dohertj2/lmxopcua
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22d3b0d23cae07b0efdf4c52ed782bd60e9b20b2
lmxopcua/docs/reqs/ServiceHostReqs.md
Joseph Doherty 3b2defd94f Phase 0 — mechanical rename ZB.MOM.WW.LmxOpcUa.* → ZB.MOM.WW.OtOpcUa.* 
Renames all 11 projects (5 src + 6 tests), the .slnx solution file, all source-file namespaces, all axaml namespace references, and all v1 documentation references in CLAUDE.md and docs/*.md (excluding docs/v2/ which is already in OtOpcUa form). Also updates the TopShelf service registration name from "LmxOpcUa" to "OtOpcUa" per Phase 0 Task 0.6.

Preserves runtime identifiers per Phase 0 Out-of-Scope rules to avoid breaking v1/v2 client trust during coexistence: OPC UA `ApplicationUri` defaults (`urn:{GalaxyName}:LmxOpcUa`), server `EndpointPath` (`/LmxOpcUa`), `ServerName` default (feeds cert subject CN), `MxAccessConfiguration.ClientName` default (defensive — stays "LmxOpcUa" for MxAccess audit-trail consistency), client OPC UA identifiers (`ApplicationName = "LmxOpcUaClient"`, `ApplicationUri = "urn:localhost:LmxOpcUaClient"`, cert directory `%LocalAppData%\LmxOpcUaClient\pki\`), and the `LmxOpcUaServer` class name (class rename out of Phase 0 scope per Task 0.5 sed pattern; happens in Phase 1 alongside `LmxNodeManager → GenericDriverNodeManager` Core extraction). 23 LmxOpcUa references retained, all enumerated and justified in `docs/v2/implementation/exit-gate-phase-0.md`.

Build clean: 0 errors, 30 warnings (lower than baseline 167). Tests at strict improvement over baseline: 821 passing / 1 failing vs baseline 820 / 2 (one flaky pre-existing failure passed this run; the other still fails — both pre-existing and unrelated to the rename). `Client.UI.Tests`, `Historian.Aveva.Tests`, `Client.Shared.Tests`, `IntegrationTests` all match baseline exactly. Exit gate compliance results recorded in `docs/v2/implementation/exit-gate-phase-0.md` with all 7 checks PASS or DEFERRED-to-PR-review (#7 service install verification needs Windows service permissions on the reviewer's box).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-17 13:57:47 -04:00

4.7 KiB
Raw Blame History

Service Host — Component Requirements

Parent: HLR-006, HLR-007

SVC-001: TopShelf Hosting

The application shall use TopShelf for Windows service lifecycle (install, uninstall, start, stop) and interactive console mode for development.

Acceptance Criteria

  • TopShelf HostFactory configures the service with name LmxOpcUa, display name LMX OPC UA Server.
  • Service installs via command line: ZB.MOM.WW.OtOpcUa.Host.exe install.
  • Service uninstalls via: ZB.MOM.WW.OtOpcUa.Host.exe uninstall.
  • Service runs as LocalSystem account (needed for MXAccess COM access and Windows Auth to SQL Server).
  • Interactive console mode (exe with no args) works for development/debugging.
  • StartAutomatically is set for Windows service registration.

Details

  • Platform target: x86 (32-bit) — required for MXAccess COM interop.
  • Service description: "OPC UA server exposing System Platform Galaxy tags via MXAccess."

SVC-002: Serilog Logging

The application shall configure Serilog with a rolling daily file sink and console sink, with log files retained for a configurable number of days (default 31).

Acceptance Criteria

  • Console sink active (for interactive/debug mode).
  • Rolling daily file sink writing to logs/lmxopcua-YYYYMMDD.log.
  • Retained file count: configurable, default 31 days.
  • Minimum log level: configurable, default Information.
  • Log file path: configurable, default logs/lmxopcua-.log.
  • Serilog is initialized before any other component (first thing in Main).
  • Log.CloseAndFlush() called in finally block on exit.

Details

  • Structured logging with Serilog message templates (not string.Format).
  • Log output includes timestamp, level, source context, message, and exception.
  • Fatal exceptions are caught at the top level and logged before exit.

SVC-003: Configuration

The application shall load configuration from appsettings.json with support for environment-specific overrides (appsettings.*.json) and environment variables.

Acceptance Criteria

  • appsettings.json is the primary configuration file.
  • Environment-specific overrides via appsettings.{environment}.json.
  • Configuration sections: OpcUa, MxAccess, GalaxyRepository, Dashboard.
  • Missing optional configuration keys use documented defaults (service does not crash).
  • Invalid configuration (e.g., port = -1) is detected at startup with a clear error message.

Details

  • Config is loaded once at startup. No hot-reload (service restart required for config changes). This is appropriate for an industrial service.
  • All configurable values and their defaults are documented in appsettings.json.

SVC-004: Graceful Shutdown

On service stop, the application shall gracefully shut down all components and flush logs before exiting.

Acceptance Criteria

  • TopShelf WhenStopped triggers orderly shutdown.
  • Shutdown sequence: (1) stop change detection polling, (2) stop OPC UA server (stop accepting new sessions, complete pending operations), (3) disconnect MXAccess (cleanup all COM objects), (4) stop status dashboard HTTP listener, (5) flush Serilog.
  • Shutdown completes within 30 seconds (Windows SCM timeout).
  • All IDisposable components are disposed in reverse-creation order.

Details

  • CancellationTokenSource signals all background loops (monitor, change detection, HTTP listener) to stop.
  • Log "Service shutdown complete" at Information level as the final log entry before flush.

SVC-005: Startup Sequence

The service shall start components in a defined order, with failure handling at each step.

Acceptance Criteria

  • Startup sequence:
    1. Load configuration
    2. Initialize Serilog
    3. Start STA thread
    4. Connect to MXAccess
    5. Query Galaxy Repository for initial build
    6. Build OPC UA address space
    7. Start OPC UA server listener
    8. Start change detection polling
    9. Start status dashboard HTTP listener
  • Failure in steps 1-4 prevents startup (service fails to start).
  • Failure in steps 5-9 logs Error but allows the service to run in degraded mode.

Details

  • Degraded mode means the service is running but may have an empty address space (waiting for Galaxy DB) or no dashboard (port conflict). MXAccess connection is the minimum required for the service to be useful.

SVC-006: Unhandled Exception Handling

The service shall handle unexpected crashes gracefully.

Acceptance Criteria

  • Register AppDomain.CurrentDomain.UnhandledException handler that logs Fatal before the process terminates.
  • TopShelf service recovery is configured: restart on failure with 60-second delay.
  • Fatal-level log entry includes the full exception details.
Reference in New Issue View Git Blame Copy Permalink