Ability™ Developer Portal v23.1
Try Sandbox for free
Get a month of free access to ABB Ability™ Platform to learn and experiment!
API Playground
Play with ABB Ability™ Platform APIs (no time limits)

# Factory Proxy Installation Guide

# Prerequisites

Before proceeding, complete the Factory Proxy Onboarding / Azure AD registration step and make sure that your hardware specification matches minimum Factory Proxy requirements.

# Installer Package

Install the abb-factory-proxy-installer (go with either A or B).

WARNING

If you are installing it on production environment use your own packages repository or deliver the deb package directly to the factory-proxy machine.

A. Use APT repository (only for DEVELOPMENT)

# Add APT authentication login and password
sudo bash -c 'cat <<EOF > /etc/apt/auth.conf
machine clientsuccess.ability.abb/repo/apt
login ability
password zMrhQ2o8e6z9b0wiFXM
EOF'

# Install the add-apt-repository command if not already installed.
sudo apt-get update && sudo apt install -y software-properties-common

# Add a repository signing key.
curl -sSL 'https://ability:zMrhQ2o8e6z9b0wiFXM@clientsuccess.ability.abb/repo/apt/abilityedge-cst.asc' | sudo apt-key add -

# Add an APT repository.
sudo add-apt-repository 'deb https://clientsuccess.ability.abb/repo/apt/abilityedge-release/ bionic main'

# Refresh the packages list.  
sudo apt update

# Install packages
sudo apt install -y abb-factory-proxy-installer

B. Use DEB package

Download the DEB of the installer, distribute it to your target system and install it.

# Configuration

# Onboarding

Before moving on, make sure you followed the procedure described in Factory Proxy Onboarding.

# Setting up

  1. Login to your factory proxy machine.
  2. Open the configuration file /var/ability/factoryproxy/factoryproxy.env using any editor, i.e. nano:
sudo nano /var/ability/factoryproxy/factoryproxy.env
  1. Fill-in mandatory values:

  • FACTORYPROXYIMAGE

    Provide a docker registry image name and tag that will be used for bootstrapping

    Example:

    FACTORYPROXYIMAGE=abbability.azurecr.io/factory.machine/factory.proxy:1.0.1

  • FACTORYPROXYID

    Provide your FactoryProxyId (the UUID you have entered in the Onboarding phase on the Certificate Manager Portal)

  • PROFILEID

    Provide PKI Profile ID set for your Factory Proxy (the one you have selected in the Onboarding phase on the Certificate Manager Portal)

  • FACTORYPROXYINSTANCEURI

    URL to a OAUTH endpoint to be used to authenticate your proxy

    Use the following:

    FACTORYPROXYINSTANCEURI=https://login.microsoftonline.com/{0}

  • FACTORYPROXYTENANTID

    Azure AD Tenant ID, where factory proxy APP ID was registered.

    If you registered your application in ABB Azure AD use the following:

    FACTORYPROXYTENANTID=372ee9e0-9ce0-4033-a64a-c07073a91ecd

  • FACTORYPROXYSCOPE

    Scope of CMS Resources, factory proxy is authorized to access

    FACTORYPROXYSCOPE=cdeacb74-176f-4ebd-9b5b-a3456c5ee249/.default

  • APIENDPOINTURL

    Base URL of Certificate Manager Service API. Please use the one matching the Global Plane that your environment uses. Example:

    APIENDPOINTURL=api-gop03.test.abilityplatform.abb/cm/

  • HOSTNETWORKINTERFACE

    External (internet facing) network interface name on your machine. Example:

    HOSTNETWORKINTERFACE=eth0

    TIP

    You can check what interfaces are available on your machine with the ip a command.

  • ACL_ALLOWED_SERVER_NAMES

    Comma-separated list of hostnames that will be allowlisted for HTTPS outgoing traffic filter.

    Make sure to add both the OAUTH endpoint's domain and the Global Plane's domain. Example:

    ACL_ALLOWED_SERVER_NAMES="login.microsoftonline.com,api-gop03.test.abilityplatform.abb"
  1. Save your changes.

Serial Port Access

If your Factory Proxy machine communicates with devices via serial port, see this article for additional configuration steps.

# Installation

Finalize the factory proxy set up by executing:

sudo abb-factory-proxy-setup

During that step You will be asked to provide:

  • "Application ID" - ClientID of your application (the one set during Azure AD registration and also provided in the Onboarding phase)
  • "Client Secret" - Client Secret value for your application (the one set during Azure AD registration)
  • "Docker Registry User ID" - Docker registry username
  • "Docker Registry Password" - Docker registry password

# Run

  1. Enable HTTPS transparent proxy
sudo abb-factory-proxy-dante-server-setup
  1. Launch Factory Proxy Service
sudo systemctl enable --now abb-factory-proxy
  1. Verify docker services proxy,broker and modules are up and running
sudo docker service ls
sudo docker ps -a

Typically, you should see 3 modules: factory-proxy, factory-broker, and your own custom module. Note that it might take a bit of time for all of the modules to replicate.

# Reinstallation

In the development environment, you might want to reinstall the Factory Proxy stack, for various reasons. To do that, follow the procedure below to remove the components from your system:

# Clear the TPM
sudo abb_TPMClear_tpm20

# Invoke the uninstallation program
sudo abb-factory-proxy-uninstall

# Remove the packages
sudo apt remove --purge abb-factory-proxy-installer
sudo apt remove --purge dante-server
sudo apt remove --purge redsocks

# Remove configuration files
sudo rm -rf /var/ability/

After that, you can reinstall the stack by following the Installation Procedure.

Last updated: 8/24/2022, 8:00:22 AM

Factory Proxy Configuration Update

Feedback