Is the Telegraf DDS plugin support rti dds security plugin?

8 posts / 0 new
Last post
Offline
Last seen: 13 hours 8 min ago
Joined: 03/24/2022
Posts: 8
Is the Telegraf DDS plugin support rti dds security plugin?

Hi,


Is the Telegraf DDS plugin support rti dds security ?

I wanted use something like the follwoing ,

<element>BuiltinQosSnippetLib::Feature.Security.Enable</element>

        <participant_qos>
        <!-- <property>
          <value>
            <element>
              <name>dds.sec.auth.identity_ca</name>
              <value>file:/abcd/public/cert.pem</value>
            </element>
            ......

           ......
        <participant_qos>    
                
        Telegraf plugin configuration


        #[[inputs.dds_consumer]]
         config_path = "ShapeExample.xml"  
         participant_config = "MyParticipantLibrary::Zero"
         reader_config = "MySubscriber::MySquareReader"
         tag_keys = ["color"]

 

Thanks

Ajesh

Organization:
Offline
Last seen: 3 days 12 hours ago
Joined: 05/23/2013
Posts: 59

Hi ajesh,

Yes, you can use Connext Secure for the Telegraf plugin. The Telegraf plugin uses RTI Go Connector and I just added the security example you can refer. 

https://github.com/rticommunity/rticonnextdds-connector-go/tree/master/examples/security

Thanks,
Kyoungho

 

Tim McGuire's picture
Offline
Last seen: 3 days 16 hours ago
Joined: 09/25/2019
Posts: 5

Hello Ajesh.

I have DDS Secure working with telegraf. It is designed to work with the Shape demo AllowAll security profile.

File Attachments: 
Offline
Last seen: 13 hours 8 min ago
Joined: 03/24/2022
Posts: 8

Thank you Kyoungho and Tim for the answers.

Howver still the issue is not resolved.

The recent error i'm getting is ,

$ ./telegraf --config ./example_configs/dds_to_file.conf
2022-05-12T20:59:23Z I! Starting Telegraf
2022-05-12T20:59:23Z I! Loaded inputs: dds_consumer
2022-05-12T20:59:23Z I! Loaded aggregators:
2022-05-12T20:59:23Z I! Loaded processors:
2022-05-12T20:59:23Z I! Loaded outputs: file
2022-05-12T20:59:23Z I! Tags enabled: host=ubuntu
2022-05-12T20:59:23Z I! [agent] Config: Interval:1s, Quiet:false, Hostname:"ubuntu", Flush Interval:1s
RTIOsapiLibrary_openEx:!open library=libnddssecurity.so: libnddssecurity.so: cannot open shared object file: No such file or directory
DDS_DomainParticipantTrustPlugins_initialize:ERROR: could not load security plugins library or one of its dependencies (e.g., OpenSSL).
DDS_DomainParticipant_createI:!create builtin trust plugins support
DDS_DomainParticipantFactory_create_participant_disabledI:!create participant
DDS_FactoryXmlPlugin_createParticipantWithNameI:!create DomainParticipant
DDS_FactoryXmlPlugin_createParticipant:!create DomainParticipants from XML Participant "::MyParticipantLibrary::Zero"
DDS_DomainParticipantFactory_create_participant_from_config_w_paramsI:!create DomainParticipant from configuration "MyParticipantLibrary::Zero"
DDS_DomainParticipantFactory_create_participant_from_config:!create participant with default parameters
RTIDDSConnector_newI:!new participant
RTIDDSConnector_EntitiesLookupList_delete:RTIDDSConnector
2022-05-12T20:59:23Z I! ERROR: invalid participant profile, xml path or xml profile

Thanks

Howard's picture
Offline
Last seen: 10 hours 2 min ago
Joined: 11/29/2012
Posts: 353

So, it can't find the libnddssecurity.so shared library that implements the DDS security.

1) you have to have the Connext DDS Secure plugins for your target architecture (assuming 64 bit Linux) installed on your computer.  I assume that you are licensed for Connext DDS Secure.  In which case you at least need to install Connext DDS Secure (host+target) on some host and then copy over the required libraries to the host that you're running on

2) if libnddssecurity.so (as well as other required shared libraries) are actually available on your host, then you need to set the LD_LIBRARY_PATH environment variable to tell the application where those libraries are

export LD_LIBRARY_PATH=<directory path where the Connext DDS libraries are for your platform>

 

Tim McGuire's picture
Offline
Last seen: 3 days 16 hours ago
Joined: 09/25/2019
Posts: 5

You may have to set up your environment for Connext DDS as Howard stated, but also your OpenSSL environment as well. Here is an example for the x64Linux4gcc7.3.0 target.

export OPENSSLHOME=/opt/rti/rti_connext_dds-6.1.1/third_party/openssl-1.1.1n/x64Linux4gcc7.3.0/release && \
export PATH=$OPENSSLHOME/bin:${PATH} && \
export LD_LIBRARY_PATH=$OPENSSLHOME/lib:${LD_LIBRARY_PATH} && \
source /opt/rti/rti_connext_dds-6.1.1/resource/scripts/rtisetenv_x64Linux4gcc7.3.0.bash

 

Offline
Last seen: 13 hours 8 min ago
Joined: 03/24/2022
Posts: 8

Thank you for the reply. Now, I could able to start the telegaf dds container with security configuration. There is no more errors. However the strange thing is that , the telegrf is not logging any information.

I used the standard  shapedemo(square) example for sending data with 'Securiy::SecureAllowAll' profile. But its not logging any data.

Also note that, I haven't generated any new certificates and using the existing certificate from the standard connext dds installation.

See the below configuration.

<domain_participant_library name="MyParticipantLibrary">
      <domain_participant name="Zero" domain_ref="MyDomainLibrary::MyDomain">
         <participant_qos name="secureAll_qos" base_name="QosLibrary::SecureAllowAll" />
         <subscriber name="MySubscriber">
            <data_reader name="MySquareReader" topic_ref="Square" />
         </subscriber>
      </domain_participant>
   </domain_participant_library>

Note : when im commenting out the following section , it will start logging.

<!--<participant_qos name="secureAll_qos" base_name="QosLibrary::SecureAllowAll" />-->

Thanks

Offline
Last seen: 13 hours 8 min ago
Joined: 03/24/2022
Posts: 8

Hi All,

Now its start working fine with security secrtificate. The issue was that, the certificate needs to configured explictly through the admin screen(for shape demo). The RTI admin console screen is really a useful tool for debugging issues.

Thank you again for your support.

Regards,

Ajesh