Pipelet OCPP Broker – Developer Guide

Product overview

The Pipelet OCPP Toolkit provides a full stack for managing EV charge points via the Open Charge Point Protocol (OCPP) and auxiliary services. It combines a WebSocket broker, dashboard, REST API, service agent, diagnostic server, and a simple OCPP server for testing.

Core components

Broker (pipelet_ocpp_broker.py): WebSocket proxy between stations and backends.
Dashboard (pipelet_dashboard.py): Admin UI plus JSON endpoints.
Service agent (pipelet_service_agent.py): MQTT configuration checker.
Diagnostic server (pipelet_diagnostic_server.py): HTTP/FTP uploads and listing.
Simple OCPP server (pipelet_ocpp_server.py): Reference CSMS with PNC helpers.
MQTT checker: Validates station settings and connectivity via the service agent.

Documentation links

Architecture

Data path

Charge points connect via WebSocket to the Broker.
Broker routes to configured backends and exposes REST helpers for OCPP calls.
Dashboard and REST API present management and monitoring views.
Service agent performs MQTT-based configuration checks.
Diagnostic server collects GetDiagnostics uploads over HTTP/FTP.
Simple OCPP server offers a test CSMS and PNC/ISO 15118 helpers.

Processes & ports (defaults)

Broker: WebSocket listener(s), TLS optional.
REST API (pipelet_rest_api.py): port 9750.
OCPP server: port 9751.
Dashboard: port 5000.
Diagnostic server: port 9090 + FTP service.

Getting Started

Clone: git clone https://github.com/pipelet/Pipelet-OCPP-Broker.git
Python: Install Python 3.10+ and virtualenv.
Create venv: python3 -m venv .venv && source .venv/bin/activate
Install deps: pip install -r requirements.txt
Configure: Copy config.json (or config.multi_listener.example.json) and fill TLS, database, and token values.
Seed DB: Apply required SQL files (see Installation).
Run services (examples):
- python pipelet_ocpp_broker.py
- python pipelet_rest_api.py
- python pipelet_ocpp_server.py
- python pipelet_dashboard.py
- python pipelet_diagnostic_server.py
- python pipelet_service_agent.py
Tokens & environment: Export bearer tokens for dashboard/REST calls and optional OCPI forwarding token.

Installation & prerequisites

Requirements

Python 3.10+ (recommended).
virtualenv for isolated environments.
MySQL/MariaDB reachable for operational tables.
OpenSSL for TLS certificates (Let’s Encrypt supported).

Database setup

Apply SQL schemas from sql/ as needed:

op_messages.sql, op_targets.sql – broker routing and message store.
op_redirects.sql – redirect management for dashboard/REST.
op_config.sql, op_config_rules.sql, op_config_station_rules.sql – configuration checker.
op_emsp_tokens.sql – EMSP token storage.
Optional: op_broker_workflows.sql, op_wb_config_keys.sql, op_fault_detection_rules_update.sql, etc.

Configuration files

config.json: main settings (broker listeners, dashboard port, MySQL, Hubject, OCPI, logging, TLS paths). Defaults include WebSocket ping_interval/ping_timeout.
config.multi_listener.example.json: sample for multiple WebSocket listeners.
Environment variables: optional overrides for ports, OCPI endpoints, and alert webhooks (see README).

Deployment

Configuration

Update config.json with listener ip/port, certfile, keyfile, and force_tls12 if required.
Set dashboard_port, REST/OCPP server ports, and database credentials.
Enable alert webhooks or structured JSON logging under logging and alerts blocks.

OCPI forwarding is disabled by default; the dashboard “Enable OCPI backend” toggle must be manually turned on after configuring URL/token.

Systemd / service examples

[Unit]
Description=Pipelet OCPP Broker
After=network.target mysql.service

[Service]
User=pipelet
WorkingDirectory=/opt/pipelet
ExecStart=/opt/pipelet/.venv/bin/python pipelet_ocpp_broker.py --config /opt/pipelet/config.json
Restart=on-failure
Environment=PYTHONUNBUFFERED=1

[Install]
WantedBy=multi-user.target

Repeat with ExecStart pointing to pipelet_ocpp_server.py, pipelet_rest_api.py, pipelet_dashboard.py, pipelet_service_agent.py, and pipelet_diagnostic_server.py.

TLS & certificates

Use system certificates or Let’s Encrypt paths (e.g., /etc/letsencrypt/live/<host>/).
Set ocpp_proxy_ssl or per-listener use_ssl; provide certfile/keyfile.
For client-authenticated flows (Hubject), set require_client_certificate and client_verify_header.

Deployment flow

Provision server with Python, MySQL client, and firewall rules for WebSocket, REST, dashboard, and diagnostics ports.
Install code under /opt/pipelet (or similar) and set permissions for TLS keys.
Apply SQL migrations and import any seed data.
Place config.json with correct hostnames, tokens, and certificates.
Enable and start systemd units; verify with systemctl status.
Add cron for meter-value triggers if needed (see docs/trigger_meter_values_cron.md).

Operations

Lifecycle

Start/stop: systemctl start|stop pipelet_ocpp_broker (and matching units for server, REST API, dashboard, agent, diagnostic server).
Health: use dashboard /check or REST /robots.txt endpoints for quick liveness probes.
Monitoring: enable Prometheus scrape for OCPI metrics at /metrics; broker/server logs provide connection and trigger events.

Routine checks

Verify WebSocket keep-alives via ping_interval/ping_timeout in config.json.
Confirm database connectivity and pool sizing (mysql_pool settings).
Inspect diagnostic uploads via GET /diagnostics (diagnostic server).
Review dashboard redirect list (/op_redirects) for correct targets.

Working with services

Broker: exposes WebSocket endpoints, supports per-connection ping_enabled query override.
OCPP server: provides TriggerMessage helpers (boot, meter values, status) and PNC actions.
Dashboard: UI + JSON APIs for redirects, OCPI settings, and monitoring.
Service agent: MQTT-based config checks; ensure broker topics are accessible.
Diagnostic server: HTTP/FTP uploads for GetDiagnostics outputs.

API usage for external developers

REST endpoints are documented in API_OVERVIEW.md and the Postman collection. Key paths are summarized below with sample curl calls.

DataTransfer helper (REST API)

Method	Path	Description
POST	`/api/datatransfer`	Forward OCPP `DataTransfer` via broker.

Field	Required	Description
`stationId` / `station_id` / `topic`	Yes	Target charge point identifier.
`vendorId`	Yes	Vendor namespace (e.g., `org.openchargealliance.iso15118pnc`).
`messageId`	Yes	Message name.
`data`	Yes	Payload string or object.
`connectorId`	No	Specific connector target.

curl -X POST http://HOST:9750/api/datatransfer \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{"stationId":"CP-1001","vendorId":"ACME","messageId":"Ping","data":"hello"}'

Response shape:

{
  "payload": {...},           // echoed request payload
  "ocpp_response": {...}      // raw station reply
}

Plug&Charge OCPP commands (OCPP server)

Method	Path	Description
POST	`/api/pnc/ocpp-command`	Execute PNC-oriented OCPP calls.

Field	Required	Description
`station_id`	Yes	Target station.
`action`	Yes	e.g., `remote_start`, `remote_stop`, `diagnostics`, `reset`, `trigger_boot`, `get_15118_ev_certificate`, `authorize`, `custom_action`.
`connectorId`	No	Connector for start/stop.
`payload`	Conditional	Full custom request for `custom_action` or certificate actions.

curl -X POST http://HOST:9751/api/pnc/ocpp-command \
  -H "Content-Type: application/json" \
  -d '{
    "station_id": "STATION",
    "action": "get_15118_ev_certificate",
    "exiRequest": "BASE64",
    "iso15118SchemaVersion": "urn:iso:15118:2:2013:MsgDataTypes"
  }'

PNC certificate management

Method	Path	Description
POST	`/api/pnc/ocpp-certificates`	Install/query/delete/check certificates.

Field	Required	Description
`station_id`	Yes	Target station.
`action`	Yes	`install_certificate`, `certificate_signed`, `get_installed_certificate_ids`, `delete_certificate`, `get_certificate_status`.
`certificateType`	Conditional	Certificate type for install/list (e.g., `V2GRootCertificate`).
`certificate`/`certificateChain`	Conditional	Base64 certificate body.
`certificateHashData`	Conditional	Hash object for delete/status (`hashAlgorithm`, `issuerNameHash`, `issuerKeyHash`, `serialNumber`).

curl -X POST http://HOST:9751/api/pnc/ocpp-certificates \
  -H "Content-Type: application/json" \
  -d '{
    "station_id": "STATION",
    "action": "install_certificate",
    "certificateType": "CSMSRootCertificate",
    "certificate": "BASE64_CERT"
  }'

Redirect management (dashboard/REST)

Method	Path	Description
POST	`/api/op_redirects`	Create redirect entry.
GET	`/api/op_redirects`	List redirects (`source_url` query).
PATCH	`/api/op_redirects`	Update existing redirect.
DELETE	`/api/op_redirects`	Delete redirect.

Field	Required	Description
`source_url`	Yes	Incoming WebSocket path.
`ws_url`	Yes	Target WebSocket URL.
`activity`	Yes	Status (e.g., `allow`).
`mqtt_enabled`	No	Defaults to `0`.
`ping_interval`	No	Defaults to `60`.

curl -X POST http://HOST:9750/api/op_redirects \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "source_url": "/ocpp16/CP-1001",
    "ws_url": "wss://backend.example/ws",
    "activity": "allow",
    "mqtt_enabled": 0,
    "ping_interval": 60
  }'

Working with OCPP & OCPI

OCPP tips

Broker supports per-station query param ping_enabled to override keep-alives.
OCPP server auto-triggers GetConfiguration and MeterValues after boot and after StopTransaction.
Use /api/triggerMessage (requestedMessage) or dedicated Trigger endpoints for boot, meter values, status.
Hourly meter values cron: see docs/trigger_meter_values_cron.md for curl snippet against /api/triggerMeterValues.

OCPI forwarding

Dashboard “External API” page controls OCPI backend target and token.
Forwarding is OFF by default; toggle must be explicitly enabled after setting URL/token.
Metrics exposed at /metrics (Prometheus format) include request totals, errors, latency, and retries.

Troubleshooting basics

Connection drops: Check TLS cert paths, ping_interval/ping_timeout settings, and firewall rules on WebSocket ports.
Broker routing: Verify op_redirects entries via dashboard or /api/op_redirects; ensure activity is set to allow.
Authentication: Confirm bearer tokens for dashboard/REST; check OCPI toggle state when forwarding is expected.
Database: Validate MySQL credentials in config.json and run missing schema files from sql/.
Diagnostics: Use /diagnostics listing and ensure FTP port is reachable.
Hubject/PNC: Ensure client certificate paths and Hubject URLs are populated in config.json.

Security considerations

Store bearer tokens and Hubject/OCPI secrets outside the repo (env vars or vaulted config); avoid committing config.json with real secrets.
Use TLS on all public endpoints; prefer force_tls12 for stricter compatibility.
OCPI forwarding remains disabled until explicitly toggled to avoid unintended CDR pushes.
Restrict dashboard and REST API via firewall, reverse proxy auth, and strong tokens.
Limit database users to least privilege; rotate credentials regularly.
Review diagnostic uploads for sensitive data before sharing.

Contact & support

Questions or incidents? Add your operations contact details here (email, phone, on-call chat). For API help, provide partner/token request procedures and escalation paths.