HMI kiosk manager
Requires EVA ICS Enterprise.
HMI kiosk is a touch-panel display, which is either connected to embedded UI-computer or has an embedded computer built-in.
HMI Kiosk Manager service allows to orchestrate HMI kiosks and provides the following functions:
Provides a dedicated bus, isolated from the primary EVA ICS node bus, which restricts kiosk communications between each other and permits connections from specified IP addresses/networks only
Allows to monitor states of connected kiosks
Remotely controls kiosk navigation, zoom level and other UI functions
Authenticates kiosks, including one-time-user authentication, so no sensitive information is stored on kiosk remotes
Provides kiosk system management functions: turn the kiosk display on/off, reload the kiosk software, reboot the physical kiosk machine
To have the above functionality, the remote must run either EvaPanel kiosk web browser or an alternative software with compatible bus API.
Note
Kiosk machines MUST have their host names matching the kiosk names, defined in the service.
If a third-party kiosk browser is used, it must connect to the kiosk bus using the client name “eva.panel.KIOSKNAME”.
Creating/managing kiosks
To use eva-shell with the kiosk management service, the service must be either deployed with ID “eva.kioskman.default” or “–kiosk-svc” argument must be provided for all commands executed.
Creating a kiosk connection
After the service is deployed, a kiosk connection can be created with eva-shell:
eva kiosk create test
eva kiosk edit test
Let us review the Kiosk configuration:
auth:
login: username
password: secret
auto_login: true
ip: 172.16.54.129/32
name: test
The configuration allows the kiosk with host name “test” to connect the bus from IP 172.16.54.129. After connecting and loading HMI web application, the kiosk is automatically logged-in with the specified login and password.
Using one-time accounts for authentication
The service sends authentication credentials to kiosk browsers, which may be insecure in case if a remote kiosk system is compromised. To avoid this, one-time accounts can be used. Modify the config as the following:
auth:
login: username
acls:
- operator
- op_xtras
auto_login: true
ip: 172.16.54.129/32
name: test
With the above configuration, the service creates an one-time user account (using the user authentication service, specified in “auth_svc” kiosk manager configuration field) and uses its credentials to log-in the kiosk into the web-HMI application.
The created one-time account has ACLs “operator” and “op_xtras”.
The created one-time account gets the login “OT.username.RANDOM” (where RANDOM is a random sequence of letters and numbers), which can be parsed and used later by HMI web application for its internal purposes.
Listing kiosk states
To list defined kiosks and their states, use the command:
eva kiosk list
To get more information about the particular kiosk: current opened page, CPU architecture, browser version etc., use the command:
eva kiosk info <kiosk_name>
Kiosks may have the following states:
preparing a kiosk is loading HMI web application
loaded the application is loaded and ready to be authenticated
active the application is authenticated and running
Destroying kiosk connection
The command:
eva kiosk destroy <kiosk_name>
destroys the kiosk configuration and immediately disconnects the kiosk from the bus if connected. In case if kiosks are bulk-undeployed, their bus connections are dropped as well.
More functions
To get list of all available functions, execute:
eva kiosk -h
Kiosks and IaC-deployment
The standard IaC and deployment schema does not support kiosk objects. To deploy kiosk configurations remotely, use Bus calls of “kiosk.deploy” and “kiosk.undeploy” kiosk management service methods.
Setup
Use the template EVA_DIR/share/svc-tpl/svc-tpl-kioskman.yml:
# EVA ICS HMI kiosk manager service
command: svc/eva-kioskman
workers: 2
bus:
path: var/bus.ipc
config:
# authentication service (for one-time users)
auth_svc: eva.aaa.localauth
# kiosk bus
broker:
path: 0.0.0.0:7791
buf_size: 8192 # bus buffer size
buf_ttl: 10 # microseconds
timeout: 5 # override the default timeout
user: nobody
Create the service using eva-shell:
eva svc create eva.kioskman.default /opt/eva4/share/svc-tpl/svc-tpl-kioskman.yml
or using the bus CLI client:
cd /opt/eva4
cat DEPLOY.yml | ./bin/yml2mp | \
./sbin/bus ./var/bus.ipc rpc call eva.core svc.deploy -
(see eva.core::svc.deploy for more info)
EAPI methods
See EAPI commons for the common information about the bus, types, errors and RPC calls.
kiosk.alert
Description |
Display an alert |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
text |
String |
Text to display |
yes |
level |
String |
Level (info/warning) |
no |
kiosk.deploy
Description |
Deploy kiosk(s) configurations |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
kiosks |
Struct |
Configuration list |
no |
kiosk.destroy
Description |
Destroy a kiosk |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
i |
String |
Kiosk name |
yes |
kiosk.dev_close
Description |
Close development console |
Parameters |
none |
Returns |
nothing |
kiosk.dev_open
Description |
Open development console |
Parameters |
none |
Returns |
nothing |
kiosk.display
Description |
Display control |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
on |
bool |
Display on/off |
no |
brightness |
f32 |
Display brightness |
no |
kiosk.eval
Description |
Execute JavaScript code inside the web-app |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
code |
String |
JavaScript code to execute |
yes |
kiosk.get_config
Description |
Get kiosk configuration |
Parameters |
required |
Returns |
Kiosk configuration |
Name |
Type |
Description |
Required |
i |
String |
Kiosk name |
yes |
Return payload example:
{
"auth": {
"login": "username",
"password": "secret"
},
"auto_login": true,
"ip": "172.16.54.129/32",
"name": "k1"
}
kiosk.info
Description |
Get the current session info |
Parameters |
none |
Returns |
Session info (struct) |
Return payload example:
{
"agent": "EvaPanel",
"arch": "x86_64",
"current_url": "http://eva/ui/",
"debug": true,
"engine": "wasm",
"home_url": "http://eva/ui/",
"state": "active",
"version": "0.1.1"
}
kiosk.list
Description |
List kiosks |
Parameters |
none |
Returns |
The list of all kiosks, their configurations and states |
Return payload example:
[
{
"agent": "EvaPanel",
"auth": {
"login": "username1",
"password": "secret"
},
"auto_login": true,
"current_url": "http://eva/ui/",
"ip": "172.16.54.129/32",
"name": "k1",
"state": "active",
"version": "0.1.1"
},
{
"agent": null,
"auth": {
"login": "username2",
"acls": ["operator"]
},
"auto_login": false,
"current_url": null,
"ip": "127.0.0.1/32",
"name": "mws1",
"state": null,
"version": null
}
]
kiosk.login
Description |
Perform log-in |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
login |
String |
user login |
yes |
password |
String |
user password |
yes |
kiosk.logout
Description |
Perform log-out |
Parameters |
none |
Returns |
nothing |
kiosk.reboot
Description |
Reboot the kiosk machine |
Parameters |
none |
Returns |
nothing |
kiosk.reload
Description |
Reload the kiosk process |
Parameters |
none |
Returns |
nothing |
kiosk.test
Description |
Test the bus |
Parameters |
none |
Returns |
nothing |
kiosk.undeploy
Description |
Undeploy kiosk(s) configurations |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
kiosks |
Vec<Struct/String> |
Configuration list |
no |
kiosk.zoom
Description |
Web zoom level |
Parameters |
required |
Returns |
nothing |
Name |
Type |
Description |
Required |
level |
f64 |
Zoom level |
yes |