HMI kiosk manager

Requires EVA ICS Enterprise.

HMI kiosk is a touch-panel display, which is either connected to embedded UI-computer or has an embedded computer built-in.

EvaPanel

HMI Kiosk Manager service allows to orchestrate HMI kiosks and provides the following functions:

  • Provides a dedicated bus, isolated from the primary EVA ICS node bus, which restricts kiosk communications between each other and permits connections from specified IP addresses/networks only

  • Allows to monitor states of connected kiosks

  • Remotely controls kiosk navigation, zoom level and other UI functions

  • Authenticates kiosks, including one-time-user authentication, so no sensitive information is stored on kiosk remotes

  • Provides kiosk system management functions: turn the kiosk display on/off, reload the kiosk software, reboot the physical kiosk machine

Kiosk management

To have the above functionality, the remote must run either EvaPanel kiosk web browser or an alternative software with compatible bus API.

Note

Kiosk machines MUST have their host names matching the kiosk names, defined in the service.

If a third-party kiosk browser is used, it must connect to the kiosk bus using the client name “eva.panel.KIOSKNAME”.

Creating/managing kiosks

To use eva-shell with the kiosk management service, the service must be either deployed with ID “eva.kioskman.default” or “–kiosk-svc” argument must be provided for all commands executed.

Creating a kiosk connection

After the service is deployed, a kiosk connection can be created with eva-shell:

eva kiosk create test
eva kiosk edit test

Let us review the Kiosk configuration:

auth:
  login: username
  password: secret
auto_login: true
ip: 172.16.54.129/32
name: test

The configuration allows the kiosk with host name “test” to connect the bus from IP 172.16.54.129. After connecting and loading HMI web application, the kiosk is automatically logged-in with the specified login and password.

Using one-time accounts for authentication

The service sends authentication credentials to kiosk browsers, which may be insecure in case if a remote kiosk system is compromised. To avoid this, one-time accounts can be used. Modify the config as the following:

auth:
  login: username
  acls:
  - operator
  - op_xtras
auto_login: true
ip: 172.16.54.129/32
name: test

With the above configuration, the service creates an one-time user account (using the user authentication service, specified in “auth_svc” kiosk manager configuration field) and uses its credentials to log-in the kiosk into the web-HMI application.

The created one-time account has ACLs “operator” and “op_xtras”.

The created one-time account gets the login “OT.username.RANDOM” (where RANDOM is a random sequence of letters and numbers), which can be parsed and used later by HMI web application for its internal purposes.

Listing kiosk states

To list defined kiosks and their states, use the command:

eva kiosk list

To get more information about the particular kiosk: current opened page, CPU architecture, browser version etc., use the command:

eva kiosk info <kiosk_name>

Kiosks may have the following states:

  • preparing a kiosk is loading HMI web application

  • loaded the application is loaded and ready to be authenticated

  • active the application is authenticated and running

Destroying kiosk connection

The command:

eva kiosk destroy <kiosk_name>

destroys the kiosk configuration and immediately disconnects the kiosk from the bus if connected. In case if kiosks are bulk-undeployed, their bus connections are dropped as well.

More functions

To get list of all available functions, execute:

eva kiosk -h

Kiosks and IaC-deployment

The standard IaC and deployment schema does not support kiosk objects. To deploy kiosk configurations remotely, use BUS calls of “kiosk.deploy” and “kiosk.undeploy” kiosk management service methods.

Setup

Use the template EVA_DIR/share/svc-tpl/svc-tpl-kioskman.yml:

# EVA ICS HMI kiosk manager service
command: svc/eva-kioskman
workers: 2
bus:
  path: var/bus.ipc
config:
  # authentication service (for one-time users)
  auth_svc: eva.aaa.localauth
  # kiosk bus
  broker:
    path: 0.0.0.0:7791
    buf_size: 8192 # bus buffer size
    buf_ttl: 10 # microseconds
    timeout: 5 # override the default timeout
user: nobody

Create the service using eva-shell:

eva svc create eva.kioskman.default /opt/eva4/share/svc-tpl/svc-tpl-kioskman.yml

or using the bus CLI client:

cd /opt/eva4
cat DEPLOY.yml | ./bin/yml2mp | \
    ./sbin/bus ./var/bus.ipc rpc call eva.core svc.deploy -

(see eva.core::svc.deploy for more info)

EAPI methods

See EAPI commons for the common information about the bus, types, errors and RPC calls.

kiosk.alert

Description

Display an alert

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

text

String

Text to display

yes

level

String

Level (info/warning)

no

kiosk.deploy

Description

Deploy kiosk(s) configurations

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

kiosks

Struct

Configuration list

no

kiosk.destroy

Description

Destroy a kiosk

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

i

String

Kiosk name

yes

kiosk.dev_close

Description

Close development console

Parameters

none

Returns

nothing

kiosk.dev_open

Description

Open development console

Parameters

none

Returns

nothing

kiosk.display

Description

Display control

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

on

bool

Display on/off

no

brightness

f32

Display brightness

no

kiosk.eval

Description

Execute JavaScript code inside the web-app

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

code

String

JavaScript code to execute

yes

kiosk.get_config

Description

Get kiosk configuration

Parameters

required

Returns

Kiosk configuration

Parameters

Name

Type

Description

Required

i

String

Kiosk name

yes

Return payload example:

{
    "auth": {
        "login": "username",
        "password": "secret"
    },
    "auto_login": true,
    "ip": "172.16.54.129/32",
    "name": "k1"
}

kiosk.info

Description

Get the current session info

Parameters

none

Returns

Session info (struct)

Return payload example:

{
    "agent": "EvaPanel",
    "arch": "x86_64",
    "current_url": "http://eva/ui/",
    "debug": true,
    "engine": "wasm",
    "home_url": "http://eva/ui/",
    "state": "active",
    "version": "0.1.1"
}

kiosk.list

Description

List kiosks

Parameters

none

Returns

The list of all kiosks, their configurations and states

Return payload example:

[
    {
        "agent": "EvaPanel",
        "auth": {
            "login": "username1",
            "password": "secret"
        },
        "auto_login": true,
        "current_url": "http://eva/ui/",
        "ip": "172.16.54.129/32",
        "name": "k1",
        "state": "active",
        "version": "0.1.1"
    },
    {
        "agent": null,
        "auth": {
            "login": "username2",
            "acls": ["operator"]
        },
        "auto_login": false,
        "current_url": null,
        "ip": "127.0.0.1/32",
        "name": "mws1",
        "state": null,
        "version": null
    }
]

kiosk.login

Description

Perform log-in

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

login

String

user login

yes

password

String

user password

yes

kiosk.logout

Description

Perform log-out

Parameters

none

Returns

nothing

kiosk.navigate

Description

Open an URL

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

url

String

URL (opens home if not set)

no

kiosk.reboot

Description

Reboot the kiosk machine

Parameters

none

Returns

nothing

kiosk.reload

Description

Reload the kiosk process

Parameters

none

Returns

nothing

kiosk.test

Description

Test the bus

Parameters

none

Returns

nothing

kiosk.undeploy

Description

Undeploy kiosk(s) configurations

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

kiosks

Vec<Struct/String>

Configuration list

no

kiosk.zoom

Description

Web zoom level

Parameters

required

Returns

nothing

Parameters

Name

Type

Description

Required

level

f64

Zoom level

yes