This is an automated email from the ASF dual-hosted git repository.
zhaoxinyi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/iotdb-docs.git
The following commit(s) were added to refs/heads/main by this push:
new 13eb2833 Add OPC UA protocol document (#421)
13eb2833 is described below
commit 13eb28337ef711620c1776c35b592cf1929e29fe
Author: W1y1r <[email protected]>
AuthorDate: Tue Nov 19 19:34:31 2024 +0800
Add OPC UA protocol document (#421)
* Add OPC UA protocol document
* quickstart
---
src/.vuepress/sidebar/V1.3.x/en.ts | 1 +
src/.vuepress/sidebar/V1.3.x/zh.ts | 1 +
src/.vuepress/sidebar_timecho/V1.3.x/en.ts | 1 +
src/.vuepress/sidebar_timecho/V1.3.x/zh.ts | 1 +
src/UserGuide/Master/API/Programming-OPC-UA.md | 262 +++++++++++++++++++++
.../Master/QuickStart/QuickStart_apache.md | 5 +-
.../Master/QuickStart/QuickStart_timecho.md | 5 +-
src/UserGuide/latest/API/Programming-OPC-UA.md | 262 +++++++++++++++++++++
.../latest/QuickStart/QuickStart_apache.md | 5 +-
.../latest/QuickStart/QuickStart_timecho.md | 5 +-
src/zh/UserGuide/Master/API/Programming-OPC-UA.md | 256 ++++++++++++++++++++
.../Master/QuickStart/QuickStart_apache.md | 7 +-
.../Master/QuickStart/QuickStart_timecho.md | 5 +-
src/zh/UserGuide/latest/API/Programming-OPC-UA.md | 256 ++++++++++++++++++++
.../latest/QuickStart/QuickStart_apache.md | 5 +-
.../latest/QuickStart/QuickStart_timecho.md | 5 +-
16 files changed, 1065 insertions(+), 17 deletions(-)
diff --git a/src/.vuepress/sidebar/V1.3.x/en.ts
b/src/.vuepress/sidebar/V1.3.x/en.ts
index 37b7f5ce..cbcb4134 100644
--- a/src/.vuepress/sidebar/V1.3.x/en.ts
+++ b/src/.vuepress/sidebar/V1.3.x/en.ts
@@ -118,6 +118,7 @@ export const enSidebar = {
{ text: 'Rust Native API', link: 'Programming-Rust-Native-API' },
{ text: 'JDBC (Not Recommend)', link: 'Programming-JDBC' },
{ text: 'MQTT Protocol', link: 'Programming-MQTT' },
+ { text: 'OPC UA Protocol', link: 'Programming-OPC-UA' },
{ text: 'Kafka', link: 'Programming-Kafka' },
{ text: 'REST API V1 (Not Recommend)', link: 'RestServiceV1' },
{ text: 'REST API V2', link: 'RestServiceV2' },
diff --git a/src/.vuepress/sidebar/V1.3.x/zh.ts
b/src/.vuepress/sidebar/V1.3.x/zh.ts
index 76e5fe9b..e495ffb9 100644
--- a/src/.vuepress/sidebar/V1.3.x/zh.ts
+++ b/src/.vuepress/sidebar/V1.3.x/zh.ts
@@ -119,6 +119,7 @@ export const zhSidebar = {
{ text: 'Rust原生接口', link: 'Programming-Rust-Native-API' },
{ text: 'JDBC (不推荐)', link: 'Programming-JDBC' },
{ text: 'MQTT协议', link: 'Programming-MQTT' },
+ { text: 'OPC UA协议', link: 'Programming-OPC-UA' },
{ text: 'Kafka', link: 'Programming-Kafka' },
{ text: 'REST API V1 (不推荐)', link: 'RestServiceV1' },
{ text: 'REST API V2', link: 'RestServiceV2' },
diff --git a/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
b/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
index 1e739872..175f17b7 100644
--- a/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
+++ b/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
@@ -127,6 +127,7 @@ export const enSidebar = {
{ text: 'Rust Native API', link: 'Programming-Rust-Native-API' },
{ text: 'JDBC (Not Recommend)', link: 'Programming-JDBC' },
{ text: 'MQTT Protocol', link: 'Programming-MQTT' },
+ { text: 'OPC UA Protocol', link: 'Programming-OPC-UA' },
{ text: 'Kafka', link: 'Programming-Kafka' },
{ text: 'REST API V1 (Not Recommend)', link: 'RestServiceV1' },
{ text: 'REST API V2', link: 'RestServiceV2' },
diff --git a/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
b/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
index cfda0f27..af2a9f4b 100644
--- a/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
+++ b/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
@@ -127,6 +127,7 @@ export const zhSidebar = {
{ text: 'Rust', link: 'Programming-Rust-Native-API' },
{ text: 'JDBC (不推荐)', link: 'Programming-JDBC' },
{ text: 'MQTT协议', link: 'Programming-MQTT' },
+ { text: 'OPC UA协议', link: 'Programming-OPC-UA' },
{ text: 'Kafka', link: 'Programming-Kafka' },
{ text: 'REST API V1 (不推荐)', link: 'RestServiceV1' },
{ text: 'REST API V2', link: 'RestServiceV2' },
diff --git a/src/UserGuide/Master/API/Programming-OPC-UA.md
b/src/UserGuide/Master/API/Programming-OPC-UA.md
new file mode 100644
index 00000000..e5bbaee2
--- /dev/null
+++ b/src/UserGuide/Master/API/Programming-OPC-UA.md
@@ -0,0 +1,262 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# OPC UA Protocol
+
+## OPC UA
+
+OPC UA is a technical specification used in the automation field for
communication between different devices and systems, enabling cross platform,
cross language, and cross network operations, providing a reliable and secure
data exchange foundation for the Industrial Internet of Things. IoTDB supports
OPC UA protocol, and IoTDB OPC Server supports both Client/Server and Pub/Sub
communication modes.
+
+### OPC UA Client/Server Mode
+
+- **Client/Server Mode**:In this mode, IoTDB's stream processing engine
establishes a connection with the OPC UA Server via an OPC UA Sink. The OPC UA
Server maintains data within its Address Space, from which IoTDB can request
and retrieve data. Additionally, other OPC UA Clients can access the data on
the server.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA15.png"; alt=""
style="width: 70%;"/>
+</div>
+
+
+- Features:
+
+ - OPC UA will organize the device information received from Sink into
folders under the Objects folder according to a tree model.
+
+ - Each measurement point is recorded as a variable node and the latest
value in the current database is recorded.
+
+### OPC UA Pub/Sub Mode
+
+- **Pub/Sub Mode**: In this mode, IoTDB's stream processing engine sends data
change events to the OPC UA Server through an OPC UA Sink. These events are
published to the server's message queue and managed through Event Nodes. Other
OPC UA Clients can subscribe to these Event Nodes to receive notifications upon
data changes.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA16.png"; alt=""
style="width: 70%;"/>
+</div>
+
+- Features:
+
+ - Each measurement point is wrapped as an Event Node in OPC UA.
+
+
+ - The relevant fields and their meanings are as follows:
+
+ | Field | Meaning | Type (Milo) | Example
|
+ | :--------- | :--------------- | :------------ | :-------------------- |
+ | Time | Timestamp | DateTime | 1698907326198
|
+ | SourceName | Full path of the measurement point | String |
root.test.opc.sensor0 |
+ | SourceNode | Data type of the measurement point | NodeId |
Int32 |
+ | Message | Data | LocalizedText | 3.0 |
+
+ - Events are only sent to clients that are already listening; if a client is
not connected, the Event will be ignored.
+
+
+## IoTDB OPC Server Startup method
+
+### Syntax
+
+The syntax for creating the Sink is as follows:
+
+
+```SQL
+create pipe p1
+ with source (...)
+ with processor (...)
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.opcua.tcp.port' = '12686',
+ 'sink.opcua.https.port' = '8443',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root',
+ 'sink.opcua.security.dir' = '...'
+ )
+```
+
+### Parameters
+
+| key | value
| value range | required or not
| default value |
+| :------------------------------ |
:----------------------------------------------------------- |
:------------------------------------- | :------- | :------------- |
+| sink | OPC UA SINK |
String: opc-ua-sink | Required |
|
+| sink.opcua.model | OPC UA model used |
String: client-server / pub-sub | Optional | client-server
|
+| sink.opcua.tcp.port | OPC UA's TCP port |
Integer: [0, 65536] | Optional | 12686
|
+| sink.opcua.https.port | OPC UA's HTTPS port |
Integer: [0, 65536] | Optional | 8443
|
+| sink.opcua.security.dir | Directory for OPC UA's keys and
certificates | String: Path, supports absolute and relative
directories | Optional | Opc_security folder/<httpsPort: tcpPort>in the
conf directory of the DataNode related to iotdb <br> If there is no conf
directory for iotdb (such as launching DataNode in IDEA), it will be the
iotdb_opc_Security folder/<httpsPort: tcpPort>in the user's home directory |
+| sink.opcua.enable-anonymous-access | Whether OPC UA allows anonymous access
| Boolean | Optional | true
|
+| sink.user | User for OPC UA, specified in the
configuration | String | Optional | root
|
+| sink.password | Password for OPC UA, specified in the
configuration | String | Optional | root
|
+
+### 示例
+
+```Bash
+create pipe p1
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root');
+start pipe p1;
+```
+
+### Usage Limitations
+
+1. **DataRegion Requirement**: The OPC UA server will only start if there is a
DataRegion in IoTDB. For an empty IoTDB, a data entry is necessary for the OPC
UA server to become effective.
+
+2. **Data Availability**: Clients subscribing to the server will not receive
data written to IoTDB before their connection.
+
+3. **Multiple DataNodes may have scattered sending/conflict issues**:
+
+ - For IoTDB clusters with multiple dataRegions and scattered across
different DataNode IPs, data will be sent in a dispersed manner on the leaders
of the dataRegions. The client needs to listen to the configuration ports of
the DataNode IP separately.。
+
+ - Suggest using this OPC UA server under 1C1D.
+
+4. **Does not support deleting data and modifying measurement point types:**
In Client Server mode, OPC UA cannot delete data or change data type settings.
In Pub Sub mode, if data is deleted, information cannot be pushed to the client.
+
+## IoTDB OPC Server Example
+
+### Client / Server Mode
+
+#### Preparation Work
+
+1. Take UAExpert client as an example, download the UAExpert client:
https://www.unified-automation.com/downloads/opc-ua-clients.html
+
+2. Install UAExpert and fill in your own certificate information.
+
+#### Quick Start
+
+1. Use the following SQL to create and start the OPC UA Sink in client-server
mode. For detailed syntax, please refer to: [IoTDB OPC Server Syntax](#syntax)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink');
+```
+
+2. Write some data.
+
+```SQL
+insert into root.test.db(time, s2) values(now(), 2)
+```
+
+ The metadata is automatically created and enabled here.
+
+3. Configure the connection to IoTDB in UAExpert, where the password should be
set to the one defined in the sink.password parameter (using the default
password "root" as an example):
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA03.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA04.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. After trusting the server's certificate, you can see the written data in
the Objects folder on the left.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA05.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA06.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. You can drag the node on the left to the center and display the latest
value of that node:
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA07.png"; alt=""
style="width: 60%;"/>
+</div>
+
+### Pub / Sub Mode
+
+#### Preparation Work
+
+The code is located in the [opc-ua-sink
文件夹](https://github.com/apache/iotdb/tree/master/example/pipe-opc-ua-sink/src/main/java/org/apache/iotdb/opcua)
under the iotdb-example package.
+
+The code includes:
+
+- The main class (ClientTest)
+- Client certificate-related logic(IoTDBKeyStoreLoaderClient)
+- Client configuration and startup logic(ClientExampleRunner)
+- The parent class of ClientTest(ClientExample)
+
+### Quick Start
+
+The steps are as follows:
+
+1. Start IoTDB and write some data.
+
+```SQL
+insert into root.a.b(time, c, d) values(now(), 1, 2);
+```
+
+ The metadata is automatically created and enabled here.
+
+2. Use the following SQL to create and start the OPC UA Sink in Pub-Sub mode.
For detailed syntax, please refer to: [IoTDB OPC Server Syntax](#syntax)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink',
+ 'sink.opcua.model'='pub-sub');
+start pipe p1;
+```
+
+ At this point, you can see that the opc certificate-related directory
has been created under the server's conf directory.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA08.png"; alt=""
style="width: 60%;"/>
+</div>
+
+3. Run the Client connection directly; the Client's certificate will be
rejected by the server.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA09.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. Go to the server's sink.opcua.security.dir directory, then to the pki's
rejected directory, where the Client's certificate should have been generated.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA10.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. Move (not copy) the client's certificate into (not into a subdirectory of)
the trusted directory's certs folder in the same directory.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA11.png"; alt=""
style="width: 60%;"/>
+</div>
+
+6. Open the Client connection again; the server's certificate should now be
rejected by the Client.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA12.png"; alt=""
style="width: 60%;"/>
+</div>
+
+7. Go to the client's <java.io.tmpdir>/client/security directory, then to the
pki's rejected directory, and move the server's certificate into (not into a
subdirectory of) the trusted directory.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA13.png"; alt=""
style="width: 60%;"/>
+</div>
+
+8. Open the Client, and now the two-way trust is successful, and the Client
can connect to the server.
+
+9. Write data to the server, and the Client will print out the received data.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA14.png"; alt=""
style="width: 60%;"/>
+</div>
+
+
+### Notes
+
+1. **stand alone and cluster:**It is recommended to use a 1C1D (one
coordinator and one data node) single machine version. If there are multiple
DataNodes in the cluster, data may be sent in a scattered manner across various
DataNodes, and it may not be possible to listen to all the data.
+
+2. **No Need to Operate Root Directory Certificates:** During the certificate
operation process, there is no need to operate the `iotdb-server.pfx`
certificate under the IoTDB security root directory and the
`example-client.pfx` directory under the client security directory. When the
Client and Server connect bidirectionally, they will send the root directory
certificate to each other. If it is the first time the other party sees this
certificate, it will be placed in the reject dir. If [...]
+
+3. **It is Recommended to Use Java 17+:**
+In JVM 8 versions, there may be a key length restriction, resulting in an
"Illegal key size" error. For specific versions (such as jdk.1.8u151+), you can
add `Security.`*`setProperty`*`("crypto.policy", "unlimited");`; in the create
client of ClientExampleRunner to solve this, or you can download the unlimited
package `local_policy.jar` and `US_export_policy ` to replace the packages in
the `JDK/jre/lib/security `. Download
link:https://www.oracle.com/java/technologies/javase-jce8-downlo [...]
diff --git a/src/UserGuide/Master/QuickStart/QuickStart_apache.md
b/src/UserGuide/Master/QuickStart/QuickStart_apache.md
index 70057000..ef695e28 100644
--- a/src/UserGuide/Master/QuickStart/QuickStart_apache.md
+++ b/src/UserGuide/Master/QuickStart/QuickStart_apache.md
@@ -70,9 +70,10 @@ In addition to its rich features, IoTDB also has a
comprehensive range of tools
- Benchmark Tool: IoT benchmark is a time series database benchmark testing
tool developed based on Java and big data environments, developed and open
sourced by the School of Software at Tsinghua University. It supports multiple
writing and querying methods, can store test information and results for
further query or analysis, and supports integration with Tableau to visualize
test results. For specific usage instructions, please refer to: [Benchmark
Tool](../Tools-System/Benchmark.md)
- - Data Import Export Script: Used to achieve the interaction between
internal data and external files in IoTDB, suitable for batch operations of
individual files or directory files. For specific usage instructions, please
refer to: [Data Import Export
Script](../Tools-System/Data-Import-Export-Tool.md)
+ - Data Import Script: For different scenarios, IoTDB provides users with
multiple ways to batch import data. For specific usage instructions, please
refer to: [Data Import](../Tools-System/Data-Import-Tool.md)
+
+ - Data Export Script: For different scenarios, IoTDB provides users with
multiple ways to batch export data. For specific usage instructions, please
refer to: [Data Export](../Tools-System/Data-Export-Tool.md)
- - TsFile Import Export Script: For different scenarios, IoTDB provides
users with multiple ways to batch import data. For specific usage instructions,
please refer to: [TsFile Import Export
Script](../Tools-System/TsFile-Import-Export-Tool.md)
## Encountering problems during use?
diff --git a/src/UserGuide/Master/QuickStart/QuickStart_timecho.md
b/src/UserGuide/Master/QuickStart/QuickStart_timecho.md
index 796d716c..7dec6ca3 100644
--- a/src/UserGuide/Master/QuickStart/QuickStart_timecho.md
+++ b/src/UserGuide/Master/QuickStart/QuickStart_timecho.md
@@ -82,9 +82,10 @@ In addition to its rich features, IoTDB also has a
comprehensive range of tools
- Benchmark Tool: IoT benchmark is a time series database benchmark testing
tool developed based on Java and big data environments, developed and open
sourced by the School of Software at Tsinghua University. It supports multiple
writing and querying methods, can store test information and results for
further query or analysis, and supports integration with Tableau to visualize
test results. For specific usage instructions, please refer to: [Benchmark
Tool](../Tools-System/Benchmark.md)
- - Data Import Export Script: Used to achieve the interaction between
internal data and external files in IoTDB, suitable for batch operations of
individual files or directory files. For specific usage instructions, please
refer to: [Data Import Export
Script](../Tools-System/Data-Import-Export-Tool.md)
+ - Data Import Script: For different scenarios, IoTDB provides users with
multiple ways to batch import data. For specific usage instructions, please
refer to: [Data Import](../Tools-System/Data-Import-Tool.md)
+
+ - Data Export Script: For different scenarios, IoTDB provides users with
multiple ways to batch export data. For specific usage instructions, please
refer to: [Data Export](../Tools-System/Data-Export-Tool.md)
- - TsFile Import Export Script: For different scenarios, IoTDB provides
users with multiple ways to batch import data. For specific usage instructions,
please refer to: [TsFile Import Export
Script](../Tools-System/TsFile-Import-Export-Tool.md)
## Encountering problems during use?
diff --git a/src/UserGuide/latest/API/Programming-OPC-UA.md
b/src/UserGuide/latest/API/Programming-OPC-UA.md
new file mode 100644
index 00000000..e5bbaee2
--- /dev/null
+++ b/src/UserGuide/latest/API/Programming-OPC-UA.md
@@ -0,0 +1,262 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# OPC UA Protocol
+
+## OPC UA
+
+OPC UA is a technical specification used in the automation field for
communication between different devices and systems, enabling cross platform,
cross language, and cross network operations, providing a reliable and secure
data exchange foundation for the Industrial Internet of Things. IoTDB supports
OPC UA protocol, and IoTDB OPC Server supports both Client/Server and Pub/Sub
communication modes.
+
+### OPC UA Client/Server Mode
+
+- **Client/Server Mode**:In this mode, IoTDB's stream processing engine
establishes a connection with the OPC UA Server via an OPC UA Sink. The OPC UA
Server maintains data within its Address Space, from which IoTDB can request
and retrieve data. Additionally, other OPC UA Clients can access the data on
the server.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA15.png"; alt=""
style="width: 70%;"/>
+</div>
+
+
+- Features:
+
+ - OPC UA will organize the device information received from Sink into
folders under the Objects folder according to a tree model.
+
+ - Each measurement point is recorded as a variable node and the latest
value in the current database is recorded.
+
+### OPC UA Pub/Sub Mode
+
+- **Pub/Sub Mode**: In this mode, IoTDB's stream processing engine sends data
change events to the OPC UA Server through an OPC UA Sink. These events are
published to the server's message queue and managed through Event Nodes. Other
OPC UA Clients can subscribe to these Event Nodes to receive notifications upon
data changes.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA16.png"; alt=""
style="width: 70%;"/>
+</div>
+
+- Features:
+
+ - Each measurement point is wrapped as an Event Node in OPC UA.
+
+
+ - The relevant fields and their meanings are as follows:
+
+ | Field | Meaning | Type (Milo) | Example
|
+ | :--------- | :--------------- | :------------ | :-------------------- |
+ | Time | Timestamp | DateTime | 1698907326198
|
+ | SourceName | Full path of the measurement point | String |
root.test.opc.sensor0 |
+ | SourceNode | Data type of the measurement point | NodeId |
Int32 |
+ | Message | Data | LocalizedText | 3.0 |
+
+ - Events are only sent to clients that are already listening; if a client is
not connected, the Event will be ignored.
+
+
+## IoTDB OPC Server Startup method
+
+### Syntax
+
+The syntax for creating the Sink is as follows:
+
+
+```SQL
+create pipe p1
+ with source (...)
+ with processor (...)
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.opcua.tcp.port' = '12686',
+ 'sink.opcua.https.port' = '8443',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root',
+ 'sink.opcua.security.dir' = '...'
+ )
+```
+
+### Parameters
+
+| key | value
| value range | required or not
| default value |
+| :------------------------------ |
:----------------------------------------------------------- |
:------------------------------------- | :------- | :------------- |
+| sink | OPC UA SINK |
String: opc-ua-sink | Required |
|
+| sink.opcua.model | OPC UA model used |
String: client-server / pub-sub | Optional | client-server
|
+| sink.opcua.tcp.port | OPC UA's TCP port |
Integer: [0, 65536] | Optional | 12686
|
+| sink.opcua.https.port | OPC UA's HTTPS port |
Integer: [0, 65536] | Optional | 8443
|
+| sink.opcua.security.dir | Directory for OPC UA's keys and
certificates | String: Path, supports absolute and relative
directories | Optional | Opc_security folder/<httpsPort: tcpPort>in the
conf directory of the DataNode related to iotdb <br> If there is no conf
directory for iotdb (such as launching DataNode in IDEA), it will be the
iotdb_opc_Security folder/<httpsPort: tcpPort>in the user's home directory |
+| sink.opcua.enable-anonymous-access | Whether OPC UA allows anonymous access
| Boolean | Optional | true
|
+| sink.user | User for OPC UA, specified in the
configuration | String | Optional | root
|
+| sink.password | Password for OPC UA, specified in the
configuration | String | Optional | root
|
+
+### 示例
+
+```Bash
+create pipe p1
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root');
+start pipe p1;
+```
+
+### Usage Limitations
+
+1. **DataRegion Requirement**: The OPC UA server will only start if there is a
DataRegion in IoTDB. For an empty IoTDB, a data entry is necessary for the OPC
UA server to become effective.
+
+2. **Data Availability**: Clients subscribing to the server will not receive
data written to IoTDB before their connection.
+
+3. **Multiple DataNodes may have scattered sending/conflict issues**:
+
+ - For IoTDB clusters with multiple dataRegions and scattered across
different DataNode IPs, data will be sent in a dispersed manner on the leaders
of the dataRegions. The client needs to listen to the configuration ports of
the DataNode IP separately.。
+
+ - Suggest using this OPC UA server under 1C1D.
+
+4. **Does not support deleting data and modifying measurement point types:**
In Client Server mode, OPC UA cannot delete data or change data type settings.
In Pub Sub mode, if data is deleted, information cannot be pushed to the client.
+
+## IoTDB OPC Server Example
+
+### Client / Server Mode
+
+#### Preparation Work
+
+1. Take UAExpert client as an example, download the UAExpert client:
https://www.unified-automation.com/downloads/opc-ua-clients.html
+
+2. Install UAExpert and fill in your own certificate information.
+
+#### Quick Start
+
+1. Use the following SQL to create and start the OPC UA Sink in client-server
mode. For detailed syntax, please refer to: [IoTDB OPC Server Syntax](#syntax)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink');
+```
+
+2. Write some data.
+
+```SQL
+insert into root.test.db(time, s2) values(now(), 2)
+```
+
+ The metadata is automatically created and enabled here.
+
+3. Configure the connection to IoTDB in UAExpert, where the password should be
set to the one defined in the sink.password parameter (using the default
password "root" as an example):
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA03.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA04.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. After trusting the server's certificate, you can see the written data in
the Objects folder on the left.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA05.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA06.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. You can drag the node on the left to the center and display the latest
value of that node:
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA07.png"; alt=""
style="width: 60%;"/>
+</div>
+
+### Pub / Sub Mode
+
+#### Preparation Work
+
+The code is located in the [opc-ua-sink
文件夹](https://github.com/apache/iotdb/tree/master/example/pipe-opc-ua-sink/src/main/java/org/apache/iotdb/opcua)
under the iotdb-example package.
+
+The code includes:
+
+- The main class (ClientTest)
+- Client certificate-related logic(IoTDBKeyStoreLoaderClient)
+- Client configuration and startup logic(ClientExampleRunner)
+- The parent class of ClientTest(ClientExample)
+
+### Quick Start
+
+The steps are as follows:
+
+1. Start IoTDB and write some data.
+
+```SQL
+insert into root.a.b(time, c, d) values(now(), 1, 2);
+```
+
+ The metadata is automatically created and enabled here.
+
+2. Use the following SQL to create and start the OPC UA Sink in Pub-Sub mode.
For detailed syntax, please refer to: [IoTDB OPC Server Syntax](#syntax)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink',
+ 'sink.opcua.model'='pub-sub');
+start pipe p1;
+```
+
+ At this point, you can see that the opc certificate-related directory
has been created under the server's conf directory.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA08.png"; alt=""
style="width: 60%;"/>
+</div>
+
+3. Run the Client connection directly; the Client's certificate will be
rejected by the server.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA09.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. Go to the server's sink.opcua.security.dir directory, then to the pki's
rejected directory, where the Client's certificate should have been generated.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA10.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. Move (not copy) the client's certificate into (not into a subdirectory of)
the trusted directory's certs folder in the same directory.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA11.png"; alt=""
style="width: 60%;"/>
+</div>
+
+6. Open the Client connection again; the server's certificate should now be
rejected by the Client.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA12.png"; alt=""
style="width: 60%;"/>
+</div>
+
+7. Go to the client's <java.io.tmpdir>/client/security directory, then to the
pki's rejected directory, and move the server's certificate into (not into a
subdirectory of) the trusted directory.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA13.png"; alt=""
style="width: 60%;"/>
+</div>
+
+8. Open the Client, and now the two-way trust is successful, and the Client
can connect to the server.
+
+9. Write data to the server, and the Client will print out the received data.
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA14.png"; alt=""
style="width: 60%;"/>
+</div>
+
+
+### Notes
+
+1. **stand alone and cluster:**It is recommended to use a 1C1D (one
coordinator and one data node) single machine version. If there are multiple
DataNodes in the cluster, data may be sent in a scattered manner across various
DataNodes, and it may not be possible to listen to all the data.
+
+2. **No Need to Operate Root Directory Certificates:** During the certificate
operation process, there is no need to operate the `iotdb-server.pfx`
certificate under the IoTDB security root directory and the
`example-client.pfx` directory under the client security directory. When the
Client and Server connect bidirectionally, they will send the root directory
certificate to each other. If it is the first time the other party sees this
certificate, it will be placed in the reject dir. If [...]
+
+3. **It is Recommended to Use Java 17+:**
+In JVM 8 versions, there may be a key length restriction, resulting in an
"Illegal key size" error. For specific versions (such as jdk.1.8u151+), you can
add `Security.`*`setProperty`*`("crypto.policy", "unlimited");`; in the create
client of ClientExampleRunner to solve this, or you can download the unlimited
package `local_policy.jar` and `US_export_policy ` to replace the packages in
the `JDK/jre/lib/security `. Download
link:https://www.oracle.com/java/technologies/javase-jce8-downlo [...]
diff --git a/src/UserGuide/latest/QuickStart/QuickStart_apache.md
b/src/UserGuide/latest/QuickStart/QuickStart_apache.md
index 70057000..ef695e28 100644
--- a/src/UserGuide/latest/QuickStart/QuickStart_apache.md
+++ b/src/UserGuide/latest/QuickStart/QuickStart_apache.md
@@ -70,9 +70,10 @@ In addition to its rich features, IoTDB also has a
comprehensive range of tools
- Benchmark Tool: IoT benchmark is a time series database benchmark testing
tool developed based on Java and big data environments, developed and open
sourced by the School of Software at Tsinghua University. It supports multiple
writing and querying methods, can store test information and results for
further query or analysis, and supports integration with Tableau to visualize
test results. For specific usage instructions, please refer to: [Benchmark
Tool](../Tools-System/Benchmark.md)
- - Data Import Export Script: Used to achieve the interaction between
internal data and external files in IoTDB, suitable for batch operations of
individual files or directory files. For specific usage instructions, please
refer to: [Data Import Export
Script](../Tools-System/Data-Import-Export-Tool.md)
+ - Data Import Script: For different scenarios, IoTDB provides users with
multiple ways to batch import data. For specific usage instructions, please
refer to: [Data Import](../Tools-System/Data-Import-Tool.md)
+
+ - Data Export Script: For different scenarios, IoTDB provides users with
multiple ways to batch export data. For specific usage instructions, please
refer to: [Data Export](../Tools-System/Data-Export-Tool.md)
- - TsFile Import Export Script: For different scenarios, IoTDB provides
users with multiple ways to batch import data. For specific usage instructions,
please refer to: [TsFile Import Export
Script](../Tools-System/TsFile-Import-Export-Tool.md)
## Encountering problems during use?
diff --git a/src/UserGuide/latest/QuickStart/QuickStart_timecho.md
b/src/UserGuide/latest/QuickStart/QuickStart_timecho.md
index 796d716c..7dec6ca3 100644
--- a/src/UserGuide/latest/QuickStart/QuickStart_timecho.md
+++ b/src/UserGuide/latest/QuickStart/QuickStart_timecho.md
@@ -82,9 +82,10 @@ In addition to its rich features, IoTDB also has a
comprehensive range of tools
- Benchmark Tool: IoT benchmark is a time series database benchmark testing
tool developed based on Java and big data environments, developed and open
sourced by the School of Software at Tsinghua University. It supports multiple
writing and querying methods, can store test information and results for
further query or analysis, and supports integration with Tableau to visualize
test results. For specific usage instructions, please refer to: [Benchmark
Tool](../Tools-System/Benchmark.md)
- - Data Import Export Script: Used to achieve the interaction between
internal data and external files in IoTDB, suitable for batch operations of
individual files or directory files. For specific usage instructions, please
refer to: [Data Import Export
Script](../Tools-System/Data-Import-Export-Tool.md)
+ - Data Import Script: For different scenarios, IoTDB provides users with
multiple ways to batch import data. For specific usage instructions, please
refer to: [Data Import](../Tools-System/Data-Import-Tool.md)
+
+ - Data Export Script: For different scenarios, IoTDB provides users with
multiple ways to batch export data. For specific usage instructions, please
refer to: [Data Export](../Tools-System/Data-Export-Tool.md)
- - TsFile Import Export Script: For different scenarios, IoTDB provides
users with multiple ways to batch import data. For specific usage instructions,
please refer to: [TsFile Import Export
Script](../Tools-System/TsFile-Import-Export-Tool.md)
## Encountering problems during use?
diff --git a/src/zh/UserGuide/Master/API/Programming-OPC-UA.md
b/src/zh/UserGuide/Master/API/Programming-OPC-UA.md
new file mode 100644
index 00000000..74db4c9d
--- /dev/null
+++ b/src/zh/UserGuide/Master/API/Programming-OPC-UA.md
@@ -0,0 +1,256 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# OPC UA 协议
+
+## OPC UA
+
+OPC UA
是一种在自动化领域用于不同设备和系统之间进行通信的技术规范,用于实现跨平台、跨语言和跨网络的操作,为工业物联网提供一个可靠和安全的数据交换基础。IoTDB
中支持 OPC UA协议, IoTDB OPC Server 支持 Client/Server 和 Pub/Sub 两种通信模式。
+
+### OPC UA Client/Server 模式
+
+- **Client/Server 模式**:在这种模式下,IoTDB 的流处理引擎通过 OPC UA Sink 与 OPC UA
服务器(Server)建立连接。OPC UA 服务器在其地址空间(Address Space) 中维护数据,IoTDB可以请求并获取这些数据。同时,其他OPC
UA客户端(Client)也能访问服务器上的数据。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA01.png"; alt=""
style="width: 70%;"/>
+</div>
+
+
+- 特性:
+
+ - OPC UA 将从 Sink 收到的设备信息,按照树形模型整理到 Objects folder 下的文件夹中。
+ - 每个测点都被记录为一个变量节点,并记录当前数据库中的最新值。
+
+### OPC UA Pub/Sub 模式
+
+- **Pub/Sub 模式**:在这种模式下,IoTDB的流处理引擎通过 OPC UA Sink 向OPC UA
服务器(Server)发送数据变更事件。这些事件被发布到服务器的消息队列中,并通过事件节点 (Event Node) 进行管理。其他OPC
UA客户端(Client)可以订阅这些事件节点,以便在数据变更时接收通知。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA02.png"; alt=""
style="width: 70%;"/>
+</div>
+
+- 特性:
+
+ - 每个测点会被 OPC UA 包装成一个事件节点(EventNode)。
+
+ - 相关字段及其对应含义如下:
+
+ | 字段 | 含义 | 类型(Milo) | 示例 |
+ | :--------- | :--------------- | :------------ | :-------------------- |
+ | Time | 时间戳 | DateTime | 1698907326198 |
+ | SourceName | 测点对应完整路径 | String | root.test.opc.sensor0 |
+ | SourceNode | 测点数据类型 | NodeId | Int32 |
+ | Message | 数据 | LocalizedText | 3.0 |
+
+ - Event 仅会发送给所有已经监听的客户端,客户端未连接则会忽略该 Event。
+
+## IoTDB OPC Server 启动方式
+
+### 语法
+
+创建该 Sink 的语法如下:
+
+```SQL
+create pipe p1
+ with source (...)
+ with processor (...)
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.opcua.tcp.port' = '12686',
+ 'sink.opcua.https.port' = '8443',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root',
+ 'sink.opcua.security.dir' = '...'
+ )
+```
+
+### 参数
+
+| **参数** | **描述** | **取值范围**
| **是否必填** | **默认值**
|
+| ---------------------------------- | ------------------------------ |
-------------------------------- | ------------ |
------------------------------------------------------------ |
+| sink | OPC UA SINK |
String: opc-ua-sink | 必填 |
|
+| sink.opcua.model | OPC UA 使用的模式 | String:
client-server / pub-sub | 选填 | client-server
|
+| sink.opcua.tcp.port | OPC UA 的 TCP 端口 | Integer:
[0, 65536] | 选填 | 12686
|
+| sink.opcua.https.port | OPC UA 的 HTTPS 端口 | Integer:
[0, 65536] | 选填 | 8443
|
+| sink.opcua.security.dir | OPC UA 的密钥及证书目录 | String:
Path,支持绝对及相对目录 | 选填 | iotdb 相关 DataNode 的 conf 目录下的 opc_security 文件夹
/<httpsPort:tcpPort>。<br>如无 iotdb 的 conf 目录(例如 IDEA 中启动 DataNode),则为用户主目录下的
iotdb_opc_security 文件夹 /<httpsPort:tcpPort> |
+| sink.opcua.enable-anonymous-access | OPC UA 是否允许匿名访问 | Boolean
| 选填 | true
|
+| sink.user | 用户,这里指 OPC UA 的允许用户 | String
| 选填 | root
|
+| sink.password | 密码,这里指 OPC UA 的允许密码 | String
| 选填 | root
|
+
+### 示例
+
+```Bash
+create pipe p1
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root');
+start pipe p1;
+```
+
+### 使用限制
+
+1. **必须存在 DataRegion**:在 IoTDB 有 dataRegion 时,OPC UA 的服务器才会启动。因此,对于一个空的
IoTDB,需要写入一条数据,OPC UA 的服务器才有效。
+2. **需连接才有数据**:每一个订阅该服务器的客户端,不会收到 OPC Server 在连接之前写入IoTDB的数据。
+
+3. **多 DataNode 会有分散发送 / 冲突问题**:
+
+ - 对于有多个 dataRegion,且分散在不同 DataNode ip上的 IoTDB 集群,数据会在 dataRegion 的 leader
上分散发送。客户端需要对 DataNode ip 的配置端口分别监听。
+
+ - 建议在 1C1D 下使用该 OPC UA 服务器。
+
+4. **不支持删除数据和修改测点类型:**在Client Server模式下,OPC UA无法删除数据或者改变数据类型的设置。而在Pub
Sub模式下,如果数据被删除了,信息是无法推送给客户端的。
+
+## IoTDB OPC Server 示例
+
+### Client / Server 模式
+
+#### 准备工作
+
+1. 此处以UAExpert客户端为例,下载 UAExpert
客户端:https://www.unified-automation.com/downloads/opc-ua-clients.html
+
+2. 安装 UAExpert,填写自身的证书等信息。
+
+#### 快速开始
+
+1. 使用如下 sql,创建并启动 client-server 模式的 OPC UA Sink。详细语法参见上文:[IoTDB OPC
Server语法](#语法)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink');
+```
+
+2. 写入部分数据。
+
+```SQL
+insert into root.test.db(time, s2) values(now(), 2)
+```
+
+ 此处自动创建元数据开启。
+
+3. 在 UAExpert 中配置 iotdb 的连接,其中 password 填写为上述参数配置中 sink.password
中设定的密码(此处以默认密码root为例):
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA03.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA04.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. 信任服务器的证书后,在左侧 Objects folder 即可看到写入的数据。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA05.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA06.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. 可以将左侧节点拖动到中间,并展示该节点的最新值:
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA07.png"; alt=""
style="width: 60%;"/>
+</div>
+
+### Pub / Sub 模式
+
+#### 准备工作
+
+该代码位于 iotdb-example 包下的 [opc-ua-sink
文件夹](https://github.com/apache/iotdb/tree/master/example/pipe-opc-ua-sink/src/main/java/org/apache/iotdb/opcua)中
+
+代码中包含:
+
+- 主类(ClientTest)
+- Client 证书相关的逻辑(IoTDBKeyStoreLoaderClient)
+- Client 的配置及启动逻辑(ClientExampleRunner)
+- ClientTest 的父类(ClientExample)
+
+### 快速开始
+
+使用步骤为:
+
+1. 打开 IoTDB 并写入部分数据。
+
+```SQL
+insert into root.a.b(time, c, d) values(now(), 1, 2);
+```
+
+ 此处自动创建元数据开启。
+
+2. 使用如下 sql,创建并启动 Pub-Sub 模式的 OPC UA Sink。详细语法参见上文:[IoTDB OPC Server语法](#语法)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink',
+ 'sink.opcua.model'='pub-sub');
+start pipe p1;
+```
+
+ 此时能看到服务器的 conf 目录下创建了 opc 证书相关的目录。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA08.png"; alt=""
style="width: 60%;"/>
+</div>
+
+3. 直接运行 Client 连接,此时 Client 证书被服务器拒收。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA09.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. 进入服务器的 sink.opcua.security.dir 目录下,进入 pki 的 rejected 目录,此时 Client
的证书应该已经在该目录下生成。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA10.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. 将客户端的证书移入(不是复制) 同目录下 trusted 目录的 certs 文件夹中。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA11.png"; alt=""
style="width: 60%;"/>
+</div>
+
+6. 再次打开 Client 连接,此时服务器的证书应该被 Client 拒收。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA12.png"; alt=""
style="width: 60%;"/>
+</div>
+
+7. 进入客户端的 <java.io.tmpdir>/client/security 目录下,进入 pki 的 rejected
目录,将服务器的证书移入(不是复制)trusted 目录。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA13.png"; alt=""
style="width: 60%;"/>
+</div>
+
+8. 打开 Client,此时建立双向信任成功, Client 能够连接到服务器。
+
+9. 向服务器中写入数据,此时 Client 中能够打印出收到的数据。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA14.png"; alt=""
style="width: 60%;"/>
+</div>
+
+
+### 注意事项
+
+1. **单机与集群:**建议使用1C1D单机版,如果集群中有多个 DataNode,可能数据会分散发送在各个 DataNode 上,无法收听到全量数据。
+
+2. **无需操作根目录下证书**:在证书操作过程中,无需操作 IoTDB security 根目录下的 `iotdb-server.pfx` 证书和
client security 目录下的 `example-client.pfx` 目录。Client 和 Server
双向连接时,会将根目录下的证书发给对方,对方如果第一次看见此证书,就会放入 reject dir,如果该证书在 trusted/certs
里面,则能够信任对方。
+
+3. **建议使用** **Java 17+**:在 JVM 8 的版本中,可能会存在密钥长度限制,报 Illegal key size
错误。对于特定版本(如 jdk.1.8u151+),可以在 ClientExampleRunner 的 create client 里加入
`Security.`*`setProperty`*`("crypto.policy", "unlimited");` 解决,也可以下载无限制的包
`local_policy.jar` 与 `US_export_policy `解决替换 `JDK/jre/lib/security
`目录下的包解决,下载网址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html。
diff --git a/src/zh/UserGuide/Master/QuickStart/QuickStart_apache.md
b/src/zh/UserGuide/Master/QuickStart/QuickStart_apache.md
index 79e33f67..b26322a4 100644
--- a/src/zh/UserGuide/Master/QuickStart/QuickStart_apache.md
+++ b/src/zh/UserGuide/Master/QuickStart/QuickStart_apache.md
@@ -71,9 +71,10 @@ IoTDB 除了自身拥有丰富的功能外,其周边的工具体系包含的
- 测试工具:IoT-benchmark 是一个基于 Java
和大数据环境开发的时序数据库基准测试工具,由清华大学软件学院研发并开源。它支持多种写入和查询方式,能够存储测试信息和结果供进一步查询或分析,并支持与
Tableau 集成以可视化测试结果。具体使用介绍请查看:[测试工具](../Tools-System/Benchmark.md)
- - 数据导入导出脚本:用于实现 IoTDB
内部数据与外部文件的交互,适用于单个文件或目录文件批量操作,具体使用介绍请查看:[数据导入导出脚本](../Tools-System/Data-Import-Export-Tool.md)
-
- - TsFile 导入导出脚本:针对于不同场景,IoTDB 为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[TsFile
导入导出脚本](../Tools-System/TsFile-Import-Export-Tool.md)
+ - 数据导入脚本:针对于不同场景,IoTDB
为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[数据导入](../Tools-System/Data-Import-Tool.md)
+
+
+ - 数据导出脚本:针对于不同场景,IoTDB
为用户提供多种批量导出数据的操作方式,具体使用介绍请查看:[数据导出](../Tools-System/Data-Export-Tool.md)
## 使用过程中遇到问题?
diff --git a/src/zh/UserGuide/Master/QuickStart/QuickStart_timecho.md
b/src/zh/UserGuide/Master/QuickStart/QuickStart_timecho.md
index 2ee3e471..12960a1d 100644
--- a/src/zh/UserGuide/Master/QuickStart/QuickStart_timecho.md
+++ b/src/zh/UserGuide/Master/QuickStart/QuickStart_timecho.md
@@ -83,9 +83,10 @@ IoTDB 除了自身拥有丰富的功能外,其周边的工具体系包含的
- 测试工具:IoT-benchmark 是一个基于 Java
和大数据环境开发的时序数据库基准测试工具,由清华大学软件学院研发并开源。它支持多种写入和查询方式,能够存储测试信息和结果供进一步查询或分析,并支持与
Tableau 集成以可视化测试结果。具体使用介绍请查看:[测试工具](../Tools-System/Benchmark.md)
- - 数据导入导出脚本:用于实现 IoTDB
内部数据与外部文件的交互,适用于单个文件或目录文件批量操作,具体使用介绍请查看:[数据导入导出脚本](../Tools-System/Data-Import-Export-Tool.md)
+ - 数据导入脚本:针对于不同场景,IoTDB
为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[数据导入](../Tools-System/Data-Import-Tool.md)
- - TsFile 导入导出脚本:针对于不同场景,IoTDB 为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[TsFile
导入导出脚本](../Tools-System/TsFile-Import-Export-Tool.md)
+
+ - 数据导出脚本:针对于不同场景,IoTDB
为用户提供多种批量导出数据的操作方式,具体使用介绍请查看:[数据导出](../Tools-System/Data-Export-Tool.md)
## 使用过程中遇到问题?
diff --git a/src/zh/UserGuide/latest/API/Programming-OPC-UA.md
b/src/zh/UserGuide/latest/API/Programming-OPC-UA.md
new file mode 100644
index 00000000..74db4c9d
--- /dev/null
+++ b/src/zh/UserGuide/latest/API/Programming-OPC-UA.md
@@ -0,0 +1,256 @@
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+# OPC UA 协议
+
+## OPC UA
+
+OPC UA
是一种在自动化领域用于不同设备和系统之间进行通信的技术规范,用于实现跨平台、跨语言和跨网络的操作,为工业物联网提供一个可靠和安全的数据交换基础。IoTDB
中支持 OPC UA协议, IoTDB OPC Server 支持 Client/Server 和 Pub/Sub 两种通信模式。
+
+### OPC UA Client/Server 模式
+
+- **Client/Server 模式**:在这种模式下,IoTDB 的流处理引擎通过 OPC UA Sink 与 OPC UA
服务器(Server)建立连接。OPC UA 服务器在其地址空间(Address Space) 中维护数据,IoTDB可以请求并获取这些数据。同时,其他OPC
UA客户端(Client)也能访问服务器上的数据。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA01.png"; alt=""
style="width: 70%;"/>
+</div>
+
+
+- 特性:
+
+ - OPC UA 将从 Sink 收到的设备信息,按照树形模型整理到 Objects folder 下的文件夹中。
+ - 每个测点都被记录为一个变量节点,并记录当前数据库中的最新值。
+
+### OPC UA Pub/Sub 模式
+
+- **Pub/Sub 模式**:在这种模式下,IoTDB的流处理引擎通过 OPC UA Sink 向OPC UA
服务器(Server)发送数据变更事件。这些事件被发布到服务器的消息队列中,并通过事件节点 (Event Node) 进行管理。其他OPC
UA客户端(Client)可以订阅这些事件节点,以便在数据变更时接收通知。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA02.png"; alt=""
style="width: 70%;"/>
+</div>
+
+- 特性:
+
+ - 每个测点会被 OPC UA 包装成一个事件节点(EventNode)。
+
+ - 相关字段及其对应含义如下:
+
+ | 字段 | 含义 | 类型(Milo) | 示例 |
+ | :--------- | :--------------- | :------------ | :-------------------- |
+ | Time | 时间戳 | DateTime | 1698907326198 |
+ | SourceName | 测点对应完整路径 | String | root.test.opc.sensor0 |
+ | SourceNode | 测点数据类型 | NodeId | Int32 |
+ | Message | 数据 | LocalizedText | 3.0 |
+
+ - Event 仅会发送给所有已经监听的客户端,客户端未连接则会忽略该 Event。
+
+## IoTDB OPC Server 启动方式
+
+### 语法
+
+创建该 Sink 的语法如下:
+
+```SQL
+create pipe p1
+ with source (...)
+ with processor (...)
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.opcua.tcp.port' = '12686',
+ 'sink.opcua.https.port' = '8443',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root',
+ 'sink.opcua.security.dir' = '...'
+ )
+```
+
+### 参数
+
+| **参数** | **描述** | **取值范围**
| **是否必填** | **默认值**
|
+| ---------------------------------- | ------------------------------ |
-------------------------------- | ------------ |
------------------------------------------------------------ |
+| sink | OPC UA SINK |
String: opc-ua-sink | 必填 |
|
+| sink.opcua.model | OPC UA 使用的模式 | String:
client-server / pub-sub | 选填 | client-server
|
+| sink.opcua.tcp.port | OPC UA 的 TCP 端口 | Integer:
[0, 65536] | 选填 | 12686
|
+| sink.opcua.https.port | OPC UA 的 HTTPS 端口 | Integer:
[0, 65536] | 选填 | 8443
|
+| sink.opcua.security.dir | OPC UA 的密钥及证书目录 | String:
Path,支持绝对及相对目录 | 选填 | iotdb 相关 DataNode 的 conf 目录下的 opc_security 文件夹
/<httpsPort:tcpPort>。<br>如无 iotdb 的 conf 目录(例如 IDEA 中启动 DataNode),则为用户主目录下的
iotdb_opc_security 文件夹 /<httpsPort:tcpPort> |
+| sink.opcua.enable-anonymous-access | OPC UA 是否允许匿名访问 | Boolean
| 选填 | true
|
+| sink.user | 用户,这里指 OPC UA 的允许用户 | String
| 选填 | root
|
+| sink.password | 密码,这里指 OPC UA 的允许密码 | String
| 选填 | root
|
+
+### 示例
+
+```Bash
+create pipe p1
+ with sink ('sink' = 'opc-ua-sink',
+ 'sink.user' = 'root',
+ 'sink.password' = 'root');
+start pipe p1;
+```
+
+### 使用限制
+
+1. **必须存在 DataRegion**:在 IoTDB 有 dataRegion 时,OPC UA 的服务器才会启动。因此,对于一个空的
IoTDB,需要写入一条数据,OPC UA 的服务器才有效。
+2. **需连接才有数据**:每一个订阅该服务器的客户端,不会收到 OPC Server 在连接之前写入IoTDB的数据。
+
+3. **多 DataNode 会有分散发送 / 冲突问题**:
+
+ - 对于有多个 dataRegion,且分散在不同 DataNode ip上的 IoTDB 集群,数据会在 dataRegion 的 leader
上分散发送。客户端需要对 DataNode ip 的配置端口分别监听。
+
+ - 建议在 1C1D 下使用该 OPC UA 服务器。
+
+4. **不支持删除数据和修改测点类型:**在Client Server模式下,OPC UA无法删除数据或者改变数据类型的设置。而在Pub
Sub模式下,如果数据被删除了,信息是无法推送给客户端的。
+
+## IoTDB OPC Server 示例
+
+### Client / Server 模式
+
+#### 准备工作
+
+1. 此处以UAExpert客户端为例,下载 UAExpert
客户端:https://www.unified-automation.com/downloads/opc-ua-clients.html
+
+2. 安装 UAExpert,填写自身的证书等信息。
+
+#### 快速开始
+
+1. 使用如下 sql,创建并启动 client-server 模式的 OPC UA Sink。详细语法参见上文:[IoTDB OPC
Server语法](#语法)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink');
+```
+
+2. 写入部分数据。
+
+```SQL
+insert into root.test.db(time, s2) values(now(), 2)
+```
+
+ 此处自动创建元数据开启。
+
+3. 在 UAExpert 中配置 iotdb 的连接,其中 password 填写为上述参数配置中 sink.password
中设定的密码(此处以默认密码root为例):
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA03.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA04.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. 信任服务器的证书后,在左侧 Objects folder 即可看到写入的数据。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA05.png"; alt=""
style="width: 60%;"/>
+</div>
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA06.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. 可以将左侧节点拖动到中间,并展示该节点的最新值:
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA07.png"; alt=""
style="width: 60%;"/>
+</div>
+
+### Pub / Sub 模式
+
+#### 准备工作
+
+该代码位于 iotdb-example 包下的 [opc-ua-sink
文件夹](https://github.com/apache/iotdb/tree/master/example/pipe-opc-ua-sink/src/main/java/org/apache/iotdb/opcua)中
+
+代码中包含:
+
+- 主类(ClientTest)
+- Client 证书相关的逻辑(IoTDBKeyStoreLoaderClient)
+- Client 的配置及启动逻辑(ClientExampleRunner)
+- ClientTest 的父类(ClientExample)
+
+### 快速开始
+
+使用步骤为:
+
+1. 打开 IoTDB 并写入部分数据。
+
+```SQL
+insert into root.a.b(time, c, d) values(now(), 1, 2);
+```
+
+ 此处自动创建元数据开启。
+
+2. 使用如下 sql,创建并启动 Pub-Sub 模式的 OPC UA Sink。详细语法参见上文:[IoTDB OPC Server语法](#语法)
+
+```SQL
+create pipe p1 with sink ('sink'='opc-ua-sink',
+ 'sink.opcua.model'='pub-sub');
+start pipe p1;
+```
+
+ 此时能看到服务器的 conf 目录下创建了 opc 证书相关的目录。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA08.png"; alt=""
style="width: 60%;"/>
+</div>
+
+3. 直接运行 Client 连接,此时 Client 证书被服务器拒收。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA09.png"; alt=""
style="width: 60%;"/>
+</div>
+
+4. 进入服务器的 sink.opcua.security.dir 目录下,进入 pki 的 rejected 目录,此时 Client
的证书应该已经在该目录下生成。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA10.png"; alt=""
style="width: 60%;"/>
+</div>
+
+5. 将客户端的证书移入(不是复制) 同目录下 trusted 目录的 certs 文件夹中。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA11.png"; alt=""
style="width: 60%;"/>
+</div>
+
+6. 再次打开 Client 连接,此时服务器的证书应该被 Client 拒收。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA12.png"; alt=""
style="width: 60%;"/>
+</div>
+
+7. 进入客户端的 <java.io.tmpdir>/client/security 目录下,进入 pki 的 rejected
目录,将服务器的证书移入(不是复制)trusted 目录。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA13.png"; alt=""
style="width: 60%;"/>
+</div>
+
+8. 打开 Client,此时建立双向信任成功, Client 能够连接到服务器。
+
+9. 向服务器中写入数据,此时 Client 中能够打印出收到的数据。
+
+<div align="center">
+ <img src="https://alioss.timecho.com/docs/img/OPCUA14.png"; alt=""
style="width: 60%;"/>
+</div>
+
+
+### 注意事项
+
+1. **单机与集群:**建议使用1C1D单机版,如果集群中有多个 DataNode,可能数据会分散发送在各个 DataNode 上,无法收听到全量数据。
+
+2. **无需操作根目录下证书**:在证书操作过程中,无需操作 IoTDB security 根目录下的 `iotdb-server.pfx` 证书和
client security 目录下的 `example-client.pfx` 目录。Client 和 Server
双向连接时,会将根目录下的证书发给对方,对方如果第一次看见此证书,就会放入 reject dir,如果该证书在 trusted/certs
里面,则能够信任对方。
+
+3. **建议使用** **Java 17+**:在 JVM 8 的版本中,可能会存在密钥长度限制,报 Illegal key size
错误。对于特定版本(如 jdk.1.8u151+),可以在 ClientExampleRunner 的 create client 里加入
`Security.`*`setProperty`*`("crypto.policy", "unlimited");` 解决,也可以下载无限制的包
`local_policy.jar` 与 `US_export_policy `解决替换 `JDK/jre/lib/security
`目录下的包解决,下载网址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html。
diff --git a/src/zh/UserGuide/latest/QuickStart/QuickStart_apache.md
b/src/zh/UserGuide/latest/QuickStart/QuickStart_apache.md
index 79e33f67..15ae1f26 100644
--- a/src/zh/UserGuide/latest/QuickStart/QuickStart_apache.md
+++ b/src/zh/UserGuide/latest/QuickStart/QuickStart_apache.md
@@ -71,9 +71,10 @@ IoTDB 除了自身拥有丰富的功能外,其周边的工具体系包含的
- 测试工具:IoT-benchmark 是一个基于 Java
和大数据环境开发的时序数据库基准测试工具,由清华大学软件学院研发并开源。它支持多种写入和查询方式,能够存储测试信息和结果供进一步查询或分析,并支持与
Tableau 集成以可视化测试结果。具体使用介绍请查看:[测试工具](../Tools-System/Benchmark.md)
- - 数据导入导出脚本:用于实现 IoTDB
内部数据与外部文件的交互,适用于单个文件或目录文件批量操作,具体使用介绍请查看:[数据导入导出脚本](../Tools-System/Data-Import-Export-Tool.md)
+ - 数据导入脚本:针对于不同场景,IoTDB
为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[数据导入](../Tools-System/Data-Import-Tool.md)
- - TsFile 导入导出脚本:针对于不同场景,IoTDB 为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[TsFile
导入导出脚本](../Tools-System/TsFile-Import-Export-Tool.md)
+
+ - 数据导出脚本:针对于不同场景,IoTDB
为用户提供多种批量导出数据的操作方式,具体使用介绍请查看:[数据导出](../Tools-System/Data-Export-Tool.md)
## 使用过程中遇到问题?
diff --git a/src/zh/UserGuide/latest/QuickStart/QuickStart_timecho.md
b/src/zh/UserGuide/latest/QuickStart/QuickStart_timecho.md
index 2ee3e471..12960a1d 100644
--- a/src/zh/UserGuide/latest/QuickStart/QuickStart_timecho.md
+++ b/src/zh/UserGuide/latest/QuickStart/QuickStart_timecho.md
@@ -83,9 +83,10 @@ IoTDB 除了自身拥有丰富的功能外,其周边的工具体系包含的
- 测试工具:IoT-benchmark 是一个基于 Java
和大数据环境开发的时序数据库基准测试工具,由清华大学软件学院研发并开源。它支持多种写入和查询方式,能够存储测试信息和结果供进一步查询或分析,并支持与
Tableau 集成以可视化测试结果。具体使用介绍请查看:[测试工具](../Tools-System/Benchmark.md)
- - 数据导入导出脚本:用于实现 IoTDB
内部数据与外部文件的交互,适用于单个文件或目录文件批量操作,具体使用介绍请查看:[数据导入导出脚本](../Tools-System/Data-Import-Export-Tool.md)
+ - 数据导入脚本:针对于不同场景,IoTDB
为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[数据导入](../Tools-System/Data-Import-Tool.md)
- - TsFile 导入导出脚本:针对于不同场景,IoTDB 为用户提供多种批量导入数据的操作方式,具体使用介绍请查看:[TsFile
导入导出脚本](../Tools-System/TsFile-Import-Export-Tool.md)
+
+ - 数据导出脚本:针对于不同场景,IoTDB
为用户提供多种批量导出数据的操作方式,具体使用介绍请查看:[数据导出](../Tools-System/Data-Export-Tool.md)
## 使用过程中遇到问题?
![https://alioss.timecho.com/docs/img/OPCUA15.png"](https://alioss.timecho.com/docs/img/OPCUA15.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA16.png"](https://alioss.timecho.com/docs/img/OPCUA16.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA03.png"](https://alioss.timecho.com/docs/img/OPCUA03.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA04.png"](https://alioss.timecho.com/docs/img/OPCUA04.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA05.png"](https://alioss.timecho.com/docs/img/OPCUA05.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA06.png"](https://alioss.timecho.com/docs/img/OPCUA06.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA07.png"](https://alioss.timecho.com/docs/img/OPCUA07.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA08.png"](https://alioss.timecho.com/docs/img/OPCUA08.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA09.png"](https://alioss.timecho.com/docs/img/OPCUA09.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA10.png"](https://alioss.timecho.com/docs/img/OPCUA10.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA11.png"](https://alioss.timecho.com/docs/img/OPCUA11.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA12.png"](https://alioss.timecho.com/docs/img/OPCUA12.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA13.png"](https://alioss.timecho.com/docs/img/OPCUA13.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA14.png"](https://alioss.timecho.com/docs/img/OPCUA14.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA01.png"](https://alioss.timecho.com/docs/img/OPCUA01.png"){kind=link}
![https://alioss.timecho.com/docs/img/OPCUA02.png"](https://alioss.timecho.com/docs/img/OPCUA02.png"){kind=link}