Compare commits
No commits in common. "docs" and "main" have entirely different histories.
161
.drone.jsonnet
Normal file
161
.drone.jsonnet
Normal file
|
@ -0,0 +1,161 @@
|
||||||
|
local PipelineLinting = {
|
||||||
|
kind: 'pipeline',
|
||||||
|
name: 'linting',
|
||||||
|
platform: {
|
||||||
|
os: 'linux',
|
||||||
|
arch: 'amd64',
|
||||||
|
},
|
||||||
|
steps: [
|
||||||
|
{
|
||||||
|
name: 'ansible-later',
|
||||||
|
image: 'thegeeklab/ansible-later',
|
||||||
|
commands: [
|
||||||
|
'ansible-later',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: 'python-format',
|
||||||
|
image: 'python:3.11',
|
||||||
|
environment: {
|
||||||
|
PY_COLORS: 1,
|
||||||
|
},
|
||||||
|
commands: [
|
||||||
|
'pip install -qq yapf',
|
||||||
|
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: 'python-flake8',
|
||||||
|
image: 'python:3.11',
|
||||||
|
environment: {
|
||||||
|
PY_COLORS: 1,
|
||||||
|
},
|
||||||
|
commands: [
|
||||||
|
'pip install -qq flake8',
|
||||||
|
'flake8',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
trigger: {
|
||||||
|
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
local PipelineDeployment(scenario='centos7') = {
|
||||||
|
kind: 'pipeline',
|
||||||
|
name: 'testing-' + scenario,
|
||||||
|
platform: {
|
||||||
|
os: 'linux',
|
||||||
|
arch: 'amd64',
|
||||||
|
},
|
||||||
|
concurrency: {
|
||||||
|
limit: 1,
|
||||||
|
},
|
||||||
|
workspace: {
|
||||||
|
base: '/drone/src',
|
||||||
|
path: '${DRONE_REPO_NAME}',
|
||||||
|
},
|
||||||
|
steps: [
|
||||||
|
{
|
||||||
|
name: 'ansible-molecule',
|
||||||
|
image: 'thegeeklab/molecule:4',
|
||||||
|
environment: {
|
||||||
|
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
|
||||||
|
},
|
||||||
|
commands: [
|
||||||
|
'molecule test -s ' + scenario,
|
||||||
|
],
|
||||||
|
},
|
||||||
|
],
|
||||||
|
depends_on: [
|
||||||
|
'linting',
|
||||||
|
],
|
||||||
|
trigger: {
|
||||||
|
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
local PipelineDocumentation = {
|
||||||
|
kind: 'pipeline',
|
||||||
|
name: 'documentation',
|
||||||
|
platform: {
|
||||||
|
os: 'linux',
|
||||||
|
arch: 'amd64',
|
||||||
|
},
|
||||||
|
steps: [
|
||||||
|
{
|
||||||
|
name: 'generate',
|
||||||
|
image: 'thegeeklab/ansible-doctor',
|
||||||
|
environment: {
|
||||||
|
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
|
||||||
|
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
|
||||||
|
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
|
||||||
|
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
|
||||||
|
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
|
||||||
|
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: 'publish',
|
||||||
|
image: 'plugins/gh-pages',
|
||||||
|
settings: {
|
||||||
|
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
|
||||||
|
netrc_machine: 'gitea.rknet.org',
|
||||||
|
username: { from_secret: 'gitea_username' },
|
||||||
|
password: { from_secret: 'gitea_token' },
|
||||||
|
pages_directory: '_docs/',
|
||||||
|
target_branch: 'docs',
|
||||||
|
},
|
||||||
|
when: {
|
||||||
|
ref: ['refs/heads/main'],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
trigger: {
|
||||||
|
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||||
|
},
|
||||||
|
depends_on: [
|
||||||
|
'testing-centos7',
|
||||||
|
'testing-rocky8',
|
||||||
|
],
|
||||||
|
};
|
||||||
|
|
||||||
|
local PipelineNotification = {
|
||||||
|
kind: 'pipeline',
|
||||||
|
name: 'notification',
|
||||||
|
platform: {
|
||||||
|
os: 'linux',
|
||||||
|
arch: 'amd64',
|
||||||
|
},
|
||||||
|
clone: {
|
||||||
|
disable: true,
|
||||||
|
},
|
||||||
|
steps: [
|
||||||
|
{
|
||||||
|
name: 'matrix',
|
||||||
|
image: 'thegeeklab/drone-matrix',
|
||||||
|
settings: {
|
||||||
|
homeserver: { from_secret: 'matrix_homeserver' },
|
||||||
|
roomid: { from_secret: 'matrix_roomid' },
|
||||||
|
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
|
||||||
|
username: { from_secret: 'matrix_username' },
|
||||||
|
password: { from_secret: 'matrix_password' },
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
depends_on: [
|
||||||
|
'documentation',
|
||||||
|
],
|
||||||
|
trigger: {
|
||||||
|
status: ['success', 'failure'],
|
||||||
|
ref: ['refs/heads/main', 'refs/tags/**'],
|
||||||
|
},
|
||||||
|
};
|
||||||
|
|
||||||
|
[
|
||||||
|
PipelineLinting,
|
||||||
|
PipelineDeployment(scenario='centos7'),
|
||||||
|
PipelineDeployment(scenario='rocky8'),
|
||||||
|
PipelineDocumentation,
|
||||||
|
PipelineNotification,
|
||||||
|
]
|
187
.drone.yml
Normal file
187
.drone.yml
Normal file
|
@ -0,0 +1,187 @@
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: linting
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: ansible-later
|
||||||
|
image: thegeeklab/ansible-later
|
||||||
|
commands:
|
||||||
|
- ansible-later
|
||||||
|
|
||||||
|
- name: python-format
|
||||||
|
image: python:3.11
|
||||||
|
commands:
|
||||||
|
- pip install -qq yapf
|
||||||
|
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
|
||||||
|
environment:
|
||||||
|
PY_COLORS: 1
|
||||||
|
|
||||||
|
- name: python-flake8
|
||||||
|
image: python:3.11
|
||||||
|
commands:
|
||||||
|
- pip install -qq flake8
|
||||||
|
- flake8
|
||||||
|
environment:
|
||||||
|
PY_COLORS: 1
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/main
|
||||||
|
- refs/tags/**
|
||||||
|
- refs/pull/**
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: testing-centos7
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
limit: 1
|
||||||
|
|
||||||
|
workspace:
|
||||||
|
base: /drone/src
|
||||||
|
path: ${DRONE_REPO_NAME}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: ansible-molecule
|
||||||
|
image: thegeeklab/molecule:4
|
||||||
|
commands:
|
||||||
|
- molecule test -s centos7
|
||||||
|
environment:
|
||||||
|
HCLOUD_TOKEN:
|
||||||
|
from_secret: hcloud_token
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/main
|
||||||
|
- refs/tags/**
|
||||||
|
- refs/pull/**
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linting
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: testing-rocky8
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
limit: 1
|
||||||
|
|
||||||
|
workspace:
|
||||||
|
base: /drone/src
|
||||||
|
path: ${DRONE_REPO_NAME}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: ansible-molecule
|
||||||
|
image: thegeeklab/molecule:4
|
||||||
|
commands:
|
||||||
|
- molecule test -s rocky8
|
||||||
|
environment:
|
||||||
|
HCLOUD_TOKEN:
|
||||||
|
from_secret: hcloud_token
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/main
|
||||||
|
- refs/tags/**
|
||||||
|
- refs/pull/**
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- linting
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: documentation
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: generate
|
||||||
|
image: thegeeklab/ansible-doctor
|
||||||
|
environment:
|
||||||
|
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
||||||
|
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
|
||||||
|
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
||||||
|
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
|
||||||
|
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
|
||||||
|
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
|
||||||
|
|
||||||
|
- name: publish
|
||||||
|
image: plugins/gh-pages
|
||||||
|
settings:
|
||||||
|
netrc_machine: gitea.rknet.org
|
||||||
|
pages_directory: _docs/
|
||||||
|
password:
|
||||||
|
from_secret: gitea_token
|
||||||
|
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
|
||||||
|
target_branch: docs
|
||||||
|
username:
|
||||||
|
from_secret: gitea_username
|
||||||
|
when:
|
||||||
|
ref:
|
||||||
|
- refs/heads/main
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/main
|
||||||
|
- refs/tags/**
|
||||||
|
- refs/pull/**
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- testing-centos7
|
||||||
|
- testing-rocky8
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: notification
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
clone:
|
||||||
|
disable: true
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: matrix
|
||||||
|
image: thegeeklab/drone-matrix
|
||||||
|
settings:
|
||||||
|
homeserver:
|
||||||
|
from_secret: matrix_homeserver
|
||||||
|
password:
|
||||||
|
from_secret: matrix_password
|
||||||
|
roomid:
|
||||||
|
from_secret: matrix_roomid
|
||||||
|
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
|
||||||
|
username:
|
||||||
|
from_secret: matrix_username
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/main
|
||||||
|
- refs/tags/**
|
||||||
|
status:
|
||||||
|
- success
|
||||||
|
- failure
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- documentation
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: signature
|
||||||
|
hmac: 38fb753c217b5efa3d18c0e23db8a2f3323d4cc54b100f8a0d40847b1f1b4118
|
||||||
|
|
||||||
|
...
|
13
.gitignore
vendored
Normal file
13
.gitignore
vendored
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# ---> Ansible
|
||||||
|
*.retry
|
||||||
|
filter/plugins/
|
||||||
|
library
|
||||||
|
|
||||||
|
# ---> Python
|
||||||
|
# Byte-compiled / optimized / DLL files
|
||||||
|
__pycache__/
|
||||||
|
*.py[cod]
|
||||||
|
*$py.class
|
||||||
|
|
||||||
|
# ---> Docs
|
||||||
|
/_docs
|
19
.later.yml
Normal file
19
.later.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
ansible:
|
||||||
|
custom_modules:
|
||||||
|
- iptables_raw
|
||||||
|
- openssl_pkcs12
|
||||||
|
- proxmox_kvm
|
||||||
|
- ucr
|
||||||
|
- corenetworks_dns
|
||||||
|
- corenetworks_token
|
||||||
|
|
||||||
|
rules:
|
||||||
|
exclude_files:
|
||||||
|
- molecule/
|
||||||
|
- "LICENSE*"
|
||||||
|
- "**/*.md"
|
||||||
|
- "**/*.ini"
|
||||||
|
|
||||||
|
exclude_filter:
|
||||||
|
- LINT0009
|
21
LICENSE
Normal file
21
LICENSE
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is furnished
|
||||||
|
to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice (including the next
|
||||||
|
paragraph) shall be included in all copies or substantial portions of the
|
||||||
|
Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||||
|
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||||
|
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||||
|
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||||
|
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
12
README.md
Normal file
12
README.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# xoxys.mosquitto
|
||||||
|
|
||||||
|
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto)
|
||||||
|
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
|
||||||
|
|
||||||
|
Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker that implements the MQTT protocol. It is lightweight and suitable for use on all devices from low power single board computers to full servers.
|
||||||
|
|
||||||
|
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/IoT/mosquitto/).
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
59
defaults/main.yml
Normal file
59
defaults/main.yml
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
---
|
||||||
|
mosquitto_base_dir: /etc/mosquitto
|
||||||
|
mosquitto_pid_file: /var/run/mosquitto.pid
|
||||||
|
mosquitto_user: mosquitto
|
||||||
|
mosquitto_group: mosquitto
|
||||||
|
|
||||||
|
mosquitto_port: 1883
|
||||||
|
mosquitto_bind_address: "{{ ansible_default_ipv4.address }}"
|
||||||
|
|
||||||
|
mosquitto_packages_extra: []
|
||||||
|
mosquitto_persistence_enabled: False
|
||||||
|
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
||||||
|
|
||||||
|
mosquitto_password_auth_enabled: False
|
||||||
|
mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
|
||||||
|
mosquitto_password_auth_users: []
|
||||||
|
# @var mosquitto_password_auth_users:example: >
|
||||||
|
# mosquitto_password_auth_users:
|
||||||
|
# - name: admin
|
||||||
|
# password: mysecret
|
||||||
|
# state: present
|
||||||
|
# - name: user1
|
||||||
|
# password: very_secure
|
||||||
|
# state: absent
|
||||||
|
# @end
|
||||||
|
|
||||||
|
mosquitto_acl_enabled: False
|
||||||
|
mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
|
||||||
|
mosquitto_acl: []
|
||||||
|
# @var mosquitto_acl:example: >
|
||||||
|
# mosquitto_acl:
|
||||||
|
# - name: iot
|
||||||
|
# user: admin
|
||||||
|
# acls:
|
||||||
|
# - acl_base: topic # (topic|pattern, defaults to topic)
|
||||||
|
# acl_topic: "#"
|
||||||
|
# acl_policy: readwrite
|
||||||
|
# - name: readonly_iot
|
||||||
|
# user: user1
|
||||||
|
# acls:
|
||||||
|
# - acl_base: topic
|
||||||
|
# acl_topic: my/devices
|
||||||
|
# acl_policy: readwrite
|
||||||
|
# @end
|
||||||
|
|
||||||
|
mosquitto_tls_enabled: False
|
||||||
|
mosquitto_tls_ciphers:
|
||||||
|
- DEFAULT
|
||||||
|
- "!aNULL"
|
||||||
|
- "!eNULL"
|
||||||
|
- "!LOW"
|
||||||
|
- "!EXPORT"
|
||||||
|
- "!SSLv2"
|
||||||
|
- "@STRENGTH"
|
||||||
|
mosquitto_ca_path: /etc/pki/tls/certs/
|
||||||
|
mosquitto_tls_cert_source: mycert.pem
|
||||||
|
mosquitto_tls_key_source: mykey.pem
|
||||||
|
mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem"
|
||||||
|
mosquitto_tls_key_path: "{{ mosquitto_base_dir }}/tls/private/mykey.pem"
|
10
handlers/main.yml
Normal file
10
handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Restart mosquitto service
|
||||||
|
service:
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
name: mosquitto
|
||||||
|
enabled: yes
|
||||||
|
listen: __mosquitto_restart
|
||||||
|
become: True
|
||||||
|
become_user: root
|
263
index.md
263
index.md
|
@ -1,263 +0,0 @@
|
||||||
---
|
|
||||||
title: mosquitto
|
|
||||||
type: docs
|
|
||||||
---
|
|
||||||
|
|
||||||
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.mosquitto) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.mosquitto/src/branch/main/LICENSE)
|
|
||||||
|
|
||||||
Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker that implements the MQTT protocol. It is lightweight and suitable for use on all devices from low power single board computers to full servers.
|
|
||||||
|
|
||||||
<!--more-->
|
|
||||||
|
|
||||||
- [Default Variables](#default-variables)
|
|
||||||
- [mosquitto_acl](#mosquitto_acl)
|
|
||||||
- [mosquitto_acl_enabled](#mosquitto_acl_enabled)
|
|
||||||
- [mosquitto_acl_file](#mosquitto_acl_file)
|
|
||||||
- [mosquitto_base_dir](#mosquitto_base_dir)
|
|
||||||
- [mosquitto_bind_address](#mosquitto_bind_address)
|
|
||||||
- [mosquitto_ca_path](#mosquitto_ca_path)
|
|
||||||
- [mosquitto_group](#mosquitto_group)
|
|
||||||
- [mosquitto_packages_extra](#mosquitto_packages_extra)
|
|
||||||
- [mosquitto_password_auth_enabled](#mosquitto_password_auth_enabled)
|
|
||||||
- [mosquitto_password_auth_file](#mosquitto_password_auth_file)
|
|
||||||
- [mosquitto_password_auth_users](#mosquitto_password_auth_users)
|
|
||||||
- [mosquitto_persistence_enabled](#mosquitto_persistence_enabled)
|
|
||||||
- [mosquitto_persistence_path](#mosquitto_persistence_path)
|
|
||||||
- [mosquitto_pid_file](#mosquitto_pid_file)
|
|
||||||
- [mosquitto_port](#mosquitto_port)
|
|
||||||
- [mosquitto_tls_cert_path](#mosquitto_tls_cert_path)
|
|
||||||
- [mosquitto_tls_cert_source](#mosquitto_tls_cert_source)
|
|
||||||
- [mosquitto_tls_ciphers](#mosquitto_tls_ciphers)
|
|
||||||
- [mosquitto_tls_enabled](#mosquitto_tls_enabled)
|
|
||||||
- [mosquitto_tls_key_path](#mosquitto_tls_key_path)
|
|
||||||
- [mosquitto_tls_key_source](#mosquitto_tls_key_source)
|
|
||||||
- [mosquitto_user](#mosquitto_user)
|
|
||||||
- [Discovered Tags](#discovered-tags)
|
|
||||||
- [Dependencies](#dependencies)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Default Variables
|
|
||||||
|
|
||||||
### mosquitto_acl
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_acl: []
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Example usage
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_acl:
|
|
||||||
- name: iot
|
|
||||||
user: admin
|
|
||||||
acls:
|
|
||||||
- acl_base: topic # (topic|pattern, defaults to topic)
|
|
||||||
acl_topic: "#"
|
|
||||||
acl_policy: readwrite
|
|
||||||
- name: readonly_iot
|
|
||||||
user: user1
|
|
||||||
acls:
|
|
||||||
- acl_base: topic
|
|
||||||
acl_topic: my/devices
|
|
||||||
acl_policy: readwrite
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_acl_enabled
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_acl_enabled: false
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_acl_file
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_acl_file: '{{ mosquitto_base_dir }}/aclfile'
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_base_dir
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_base_dir: /etc/mosquitto
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_bind_address
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_bind_address: '{{ ansible_default_ipv4.address }}'
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_ca_path
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_ca_path: /etc/pki/tls/certs/
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_group
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_group: mosquitto
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_packages_extra
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_packages_extra: []
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_password_auth_enabled
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_password_auth_enabled: false
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_password_auth_file
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_password_auth_file: '{{ mosquitto_base_dir }}/passwd'
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_password_auth_users
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_password_auth_users: []
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Example usage
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_password_auth_users:
|
|
||||||
- name: admin
|
|
||||||
password: mysecret
|
|
||||||
state: present
|
|
||||||
- name: user1
|
|
||||||
password: very_secure
|
|
||||||
state: absent
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_persistence_enabled
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_persistence_enabled: false
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_persistence_path
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_pid_file
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_pid_file: /var/run/mosquitto.pid
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_port
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_port: 1883
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_tls_cert_path
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_tls_cert_path: '{{ mosquitto_base_dir }}/tls/certs/mycert.pem'
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_tls_cert_source
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_tls_cert_source: mycert.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_tls_ciphers
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_tls_ciphers:
|
|
||||||
- DEFAULT
|
|
||||||
- '!aNULL'
|
|
||||||
- '!eNULL'
|
|
||||||
- '!LOW'
|
|
||||||
- '!EXPORT'
|
|
||||||
- '!SSLv2'
|
|
||||||
- '@STRENGTH'
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_tls_enabled
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_tls_enabled: false
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_tls_key_path
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_tls_key_path: '{{ mosquitto_base_dir }}/tls/private/mykey.pem'
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_tls_key_source
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_tls_key_source: mykey.pem
|
|
||||||
```
|
|
||||||
|
|
||||||
### mosquitto_user
|
|
||||||
|
|
||||||
#### Default value
|
|
||||||
|
|
||||||
```YAML
|
|
||||||
mosquitto_user: mosquitto
|
|
||||||
```
|
|
||||||
|
|
||||||
## Discovered Tags
|
|
||||||
|
|
||||||
tls_renewal
|
|
||||||
:
|
|
||||||
|
|
||||||
|
|
||||||
## Dependencies
|
|
||||||
|
|
||||||
None.
|
|
29
meta/main.yml
Normal file
29
meta/main.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
# Standards: 0.2
|
||||||
|
---
|
||||||
|
galaxy_info:
|
||||||
|
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||||
|
author: Robert Kaussow <mail@thegeeklab.de>
|
||||||
|
namespace: xoxys
|
||||||
|
role_name: mosquitto
|
||||||
|
# @meta description: >
|
||||||
|
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.mosquitto)
|
||||||
|
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto)
|
||||||
|
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.mosquitto/src/branch/main/LICENSE)
|
||||||
|
#
|
||||||
|
# Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker
|
||||||
|
# that implements the MQTT protocol. It is lightweight and suitable for use on all devices
|
||||||
|
# from low power single board computers to full servers.
|
||||||
|
# @end
|
||||||
|
description: Setup mosquitto mqtt broker
|
||||||
|
license: MIT
|
||||||
|
min_ansible_version: 2.10
|
||||||
|
platforms:
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
|
galaxy_tags:
|
||||||
|
- mosquitto
|
||||||
|
- mqtt
|
||||||
|
dependencies: []
|
||||||
|
collections:
|
||||||
|
- community.general
|
10
molecule/centos7/converge.yml
Normal file
10
molecule/centos7/converge.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
vars:
|
||||||
|
mosquitto_packages_extra:
|
||||||
|
- epel-release
|
||||||
|
mosquitto_bind_address: "127.0.0.1"
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: xoxys.mosquitto
|
120
molecule/centos7/create.yml
Normal file
120
molecule/centos7/create.yml
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
---
|
||||||
|
- name: Create
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
gather_facts: false
|
||||||
|
no_log: "{{ molecule_no_log }}"
|
||||||
|
vars:
|
||||||
|
ssh_port: 22
|
||||||
|
ssh_user: root
|
||||||
|
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||||
|
tasks:
|
||||||
|
- name: Create SSH key
|
||||||
|
user:
|
||||||
|
name: "{{ lookup('env', 'USER') }}"
|
||||||
|
generate_ssh_key: true
|
||||||
|
ssh_key_file: "{{ ssh_path }}"
|
||||||
|
force: true
|
||||||
|
register: generated_ssh_key
|
||||||
|
|
||||||
|
- name: Register the SSH key name
|
||||||
|
set_fact:
|
||||||
|
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||||
|
|
||||||
|
- name: Register SSH key for test instance(s)
|
||||||
|
hcloud_ssh_key:
|
||||||
|
name: "{{ ssh_key_name }}"
|
||||||
|
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create molecule instance(s)
|
||||||
|
hcloud_server:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
server_type: "{{ item.server_type }}"
|
||||||
|
ssh_keys:
|
||||||
|
- "{{ ssh_key_name }}"
|
||||||
|
image: "{{ item.image }}"
|
||||||
|
location: "{{ item.location | default(omit) }}"
|
||||||
|
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||||
|
user_data: "{{ item.user_data | default(omit) }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: present
|
||||||
|
register: server
|
||||||
|
loop: "{{ molecule_yml.platforms }}"
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for instance(s) creation to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_jobs
|
||||||
|
until: hetzner_jobs.finished
|
||||||
|
retries: 300
|
||||||
|
loop: "{{ server.results }}"
|
||||||
|
|
||||||
|
- name: Create volume(s)
|
||||||
|
hcloud_volume:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
server: "{{ item.name }}"
|
||||||
|
location: "{{ item.location | default(omit) }}"
|
||||||
|
size: "{{ item.volume_size | default(10) }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: "present"
|
||||||
|
loop: "{{ molecule_yml.platforms }}"
|
||||||
|
when: item.volume | default(False) | bool
|
||||||
|
register: volumes
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for volume(s) creation to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_volumes
|
||||||
|
until: hetzner_volumes.finished
|
||||||
|
retries: 300
|
||||||
|
when: volumes.changed
|
||||||
|
loop: "{{ volumes.results }}"
|
||||||
|
|
||||||
|
# Mandatory configuration for Molecule to function.
|
||||||
|
|
||||||
|
- name: Populate instance config dict
|
||||||
|
set_fact:
|
||||||
|
instance_conf_dict:
|
||||||
|
{
|
||||||
|
"instance": "{{ item.hcloud_server.name }}",
|
||||||
|
"ssh_key_name": "{{ ssh_key_name }}",
|
||||||
|
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||||
|
"user": "{{ ssh_user }}",
|
||||||
|
"port": "{{ ssh_port }}",
|
||||||
|
"identity_file": "{{ ssh_path }}",
|
||||||
|
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||||
|
}
|
||||||
|
loop: "{{ hetzner_jobs.results }}"
|
||||||
|
register: instance_config_dict
|
||||||
|
when: server.changed | bool
|
||||||
|
|
||||||
|
- name: Convert instance config dict to a list
|
||||||
|
set_fact:
|
||||||
|
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||||
|
when: server.changed | bool
|
||||||
|
|
||||||
|
- name: Dump instance config
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
# Molecule managed
|
||||||
|
|
||||||
|
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||||
|
dest: "{{ molecule_instance_config }}"
|
||||||
|
when: server.changed | bool
|
||||||
|
|
||||||
|
- name: Wait for SSH
|
||||||
|
wait_for:
|
||||||
|
port: "{{ ssh_port }}"
|
||||||
|
host: "{{ item.address }}"
|
||||||
|
search_regex: SSH
|
||||||
|
delay: 10
|
||||||
|
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||||
|
|
||||||
|
- name: Wait for VM to settle down
|
||||||
|
pause:
|
||||||
|
seconds: 30
|
78
molecule/centos7/destroy.yml
Normal file
78
molecule/centos7/destroy.yml
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
---
|
||||||
|
- name: Destroy
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
gather_facts: false
|
||||||
|
no_log: "{{ molecule_no_log }}"
|
||||||
|
tasks:
|
||||||
|
- name: Check existing instance config file
|
||||||
|
stat:
|
||||||
|
path: "{{ molecule_instance_config }}"
|
||||||
|
register: cfg
|
||||||
|
|
||||||
|
- name: Populate the instance config
|
||||||
|
set_fact:
|
||||||
|
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||||
|
|
||||||
|
- name: Destroy molecule instance(s)
|
||||||
|
hcloud_server:
|
||||||
|
name: "{{ item.instance }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: absent
|
||||||
|
register: server
|
||||||
|
loop: "{{ instance_conf }}"
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for instance(s) deletion to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_jobs
|
||||||
|
until: hetzner_jobs.finished
|
||||||
|
retries: 300
|
||||||
|
loop: "{{ server.results }}"
|
||||||
|
|
||||||
|
- pause:
|
||||||
|
seconds: 5
|
||||||
|
|
||||||
|
- name: Destroy volume(s)
|
||||||
|
hcloud_volume:
|
||||||
|
name: "{{ item.instance }}"
|
||||||
|
server: "{{ item.instance }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: "absent"
|
||||||
|
register: volumes
|
||||||
|
loop: "{{ instance_conf }}"
|
||||||
|
when: item.volume | default(False) | bool
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for volume(s) deletion to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_volumes
|
||||||
|
until: hetzner_volumes.finished
|
||||||
|
retries: 300
|
||||||
|
when: volumes.changed
|
||||||
|
loop: "{{ volumes.results }}"
|
||||||
|
|
||||||
|
- name: Remove registered SSH key
|
||||||
|
hcloud_ssh_key:
|
||||||
|
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||||
|
state: absent
|
||||||
|
when: (instance_conf | default([])) | length > 0
|
||||||
|
|
||||||
|
# Mandatory configuration for Molecule to function.
|
||||||
|
|
||||||
|
- name: Populate instance config
|
||||||
|
set_fact:
|
||||||
|
instance_conf: {}
|
||||||
|
|
||||||
|
- name: Dump instance config
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
# Molecule managed
|
||||||
|
|
||||||
|
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||||
|
dest: "{{ molecule_instance_config }}"
|
||||||
|
when: server.changed | bool
|
24
molecule/centos7/molecule.yml
Normal file
24
molecule/centos7/molecule.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
options:
|
||||||
|
role-file: molecule/requirements.yml
|
||||||
|
requirements-file: molecule/requirements.yml
|
||||||
|
env:
|
||||||
|
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||||
|
driver:
|
||||||
|
name: delegated
|
||||||
|
platforms:
|
||||||
|
- name: centos7-mosquitto
|
||||||
|
image: centos-7
|
||||||
|
server_type: cx11
|
||||||
|
lint: |
|
||||||
|
/usr/local/bin/flake8
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
env:
|
||||||
|
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||||
|
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||||
|
log: False
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
15
molecule/centos7/prepare.yml
Normal file
15
molecule/centos7/prepare.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: Prepare
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Bootstrap python for Ansible
|
||||||
|
raw: |
|
||||||
|
command -v python3 python || (
|
||||||
|
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||||
|
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||||
|
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||||
|
echo "Warning: Python not boostrapped due to unknown platform."
|
||||||
|
)
|
||||||
|
become: true
|
||||||
|
changed_when: false
|
23
molecule/centos7/tests/test_default.py
Normal file
23
molecule/centos7/tests/test_default.py
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
|
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||||
|
).get_hosts("all")
|
||||||
|
|
||||||
|
|
||||||
|
def test_mosquitto_is_installed(host):
|
||||||
|
mosquitto = host.package("mosquitto")
|
||||||
|
assert mosquitto.is_installed
|
||||||
|
|
||||||
|
|
||||||
|
def test_mosquitto_running_and_enabled(host):
|
||||||
|
mosquitto = host.service("mosquitto")
|
||||||
|
assert mosquitto.is_running
|
||||||
|
assert mosquitto.is_enabled
|
||||||
|
|
||||||
|
|
||||||
|
def test_mosquitto_socket(host):
|
||||||
|
# Verify the socket is listening for HTTP traffic
|
||||||
|
assert host.socket("tcp://127.0.0.1:1883").is_listening
|
1
molecule/default
Symbolic link
1
molecule/default
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
rocky8
|
3
molecule/pytest.ini
Normal file
3
molecule/pytest.ini
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
[pytest]
|
||||||
|
filterwarnings =
|
||||||
|
ignore::DeprecationWarning
|
6
molecule/requirements.yml
Normal file
6
molecule/requirements.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
collections:
|
||||||
|
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
|
||||||
|
- name: community.general
|
||||||
|
|
||||||
|
roles: []
|
10
molecule/rocky8/converge.yml
Normal file
10
molecule/rocky8/converge.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
vars:
|
||||||
|
mosquitto_packages_extra:
|
||||||
|
- epel-release
|
||||||
|
mosquitto_bind_address: "127.0.0.1"
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- role: xoxys.mosquitto
|
120
molecule/rocky8/create.yml
Normal file
120
molecule/rocky8/create.yml
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
---
|
||||||
|
- name: Create
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
gather_facts: false
|
||||||
|
no_log: "{{ molecule_no_log }}"
|
||||||
|
vars:
|
||||||
|
ssh_port: 22
|
||||||
|
ssh_user: root
|
||||||
|
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||||
|
tasks:
|
||||||
|
- name: Create SSH key
|
||||||
|
user:
|
||||||
|
name: "{{ lookup('env', 'USER') }}"
|
||||||
|
generate_ssh_key: true
|
||||||
|
ssh_key_file: "{{ ssh_path }}"
|
||||||
|
force: true
|
||||||
|
register: generated_ssh_key
|
||||||
|
|
||||||
|
- name: Register the SSH key name
|
||||||
|
set_fact:
|
||||||
|
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||||
|
|
||||||
|
- name: Register SSH key for test instance(s)
|
||||||
|
hcloud_ssh_key:
|
||||||
|
name: "{{ ssh_key_name }}"
|
||||||
|
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create molecule instance(s)
|
||||||
|
hcloud_server:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
server_type: "{{ item.server_type }}"
|
||||||
|
ssh_keys:
|
||||||
|
- "{{ ssh_key_name }}"
|
||||||
|
image: "{{ item.image }}"
|
||||||
|
location: "{{ item.location | default(omit) }}"
|
||||||
|
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||||
|
user_data: "{{ item.user_data | default(omit) }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: present
|
||||||
|
register: server
|
||||||
|
loop: "{{ molecule_yml.platforms }}"
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for instance(s) creation to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_jobs
|
||||||
|
until: hetzner_jobs.finished
|
||||||
|
retries: 300
|
||||||
|
loop: "{{ server.results }}"
|
||||||
|
|
||||||
|
- name: Create volume(s)
|
||||||
|
hcloud_volume:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
server: "{{ item.name }}"
|
||||||
|
location: "{{ item.location | default(omit) }}"
|
||||||
|
size: "{{ item.volume_size | default(10) }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: "present"
|
||||||
|
loop: "{{ molecule_yml.platforms }}"
|
||||||
|
when: item.volume | default(False) | bool
|
||||||
|
register: volumes
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for volume(s) creation to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_volumes
|
||||||
|
until: hetzner_volumes.finished
|
||||||
|
retries: 300
|
||||||
|
when: volumes.changed
|
||||||
|
loop: "{{ volumes.results }}"
|
||||||
|
|
||||||
|
# Mandatory configuration for Molecule to function.
|
||||||
|
|
||||||
|
- name: Populate instance config dict
|
||||||
|
set_fact:
|
||||||
|
instance_conf_dict:
|
||||||
|
{
|
||||||
|
"instance": "{{ item.hcloud_server.name }}",
|
||||||
|
"ssh_key_name": "{{ ssh_key_name }}",
|
||||||
|
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||||
|
"user": "{{ ssh_user }}",
|
||||||
|
"port": "{{ ssh_port }}",
|
||||||
|
"identity_file": "{{ ssh_path }}",
|
||||||
|
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||||
|
}
|
||||||
|
loop: "{{ hetzner_jobs.results }}"
|
||||||
|
register: instance_config_dict
|
||||||
|
when: server.changed | bool
|
||||||
|
|
||||||
|
- name: Convert instance config dict to a list
|
||||||
|
set_fact:
|
||||||
|
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||||
|
when: server.changed | bool
|
||||||
|
|
||||||
|
- name: Dump instance config
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
# Molecule managed
|
||||||
|
|
||||||
|
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||||
|
dest: "{{ molecule_instance_config }}"
|
||||||
|
when: server.changed | bool
|
||||||
|
|
||||||
|
- name: Wait for SSH
|
||||||
|
wait_for:
|
||||||
|
port: "{{ ssh_port }}"
|
||||||
|
host: "{{ item.address }}"
|
||||||
|
search_regex: SSH
|
||||||
|
delay: 10
|
||||||
|
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||||
|
|
||||||
|
- name: Wait for VM to settle down
|
||||||
|
pause:
|
||||||
|
seconds: 30
|
78
molecule/rocky8/destroy.yml
Normal file
78
molecule/rocky8/destroy.yml
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
---
|
||||||
|
- name: Destroy
|
||||||
|
hosts: localhost
|
||||||
|
connection: local
|
||||||
|
gather_facts: false
|
||||||
|
no_log: "{{ molecule_no_log }}"
|
||||||
|
tasks:
|
||||||
|
- name: Check existing instance config file
|
||||||
|
stat:
|
||||||
|
path: "{{ molecule_instance_config }}"
|
||||||
|
register: cfg
|
||||||
|
|
||||||
|
- name: Populate the instance config
|
||||||
|
set_fact:
|
||||||
|
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||||
|
|
||||||
|
- name: Destroy molecule instance(s)
|
||||||
|
hcloud_server:
|
||||||
|
name: "{{ item.instance }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: absent
|
||||||
|
register: server
|
||||||
|
loop: "{{ instance_conf }}"
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for instance(s) deletion to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_jobs
|
||||||
|
until: hetzner_jobs.finished
|
||||||
|
retries: 300
|
||||||
|
loop: "{{ server.results }}"
|
||||||
|
|
||||||
|
- pause:
|
||||||
|
seconds: 5
|
||||||
|
|
||||||
|
- name: Destroy volume(s)
|
||||||
|
hcloud_volume:
|
||||||
|
name: "{{ item.instance }}"
|
||||||
|
server: "{{ item.instance }}"
|
||||||
|
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||||
|
state: "absent"
|
||||||
|
register: volumes
|
||||||
|
loop: "{{ instance_conf }}"
|
||||||
|
when: item.volume | default(False) | bool
|
||||||
|
async: 7200
|
||||||
|
poll: 0
|
||||||
|
|
||||||
|
- name: Wait for volume(s) deletion to complete
|
||||||
|
async_status:
|
||||||
|
jid: "{{ item.ansible_job_id }}"
|
||||||
|
register: hetzner_volumes
|
||||||
|
until: hetzner_volumes.finished
|
||||||
|
retries: 300
|
||||||
|
when: volumes.changed
|
||||||
|
loop: "{{ volumes.results }}"
|
||||||
|
|
||||||
|
- name: Remove registered SSH key
|
||||||
|
hcloud_ssh_key:
|
||||||
|
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||||
|
state: absent
|
||||||
|
when: (instance_conf | default([])) | length > 0
|
||||||
|
|
||||||
|
# Mandatory configuration for Molecule to function.
|
||||||
|
|
||||||
|
- name: Populate instance config
|
||||||
|
set_fact:
|
||||||
|
instance_conf: {}
|
||||||
|
|
||||||
|
- name: Dump instance config
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
# Molecule managed
|
||||||
|
|
||||||
|
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||||
|
dest: "{{ molecule_instance_config }}"
|
||||||
|
when: server.changed | bool
|
24
molecule/rocky8/molecule.yml
Normal file
24
molecule/rocky8/molecule.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
options:
|
||||||
|
role-file: molecule/requirements.yml
|
||||||
|
requirements-file: molecule/requirements.yml
|
||||||
|
env:
|
||||||
|
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||||
|
driver:
|
||||||
|
name: delegated
|
||||||
|
platforms:
|
||||||
|
- name: rocky8-mosquitto
|
||||||
|
image: rocky-8
|
||||||
|
server_type: cx11
|
||||||
|
lint: |
|
||||||
|
/usr/local/bin/flake8
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
env:
|
||||||
|
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||||
|
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||||
|
log: False
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
15
molecule/rocky8/prepare.yml
Normal file
15
molecule/rocky8/prepare.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: Prepare
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Bootstrap python for Ansible
|
||||||
|
raw: |
|
||||||
|
command -v python3 python || (
|
||||||
|
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||||
|
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||||
|
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||||
|
echo "Warning: Python not boostrapped due to unknown platform."
|
||||||
|
)
|
||||||
|
become: true
|
||||||
|
changed_when: false
|
23
molecule/rocky8/tests/test_default.py
Normal file
23
molecule/rocky8/tests/test_default.py
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
|
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||||
|
).get_hosts("all")
|
||||||
|
|
||||||
|
|
||||||
|
def test_mosquitto_is_installed(host):
|
||||||
|
mosquitto = host.package("mosquitto")
|
||||||
|
assert mosquitto.is_installed
|
||||||
|
|
||||||
|
|
||||||
|
def test_mosquitto_running_and_enabled(host):
|
||||||
|
mosquitto = host.service("mosquitto")
|
||||||
|
assert mosquitto.is_running
|
||||||
|
assert mosquitto.is_enabled
|
||||||
|
|
||||||
|
|
||||||
|
def test_mosquitto_socket(host):
|
||||||
|
# Verify the socket is listening for HTTP traffic
|
||||||
|
assert host.socket("tcp://127.0.0.1:1883").is_listening
|
12
setup.cfg
Normal file
12
setup.cfg
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
[flake8]
|
||||||
|
ignore = D100, D101, D102, D103, D105, D107, E402, W503
|
||||||
|
max-line-length = 99
|
||||||
|
inline-quotes = double
|
||||||
|
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
|
||||||
|
|
||||||
|
[yapf]
|
||||||
|
based_on_style = google
|
||||||
|
column_limit = 99
|
||||||
|
dedent_closing_brackets = true
|
||||||
|
coalesce_brackets = true
|
||||||
|
split_before_logical_operator = true
|
50
tasks/config.yml
Normal file
50
tasks/config.yml
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
- name: Check if password file '{{ mosquitto_password_auth_file }}' exists
|
||||||
|
stat:
|
||||||
|
path: "{{ mosquitto_password_auth_file }}"
|
||||||
|
register: __mosquitto_passwd
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
|
|
||||||
|
- name: Create password file if not exist
|
||||||
|
file:
|
||||||
|
path: "{{ mosquitto_password_auth_file }}"
|
||||||
|
mode: 0600
|
||||||
|
state: touch
|
||||||
|
become: True
|
||||||
|
become_user: root
|
||||||
|
when: not __mosquitto_passwd.stat.exists
|
||||||
|
|
||||||
|
# TODO: ugly workaround, move this to a custom module
|
||||||
|
- block:
|
||||||
|
- name: Add users to password file
|
||||||
|
command: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.password }}"
|
||||||
|
loop: "{{ mosquitto_password_auth_users }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
when: item.state == "present"
|
||||||
|
changed_when: False
|
||||||
|
no_log: True
|
||||||
|
|
||||||
|
- name: Remove unnecessary users from password file
|
||||||
|
command: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.name }}"
|
||||||
|
loop: "{{ mosquitto_password_auth_users }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
when: item.state == "absent"
|
||||||
|
changed_when: False
|
||||||
|
no_log: True
|
||||||
|
|
||||||
|
- name: Create acl file at '{{ mosquitto_acl_file }}'
|
||||||
|
template:
|
||||||
|
src: "etc/mosquitto/aclfile.j2"
|
||||||
|
dest: "{{ mosquitto_acl_file }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0600
|
||||||
|
when:
|
||||||
|
- mosquitto_acl_enabled | bool
|
||||||
|
- mosquitto_acl is defined
|
||||||
|
notify: __mosquitto_restart
|
||||||
|
become: True
|
||||||
|
become_user: root
|
31
tasks/install.yml
Normal file
31
tasks/install.yml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Install mqtt packages
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop: "{{ mosquitto_packages_extra + __mosquitto_packages }}"
|
||||||
|
|
||||||
|
- name: Create group '{{ mosquitto_group }}'
|
||||||
|
group:
|
||||||
|
name: '{{ mosquitto_group }}'
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create user '{{ mosquitto_user }}'
|
||||||
|
user:
|
||||||
|
name: '{{ mosquitto_user }}'
|
||||||
|
group: '{{ mosquitto_group }}'
|
||||||
|
home: "{{ mosquitto_base_dir }}"
|
||||||
|
system: yes
|
||||||
|
shell: /sbin/nologin
|
||||||
|
|
||||||
|
- name: Deploy default configuration
|
||||||
|
template:
|
||||||
|
src: "etc/mosquitto/mosquitto.conf.j2"
|
||||||
|
dest: "{{ mosquitto_base_dir }}/mosquitto.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: __mosquitto_restart
|
||||||
|
become: True
|
||||||
|
become_user: root
|
7
tasks/main.yml
Normal file
7
tasks/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
- import_tasks: install.yml
|
||||||
|
- import_tasks: config.yml
|
||||||
|
- import_tasks: tls.yml
|
||||||
|
when: mosquitto_tls_enabled | bool
|
||||||
|
tags: tls_renewal
|
||||||
|
- import_tasks: post_tasks.yml
|
9
tasks/post_tasks.yml
Normal file
9
tasks/post_tasks.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Ensure mosquitto service is up and running
|
||||||
|
service:
|
||||||
|
state: started
|
||||||
|
daemon_reload: yes
|
||||||
|
enabled: yes
|
||||||
|
name: mosquitto
|
||||||
|
become: True
|
||||||
|
become_user: root
|
26
tasks/tls.yml
Normal file
26
tasks/tls.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Create tls folder structure
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
recurse: True
|
||||||
|
loop:
|
||||||
|
- "{{ mosquitto_tls_cert_path | dirname }}"
|
||||||
|
- "{{ mosquitto_tls_key_path | dirname }}"
|
||||||
|
|
||||||
|
- name: Copy certs and private key
|
||||||
|
copy:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
loop:
|
||||||
|
- { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' }
|
||||||
|
- { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.dest }}"
|
||||||
|
notify: __mosquitto_restart
|
||||||
|
become: True
|
||||||
|
become_user: root
|
10
templates/etc/mosquitto/aclfile.j2
Normal file
10
templates/etc/mosquitto/aclfile.j2
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
{% for item in mosquitto_acl %}
|
||||||
|
{% if not item.name == "all" %}
|
||||||
|
user {{ item.name }}
|
||||||
|
{% endif %}
|
||||||
|
{% for acl in item.acls %}
|
||||||
|
{{ acl.acl_base if acl.acl_base is defined else 'topic' }} {{ acl.acl_policy }} {{ acl.acl_topic }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% endfor %}
|
868
templates/etc/mosquitto/mosquitto.conf.j2
Normal file
868
templates/etc/mosquitto/mosquitto.conf.j2
Normal file
|
@ -0,0 +1,868 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
# =================================================================
|
||||||
|
# General configuration
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# Time in seconds between updates of the $SYS tree.
|
||||||
|
# Set to 0 to disable the publishing of the $SYS tree.
|
||||||
|
#sys_interval 10
|
||||||
|
|
||||||
|
# Time in seconds between cleaning the internal message store of
|
||||||
|
# unreferenced messages. Lower values will result in lower memory
|
||||||
|
# usage but more processor time, higher values will have the
|
||||||
|
# opposite effect.
|
||||||
|
# Setting a value of 0 means the unreferenced messages will be
|
||||||
|
# disposed of as quickly as possible.
|
||||||
|
#store_clean_interval 10
|
||||||
|
|
||||||
|
# Write process id to a file. Default is a blank string which means
|
||||||
|
# a pid file shouldn't be written.
|
||||||
|
# This should be set to /var/run/mosquitto.pid if mosquitto is
|
||||||
|
# being run automatically on boot with an init script and
|
||||||
|
# start-stop-daemon or similar.
|
||||||
|
pid_file {{ mosquitto_pid_file }}
|
||||||
|
|
||||||
|
# When run as root, drop privileges to this user and its primary
|
||||||
|
# group.
|
||||||
|
# Set to root to stay as root, but this is not recommended.
|
||||||
|
# If run as a non-root user, this setting has no effect.
|
||||||
|
# Note that on Windows this has no effect and so mosquitto should
|
||||||
|
# be started by the user you wish it to run as.
|
||||||
|
user {{ mosquitto_user }}
|
||||||
|
|
||||||
|
# The maximum number of QoS 1 and 2 messages currently inflight per
|
||||||
|
# client.
|
||||||
|
# This includes messages that are partway through handshakes and
|
||||||
|
# those that are being retried. Defaults to 20. Set to 0 for no
|
||||||
|
# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
|
||||||
|
# and 2 messages.
|
||||||
|
#max_inflight_messages 20
|
||||||
|
|
||||||
|
# QoS 1 and 2 messages will be allowed inflight per client until this limit
|
||||||
|
# is exceeded. Defaults to 0. (No maximum)
|
||||||
|
# See also max_inflight_messages
|
||||||
|
#max_inflight_bytes 0
|
||||||
|
|
||||||
|
# The maximum number of QoS 1 and 2 messages to hold in a queue per client
|
||||||
|
# above those that are currently in-flight. Defaults to 100. Set
|
||||||
|
# to 0 for no maximum (not recommended).
|
||||||
|
# See also queue_qos0_messages.
|
||||||
|
# See also max_queued_bytes.
|
||||||
|
#max_queued_messages 100
|
||||||
|
|
||||||
|
# QoS 1 and 2 messages above those currently in-flight will be queued per
|
||||||
|
# client until this limit is exceeded. Defaults to 0. (No maximum)
|
||||||
|
# See also max_queued_messages.
|
||||||
|
# If both max_queued_messages and max_queued_bytes are specified, packets will
|
||||||
|
# be queued until the first limit is reached.
|
||||||
|
#max_queued_bytes 0
|
||||||
|
|
||||||
|
# Set to true to queue messages with QoS 0 when a persistent client is
|
||||||
|
# disconnected. These messages are included in the limit imposed by
|
||||||
|
# max_queued_messages and max_queued_bytes
|
||||||
|
# Defaults to false.
|
||||||
|
# This is a non-standard option for the MQTT v3.1 spec but is allowed in
|
||||||
|
# v3.1.1.
|
||||||
|
#queue_qos0_messages false
|
||||||
|
|
||||||
|
# This option sets the maximum publish payload size that the broker will allow.
|
||||||
|
# Received messages that exceed this size will not be accepted by the broker.
|
||||||
|
# The default value is 0, which means that all valid MQTT messages are
|
||||||
|
# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
|
||||||
|
#message_size_limit 0
|
||||||
|
|
||||||
|
# This option controls whether a client is allowed to connect with a zero
|
||||||
|
# length client id or not. This option only affects clients using MQTT v3.1.1
|
||||||
|
# and later. If set to false, clients connecting with a zero length client id
|
||||||
|
# are disconnected. If set to true, clients will be allocated a client id by
|
||||||
|
# the broker. This means it is only useful for clients with clean session set
|
||||||
|
# to true.
|
||||||
|
#allow_zero_length_clientid true
|
||||||
|
|
||||||
|
# If allow_zero_length_clientid is true, this option allows you to set a prefix
|
||||||
|
# to automatically generated client ids to aid visibility in logs.
|
||||||
|
#auto_id_prefix
|
||||||
|
|
||||||
|
# This option allows persistent clients (those with clean session set to false)
|
||||||
|
# to be removed if they do not reconnect within a certain time frame.
|
||||||
|
#
|
||||||
|
# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
|
||||||
|
#
|
||||||
|
# Badly designed clients may set clean session to false whilst using a randomly
|
||||||
|
# generated client id. This leads to persistent clients that will never
|
||||||
|
# reconnect. This option allows these clients to be removed.
|
||||||
|
#
|
||||||
|
# The expiration period should be an integer followed by one of h d w m y for
|
||||||
|
# hour, day, week, month and year respectively. For example
|
||||||
|
#
|
||||||
|
# persistent_client_expiration 2m
|
||||||
|
# persistent_client_expiration 14d
|
||||||
|
# persistent_client_expiration 1y
|
||||||
|
#
|
||||||
|
# The default if not set is to never expire persistent clients.
|
||||||
|
#persistent_client_expiration
|
||||||
|
|
||||||
|
# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
|
||||||
|
# and foo/+/baz , then MQTT expects that when the broker receives a message on
|
||||||
|
# a topic that matches both subscriptions, such as foo/bar/baz, then the client
|
||||||
|
# should only receive the message once.
|
||||||
|
# Mosquitto keeps track of which clients a message has been sent to in order to
|
||||||
|
# meet this requirement. The allow_duplicate_messages option allows this
|
||||||
|
# behaviour to be disabled, which may be useful if you have a large number of
|
||||||
|
# clients subscribed to the same set of topics and are very concerned about
|
||||||
|
# minimising memory usage.
|
||||||
|
# It can be safely set to true if you know in advance that your clients will
|
||||||
|
# never have overlapping subscriptions, otherwise your clients must be able to
|
||||||
|
# correctly deal with duplicate messages even when then have QoS=2.
|
||||||
|
#allow_duplicate_messages false
|
||||||
|
|
||||||
|
# The MQTT specification requires that the QoS of a message delivered to a
|
||||||
|
# subscriber is never upgraded to match the QoS of the subscription. Enabling
|
||||||
|
# this option changes this behaviour. If upgrade_outgoing_qos is set true,
|
||||||
|
# messages sent to a subscriber will always match the QoS of its subscription.
|
||||||
|
# This is a non-standard option explicitly disallowed by the spec.
|
||||||
|
#upgrade_outgoing_qos false
|
||||||
|
|
||||||
|
# Disable Nagle's algorithm on client sockets. This has the effect of reducing
|
||||||
|
# latency of individual messages at the potential cost of increasing the number
|
||||||
|
# of packets being sent.
|
||||||
|
#set_tcp_nodelay false
|
||||||
|
|
||||||
|
# Use per listener security settings.
|
||||||
|
# If this option is set to true, then all authentication and access control
|
||||||
|
# options are controlled on a per listener basis. The following options are
|
||||||
|
# affected:
|
||||||
|
#
|
||||||
|
# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
|
||||||
|
# auto_id_prefix allow_zero_length_clientid
|
||||||
|
#
|
||||||
|
# The default behaviour is for this to be set to false, which maintains the
|
||||||
|
# setting behaviour from previous versions of mosquitto.
|
||||||
|
#per_listener_settings false
|
||||||
|
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# Default listener
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# IP address/hostname to bind the default listener to. If not
|
||||||
|
# given, the default listener will not be bound to a specific
|
||||||
|
# address and so will be accessible to all network interfaces.
|
||||||
|
# bind_address ip-address/host name
|
||||||
|
bind_address {{ mosquitto_bind_address }}
|
||||||
|
|
||||||
|
# Port to use for the default listener.
|
||||||
|
port {{ mosquitto_port }}
|
||||||
|
|
||||||
|
# The maximum number of client connections to allow. This is
|
||||||
|
# a per listener setting.
|
||||||
|
# Default is -1, which means unlimited connections.
|
||||||
|
# Note that other process limits mean that unlimited connections
|
||||||
|
# are not really possible. Typically the default maximum number of
|
||||||
|
# connections possible is around 1024.
|
||||||
|
#max_connections -1
|
||||||
|
|
||||||
|
# Choose the protocol to use when listening.
|
||||||
|
# This can be either mqtt or websockets.
|
||||||
|
# Websockets support is currently disabled by default at compile time.
|
||||||
|
# Certificate based TLS may be used with websockets, except that
|
||||||
|
# only the cafile, certfile, keyfile and ciphers options are supported.
|
||||||
|
#protocol mqtt
|
||||||
|
|
||||||
|
# When a listener is using the websockets protocol, it is possible to serve
|
||||||
|
# http data as well. Set http_dir to a directory which contains the files you
|
||||||
|
# wish to serve. If this option is not specified, then no normal http
|
||||||
|
# connections will be possible.
|
||||||
|
#http_dir
|
||||||
|
|
||||||
|
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||||
|
# connected with with its username. This allows authentication to be tied to
|
||||||
|
# the clientid, which means that it is possible to prevent one client
|
||||||
|
# disconnecting another by using the same clientid.
|
||||||
|
# If a client connects with no username it will be disconnected as not
|
||||||
|
# authorised when this option is set to true.
|
||||||
|
# Do not use in conjunction with clientid_prefixes.
|
||||||
|
# See also use_identity_as_username.
|
||||||
|
#use_username_as_clientid
|
||||||
|
|
||||||
|
{% if mosquitto_tls_enabled %}
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Certificate based SSL/TLS support
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# The following options can be used to enable SSL/TLS support for
|
||||||
|
# this listener. Note that the recommended port for MQTT over TLS
|
||||||
|
# is 8883, but this must be set manually.
|
||||||
|
#
|
||||||
|
# See also the mosquitto-tls man page.
|
||||||
|
|
||||||
|
# At least one of cafile or capath must be defined. They both
|
||||||
|
# define methods of accessing the PEM encoded Certificate
|
||||||
|
# Authority certificates that have signed your server certificate
|
||||||
|
# and that you wish to trust.
|
||||||
|
# cafile defines the path to a file containing the CA certificates.
|
||||||
|
# capath defines a directory that will be searched for files
|
||||||
|
# containing the CA certificates. For capath to work correctly, the
|
||||||
|
# certificate files must have ".crt" as the file ending and you must run
|
||||||
|
# "openssl rehash /path/to/capath" each time you add/remove a certificate.
|
||||||
|
#cafile
|
||||||
|
capath {{ mosquitto_ca_path }}
|
||||||
|
|
||||||
|
# Path to the PEM encoded server certificate.
|
||||||
|
certfile {{ mosquitto_tls_cert_path }}
|
||||||
|
|
||||||
|
# Path to the PEM encoded keyfile.
|
||||||
|
keyfile {{ mosquitto_tls_key_path }}
|
||||||
|
|
||||||
|
# This option defines the version of the TLS protocol to use for this listener.
|
||||||
|
# The default value allows v1.2, v1.1 and v1.0. The valid values are tlsv1.2
|
||||||
|
# tlsv1.1 and tlsv1.
|
||||||
|
tls_version tlsv1.2
|
||||||
|
|
||||||
|
# By default a TLS enabled listener will operate in a similar fashion to a
|
||||||
|
# https enabled web server, in that the server has a certificate signed by a CA
|
||||||
|
# and the client will verify that it is a trusted certificate. The overall aim
|
||||||
|
# is encryption of the network traffic. By setting require_certificate to true,
|
||||||
|
# the client must provide a valid certificate in order for the network
|
||||||
|
# connection to proceed. This allows access to the broker to be controlled
|
||||||
|
# outside of the mechanisms provided by MQTT.
|
||||||
|
#require_certificate false
|
||||||
|
|
||||||
|
# If require_certificate is true, you may set use_identity_as_username to true
|
||||||
|
# to use the CN value from the client certificate as a username. If this is
|
||||||
|
# true, the password_file option will not be used for this listener.
|
||||||
|
# This takes priority over use_subject_as_username.
|
||||||
|
# See also use_subject_as_username.
|
||||||
|
#use_identity_as_username false
|
||||||
|
|
||||||
|
# If require_certificate is true, you may set use_subject_as_username to true
|
||||||
|
# to use the complete subject value from the client certificate as a username.
|
||||||
|
# If this is true, the password_file option will not be used for this listener.
|
||||||
|
# See also use_identity_as_username
|
||||||
|
#use_subject_as_username false
|
||||||
|
|
||||||
|
# If you have require_certificate set to true, you can create a certificate
|
||||||
|
# revocation list file to revoke access to particular client certificates. If
|
||||||
|
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||||
|
#crlfile
|
||||||
|
|
||||||
|
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||||
|
# option. The list of available ciphers can be obtained using the "openssl
|
||||||
|
# ciphers" command and should be provided in the same format as the output of
|
||||||
|
# that command.
|
||||||
|
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
||||||
|
ciphers {{ mosquitto_tls_ciphers | join(':') }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Pre-shared-key based SSL/TLS support
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# The following options can be used to enable PSK based SSL/TLS support for
|
||||||
|
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||||
|
# this must be set manually.
|
||||||
|
#
|
||||||
|
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||||
|
# support" section. Only one of certificate or PSK encryption support can be
|
||||||
|
# enabled for any listener.
|
||||||
|
|
||||||
|
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||||
|
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||||
|
# be used locally to aid authentication. The hint is a free form string that
|
||||||
|
# doesn't have much meaning in itself, so feel free to be creative.
|
||||||
|
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||||
|
# used or create a security plugin to handle them.
|
||||||
|
#psk_hint
|
||||||
|
|
||||||
|
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||||
|
# as its username. Authentication will be carried out using the PSK rather than
|
||||||
|
# the MQTT username/password and so password_file will not be used for this
|
||||||
|
# listener.
|
||||||
|
#use_identity_as_username false
|
||||||
|
|
||||||
|
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||||
|
# available PSK ciphers. If you want to control which ciphers are available,
|
||||||
|
# use the "ciphers" option. The list of available ciphers can be obtained
|
||||||
|
# using the "openssl ciphers" command and should be provided in the same format
|
||||||
|
# as the output of that command.
|
||||||
|
#ciphers
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# Extra listeners
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# Listen on a port/ip address combination. By using this variable
|
||||||
|
# multiple times, mosquitto can listen on more than one port. If
|
||||||
|
# this variable is used and neither bind_address nor port given,
|
||||||
|
# then the default listener will not be started.
|
||||||
|
# The port number to listen on must be given. Optionally, an ip
|
||||||
|
# address or host name may be supplied as a second argument. In
|
||||||
|
# this case, mosquitto will attempt to bind the listener to that
|
||||||
|
# address and so restrict access to the associated network and
|
||||||
|
# interface. By default, mosquitto will listen on all interfaces.
|
||||||
|
# Note that for a websockets listener it is not possible to bind to a host
|
||||||
|
# name.
|
||||||
|
# listener port-number [ip address/host name]
|
||||||
|
#listener
|
||||||
|
|
||||||
|
# The maximum number of client connections to allow. This is
|
||||||
|
# a per listener setting.
|
||||||
|
# Default is -1, which means unlimited connections.
|
||||||
|
# Note that other process limits mean that unlimited connections
|
||||||
|
# are not really possible. Typically the default maximum number of
|
||||||
|
# connections possible is around 1024.
|
||||||
|
#max_connections -1
|
||||||
|
|
||||||
|
# The listener can be restricted to operating within a topic hierarchy using
|
||||||
|
# the mount_point option. This is achieved be prefixing the mount_point string
|
||||||
|
# to all topics for any clients connected to this listener. This prefixing only
|
||||||
|
# happens internally to the broker; the client will not see the prefix.
|
||||||
|
#mount_point
|
||||||
|
|
||||||
|
# Choose the protocol to use when listening.
|
||||||
|
# This can be either mqtt or websockets.
|
||||||
|
# Certificate based TLS may be used with websockets, except that only the
|
||||||
|
# cafile, certfile, keyfile and ciphers options are supported.
|
||||||
|
#protocol mqtt
|
||||||
|
|
||||||
|
# When a listener is using the websockets protocol, it is possible to serve
|
||||||
|
# http data as well. Set http_dir to a directory which contains the files you
|
||||||
|
# wish to serve. If this option is not specified, then no normal http
|
||||||
|
# connections will be possible.
|
||||||
|
#http_dir
|
||||||
|
|
||||||
|
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||||
|
# connected with with its username. This allows authentication to be tied to
|
||||||
|
# the clientid, which means that it is possible to prevent one client
|
||||||
|
# disconnecting another by using the same clientid.
|
||||||
|
# If a client connects with no username it will be disconnected as not
|
||||||
|
# authorised when this option is set to true.
|
||||||
|
# Do not use in conjunction with clientid_prefixes.
|
||||||
|
# See also use_identity_as_username.
|
||||||
|
#use_username_as_clientid
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Certificate based SSL/TLS support
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# The following options can be used to enable certificate based SSL/TLS support
|
||||||
|
# for this listener. Note that the recommended port for MQTT over TLS is 8883,
|
||||||
|
# but this must be set manually.
|
||||||
|
#
|
||||||
|
# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
|
||||||
|
# support" section. Only one of certificate or PSK encryption support can be
|
||||||
|
# enabled for any listener.
|
||||||
|
|
||||||
|
# At least one of cafile or capath must be defined to enable certificate based
|
||||||
|
# TLS encryption. They both define methods of accessing the PEM encoded
|
||||||
|
# Certificate Authority certificates that have signed your server certificate
|
||||||
|
# and that you wish to trust.
|
||||||
|
# cafile defines the path to a file containing the CA certificates.
|
||||||
|
# capath defines a directory that will be searched for files
|
||||||
|
# containing the CA certificates. For capath to work correctly, the
|
||||||
|
# certificate files must have ".crt" as the file ending and you must run
|
||||||
|
# "openssl rehash /path/to/capath" each time you add/remove a certificate.
|
||||||
|
#cafile
|
||||||
|
#capath
|
||||||
|
|
||||||
|
# Path to the PEM encoded server certificate.
|
||||||
|
#certfile
|
||||||
|
|
||||||
|
# Path to the PEM encoded keyfile.
|
||||||
|
#keyfile
|
||||||
|
|
||||||
|
# By default an TLS enabled listener will operate in a similar fashion to a
|
||||||
|
# https enabled web server, in that the server has a certificate signed by a CA
|
||||||
|
# and the client will verify that it is a trusted certificate. The overall aim
|
||||||
|
# is encryption of the network traffic. By setting require_certificate to true,
|
||||||
|
# the client must provide a valid certificate in order for the network
|
||||||
|
# connection to proceed. This allows access to the broker to be controlled
|
||||||
|
# outside of the mechanisms provided by MQTT.
|
||||||
|
#require_certificate false
|
||||||
|
|
||||||
|
# If require_certificate is true, you may set use_identity_as_username to true
|
||||||
|
# to use the CN value from the client certificate as a username. If this is
|
||||||
|
# true, the password_file option will not be used for this listener.
|
||||||
|
#use_identity_as_username false
|
||||||
|
|
||||||
|
# If you have require_certificate set to true, you can create a certificate
|
||||||
|
# revocation list file to revoke access to particular client certificates. If
|
||||||
|
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||||
|
#crlfile
|
||||||
|
|
||||||
|
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||||
|
# option. The list of available ciphers can be optained using the "openssl
|
||||||
|
# ciphers" command and should be provided in the same format as the output of
|
||||||
|
# that command.
|
||||||
|
#ciphers
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Pre-shared-key based SSL/TLS support
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# The following options can be used to enable PSK based SSL/TLS support for
|
||||||
|
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||||
|
# this must be set manually.
|
||||||
|
#
|
||||||
|
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||||
|
# support" section. Only one of certificate or PSK encryption support can be
|
||||||
|
# enabled for any listener.
|
||||||
|
|
||||||
|
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||||
|
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||||
|
# be used locally to aid authentication. The hint is a free form string that
|
||||||
|
# doesn't have much meaning in itself, so feel free to be creative.
|
||||||
|
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||||
|
# used or create a security plugin to handle them.
|
||||||
|
#psk_hint
|
||||||
|
|
||||||
|
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||||
|
# as its username. Authentication will be carried out using the PSK rather than
|
||||||
|
# the MQTT username/password and so password_file will not be used for this
|
||||||
|
# listener.
|
||||||
|
#use_identity_as_username false
|
||||||
|
|
||||||
|
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||||
|
# available PSK ciphers. If you want to control which ciphers are available,
|
||||||
|
# use the "ciphers" option. The list of available ciphers can be optained
|
||||||
|
# using the "openssl ciphers" command and should be provided in the same format
|
||||||
|
# as the output of that command.
|
||||||
|
#ciphers
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# Persistence
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# If persistence is enabled, save the in-memory database to disk
|
||||||
|
# every autosave_interval seconds. If set to 0, the persistence
|
||||||
|
# database will only be written when mosquitto exits. See also
|
||||||
|
# autosave_on_changes.
|
||||||
|
# Note that writing of the persistence database can be forced by
|
||||||
|
# sending mosquitto a SIGUSR1 signal.
|
||||||
|
#autosave_interval 1800
|
||||||
|
|
||||||
|
# If true, mosquitto will count the number of subscription changes, retained
|
||||||
|
# messages received and queued messages and if the total exceeds
|
||||||
|
# autosave_interval then the in-memory database will be saved to disk.
|
||||||
|
# If false, mosquitto will save the in-memory database to disk by treating
|
||||||
|
# autosave_interval as a time in seconds.
|
||||||
|
#autosave_on_changes false
|
||||||
|
|
||||||
|
# Save persistent message data to disk (true/false).
|
||||||
|
# This saves information about all messages, including
|
||||||
|
# subscriptions, currently in-flight messages and retained
|
||||||
|
# messages.
|
||||||
|
# retained_persistence is a synonym for this option.
|
||||||
|
persistence {{ mosquitto_persistence_enabled | lower }}
|
||||||
|
|
||||||
|
{% if mosquitto_persistence_enabled %}
|
||||||
|
persistence_file {{ mosquitto_persistence_path | basename }}
|
||||||
|
persistence_location {{ (mosquitto_persistence_path | dirname) + '/' }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# Logging
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# Places to log to. Use multiple log_dest lines for multiple
|
||||||
|
# logging destinations.
|
||||||
|
# Possible destinations are: stdout stderr syslog topic file
|
||||||
|
#
|
||||||
|
# stdout and stderr log to the console on the named output.
|
||||||
|
#
|
||||||
|
# syslog uses the userspace syslog facility which usually ends up
|
||||||
|
# in /var/log/messages or similar.
|
||||||
|
#
|
||||||
|
# topic logs to the broker topic '$SYS/broker/log/severity',
|
||||||
|
# where severity is one of D, E, W, N, I, M which are debug, error,
|
||||||
|
# warning, notice, information and message. Message type severity is used by
|
||||||
|
# the subscribe/unsubscribe log_types and publishes log messages to
|
||||||
|
# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
|
||||||
|
#
|
||||||
|
# The file destination requires an additional parameter which is the file to be
|
||||||
|
# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
|
||||||
|
# closed and reopened when the broker receives a HUP signal. Only a single file
|
||||||
|
# destination may be configured.
|
||||||
|
#
|
||||||
|
# Note that if the broker is running as a Windows service it will default to
|
||||||
|
# "log_dest none" and neither stdout nor stderr logging is available.
|
||||||
|
# Use "log_dest none" if you wish to disable logging.
|
||||||
|
#log_dest stderr
|
||||||
|
|
||||||
|
# If using syslog logging (not on Windows), messages will be logged to the
|
||||||
|
# "daemon" facility by default. Use the log_facility option to choose which of
|
||||||
|
# local0 to local7 to log to instead. The option value should be an integer
|
||||||
|
# value, e.g. "log_facility 5" to use local5.
|
||||||
|
#log_facility
|
||||||
|
|
||||||
|
# Types of messages to log. Use multiple log_type lines for logging
|
||||||
|
# multiple types of messages.
|
||||||
|
# Possible types are: debug, error, warning, notice, information,
|
||||||
|
# none, subscribe, unsubscribe, websockets, all.
|
||||||
|
# Note that debug type messages are for decoding the incoming/outgoing
|
||||||
|
# network packets. They are not logged in "topics".
|
||||||
|
#log_type error
|
||||||
|
#log_type warning
|
||||||
|
#log_type notice
|
||||||
|
#log_type information
|
||||||
|
|
||||||
|
# Change the websockets logging level. This is a global option, it is not
|
||||||
|
# possible to set per listener. This is an integer that is interpreted by
|
||||||
|
# libwebsockets as a bit mask for its lws_log_levels enum. See the
|
||||||
|
# libwebsockets documentation for more details. "log_type websockets" must also
|
||||||
|
# be enabled.
|
||||||
|
#websockets_log_level 0
|
||||||
|
|
||||||
|
# If set to true, client connection and disconnection messages will be included
|
||||||
|
# in the log.
|
||||||
|
#connection_messages true
|
||||||
|
|
||||||
|
# If set to true, add a timestamp value to each log message.
|
||||||
|
#log_timestamp true
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# Security
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# If set, only clients that have a matching prefix on their
|
||||||
|
# clientid will be allowed to connect to the broker. By default,
|
||||||
|
# all clients may connect.
|
||||||
|
# For example, setting "secure-" here would mean a client "secure-
|
||||||
|
# client" could connect but another with clientid "mqtt" couldn't.
|
||||||
|
#clientid_prefixes
|
||||||
|
|
||||||
|
# Boolean value that determines whether clients that connect
|
||||||
|
# without providing a username are allowed to connect. If set to
|
||||||
|
# false then a password file should be created (see the
|
||||||
|
# password_file option) to control authenticated client access.
|
||||||
|
#
|
||||||
|
# Defaults to true if no other security options are set. If any other
|
||||||
|
# authentication options are set, then allow_anonymous defaults to false.
|
||||||
|
#
|
||||||
|
{% if not mosquitto_password_auth_enabled %}
|
||||||
|
allow_anonymous true
|
||||||
|
{% else %}
|
||||||
|
allow_anonymous false
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Default authentication and topic access control
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
|
||||||
|
# Control access to the broker using a password file. This file can be
|
||||||
|
# generated using the mosquitto_passwd utility. If TLS support is not compiled
|
||||||
|
# into mosquitto (it is recommended that TLS support should be included) then
|
||||||
|
# plain text passwords are used, in which case the file should be a text file
|
||||||
|
# with lines in the format:
|
||||||
|
# username:password
|
||||||
|
# The password (and colon) may be omitted if desired, although this
|
||||||
|
# offers very little in the way of security.
|
||||||
|
#
|
||||||
|
# See the TLS client require_certificate and use_identity_as_username options
|
||||||
|
# for alternative authentication options. If an auth_plugin is used as well as
|
||||||
|
# password_file, the auth_plugin check will be made first.
|
||||||
|
{% if mosquitto_password_auth_enabled %}
|
||||||
|
password_file {{ mosquitto_password_auth_file }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# Access may also be controlled using a pre-shared-key file. This requires
|
||||||
|
# TLS-PSK support and a listener configured to use it. The file should be text
|
||||||
|
# lines in the format:
|
||||||
|
# identity:key
|
||||||
|
# The key should be in hexadecimal format without a leading "0x".
|
||||||
|
# If an auth_plugin is used as well, the auth_plugin check will be made first.
|
||||||
|
#psk_file
|
||||||
|
|
||||||
|
# Control access to topics on the broker using an access control list
|
||||||
|
# file. If this parameter is defined then only the topics listed will
|
||||||
|
# have access.
|
||||||
|
# If the first character of a line of the ACL file is a # it is treated as a
|
||||||
|
# comment.
|
||||||
|
# Topic access is added with lines of the format:
|
||||||
|
#
|
||||||
|
# topic [read|write|readwrite] 'topic'
|
||||||
|
#
|
||||||
|
# The access type is controlled using "read", "write" or "readwrite". This
|
||||||
|
# parameter is optional (unless 'topic' contains a space character) - if not
|
||||||
|
# given then the access is read/write. 'topic' can contain the + or #
|
||||||
|
# wildcards as in subscriptions.
|
||||||
|
#
|
||||||
|
# The first set of topics are applied to anonymous clients, assuming
|
||||||
|
# allow_anonymous is true. User specific topic ACLs are added after a
|
||||||
|
# user line as follows:
|
||||||
|
#
|
||||||
|
# user 'username'
|
||||||
|
#
|
||||||
|
# The username referred to here is the same as in password_file. It is
|
||||||
|
# not the clientid.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# If is also possible to define ACLs based on pattern substitution within the
|
||||||
|
# topic. The patterns available for substition are:
|
||||||
|
#
|
||||||
|
# %c to match the client id of the client
|
||||||
|
# %u to match the username of the client
|
||||||
|
#
|
||||||
|
# The substitution pattern must be the only text for that level of hierarchy.
|
||||||
|
#
|
||||||
|
# The form is the same as for the topic keyword, but using pattern as the
|
||||||
|
# keyword.
|
||||||
|
# Pattern ACLs apply to all users even if the "user" keyword has previously
|
||||||
|
# been given.
|
||||||
|
#
|
||||||
|
# If using bridges with usernames and ACLs, connection messages can be allowed
|
||||||
|
# with the following pattern:
|
||||||
|
# pattern write $SYS/broker/connection/%c/state
|
||||||
|
#
|
||||||
|
# pattern [read|write|readwrite] 'topic'
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
#
|
||||||
|
# pattern write sensor/%u/data
|
||||||
|
#
|
||||||
|
# If an auth_plugin is used as well as acl_file, the auth_plugin check will be
|
||||||
|
# made first.
|
||||||
|
{% if mosquitto_acl_enabled %}
|
||||||
|
acl_file {{ mosquitto_acl_file }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# External authentication and topic access plugin options
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
|
||||||
|
# External authentication and access control can be supported with the
|
||||||
|
# auth_plugin option. This is a path to a loadable plugin. See also the
|
||||||
|
# auth_opt_* options described below.
|
||||||
|
#
|
||||||
|
# The auth_plugin option can be specified multiple times to load multiple
|
||||||
|
# plugins. The plugins will be processed in the order that they are specified
|
||||||
|
# here. If the auth_plugin option is specified alongside either of
|
||||||
|
# password_file or acl_file then the plugin checks will be made first.
|
||||||
|
#
|
||||||
|
#auth_plugin
|
||||||
|
|
||||||
|
# If the auth_plugin option above is used, define options to pass to the
|
||||||
|
# plugin here as described by the plugin instructions. All options named
|
||||||
|
# using the format auth_opt_* will be passed to the plugin, for example:
|
||||||
|
#
|
||||||
|
# auth_opt_db_host
|
||||||
|
# auth_opt_db_port
|
||||||
|
# auth_opt_db_username
|
||||||
|
# auth_opt_db_password
|
||||||
|
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# Bridges
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# A bridge is a way of connecting multiple MQTT brokers together.
|
||||||
|
# Create a new bridge using the "connection" option as described below. Set
|
||||||
|
# options for the bridges using the remaining parameters. You must specify the
|
||||||
|
# address and at least one topic to subscribe to.
|
||||||
|
#
|
||||||
|
# Each connection must have a unique name.
|
||||||
|
#
|
||||||
|
# The address line may have multiple host address and ports specified. See
|
||||||
|
# below in the round_robin description for more details on bridge behaviour if
|
||||||
|
# multiple addresses are used. Note that if you use an IPv6 address, then you
|
||||||
|
# are required to specify a port.
|
||||||
|
#
|
||||||
|
# The direction that the topic will be shared can be chosen by
|
||||||
|
# specifying out, in or both, where the default value is out.
|
||||||
|
# The QoS level of the bridged communication can be specified with the next
|
||||||
|
# topic option. The default QoS level is 0, to change the QoS the topic
|
||||||
|
# direction must also be given.
|
||||||
|
#
|
||||||
|
# The local and remote prefix options allow a topic to be remapped when it is
|
||||||
|
# bridged to/from the remote broker. This provides the ability to place a topic
|
||||||
|
# tree in an appropriate location.
|
||||||
|
#
|
||||||
|
# For more details see the mosquitto.conf man page.
|
||||||
|
#
|
||||||
|
# Multiple topics can be specified per connection, but be careful
|
||||||
|
# not to create any loops.
|
||||||
|
#
|
||||||
|
# If you are using bridges with cleansession set to false (the default), then
|
||||||
|
# you may get unexpected behaviour from incoming topics if you change what
|
||||||
|
# topics you are subscribing to. This is because the remote broker keeps the
|
||||||
|
# subscription for the old topic. If you have this problem, connect your bridge
|
||||||
|
# with cleansession set to true, then reconnect with cleansession set to false
|
||||||
|
# as normal.
|
||||||
|
#connection 'name'
|
||||||
|
#address host[:port] [host[:port]]
|
||||||
|
#topic 'topic' [[[out | in | both] qos-level] local-prefix remote-prefix]
|
||||||
|
|
||||||
|
# Set the version of the MQTT protocol to use with for this bridge. Can be one
|
||||||
|
# of mqttv311 or mqttv11. Defaults to mqttv311.
|
||||||
|
#bridge_protocol_version mqttv311
|
||||||
|
|
||||||
|
# If a bridge has topics that have "out" direction, the default behaviour is to
|
||||||
|
# send an unsubscribe request to the remote broker on that topic. This means
|
||||||
|
# that changing a topic direction from "in" to "out" will not keep receiving
|
||||||
|
# incoming messages. Sending these unsubscribe requests is not always
|
||||||
|
# desirable, setting bridge_attempt_unsubscribe to false will disable sending
|
||||||
|
# the unsubscribe request.
|
||||||
|
#bridge_attempt_unsubscribe true
|
||||||
|
|
||||||
|
# If the bridge has more than one address given in the address/addresses
|
||||||
|
# configuration, the round_robin option defines the behaviour of the bridge on
|
||||||
|
# a failure of the bridge connection. If round_robin is false, the default
|
||||||
|
# value, then the first address is treated as the main bridge connection. If
|
||||||
|
# the connection fails, the other secondary addresses will be attempted in
|
||||||
|
# turn. Whilst connected to a secondary bridge, the bridge will periodically
|
||||||
|
# attempt to reconnect to the main bridge until successful.
|
||||||
|
# If round_robin is true, then all addresses are treated as equals. If a
|
||||||
|
# connection fails, the next address will be tried and if successful will
|
||||||
|
# remain connected until it fails
|
||||||
|
#round_robin false
|
||||||
|
|
||||||
|
# Set the client id to use on the remote end of this bridge connection. If not
|
||||||
|
# defined, this defaults to 'name.hostname' where name is the connection name
|
||||||
|
# and hostname is the hostname of this computer.
|
||||||
|
# This replaces the old "clientid" option to avoid confusion. "clientid"
|
||||||
|
# remains valid for the time being.
|
||||||
|
#remote_clientid
|
||||||
|
|
||||||
|
# Set the clientid to use on the local broker. If not defined, this defaults to
|
||||||
|
# 'local.clientid'. If you are bridging a broker to itself, it is important
|
||||||
|
# that local_clientid and clientid do not match.
|
||||||
|
#local_clientid
|
||||||
|
|
||||||
|
# Set the clean session variable for this bridge.
|
||||||
|
# When set to true, when the bridge disconnects for any reason, all
|
||||||
|
# messages and subscriptions will be cleaned up on the remote
|
||||||
|
# broker. Note that with cleansession set to true, there may be a
|
||||||
|
# significant amount of retained messages sent when the bridge
|
||||||
|
# reconnects after losing its connection.
|
||||||
|
# When set to false, the subscriptions and messages are kept on the
|
||||||
|
# remote broker, and delivered when the bridge reconnects.
|
||||||
|
#cleansession false
|
||||||
|
|
||||||
|
# If set to true, publish notification messages to the local and remote brokers
|
||||||
|
# giving information about the state of the bridge connection. Retained
|
||||||
|
# messages are published to the topic $SYS/broker/connection/clientid/state
|
||||||
|
# unless the notification_topic option is used.
|
||||||
|
# If the message is 1 then the connection is active, or 0 if the connection has
|
||||||
|
# failed.
|
||||||
|
#notifications true
|
||||||
|
|
||||||
|
# Choose the topic on which notification messages for this bridge are
|
||||||
|
# published. If not set, messages are published on the topic
|
||||||
|
# $SYS/broker/connection/clientid/state
|
||||||
|
#notification_topic
|
||||||
|
|
||||||
|
# Set the keepalive interval for this bridge connection, in
|
||||||
|
# seconds.
|
||||||
|
#keepalive_interval 60
|
||||||
|
|
||||||
|
# Set the start type of the bridge. This controls how the bridge starts and
|
||||||
|
# can be one of three types: automatic, lazy and once. Note that RSMB provides
|
||||||
|
# a fourth start type "manual" which isn't currently supported by mosquitto.
|
||||||
|
#
|
||||||
|
# "automatic" is the default start type and means that the bridge connection
|
||||||
|
# will be started automatically when the broker starts and also restarted
|
||||||
|
# after a short delay (30 seconds) if the connection fails.
|
||||||
|
#
|
||||||
|
# Bridges using the "lazy" start type will be started automatically when the
|
||||||
|
# number of queued messages exceeds the number set with the "threshold"
|
||||||
|
# parameter. It will be stopped automatically after the time set by the
|
||||||
|
# "idle_timeout" parameter. Use this start type if you wish the connection to
|
||||||
|
# only be active when it is needed.
|
||||||
|
#
|
||||||
|
# A bridge using the "once" start type will be started automatically when the
|
||||||
|
# broker starts but will not be restarted if the connection fails.
|
||||||
|
#start_type automatic
|
||||||
|
|
||||||
|
# Set the amount of time a bridge using the automatic start type will wait
|
||||||
|
# until attempting to reconnect. Defaults to 30 seconds.
|
||||||
|
#restart_timeout 30
|
||||||
|
|
||||||
|
# Set the amount of time a bridge using the lazy start type must be idle before
|
||||||
|
# it will be stopped. Defaults to 60 seconds.
|
||||||
|
#idle_timeout 60
|
||||||
|
|
||||||
|
# Set the number of messages that need to be queued for a bridge with lazy
|
||||||
|
# start type to be restarted. Defaults to 10 messages.
|
||||||
|
# Must be less than max_queued_messages.
|
||||||
|
#threshold 10
|
||||||
|
|
||||||
|
# If try_private is set to true, the bridge will attempt to indicate to the
|
||||||
|
# remote broker that it is a bridge not an ordinary client. If successful, this
|
||||||
|
# means that loop detection will be more effective and that retained messages
|
||||||
|
# will be propagated correctly. Not all brokers support this feature so it may
|
||||||
|
# be necessary to set try_private to false if your bridge does not connect
|
||||||
|
# properly.
|
||||||
|
#try_private true
|
||||||
|
|
||||||
|
# Set the username to use when connecting to a broker that requires
|
||||||
|
# authentication.
|
||||||
|
# This replaces the old "username" option to avoid confusion. "username"
|
||||||
|
# remains valid for the time being.
|
||||||
|
#remote_username
|
||||||
|
|
||||||
|
# Set the password to use when connecting to a broker that requires
|
||||||
|
# authentication. This option is only used if remote_username is also set.
|
||||||
|
# This replaces the old "password" option to avoid confusion. "password"
|
||||||
|
# remains valid for the time being.
|
||||||
|
#remote_password
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Certificate based SSL/TLS support
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Either bridge_cafile or bridge_capath must be defined to enable TLS support
|
||||||
|
# for this bridge.
|
||||||
|
# bridge_cafile defines the path to a file containing the
|
||||||
|
# Certificate Authority certificates that have signed the remote broker
|
||||||
|
# certificate.
|
||||||
|
# bridge_capath defines a directory that will be searched for files containing
|
||||||
|
# the CA certificates. For bridge_capath to work correctly, the certificate
|
||||||
|
# files must have ".crt" as the file ending and you must run "openssl rehash
|
||||||
|
# /path/to/capath" each time you add/remove a certificate.
|
||||||
|
#bridge_cafile
|
||||||
|
#bridge_capath
|
||||||
|
|
||||||
|
# Path to the PEM encoded client certificate, if required by the remote broker.
|
||||||
|
#bridge_certfile
|
||||||
|
|
||||||
|
# Path to the PEM encoded client private key, if required by the remote broker.
|
||||||
|
#bridge_keyfile
|
||||||
|
|
||||||
|
# When using certificate based encryption, bridge_insecure disables
|
||||||
|
# verification of the server hostname in the server certificate. This can be
|
||||||
|
# useful when testing initial server configurations, but makes it possible for
|
||||||
|
# a malicious third party to impersonate your server through DNS spoofing, for
|
||||||
|
# example. Use this option in testing only. If you need to resort to using this
|
||||||
|
# option in a production environment, your setup is at fault and there is no
|
||||||
|
# point using encryption.
|
||||||
|
#bridge_insecure false
|
||||||
|
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# PSK based SSL/TLS support
|
||||||
|
# -----------------------------------------------------------------
|
||||||
|
# Pre-shared-key encryption provides an alternative to certificate based
|
||||||
|
# encryption. A bridge can be configured to use PSK with the bridge_identity
|
||||||
|
# and bridge_psk options. These are the client PSK identity, and pre-shared-key
|
||||||
|
# in hexadecimal format with no "0x". Only one of certificate and PSK based
|
||||||
|
# encryption can be used on one
|
||||||
|
# bridge at once.
|
||||||
|
#bridge_identity
|
||||||
|
#bridge_psk
|
||||||
|
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# External config files
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
# External configuration files may be included by using the
|
||||||
|
# include_dir option. This defines a directory that will be searched
|
||||||
|
# for config files. All files that end in '.conf' will be loaded as
|
||||||
|
# a configuration file. It is best to have this as the last option
|
||||||
|
# in the main file. This option will only be processed from the main
|
||||||
|
# configuration file. The directory specified must not contain the
|
||||||
|
# main configuration file.
|
||||||
|
#include_dir
|
||||||
|
|
||||||
|
# =================================================================
|
||||||
|
# rsmb options - unlikely to ever be supported
|
||||||
|
# =================================================================
|
||||||
|
|
||||||
|
#ffdc_output
|
||||||
|
#max_log_entries
|
||||||
|
#trace_level
|
||||||
|
#trace_output
|
3
vars/main.yml
Normal file
3
vars/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
__mosquitto_packages:
|
||||||
|
- mosquitto
|
Loading…
Reference in New Issue
Block a user