The opendev project has been moving away from puppet and this is one of
the puppet modules that is no longer used. To simplify things for us we
are taking the extra step of retiring this repo.
Change-Id: I83a8d643adacd41947203604fdad1b0cc544c680
In newer mosquitto version the default for the allow_anonymous config
flag was changed from true to a conditional true. It defaults to false
if you have certain auth methods enabled. Since the config generated by
puppet-mosquitto has these auth methods enabled the implicit value of
true changed to false when we upgraded the mosquitto version. This
commit fixes this case by explicitly setting allow_anonymous to be true
so that we allow anonymous connections so we can have the public
read only access to the firehose.
Change-Id: I6fceb1daf55b0e3a7345461dca1c4c7ef5a80440
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: Ib79fb33e194b1bee06e699b21188b9d89fac7a49
The logic in the Gemfile was relying on Zuulv2 variables to find out
whether the spec helper gem was already available on disk, and since
Zuulv3 has changed things it was failing to find it and downloading the
master version instead. This patch ensures the Gemfile looks for the gem
in the right place when running in CI.
Change-Id: I23fff7944ce28021fbe671abe9a2f90df5063c2b
This commit updates a small oversight in the tls websockets listener
configuration. It previously wasn't specifying the websockets protocol
which meant we were defaulting to use the mqtt protocol. That means when
configured the websockets tls port wasn't using websokets at all. This
commit fixes the oversight and makes sure we set the proper protocol.
Change-Id: I37fb86361bb49c46bd9ff864baaf840468051e51
Use the correct name for enable_tls_websocket in the mosquitto.conf
template instead of the previously incorrect enable_websocket_tls.
Change-Id: Ia167130e416e3f2cc583a79ff2af4cd2eddc572a
The ubuntu package is a couple releases out of date even in Xenial
and we're hitting some random crashes with the version we're
running. Hopefully a newer version will fix it. Switching to the PPA
will get us the same version slated for inclusion in Ubuntu 18.04
LTS (Bionic) until we have an opportunity to upgrade the server.
Change-Id: Ie4b6170db670e3284d6bd069a13d4a6468507c76
Currently there is no way to independtly disable the encrypted
websockets connection from the mqtt tls listener. This commit switches
this to be the new enable_websocket_tls flag which will be used to
independtly control whether we deploy an encypted websockets port.
Change-Id: I2bb806210dbe5c40cfda5ac205f3659c2085f0e1
Instead of keeping a local copy of spec_helper_acceptance.rb and
requiring updates to all modules for any change, we can move it into the
common helper gem and require it from there. This will make it easier to
create and review changes that affect all puppet modules. Also change
the Gemfile to look for the gem in the local workspace if running in a
zuul environment.
Change-Id: Ie9b05a68417283d78402680dc6b218e620f77263
Add a xenial nodeset and update the spec helper to install puppet 3 from
the Ubuntu repos instead of from puppetlabs.
Change-Id: I579159f1046eba50daa13da9ec352f6b2e9e02f8
This commit turns off notice log level messages from in the mosquitto
log. It turns out this is the level that writes all the incoming
connection messages and ends up spamming the logs like crazy.
Change-Id: Id62eb834cfe697acd09bf9da4e85250e7366f9b6
Things are working fairly well and we don't need to the super verbose
logging to debug things not starting. This commit decreases the
verbosity to just info and above.
Change-Id: I1803d6f47ca771351fc14d894abad39a417643a1
This commit adds the system stats topic to the acl for anonymous read
only access. It'll be useful to let us collect metrics about our MQTT
usage.
Change-Id: I90a444790080dc263e3edfac1f649ab8e20e0f43
It looks like our puppet-lint version changed and now the server.pp file
is failing. This commit updates that so it passes puppet-lint and
enables us to land changes again.
Change-Id: Ie71e4217852bddae0e1a5235c0182ed97de73454
This commit add more logging levels to the mosquitto logs, we're
experiencing random crashing on the mosquitto daemon and the logs are
less than useful. Hopefully adding all the log levels will provide us
with enough information to debug this case when it inevitably happens
again. (although I'm not holding my breath)
Change-Id: I4b5c919dac5cb225d348545dc67ab4f55a8febc1
The websocket_tls_port variable referenced in the configuration
template should match the spelling of our corresponding class
parameter.
Change-Id: I1fa0e98534524dbb0a0512a23e0d1a4337dafec8
This commit adds support for enabling tls encrypted port listeners.
If enable_tls is set you can specify the cert files necessary and
mosquitto will be configured to setup additional ports that are
encryped in addition to the unencrypted ports.
Change-Id: I7c77285e347d8c1b2c3318360258246b78f885a8
This commit turns on logging for INFO+ levels, incoming connections,
and also turns on timestamps in the log file. This should be useful
for actually being able to debug issues.
Change-Id: I489df9b602ef2f0389d055a102612db3990a7ddc
This commit fixes the trailing whitespace in the mosquitto.conf
template file. This was originally created by copy and pasting the
sample config file which obviously had some stray whitespace.
Change-Id: I36fc8c6877bcc432a19b9d69ba9750f550b6bd3d
This commit adds configuring a websocket listener to the mosquitto
config. By default it will listen on port 80. The next step will be
enabling an ssl/tls encrypted websocket port too.
Change-Id: Ibec91fd0abc637ea7087872cab1ec8487c73acae
This commit adds configuring some basic security. It enables
anonymous read only access (which is important for this use case)
also setups a privileged user which has global readwrite on the
broker. Eventually we can move to a more fine grained permission
model with per service and per topic write permission, but this is
a sane starting point.
Change-Id: I546007f1f4fc57d9edd54294a27c2cd726a134db
This commit removes the config.pp manifest which was from the
cookiecutter, but not used anywhere.
Change-Id: I51f735ea63c0f2bd26ce3d5ff1d46786e9b8bd6d
This patch gets to a point where mosquitto is installed and configured
with sane defaults. The next step is to add configurability to the
point necessary for the infra use case.
This commit adds a config template and the basic setup we need for
actually installing and configuring mosquitto. The next step is to
fill in the details of the config file and tunables from puppet.