Cirrus MQTT Distributor ACLs Format

I have a Allen Bradley to MQTT gateway by RTA model # 460ETCQT. I have configured it to read 2 PLC tags and mapped them to 2 topics. I am now trying to configure the MQTT Distributer by Cirrus to read those tags. I have downloaded and installed Distributor but am having troubles creating a user to connect to the gateway. Part of the problem is I don’t understand what info I am putting into the ACL in the user configuration. Is that the gateway name, the read write permissions? I have attached a copy of the gateway configuration.

Thanks for the help

of the gateway, right now I just want to read, subscribe, to those topics. I

The Distributor only acts as a server to allow all the clients to connect to it. MQTT works in a publish/subscribe model, so your RTA device will be one client that will publish values to the topics listed and the Distributor I believe by default allows all access with the default configuration. Many people use separate MQTT servers as there’s nothing special since MQTT is an open standard. Many use Mosquitto, I personally use EMQ-X with a MySQL database (same one I use for Ignition) on the backend for authentication/authorization.

You’ll then need the MQTT Engine module on another Ignition server which I believe you’ll set up a custom namespace to read tags from whatever topic/path you publish the tags to. This brings me to the next point in that you’re not going to want to publish them to just CO2_Level or CO2_Flow. You’re going to want to add “paths” in front of this to put them in specific “folders”. So it would be better to use “Site/System/CO2_Level” so that you could have multiple sites with each site having multiple systems and replace these topic path/folder names with your specific information for this instance. Your custom namespace would then have to match this.

Edit: I do highly recommend setting up ACLs though no matter what MQTT broker/server you end up using. You’ll ideally want individual usernames and passwords for each client connecting to the server along with individual ACLs limiting what topics each client has access to read (subscribe) and write (publish) to. Cirrus Link also has documentation on their modules here: MQTT Modules - MQTT Modules for Ignition 8.x - Confluence

Edit 2: As for ACLs, for your john_l user, your ACL could be one of the following (using your tags you have already):

  • W CO2_Level W CO2_Flow
  • W #

The first being the most restrictive (allows writing only to those 2 topics) and the latter being less restrictive (allows writing to any topic).

If using the paths I suggested (replacing with your own site and system names), your ACL would be more like this:

  • W Site/System/#

This only allows writes to the topic level/folder for Site/System to anything it wants, but only in that “folder”. I also like to give my usernames something corresponding to the system name topic path.

1 Like

Thanks Michael, that is my understanding, the distributor is the broker, the RTA is the client. So the client is publishing the topics to the broker. Once there is that connection then I use Transmission to display the tags using Designer in Ignition. But first I have to establish the connection from the client (RTA Gateway) to the broker (Distributor). I’ll give your suggestions on the ACLs a try and see how I make out.

Thanks again

In the MQTT world, everything besides the broker is a client. Just make sure you’re using the MQTT Engine and not Transmission to pull/subscribe to values in the broker. Transmission does the same thing your RTA device is doing now (sends/publishes data to a broker).

1 Like

Mike, thanks for the follow up and sorry for the late reply. The problem I have is getting the RTA gateway, a client, to link to the MQTT Distributor, once I can get that to link I will use MQTT Engine to display my values. This system is something my company is going to expand to but right now I’m just trying to figure it out on my own at home.

Thanks again