# opc-plc — OPC UA PLC simulator from Microsoft Industrial IoT. # https://github.com/Azure-Samples/iot-edge-opc-plc # # Why pinned: MCR tags only go forward; keeping the suite reproducible means # we test against a known feature surface. Bump deliberately alongside a # driver-side change that needs the newer image. services: opc-plc: image: mcr.microsoft.com/iotedge/opc-plc:2.14.10 container_name: otopcua-opc-plc restart: "no" ports: - "50000:50000" command: # --pn: Bind port 50000 (opc-plc default; matches fixture default) # --ut: Advertise an Unsecured transport endpoint (SecurityPolicy=None). # Tests that need signed/encrypted endpoints pick those off the # negotiated endpoint list separately — opc-plc always advertises # the secure policies even with --ut on. # --aa: Auto-accept client certs. Tests wouldn't otherwise survive the # first contact because opc-plc's cert trust store lives inside # the container + resets each spin-up. # --daa: Disable anonymous auth — forces the driver to go through the # Anonymous user-token policy negotiation rather than opc-plc's # "no auth required" short-circuit. Would flip to username/cert # if we needed that coverage. # Commented out for first-pass smoke; flip on when the cert-auth # and username-auth smoke tests land. # --alm: Turn on alarm simulation (TripAlarm / ExclusiveDeviation / # NonExclusiveLevel / DialogCondition). Closes the IAlarmSource # gap the OpcUaClient-Test-Fixture doc calls out. - "--pn=50000" - "--ut" - "--aa" - "--alm" # - "--daa" healthcheck: # opc-plc doesn't expose an HTTP health endpoint by default; use a TCP # probe via a shell the base image ships with. The fixture does its own # TCP probe but healthcheck surfaces status in `docker ps` for humans. test: ["CMD-SHELL", "netstat -an | grep -q ':50000.*LISTEN' || exit 1"] interval: 5s timeout: 2s retries: 10 start_period: 10s