Compare commits
No commits in common. "main" and "docs" have entirely different histories.
161
.drone.jsonnet
161
.drone.jsonnet
|
@ -1,161 +0,0 @@
|
||||||
local PipelineLinting = {
|
|
||||||
kind: 'pipeline',
|
|
||||||
name: 'linting',
|
|
||||||
platform: {
|
|
||||||
os: 'linux',
|
|
||||||
arch: 'amd64',
|
|
||||||
},
|
|
||||||
steps: [
|
|
||||||
{
|
|
||||||
name: 'ansible-later',
|
|
||||||
image: 'thegeeklab/ansible-later',
|
|
||||||
commands: [
|
|
||||||
'ansible-later',
|
|
||||||
],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: 'python-format',
|
|
||||||
image: 'python:3.11',
|
|
||||||
environment: {
|
|
||||||
PY_COLORS: 1,
|
|
||||||
},
|
|
||||||
commands: [
|
|
||||||
'pip install -qq yapf',
|
|
||||||
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
|
|
||||||
],
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: 'python-flake8',
|
|
||||||
image: 'python:3.11',
|
|
||||||
environment: {
|
|
||||||
PY_COLORS: 1,
|
|
||||||
},
|
|
||||||
commands: [
|
|
||||||
'pip install -qq flake8',
|
|
||||||
'flake8',
|
|
||||||
],
|
|
||||||
},
|
|
||||||
],
|
|
||||||
trigger: {
|
|
||||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
local PipelineDeployment(scenario='centos7') = {
|
|
||||||
kind: 'pipeline',
|
|
||||||
name: 'testing-' + scenario,
|
|
||||||
platform: {
|
|
||||||
os: 'linux',
|
|
||||||
arch: 'amd64',
|
|
||||||
},
|
|
||||||
concurrency: {
|
|
||||||
limit: 1,
|
|
||||||
},
|
|
||||||
workspace: {
|
|
||||||
base: '/drone/src',
|
|
||||||
path: '${DRONE_REPO_NAME}',
|
|
||||||
},
|
|
||||||
steps: [
|
|
||||||
{
|
|
||||||
name: 'ansible-molecule',
|
|
||||||
image: 'thegeeklab/molecule:4',
|
|
||||||
environment: {
|
|
||||||
HCLOUD_TOKEN: { from_secret: 'hcloud_token' },
|
|
||||||
},
|
|
||||||
commands: [
|
|
||||||
'molecule test -s ' + scenario,
|
|
||||||
],
|
|
||||||
},
|
|
||||||
],
|
|
||||||
depends_on: [
|
|
||||||
'linting',
|
|
||||||
],
|
|
||||||
trigger: {
|
|
||||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
local PipelineDocumentation = {
|
|
||||||
kind: 'pipeline',
|
|
||||||
name: 'documentation',
|
|
||||||
platform: {
|
|
||||||
os: 'linux',
|
|
||||||
arch: 'amd64',
|
|
||||||
},
|
|
||||||
steps: [
|
|
||||||
{
|
|
||||||
name: 'generate',
|
|
||||||
image: 'thegeeklab/ansible-doctor',
|
|
||||||
environment: {
|
|
||||||
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
|
|
||||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
|
|
||||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
|
|
||||||
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
|
|
||||||
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
|
|
||||||
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
|
||||||
name: 'publish',
|
|
||||||
image: 'plugins/gh-pages',
|
|
||||||
settings: {
|
|
||||||
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
|
|
||||||
netrc_machine: 'gitea.rknet.org',
|
|
||||||
username: { from_secret: 'gitea_username' },
|
|
||||||
password: { from_secret: 'gitea_token' },
|
|
||||||
pages_directory: '_docs/',
|
|
||||||
target_branch: 'docs',
|
|
||||||
},
|
|
||||||
when: {
|
|
||||||
ref: ['refs/heads/main'],
|
|
||||||
},
|
|
||||||
},
|
|
||||||
],
|
|
||||||
trigger: {
|
|
||||||
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
|
|
||||||
},
|
|
||||||
depends_on: [
|
|
||||||
'testing-centos7',
|
|
||||||
'testing-rocky8',
|
|
||||||
],
|
|
||||||
};
|
|
||||||
|
|
||||||
local PipelineNotification = {
|
|
||||||
kind: 'pipeline',
|
|
||||||
name: 'notification',
|
|
||||||
platform: {
|
|
||||||
os: 'linux',
|
|
||||||
arch: 'amd64',
|
|
||||||
},
|
|
||||||
clone: {
|
|
||||||
disable: true,
|
|
||||||
},
|
|
||||||
steps: [
|
|
||||||
{
|
|
||||||
name: 'matrix',
|
|
||||||
image: 'thegeeklab/drone-matrix',
|
|
||||||
settings: {
|
|
||||||
homeserver: { from_secret: 'matrix_homeserver' },
|
|
||||||
roomid: { from_secret: 'matrix_roomid' },
|
|
||||||
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
|
|
||||||
username: { from_secret: 'matrix_username' },
|
|
||||||
password: { from_secret: 'matrix_password' },
|
|
||||||
},
|
|
||||||
},
|
|
||||||
],
|
|
||||||
depends_on: [
|
|
||||||
'documentation',
|
|
||||||
],
|
|
||||||
trigger: {
|
|
||||||
status: ['success', 'failure'],
|
|
||||||
ref: ['refs/heads/main', 'refs/tags/**'],
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
[
|
|
||||||
PipelineLinting,
|
|
||||||
PipelineDeployment(scenario='centos7'),
|
|
||||||
PipelineDeployment(scenario='rocky8'),
|
|
||||||
PipelineDocumentation,
|
|
||||||
PipelineNotification,
|
|
||||||
]
|
|
187
.drone.yml
187
.drone.yml
|
@ -1,187 +0,0 @@
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
name: linting
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: amd64
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: ansible-later
|
|
||||||
image: thegeeklab/ansible-later
|
|
||||||
commands:
|
|
||||||
- ansible-later
|
|
||||||
|
|
||||||
- name: python-format
|
|
||||||
image: python:3.11
|
|
||||||
commands:
|
|
||||||
- pip install -qq yapf
|
|
||||||
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
|
|
||||||
environment:
|
|
||||||
PY_COLORS: 1
|
|
||||||
|
|
||||||
- name: python-flake8
|
|
||||||
image: python:3.11
|
|
||||||
commands:
|
|
||||||
- pip install -qq flake8
|
|
||||||
- flake8
|
|
||||||
environment:
|
|
||||||
PY_COLORS: 1
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
ref:
|
|
||||||
- refs/heads/main
|
|
||||||
- refs/tags/**
|
|
||||||
- refs/pull/**
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
name: testing-centos7
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: amd64
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
limit: 1
|
|
||||||
|
|
||||||
workspace:
|
|
||||||
base: /drone/src
|
|
||||||
path: ${DRONE_REPO_NAME}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: ansible-molecule
|
|
||||||
image: thegeeklab/molecule:4
|
|
||||||
commands:
|
|
||||||
- molecule test -s centos7
|
|
||||||
environment:
|
|
||||||
HCLOUD_TOKEN:
|
|
||||||
from_secret: hcloud_token
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
ref:
|
|
||||||
- refs/heads/main
|
|
||||||
- refs/tags/**
|
|
||||||
- refs/pull/**
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linting
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
name: testing-rocky8
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: amd64
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
limit: 1
|
|
||||||
|
|
||||||
workspace:
|
|
||||||
base: /drone/src
|
|
||||||
path: ${DRONE_REPO_NAME}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: ansible-molecule
|
|
||||||
image: thegeeklab/molecule:4
|
|
||||||
commands:
|
|
||||||
- molecule test -s rocky8
|
|
||||||
environment:
|
|
||||||
HCLOUD_TOKEN:
|
|
||||||
from_secret: hcloud_token
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
ref:
|
|
||||||
- refs/heads/main
|
|
||||||
- refs/tags/**
|
|
||||||
- refs/pull/**
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- linting
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
name: documentation
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: amd64
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: generate
|
|
||||||
image: thegeeklab/ansible-doctor
|
|
||||||
environment:
|
|
||||||
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
|
|
||||||
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
|
|
||||||
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
|
|
||||||
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
|
|
||||||
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
|
|
||||||
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
|
|
||||||
|
|
||||||
- name: publish
|
|
||||||
image: plugins/gh-pages
|
|
||||||
settings:
|
|
||||||
netrc_machine: gitea.rknet.org
|
|
||||||
pages_directory: _docs/
|
|
||||||
password:
|
|
||||||
from_secret: gitea_token
|
|
||||||
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
|
|
||||||
target_branch: docs
|
|
||||||
username:
|
|
||||||
from_secret: gitea_username
|
|
||||||
when:
|
|
||||||
ref:
|
|
||||||
- refs/heads/main
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
ref:
|
|
||||||
- refs/heads/main
|
|
||||||
- refs/tags/**
|
|
||||||
- refs/pull/**
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- testing-centos7
|
|
||||||
- testing-rocky8
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: pipeline
|
|
||||||
name: notification
|
|
||||||
|
|
||||||
platform:
|
|
||||||
os: linux
|
|
||||||
arch: amd64
|
|
||||||
|
|
||||||
clone:
|
|
||||||
disable: true
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: matrix
|
|
||||||
image: thegeeklab/drone-matrix
|
|
||||||
settings:
|
|
||||||
homeserver:
|
|
||||||
from_secret: matrix_homeserver
|
|
||||||
password:
|
|
||||||
from_secret: matrix_password
|
|
||||||
roomid:
|
|
||||||
from_secret: matrix_roomid
|
|
||||||
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
|
|
||||||
username:
|
|
||||||
from_secret: matrix_username
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
ref:
|
|
||||||
- refs/heads/main
|
|
||||||
- refs/tags/**
|
|
||||||
status:
|
|
||||||
- success
|
|
||||||
- failure
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- documentation
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: signature
|
|
||||||
hmac: 38fb753c217b5efa3d18c0e23db8a2f3323d4cc54b100f8a0d40847b1f1b4118
|
|
||||||
|
|
||||||
...
|
|
|
@ -1,13 +0,0 @@
|
||||||
# ---> Ansible
|
|
||||||
*.retry
|
|
||||||
filter/plugins/
|
|
||||||
library
|
|
||||||
|
|
||||||
# ---> Python
|
|
||||||
# Byte-compiled / optimized / DLL files
|
|
||||||
__pycache__/
|
|
||||||
*.py[cod]
|
|
||||||
*$py.class
|
|
||||||
|
|
||||||
# ---> Docs
|
|
||||||
/_docs
|
|
19
.later.yml
19
.later.yml
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
ansible:
|
|
||||||
custom_modules:
|
|
||||||
- iptables_raw
|
|
||||||
- openssl_pkcs12
|
|
||||||
- proxmox_kvm
|
|
||||||
- ucr
|
|
||||||
- corenetworks_dns
|
|
||||||
- corenetworks_token
|
|
||||||
|
|
||||||
rules:
|
|
||||||
exclude_files:
|
|
||||||
- molecule/
|
|
||||||
- "LICENSE*"
|
|
||||||
- "**/*.md"
|
|
||||||
- "**/*.ini"
|
|
||||||
|
|
||||||
exclude_filter:
|
|
||||||
- LINT0009
|
|
21
LICENSE
21
LICENSE
|
@ -1,21 +0,0 @@
|
||||||
MIT License
|
|
||||||
|
|
||||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
|
||||||
in the Software without restriction, including without limitation the rights
|
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
copies of the Software, and to permit persons to whom the Software is furnished
|
|
||||||
to do so, subject to the following conditions:
|
|
||||||
|
|
||||||
The above copyright notice and this permission notice (including the next
|
|
||||||
paragraph) shall be included in all copies or substantial portions of the
|
|
||||||
Software.
|
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
||||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
|
|
||||||
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
|
||||||
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
|
|
||||||
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
12
README.md
12
README.md
|
@ -1,12 +0,0 @@
|
||||||
# xoxys.mosquitto
|
|
||||||
|
|
||||||
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto)
|
|
||||||
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
|
|
||||||
|
|
||||||
Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker that implements the MQTT protocol. It is lightweight and suitable for use on all devices from low power single board computers to full servers.
|
|
||||||
|
|
||||||
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/IoT/mosquitto/).
|
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
|
|
@ -1,59 +0,0 @@
|
||||||
---
|
|
||||||
mosquitto_base_dir: /etc/mosquitto
|
|
||||||
mosquitto_pid_file: /var/run/mosquitto.pid
|
|
||||||
mosquitto_user: mosquitto
|
|
||||||
mosquitto_group: mosquitto
|
|
||||||
|
|
||||||
mosquitto_port: 1883
|
|
||||||
mosquitto_bind_address: "{{ ansible_default_ipv4.address }}"
|
|
||||||
|
|
||||||
mosquitto_packages_extra: []
|
|
||||||
mosquitto_persistence_enabled: False
|
|
||||||
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
|
||||||
|
|
||||||
mosquitto_password_auth_enabled: False
|
|
||||||
mosquitto_password_auth_file: "{{ mosquitto_base_dir }}/passwd"
|
|
||||||
mosquitto_password_auth_users: []
|
|
||||||
# @var mosquitto_password_auth_users:example: >
|
|
||||||
# mosquitto_password_auth_users:
|
|
||||||
# - name: admin
|
|
||||||
# password: mysecret
|
|
||||||
# state: present
|
|
||||||
# - name: user1
|
|
||||||
# password: very_secure
|
|
||||||
# state: absent
|
|
||||||
# @end
|
|
||||||
|
|
||||||
mosquitto_acl_enabled: False
|
|
||||||
mosquitto_acl_file: "{{ mosquitto_base_dir }}/aclfile"
|
|
||||||
mosquitto_acl: []
|
|
||||||
# @var mosquitto_acl:example: >
|
|
||||||
# mosquitto_acl:
|
|
||||||
# - name: iot
|
|
||||||
# user: admin
|
|
||||||
# acls:
|
|
||||||
# - acl_base: topic # (topic|pattern, defaults to topic)
|
|
||||||
# acl_topic: "#"
|
|
||||||
# acl_policy: readwrite
|
|
||||||
# - name: readonly_iot
|
|
||||||
# user: user1
|
|
||||||
# acls:
|
|
||||||
# - acl_base: topic
|
|
||||||
# acl_topic: my/devices
|
|
||||||
# acl_policy: readwrite
|
|
||||||
# @end
|
|
||||||
|
|
||||||
mosquitto_tls_enabled: False
|
|
||||||
mosquitto_tls_ciphers:
|
|
||||||
- DEFAULT
|
|
||||||
- "!aNULL"
|
|
||||||
- "!eNULL"
|
|
||||||
- "!LOW"
|
|
||||||
- "!EXPORT"
|
|
||||||
- "!SSLv2"
|
|
||||||
- "@STRENGTH"
|
|
||||||
mosquitto_ca_path: /etc/pki/tls/certs/
|
|
||||||
mosquitto_tls_cert_source: mycert.pem
|
|
||||||
mosquitto_tls_key_source: mykey.pem
|
|
||||||
mosquitto_tls_cert_path: "{{ mosquitto_base_dir }}/tls/certs/mycert.pem"
|
|
||||||
mosquitto_tls_key_path: "{{ mosquitto_base_dir }}/tls/private/mykey.pem"
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart mosquitto service
|
|
||||||
service:
|
|
||||||
state: restarted
|
|
||||||
daemon_reload: yes
|
|
||||||
name: mosquitto
|
|
||||||
enabled: yes
|
|
||||||
listen: __mosquitto_restart
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
|
@ -0,0 +1,263 @@
|
||||||
|
---
|
||||||
|
title: mosquitto
|
||||||
|
type: docs
|
||||||
|
---
|
||||||
|
|
||||||
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.mosquitto) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.mosquitto/src/branch/main/LICENSE)
|
||||||
|
|
||||||
|
Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker that implements the MQTT protocol. It is lightweight and suitable for use on all devices from low power single board computers to full servers.
|
||||||
|
|
||||||
|
<!--more-->
|
||||||
|
|
||||||
|
- [Default Variables](#default-variables)
|
||||||
|
- [mosquitto_acl](#mosquitto_acl)
|
||||||
|
- [mosquitto_acl_enabled](#mosquitto_acl_enabled)
|
||||||
|
- [mosquitto_acl_file](#mosquitto_acl_file)
|
||||||
|
- [mosquitto_base_dir](#mosquitto_base_dir)
|
||||||
|
- [mosquitto_bind_address](#mosquitto_bind_address)
|
||||||
|
- [mosquitto_ca_path](#mosquitto_ca_path)
|
||||||
|
- [mosquitto_group](#mosquitto_group)
|
||||||
|
- [mosquitto_packages_extra](#mosquitto_packages_extra)
|
||||||
|
- [mosquitto_password_auth_enabled](#mosquitto_password_auth_enabled)
|
||||||
|
- [mosquitto_password_auth_file](#mosquitto_password_auth_file)
|
||||||
|
- [mosquitto_password_auth_users](#mosquitto_password_auth_users)
|
||||||
|
- [mosquitto_persistence_enabled](#mosquitto_persistence_enabled)
|
||||||
|
- [mosquitto_persistence_path](#mosquitto_persistence_path)
|
||||||
|
- [mosquitto_pid_file](#mosquitto_pid_file)
|
||||||
|
- [mosquitto_port](#mosquitto_port)
|
||||||
|
- [mosquitto_tls_cert_path](#mosquitto_tls_cert_path)
|
||||||
|
- [mosquitto_tls_cert_source](#mosquitto_tls_cert_source)
|
||||||
|
- [mosquitto_tls_ciphers](#mosquitto_tls_ciphers)
|
||||||
|
- [mosquitto_tls_enabled](#mosquitto_tls_enabled)
|
||||||
|
- [mosquitto_tls_key_path](#mosquitto_tls_key_path)
|
||||||
|
- [mosquitto_tls_key_source](#mosquitto_tls_key_source)
|
||||||
|
- [mosquitto_user](#mosquitto_user)
|
||||||
|
- [Discovered Tags](#discovered-tags)
|
||||||
|
- [Dependencies](#dependencies)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Default Variables
|
||||||
|
|
||||||
|
### mosquitto_acl
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_acl: []
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Example usage
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_acl:
|
||||||
|
- name: iot
|
||||||
|
user: admin
|
||||||
|
acls:
|
||||||
|
- acl_base: topic # (topic|pattern, defaults to topic)
|
||||||
|
acl_topic: "#"
|
||||||
|
acl_policy: readwrite
|
||||||
|
- name: readonly_iot
|
||||||
|
user: user1
|
||||||
|
acls:
|
||||||
|
- acl_base: topic
|
||||||
|
acl_topic: my/devices
|
||||||
|
acl_policy: readwrite
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_acl_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_acl_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_acl_file
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_acl_file: '{{ mosquitto_base_dir }}/aclfile'
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_base_dir
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_base_dir: /etc/mosquitto
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_bind_address
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_bind_address: '{{ ansible_default_ipv4.address }}'
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_ca_path
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_ca_path: /etc/pki/tls/certs/
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_group
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_group: mosquitto
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_packages_extra
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_packages_extra: []
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_password_auth_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_password_auth_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_password_auth_file
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_password_auth_file: '{{ mosquitto_base_dir }}/passwd'
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_password_auth_users
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_password_auth_users: []
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Example usage
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_password_auth_users:
|
||||||
|
- name: admin
|
||||||
|
password: mysecret
|
||||||
|
state: present
|
||||||
|
- name: user1
|
||||||
|
password: very_secure
|
||||||
|
state: absent
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_persistence_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_persistence_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_persistence_path
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_persistence_path: /var/lib/mosquitto/mosquitto.db
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_pid_file
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_pid_file: /var/run/mosquitto.pid
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_port
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_port: 1883
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_tls_cert_path
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_tls_cert_path: '{{ mosquitto_base_dir }}/tls/certs/mycert.pem'
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_tls_cert_source
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_tls_cert_source: mycert.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_tls_ciphers
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_tls_ciphers:
|
||||||
|
- DEFAULT
|
||||||
|
- '!aNULL'
|
||||||
|
- '!eNULL'
|
||||||
|
- '!LOW'
|
||||||
|
- '!EXPORT'
|
||||||
|
- '!SSLv2'
|
||||||
|
- '@STRENGTH'
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_tls_enabled
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_tls_enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_tls_key_path
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_tls_key_path: '{{ mosquitto_base_dir }}/tls/private/mykey.pem'
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_tls_key_source
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_tls_key_source: mykey.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
### mosquitto_user
|
||||||
|
|
||||||
|
#### Default value
|
||||||
|
|
||||||
|
```YAML
|
||||||
|
mosquitto_user: mosquitto
|
||||||
|
```
|
||||||
|
|
||||||
|
## Discovered Tags
|
||||||
|
|
||||||
|
tls_renewal
|
||||||
|
:
|
||||||
|
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None.
|
|
@ -1,29 +0,0 @@
|
||||||
# Standards: 0.2
|
|
||||||
---
|
|
||||||
galaxy_info:
|
|
||||||
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
|
|
||||||
author: Robert Kaussow <mail@thegeeklab.de>
|
|
||||||
namespace: xoxys
|
|
||||||
role_name: mosquitto
|
|
||||||
# @meta description: >
|
|
||||||
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.mosquitto)
|
|
||||||
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.mosquitto?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.mosquitto)
|
|
||||||
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.mosquitto/src/branch/main/LICENSE)
|
|
||||||
#
|
|
||||||
# Setup [mosquitto](https://mosquitto.org/) mqtt broker. Eclipse Mosquitto is a message broker
|
|
||||||
# that implements the MQTT protocol. It is lightweight and suitable for use on all devices
|
|
||||||
# from low power single board computers to full servers.
|
|
||||||
# @end
|
|
||||||
description: Setup mosquitto mqtt broker
|
|
||||||
license: MIT
|
|
||||||
min_ansible_version: 2.10
|
|
||||||
platforms:
|
|
||||||
- name: EL
|
|
||||||
versions:
|
|
||||||
- 7
|
|
||||||
galaxy_tags:
|
|
||||||
- mosquitto
|
|
||||||
- mqtt
|
|
||||||
dependencies: []
|
|
||||||
collections:
|
|
||||||
- community.general
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Converge
|
|
||||||
hosts: all
|
|
||||||
vars:
|
|
||||||
mosquitto_packages_extra:
|
|
||||||
- epel-release
|
|
||||||
mosquitto_bind_address: "127.0.0.1"
|
|
||||||
|
|
||||||
roles:
|
|
||||||
- role: xoxys.mosquitto
|
|
|
@ -1,120 +0,0 @@
|
||||||
---
|
|
||||||
- name: Create
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
gather_facts: false
|
|
||||||
no_log: "{{ molecule_no_log }}"
|
|
||||||
vars:
|
|
||||||
ssh_port: 22
|
|
||||||
ssh_user: root
|
|
||||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
|
||||||
tasks:
|
|
||||||
- name: Create SSH key
|
|
||||||
user:
|
|
||||||
name: "{{ lookup('env', 'USER') }}"
|
|
||||||
generate_ssh_key: true
|
|
||||||
ssh_key_file: "{{ ssh_path }}"
|
|
||||||
force: true
|
|
||||||
register: generated_ssh_key
|
|
||||||
|
|
||||||
- name: Register the SSH key name
|
|
||||||
set_fact:
|
|
||||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
|
||||||
|
|
||||||
- name: Register SSH key for test instance(s)
|
|
||||||
hcloud_ssh_key:
|
|
||||||
name: "{{ ssh_key_name }}"
|
|
||||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Create molecule instance(s)
|
|
||||||
hcloud_server:
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
server_type: "{{ item.server_type }}"
|
|
||||||
ssh_keys:
|
|
||||||
- "{{ ssh_key_name }}"
|
|
||||||
image: "{{ item.image }}"
|
|
||||||
location: "{{ item.location | default(omit) }}"
|
|
||||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
|
||||||
user_data: "{{ item.user_data | default(omit) }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: present
|
|
||||||
register: server
|
|
||||||
loop: "{{ molecule_yml.platforms }}"
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for instance(s) creation to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_jobs
|
|
||||||
until: hetzner_jobs.finished
|
|
||||||
retries: 300
|
|
||||||
loop: "{{ server.results }}"
|
|
||||||
|
|
||||||
- name: Create volume(s)
|
|
||||||
hcloud_volume:
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
server: "{{ item.name }}"
|
|
||||||
location: "{{ item.location | default(omit) }}"
|
|
||||||
size: "{{ item.volume_size | default(10) }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: "present"
|
|
||||||
loop: "{{ molecule_yml.platforms }}"
|
|
||||||
when: item.volume | default(False) | bool
|
|
||||||
register: volumes
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for volume(s) creation to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_volumes
|
|
||||||
until: hetzner_volumes.finished
|
|
||||||
retries: 300
|
|
||||||
when: volumes.changed
|
|
||||||
loop: "{{ volumes.results }}"
|
|
||||||
|
|
||||||
# Mandatory configuration for Molecule to function.
|
|
||||||
|
|
||||||
- name: Populate instance config dict
|
|
||||||
set_fact:
|
|
||||||
instance_conf_dict:
|
|
||||||
{
|
|
||||||
"instance": "{{ item.hcloud_server.name }}",
|
|
||||||
"ssh_key_name": "{{ ssh_key_name }}",
|
|
||||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
|
||||||
"user": "{{ ssh_user }}",
|
|
||||||
"port": "{{ ssh_port }}",
|
|
||||||
"identity_file": "{{ ssh_path }}",
|
|
||||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
|
||||||
}
|
|
||||||
loop: "{{ hetzner_jobs.results }}"
|
|
||||||
register: instance_config_dict
|
|
||||||
when: server.changed | bool
|
|
||||||
|
|
||||||
- name: Convert instance config dict to a list
|
|
||||||
set_fact:
|
|
||||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
|
||||||
when: server.changed | bool
|
|
||||||
|
|
||||||
- name: Dump instance config
|
|
||||||
copy:
|
|
||||||
content: |
|
|
||||||
# Molecule managed
|
|
||||||
|
|
||||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
|
||||||
dest: "{{ molecule_instance_config }}"
|
|
||||||
when: server.changed | bool
|
|
||||||
|
|
||||||
- name: Wait for SSH
|
|
||||||
wait_for:
|
|
||||||
port: "{{ ssh_port }}"
|
|
||||||
host: "{{ item.address }}"
|
|
||||||
search_regex: SSH
|
|
||||||
delay: 10
|
|
||||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
|
||||||
|
|
||||||
- name: Wait for VM to settle down
|
|
||||||
pause:
|
|
||||||
seconds: 30
|
|
|
@ -1,78 +0,0 @@
|
||||||
---
|
|
||||||
- name: Destroy
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
gather_facts: false
|
|
||||||
no_log: "{{ molecule_no_log }}"
|
|
||||||
tasks:
|
|
||||||
- name: Check existing instance config file
|
|
||||||
stat:
|
|
||||||
path: "{{ molecule_instance_config }}"
|
|
||||||
register: cfg
|
|
||||||
|
|
||||||
- name: Populate the instance config
|
|
||||||
set_fact:
|
|
||||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
|
||||||
|
|
||||||
- name: Destroy molecule instance(s)
|
|
||||||
hcloud_server:
|
|
||||||
name: "{{ item.instance }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: absent
|
|
||||||
register: server
|
|
||||||
loop: "{{ instance_conf }}"
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for instance(s) deletion to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_jobs
|
|
||||||
until: hetzner_jobs.finished
|
|
||||||
retries: 300
|
|
||||||
loop: "{{ server.results }}"
|
|
||||||
|
|
||||||
- pause:
|
|
||||||
seconds: 5
|
|
||||||
|
|
||||||
- name: Destroy volume(s)
|
|
||||||
hcloud_volume:
|
|
||||||
name: "{{ item.instance }}"
|
|
||||||
server: "{{ item.instance }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: "absent"
|
|
||||||
register: volumes
|
|
||||||
loop: "{{ instance_conf }}"
|
|
||||||
when: item.volume | default(False) | bool
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for volume(s) deletion to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_volumes
|
|
||||||
until: hetzner_volumes.finished
|
|
||||||
retries: 300
|
|
||||||
when: volumes.changed
|
|
||||||
loop: "{{ volumes.results }}"
|
|
||||||
|
|
||||||
- name: Remove registered SSH key
|
|
||||||
hcloud_ssh_key:
|
|
||||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
|
||||||
state: absent
|
|
||||||
when: (instance_conf | default([])) | length > 0
|
|
||||||
|
|
||||||
# Mandatory configuration for Molecule to function.
|
|
||||||
|
|
||||||
- name: Populate instance config
|
|
||||||
set_fact:
|
|
||||||
instance_conf: {}
|
|
||||||
|
|
||||||
- name: Dump instance config
|
|
||||||
copy:
|
|
||||||
content: |
|
|
||||||
# Molecule managed
|
|
||||||
|
|
||||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
|
||||||
dest: "{{ molecule_instance_config }}"
|
|
||||||
when: server.changed | bool
|
|
|
@ -1,24 +0,0 @@
|
||||||
---
|
|
||||||
dependency:
|
|
||||||
name: galaxy
|
|
||||||
options:
|
|
||||||
role-file: molecule/requirements.yml
|
|
||||||
requirements-file: molecule/requirements.yml
|
|
||||||
env:
|
|
||||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
|
||||||
driver:
|
|
||||||
name: delegated
|
|
||||||
platforms:
|
|
||||||
- name: centos7-mosquitto
|
|
||||||
image: centos-7
|
|
||||||
server_type: cx11
|
|
||||||
lint: |
|
|
||||||
/usr/local/bin/flake8
|
|
||||||
provisioner:
|
|
||||||
name: ansible
|
|
||||||
env:
|
|
||||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
|
||||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
|
||||||
log: False
|
|
||||||
verifier:
|
|
||||||
name: testinfra
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
- name: Prepare
|
|
||||||
hosts: all
|
|
||||||
gather_facts: false
|
|
||||||
tasks:
|
|
||||||
- name: Bootstrap python for Ansible
|
|
||||||
raw: |
|
|
||||||
command -v python3 python || (
|
|
||||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
|
||||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
|
||||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
|
||||||
echo "Warning: Python not boostrapped due to unknown platform."
|
|
||||||
)
|
|
||||||
become: true
|
|
||||||
changed_when: false
|
|
|
@ -1,23 +0,0 @@
|
||||||
import os
|
|
||||||
|
|
||||||
import testinfra.utils.ansible_runner
|
|
||||||
|
|
||||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
||||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
|
||||||
).get_hosts("all")
|
|
||||||
|
|
||||||
|
|
||||||
def test_mosquitto_is_installed(host):
|
|
||||||
mosquitto = host.package("mosquitto")
|
|
||||||
assert mosquitto.is_installed
|
|
||||||
|
|
||||||
|
|
||||||
def test_mosquitto_running_and_enabled(host):
|
|
||||||
mosquitto = host.service("mosquitto")
|
|
||||||
assert mosquitto.is_running
|
|
||||||
assert mosquitto.is_enabled
|
|
||||||
|
|
||||||
|
|
||||||
def test_mosquitto_socket(host):
|
|
||||||
# Verify the socket is listening for HTTP traffic
|
|
||||||
assert host.socket("tcp://127.0.0.1:1883").is_listening
|
|
|
@ -1 +0,0 @@
|
||||||
rocky8
|
|
|
@ -1,3 +0,0 @@
|
||||||
[pytest]
|
|
||||||
filterwarnings =
|
|
||||||
ignore::DeprecationWarning
|
|
|
@ -1,6 +0,0 @@
|
||||||
---
|
|
||||||
collections:
|
|
||||||
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
|
|
||||||
- name: community.general
|
|
||||||
|
|
||||||
roles: []
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Converge
|
|
||||||
hosts: all
|
|
||||||
vars:
|
|
||||||
mosquitto_packages_extra:
|
|
||||||
- epel-release
|
|
||||||
mosquitto_bind_address: "127.0.0.1"
|
|
||||||
|
|
||||||
roles:
|
|
||||||
- role: xoxys.mosquitto
|
|
|
@ -1,120 +0,0 @@
|
||||||
---
|
|
||||||
- name: Create
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
gather_facts: false
|
|
||||||
no_log: "{{ molecule_no_log }}"
|
|
||||||
vars:
|
|
||||||
ssh_port: 22
|
|
||||||
ssh_user: root
|
|
||||||
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
|
|
||||||
tasks:
|
|
||||||
- name: Create SSH key
|
|
||||||
user:
|
|
||||||
name: "{{ lookup('env', 'USER') }}"
|
|
||||||
generate_ssh_key: true
|
|
||||||
ssh_key_file: "{{ ssh_path }}"
|
|
||||||
force: true
|
|
||||||
register: generated_ssh_key
|
|
||||||
|
|
||||||
- name: Register the SSH key name
|
|
||||||
set_fact:
|
|
||||||
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
|
|
||||||
|
|
||||||
- name: Register SSH key for test instance(s)
|
|
||||||
hcloud_ssh_key:
|
|
||||||
name: "{{ ssh_key_name }}"
|
|
||||||
public_key: "{{ generated_ssh_key.ssh_public_key }}"
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Create molecule instance(s)
|
|
||||||
hcloud_server:
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
server_type: "{{ item.server_type }}"
|
|
||||||
ssh_keys:
|
|
||||||
- "{{ ssh_key_name }}"
|
|
||||||
image: "{{ item.image }}"
|
|
||||||
location: "{{ item.location | default(omit) }}"
|
|
||||||
datacenter: "{{ item.datacenter | default(omit) }}"
|
|
||||||
user_data: "{{ item.user_data | default(omit) }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: present
|
|
||||||
register: server
|
|
||||||
loop: "{{ molecule_yml.platforms }}"
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for instance(s) creation to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_jobs
|
|
||||||
until: hetzner_jobs.finished
|
|
||||||
retries: 300
|
|
||||||
loop: "{{ server.results }}"
|
|
||||||
|
|
||||||
- name: Create volume(s)
|
|
||||||
hcloud_volume:
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
server: "{{ item.name }}"
|
|
||||||
location: "{{ item.location | default(omit) }}"
|
|
||||||
size: "{{ item.volume_size | default(10) }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: "present"
|
|
||||||
loop: "{{ molecule_yml.platforms }}"
|
|
||||||
when: item.volume | default(False) | bool
|
|
||||||
register: volumes
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for volume(s) creation to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_volumes
|
|
||||||
until: hetzner_volumes.finished
|
|
||||||
retries: 300
|
|
||||||
when: volumes.changed
|
|
||||||
loop: "{{ volumes.results }}"
|
|
||||||
|
|
||||||
# Mandatory configuration for Molecule to function.
|
|
||||||
|
|
||||||
- name: Populate instance config dict
|
|
||||||
set_fact:
|
|
||||||
instance_conf_dict:
|
|
||||||
{
|
|
||||||
"instance": "{{ item.hcloud_server.name }}",
|
|
||||||
"ssh_key_name": "{{ ssh_key_name }}",
|
|
||||||
"address": "{{ item.hcloud_server.ipv4_address }}",
|
|
||||||
"user": "{{ ssh_user }}",
|
|
||||||
"port": "{{ ssh_port }}",
|
|
||||||
"identity_file": "{{ ssh_path }}",
|
|
||||||
"volume": "{{ item.item.item.volume | default(False) | bool }}",
|
|
||||||
}
|
|
||||||
loop: "{{ hetzner_jobs.results }}"
|
|
||||||
register: instance_config_dict
|
|
||||||
when: server.changed | bool
|
|
||||||
|
|
||||||
- name: Convert instance config dict to a list
|
|
||||||
set_fact:
|
|
||||||
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
|
|
||||||
when: server.changed | bool
|
|
||||||
|
|
||||||
- name: Dump instance config
|
|
||||||
copy:
|
|
||||||
content: |
|
|
||||||
# Molecule managed
|
|
||||||
|
|
||||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
|
||||||
dest: "{{ molecule_instance_config }}"
|
|
||||||
when: server.changed | bool
|
|
||||||
|
|
||||||
- name: Wait for SSH
|
|
||||||
wait_for:
|
|
||||||
port: "{{ ssh_port }}"
|
|
||||||
host: "{{ item.address }}"
|
|
||||||
search_regex: SSH
|
|
||||||
delay: 10
|
|
||||||
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
|
|
||||||
|
|
||||||
- name: Wait for VM to settle down
|
|
||||||
pause:
|
|
||||||
seconds: 30
|
|
|
@ -1,78 +0,0 @@
|
||||||
---
|
|
||||||
- name: Destroy
|
|
||||||
hosts: localhost
|
|
||||||
connection: local
|
|
||||||
gather_facts: false
|
|
||||||
no_log: "{{ molecule_no_log }}"
|
|
||||||
tasks:
|
|
||||||
- name: Check existing instance config file
|
|
||||||
stat:
|
|
||||||
path: "{{ molecule_instance_config }}"
|
|
||||||
register: cfg
|
|
||||||
|
|
||||||
- name: Populate the instance config
|
|
||||||
set_fact:
|
|
||||||
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
|
|
||||||
|
|
||||||
- name: Destroy molecule instance(s)
|
|
||||||
hcloud_server:
|
|
||||||
name: "{{ item.instance }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: absent
|
|
||||||
register: server
|
|
||||||
loop: "{{ instance_conf }}"
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for instance(s) deletion to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_jobs
|
|
||||||
until: hetzner_jobs.finished
|
|
||||||
retries: 300
|
|
||||||
loop: "{{ server.results }}"
|
|
||||||
|
|
||||||
- pause:
|
|
||||||
seconds: 5
|
|
||||||
|
|
||||||
- name: Destroy volume(s)
|
|
||||||
hcloud_volume:
|
|
||||||
name: "{{ item.instance }}"
|
|
||||||
server: "{{ item.instance }}"
|
|
||||||
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
|
|
||||||
state: "absent"
|
|
||||||
register: volumes
|
|
||||||
loop: "{{ instance_conf }}"
|
|
||||||
when: item.volume | default(False) | bool
|
|
||||||
async: 7200
|
|
||||||
poll: 0
|
|
||||||
|
|
||||||
- name: Wait for volume(s) deletion to complete
|
|
||||||
async_status:
|
|
||||||
jid: "{{ item.ansible_job_id }}"
|
|
||||||
register: hetzner_volumes
|
|
||||||
until: hetzner_volumes.finished
|
|
||||||
retries: 300
|
|
||||||
when: volumes.changed
|
|
||||||
loop: "{{ volumes.results }}"
|
|
||||||
|
|
||||||
- name: Remove registered SSH key
|
|
||||||
hcloud_ssh_key:
|
|
||||||
name: "{{ instance_conf[0].ssh_key_name }}"
|
|
||||||
state: absent
|
|
||||||
when: (instance_conf | default([])) | length > 0
|
|
||||||
|
|
||||||
# Mandatory configuration for Molecule to function.
|
|
||||||
|
|
||||||
- name: Populate instance config
|
|
||||||
set_fact:
|
|
||||||
instance_conf: {}
|
|
||||||
|
|
||||||
- name: Dump instance config
|
|
||||||
copy:
|
|
||||||
content: |
|
|
||||||
# Molecule managed
|
|
||||||
|
|
||||||
{{ instance_conf | to_nice_yaml(indent=2) }}
|
|
||||||
dest: "{{ molecule_instance_config }}"
|
|
||||||
when: server.changed | bool
|
|
|
@ -1,24 +0,0 @@
|
||||||
---
|
|
||||||
dependency:
|
|
||||||
name: galaxy
|
|
||||||
options:
|
|
||||||
role-file: molecule/requirements.yml
|
|
||||||
requirements-file: molecule/requirements.yml
|
|
||||||
env:
|
|
||||||
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
|
|
||||||
driver:
|
|
||||||
name: delegated
|
|
||||||
platforms:
|
|
||||||
- name: rocky8-mosquitto
|
|
||||||
image: rocky-8
|
|
||||||
server_type: cx11
|
|
||||||
lint: |
|
|
||||||
/usr/local/bin/flake8
|
|
||||||
provisioner:
|
|
||||||
name: ansible
|
|
||||||
env:
|
|
||||||
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
|
|
||||||
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
|
|
||||||
log: False
|
|
||||||
verifier:
|
|
||||||
name: testinfra
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
- name: Prepare
|
|
||||||
hosts: all
|
|
||||||
gather_facts: false
|
|
||||||
tasks:
|
|
||||||
- name: Bootstrap python for Ansible
|
|
||||||
raw: |
|
|
||||||
command -v python3 python || (
|
|
||||||
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
|
|
||||||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
|
|
||||||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
|
|
||||||
echo "Warning: Python not boostrapped due to unknown platform."
|
|
||||||
)
|
|
||||||
become: true
|
|
||||||
changed_when: false
|
|
|
@ -1,23 +0,0 @@
|
||||||
import os
|
|
||||||
|
|
||||||
import testinfra.utils.ansible_runner
|
|
||||||
|
|
||||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
|
||||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
|
||||||
).get_hosts("all")
|
|
||||||
|
|
||||||
|
|
||||||
def test_mosquitto_is_installed(host):
|
|
||||||
mosquitto = host.package("mosquitto")
|
|
||||||
assert mosquitto.is_installed
|
|
||||||
|
|
||||||
|
|
||||||
def test_mosquitto_running_and_enabled(host):
|
|
||||||
mosquitto = host.service("mosquitto")
|
|
||||||
assert mosquitto.is_running
|
|
||||||
assert mosquitto.is_enabled
|
|
||||||
|
|
||||||
|
|
||||||
def test_mosquitto_socket(host):
|
|
||||||
# Verify the socket is listening for HTTP traffic
|
|
||||||
assert host.socket("tcp://127.0.0.1:1883").is_listening
|
|
12
setup.cfg
12
setup.cfg
|
@ -1,12 +0,0 @@
|
||||||
[flake8]
|
|
||||||
ignore = D100, D101, D102, D103, D105, D107, E402, W503
|
|
||||||
max-line-length = 99
|
|
||||||
inline-quotes = double
|
|
||||||
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
|
|
||||||
|
|
||||||
[yapf]
|
|
||||||
based_on_style = google
|
|
||||||
column_limit = 99
|
|
||||||
dedent_closing_brackets = true
|
|
||||||
coalesce_brackets = true
|
|
||||||
split_before_logical_operator = true
|
|
|
@ -1,50 +0,0 @@
|
||||||
---
|
|
||||||
- name: Check if password file '{{ mosquitto_password_auth_file }}' exists
|
|
||||||
stat:
|
|
||||||
path: "{{ mosquitto_password_auth_file }}"
|
|
||||||
register: __mosquitto_passwd
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
||||||
|
|
||||||
- name: Create password file if not exist
|
|
||||||
file:
|
|
||||||
path: "{{ mosquitto_password_auth_file }}"
|
|
||||||
mode: 0600
|
|
||||||
state: touch
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
||||||
when: not __mosquitto_passwd.stat.exists
|
|
||||||
|
|
||||||
# TODO: ugly workaround, move this to a custom module
|
|
||||||
- block:
|
|
||||||
- name: Add users to password file
|
|
||||||
command: "mosquitto_passwd -b {{ mosquitto_password_auth_file }} {{ item.name }} {{ item.password }}"
|
|
||||||
loop: "{{ mosquitto_password_auth_users }}"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.name }}"
|
|
||||||
when: item.state == "present"
|
|
||||||
changed_when: False
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Remove unnecessary users from password file
|
|
||||||
command: "mosquitto_passwd -D {{ mosquitto_password_auth_file }} {{ item.name }}"
|
|
||||||
loop: "{{ mosquitto_password_auth_users }}"
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.name }}"
|
|
||||||
when: item.state == "absent"
|
|
||||||
changed_when: False
|
|
||||||
no_log: True
|
|
||||||
|
|
||||||
- name: Create acl file at '{{ mosquitto_acl_file }}'
|
|
||||||
template:
|
|
||||||
src: "etc/mosquitto/aclfile.j2"
|
|
||||||
dest: "{{ mosquitto_acl_file }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0600
|
|
||||||
when:
|
|
||||||
- mosquitto_acl_enabled | bool
|
|
||||||
- mosquitto_acl is defined
|
|
||||||
notify: __mosquitto_restart
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
|
@ -1,31 +0,0 @@
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Install mqtt packages
|
|
||||||
package:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
loop: "{{ mosquitto_packages_extra + __mosquitto_packages }}"
|
|
||||||
|
|
||||||
- name: Create group '{{ mosquitto_group }}'
|
|
||||||
group:
|
|
||||||
name: '{{ mosquitto_group }}'
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Create user '{{ mosquitto_user }}'
|
|
||||||
user:
|
|
||||||
name: '{{ mosquitto_user }}'
|
|
||||||
group: '{{ mosquitto_group }}'
|
|
||||||
home: "{{ mosquitto_base_dir }}"
|
|
||||||
system: yes
|
|
||||||
shell: /sbin/nologin
|
|
||||||
|
|
||||||
- name: Deploy default configuration
|
|
||||||
template:
|
|
||||||
src: "etc/mosquitto/mosquitto.conf.j2"
|
|
||||||
dest: "{{ mosquitto_base_dir }}/mosquitto.conf"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
notify: __mosquitto_restart
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
- import_tasks: install.yml
|
|
||||||
- import_tasks: config.yml
|
|
||||||
- import_tasks: tls.yml
|
|
||||||
when: mosquitto_tls_enabled | bool
|
|
||||||
tags: tls_renewal
|
|
||||||
- import_tasks: post_tasks.yml
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
- name: Ensure mosquitto service is up and running
|
|
||||||
service:
|
|
||||||
state: started
|
|
||||||
daemon_reload: yes
|
|
||||||
enabled: yes
|
|
||||||
name: mosquitto
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
- block:
|
|
||||||
- name: Create tls folder structure
|
|
||||||
file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
recurse: True
|
|
||||||
loop:
|
|
||||||
- "{{ mosquitto_tls_cert_path | dirname }}"
|
|
||||||
- "{{ mosquitto_tls_key_path | dirname }}"
|
|
||||||
|
|
||||||
- name: Copy certs and private key
|
|
||||||
copy:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: "{{ item.mode }}"
|
|
||||||
loop:
|
|
||||||
- { src: "{{ mosquitto_tls_key_source }}", dest: '{{ mosquitto_tls_key_path }}', mode: '0600' }
|
|
||||||
- { src: "{{ mosquitto_tls_cert_source }}", dest: '{{ mosquitto_tls_cert_path }}', mode: '0750' }
|
|
||||||
loop_control:
|
|
||||||
label: "{{ item.dest }}"
|
|
||||||
notify: __mosquitto_restart
|
|
||||||
become: True
|
|
||||||
become_user: root
|
|
|
@ -1,10 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
{% for item in mosquitto_acl %}
|
|
||||||
{% if not item.name == "all" %}
|
|
||||||
user {{ item.name }}
|
|
||||||
{% endif %}
|
|
||||||
{% for acl in item.acls %}
|
|
||||||
{{ acl.acl_base if acl.acl_base is defined else 'topic' }} {{ acl.acl_policy }} {{ acl.acl_topic }}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
{% endfor %}
|
|
|
@ -1,868 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
# =================================================================
|
|
||||||
# General configuration
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# Time in seconds between updates of the $SYS tree.
|
|
||||||
# Set to 0 to disable the publishing of the $SYS tree.
|
|
||||||
#sys_interval 10
|
|
||||||
|
|
||||||
# Time in seconds between cleaning the internal message store of
|
|
||||||
# unreferenced messages. Lower values will result in lower memory
|
|
||||||
# usage but more processor time, higher values will have the
|
|
||||||
# opposite effect.
|
|
||||||
# Setting a value of 0 means the unreferenced messages will be
|
|
||||||
# disposed of as quickly as possible.
|
|
||||||
#store_clean_interval 10
|
|
||||||
|
|
||||||
# Write process id to a file. Default is a blank string which means
|
|
||||||
# a pid file shouldn't be written.
|
|
||||||
# This should be set to /var/run/mosquitto.pid if mosquitto is
|
|
||||||
# being run automatically on boot with an init script and
|
|
||||||
# start-stop-daemon or similar.
|
|
||||||
pid_file {{ mosquitto_pid_file }}
|
|
||||||
|
|
||||||
# When run as root, drop privileges to this user and its primary
|
|
||||||
# group.
|
|
||||||
# Set to root to stay as root, but this is not recommended.
|
|
||||||
# If run as a non-root user, this setting has no effect.
|
|
||||||
# Note that on Windows this has no effect and so mosquitto should
|
|
||||||
# be started by the user you wish it to run as.
|
|
||||||
user {{ mosquitto_user }}
|
|
||||||
|
|
||||||
# The maximum number of QoS 1 and 2 messages currently inflight per
|
|
||||||
# client.
|
|
||||||
# This includes messages that are partway through handshakes and
|
|
||||||
# those that are being retried. Defaults to 20. Set to 0 for no
|
|
||||||
# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
|
|
||||||
# and 2 messages.
|
|
||||||
#max_inflight_messages 20
|
|
||||||
|
|
||||||
# QoS 1 and 2 messages will be allowed inflight per client until this limit
|
|
||||||
# is exceeded. Defaults to 0. (No maximum)
|
|
||||||
# See also max_inflight_messages
|
|
||||||
#max_inflight_bytes 0
|
|
||||||
|
|
||||||
# The maximum number of QoS 1 and 2 messages to hold in a queue per client
|
|
||||||
# above those that are currently in-flight. Defaults to 100. Set
|
|
||||||
# to 0 for no maximum (not recommended).
|
|
||||||
# See also queue_qos0_messages.
|
|
||||||
# See also max_queued_bytes.
|
|
||||||
#max_queued_messages 100
|
|
||||||
|
|
||||||
# QoS 1 and 2 messages above those currently in-flight will be queued per
|
|
||||||
# client until this limit is exceeded. Defaults to 0. (No maximum)
|
|
||||||
# See also max_queued_messages.
|
|
||||||
# If both max_queued_messages and max_queued_bytes are specified, packets will
|
|
||||||
# be queued until the first limit is reached.
|
|
||||||
#max_queued_bytes 0
|
|
||||||
|
|
||||||
# Set to true to queue messages with QoS 0 when a persistent client is
|
|
||||||
# disconnected. These messages are included in the limit imposed by
|
|
||||||
# max_queued_messages and max_queued_bytes
|
|
||||||
# Defaults to false.
|
|
||||||
# This is a non-standard option for the MQTT v3.1 spec but is allowed in
|
|
||||||
# v3.1.1.
|
|
||||||
#queue_qos0_messages false
|
|
||||||
|
|
||||||
# This option sets the maximum publish payload size that the broker will allow.
|
|
||||||
# Received messages that exceed this size will not be accepted by the broker.
|
|
||||||
# The default value is 0, which means that all valid MQTT messages are
|
|
||||||
# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
|
|
||||||
#message_size_limit 0
|
|
||||||
|
|
||||||
# This option controls whether a client is allowed to connect with a zero
|
|
||||||
# length client id or not. This option only affects clients using MQTT v3.1.1
|
|
||||||
# and later. If set to false, clients connecting with a zero length client id
|
|
||||||
# are disconnected. If set to true, clients will be allocated a client id by
|
|
||||||
# the broker. This means it is only useful for clients with clean session set
|
|
||||||
# to true.
|
|
||||||
#allow_zero_length_clientid true
|
|
||||||
|
|
||||||
# If allow_zero_length_clientid is true, this option allows you to set a prefix
|
|
||||||
# to automatically generated client ids to aid visibility in logs.
|
|
||||||
#auto_id_prefix
|
|
||||||
|
|
||||||
# This option allows persistent clients (those with clean session set to false)
|
|
||||||
# to be removed if they do not reconnect within a certain time frame.
|
|
||||||
#
|
|
||||||
# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
|
|
||||||
#
|
|
||||||
# Badly designed clients may set clean session to false whilst using a randomly
|
|
||||||
# generated client id. This leads to persistent clients that will never
|
|
||||||
# reconnect. This option allows these clients to be removed.
|
|
||||||
#
|
|
||||||
# The expiration period should be an integer followed by one of h d w m y for
|
|
||||||
# hour, day, week, month and year respectively. For example
|
|
||||||
#
|
|
||||||
# persistent_client_expiration 2m
|
|
||||||
# persistent_client_expiration 14d
|
|
||||||
# persistent_client_expiration 1y
|
|
||||||
#
|
|
||||||
# The default if not set is to never expire persistent clients.
|
|
||||||
#persistent_client_expiration
|
|
||||||
|
|
||||||
# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
|
|
||||||
# and foo/+/baz , then MQTT expects that when the broker receives a message on
|
|
||||||
# a topic that matches both subscriptions, such as foo/bar/baz, then the client
|
|
||||||
# should only receive the message once.
|
|
||||||
# Mosquitto keeps track of which clients a message has been sent to in order to
|
|
||||||
# meet this requirement. The allow_duplicate_messages option allows this
|
|
||||||
# behaviour to be disabled, which may be useful if you have a large number of
|
|
||||||
# clients subscribed to the same set of topics and are very concerned about
|
|
||||||
# minimising memory usage.
|
|
||||||
# It can be safely set to true if you know in advance that your clients will
|
|
||||||
# never have overlapping subscriptions, otherwise your clients must be able to
|
|
||||||
# correctly deal with duplicate messages even when then have QoS=2.
|
|
||||||
#allow_duplicate_messages false
|
|
||||||
|
|
||||||
# The MQTT specification requires that the QoS of a message delivered to a
|
|
||||||
# subscriber is never upgraded to match the QoS of the subscription. Enabling
|
|
||||||
# this option changes this behaviour. If upgrade_outgoing_qos is set true,
|
|
||||||
# messages sent to a subscriber will always match the QoS of its subscription.
|
|
||||||
# This is a non-standard option explicitly disallowed by the spec.
|
|
||||||
#upgrade_outgoing_qos false
|
|
||||||
|
|
||||||
# Disable Nagle's algorithm on client sockets. This has the effect of reducing
|
|
||||||
# latency of individual messages at the potential cost of increasing the number
|
|
||||||
# of packets being sent.
|
|
||||||
#set_tcp_nodelay false
|
|
||||||
|
|
||||||
# Use per listener security settings.
|
|
||||||
# If this option is set to true, then all authentication and access control
|
|
||||||
# options are controlled on a per listener basis. The following options are
|
|
||||||
# affected:
|
|
||||||
#
|
|
||||||
# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
|
|
||||||
# auto_id_prefix allow_zero_length_clientid
|
|
||||||
#
|
|
||||||
# The default behaviour is for this to be set to false, which maintains the
|
|
||||||
# setting behaviour from previous versions of mosquitto.
|
|
||||||
#per_listener_settings false
|
|
||||||
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# Default listener
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# IP address/hostname to bind the default listener to. If not
|
|
||||||
# given, the default listener will not be bound to a specific
|
|
||||||
# address and so will be accessible to all network interfaces.
|
|
||||||
# bind_address ip-address/host name
|
|
||||||
bind_address {{ mosquitto_bind_address }}
|
|
||||||
|
|
||||||
# Port to use for the default listener.
|
|
||||||
port {{ mosquitto_port }}
|
|
||||||
|
|
||||||
# The maximum number of client connections to allow. This is
|
|
||||||
# a per listener setting.
|
|
||||||
# Default is -1, which means unlimited connections.
|
|
||||||
# Note that other process limits mean that unlimited connections
|
|
||||||
# are not really possible. Typically the default maximum number of
|
|
||||||
# connections possible is around 1024.
|
|
||||||
#max_connections -1
|
|
||||||
|
|
||||||
# Choose the protocol to use when listening.
|
|
||||||
# This can be either mqtt or websockets.
|
|
||||||
# Websockets support is currently disabled by default at compile time.
|
|
||||||
# Certificate based TLS may be used with websockets, except that
|
|
||||||
# only the cafile, certfile, keyfile and ciphers options are supported.
|
|
||||||
#protocol mqtt
|
|
||||||
|
|
||||||
# When a listener is using the websockets protocol, it is possible to serve
|
|
||||||
# http data as well. Set http_dir to a directory which contains the files you
|
|
||||||
# wish to serve. If this option is not specified, then no normal http
|
|
||||||
# connections will be possible.
|
|
||||||
#http_dir
|
|
||||||
|
|
||||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
|
||||||
# connected with with its username. This allows authentication to be tied to
|
|
||||||
# the clientid, which means that it is possible to prevent one client
|
|
||||||
# disconnecting another by using the same clientid.
|
|
||||||
# If a client connects with no username it will be disconnected as not
|
|
||||||
# authorised when this option is set to true.
|
|
||||||
# Do not use in conjunction with clientid_prefixes.
|
|
||||||
# See also use_identity_as_username.
|
|
||||||
#use_username_as_clientid
|
|
||||||
|
|
||||||
{% if mosquitto_tls_enabled %}
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Certificate based SSL/TLS support
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# The following options can be used to enable SSL/TLS support for
|
|
||||||
# this listener. Note that the recommended port for MQTT over TLS
|
|
||||||
# is 8883, but this must be set manually.
|
|
||||||
#
|
|
||||||
# See also the mosquitto-tls man page.
|
|
||||||
|
|
||||||
# At least one of cafile or capath must be defined. They both
|
|
||||||
# define methods of accessing the PEM encoded Certificate
|
|
||||||
# Authority certificates that have signed your server certificate
|
|
||||||
# and that you wish to trust.
|
|
||||||
# cafile defines the path to a file containing the CA certificates.
|
|
||||||
# capath defines a directory that will be searched for files
|
|
||||||
# containing the CA certificates. For capath to work correctly, the
|
|
||||||
# certificate files must have ".crt" as the file ending and you must run
|
|
||||||
# "openssl rehash /path/to/capath" each time you add/remove a certificate.
|
|
||||||
#cafile
|
|
||||||
capath {{ mosquitto_ca_path }}
|
|
||||||
|
|
||||||
# Path to the PEM encoded server certificate.
|
|
||||||
certfile {{ mosquitto_tls_cert_path }}
|
|
||||||
|
|
||||||
# Path to the PEM encoded keyfile.
|
|
||||||
keyfile {{ mosquitto_tls_key_path }}
|
|
||||||
|
|
||||||
# This option defines the version of the TLS protocol to use for this listener.
|
|
||||||
# The default value allows v1.2, v1.1 and v1.0. The valid values are tlsv1.2
|
|
||||||
# tlsv1.1 and tlsv1.
|
|
||||||
tls_version tlsv1.2
|
|
||||||
|
|
||||||
# By default a TLS enabled listener will operate in a similar fashion to a
|
|
||||||
# https enabled web server, in that the server has a certificate signed by a CA
|
|
||||||
# and the client will verify that it is a trusted certificate. The overall aim
|
|
||||||
# is encryption of the network traffic. By setting require_certificate to true,
|
|
||||||
# the client must provide a valid certificate in order for the network
|
|
||||||
# connection to proceed. This allows access to the broker to be controlled
|
|
||||||
# outside of the mechanisms provided by MQTT.
|
|
||||||
#require_certificate false
|
|
||||||
|
|
||||||
# If require_certificate is true, you may set use_identity_as_username to true
|
|
||||||
# to use the CN value from the client certificate as a username. If this is
|
|
||||||
# true, the password_file option will not be used for this listener.
|
|
||||||
# This takes priority over use_subject_as_username.
|
|
||||||
# See also use_subject_as_username.
|
|
||||||
#use_identity_as_username false
|
|
||||||
|
|
||||||
# If require_certificate is true, you may set use_subject_as_username to true
|
|
||||||
# to use the complete subject value from the client certificate as a username.
|
|
||||||
# If this is true, the password_file option will not be used for this listener.
|
|
||||||
# See also use_identity_as_username
|
|
||||||
#use_subject_as_username false
|
|
||||||
|
|
||||||
# If you have require_certificate set to true, you can create a certificate
|
|
||||||
# revocation list file to revoke access to particular client certificates. If
|
|
||||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
|
||||||
#crlfile
|
|
||||||
|
|
||||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
|
||||||
# option. The list of available ciphers can be obtained using the "openssl
|
|
||||||
# ciphers" command and should be provided in the same format as the output of
|
|
||||||
# that command.
|
|
||||||
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
|
||||||
ciphers {{ mosquitto_tls_ciphers | join(':') }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Pre-shared-key based SSL/TLS support
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# The following options can be used to enable PSK based SSL/TLS support for
|
|
||||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
|
||||||
# this must be set manually.
|
|
||||||
#
|
|
||||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
|
||||||
# support" section. Only one of certificate or PSK encryption support can be
|
|
||||||
# enabled for any listener.
|
|
||||||
|
|
||||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
|
||||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
|
||||||
# be used locally to aid authentication. The hint is a free form string that
|
|
||||||
# doesn't have much meaning in itself, so feel free to be creative.
|
|
||||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
|
||||||
# used or create a security plugin to handle them.
|
|
||||||
#psk_hint
|
|
||||||
|
|
||||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
|
||||||
# as its username. Authentication will be carried out using the PSK rather than
|
|
||||||
# the MQTT username/password and so password_file will not be used for this
|
|
||||||
# listener.
|
|
||||||
#use_identity_as_username false
|
|
||||||
|
|
||||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
|
||||||
# available PSK ciphers. If you want to control which ciphers are available,
|
|
||||||
# use the "ciphers" option. The list of available ciphers can be obtained
|
|
||||||
# using the "openssl ciphers" command and should be provided in the same format
|
|
||||||
# as the output of that command.
|
|
||||||
#ciphers
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# Extra listeners
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# Listen on a port/ip address combination. By using this variable
|
|
||||||
# multiple times, mosquitto can listen on more than one port. If
|
|
||||||
# this variable is used and neither bind_address nor port given,
|
|
||||||
# then the default listener will not be started.
|
|
||||||
# The port number to listen on must be given. Optionally, an ip
|
|
||||||
# address or host name may be supplied as a second argument. In
|
|
||||||
# this case, mosquitto will attempt to bind the listener to that
|
|
||||||
# address and so restrict access to the associated network and
|
|
||||||
# interface. By default, mosquitto will listen on all interfaces.
|
|
||||||
# Note that for a websockets listener it is not possible to bind to a host
|
|
||||||
# name.
|
|
||||||
# listener port-number [ip address/host name]
|
|
||||||
#listener
|
|
||||||
|
|
||||||
# The maximum number of client connections to allow. This is
|
|
||||||
# a per listener setting.
|
|
||||||
# Default is -1, which means unlimited connections.
|
|
||||||
# Note that other process limits mean that unlimited connections
|
|
||||||
# are not really possible. Typically the default maximum number of
|
|
||||||
# connections possible is around 1024.
|
|
||||||
#max_connections -1
|
|
||||||
|
|
||||||
# The listener can be restricted to operating within a topic hierarchy using
|
|
||||||
# the mount_point option. This is achieved be prefixing the mount_point string
|
|
||||||
# to all topics for any clients connected to this listener. This prefixing only
|
|
||||||
# happens internally to the broker; the client will not see the prefix.
|
|
||||||
#mount_point
|
|
||||||
|
|
||||||
# Choose the protocol to use when listening.
|
|
||||||
# This can be either mqtt or websockets.
|
|
||||||
# Certificate based TLS may be used with websockets, except that only the
|
|
||||||
# cafile, certfile, keyfile and ciphers options are supported.
|
|
||||||
#protocol mqtt
|
|
||||||
|
|
||||||
# When a listener is using the websockets protocol, it is possible to serve
|
|
||||||
# http data as well. Set http_dir to a directory which contains the files you
|
|
||||||
# wish to serve. If this option is not specified, then no normal http
|
|
||||||
# connections will be possible.
|
|
||||||
#http_dir
|
|
||||||
|
|
||||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
|
||||||
# connected with with its username. This allows authentication to be tied to
|
|
||||||
# the clientid, which means that it is possible to prevent one client
|
|
||||||
# disconnecting another by using the same clientid.
|
|
||||||
# If a client connects with no username it will be disconnected as not
|
|
||||||
# authorised when this option is set to true.
|
|
||||||
# Do not use in conjunction with clientid_prefixes.
|
|
||||||
# See also use_identity_as_username.
|
|
||||||
#use_username_as_clientid
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Certificate based SSL/TLS support
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# The following options can be used to enable certificate based SSL/TLS support
|
|
||||||
# for this listener. Note that the recommended port for MQTT over TLS is 8883,
|
|
||||||
# but this must be set manually.
|
|
||||||
#
|
|
||||||
# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
|
|
||||||
# support" section. Only one of certificate or PSK encryption support can be
|
|
||||||
# enabled for any listener.
|
|
||||||
|
|
||||||
# At least one of cafile or capath must be defined to enable certificate based
|
|
||||||
# TLS encryption. They both define methods of accessing the PEM encoded
|
|
||||||
# Certificate Authority certificates that have signed your server certificate
|
|
||||||
# and that you wish to trust.
|
|
||||||
# cafile defines the path to a file containing the CA certificates.
|
|
||||||
# capath defines a directory that will be searched for files
|
|
||||||
# containing the CA certificates. For capath to work correctly, the
|
|
||||||
# certificate files must have ".crt" as the file ending and you must run
|
|
||||||
# "openssl rehash /path/to/capath" each time you add/remove a certificate.
|
|
||||||
#cafile
|
|
||||||
#capath
|
|
||||||
|
|
||||||
# Path to the PEM encoded server certificate.
|
|
||||||
#certfile
|
|
||||||
|
|
||||||
# Path to the PEM encoded keyfile.
|
|
||||||
#keyfile
|
|
||||||
|
|
||||||
# By default an TLS enabled listener will operate in a similar fashion to a
|
|
||||||
# https enabled web server, in that the server has a certificate signed by a CA
|
|
||||||
# and the client will verify that it is a trusted certificate. The overall aim
|
|
||||||
# is encryption of the network traffic. By setting require_certificate to true,
|
|
||||||
# the client must provide a valid certificate in order for the network
|
|
||||||
# connection to proceed. This allows access to the broker to be controlled
|
|
||||||
# outside of the mechanisms provided by MQTT.
|
|
||||||
#require_certificate false
|
|
||||||
|
|
||||||
# If require_certificate is true, you may set use_identity_as_username to true
|
|
||||||
# to use the CN value from the client certificate as a username. If this is
|
|
||||||
# true, the password_file option will not be used for this listener.
|
|
||||||
#use_identity_as_username false
|
|
||||||
|
|
||||||
# If you have require_certificate set to true, you can create a certificate
|
|
||||||
# revocation list file to revoke access to particular client certificates. If
|
|
||||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
|
||||||
#crlfile
|
|
||||||
|
|
||||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
|
||||||
# option. The list of available ciphers can be optained using the "openssl
|
|
||||||
# ciphers" command and should be provided in the same format as the output of
|
|
||||||
# that command.
|
|
||||||
#ciphers
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Pre-shared-key based SSL/TLS support
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# The following options can be used to enable PSK based SSL/TLS support for
|
|
||||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
|
||||||
# this must be set manually.
|
|
||||||
#
|
|
||||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
|
||||||
# support" section. Only one of certificate or PSK encryption support can be
|
|
||||||
# enabled for any listener.
|
|
||||||
|
|
||||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
|
||||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
|
||||||
# be used locally to aid authentication. The hint is a free form string that
|
|
||||||
# doesn't have much meaning in itself, so feel free to be creative.
|
|
||||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
|
||||||
# used or create a security plugin to handle them.
|
|
||||||
#psk_hint
|
|
||||||
|
|
||||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
|
||||||
# as its username. Authentication will be carried out using the PSK rather than
|
|
||||||
# the MQTT username/password and so password_file will not be used for this
|
|
||||||
# listener.
|
|
||||||
#use_identity_as_username false
|
|
||||||
|
|
||||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
|
||||||
# available PSK ciphers. If you want to control which ciphers are available,
|
|
||||||
# use the "ciphers" option. The list of available ciphers can be optained
|
|
||||||
# using the "openssl ciphers" command and should be provided in the same format
|
|
||||||
# as the output of that command.
|
|
||||||
#ciphers
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# Persistence
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# If persistence is enabled, save the in-memory database to disk
|
|
||||||
# every autosave_interval seconds. If set to 0, the persistence
|
|
||||||
# database will only be written when mosquitto exits. See also
|
|
||||||
# autosave_on_changes.
|
|
||||||
# Note that writing of the persistence database can be forced by
|
|
||||||
# sending mosquitto a SIGUSR1 signal.
|
|
||||||
#autosave_interval 1800
|
|
||||||
|
|
||||||
# If true, mosquitto will count the number of subscription changes, retained
|
|
||||||
# messages received and queued messages and if the total exceeds
|
|
||||||
# autosave_interval then the in-memory database will be saved to disk.
|
|
||||||
# If false, mosquitto will save the in-memory database to disk by treating
|
|
||||||
# autosave_interval as a time in seconds.
|
|
||||||
#autosave_on_changes false
|
|
||||||
|
|
||||||
# Save persistent message data to disk (true/false).
|
|
||||||
# This saves information about all messages, including
|
|
||||||
# subscriptions, currently in-flight messages and retained
|
|
||||||
# messages.
|
|
||||||
# retained_persistence is a synonym for this option.
|
|
||||||
persistence {{ mosquitto_persistence_enabled | lower }}
|
|
||||||
|
|
||||||
{% if mosquitto_persistence_enabled %}
|
|
||||||
persistence_file {{ mosquitto_persistence_path | basename }}
|
|
||||||
persistence_location {{ (mosquitto_persistence_path | dirname) + '/' }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# Logging
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# Places to log to. Use multiple log_dest lines for multiple
|
|
||||||
# logging destinations.
|
|
||||||
# Possible destinations are: stdout stderr syslog topic file
|
|
||||||
#
|
|
||||||
# stdout and stderr log to the console on the named output.
|
|
||||||
#
|
|
||||||
# syslog uses the userspace syslog facility which usually ends up
|
|
||||||
# in /var/log/messages or similar.
|
|
||||||
#
|
|
||||||
# topic logs to the broker topic '$SYS/broker/log/severity',
|
|
||||||
# where severity is one of D, E, W, N, I, M which are debug, error,
|
|
||||||
# warning, notice, information and message. Message type severity is used by
|
|
||||||
# the subscribe/unsubscribe log_types and publishes log messages to
|
|
||||||
# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
|
|
||||||
#
|
|
||||||
# The file destination requires an additional parameter which is the file to be
|
|
||||||
# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
|
|
||||||
# closed and reopened when the broker receives a HUP signal. Only a single file
|
|
||||||
# destination may be configured.
|
|
||||||
#
|
|
||||||
# Note that if the broker is running as a Windows service it will default to
|
|
||||||
# "log_dest none" and neither stdout nor stderr logging is available.
|
|
||||||
# Use "log_dest none" if you wish to disable logging.
|
|
||||||
#log_dest stderr
|
|
||||||
|
|
||||||
# If using syslog logging (not on Windows), messages will be logged to the
|
|
||||||
# "daemon" facility by default. Use the log_facility option to choose which of
|
|
||||||
# local0 to local7 to log to instead. The option value should be an integer
|
|
||||||
# value, e.g. "log_facility 5" to use local5.
|
|
||||||
#log_facility
|
|
||||||
|
|
||||||
# Types of messages to log. Use multiple log_type lines for logging
|
|
||||||
# multiple types of messages.
|
|
||||||
# Possible types are: debug, error, warning, notice, information,
|
|
||||||
# none, subscribe, unsubscribe, websockets, all.
|
|
||||||
# Note that debug type messages are for decoding the incoming/outgoing
|
|
||||||
# network packets. They are not logged in "topics".
|
|
||||||
#log_type error
|
|
||||||
#log_type warning
|
|
||||||
#log_type notice
|
|
||||||
#log_type information
|
|
||||||
|
|
||||||
# Change the websockets logging level. This is a global option, it is not
|
|
||||||
# possible to set per listener. This is an integer that is interpreted by
|
|
||||||
# libwebsockets as a bit mask for its lws_log_levels enum. See the
|
|
||||||
# libwebsockets documentation for more details. "log_type websockets" must also
|
|
||||||
# be enabled.
|
|
||||||
#websockets_log_level 0
|
|
||||||
|
|
||||||
# If set to true, client connection and disconnection messages will be included
|
|
||||||
# in the log.
|
|
||||||
#connection_messages true
|
|
||||||
|
|
||||||
# If set to true, add a timestamp value to each log message.
|
|
||||||
#log_timestamp true
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# Security
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# If set, only clients that have a matching prefix on their
|
|
||||||
# clientid will be allowed to connect to the broker. By default,
|
|
||||||
# all clients may connect.
|
|
||||||
# For example, setting "secure-" here would mean a client "secure-
|
|
||||||
# client" could connect but another with clientid "mqtt" couldn't.
|
|
||||||
#clientid_prefixes
|
|
||||||
|
|
||||||
# Boolean value that determines whether clients that connect
|
|
||||||
# without providing a username are allowed to connect. If set to
|
|
||||||
# false then a password file should be created (see the
|
|
||||||
# password_file option) to control authenticated client access.
|
|
||||||
#
|
|
||||||
# Defaults to true if no other security options are set. If any other
|
|
||||||
# authentication options are set, then allow_anonymous defaults to false.
|
|
||||||
#
|
|
||||||
{% if not mosquitto_password_auth_enabled %}
|
|
||||||
allow_anonymous true
|
|
||||||
{% else %}
|
|
||||||
allow_anonymous false
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Default authentication and topic access control
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
|
|
||||||
# Control access to the broker using a password file. This file can be
|
|
||||||
# generated using the mosquitto_passwd utility. If TLS support is not compiled
|
|
||||||
# into mosquitto (it is recommended that TLS support should be included) then
|
|
||||||
# plain text passwords are used, in which case the file should be a text file
|
|
||||||
# with lines in the format:
|
|
||||||
# username:password
|
|
||||||
# The password (and colon) may be omitted if desired, although this
|
|
||||||
# offers very little in the way of security.
|
|
||||||
#
|
|
||||||
# See the TLS client require_certificate and use_identity_as_username options
|
|
||||||
# for alternative authentication options. If an auth_plugin is used as well as
|
|
||||||
# password_file, the auth_plugin check will be made first.
|
|
||||||
{% if mosquitto_password_auth_enabled %}
|
|
||||||
password_file {{ mosquitto_password_auth_file }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# Access may also be controlled using a pre-shared-key file. This requires
|
|
||||||
# TLS-PSK support and a listener configured to use it. The file should be text
|
|
||||||
# lines in the format:
|
|
||||||
# identity:key
|
|
||||||
# The key should be in hexadecimal format without a leading "0x".
|
|
||||||
# If an auth_plugin is used as well, the auth_plugin check will be made first.
|
|
||||||
#psk_file
|
|
||||||
|
|
||||||
# Control access to topics on the broker using an access control list
|
|
||||||
# file. If this parameter is defined then only the topics listed will
|
|
||||||
# have access.
|
|
||||||
# If the first character of a line of the ACL file is a # it is treated as a
|
|
||||||
# comment.
|
|
||||||
# Topic access is added with lines of the format:
|
|
||||||
#
|
|
||||||
# topic [read|write|readwrite] 'topic'
|
|
||||||
#
|
|
||||||
# The access type is controlled using "read", "write" or "readwrite". This
|
|
||||||
# parameter is optional (unless 'topic' contains a space character) - if not
|
|
||||||
# given then the access is read/write. 'topic' can contain the + or #
|
|
||||||
# wildcards as in subscriptions.
|
|
||||||
#
|
|
||||||
# The first set of topics are applied to anonymous clients, assuming
|
|
||||||
# allow_anonymous is true. User specific topic ACLs are added after a
|
|
||||||
# user line as follows:
|
|
||||||
#
|
|
||||||
# user 'username'
|
|
||||||
#
|
|
||||||
# The username referred to here is the same as in password_file. It is
|
|
||||||
# not the clientid.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# If is also possible to define ACLs based on pattern substitution within the
|
|
||||||
# topic. The patterns available for substition are:
|
|
||||||
#
|
|
||||||
# %c to match the client id of the client
|
|
||||||
# %u to match the username of the client
|
|
||||||
#
|
|
||||||
# The substitution pattern must be the only text for that level of hierarchy.
|
|
||||||
#
|
|
||||||
# The form is the same as for the topic keyword, but using pattern as the
|
|
||||||
# keyword.
|
|
||||||
# Pattern ACLs apply to all users even if the "user" keyword has previously
|
|
||||||
# been given.
|
|
||||||
#
|
|
||||||
# If using bridges with usernames and ACLs, connection messages can be allowed
|
|
||||||
# with the following pattern:
|
|
||||||
# pattern write $SYS/broker/connection/%c/state
|
|
||||||
#
|
|
||||||
# pattern [read|write|readwrite] 'topic'
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
#
|
|
||||||
# pattern write sensor/%u/data
|
|
||||||
#
|
|
||||||
# If an auth_plugin is used as well as acl_file, the auth_plugin check will be
|
|
||||||
# made first.
|
|
||||||
{% if mosquitto_acl_enabled %}
|
|
||||||
acl_file {{ mosquitto_acl_file }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# External authentication and topic access plugin options
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
|
|
||||||
# External authentication and access control can be supported with the
|
|
||||||
# auth_plugin option. This is a path to a loadable plugin. See also the
|
|
||||||
# auth_opt_* options described below.
|
|
||||||
#
|
|
||||||
# The auth_plugin option can be specified multiple times to load multiple
|
|
||||||
# plugins. The plugins will be processed in the order that they are specified
|
|
||||||
# here. If the auth_plugin option is specified alongside either of
|
|
||||||
# password_file or acl_file then the plugin checks will be made first.
|
|
||||||
#
|
|
||||||
#auth_plugin
|
|
||||||
|
|
||||||
# If the auth_plugin option above is used, define options to pass to the
|
|
||||||
# plugin here as described by the plugin instructions. All options named
|
|
||||||
# using the format auth_opt_* will be passed to the plugin, for example:
|
|
||||||
#
|
|
||||||
# auth_opt_db_host
|
|
||||||
# auth_opt_db_port
|
|
||||||
# auth_opt_db_username
|
|
||||||
# auth_opt_db_password
|
|
||||||
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# Bridges
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# A bridge is a way of connecting multiple MQTT brokers together.
|
|
||||||
# Create a new bridge using the "connection" option as described below. Set
|
|
||||||
# options for the bridges using the remaining parameters. You must specify the
|
|
||||||
# address and at least one topic to subscribe to.
|
|
||||||
#
|
|
||||||
# Each connection must have a unique name.
|
|
||||||
#
|
|
||||||
# The address line may have multiple host address and ports specified. See
|
|
||||||
# below in the round_robin description for more details on bridge behaviour if
|
|
||||||
# multiple addresses are used. Note that if you use an IPv6 address, then you
|
|
||||||
# are required to specify a port.
|
|
||||||
#
|
|
||||||
# The direction that the topic will be shared can be chosen by
|
|
||||||
# specifying out, in or both, where the default value is out.
|
|
||||||
# The QoS level of the bridged communication can be specified with the next
|
|
||||||
# topic option. The default QoS level is 0, to change the QoS the topic
|
|
||||||
# direction must also be given.
|
|
||||||
#
|
|
||||||
# The local and remote prefix options allow a topic to be remapped when it is
|
|
||||||
# bridged to/from the remote broker. This provides the ability to place a topic
|
|
||||||
# tree in an appropriate location.
|
|
||||||
#
|
|
||||||
# For more details see the mosquitto.conf man page.
|
|
||||||
#
|
|
||||||
# Multiple topics can be specified per connection, but be careful
|
|
||||||
# not to create any loops.
|
|
||||||
#
|
|
||||||
# If you are using bridges with cleansession set to false (the default), then
|
|
||||||
# you may get unexpected behaviour from incoming topics if you change what
|
|
||||||
# topics you are subscribing to. This is because the remote broker keeps the
|
|
||||||
# subscription for the old topic. If you have this problem, connect your bridge
|
|
||||||
# with cleansession set to true, then reconnect with cleansession set to false
|
|
||||||
# as normal.
|
|
||||||
#connection 'name'
|
|
||||||
#address host[:port] [host[:port]]
|
|
||||||
#topic 'topic' [[[out | in | both] qos-level] local-prefix remote-prefix]
|
|
||||||
|
|
||||||
# Set the version of the MQTT protocol to use with for this bridge. Can be one
|
|
||||||
# of mqttv311 or mqttv11. Defaults to mqttv311.
|
|
||||||
#bridge_protocol_version mqttv311
|
|
||||||
|
|
||||||
# If a bridge has topics that have "out" direction, the default behaviour is to
|
|
||||||
# send an unsubscribe request to the remote broker on that topic. This means
|
|
||||||
# that changing a topic direction from "in" to "out" will not keep receiving
|
|
||||||
# incoming messages. Sending these unsubscribe requests is not always
|
|
||||||
# desirable, setting bridge_attempt_unsubscribe to false will disable sending
|
|
||||||
# the unsubscribe request.
|
|
||||||
#bridge_attempt_unsubscribe true
|
|
||||||
|
|
||||||
# If the bridge has more than one address given in the address/addresses
|
|
||||||
# configuration, the round_robin option defines the behaviour of the bridge on
|
|
||||||
# a failure of the bridge connection. If round_robin is false, the default
|
|
||||||
# value, then the first address is treated as the main bridge connection. If
|
|
||||||
# the connection fails, the other secondary addresses will be attempted in
|
|
||||||
# turn. Whilst connected to a secondary bridge, the bridge will periodically
|
|
||||||
# attempt to reconnect to the main bridge until successful.
|
|
||||||
# If round_robin is true, then all addresses are treated as equals. If a
|
|
||||||
# connection fails, the next address will be tried and if successful will
|
|
||||||
# remain connected until it fails
|
|
||||||
#round_robin false
|
|
||||||
|
|
||||||
# Set the client id to use on the remote end of this bridge connection. If not
|
|
||||||
# defined, this defaults to 'name.hostname' where name is the connection name
|
|
||||||
# and hostname is the hostname of this computer.
|
|
||||||
# This replaces the old "clientid" option to avoid confusion. "clientid"
|
|
||||||
# remains valid for the time being.
|
|
||||||
#remote_clientid
|
|
||||||
|
|
||||||
# Set the clientid to use on the local broker. If not defined, this defaults to
|
|
||||||
# 'local.clientid'. If you are bridging a broker to itself, it is important
|
|
||||||
# that local_clientid and clientid do not match.
|
|
||||||
#local_clientid
|
|
||||||
|
|
||||||
# Set the clean session variable for this bridge.
|
|
||||||
# When set to true, when the bridge disconnects for any reason, all
|
|
||||||
# messages and subscriptions will be cleaned up on the remote
|
|
||||||
# broker. Note that with cleansession set to true, there may be a
|
|
||||||
# significant amount of retained messages sent when the bridge
|
|
||||||
# reconnects after losing its connection.
|
|
||||||
# When set to false, the subscriptions and messages are kept on the
|
|
||||||
# remote broker, and delivered when the bridge reconnects.
|
|
||||||
#cleansession false
|
|
||||||
|
|
||||||
# If set to true, publish notification messages to the local and remote brokers
|
|
||||||
# giving information about the state of the bridge connection. Retained
|
|
||||||
# messages are published to the topic $SYS/broker/connection/clientid/state
|
|
||||||
# unless the notification_topic option is used.
|
|
||||||
# If the message is 1 then the connection is active, or 0 if the connection has
|
|
||||||
# failed.
|
|
||||||
#notifications true
|
|
||||||
|
|
||||||
# Choose the topic on which notification messages for this bridge are
|
|
||||||
# published. If not set, messages are published on the topic
|
|
||||||
# $SYS/broker/connection/clientid/state
|
|
||||||
#notification_topic
|
|
||||||
|
|
||||||
# Set the keepalive interval for this bridge connection, in
|
|
||||||
# seconds.
|
|
||||||
#keepalive_interval 60
|
|
||||||
|
|
||||||
# Set the start type of the bridge. This controls how the bridge starts and
|
|
||||||
# can be one of three types: automatic, lazy and once. Note that RSMB provides
|
|
||||||
# a fourth start type "manual" which isn't currently supported by mosquitto.
|
|
||||||
#
|
|
||||||
# "automatic" is the default start type and means that the bridge connection
|
|
||||||
# will be started automatically when the broker starts and also restarted
|
|
||||||
# after a short delay (30 seconds) if the connection fails.
|
|
||||||
#
|
|
||||||
# Bridges using the "lazy" start type will be started automatically when the
|
|
||||||
# number of queued messages exceeds the number set with the "threshold"
|
|
||||||
# parameter. It will be stopped automatically after the time set by the
|
|
||||||
# "idle_timeout" parameter. Use this start type if you wish the connection to
|
|
||||||
# only be active when it is needed.
|
|
||||||
#
|
|
||||||
# A bridge using the "once" start type will be started automatically when the
|
|
||||||
# broker starts but will not be restarted if the connection fails.
|
|
||||||
#start_type automatic
|
|
||||||
|
|
||||||
# Set the amount of time a bridge using the automatic start type will wait
|
|
||||||
# until attempting to reconnect. Defaults to 30 seconds.
|
|
||||||
#restart_timeout 30
|
|
||||||
|
|
||||||
# Set the amount of time a bridge using the lazy start type must be idle before
|
|
||||||
# it will be stopped. Defaults to 60 seconds.
|
|
||||||
#idle_timeout 60
|
|
||||||
|
|
||||||
# Set the number of messages that need to be queued for a bridge with lazy
|
|
||||||
# start type to be restarted. Defaults to 10 messages.
|
|
||||||
# Must be less than max_queued_messages.
|
|
||||||
#threshold 10
|
|
||||||
|
|
||||||
# If try_private is set to true, the bridge will attempt to indicate to the
|
|
||||||
# remote broker that it is a bridge not an ordinary client. If successful, this
|
|
||||||
# means that loop detection will be more effective and that retained messages
|
|
||||||
# will be propagated correctly. Not all brokers support this feature so it may
|
|
||||||
# be necessary to set try_private to false if your bridge does not connect
|
|
||||||
# properly.
|
|
||||||
#try_private true
|
|
||||||
|
|
||||||
# Set the username to use when connecting to a broker that requires
|
|
||||||
# authentication.
|
|
||||||
# This replaces the old "username" option to avoid confusion. "username"
|
|
||||||
# remains valid for the time being.
|
|
||||||
#remote_username
|
|
||||||
|
|
||||||
# Set the password to use when connecting to a broker that requires
|
|
||||||
# authentication. This option is only used if remote_username is also set.
|
|
||||||
# This replaces the old "password" option to avoid confusion. "password"
|
|
||||||
# remains valid for the time being.
|
|
||||||
#remote_password
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Certificate based SSL/TLS support
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Either bridge_cafile or bridge_capath must be defined to enable TLS support
|
|
||||||
# for this bridge.
|
|
||||||
# bridge_cafile defines the path to a file containing the
|
|
||||||
# Certificate Authority certificates that have signed the remote broker
|
|
||||||
# certificate.
|
|
||||||
# bridge_capath defines a directory that will be searched for files containing
|
|
||||||
# the CA certificates. For bridge_capath to work correctly, the certificate
|
|
||||||
# files must have ".crt" as the file ending and you must run "openssl rehash
|
|
||||||
# /path/to/capath" each time you add/remove a certificate.
|
|
||||||
#bridge_cafile
|
|
||||||
#bridge_capath
|
|
||||||
|
|
||||||
# Path to the PEM encoded client certificate, if required by the remote broker.
|
|
||||||
#bridge_certfile
|
|
||||||
|
|
||||||
# Path to the PEM encoded client private key, if required by the remote broker.
|
|
||||||
#bridge_keyfile
|
|
||||||
|
|
||||||
# When using certificate based encryption, bridge_insecure disables
|
|
||||||
# verification of the server hostname in the server certificate. This can be
|
|
||||||
# useful when testing initial server configurations, but makes it possible for
|
|
||||||
# a malicious third party to impersonate your server through DNS spoofing, for
|
|
||||||
# example. Use this option in testing only. If you need to resort to using this
|
|
||||||
# option in a production environment, your setup is at fault and there is no
|
|
||||||
# point using encryption.
|
|
||||||
#bridge_insecure false
|
|
||||||
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# PSK based SSL/TLS support
|
|
||||||
# -----------------------------------------------------------------
|
|
||||||
# Pre-shared-key encryption provides an alternative to certificate based
|
|
||||||
# encryption. A bridge can be configured to use PSK with the bridge_identity
|
|
||||||
# and bridge_psk options. These are the client PSK identity, and pre-shared-key
|
|
||||||
# in hexadecimal format with no "0x". Only one of certificate and PSK based
|
|
||||||
# encryption can be used on one
|
|
||||||
# bridge at once.
|
|
||||||
#bridge_identity
|
|
||||||
#bridge_psk
|
|
||||||
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# External config files
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
# External configuration files may be included by using the
|
|
||||||
# include_dir option. This defines a directory that will be searched
|
|
||||||
# for config files. All files that end in '.conf' will be loaded as
|
|
||||||
# a configuration file. It is best to have this as the last option
|
|
||||||
# in the main file. This option will only be processed from the main
|
|
||||||
# configuration file. The directory specified must not contain the
|
|
||||||
# main configuration file.
|
|
||||||
#include_dir
|
|
||||||
|
|
||||||
# =================================================================
|
|
||||||
# rsmb options - unlikely to ever be supported
|
|
||||||
# =================================================================
|
|
||||||
|
|
||||||
#ffdc_output
|
|
||||||
#max_log_entries
|
|
||||||
#trace_level
|
|
||||||
#trace_output
|
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
__mosquitto_packages:
|
|
||||||
- mosquitto
|
|
Loading…
Reference in New Issue