Dynamic mqtt authentication with mosquitto go auth on postgres
How to check if this branch is working
Only for local testing environments! The following steps will remove all data!
- Remove Containers
docker-compose down -v --remove-orphans --timeout 0- Remove data
./remove-all-data.sh- Start fresh containers
docker-compose up -d mqtt-broker mqtt-cat- Create a dynamic mqtt user named
foowith passwordbarbaz
echo $'INSERT INTO mqtt_auth.mqtt_user VALUES (23, \'474f7a48-3a87-11ed-9425-54e1ad7c5c19\', \'foo\', \'PBKDF2$sha512$320000$dU5YYmFNZjA0dWFCNTZIYVRyN1UySg==$Re1agXidf0bqo6vi2hpg5zbuvik7p3+8GkH6TRd15HyvyWMyvv3R//eAN3k3nRXgoYy+Fj9kdZZfvfqAV3rCQQ==\')' | docker-compose exec -T database bash -c "PGPASSWORD=\$POSTGRES_PASSWORD psql -U \$POSTGRES_USER"- Open a second shell to watch the contents of the mqtt bus
docker-compose logs --follow --timestamps mqtt-cat- Publish a test message as dynamic mqtt user
foo
echo "very local data!" | docker-compose run --rm -T mqtt-broker sh -c "mosquitto_pub -t mqtt_ingest/foo/beautiful/sensor/1 -u foo -P barbaz -s -h mqtt-broker -p 1883"If everything is working as expected the message published in step 6 (very local data!) should appear in the mqtt-cat log.
How to deploy in production environment (i.e. TSM-VM)
- Remove old password and acl file or make a backup
mv data/mosquitto/auth/mosquitto.acl data/mosquitto/auth/mosquitto.acl_
mv data/mosquitto/auth/mosquitto.passwd data/mosquitto/auth/mosquitto.passwd_- Recreate users, unfortunately with the same password as when they where created at the first time
docker-compose exec mqtt-broker bash -c $'echo `echo -n "MY_NEW_MQTT_USER:" && /mosquitto/pw -p "MY_NEW_MQTT_PASSWORD"` >> /mosquitto-auth/mosquitto.passwd'Edited by Luca Johannes Nendel