Compare commits
No commits in common. "main" and "docs" have entirely different histories.
161
.drone.jsonnet
161
.drone.jsonnet
|
@ -1,161 +0,0 @@
|
|||
local PipelineLinting = {
|
||||
kind: 'pipeline',
|
||||
name: 'linting',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-later',
|
||||
image: 'thegeeklab/ansible-later',
|
||||
commands: [
|
||||
'ansible-later',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-format',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq yapf',
|
||||
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
|
||||
],
|
||||
},
|
||||
{
|
||||
name: 'python-flake8',
|
||||
image: 'python:3.11',
|
||||
environment: {
|
||||
PY_COLORS: 1,
|
||||
},
|
||||
commands: [
|
||||
'pip install -qq flake8',
|
||||
'flake8',
|
||||
],
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDeployment(scenario='centos7') = {
|
||||
kind: 'pipeline',
|
||||
name: 'testing-' + scenario,
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
concurrency: {
|
||||
limit: 1,
|
||||
},
|
||||
workspace: {
|
||||
base: '/drone/src',
|
||||
path: '${DRONE_REPO_NAME}',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'ansible-molecule',
|
||||
image: 'thegeeklab/molecule:4',
|
||||
environment: {
|
||||
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
|
||||
},
|
||||
commands: [
|
||||
'molecule test -s ' + scenario,
|
||||
],
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'linting',
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
};
|
||||
|
||||
local PipelineDocumentation = {
|
||||
kind: 'pipeline',
|
||||
name: 'documentation',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'generate',
|
||||
image: 'thegeeklab/ansible-doctor',
|
||||
environment: {
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
|
||||
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
|
||||
},
|
||||
},
|
||||
{
|
||||
name: 'publish',
|
||||
image: 'plugins/gh-pages',
|
||||
settings: {
|
||||
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
|
||||
netrc_machine: 'gitea.rknet.org',
|
||||
username: { from_secret: 'gitea_username' },
|
||||
password: { from_secret: 'gitea_token' },
|
||||
pages_directory: '_docs/',
|
||||
target_branch: 'docs',
|
||||
},
|
||||
when: {
|
||||
ref: ['refs/heads/main'],
|
||||
},
|
||||
},
|
||||
],
|
||||
trigger: {
|
||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
||||
},
|
||||
depends_on: [
|
||||
'testing-centos7',
|
||||
'testing-rocky8',
|
||||
],
|
||||
};
|
||||
|
||||
local PipelineNotification = {
|
||||
kind: 'pipeline',
|
||||
name: 'notification',
|
||||
platform: {
|
||||
os: 'linux',
|
||||
arch: 'amd64',
|
||||
},
|
||||
clone: {
|
||||
disable: true,
|
||||
},
|
||||
steps: [
|
||||
{
|
||||
name: 'matrix',
|
||||
image: 'thegeeklab/drone-matrix',
|
||||
settings: {
|
||||
homeserver: { from_secret: 'matrix_homeserver' },
|
||||
roomid: { from_secret: 'matrix_roomid' },
|
||||
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
|
||||
username: { from_secret: 'matrix_username' },
|
||||
password: { from_secret: 'matrix_password' },
|
||||
},
|
||||
},
|
||||
],
|
||||
depends_on: [
|
||||
'documentation',
|
||||
],
|
||||
trigger: {
|
||||
status: ['success', 'failure'],
|
||||
ref: ['refs/heads/main', 'refs/tags/**'],
|
||||
},
|
||||
};
|
||||
|
||||
[
|
||||
PipelineLinting,
|
||||
PipelineDeployment(scenario='centos7'),
|
||||
PipelineDeployment(scenario='rocky8'),
|
||||
PipelineDocumentation,
|
||||
PipelineNotification,
|
||||
]
|
187
.drone.yml
187
.drone.yml
|
@ -1,187 +0,0 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: linting
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: ansible-later
|
||||
image: thegeeklab/ansible-later
|
||||
commands:
|
||||
- ansible-later
|
||||
|
||||
- name: python-format
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq yapf
|
||||
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
- name: python-flake8
|
||||
image: python:3.11
|
||||
commands:
|
||||
- pip install -qq flake8
|
||||
- flake8
|
||||
environment:
|
||||
PY_COLORS: 1
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-centos7
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s centos7
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: testing-rocky8
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
concurrency:
|
||||
limit: 1
|
||||
|
||||
workspace:
|
||||
base: /drone/src
|
||||
path: ${DRONE_REPO_NAME}
|
||||
|
||||
steps:
|
||||
- name: ansible-molecule
|
||||
image: thegeeklab/molecule:4
|
||||
commands:
|
||||
- molecule test -s rocky8
|
||||
environment:
|
||||
HCLOUD_TOKEN:
|
||||
from_secret: hcloud_token
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- linting
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: documentation
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
steps:
|
||||
- name: generate
|
||||
image: thegeeklab/ansible-doctor
|
||||
environment:
|
||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
|
||||
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
||||
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
|
||||
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
|
||||
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
|
||||
|
||||
- name: publish
|
||||
image: plugins/gh-pages
|
||||
settings:
|
||||
netrc_machine: gitea.rknet.org
|
||||
pages_directory: _docs/
|
||||
password:
|
||||
from_secret: gitea_token
|
||||
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
|
||||
target_branch: docs
|
||||
username:
|
||||
from_secret: gitea_username
|
||||
when:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
- refs/pull/**
|
||||
|
||||
depends_on:
|
||||
- testing-centos7
|
||||
- testing-rocky8
|
||||
|
||||
---
|
||||
kind: pipeline
|
||||
name: notification
|
||||
|
||||
platform:
|
||||
os: linux
|
||||
arch: amd64
|
||||
|
||||
clone:
|
||||
disable: true
|
||||
|
||||
steps:
|
||||
- name: matrix
|
||||
image: thegeeklab/drone-matrix
|
||||
settings:
|
||||
homeserver:
|
||||
from_secret: matrix_homeserver
|
||||
password:
|
||||
from_secret: matrix_password
|
||||
roomid:
|
||||
from_secret: matrix_roomid
|
||||
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
|
||||
username:
|
||||
from_secret: matrix_username
|
||||
|
||||
trigger:
|
||||
ref:
|
||||
- refs/heads/main
|
||||
- refs/tags/**
|
||||
status:
|
||||
- success
|
||||
- failure
|
||||
|
||||
depends_on:
|
||||
- documentation
|
||||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 38fb753c217b5efa3d18c0e23db8a2f3323d4cc54b100f8a0d40847b1f1b4118
|
||||
|
||||
...
|
|
@ -1,13 +0,0 @@
|
|||
# ---> Ansible
|
||||
*.retry
|
||||
filter/plugins/
|
||||
library
|
||||
|
||||
# ---> Python
|
||||
# Byte-compiled / optimized / DLL files
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
|
||||
# ---> Docs
|
||||
/_docs
|
19
.later.yml
19
.later.yml
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
ansible:
|
||||
custom_modules:
|
||||
- iptables_raw
|
||||
- openssl_pkcs12
|
||||
- proxmox_kvm
|
||||
- ucr
|
||||
- corenetworks_dns
|
||||
- corenetworks_token
|
||||
|
||||
rules:
|
||||
exclude_files:
|
||||
- molecule/
|
||||
- "LICENSE*"
|
||||
- "**/*.md"
|
||||
- "**/*.ini"
|
||||
|
||||
exclude_filter:
|
||||
- LINT0009
|
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is furnished
|
||||
to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice (including the next
|
||||
paragraph) shall be included in all copies or substantial portions of the
|
||||
Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
12
README.md
12
README.md
|
@ -1,12 +0,0 @@
|
|||
# xoxys.mosquitto
|
||||
|
||||
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto)
|
||||
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
|
||||
|
||||
Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker that implements the MQTT protocol. It is lightweight and suitable for use on all devices from low power single board computers to full servers.
|
||||
|
||||
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/IoT/mosquitto/).
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
|
@ -1,59 +0,0 @@
|
|||
---
|
||||
mosquitto_base_dir: /etc/mosquitto
|
||||
mosquitto_pid_file: /var/run/mosquitto.pid
|
||||
mosquitto_user: mosquitto
|
||||
mosquitto_group: mosquitto
|
||||
|
||||
mosquitto_port: 1883
|
||||
mosquitto_bind_address: "{{ ansible_default_ipv4.address }}"
|
||||
|
||||
mosquitto_packages_extra: []
|
||||
mosquitto_persistence_enabled: False
|
||||
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
||||
|
||||
mosquitto_password_auth_enabled: False
|
||||
mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
|
||||
mosquitto_password_auth_users: []
|
||||
# @var mosquitto_password_auth_users:example: >
|
||||
# mosquitto_password_auth_users:
|
||||
# - name: admin
|
||||
# password: mysecret
|
||||
# state: present
|
||||
# - name: user1
|
||||
# password: very_secure
|
||||
# state: absent
|
||||
# @end
|
||||
|
||||
mosquitto_acl_enabled: False
|
||||
mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
|
||||
mosquitto_acl: []
|
||||
# @var mosquitto_acl:example: >
|
||||
# mosquitto_acl:
|
||||
# - name: iot
|
||||
# user: admin
|
||||
# acls:
|
||||
# - acl_base: topic # (topic|pattern, defaults to topic)
|
||||
# acl_topic: "#"
|
||||
# acl_policy: readwrite
|
||||
# - name: readonly_iot
|
||||
# user: user1
|
||||
# acls:
|
||||
# - acl_base: topic
|
||||
# acl_topic: my/devices
|
||||
# acl_policy: readwrite
|
||||
# @end
|
||||
|
||||
mosquitto_tls_enabled: False
|
||||
mosquitto_tls_ciphers:
|
||||
- DEFAULT
|
||||
- "!aNULL"
|
||||
- "!eNULL"
|
||||
- "!LOW"
|
||||
- "!EXPORT"
|
||||
- "!SSLv2"
|
||||
- "@STRENGTH"
|
||||
mosquitto_ca_path: /etc/pki/tls/certs/
|
||||
mosquitto_tls_cert_source: mycert.pem
|
||||
mosquitto_tls_key_source: mykey.pem
|
||||
mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem"
|
||||
mosquitto_tls_key_path: "{{ mosquitto_base_dir }}/tls/private/mykey.pem"
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- name: Restart mosquitto service
|
||||
service:
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
name: mosquitto
|
||||
enabled: yes
|
||||
listen: __mosquitto_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,263 @@
|
|||
---
|
||||
title: mosquitto
|
||||
type: docs
|
||||
---
|
||||
|
||||
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.mosquitto) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.mosquitto/src/branch/main/LICENSE)
|
||||
|
||||
Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker that implements the MQTT protocol. It is lightweight and suitable for use on all devices from low power single board computers to full servers.
|
||||
|
||||
<!--more-->
|
||||
|
||||
- [Default Variables](#default-variables)
|
||||
- [mosquitto_acl](#mosquitto_acl)
|
||||
- [mosquitto_acl_enabled](#mosquitto_acl_enabled)
|
||||
- [mosquitto_acl_file](#mosquitto_acl_file)
|
||||
- [mosquitto_base_dir](#mosquitto_base_dir)
|
||||
- [mosquitto_bind_address](#mosquitto_bind_address)
|
||||
- [mosquitto_ca_path](#mosquitto_ca_path)
|
||||
- [mosquitto_group](#mosquitto_group)
|
||||
- [mosquitto_packages_extra](#mosquitto_packages_extra)
|
||||
- [mosquitto_password_auth_enabled](#mosquitto_password_auth_enabled)
|
||||
- [mosquitto_password_auth_file](#mosquitto_password_auth_file)
|
||||
- [mosquitto_password_auth_users](#mosquitto_password_auth_users)
|
||||
- [mosquitto_persistence_enabled](#mosquitto_persistence_enabled)
|
||||
- [mosquitto_persistence_path](#mosquitto_persistence_path)
|
||||
- [mosquitto_pid_file](#mosquitto_pid_file)
|
||||
- [mosquitto_port](#mosquitto_port)
|
||||
- [mosquitto_tls_cert_path](#mosquitto_tls_cert_path)
|
||||
- [mosquitto_tls_cert_source](#mosquitto_tls_cert_source)
|
||||
- [mosquitto_tls_ciphers](#mosquitto_tls_ciphers)
|
||||
- [mosquitto_tls_enabled](#mosquitto_tls_enabled)
|
||||
- [mosquitto_tls_key_path](#mosquitto_tls_key_path)
|
||||
- [mosquitto_tls_key_source](#mosquitto_tls_key_source)
|
||||
- [mosquitto_user](#mosquitto_user)
|
||||
- [Discovered Tags](#discovered-tags)
|
||||
- [Dependencies](#dependencies)
|
||||
|
||||
---
|
||||
|
||||
## Default Variables
|
||||
|
||||
### mosquitto_acl
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_acl: []
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
mosquitto_acl:
|
||||
- name: iot
|
||||
user: admin
|
||||
acls:
|
||||
- acl_base: topic # (topic|pattern, defaults to topic)
|
||||
acl_topic: "#"
|
||||
acl_policy: readwrite
|
||||
- name: readonly_iot
|
||||
user: user1
|
||||
acls:
|
||||
- acl_base: topic
|
||||
acl_topic: my/devices
|
||||
acl_policy: readwrite
|
||||
```
|
||||
|
||||
### mosquitto_acl_enabled
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_acl_enabled: false
|
||||
```
|
||||
|
||||
### mosquitto_acl_file
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_acl_file: '{{ mosquitto_base_dir }}/aclfile'
|
||||
```
|
||||
|
||||
### mosquitto_base_dir
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_base_dir: /etc/mosquitto
|
||||
```
|
||||
|
||||
### mosquitto_bind_address
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_bind_address: '{{ ansible_default_ipv4.address }}'
|
||||
```
|
||||
|
||||
### mosquitto_ca_path
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_ca_path: /etc/pki/tls/certs/
|
||||
```
|
||||
|
||||
### mosquitto_group
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_group: mosquitto
|
||||
```
|
||||
|
||||
### mosquitto_packages_extra
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_packages_extra: []
|
||||
```
|
||||
|
||||
### mosquitto_password_auth_enabled
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_password_auth_enabled: false
|
||||
```
|
||||
|
||||
### mosquitto_password_auth_file
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_password_auth_file: '{{ mosquitto_base_dir }}/passwd'
|
||||
```
|
||||
|
||||
### mosquitto_password_auth_users
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_password_auth_users: []
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
mosquitto_password_auth_users:
|
||||
- name: admin
|
||||
password: mysecret
|
||||
state: present
|
||||
- name: user1
|
||||
password: very_secure
|
||||
state: absent
|
||||
```
|
||||
|
||||
### mosquitto_persistence_enabled
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_persistence_enabled: false
|
||||
```
|
||||
|
||||
### mosquitto_persistence_path
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
||||
```
|
||||
|
||||
### mosquitto_pid_file
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_pid_file: /var/run/mosquitto.pid
|
||||
```
|
||||
|
||||
### mosquitto_port
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_port: 1883
|
||||
```
|
||||
|
||||
### mosquitto_tls_cert_path
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_tls_cert_path: '{{ mosquitto_base_dir }}/tls/certs/mycert.pem'
|
||||
```
|
||||
|
||||
### mosquitto_tls_cert_source
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_tls_cert_source: mycert.pem
|
||||
```
|
||||
|
||||
### mosquitto_tls_ciphers
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_tls_ciphers:
|
||||
- DEFAULT
|
||||
- '!aNULL'
|
||||
- '!eNULL'
|
||||
- '!LOW'
|
||||
- '!EXPORT'
|
||||
- '!SSLv2'
|
||||
- '@STRENGTH'
|
||||
```
|
||||
|
||||
### mosquitto_tls_enabled
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_tls_enabled: false
|
||||
```
|
||||
|
||||
### mosquitto_tls_key_path
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_tls_key_path: '{{ mosquitto_base_dir }}/tls/private/mykey.pem'
|
||||
```
|
||||
|
||||
### mosquitto_tls_key_source
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_tls_key_source: mykey.pem
|
||||
```
|
||||
|
||||
### mosquitto_user
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
mosquitto_user: mosquitto
|
||||
```
|
||||
|
||||
## Discovered Tags
|
||||
|
||||
tls_renewal
|
||||
:
|
||||
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
|
@ -1,29 +0,0 @@
|
|||
# Standards: 0.2
|
||||
---
|
||||
galaxy_info:
|
||||
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||
author: Robert Kaussow <mail@thegeeklab.de>
|
||||
namespace: xoxys
|
||||
role_name: mosquitto
|
||||
# @meta description: >
|
||||
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.mosquitto)
|
||||
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto)
|
||||
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.mosquitto/src/branch/main/LICENSE)
|
||||
#
|
||||
# Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker
|
||||
# that implements the MQTT protocol. It is lightweight and suitable for use on all devices
|
||||
# from low power single board computers to full servers.
|
||||
# @end
|
||||
description: Setup mosquitto mqtt broker
|
||||
license: MIT
|
||||
min_ansible_version: 2.10
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
galaxy_tags:
|
||||
- mosquitto
|
||||
- mqtt
|
||||
dependencies: []
|
||||
collections:
|
||||
- community.general
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
mosquitto_packages_extra:
|
||||
- epel-release
|
||||
mosquitto_bind_address: "127.0.0.1"
|
||||
|
||||
roles:
|
||||
- role: xoxys.mosquitto
|
|
@ -1,120 +0,0 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
|
@ -1,78 +0,0 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: centos7-mosquitto
|
||||
image: centos-7
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
|
@ -1,23 +0,0 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_mosquitto_is_installed(host):
|
||||
mosquitto = host.package("mosquitto")
|
||||
assert mosquitto.is_installed
|
||||
|
||||
|
||||
def test_mosquitto_running_and_enabled(host):
|
||||
mosquitto = host.service("mosquitto")
|
||||
assert mosquitto.is_running
|
||||
assert mosquitto.is_enabled
|
||||
|
||||
|
||||
def test_mosquitto_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:1883").is_listening
|
|
@ -1 +0,0 @@
|
|||
rocky8
|
|
@ -1,3 +0,0 @@
|
|||
[pytest]
|
||||
filterwarnings =
|
||||
ignore::DeprecationWarning
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
collections:
|
||||
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
|
||||
- name: community.general
|
||||
|
||||
roles: []
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
vars:
|
||||
mosquitto_packages_extra:
|
||||
- epel-release
|
||||
mosquitto_bind_address: "127.0.0.1"
|
||||
|
||||
roles:
|
||||
- role: xoxys.mosquitto
|
|
@ -1,120 +0,0 @@
|
|||
---
|
||||
- name: Create
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
vars:
|
||||
ssh_port: 22
|
||||
ssh_user: root
|
||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
||||
tasks:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: "{{ lookup('env', 'USER') }}"
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ ssh_path }}"
|
||||
force: true
|
||||
register: generated_ssh_key
|
||||
|
||||
- name: Register the SSH key name
|
||||
set_fact:
|
||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
||||
|
||||
- name: Register SSH key for test instance(s)
|
||||
hcloud_ssh_key:
|
||||
name: "{{ ssh_key_name }}"
|
||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
||||
state: present
|
||||
|
||||
- name: Create molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.name }}"
|
||||
server_type: "{{ item.server_type }}"
|
||||
ssh_keys:
|
||||
- "{{ ssh_key_name }}"
|
||||
image: "{{ item.image }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
||||
user_data: "{{ item.user_data | default(omit) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: present
|
||||
register: server
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- name: Create volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.name }}"
|
||||
server: "{{ item.name }}"
|
||||
location: "{{ item.location | default(omit) }}"
|
||||
size: "{{ item.volume_size | default(10) }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "present"
|
||||
loop: "{{ molecule_yml.platforms }}"
|
||||
when: item.volume | default(False) | bool
|
||||
register: volumes
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) creation to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config dict
|
||||
set_fact:
|
||||
instance_conf_dict:
|
||||
{
|
||||
"instance": "{{ item.hcloud_server.name }}",
|
||||
"ssh_key_name": "{{ ssh_key_name }}",
|
||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
||||
"user": "{{ ssh_user }}",
|
||||
"port": "{{ ssh_port }}",
|
||||
"identity_file": "{{ ssh_path }}",
|
||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
||||
}
|
||||
loop: "{{ hetzner_jobs.results }}"
|
||||
register: instance_config_dict
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Convert instance config dict to a list
|
||||
set_fact:
|
||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
||||
|
||||
- name: Wait for SSH
|
||||
wait_for:
|
||||
port: "{{ ssh_port }}"
|
||||
host: "{{ item.address }}"
|
||||
search_regex: SSH
|
||||
delay: 10
|
||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
||||
|
||||
- name: Wait for VM to settle down
|
||||
pause:
|
||||
seconds: 30
|
|
@ -1,78 +0,0 @@
|
|||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
- name: Check existing instance config file
|
||||
stat:
|
||||
path: "{{ molecule_instance_config }}"
|
||||
register: cfg
|
||||
|
||||
- name: Populate the instance config
|
||||
set_fact:
|
||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
||||
|
||||
- name: Destroy molecule instance(s)
|
||||
hcloud_server:
|
||||
name: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: absent
|
||||
register: server
|
||||
loop: "{{ instance_conf }}"
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for instance(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_jobs
|
||||
until: hetzner_jobs.finished
|
||||
retries: 300
|
||||
loop: "{{ server.results }}"
|
||||
|
||||
- pause:
|
||||
seconds: 5
|
||||
|
||||
- name: Destroy volume(s)
|
||||
hcloud_volume:
|
||||
name: "{{ item.instance }}"
|
||||
server: "{{ item.instance }}"
|
||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
||||
state: "absent"
|
||||
register: volumes
|
||||
loop: "{{ instance_conf }}"
|
||||
when: item.volume | default(False) | bool
|
||||
async: 7200
|
||||
poll: 0
|
||||
|
||||
- name: Wait for volume(s) deletion to complete
|
||||
async_status:
|
||||
jid: "{{ item.ansible_job_id }}"
|
||||
register: hetzner_volumes
|
||||
until: hetzner_volumes.finished
|
||||
retries: 300
|
||||
when: volumes.changed
|
||||
loop: "{{ volumes.results }}"
|
||||
|
||||
- name: Remove registered SSH key
|
||||
hcloud_ssh_key:
|
||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
||||
state: absent
|
||||
when: (instance_conf | default([])) | length > 0
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
|
||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
when: server.changed | bool
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
env:
|
||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
||||
driver:
|
||||
name: delegated
|
||||
platforms:
|
||||
- name: rocky8-mosquitto
|
||||
image: rocky-8
|
||||
server_type: cx11
|
||||
lint: |
|
||||
/usr/local/bin/flake8
|
||||
provisioner:
|
||||
name: ansible
|
||||
env:
|
||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
||||
log: False
|
||||
verifier:
|
||||
name: testinfra
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Bootstrap python for Ansible
|
||||
raw: |
|
||||
command -v python3 python || (
|
||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
||||
echo "Warning: Python not boostrapped due to unknown platform."
|
||||
)
|
||||
become: true
|
||||
changed_when: false
|
|
@ -1,23 +0,0 @@
|
|||
import os
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
|
||||
|
||||
def test_mosquitto_is_installed(host):
|
||||
mosquitto = host.package("mosquitto")
|
||||
assert mosquitto.is_installed
|
||||
|
||||
|
||||
def test_mosquitto_running_and_enabled(host):
|
||||
mosquitto = host.service("mosquitto")
|
||||
assert mosquitto.is_running
|
||||
assert mosquitto.is_enabled
|
||||
|
||||
|
||||
def test_mosquitto_socket(host):
|
||||
# Verify the socket is listening for HTTP traffic
|
||||
assert host.socket("tcp://127.0.0.1:1883").is_listening
|
12
setup.cfg
12
setup.cfg
|
@ -1,12 +0,0 @@
|
|||
[flake8]
|
||||
ignore = D100, D101, D102, D103, D105, D107, E402, W503
|
||||
max-line-length = 99
|
||||
inline-quotes = double
|
||||
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
|
||||
|
||||
[yapf]
|
||||
based_on_style = google
|
||||
column_limit = 99
|
||||
dedent_closing_brackets = true
|
||||
coalesce_brackets = true
|
||||
split_before_logical_operator = true
|
|
@ -1,50 +0,0 @@
|
|||
---
|
||||
- name: Check if password file '{{ mosquitto_password_auth_file }}' exists
|
||||
stat:
|
||||
path: "{{ mosquitto_password_auth_file }}"
|
||||
register: __mosquitto_passwd
|
||||
become: True
|
||||
become_user: root
|
||||
|
||||
- name: Create password file if not exist
|
||||
file:
|
||||
path: "{{ mosquitto_password_auth_file }}"
|
||||
mode: 0600
|
||||
state: touch
|
||||
become: True
|
||||
become_user: root
|
||||
when: not __mosquitto_passwd.stat.exists
|
||||
|
||||
# TODO: ugly workaround, move this to a custom module
|
||||
- block:
|
||||
- name: Add users to password file
|
||||
command: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.password }}"
|
||||
loop: "{{ mosquitto_password_auth_users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: item.state == "present"
|
||||
changed_when: False
|
||||
no_log: True
|
||||
|
||||
- name: Remove unnecessary users from password file
|
||||
command: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.name }}"
|
||||
loop: "{{ mosquitto_password_auth_users }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: item.state == "absent"
|
||||
changed_when: False
|
||||
no_log: True
|
||||
|
||||
- name: Create acl file at '{{ mosquitto_acl_file }}'
|
||||
template:
|
||||
src: "etc/mosquitto/aclfile.j2"
|
||||
dest: "{{ mosquitto_acl_file }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
when:
|
||||
- mosquitto_acl_enabled | bool
|
||||
- mosquitto_acl is defined
|
||||
notify: __mosquitto_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,31 +0,0 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install mqtt packages
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop: "{{ mosquitto_packages_extra + __mosquitto_packages }}"
|
||||
|
||||
- name: Create group '{{ mosquitto_group }}'
|
||||
group:
|
||||
name: '{{ mosquitto_group }}'
|
||||
state: present
|
||||
|
||||
- name: Create user '{{ mosquitto_user }}'
|
||||
user:
|
||||
name: '{{ mosquitto_user }}'
|
||||
group: '{{ mosquitto_group }}'
|
||||
home: "{{ mosquitto_base_dir }}"
|
||||
system: yes
|
||||
shell: /sbin/nologin
|
||||
|
||||
- name: Deploy default configuration
|
||||
template:
|
||||
src: "etc/mosquitto/mosquitto.conf.j2"
|
||||
dest: "{{ mosquitto_base_dir }}/mosquitto.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: __mosquitto_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
- import_tasks: install.yml
|
||||
- import_tasks: config.yml
|
||||
- import_tasks: tls.yml
|
||||
when: mosquitto_tls_enabled | bool
|
||||
tags: tls_renewal
|
||||
- import_tasks: post_tasks.yml
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: Ensure mosquitto service is up and running
|
||||
service:
|
||||
state: started
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
name: mosquitto
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
- block:
|
||||
- name: Create tls folder structure
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
recurse: True
|
||||
loop:
|
||||
- "{{ mosquitto_tls_cert_path | dirname }}"
|
||||
- "{{ mosquitto_tls_key_path | dirname }}"
|
||||
|
||||
- name: Copy certs and private key
|
||||
copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' }
|
||||
- { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' }
|
||||
loop_control:
|
||||
label: "{{ item.dest }}"
|
||||
notify: __mosquitto_restart
|
||||
become: True
|
||||
become_user: root
|
|
@ -1,10 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
{% for item in mosquitto_acl %}
|
||||
{% if not item.name == "all" %}
|
||||
user {{ item.name }}
|
||||
{% endif %}
|
||||
{% for acl in item.acls %}
|
||||
{{ acl.acl_base if acl.acl_base is defined else 'topic' }} {{ acl.acl_policy }} {{ acl.acl_topic }}
|
||||
{% endfor %}
|
||||
|
||||
{% endfor %}
|
|
@ -1,868 +0,0 @@
|
|||
{{ ansible_managed | comment }}
|
||||
# =================================================================
|
||||
# General configuration
|
||||
# =================================================================
|
||||
|
||||
# Time in seconds between updates of the $SYS tree.
|
||||
# Set to 0 to disable the publishing of the $SYS tree.
|
||||
#sys_interval 10
|
||||
|
||||
# Time in seconds between cleaning the internal message store of
|
||||
# unreferenced messages. Lower values will result in lower memory
|
||||
# usage but more processor time, higher values will have the
|
||||
# opposite effect.
|
||||
# Setting a value of 0 means the unreferenced messages will be
|
||||
# disposed of as quickly as possible.
|
||||
#store_clean_interval 10
|
||||
|
||||
# Write process id to a file. Default is a blank string which means
|
||||
# a pid file shouldn't be written.
|
||||
# This should be set to /var/run/mosquitto.pid if mosquitto is
|
||||
# being run automatically on boot with an init script and
|
||||
# start-stop-daemon or similar.
|
||||
pid_file {{ mosquitto_pid_file }}
|
||||
|
||||
# When run as root, drop privileges to this user and its primary
|
||||
# group.
|
||||
# Set to root to stay as root, but this is not recommended.
|
||||
# If run as a non-root user, this setting has no effect.
|
||||
# Note that on Windows this has no effect and so mosquitto should
|
||||
# be started by the user you wish it to run as.
|
||||
user {{ mosquitto_user }}
|
||||
|
||||
# The maximum number of QoS 1 and 2 messages currently inflight per
|
||||
# client.
|
||||
# This includes messages that are partway through handshakes and
|
||||
# those that are being retried. Defaults to 20. Set to 0 for no
|
||||
# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
|
||||
# and 2 messages.
|
||||
#max_inflight_messages 20
|
||||
|
||||
# QoS 1 and 2 messages will be allowed inflight per client until this limit
|
||||
# is exceeded. Defaults to 0. (No maximum)
|
||||
# See also max_inflight_messages
|
||||
#max_inflight_bytes 0
|
||||
|
||||
# The maximum number of QoS 1 and 2 messages to hold in a queue per client
|
||||
# above those that are currently in-flight. Defaults to 100. Set
|
||||
# to 0 for no maximum (not recommended).
|
||||
# See also queue_qos0_messages.
|
||||
# See also max_queued_bytes.
|
||||
#max_queued_messages 100
|
||||
|
||||
# QoS 1 and 2 messages above those currently in-flight will be queued per
|
||||
# client until this limit is exceeded. Defaults to 0. (No maximum)
|
||||
# See also max_queued_messages.
|
||||
# If both max_queued_messages and max_queued_bytes are specified, packets will
|
||||
# be queued until the first limit is reached.
|
||||
#max_queued_bytes 0
|
||||
|
||||
# Set to true to queue messages with QoS 0 when a persistent client is
|
||||
# disconnected. These messages are included in the limit imposed by
|
||||
# max_queued_messages and max_queued_bytes
|
||||
# Defaults to false.
|
||||
# This is a non-standard option for the MQTT v3.1 spec but is allowed in
|
||||
# v3.1.1.
|
||||
#queue_qos0_messages false
|
||||
|
||||
# This option sets the maximum publish payload size that the broker will allow.
|
||||
# Received messages that exceed this size will not be accepted by the broker.
|
||||
# The default value is 0, which means that all valid MQTT messages are
|
||||
# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
|
||||
#message_size_limit 0
|
||||
|
||||
# This option controls whether a client is allowed to connect with a zero
|
||||
# length client id or not. This option only affects clients using MQTT v3.1.1
|
||||
# and later. If set to false, clients connecting with a zero length client id
|
||||
# are disconnected. If set to true, clients will be allocated a client id by
|
||||
# the broker. This means it is only useful for clients with clean session set
|
||||
# to true.
|
||||
#allow_zero_length_clientid true
|
||||
|
||||
# If allow_zero_length_clientid is true, this option allows you to set a prefix
|
||||
# to automatically generated client ids to aid visibility in logs.
|
||||
#auto_id_prefix
|
||||
|
||||
# This option allows persistent clients (those with clean session set to false)
|
||||
# to be removed if they do not reconnect within a certain time frame.
|
||||
#
|
||||
# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
|
||||
#
|
||||
# Badly designed clients may set clean session to false whilst using a randomly
|
||||
# generated client id. This leads to persistent clients that will never
|
||||
# reconnect. This option allows these clients to be removed.
|
||||
#
|
||||
# The expiration period should be an integer followed by one of h d w m y for
|
||||
# hour, day, week, month and year respectively. For example
|
||||
#
|
||||
# persistent_client_expiration 2m
|
||||
# persistent_client_expiration 14d
|
||||
# persistent_client_expiration 1y
|
||||
#
|
||||
# The default if not set is to never expire persistent clients.
|
||||
#persistent_client_expiration
|
||||
|
||||
# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
|
||||
# and foo/+/baz , then MQTT expects that when the broker receives a message on
|
||||
# a topic that matches both subscriptions, such as foo/bar/baz, then the client
|
||||
# should only receive the message once.
|
||||
# Mosquitto keeps track of which clients a message has been sent to in order to
|
||||
# meet this requirement. The allow_duplicate_messages option allows this
|
||||
# behaviour to be disabled, which may be useful if you have a large number of
|
||||
# clients subscribed to the same set of topics and are very concerned about
|
||||
# minimising memory usage.
|
||||
# It can be safely set to true if you know in advance that your clients will
|
||||
# never have overlapping subscriptions, otherwise your clients must be able to
|
||||
# correctly deal with duplicate messages even when then have QoS=2.
|
||||
#allow_duplicate_messages false
|
||||
|
||||
# The MQTT specification requires that the QoS of a message delivered to a
|
||||
# subscriber is never upgraded to match the QoS of the subscription. Enabling
|
||||
# this option changes this behaviour. If upgrade_outgoing_qos is set true,
|
||||
# messages sent to a subscriber will always match the QoS of its subscription.
|
||||
# This is a non-standard option explicitly disallowed by the spec.
|
||||
#upgrade_outgoing_qos false
|
||||
|
||||
# Disable Nagle's algorithm on client sockets. This has the effect of reducing
|
||||
# latency of individual messages at the potential cost of increasing the number
|
||||
# of packets being sent.
|
||||
#set_tcp_nodelay false
|
||||
|
||||
# Use per listener security settings.
|
||||
# If this option is set to true, then all authentication and access control
|
||||
# options are controlled on a per listener basis. The following options are
|
||||
# affected:
|
||||
#
|
||||
# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
|
||||
# auto_id_prefix allow_zero_length_clientid
|
||||
#
|
||||
# The default behaviour is for this to be set to false, which maintains the
|
||||
# setting behaviour from previous versions of mosquitto.
|
||||
#per_listener_settings false
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Default listener
|
||||
# =================================================================
|
||||
|
||||
# IP address/hostname to bind the default listener to. If not
|
||||
# given, the default listener will not be bound to a specific
|
||||
# address and so will be accessible to all network interfaces.
|
||||
# bind_address ip-address/host name
|
||||
bind_address {{ mosquitto_bind_address }}
|
||||
|
||||
# Port to use for the default listener.
|
||||
port {{ mosquitto_port }}
|
||||
|
||||
# The maximum number of client connections to allow. This is
|
||||
# a per listener setting.
|
||||
# Default is -1, which means unlimited connections.
|
||||
# Note that other process limits mean that unlimited connections
|
||||
# are not really possible. Typically the default maximum number of
|
||||
# connections possible is around 1024.
|
||||
#max_connections -1
|
||||
|
||||
# Choose the protocol to use when listening.
|
||||
# This can be either mqtt or websockets.
|
||||
# Websockets support is currently disabled by default at compile time.
|
||||
# Certificate based TLS may be used with websockets, except that
|
||||
# only the cafile, certfile, keyfile and ciphers options are supported.
|
||||
#protocol mqtt
|
||||
|
||||
# When a listener is using the websockets protocol, it is possible to serve
|
||||
# http data as well. Set http_dir to a directory which contains the files you
|
||||
# wish to serve. If this option is not specified, then no normal http
|
||||
# connections will be possible.
|
||||
#http_dir
|
||||
|
||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||
# connected with with its username. This allows authentication to be tied to
|
||||
# the clientid, which means that it is possible to prevent one client
|
||||
# disconnecting another by using the same clientid.
|
||||
# If a client connects with no username it will be disconnected as not
|
||||
# authorised when this option is set to true.
|
||||
# Do not use in conjunction with clientid_prefixes.
|
||||
# See also use_identity_as_username.
|
||||
#use_username_as_clientid
|
||||
|
||||
{% if mosquitto_tls_enabled %}
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS
|
||||
# is 8883, but this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page.
|
||||
|
||||
# At least one of cafile or capath must be defined. They both
|
||||
# define methods of accessing the PEM encoded Certificate
|
||||
# Authority certificates that have signed your server certificate
|
||||
# and that you wish to trust.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash /path/to/capath" each time you add/remove a certificate.
|
||||
#cafile
|
||||
capath {{ mosquitto_ca_path }}
|
||||
|
||||
# Path to the PEM encoded server certificate.
|
||||
certfile {{ mosquitto_tls_cert_path }}
|
||||
|
||||
# Path to the PEM encoded keyfile.
|
||||
keyfile {{ mosquitto_tls_key_path }}
|
||||
|
||||
# This option defines the version of the TLS protocol to use for this listener.
|
||||
# The default value allows v1.2, v1.1 and v1.0. The valid values are tlsv1.2
|
||||
# tlsv1.1 and tlsv1.
|
||||
tls_version tlsv1.2
|
||||
|
||||
# By default a TLS enabled listener will operate in a similar fashion to a
|
||||
# https enabled web server, in that the server has a certificate signed by a CA
|
||||
# and the client will verify that it is a trusted certificate. The overall aim
|
||||
# is encryption of the network traffic. By setting require_certificate to true,
|
||||
# the client must provide a valid certificate in order for the network
|
||||
# connection to proceed. This allows access to the broker to be controlled
|
||||
# outside of the mechanisms provided by MQTT.
|
||||
#require_certificate false
|
||||
|
||||
# If require_certificate is true, you may set use_identity_as_username to true
|
||||
# to use the CN value from the client certificate as a username. If this is
|
||||
# true, the password_file option will not be used for this listener.
|
||||
# This takes priority over use_subject_as_username.
|
||||
# See also use_subject_as_username.
|
||||
#use_identity_as_username false
|
||||
|
||||
# If require_certificate is true, you may set use_subject_as_username to true
|
||||
# to use the complete subject value from the client certificate as a username.
|
||||
# If this is true, the password_file option will not be used for this listener.
|
||||
# See also use_identity_as_username
|
||||
#use_subject_as_username false
|
||||
|
||||
# If you have require_certificate set to true, you can create a certificate
|
||||
# revocation list file to revoke access to particular client certificates. If
|
||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||
#crlfile
|
||||
|
||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||
# option. The list of available ciphers can be obtained using the "openssl
|
||||
# ciphers" command and should be provided in the same format as the output of
|
||||
# that command.
|
||||
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
||||
ciphers {{ mosquitto_tls_ciphers | join(':') }}
|
||||
{% endif %}
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable PSK based SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||
# this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||
# be used locally to aid authentication. The hint is a free form string that
|
||||
# doesn't have much meaning in itself, so feel free to be creative.
|
||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||
# used or create a security plugin to handle them.
|
||||
#psk_hint
|
||||
|
||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||
# as its username. Authentication will be carried out using the PSK rather than
|
||||
# the MQTT username/password and so password_file will not be used for this
|
||||
# listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||
# available PSK ciphers. If you want to control which ciphers are available,
|
||||
# use the "ciphers" option. The list of available ciphers can be obtained
|
||||
# using the "openssl ciphers" command and should be provided in the same format
|
||||
# as the output of that command.
|
||||
#ciphers
|
||||
|
||||
# =================================================================
|
||||
# Extra listeners
|
||||
# =================================================================
|
||||
|
||||
# Listen on a port/ip address combination. By using this variable
|
||||
# multiple times, mosquitto can listen on more than one port. If
|
||||
# this variable is used and neither bind_address nor port given,
|
||||
# then the default listener will not be started.
|
||||
# The port number to listen on must be given. Optionally, an ip
|
||||
# address or host name may be supplied as a second argument. In
|
||||
# this case, mosquitto will attempt to bind the listener to that
|
||||
# address and so restrict access to the associated network and
|
||||
# interface. By default, mosquitto will listen on all interfaces.
|
||||
# Note that for a websockets listener it is not possible to bind to a host
|
||||
# name.
|
||||
# listener port-number [ip address/host name]
|
||||
#listener
|
||||
|
||||
# The maximum number of client connections to allow. This is
|
||||
# a per listener setting.
|
||||
# Default is -1, which means unlimited connections.
|
||||
# Note that other process limits mean that unlimited connections
|
||||
# are not really possible. Typically the default maximum number of
|
||||
# connections possible is around 1024.
|
||||
#max_connections -1
|
||||
|
||||
# The listener can be restricted to operating within a topic hierarchy using
|
||||
# the mount_point option. This is achieved be prefixing the mount_point string
|
||||
# to all topics for any clients connected to this listener. This prefixing only
|
||||
# happens internally to the broker; the client will not see the prefix.
|
||||
#mount_point
|
||||
|
||||
# Choose the protocol to use when listening.
|
||||
# This can be either mqtt or websockets.
|
||||
# Certificate based TLS may be used with websockets, except that only the
|
||||
# cafile, certfile, keyfile and ciphers options are supported.
|
||||
#protocol mqtt
|
||||
|
||||
# When a listener is using the websockets protocol, it is possible to serve
|
||||
# http data as well. Set http_dir to a directory which contains the files you
|
||||
# wish to serve. If this option is not specified, then no normal http
|
||||
# connections will be possible.
|
||||
#http_dir
|
||||
|
||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||
# connected with with its username. This allows authentication to be tied to
|
||||
# the clientid, which means that it is possible to prevent one client
|
||||
# disconnecting another by using the same clientid.
|
||||
# If a client connects with no username it will be disconnected as not
|
||||
# authorised when this option is set to true.
|
||||
# Do not use in conjunction with clientid_prefixes.
|
||||
# See also use_identity_as_username.
|
||||
#use_username_as_clientid
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable certificate based SSL/TLS support
|
||||
# for this listener. Note that the recommended port for MQTT over TLS is 8883,
|
||||
# but this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# At least one of cafile or capath must be defined to enable certificate based
|
||||
# TLS encryption. They both define methods of accessing the PEM encoded
|
||||
# Certificate Authority certificates that have signed your server certificate
|
||||
# and that you wish to trust.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash /path/to/capath" each time you add/remove a certificate.
|
||||
#cafile
|
||||
#capath
|
||||
|
||||
# Path to the PEM encoded server certificate.
|
||||
#certfile
|
||||
|
||||
# Path to the PEM encoded keyfile.
|
||||
#keyfile
|
||||
|
||||
# By default an TLS enabled listener will operate in a similar fashion to a
|
||||
# https enabled web server, in that the server has a certificate signed by a CA
|
||||
# and the client will verify that it is a trusted certificate. The overall aim
|
||||
# is encryption of the network traffic. By setting require_certificate to true,
|
||||
# the client must provide a valid certificate in order for the network
|
||||
# connection to proceed. This allows access to the broker to be controlled
|
||||
# outside of the mechanisms provided by MQTT.
|
||||
#require_certificate false
|
||||
|
||||
# If require_certificate is true, you may set use_identity_as_username to true
|
||||
# to use the CN value from the client certificate as a username. If this is
|
||||
# true, the password_file option will not be used for this listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
# If you have require_certificate set to true, you can create a certificate
|
||||
# revocation list file to revoke access to particular client certificates. If
|
||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||
#crlfile
|
||||
|
||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||
# option. The list of available ciphers can be optained using the "openssl
|
||||
# ciphers" command and should be provided in the same format as the output of
|
||||
# that command.
|
||||
#ciphers
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable PSK based SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||
# this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||
# be used locally to aid authentication. The hint is a free form string that
|
||||
# doesn't have much meaning in itself, so feel free to be creative.
|
||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||
# used or create a security plugin to handle them.
|
||||
#psk_hint
|
||||
|
||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||
# as its username. Authentication will be carried out using the PSK rather than
|
||||
# the MQTT username/password and so password_file will not be used for this
|
||||
# listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||
# available PSK ciphers. If you want to control which ciphers are available,
|
||||
# use the "ciphers" option. The list of available ciphers can be optained
|
||||
# using the "openssl ciphers" command and should be provided in the same format
|
||||
# as the output of that command.
|
||||
#ciphers
|
||||
|
||||
# =================================================================
|
||||
# Persistence
|
||||
# =================================================================
|
||||
|
||||
# If persistence is enabled, save the in-memory database to disk
|
||||
# every autosave_interval seconds. If set to 0, the persistence
|
||||
# database will only be written when mosquitto exits. See also
|
||||
# autosave_on_changes.
|
||||
# Note that writing of the persistence database can be forced by
|
||||
# sending mosquitto a SIGUSR1 signal.
|
||||
#autosave_interval 1800
|
||||
|
||||
# If true, mosquitto will count the number of subscription changes, retained
|
||||
# messages received and queued messages and if the total exceeds
|
||||
# autosave_interval then the in-memory database will be saved to disk.
|
||||
# If false, mosquitto will save the in-memory database to disk by treating
|
||||
# autosave_interval as a time in seconds.
|
||||
#autosave_on_changes false
|
||||
|
||||
# Save persistent message data to disk (true/false).
|
||||
# This saves information about all messages, including
|
||||
# subscriptions, currently in-flight messages and retained
|
||||
# messages.
|
||||
# retained_persistence is a synonym for this option.
|
||||
persistence {{ mosquitto_persistence_enabled | lower }}
|
||||
|
||||
{% if mosquitto_persistence_enabled %}
|
||||
persistence_file {{ mosquitto_persistence_path | basename }}
|
||||
persistence_location {{ (mosquitto_persistence_path | dirname) + '/' }}
|
||||
{% endif %}
|
||||
|
||||
# =================================================================
|
||||
# Logging
|
||||
# =================================================================
|
||||
|
||||
# Places to log to. Use multiple log_dest lines for multiple
|
||||
# logging destinations.
|
||||
# Possible destinations are: stdout stderr syslog topic file
|
||||
#
|
||||
# stdout and stderr log to the console on the named output.
|
||||
#
|
||||
# syslog uses the userspace syslog facility which usually ends up
|
||||
# in /var/log/messages or similar.
|
||||
#
|
||||
# topic logs to the broker topic '$SYS/broker/log/severity',
|
||||
# where severity is one of D, E, W, N, I, M which are debug, error,
|
||||
# warning, notice, information and message. Message type severity is used by
|
||||
# the subscribe/unsubscribe log_types and publishes log messages to
|
||||
# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
|
||||
#
|
||||
# The file destination requires an additional parameter which is the file to be
|
||||
# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
|
||||
# closed and reopened when the broker receives a HUP signal. Only a single file
|
||||
# destination may be configured.
|
||||
#
|
||||
# Note that if the broker is running as a Windows service it will default to
|
||||
# "log_dest none" and neither stdout nor stderr logging is available.
|
||||
# Use "log_dest none" if you wish to disable logging.
|
||||
#log_dest stderr
|
||||
|
||||
# If using syslog logging (not on Windows), messages will be logged to the
|
||||
# "daemon" facility by default. Use the log_facility option to choose which of
|
||||
# local0 to local7 to log to instead. The option value should be an integer
|
||||
# value, e.g. "log_facility 5" to use local5.
|
||||
#log_facility
|
||||
|
||||
# Types of messages to log. Use multiple log_type lines for logging
|
||||
# multiple types of messages.
|
||||
# Possible types are: debug, error, warning, notice, information,
|
||||
# none, subscribe, unsubscribe, websockets, all.
|
||||
# Note that debug type messages are for decoding the incoming/outgoing
|
||||
# network packets. They are not logged in "topics".
|
||||
#log_type error
|
||||
#log_type warning
|
||||
#log_type notice
|
||||
#log_type information
|
||||
|
||||
# Change the websockets logging level. This is a global option, it is not
|
||||
# possible to set per listener. This is an integer that is interpreted by
|
||||
# libwebsockets as a bit mask for its lws_log_levels enum. See the
|
||||
# libwebsockets documentation for more details. "log_type websockets" must also
|
||||
# be enabled.
|
||||
#websockets_log_level 0
|
||||
|
||||
# If set to true, client connection and disconnection messages will be included
|
||||
# in the log.
|
||||
#connection_messages true
|
||||
|
||||
# If set to true, add a timestamp value to each log message.
|
||||
#log_timestamp true
|
||||
|
||||
# =================================================================
|
||||
# Security
|
||||
# =================================================================
|
||||
|
||||
# If set, only clients that have a matching prefix on their
|
||||
# clientid will be allowed to connect to the broker. By default,
|
||||
# all clients may connect.
|
||||
# For example, setting "secure-" here would mean a client "secure-
|
||||
# client" could connect but another with clientid "mqtt" couldn't.
|
||||
#clientid_prefixes
|
||||
|
||||
# Boolean value that determines whether clients that connect
|
||||
# without providing a username are allowed to connect. If set to
|
||||
# false then a password file should be created (see the
|
||||
# password_file option) to control authenticated client access.
|
||||
#
|
||||
# Defaults to true if no other security options are set. If any other
|
||||
# authentication options are set, then allow_anonymous defaults to false.
|
||||
#
|
||||
{% if not mosquitto_password_auth_enabled %}
|
||||
allow_anonymous true
|
||||
{% else %}
|
||||
allow_anonymous false
|
||||
{% endif %}
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Default authentication and topic access control
|
||||
# -----------------------------------------------------------------
|
||||
|
||||
# Control access to the broker using a password file. This file can be
|
||||
# generated using the mosquitto_passwd utility. If TLS support is not compiled
|
||||
# into mosquitto (it is recommended that TLS support should be included) then
|
||||
# plain text passwords are used, in which case the file should be a text file
|
||||
# with lines in the format:
|
||||
# username:password
|
||||
# The password (and colon) may be omitted if desired, although this
|
||||
# offers very little in the way of security.
|
||||
#
|
||||
# See the TLS client require_certificate and use_identity_as_username options
|
||||
# for alternative authentication options. If an auth_plugin is used as well as
|
||||
# password_file, the auth_plugin check will be made first.
|
||||
{% if mosquitto_password_auth_enabled %}
|
||||
password_file {{ mosquitto_password_auth_file }}
|
||||
{% endif %}
|
||||
|
||||
# Access may also be controlled using a pre-shared-key file. This requires
|
||||
# TLS-PSK support and a listener configured to use it. The file should be text
|
||||
# lines in the format:
|
||||
# identity:key
|
||||
# The key should be in hexadecimal format without a leading "0x".
|
||||
# If an auth_plugin is used as well, the auth_plugin check will be made first.
|
||||
#psk_file
|
||||
|
||||
# Control access to topics on the broker using an access control list
|
||||
# file. If this parameter is defined then only the topics listed will
|
||||
# have access.
|
||||
# If the first character of a line of the ACL file is a # it is treated as a
|
||||
# comment.
|
||||
# Topic access is added with lines of the format:
|
||||
#
|
||||
# topic [read|write|readwrite] 'topic'
|
||||
#
|
||||
# The access type is controlled using "read", "write" or "readwrite". This
|
||||
# parameter is optional (unless 'topic' contains a space character) - if not
|
||||
# given then the access is read/write. 'topic' can contain the + or #
|
||||
# wildcards as in subscriptions.
|
||||
#
|
||||
# The first set of topics are applied to anonymous clients, assuming
|
||||
# allow_anonymous is true. User specific topic ACLs are added after a
|
||||
# user line as follows:
|
||||
#
|
||||
# user 'username'
|
||||
#
|
||||
# The username referred to here is the same as in password_file. It is
|
||||
# not the clientid.
|
||||
#
|
||||
#
|
||||
# If is also possible to define ACLs based on pattern substitution within the
|
||||
# topic. The patterns available for substition are:
|
||||
#
|
||||
# %c to match the client id of the client
|
||||
# %u to match the username of the client
|
||||
#
|
||||
# The substitution pattern must be the only text for that level of hierarchy.
|
||||
#
|
||||
# The form is the same as for the topic keyword, but using pattern as the
|
||||
# keyword.
|
||||
# Pattern ACLs apply to all users even if the "user" keyword has previously
|
||||
# been given.
|
||||
#
|
||||
# If using bridges with usernames and ACLs, connection messages can be allowed
|
||||
# with the following pattern:
|
||||
# pattern write $SYS/broker/connection/%c/state
|
||||
#
|
||||
# pattern [read|write|readwrite] 'topic'
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# pattern write sensor/%u/data
|
||||
#
|
||||
# If an auth_plugin is used as well as acl_file, the auth_plugin check will be
|
||||
# made first.
|
||||
{% if mosquitto_acl_enabled %}
|
||||
acl_file {{ mosquitto_acl_file }}
|
||||
{% endif %}
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# External authentication and topic access plugin options
|
||||
# -----------------------------------------------------------------
|
||||
|
||||
# External authentication and access control can be supported with the
|
||||
# auth_plugin option. This is a path to a loadable plugin. See also the
|
||||
# auth_opt_* options described below.
|
||||
#
|
||||
# The auth_plugin option can be specified multiple times to load multiple
|
||||
# plugins. The plugins will be processed in the order that they are specified
|
||||
# here. If the auth_plugin option is specified alongside either of
|
||||
# password_file or acl_file then the plugin checks will be made first.
|
||||
#
|
||||
#auth_plugin
|
||||
|
||||
# If the auth_plugin option above is used, define options to pass to the
|
||||
# plugin here as described by the plugin instructions. All options named
|
||||
# using the format auth_opt_* will be passed to the plugin, for example:
|
||||
#
|
||||
# auth_opt_db_host
|
||||
# auth_opt_db_port
|
||||
# auth_opt_db_username
|
||||
# auth_opt_db_password
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Bridges
|
||||
# =================================================================
|
||||
|
||||
# A bridge is a way of connecting multiple MQTT brokers together.
|
||||
# Create a new bridge using the "connection" option as described below. Set
|
||||
# options for the bridges using the remaining parameters. You must specify the
|
||||
# address and at least one topic to subscribe to.
|
||||
#
|
||||
# Each connection must have a unique name.
|
||||
#
|
||||
# The address line may have multiple host address and ports specified. See
|
||||
# below in the round_robin description for more details on bridge behaviour if
|
||||
# multiple addresses are used. Note that if you use an IPv6 address, then you
|
||||
# are required to specify a port.
|
||||
#
|
||||
# The direction that the topic will be shared can be chosen by
|
||||
# specifying out, in or both, where the default value is out.
|
||||
# The QoS level of the bridged communication can be specified with the next
|
||||
# topic option. The default QoS level is 0, to change the QoS the topic
|
||||
# direction must also be given.
|
||||
#
|
||||
# The local and remote prefix options allow a topic to be remapped when it is
|
||||
# bridged to/from the remote broker. This provides the ability to place a topic
|
||||
# tree in an appropriate location.
|
||||
#
|
||||
# For more details see the mosquitto.conf man page.
|
||||
#
|
||||
# Multiple topics can be specified per connection, but be careful
|
||||
# not to create any loops.
|
||||
#
|
||||
# If you are using bridges with cleansession set to false (the default), then
|
||||
# you may get unexpected behaviour from incoming topics if you change what
|
||||
# topics you are subscribing to. This is because the remote broker keeps the
|
||||
# subscription for the old topic. If you have this problem, connect your bridge
|
||||
# with cleansession set to true, then reconnect with cleansession set to false
|
||||
# as normal.
|
||||
#connection 'name'
|
||||
#address host[:port] [host[:port]]
|
||||
#topic 'topic' [[[out | in | both] qos-level] local-prefix remote-prefix]
|
||||
|
||||
# Set the version of the MQTT protocol to use with for this bridge. Can be one
|
||||
# of mqttv311 or mqttv11. Defaults to mqttv311.
|
||||
#bridge_protocol_version mqttv311
|
||||
|
||||
# If a bridge has topics that have "out" direction, the default behaviour is to
|
||||
# send an unsubscribe request to the remote broker on that topic. This means
|
||||
# that changing a topic direction from "in" to "out" will not keep receiving
|
||||
# incoming messages. Sending these unsubscribe requests is not always
|
||||
# desirable, setting bridge_attempt_unsubscribe to false will disable sending
|
||||
# the unsubscribe request.
|
||||
#bridge_attempt_unsubscribe true
|
||||
|
||||
# If the bridge has more than one address given in the address/addresses
|
||||
# configuration, the round_robin option defines the behaviour of the bridge on
|
||||
# a failure of the bridge connection. If round_robin is false, the default
|
||||
# value, then the first address is treated as the main bridge connection. If
|
||||
# the connection fails, the other secondary addresses will be attempted in
|
||||
# turn. Whilst connected to a secondary bridge, the bridge will periodically
|
||||
# attempt to reconnect to the main bridge until successful.
|
||||
# If round_robin is true, then all addresses are treated as equals. If a
|
||||
# connection fails, the next address will be tried and if successful will
|
||||
# remain connected until it fails
|
||||
#round_robin false
|
||||
|
||||
# Set the client id to use on the remote end of this bridge connection. If not
|
||||
# defined, this defaults to 'name.hostname' where name is the connection name
|
||||
# and hostname is the hostname of this computer.
|
||||
# This replaces the old "clientid" option to avoid confusion. "clientid"
|
||||
# remains valid for the time being.
|
||||
#remote_clientid
|
||||
|
||||
# Set the clientid to use on the local broker. If not defined, this defaults to
|
||||
# 'local.clientid'. If you are bridging a broker to itself, it is important
|
||||
# that local_clientid and clientid do not match.
|
||||
#local_clientid
|
||||
|
||||
# Set the clean session variable for this bridge.
|
||||
# When set to true, when the bridge disconnects for any reason, all
|
||||
# messages and subscriptions will be cleaned up on the remote
|
||||
# broker. Note that with cleansession set to true, there may be a
|
||||
# significant amount of retained messages sent when the bridge
|
||||
# reconnects after losing its connection.
|
||||
# When set to false, the subscriptions and messages are kept on the
|
||||
# remote broker, and delivered when the bridge reconnects.
|
||||
#cleansession false
|
||||
|
||||
# If set to true, publish notification messages to the local and remote brokers
|
||||
# giving information about the state of the bridge connection. Retained
|
||||
# messages are published to the topic $SYS/broker/connection/clientid/state
|
||||
# unless the notification_topic option is used.
|
||||
# If the message is 1 then the connection is active, or 0 if the connection has
|
||||
# failed.
|
||||
#notifications true
|
||||
|
||||
# Choose the topic on which notification messages for this bridge are
|
||||
# published. If not set, messages are published on the topic
|
||||
# $SYS/broker/connection/clientid/state
|
||||
#notification_topic
|
||||
|
||||
# Set the keepalive interval for this bridge connection, in
|
||||
# seconds.
|
||||
#keepalive_interval 60
|
||||
|
||||
# Set the start type of the bridge. This controls how the bridge starts and
|
||||
# can be one of three types: automatic, lazy and once. Note that RSMB provides
|
||||
# a fourth start type "manual" which isn't currently supported by mosquitto.
|
||||
#
|
||||
# "automatic" is the default start type and means that the bridge connection
|
||||
# will be started automatically when the broker starts and also restarted
|
||||
# after a short delay (30 seconds) if the connection fails.
|
||||
#
|
||||
# Bridges using the "lazy" start type will be started automatically when the
|
||||
# number of queued messages exceeds the number set with the "threshold"
|
||||
# parameter. It will be stopped automatically after the time set by the
|
||||
# "idle_timeout" parameter. Use this start type if you wish the connection to
|
||||
# only be active when it is needed.
|
||||
#
|
||||
# A bridge using the "once" start type will be started automatically when the
|
||||
# broker starts but will not be restarted if the connection fails.
|
||||
#start_type automatic
|
||||
|
||||
# Set the amount of time a bridge using the automatic start type will wait
|
||||
# until attempting to reconnect. Defaults to 30 seconds.
|
||||
#restart_timeout 30
|
||||
|
||||
# Set the amount of time a bridge using the lazy start type must be idle before
|
||||
# it will be stopped. Defaults to 60 seconds.
|
||||
#idle_timeout 60
|
||||
|
||||
# Set the number of messages that need to be queued for a bridge with lazy
|
||||
# start type to be restarted. Defaults to 10 messages.
|
||||
# Must be less than max_queued_messages.
|
||||
#threshold 10
|
||||
|
||||
# If try_private is set to true, the bridge will attempt to indicate to the
|
||||
# remote broker that it is a bridge not an ordinary client. If successful, this
|
||||
# means that loop detection will be more effective and that retained messages
|
||||
# will be propagated correctly. Not all brokers support this feature so it may
|
||||
# be necessary to set try_private to false if your bridge does not connect
|
||||
# properly.
|
||||
#try_private true
|
||||
|
||||
# Set the username to use when connecting to a broker that requires
|
||||
# authentication.
|
||||
# This replaces the old "username" option to avoid confusion. "username"
|
||||
# remains valid for the time being.
|
||||
#remote_username
|
||||
|
||||
# Set the password to use when connecting to a broker that requires
|
||||
# authentication. This option is only used if remote_username is also set.
|
||||
# This replaces the old "password" option to avoid confusion. "password"
|
||||
# remains valid for the time being.
|
||||
#remote_password
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# Either bridge_cafile or bridge_capath must be defined to enable TLS support
|
||||
# for this bridge.
|
||||
# bridge_cafile defines the path to a file containing the
|
||||
# Certificate Authority certificates that have signed the remote broker
|
||||
# certificate.
|
||||
# bridge_capath defines a directory that will be searched for files containing
|
||||
# the CA certificates. For bridge_capath to work correctly, the certificate
|
||||
# files must have ".crt" as the file ending and you must run "openssl rehash
|
||||
# /path/to/capath" each time you add/remove a certificate.
|
||||
#bridge_cafile
|
||||
#bridge_capath
|
||||
|
||||
# Path to the PEM encoded client certificate, if required by the remote broker.
|
||||
#bridge_certfile
|
||||
|
||||
# Path to the PEM encoded client private key, if required by the remote broker.
|
||||
#bridge_keyfile
|
||||
|
||||
# When using certificate based encryption, bridge_insecure disables
|
||||
# verification of the server hostname in the server certificate. This can be
|
||||
# useful when testing initial server configurations, but makes it possible for
|
||||
# a malicious third party to impersonate your server through DNS spoofing, for
|
||||
# example. Use this option in testing only. If you need to resort to using this
|
||||
# option in a production environment, your setup is at fault and there is no
|
||||
# point using encryption.
|
||||
#bridge_insecure false
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# PSK based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key encryption provides an alternative to certificate based
|
||||
# encryption. A bridge can be configured to use PSK with the bridge_identity
|
||||
# and bridge_psk options. These are the client PSK identity, and pre-shared-key
|
||||
# in hexadecimal format with no "0x". Only one of certificate and PSK based
|
||||
# encryption can be used on one
|
||||
# bridge at once.
|
||||
#bridge_identity
|
||||
#bridge_psk
|
||||
|
||||
|
||||
# =================================================================
|
||||
# External config files
|
||||
# =================================================================
|
||||
|
||||
# External configuration files may be included by using the
|
||||
# include_dir option. This defines a directory that will be searched
|
||||
# for config files. All files that end in '.conf' will be loaded as
|
||||
# a configuration file. It is best to have this as the last option
|
||||
# in the main file. This option will only be processed from the main
|
||||
# configuration file. The directory specified must not contain the
|
||||
# main configuration file.
|
||||
#include_dir
|
||||
|
||||
# =================================================================
|
||||
# rsmb options - unlikely to ever be supported
|
||||
# =================================================================
|
||||
|
||||
#ffdc_output
|
||||
#max_log_entries
|
||||
#trace_level
|
||||
#trace_output
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
__mosquitto_packages:
|
||||
- mosquitto
|
Loading…
Reference in New Issue