I have a customer who has an on-premises gateway and a cloud gateway. Generally everything runs off the cloud, and the on-prem server has a different purpose in life, but in the event that the internet to their facility goes down, they want the ability to run up the same projects on their local server as a temporary "limp along until the internet comes back" measure.
I've developed everything such that all of the tag bindings will resolve correctly whether the project is running on the local server or the cloud server, so if I export a project from the cloud server and import it to the on-prem server, everything works as desired.
Is there a way to have a script automatically perform that export-import at scheduled times to ensure that any day-to-day development gets captured and copied across to the on-prem server, rather than relying on each contractor to do it manually? It doesn't look like the gwcmd utility can import/export projects, but perhaps if I knew which files to copy, I could set up a simple file copy script?
Could I also do this with the user data, so that all the same users, roles, and credentials are migrated across automatically?
Is there anything else I'd need to do to make this work the way I hope it will?
You should check out the Enterprise Administration Module.
Of course! I knew about that module but didn't think to use it for project synchronisation.
I'll take that to the customer - do you know if it's possible to do it manually? I don't know what state their project budget is at, so I'd like to at least be able to tell them "you can buy a module to do exactly what you want for $X, or take the risk of building a custom unsupported solution yourself". I expect they'll get the EAM - it's not that expensive for just two gateways - but it's always good to give them options.
If you're on 8.x, projects are stored directly on the filesystem as regular directories. You can sync them however you want, though there's a default 5 minute scan rate they might confuse users at first.
Terrific, thanks. What do you mean by a "default 5 minute scan rate"?
Is the user data stored in the file structure somehow as well, or will that be a manual operation (unless they go the EAM route)?
What do you mean by "user data"?
A 5 minute scan rate meaning that, if you do use filesystem operations to push projects between gateways, you won't see those projects (or updates to those projects) for (worst-case) 5 minutes, because there's a constantly running job in the background that scans the
projects/ directory and compares it against the in-memory representation of the project(s). You can adjust that scan rate with a system flag: Gateway Configuration File Reference - Ignition User Manual 8.1 - Ignition Documentation
Got it. That's completely fine, 99.9% of the time nobody will be looking at that server, it's just an "in case of emergency" backup.
By "user data" I just mean the user accounts, roles, etc. If I created a new user on the cloud server, or changed a password for a user on the cloud server, is there a file I could copy over to the local server to have the new user show up there too (and the updated password for the other user)? Obviously the easiest way to do this would be by using external authentication like Azure AD, which is eventually the plan, but I just need to make them aware of the limitations here and now if they choose to do this manually.
If you're using an "internal" user source, user and role information is stored in the internal database. Unfortunately, there's currently no easy way to selectively move part of a gateway's configuration to another system - the only supported way is with a gateway backup, which would restore all of the gateway's configuration.
You can also use a user source that delegates to active directory, or uses a database:
Perspective uses identity providers (IdPs); the Ignition gateway can act as an IdP (delegating authentication to a user source) or you can use a third party IdP.