From 47a91f2db4a5032fdfd0fb863081d468f632e3ae Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Thu, 13 Jun 2019 17:21:40 +0200 Subject: [PATCH] persistence included --- Dockerfile | 4 +++- mosquitto-start.sh | 9 ++++++--- mosquitto.conf-sample | 3 ++- readme.md | 33 +++++++++++++++++++++------------ 4 files changed, 32 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index b06b5cd..fd81b2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,13 +12,15 @@ RUN \ apt update && \ apt install -y mariadb-client openssl libwebsockets8 && \ groupadd -r -g $MOSQ_GID $MOSQ_USER && \ - useradd -m -r -u $MOSQ_UID -g $MOSQ_USER $MOSQ_USER + useradd -m -r -u $MOSQ_UID -g $MOSQ_USER $MOSQ_USER && \ + mkdir -p /opt/data COPY opt/ /opt COPY etc/ /opt/etc VOLUME /opt/etc +VOLUME /opt/data EXPOSE 1883/tcp EXPOSE 8883/tcp EXPOSE 9001/tcp diff --git a/mosquitto-start.sh b/mosquitto-start.sh index 53e3c4e..952f0fa 100755 --- a/mosquitto-start.sh +++ b/mosquitto-start.sh @@ -1,9 +1,11 @@ #!/bin/bash IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest -VOLUME=mosquitto-config +VOLUME_CONFIG=mosquitto-config +VOLUME_DATA=mosquitto-data -docker volume inspect $VOLUME > /dev/null || docker volume create $VOLUME +docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG +docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA docker pull $IMAGE @@ -13,7 +15,8 @@ docker run \ -p1883:1883 \ -p8883:8883 \ -p9001:9001 \ - -v $VOLUME:/opt/etc/mosquitto \ + -v $VOLUME_CONFIG:/opt/etc/mosquitto \ + -v $VOLUME_DATA:/opt/data \ --link mariadb \ --name mosquitto \ $IMAGE diff --git a/mosquitto.conf-sample b/mosquitto.conf-sample index cf0fe18..59c2950 100644 --- a/mosquitto.conf-sample +++ b/mosquitto.conf-sample @@ -1,6 +1,7 @@ log_dest stdout -persistence false +persistence true +persistence_location /opt/data/ listener 1883 protocol mqtt diff --git a/readme.md b/readme.md index 5a0b294..cba8d2e 100644 --- a/readme.md +++ b/readme.md @@ -23,33 +23,41 @@ All logging is send to `stdout`, so it can be inspected using `docker logs -f /dev/null || docker volume create $VOLUME + docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG + docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA docker pull $IMAGE docker run \ - -d \ - --rm \ - -p1883:1883 \ - -p8883:8883 \ - -p9001:9001 \ - -v $VOLUME:/opt/etc/mosquitto \ - --link mariadb \ - --name mosquitto \ - $IMAGE + -d \ + --rm \ + -p1883:1883 \ + -p8883:8883 \ + -p9001:9001 \ + -v $VOLUME_CONFIG:/opt/etc/mosquitto \ + -v $VOLUME_DATA:/opt/data \ + --link mariadb \ + --name mosquitto \ + $IMAGE + + The container expects the main configuration file in the root of the volume named `mosquitto.conf`. A very simple configuration, only supporting MQTT on port 1883 is: + log_dest stdout - persistence false + persistence true + persistence_location /opt/data/ listener 1883 protocol mqtt @@ -69,6 +77,7 @@ A very simple configuration, only supporting MQTT on port 1883 is: auth_opt_mysql_userquery SELECT pw FROM users WHERE username = ? auth_opt_mysql_aclquery SELECT topic FROM acls WHERE username = ? AND (rw & ?) != 0 + The original readme of the mosquitto-go-auth plugin proposes a different acl query. However, that one didn't work for me. Maybe the meaning of the access attribute handed over from mosquitto core to the plugin has been changed in between. Actually, it appears to me that the meaning of this attribute has to be interpreted bitwise: Bit0 (1) is read access, Bit1 (2) is write access (publish), Bit0 and Bit1 (3) is readwrite access and Bit2 (4) is subscribe access. Write access is obviously and verified be test publish and subscribe access is also obviously subscribe. Currently I don't know what is meant be read access. For this reason I'm using a bitwise operation in the acl query. I set the rw column for those users who should have read-only access to 5 (1&4), for users who should only publish to 2 and for those ones who should read and write to 7 (1&2&4).