azure-industrial-iot Helm chart 0.4.3

This is the release of 0.4.3 version of azure-industrial-iot Helm chart, which deploys 2.8.3 version of Azure Industrial IoT components. Release notes for 2.8.3 version of Azure Industrial IoT components can be found here.

Our new release can be found on ArtifactHub.

Azure Industrial IoT Release 2.8.3

We are pleased to announce the release of version 2.8.3 of our Industrial IoT Platform components as a third patch update of the 2.8 Long-Term Support (LTS) release. This release contains important security updates fixes, performance optimizations and bugfixes.

IMPORTANT
We suggest updating from the version 2.5 or later to ensure secure operations of your deployment. OPC Publisher 2.8.3 addresses backwards compatibilities issues with version 2.5.x.

The detailed changes delivered in 2.8.3 are the following:

Security related fixes

• Updated OPC UA Stack NuGet to the latest (1.4.368.58) addressing the following issues security vulnerabilities: CVE-2022-29862, CVE-2022-29863, CVE-2022-29864, CVE-2022-29865 and CVE-2022-29866
• Upgraded SSH.NET package to 2020.0.2 to address CVE-2022-29245.

Fundamentals related fixes

• [OPC Publisher] option to route telemetry to a specific output route was added

Bug fixes

• [OPC Publisher] Removed timestamps from metrics and updated the affected dashboard queries
• [OPC Publisher] Fixed issue with large configurations when publisher running in orchestrated mode related to CosmosDB continuation tokens handling
• [OPC Publisher] Publisher 2.8.2: Could not send worker heartbeat - eventually crashing and not restarting #1701
• [OPC Publisher] Fix for false alarm sequence number mismatch warning in case of keep-alive messages
• [Deployment] TLS certificate broken after upgrading of the AKS cluster #1389
• [Registry API] Number of MaxWorker not returned while reading publisher configuration

Deployment Instructions

For guidance on how to get started please follow our documentation or for more detailed instructions see our Industrial IoT Platform operations manual.

Bugs and Feedback

Please continue to leverage GitHub to notify the team of any issues you encounter, suggestions for the future, and any other comments you may have about this project.

azure-industrial-iot Helm chart 0.4.2

This is the release of 0.4.2 version of azure-industrial-iot Helm chart, which deploys 2.8.2 version of Azure Industrial IoT components. Release notes for 2.8.2 version of Azure Industrial IoT components can be found here.

Helm chart related changes:

• Updated Ingress resource to support networking.k8s.io/v1 API version. #1461

Our new release can be found on ArtifactHub.

Azure Industrial IoT Release 2.8.2

We are pleased to announce the release of version 2.8.2 of our Industrial IoT Platform components as a second patch update of the 2.8 Long-Term Support (LTS) release. This release contains important backward compatibility fixes, performance optimizations as well as security updates and bugfixes.

IMPORTANT
We suggest to update from the version 2.5 or later to ensure secure operations of your deployment. OPC Publisher 2.8.2 addresses backwards compatibilities issues with version 2.5.x.

The detailed changes delivered in 2.8.2 are the following:

Fundamentals related fixes

• [OPC Publisher] Implemented the backwards compatible Direct Methods API of 2.5.x publisher. The migration path is documented here.
• [OPC Publisher] Optimizations in opc subscriptions/monitored items management in case of configuration changes. Only incremental changes are applied to a subscription.
• [OPC Publisher] Added support for setting QueueSize on monitored items for publisher in standalone mode.
• [OPC Publisher] Hardened the retry mechanism for activating monitored items.
• Various extensions for E2E Test Pipeline including testing publisher PubSub message mode to cover more customer scenarios.

Security related fixes

• Updated several NuGet dependencies to latest and SDK to .Net core 3.1
• Updated OPC UA Stack NuGet to the latest (1.4.367.95)
• Applied findings during the penetration testing

Bug fixes

• [OPC Publisher] Orchestrated Publisher: Container create option "--mm=PubSub" not working (#1437)
• [OPC Publisher] Missing EndpointUrl in telemetry format (#1385)
• [OPC Publisher] Is mandatory encryption when UseSecurity OpcAuthenticationMode=UsernamePassword (#1477)
• [OPC Publisher] pn.json schema validation backwards compatibility issues (#1469)
• [OPC Publisher] Update opc publisher configuration without reconnect (#1438)
• [OPC Publisher] IoT Hub routing to blob and event grid do not understand application/ua+json content type, require application/json to work
• [OPC Publisher] Session Manager keeps reporting "Failed to create session (BadNotConnected)" even though that connection has been removed from pn.json (#1530)
• [OPC Publisher] System.InvalidOperationException: Subscriber list is modified while subscriptions are removed (#1333)
• [OPC Publisher] Optimized support for file polling to identify changes in publishernode.json file
• [OPC Publisher] added connection status diagnostic and number of good/bad monitored items
• [OPC Publisher] added health checks
• [OPC Publisher] document all env variables/cli arguments
• [OPC Publisher] Additional logging for errors of monitored items subscriptions
• [OPC Publisher] Adding two additional error codes as possible results of the call of the service ActivateSession (BadInvalidState and BadRequestTimeout), which do not have to result in cleanup, disposing and recreation of the current session
• [IAI] Metricscollector module fails to start in an IAI based deployment
• [IAI] Disable telemetry cdm processor
• [IAI] Upgraded Kubernetes version in AKS from 1.19.11 to 1.21.9
• [Deployment] Update TLS settings in Windows VM deployment
• [Deployment] Remove experimental micro-services from service-all
• [Deployment] IIoT Diagnostics in Engineering tool seem not to work properly
• [Deployment] Prevent Execution of IoT edge modules as root by reducing capabilities of edge module

Deployment Instructions

For guidance on how to get started please follow our documentation or for more detailed instructions see our Industrial IoT Platform operations manual.

Bugs and Feedback

Please continue to leverage GitHub to notify the team of any issues you encounter, suggestions for the future, and any other comments you may have about this project.

OPC Publisher Release 2.5.6

This release updates the 2.5 version of OPC Publisher (2.5.5) to fix reported customer issues. Changes included in this release:

• Update Nuget dependencies to latest including the UA communication library.
• Fixes an issue on windows containers when new certificates in the directory store can not access the key set.
• Improve logging output.

This release supersedes all previous releases of OPC Publisher 2.5, including 2.5.4 and 2.5.5, which will not be supported anymore. Please update to 2.5.6 to ensure you are running the most secure version of 2.5.

What's Changed

• Publisher 2.5.6, fix for ICM ticket, refactor config and latest Nuget packages. by @mregen in #1505

Full Changelog: 2.5.5...2.5.6

azure-industrial-iot Helm chart 0.4.1

This is the release of 0.4.1 version of azure-industrial-iot Helm chart, which deploys 2.8.1 version of Azure Industrial IoT components. Release notes for 2.8.1 version of Azure Industrial IoT components can be found here.

Our new release can be found on ArtifactHub.

Azure Industrial IoT Release 2.8.1

We are pleased to announce the release of version 2.8.1 of our Industrial IoT Platform components as the first patch update of the 2.8 Long-Term Support (LTS) release. This release contains important security updates, bugfixes and performance optimizations.

IMPORTANT
We suggest to update from the version 2.6 or later to ensure secure operations of your deployment. OPC Publisher 2.8.1 is not backwards compatible with version 2.5.x. This will be addressed in the next patch release.

The detailed changes delivered in 2.8.1 are the following:

Security related fixes

• Updated NuGet dependencies to latest and SDK to .Net core 3.1, which fixes several critical vulnerabilities including CVE-2021-34532 and CVE-2021-26701
• Updated OPC UA Stack NuGet to the latest (1.4.367.42)
• Added mitigation description for CosmosDB Jupyter notebook vulnerability

Fundamentals related fixes

• Updated the legal information for OPC UA Stack dependencies
• Various extensions for E2E Test Pipeline including testing publisher PubSub message mode

Bug fixes

• [OPC Publisher] Long format of command line arguments should not be case sensitive (#1385)
• [OPC Publisher] In orchestrated mode fails to generate telemetry when PubSub messages format is used (#1437)
• [OPC Publisher] Duplicate publisher jobs after unregister and new discovery (#685)
• [OPC Publisher] Changing publishednodes.json causes LegacyJobOrchestrator to hang or lock up, does not process changes anymore (#1032)
• [OPC Publisher] Simplified payload identifier detection in NetworkMessageEncoder
• [OPC Publisher] Throughput optimized now to support up to 20k OPC UA data-changes/second
• [OPC Publisher] Startup load time for big configurations (100k+ nodes) reduced to <1s from 20-30 minutes
• [OPC Publisher] System.ObjectDisposedException: Cannot access a disposed object on a System.Threading.Timer fixed (#1169)
• [OPC Publisher] Publishing interval of 0 (max rate) together with non-zero HeartbeatInterval causes DivideByZero exception (#1207)
• [OPC Publisher] Heartbeat not working in newer versions of OPC Publisher (#1133)
• [OPC Publisher] Missing publishednodes.json file (#1313)
• [OPC Publisher] Missing example for string based OPC UA addressing (#1312)
• [Registry API] Setting LogLevel via API now works correctly (#1309)
• [IAI] Fix Kubernetes version selection
• [IAI] Schema of IdentifierUris is causing error when trying to create an App Registration
• [Edge] Restrict IoT Edge deployment to only use TLS 1.2

Deployment Instructions

For guidance on how to get started please follow our documentation or for more detailed instructions see our Industrial IoT Platform operations manual.

Bugs and Feedback

Please continue to leverage GitHub to notify the team of any issues you encounter, suggestions for the future, and any other comments you may have about this project.

OPC Publisher Release 2.5.5

This release updates the 2.5 version of OPC Publisher (2.5.4) to fix several critical vulnerabilities. Changes included in this release:

• Update nuget dependencies to latest and SDK to .net core 3.1. Fixes several critical vulnerabilities. Including CVE-2021-26701, CVE-2019-19135, CVE-2020-8867, CVE-2019-0980, CVE-2019-0981, CVE-2020-29457
• Update base images to latest to fix several critical vulnerabilities in 2.5.4.
• Update Linux base images to Alpine (from Debian) which lowers the size of the OPC Publisher Linux container from 204 to 104 MB.
• Remove dependency on Bouncy castle (*).

This release supersedes all previous releases of OPC Publisher 2.5, including 2.5.4, which will not be supported anymore. Please update to 2.5.5 to ensure you are running the most secure version of 2.5.

(*) Please note: This change removes the SecureIoTHubToken feature which allowed secure storage of connection strings at the edge. This feature predates IoT Edge. Since IoT Edge provides secure storage of connection strings, and since only IoT Edge has ever been supported as runtime for OPC Publisher 2.5, this should not have any impact on existing production scenarios.

azure-industrial-iot Helm chart 0.4.0

This is the release of version 0.4.0 of the azure-industrial-iot Helm chart, which deploys version 2.8.0 of the Azure Industrial IoT components.

Release Notes

• Helm: Updated chart and documentation for 2.8.0 release. #1373
  • Deployment templates and values for experimental Telemetry CDM Processor microservice have been removed.
  • Deployment templates and values for experimental OPC Gateway microservice have been removed.
  • Deployment templates and values for experimental Http Tunnel Processor and Forwarder microservice have been removed.

Our new release can be found on ArtifactHub.

Azure Industrial IoT Release 2.8.0

We are pleased to announce the release of version 2.8.0 of our Industrial IoT Platform as well as the declaration of Long-Term Support (LTS) for this version.
While we continue to develop and release updates to our ongoing projects on GitHub, we now also offer a branch that will only get critical bug fixes and security updates starting in July 2021. Customers can rely upon a longer-term support lifecycle for these LTS builds, providing stability and assurance for the planning on longer time horizons our customers require. The LTS branch offers customers a guarantee that they will benefit from any necessary security or critical bug fixes with minimal impact to their deployments and module interactions. At the same time, customers can access the latest updates in the master branch to keep pace with the latest developments and fastest cycle time for product updates.

IMPORTANT
We suggest to update from the version 2.6 or later to ensure secure operations of your deployment. 2.8.0 is not backwards compatible with version 2.5.

Version 2.8.0 includes an updated version of the IoT Edge Runtime, a new Linux base image for all Linux deployments, and several bug fixes. The detailed changes delivered in 2.8.0 are the following:

IoT Edge related changes

• IoT Edge update from 1.0.9.4 to 1.1 LTS
  This LTS alignment syncs the support stories for IoT Edge and the Azure Industrial Platform, bringing updated capabilities around device scope management.
• OPC stack logging and tracing for better OPC Publisher diagnostics
  In standalone mode the log level specified via command-line arguments now affects the tracing including the OPC UA stack used and provides additional diagnostics information.

Security related fixes

• Alpine images for Linux instead of Debian base images
  The base image for our deployment has been updated to Alpine. This change minimizes the deployment surface area, relevant for support and security considerations, and aligns with the IoT Edge workload container base images.
• Update Windows base images
  Updated Windows base images to latest version to fix security vulnerabilities.
• Update dependencies to latest/fix issues in dependencies as per CG
  We updated all NuGet dependencies to their latest LTS version to address CVE 2021-26701 and other vulnerabilities.

Bug fixes

• Deployment from branches other than release/and from forks is enabled
  Customers can now create their own branching model, including GitHub forks. The deployment script execution has been updated to facilitate support for non-standard branch names.
• Fix for error when deploying the IIoT solution via a deployment script
  Customers can deploy “latest” tag from main line and forks instead of just release branches. Mainline deployment does not fail anymore.
• CA-signed app certs for OPC Publisher are now enabled for standalone mode
  Non-self-signed certificates issued from standard CA are now enabled for the OPC Publisher in production.
• Fixed an issue with OPC Twin causing the first connection attempt to always fail on IoT Edge version 1.1
  The introduction of IoT Edge LTS backwards compatibility breaking change to only use device scope authentication by default introduced an issue for OPC Twin which required a second attempt to activate, which is now fixed.
• Fixed a standard compliance issue for certificate storage naming conventions
  The storage location for certificates in 2.8.0 is now compliant with the OPC UA standard naming convention.
• Introduced proper concurrency barriers #669
  This fixes issues concurrently accessing and updating subscription models inside the OPC Publisher.
• Fixed a rare race condition when publishing nodes.json file to a live IoT Edge with 2.7 on a Linux container
  This fixes an issue, where updating published nodes json file in a live IoT Edge hosting scenario caused issues in 2.7 on Linux where the trigger and read information from file are in a race condition.
• Added file system watcher for file delete operations
  When the published nodes file was deleted, the change was not properly picked up and could result in a crash/non-responsive OPC Publisher.
• Fixed an issue with session management when publishing nodes across groups and assets for the same endpoint
  Sessions are now not being closed and reopened when assets on the same session are updated.
• Fixed an issue with discovery service failing to recognize the local host address #743
  Fixed an exception thrown during discovery when local host cannot be resolved.
• Support flexible worker assignments and avoid NullReferenceException in case of job continuation
  Calling PATCH /registry/v2/publishers/{publisherId} with smaller number of MaxWorker will not result into terminating worker.
• Autofac.Core.DependencyResolutionException at /history/v2/read//values #1137
  Fixes a regression in functionality where several history service calls were not working and causing a crash.
• OPC UA namespace URI changes after parsing it
  Fixes an issue where the namespace uri was changed from its original default by adding a trailing / to the uri part of the node id.
• Failure when more than 486 values are added to the OPC Publisher #813
  Fixes a customer reported issue where the command line argument would update the wrong setting in the OPC Publisher core and causing failures in certain cases.
• Extend matching of subscriptions notification to published nodes
  Using DataSetFieldId as identifier for PubSub payload is not working if published node was defined by Expanded Node ID from published nodes json.
• Cancel the current job when no job is available
  When a job is deleted the OPC Publisher’s job processing operation is not properly stopped.

Deployment Instructions

For guidance on how to get started please follow our documentation or for more detailed instructions see our Industrial IoT Platform operations manual.

Bugs and Feedback

Please continue to leverage GitHub to notify the team of any issues you encounter, suggestions for the future, and any other comments you may have about this project.