d1"

  
  

  Examples of MQTT Account Credentials

  Image Modified

  Edit Credential

  Clicking on the edit icon on a MQTT Account Credential in the table will display a modal form for editing the Credential.

  Image Modified

  Image Modified

  The "Save" button in the bottom right can be clicked to update the Credential once all changes have been made.

  ...

  Chariot can be configured to use an LDAP server for MQTT client authentication and authorization instead of Chariot's MQTT Account Credentials.

  Tip
  This feature is available in Chariot v2.4.2 and newer Review the LDAP for MQTT Clients for configuration details

  Image Modified

  Anchor
  MQTT Server Configuration MQTT Server Configuration

  ...

  Server Configuration

  The MQTT Server Configuration page contains two tabs: Configuration and Bridging.

  ...

  The configuration tab is a simple form used to configure the MQTT Server.

  Image Modified

  The form contains the following fields:

  • Enable Non-secure
    • Whether to enable non-secure client connections over plain TCP.
  • Non-secure Port
    • The port that the MQTT Server will listen on for non-secure connections.
  • Enable Secure
    • Whether to enable Secure client connections over SSL/TLS.
  • Secure Port
    • The port that the MQTT Server will listen on for secure connections.
  • Enable WebSocket
    • Whether to enable non-secure client connections over WebSockets.
  • WebSocket Port
    • The port that the MQTT Server will listen on for non-secure WebSocket connections.
  • Enable Secure WebSocket
    • Whether to enable secure client connections over WebSockets.
  • Secure WebSocket Port
    • The port that the MQTT Server will listen on for secure WebSocket connections.
  • Bind Address
    • The address that the MQTT Server will listen on for MQTT connections.
  • Allow Anonymous
    • Whether to allow anonymous connections (no username and password).
    • Whether to allow anonymous connections (no username and password).
  • Anonymous MQTT Credentials
    • The MQTT Credentials to use for anonymous client's ACLs

  Advanced Options >

  • Enforce Unique LWT Topics (added in release 2.7.0)
    • Whether to enforce a connecting client's LWT topic is not currently registered with another client.
    • Any connection client with an LWT matching any of the "Unique Topic Filters" will have their connection attempt rejected if there is an existing active client with the same LWT topic connected to the server.
  • Unique LWT Topic Filters (add in release 2.7.0)
    • Unique LWT topic filters to use.
    • Support the # wildcard ie. MyLWT/#
    Anonymous MQTT Credentials
    • The MQTT Credentials to use for anonymous client's ACLs

  The "Update" button in the bottom right can be clicked to update the MQTT Server configuration once all changes have been made.  An update will restart the MQTT server.

  ...

  Note
  Bridging is supported in release 2.3.0 forward

  
  

  Image Modified

  To edit an existing bridge client, select the client from the UI. To add a new bridge client , select click "Add Bridge Client".

  Image Modified

  Image Modified

  The form contains the following fields:

  ...

  Note
  If you have deployed Chariot through AWS Marketplace or Azure Marketplace, then no additional steps are required - your license is already installed and activated.

  Image Modified

  Upload License

  A Chariot License is represented by a text file which contains a license key.   The file can either be dragged/dropped into the "Upload License" form, or the license text can be pasted directly into the form.

  Image Modified

  Tip
  The Activate toggle (in the Upload License form) can be used to auto-activate the license immediately after it is uploaded. This is a convenience to prevent the need to click Activate License after uploading a license.

  ...

  Online Activation allows the Chariot MQTT Server to remotely connect to the Chariot Licensing server for activation and deactivation of Chariot Licenses. When the "Online Activation" is selected, the License page appears with the following options:

  Image Modified

  • Activate License
    • Activates an uploaded Chariot License by remotely accessing the Chariot Licensing Server.
  • Deactivate License
    • Deactivates an uploaded & active Chariot License by remotely accessing the Chariot Licensing Server.

  ...

  Offline Activation requires the user to generate an activation request and provide it to Cirrus Link Solutions in order to obtain an Activation Code.  The Activation Code can then be uploaded into the Chariot MQTT Server to activate the previously uploaded Chariot License.  When the "Offline Activation" option is selected, the License page appears with the following options:

  Image Modified

  • Generate Activation Code
    • Generates an Activation Request Code.
  • Deactivate and Generate Code
    • Deactivates an active Chariot License and generates a Deactivation Request Code.
  • Upload Activation Code
    • Uploads an Activation Code that was obtained using the Generate Activation Code.

  ...

  The Web Server page uses the following form to configure the web server settings:

  Image Modified

  The form contains the following fields:

  ...

  Warning
  Self-signed certificates should not be used in a production environment on a public network.

  
  

  Image Modified

  The Certificates page contains the following fields:

  ...

  If successful, the certificate information will now be displayed on the Certificates page:

  Image Modified

  The "Delete Certificates" button can be used to remove the certificate and key from the Chariot MQTT Server and revert to a "SSL Not Setup" state.

  Anchor
  Backup Backup

  Backup

  ...

  This page allows for the backup and restore of Chariot configuration data.

  Image Modified

  • Export Backup
    • This button downloads a backup.zip file that contains the current configuration data of the Chariot instance
  • Restore From Backup
    • This button restore configuration data from backup.zip file.

  ...