Ignition 8.1 Commissioning Automation

Has anyone been able to use a custom hash for the commissioning file when installing 8.1? Currently we use the modifications outlined here: ZIP File Installations - Ignition User Manual 8.1 - Ignition Documentation.

{
  "isCommissioned": "COMMISSIONING",
  "connections.useSsl": "false",
  "eulaSetup.accepted": "true",
  "eulaSetup.eula": "TuLW3I1yHBlo9kuqbxz5cDFPf5H4/zqSpbO93Tk7Hco=",
  "authSetup.username": "admin",
  "authSetup.password": "[e811cfc7]fc3b28ad5f73331c94790129f0931437ac31d59376b0e4b15df580a8841ba165"
}

This sets the password to the default, which is great, but I was looking to put our custom password in there instead.

@Kevin.Collins reverse-engineered it (before he was hired) and has a bash snippet available that he uses in his docker images.

3 Likes

I’ll add that you can use the same environment variables within a regular installation that you’d use for auto-commissioning a Docker container. Setting these vars will satisfy commissioning and continue with Gateway startup automatically:

  • IGNITION_EDITION=standard
  • GATEWAY_ADMIN_PASSWORD=password
  • ACCEPT_IGNITION_EULA=Y
  • GATEWAY_DEFAULT_PORTS=true

Alternatively, you can also specify all the individual ports:

  • GATEWAY_HTTP_PORT=8088
  • GATEWAY_HTTPS_PORT=8043
  • GATEWAY_GAN_PORT=8060

A couple other bonus tips:

  • You can also specify GATEWAY_ADMIN_PASSWORD_FILE=/path/to/file where the contents of the file feed the environment variable.
  • The final value of GATEWAY_ADMIN_PASSWORD (whether directly or by file) can also be a salted hash (created using the code Paul posted above) instead of an explicit password.

Seeding the commissioning file directly is also perfectly valid, but I wanted to mention this in the event that it wasn’t known that these particular environment variables were actually integrated into the platform itself for 8.1.9+ (and not just part of our Docker image entrypoint logic).

1 Like

Thanks for all the tips. We’re not using Docker images, which is why we opted to seed the commissioning file. I did try to seed the commissioning file on an upgrade of 7.9 to 8.1, with the admin password. A temp user source, like when resetting the password using the gwcmd was created with the new admin user.

The GitHub repo was great and it’s very helpful to be able to input our own hash in this way during commissioning to automate some of this. This didn’t help much in the upgrade of 7.9 to 8.1 though because of the mentioned temp user source that was created.

IIRC, you shouldn’t need to define a password during commissioning on an upgrade from 7.9 to 8.x (and doing so will perform a password reset, as you note).

Yes. That’s correct. No need to enter a new user/password into there.

The EULA does make a return though, which is what we were able to skip through on initial deployment by seeding the commissioning.json file.

I was looking to see if there was a way to skip the EULA in the same way. I had tested this without setting up the user and password in the commissioning file, and a new user was requested in the EULA prompt also. The provided Github repo solution uses curl and basically accepts the EULA that way.

Ahhh, I see… Yes, it would be easiest to just add the ACCEPT_IGNITION_EULA=Y var to your environment then… If you’re on Linux, see an example below for updating the systemd override file with additional environment variables:

https://asciinema.org/a/KnHcZHFOxr5cPNkOR4BkEPnNO