Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
Prerequisites:
Overview:
Chariot MQTT Server is a MQTT 3.1.1 compliant MQTT server. It is capable of providing a functional replacement for MQTT Distributor in larger scale deployments. Like Inductive Automation's Ignition platform, it comes with a two hour re-settable trail period. It can also be set up with a license key from Cirrus Link to enable it permanently. Chariot MQTT Server provides a web based administration page for enabling and limiting user access to the MQTT server via an Access Control List (ACLs). Like MQTT Distributor it also supports TLS security and username/password authentication in addition to ACLs for user authorization.
Installing a Virtual Machine Manager:
Chariot MQTT Server can be run in a number of different Virtual Machine managers. Any Virtual Machine manager that supports importing of .ofv appliances should work. Tested versions include the following:
Installing Chariot MQTT Server:
Installation of Chariot MQTT Server is dependent upon the VM Manager being used. Below shows basic instructions for the various tested managers. First you will need to unzip the Cirrus_Link_Chariot_1.0.0.zip file and have access to the Cirrus Link Chariot_*.ovf file.
Using Chariot MQTT Server:
At this point the Chariot MQTT server is up and running. By default it has the hostname 'chariot' and is at the IP address 192.168.1.150 with a subnet mask of 255.255.255.0. In order for you to be able to browse to it, the host computer operating system must be on the same network. Once you are on the same network, you can browse to Chariot MQTT Server by going to https://192.168.1.150. You will likely get security warnings from your browser due to using a certifcate that is not signed by a Certificate Authority(CA). This is ok, just accept the certificate (typically by clicking an 'advanced' button or something similar). Below is an example warning from Google Chrome.
Once you accept the security warning, you should see something similar to the following.
Log in using the default Instance Admin credentials:
After doing so you should see the following:
This shows a list of the users that are allowed to connect to the MQTT Server. By default, there is only one which is 'admin'. This user is an Instance Admin. There are three different types of user roles:
Basic Usage of Features
ACLs are defined by the following format: [R|W|RW] topic
where:
R = Read or 'subscribe' privileges
W = Write or 'publish' privileges
RW = Read and Write (subscribe and publish) privileges
topic = The topic or wildcard topic representing the scope of the privilege
Below are some example ACL definitions
ACLs should be designed with a 'principal of least privilege' model while also considering device management and maintenance. For example gateways and devices in the field should be limited to publishing and subscribing only on the topics for which they should be expected to. The same should be true of 'consumer' applications that will be either sending commands to devices in the field or consuming data coming from those devices.
It is also important to note that a username is not limited to a single MQTT client. A username/password pair could be used for multiple MQTT clients.
If you are new to MQTT topics, Eclipse provides good information here on the basics and wildcards.
Connecting to Chariot MQTT Server
MQTT.fx is a good free graphical based MQTT client to use for testing with Chariot MQTT Server. It is Java based so it will run on any OS that supports running graphical based Java applications.
Once downloaded, start it and create a new connection profile called 'Chariot MQTT Server'. Use the settings shown below. The default password is 'changeme'.
After the connection profile is created, from the main MQTT.fx window, select 'Chariot MQTT Server'