implement tasks to setup auth
This commit is contained in:
parent
b90ef48c51
commit
5b5b4cefa4
@ -12,5 +12,10 @@ mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
|||||||
|
|
||||||
mosquitto_iptables_enabled: False
|
mosquitto_iptables_enabled: False
|
||||||
|
|
||||||
|
mosquitto_password_auth_enabled: False
|
||||||
|
mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
|
||||||
|
mosquitto_acl_enabled: False
|
||||||
|
mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
|
||||||
|
|
||||||
mosquitto_tls_enabled: False
|
mosquitto_tls_enabled: False
|
||||||
mosquitto_ca_path: /etc/pki/tls/certs/
|
mosquitto_ca_path: /etc/pki/tls/certs/
|
||||||
|
|||||||
@ -1,17 +1,21 @@
|
|||||||
---
|
---
|
||||||
- block:
|
- name: Check if password file '{{ mosquitto_password_auth_file }}' exists
|
||||||
- name: Copy passwd file to '{{ mosquitto_passwd_path }}'
|
stat:
|
||||||
template:
|
path: "{{ mosquitto_password_auth_file }}"
|
||||||
src: "etc/mosquitto/passwd.j2"
|
|
||||||
dest: "{{ mosquitto_passwd_path }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0600
|
|
||||||
register: __mosquitto_passwd
|
register: __mosquitto_passwd
|
||||||
|
|
||||||
- name: Hash passwd file
|
|
||||||
shell: "mosquitto_passwd -U {{ mosquitto_passwd_path }}"
|
|
||||||
notify: __mosquitto_restart
|
|
||||||
when: __mosquitto_passwd.changed
|
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
|
||||||
|
- name: Create password file if not exist
|
||||||
|
file:
|
||||||
|
path: "{{ mosquitto_password_auth_file }}"
|
||||||
|
mode: 0600
|
||||||
|
state: touch
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
|
when: not __mosquitto_passwd.stat.exists
|
||||||
|
|
||||||
|
- name: Add users to password file
|
||||||
|
shell: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.value.password }}"
|
||||||
|
with_dict: "{{ mosquitto_login_users | default(omit) }}"
|
||||||
|
notify: __mosquitto_restart
|
||||||
|
|||||||
@ -534,7 +534,11 @@ persistence_location {{ mosquitto_persistence_path | dirname }}
|
|||||||
# Defaults to true if no other security options are set. If any other
|
# Defaults to true if no other security options are set. If any other
|
||||||
# authentication options are set, then allow_anonymous defaults to false.
|
# authentication options are set, then allow_anonymous defaults to false.
|
||||||
#
|
#
|
||||||
#allow_anonymous true
|
{% if not mosquitto_password_auth_enabled %}
|
||||||
|
allow_anonymous true
|
||||||
|
{% else %}
|
||||||
|
allow_anonymous false
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
# -----------------------------------------------------------------
|
||||||
# Default authentication and topic access control
|
# Default authentication and topic access control
|
||||||
@ -552,7 +556,9 @@ persistence_location {{ mosquitto_persistence_path | dirname }}
|
|||||||
# See the TLS client require_certificate and use_identity_as_username options
|
# See the TLS client require_certificate and use_identity_as_username options
|
||||||
# for alternative authentication options. If an auth_plugin is used as well as
|
# for alternative authentication options. If an auth_plugin is used as well as
|
||||||
# password_file, the auth_plugin check will be made first.
|
# password_file, the auth_plugin check will be made first.
|
||||||
#password_file
|
{% if mosquitto_password_auth_enabled %}
|
||||||
|
password_file {{ mosquitto_password_auth_file }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Access may also be controlled using a pre-shared-key file. This requires
|
# Access may also be controlled using a pre-shared-key file. This requires
|
||||||
# TLS-PSK support and a listener configured to use it. The file should be text
|
# TLS-PSK support and a listener configured to use it. The file should be text
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user