From 6af0f83c55bb9db3bdff9524cf3f0ec361148baf Mon Sep 17 00:00:00 2001 From: Pascal Vizeli Date: Mon, 1 Jul 2019 15:37:53 +0200 Subject: [PATCH] Mqtt update (#620) * Update Mosquitto / Auth plugin * file * extract auth plugin builder * fix arm * fix build * Fix multiarch build * cleanup * test * Use own plugin * cleanup config handling * Fix startup * revert bashio config * fix error * Update CHANGELOG.md * cleanup --- mosquitto/CHANGELOG.md | 6 +++++ mosquitto/Dockerfile | 13 +++------- mosquitto/build.json | 9 ++++++- mosquitto/config.json | 4 +-- mosquitto/{ => data}/auth_srv.sh | 0 mosquitto/{ => data}/mosquitto.conf | 2 ++ mosquitto/{ => data}/run.sh | 39 ++++++++++++++++------------- 7 files changed, 43 insertions(+), 30 deletions(-) rename mosquitto/{ => data}/auth_srv.sh (100%) rename mosquitto/{ => data}/mosquitto.conf (94%) rename mosquitto/{ => data}/run.sh (78%) diff --git a/mosquitto/CHANGELOG.md b/mosquitto/CHANGELOG.md index eaa9423..200814e 100644 --- a/mosquitto/CHANGELOG.md +++ b/mosquitto/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 5.0 + +- Update mosquitto 1.6.3 / Alpine 3.10 +- Migrate to `mosquitto-auth-plug` from pvizeli +- Use auth cache for faster reauthentication + ## 4.3 - Fix password generator with new images diff --git a/mosquitto/Dockerfile b/mosquitto/Dockerfile index 610a1cf..360fc41 100644 --- a/mosquitto/Dockerfile +++ b/mosquitto/Dockerfile @@ -1,9 +1,6 @@ ARG BUILD_FROM FROM $BUILD_FROM -# Add env -ENV LANG C.UTF-8 - # Install mosquitto + auth plugin WORKDIR /usr/src ARG MOSQUITTO_AUTH_VERSION @@ -11,11 +8,9 @@ RUN apk add --no-cache \ mosquitto curl openssl musl socat pwgen \ && apk add --no-cache --virtual .build-dependencies \ build-base git mosquitto-dev curl-dev openssl-dev \ - && git clone --depth 1 https://github.com/jpmens/mosquitto-auth-plug \ + && git clone --depth 1 -b ${MOSQUITTO_AUTH_VERSION} https://github.com/pvizeli/mosquitto-auth-plug \ && cd mosquitto-auth-plug \ && cp config.mk.in config.mk \ - && sed -i "s/?= yes/?= no/g" config.mk \ - && sed -i "s/HTTP ?= no/HTTP ?= yes/g" config.mk \ && make \ && mkdir -p /usr/share/mosquitto \ && cp -f auth-plug.so /usr/share/mosquitto \ @@ -23,9 +18,9 @@ RUN apk add --no-cache \ && rm -fr /usr/src/mosquitto-auth-plug # Copy data -COPY run.sh / -COPY auth_srv.sh /bin/ -COPY mosquitto.conf /etc/ +COPY data/run.sh / +COPY data/auth_srv.sh /bin/ +COPY data/mosquitto.conf /etc/ WORKDIR / CMD [ "/run.sh" ] diff --git a/mosquitto/build.json b/mosquitto/build.json index 0356414..bbbc2e0 100644 --- a/mosquitto/build.json +++ b/mosquitto/build.json @@ -1,5 +1,12 @@ { + "build_from": { + "amd64": "homeassistant/amd64-base:3.10", + "i386": "homeassistant/i386-base:3.10", + "armhf": "homeassistant/armhf-base:3.10", + "armv7": "homeassistant/armv7-base:3.10", + "aarch64": "homeassistant/aarch64-base:3.10" + }, "args": { - "MOSQUITTO_AUTH_VERSION": "0.1.3" + "MOSQUITTO_AUTH_VERSION": "0.1.4" } } diff --git a/mosquitto/config.json b/mosquitto/config.json index 4faf70d..f29189c 100644 --- a/mosquitto/config.json +++ b/mosquitto/config.json @@ -1,6 +1,6 @@ { "name": "Mosquitto broker", - "version": "4.3", + "version": "5.0", "slug": "mosquitto", "description": "An Open Source MQTT broker", "url": "https://home-assistant.io/addons/mosquitto/", @@ -20,7 +20,6 @@ "options": { "logins": [], "anonymous": false, - "quiet_logs": true, "customize": { "active": false, "folder": "mosquitto" @@ -33,7 +32,6 @@ {"username": "str", "password": "str"} ], "anonymous": "bool", - "quiet_logs": "bool", "customize": { "active": "bool", "folder": "str" diff --git a/mosquitto/auth_srv.sh b/mosquitto/data/auth_srv.sh similarity index 100% rename from mosquitto/auth_srv.sh rename to mosquitto/data/auth_srv.sh diff --git a/mosquitto/mosquitto.conf b/mosquitto/data/mosquitto.conf similarity index 94% rename from mosquitto/mosquitto.conf rename to mosquitto/data/mosquitto.conf index 0860d68..7df9ae9 100644 --- a/mosquitto/mosquitto.conf +++ b/mosquitto/data/mosquitto.conf @@ -22,6 +22,8 @@ auth_opt_http_getuser_uri /login auth_opt_http_superuser_uri /superuser auth_opt_http_aclcheck_uri /acl auth_opt_log_quiet %%AUTH_QUIET_LOGS%% +auth_opt_auth_cacheseconds 300 + allow_anonymous %%ANONYMOUS%% #include_dir /share/mosquitto diff --git a/mosquitto/run.sh b/mosquitto/data/run.sh similarity index 78% rename from mosquitto/run.sh rename to mosquitto/data/run.sh index b969bee..6431c23 100755 --- a/mosquitto/run.sh +++ b/mosquitto/data/run.sh @@ -1,5 +1,5 @@ -#!/bin/bash -set -e +#!/usr/bin/env bashio +set +u CONFIG_PATH=/data/options.json SYSTEM_USER=/data/system_user.json @@ -9,7 +9,7 @@ ANONYMOUS=$(jq --raw-output ".anonymous" $CONFIG_PATH) KEYFILE=$(jq --raw-output ".keyfile" $CONFIG_PATH) CERTFILE=$(jq --raw-output ".certfile" $CONFIG_PATH) CUSTOMIZE_ACTIVE=$(jq --raw-output ".customize.active" $CONFIG_PATH) -AUTH_QUIET_LOGS=$(jq --raw-output ".quiet_logs" $CONFIG_PATH) +LOGGING=$(bashio::info 'hassio.info.logging' '.logging') HOMEASSISTANT_PW= ADDONS_PW= WAIT_PIDS=() @@ -81,15 +81,20 @@ function constrain_discovery() { ## Main ## -echo "[INFO] Setup mosquitto configuration" +bashio::log.info "Setup mosquitto configuration" sed -i "s/%%ANONYMOUS%%/$ANONYMOUS/g" /etc/mosquitto.conf -sed -i "s/%%AUTH_QUIET_LOGS%%/$AUTH_QUIET_LOGS/g" /etc/mosquitto.conf + +if [ "${LOGGING}" == "debug" ]; then + sed -i "s/%%AUTH_QUIET_LOGS%%/false/g" /etc/mosquitto.conf +else + sed -i "s/%%AUTH_QUIET_LOGS%%/true/g" /etc/mosquitto.conf +fi # Enable SSL if exists configs if [ -e "/ssl/$CERTFILE" ] && [ -e "/ssl/$KEYFILE" ]; then echo "$SSL_CONFIG" >> /etc/mosquitto.conf else - echo "[WARN] SSL not enabled - No valid certs found!" + bashio::log.warning "SSL not enabled - No valid certs found!" fi # Allow customize configs from share @@ -100,9 +105,9 @@ fi # Handle local users if [ "$LOGINS" -gt "0" ]; then - echo "[INFO] Found local users inside config" + bashio::log.info "Found local users inside config" else - echo "[INFO] No local user available" + bashio::log.info "No local user available" fi # Prepare System Accounts @@ -110,7 +115,7 @@ if [ ! -e "${SYSTEM_USER}" ]; then HOMEASSISTANT_PW="$(pwgen 64 1)" ADDONS_PW="$(pwgen 64 1)" - echo "[INFO] Initialize system configuration." + bashio::log.info "Initialize system configuration." write_system_users else HOMEASSISTANT_PW=$(jq --raw-output '.homeassistant.password' $SYSTEM_USER) @@ -119,20 +124,20 @@ fi # Initial Service if call_hassio GET "services/mqtt" | jq --raw-output ".data.host" | grep -v "$(hostname)" > /dev/null; then - echo "[WARN] There is allready a MQTT services running!" + bashio::log.warning "There is allready a MQTT services running!" else - echo "[INFO] Initialize Hass.io Add-on services" + bashio::log.info "Initialize Hass.io Add-on services" if ! call_hassio POST "services/mqtt" "$(constrain_host_config addons "${ADDONS_PW}")" > /dev/null; then - echo "[ERROR] Can't setup Hass.io service mqtt" + bashio::log.error "Can't setup Hass.io service mqtt" fi - echo "[INFO] Initialize Home Assistant discovery" + bashio::log.info "Initialize Home Assistant discovery" if ! call_hassio POST "discovery" "$(constrain_discovery homeassistant "${HOMEASSISTANT_PW}")" > /dev/null; then - echo "[ERROR] Can't setup Home Assistant discovery mqtt" + bashio::log.error "Can't setup Home Assistant discovery mqtt" fi fi -echo "[INFO] Start Mosquitto daemon" +bashio::log.info "Start Mosquitto daemon" # Start Auth Server socat TCP-LISTEN:8080,fork,reuseaddr SYSTEM:/bin/auth_srv.sh & @@ -144,13 +149,13 @@ WAIT_PIDS+=($!) # Handling Closing function stop_mqtt() { - echo "[INFO] Shutdown mqtt system" + bashio::log.info "Shutdown mqtt system" kill -15 "${WAIT_PIDS[@]}" # Remove service if call_hassio GET "services/mqtt" | jq --raw-output ".data.host" | grep "$(hostname)" > /dev/null; then if ! call_hassio DELETE "services/mqtt"; then - echo "[Warn] Service unregister fails!" + bashio::log.warning "Service unregister fails!" fi fi