lmxopcua

dohertj2/lmxopcua

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joseph Doherty	6d290adb37	Task #220 — AB CIP + S7 live-boot verification (5/5 stages each) Replicated the Modbus #218 bring-up against the AB CIP + S7 seeds to confirm the factories + seeds shipped in #217 actually work end-to-end. Both pass 5/5 e2e stages with `OpcUaServer:AnonymousRoles=[WriteOperate]` (the #221 knob). ## AB CIP (against ab_server controllogix fixture, port 44818) ``` === AB CIP e2e summary: 5/5 passed === [PASS] Probe [PASS] Driver loopback [PASS] Server bridge (driver → server → client) [PASS] OPC UA write bridge (client → server → driver) [PASS] Subscribe sees change ``` Server log: `DriverInstance abcip-smoke-drv (AbCip) registered + initialized` ✓. ## S7 (against python-snap7 s7_1500 fixture, port 1102) ``` === S7 e2e summary: 5/5 passed === [PASS] Probe [PASS] Driver loopback [PASS] Server bridge [PASS] OPC UA write bridge [PASS] Subscribe sees change ``` Server log: `DriverInstance s7-smoke-drv (S7) registered + initialized` ✓. ## Seed fixes so bring-up is idempotent Live-boot exposed two seed-level papercuts when applying multiple smoke seeds in sequence: 1. SA credential collision. `UX_ClusterNodeCredential_Value` is a unique index on `(Kind, Value) WHERE Enabled=1`, so `sa` can only bind to one node at a time. Each seed's DELETE block only dropped the credential tied to ITS node — seeding AbCip after Modbus blew up with `Cannot insert duplicate key` on the sa binding. Added a global `DELETE FROM dbo.ClusterNodeCredential WHERE Kind='SqlLogin' AND Value='sa'` before the per-cluster INSERTs. Production deployments using non-SA logins aren't affected. 2. DashboardPort 5000 → 15050. `HealthEndpointsHost` uses `HttpListener`, which rejects port 5000 on Windows without a `netsh http add urlacl` grant or admin rights. 15050 is unreserved + loopback-safe per the HealthEndpointsHost remarks. Applied to all four smoke seeds (Modbus was patched at runtime in #218; now baked into the seed). ## AB Legacy status Not live-boot verified — ab_server PCCC dispatcher is upstream-broken (#222). The factory + seed ship ready for hardware; the seed's DELETE + DashboardPort fixes land in this PR so when real SLC/MicroLogix/PLC-5 arrives the sql just applies. ## Closes #220 Umbrella #209 was already closed; #220 was the final child. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 12:02:40 -04:00
Joseph Doherty	e8172f9452	Task #209 exit gate — seed-creds fix + live Modbus verification (4/5 stages) Booted the server against the Modbus seed end-to-end to exercise the factory wiring shipped in #216 + #217. Surfaced two real issues with the seeds themselves; fixed both: 1. Missing ClusterNodeCredential. `sp_GetCurrentGenerationForCluster` enforces `ClusterNodeCredential.Value = SUSER_SNAME()` and aborts with `RAISERROR('Unauthorized: caller sa is not bound to NodeId')`. All four seed scripts now insert the binding row alongside the ClusterNode row. Without this, the server fails bootstrap with `BootstrapException: Central DB unreachable and no local cache available` (the Unauthorized error gets swallowed on top of the HTTP fallback path). 2. Config cache gitignore. Running the server from the repo root writes `config_cache.db` + `config_cache-log.db` next to the cwd, outside the existing `src/.../Server/config_cache.db` pattern. Add a `config_cache*.db` pattern so any future run location is covered. ## Verified live against Modbus Booted server against `seed-modbus-smoke.sql` → pymodbus standard fixture → ran `scripts/e2e/test-modbus.ps1 -BridgeNodeId "ns=2;s=HR200"`: === Modbus e2e summary: 4/5 passed === [PASS] Probe [PASS] Driver loopback [PASS] Server bridge (driver → server → client) [FAIL] OPC UA write bridge (0x801F0000) [PASS] Subscribe sees change The forward direction + subscription delivery are proven working through the server. The reverse-write failure is a seed-or-ACL issue — server log shows no exception on the write path, so the client-side status is coming from the stack's type/ACL guards. Tracking as a follow-up issue so the remaining three factory wirings can be smoke-booted against the same pattern. Note for future runs: two stale v1 `ZB.MOM.WW.LmxOpcUa.Host.exe` processes from `C:\publish\lmxopcua\instance{1,2}\` squat on ports 4840 + 4841 on this dev box; kill them first or bump the seed's DashboardPort. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 11:30:00 -04:00
Joseph Doherty	7ba783de77	Tasks #211 #212 #213 — AbCip / S7 / AbLegacy server-side factories + seed SQL Parent: #209. Follow-up to #210 (Modbus). Registers the remaining three non-Galaxy driver factories so a Config DB `DriverType` in {`AbCip`, `S7`, `AbLegacy`} actually boots a live driver instead of being silently skipped by DriverInstanceBootstrapper. Each factory follows the same shape as ModbusDriverFactoryExtensions + the existing Galaxy + FOCAS patterns: - Static `Register(DriverFactoryRegistry)` entry point. - Internal `CreateInstance(driverInstanceId, driverConfigJson)` — deserialises a DTO, strict-parses enum fields (fail-fast with an explicit "expected one of" list), composes the driver's options object, returns a new driver. - DriverType keys: `"AbCip"`, `"S7"`, `"AbLegacy"` (case-insensitive at the registry layer). DTO surfaces cover every option the respective driver's Options class exposes — devices, tags, probe, timeouts, per-driver quirks (AbCip `EnableControllerBrowse` / `EnableAlarmProjection`, S7 Rack/Slot/ CpuType, AbLegacy PlcFamily). Seed SQL (mirrors `seed-modbus-smoke.sql` shape): - `seed-abcip-smoke.sql` — `abcip-smoke` cluster + ControlLogix device + `TestDINT:DInt` tag, pointing at the ab_server compose fixture (`ab://127.0.0.1:44818/1,0`). - `seed-s7-smoke.sql` — `s7-smoke` cluster + S71500 CPU + `DB1.DBW0:Int16` tag at the python-snap7 fixture (`127.0.0.1:1102`, non-priv port). - `seed-ablegacy-smoke.sql` — `ablegacy-smoke` cluster + SLC 500 + `N7:5` tag. Hardware-gated per #222; placeholder gateway to be replaced with real SLC/MicroLogix/PLC-5/RSEmulate before running. Build plumbing: - Each driver project now ProjectReferences `Core` (was `Core.Abstractions`-only). `DriverFactoryRegistry` lives in `Core.Hosting` so the factory extensions can't compile without it. Matches the FOCAS + Galaxy.Proxy reference shape. - `Server.csproj` adds the three new driver ProjectReferences so Program.cs resolves the symbols at compile-time + ships the assemblies at runtime. Full-solution build: 0 errors, 334 pre-existing xUnit1051 warnings only. Live boot verification of all four (Modbus + these three) happens in the exit-gate PR — factories + seeds are pre-conditions and are being shipped first so the exit-gate PR can scope to "does the server publish the expected NodeIds + does the e2e script pass." Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-21 11:15:38 -04:00

Author

SHA1

Message

Date

Joseph Doherty

6d290adb37

Task #220 — AB CIP + S7 live-boot verification (5/5 stages each)

Replicated the Modbus #218 bring-up against the AB CIP + S7 seeds to
confirm the factories + seeds shipped in #217 actually work end-to-end.
Both pass 5/5 e2e stages with `OpcUaServer:AnonymousRoles=[WriteOperate]`
(the #221 knob).

## AB CIP (against ab_server controllogix fixture, port 44818)

```
=== AB CIP e2e summary: 5/5 passed ===
[PASS] Probe
[PASS] Driver loopback
[PASS] Server bridge           (driver → server → client)
[PASS] OPC UA write bridge     (client → server → driver)
[PASS] Subscribe sees change
```

Server log: `DriverInstance abcip-smoke-drv (AbCip) registered +
initialized` ✓.

## S7 (against python-snap7 s7_1500 fixture, port 1102)

```
=== S7 e2e summary: 5/5 passed ===
[PASS] Probe
[PASS] Driver loopback
[PASS] Server bridge
[PASS] OPC UA write bridge
[PASS] Subscribe sees change
```

Server log: `DriverInstance s7-smoke-drv (S7) registered + initialized` ✓.

## Seed fixes so bring-up is idempotent

Live-boot exposed two seed-level papercuts when applying multiple
smoke seeds in sequence:

1. **SA credential collision.** `UX_ClusterNodeCredential_Value` is a
   unique index on `(Kind, Value) WHERE Enabled=1`, so `sa` can only
   bind to one node at a time. Each seed's DELETE block only dropped
   the credential tied to ITS node — seeding AbCip after Modbus blew
   up with `Cannot insert duplicate key` on the sa binding. Added a
   global `DELETE FROM dbo.ClusterNodeCredential WHERE Kind='SqlLogin'
   AND Value='sa'` before the per-cluster INSERTs. Production deployments
   using non-SA logins aren't affected.

2. **DashboardPort 5000 → 15050.** `HealthEndpointsHost` uses
   `HttpListener`, which rejects port 5000 on Windows without a
   `netsh http add urlacl` grant or admin rights. 15050 is unreserved
   + loopback-safe per the HealthEndpointsHost remarks. Applied to all
   four smoke seeds (Modbus was patched at runtime in #218; now baked
   into the seed).

## AB Legacy status

Not live-boot verified — ab_server PCCC dispatcher is upstream-broken
(#222). The factory + seed ship ready for hardware; the seed's DELETE
+ DashboardPort fixes land in this PR so when real SLC/MicroLogix/PLC-5
arrives the sql just applies.

## Closes #220

Umbrella #209 was already closed; #220 was the final child.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 12:02:40 -04:00

Joseph Doherty

e8172f9452

Task #209 exit gate — seed-creds fix + live Modbus verification (4/5 stages)

Booted the server against the Modbus seed end-to-end to exercise the
factory wiring shipped in #216 + #217. Surfaced two real issues with
the seeds themselves; fixed both:

1. **Missing ClusterNodeCredential.** `sp_GetCurrentGenerationForCluster`
   enforces `ClusterNodeCredential.Value = SUSER_SNAME()` and aborts
   with `RAISERROR('Unauthorized: caller sa is not bound to NodeId')`.
   All four seed scripts now insert the binding row alongside the
   ClusterNode row. Without this, the server fails bootstrap with
   `BootstrapException: Central DB unreachable and no local cache
   available` (the Unauthorized error gets swallowed on top of the
   HTTP fallback path).

2. **Config cache gitignore.** Running the server from the repo root
   writes `config_cache.db` + `config_cache-log.db` next to the cwd,
   outside the existing `src/.../Server/config_cache.db` pattern. Add
   a `config_cache*.db` pattern so any future run location is covered.

## Verified live against Modbus

Booted server against `seed-modbus-smoke.sql` → pymodbus standard
fixture → ran `scripts/e2e/test-modbus.ps1 -BridgeNodeId "ns=2;s=HR200"`:

    === Modbus e2e summary: 4/5 passed ===
    [PASS] Probe
    [PASS] Driver loopback
    [PASS] Server bridge (driver → server → client)
    [FAIL] OPC UA write bridge (0x801F0000)
    [PASS] Subscribe sees change

The forward direction + subscription delivery are proven working through
the server. The reverse-write failure is a seed-or-ACL issue — server
log shows no exception on the write path, so the client-side status is
coming from the stack's type/ACL guards. Tracking as a follow-up issue
so the remaining three factory wirings can be smoke-booted against the
same pattern.

Note for future runs: two stale v1 `ZB.MOM.WW.LmxOpcUa.Host.exe`
processes from `C:\publish\lmxopcua\instance{1,2}\` squat on ports
4840 + 4841 on this dev box; kill them first or bump the seed's
DashboardPort.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 11:30:00 -04:00

Joseph Doherty

7ba783de77

Tasks #211 #212 #213 — AbCip / S7 / AbLegacy server-side factories + seed SQL

Parent: #209. Follow-up to #210 (Modbus). Registers the remaining three
non-Galaxy driver factories so a Config DB `DriverType` in
{`AbCip`, `S7`, `AbLegacy`} actually boots a live driver instead of
being silently skipped by DriverInstanceBootstrapper.

Each factory follows the same shape as ModbusDriverFactoryExtensions +
the existing Galaxy + FOCAS patterns:
 - Static `Register(DriverFactoryRegistry)` entry point.
 - Internal `CreateInstance(driverInstanceId, driverConfigJson)` —
   deserialises a DTO, strict-parses enum fields (fail-fast with an
   explicit "expected one of" list), composes the driver's options object,
   returns a new driver.
 - DriverType keys: `"AbCip"`, `"S7"`, `"AbLegacy"` (case-insensitive at
   the registry layer).

DTO surfaces cover every option the respective driver's Options class
exposes — devices, tags, probe, timeouts, per-driver quirks
(AbCip `EnableControllerBrowse` / `EnableAlarmProjection`, S7 Rack/Slot/
CpuType, AbLegacy PlcFamily).

Seed SQL (mirrors `seed-modbus-smoke.sql` shape):
 - `seed-abcip-smoke.sql` — `abcip-smoke` cluster + ControlLogix device +
   `TestDINT:DInt` tag, pointing at the ab_server compose fixture
   (`ab://127.0.0.1:44818/1,0`).
 - `seed-s7-smoke.sql` — `s7-smoke` cluster + S71500 CPU + `DB1.DBW0:Int16`
   tag at the python-snap7 fixture (`127.0.0.1:1102`, non-priv port).
 - `seed-ablegacy-smoke.sql` — `ablegacy-smoke` cluster + SLC 500 + `N7:5`
   tag. Hardware-gated per #222; placeholder gateway to be replaced with
   real SLC/MicroLogix/PLC-5/RSEmulate before running.

Build plumbing:
 - Each driver project now ProjectReferences `Core` (was
   `Core.Abstractions`-only). `DriverFactoryRegistry` lives in `Core.Hosting`
   so the factory extensions can't compile without it. Matches the FOCAS +
   Galaxy.Proxy reference shape.
 - `Server.csproj` adds the three new driver ProjectReferences so Program.cs
   resolves the symbols at compile-time + ships the assemblies at runtime.

Full-solution build: 0 errors, 334 pre-existing xUnit1051 warnings only.

Live boot verification of all four (Modbus + these three) happens in the
exit-gate PR — factories + seeds are pre-conditions and are being
shipped first so the exit-gate PR can scope to "does the server publish
the expected NodeIds + does the e2e script pass."

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-21 11:15:38 -04:00

3 Commits