Commit Graph

17 Commits

Author SHA1 Message Date
Clark Boylan 8056acae28 Retire this repo
The opendev project has been moving away from puppet and this is one of
the puppet modules that is no longer used. To simplify things for us we
are taking the extra step of retiring this repo.

Change-Id: I83a8d643adacd41947203604fdad1b0cc544c680
2022-02-17 11:58:54 -08:00
Matthew Treinish e05b5f283d
Update set allow_anonymous flag to be explicitly true
In newer mosquitto version the default for the allow_anonymous config
flag was changed from true to a conditional true. It defaults to false
if you have certain auth methods enabled. Since the config generated by
puppet-mosquitto has these auth methods enabled the implicit value of
true changed to false when we upgraded the mosquitto version. This
commit fixes this case by explicitly setting allow_anonymous to be true
so that we allow anonymous connections so we can have the public
read only access to the firehose.

Change-Id: I6fceb1daf55b0e3a7345461dca1c4c7ef5a80440
2020-09-09 09:53:07 -04:00
Matthew Treinish 8d235f4e54
Actually listen to websockets on websockets tls listener
This commit updates a small oversight in the tls websockets listener
configuration. It previously wasn't specifying the websockets protocol
which meant we were defaulting to use the mqtt protocol. That means when
configured the websockets tls port wasn't using websokets at all. This
commit fixes the oversight and makes sure we set the proper protocol.

Change-Id: I37fb86361bb49c46bd9ff864baaf840468051e51
2018-04-16 14:20:12 -04:00
Jeremy Stanley 57e6ced8ca Correct enable_tls_websocket in config template
Use the correct name for enable_tls_websocket in the mosquitto.conf
template instead of the previously incorrect enable_websocket_tls.

Change-Id: Ia167130e416e3f2cc583a79ff2af4cd2eddc572a
2018-04-16 16:26:45 +00:00
Matthew Treinish d641406a28
Make websocket tls independent
Currently there is no way to independtly disable the encrypted
websockets connection from the mqtt tls listener. This commit switches
this to be the new enable_websocket_tls flag which will be used to
independtly control whether we deploy an encypted websockets port.

Change-Id: I2bb806210dbe5c40cfda5ac205f3659c2085f0e1
2018-02-26 05:50:23 -05:00
Matthew Treinish a67fd5536d
Disable notice log level messages
This commit turns off notice log level messages from in the mosquitto
log. It turns out this is the level that writes all the incoming
connection messages and ends up spamming the logs like crazy.

Change-Id: Id62eb834cfe697acd09bf9da4e85250e7366f9b6
2017-05-01 21:21:57 -04:00
Matthew Treinish d0db8613af
Decrease logging verbosity
Things are working fairly well and we don't need to the super verbose
logging to debug things not starting. This commit decreases the
verbosity to just info and above.

Change-Id: I1803d6f47ca771351fc14d894abad39a417643a1
2017-05-01 20:27:33 -04:00
Matthew Treinish bd766c78d0
Add system stats topics to public readonly acl
This commit adds the system stats topic to the acl for anonymous read
only access. It'll be useful to let us collect metrics about our MQTT
usage.

Change-Id: I90a444790080dc263e3edfac1f649ab8e20e0f43
2017-04-03 15:36:07 -04:00
Matthew Treinish ad313e76b7
Add more logging
This commit add more logging levels to the mosquitto logs, we're
experiencing random crashing on the mosquitto daemon and the logs are
less than useful. Hopefully adding all the log levels will provide us
with enough information to debug this case when it inevitably happens
again. (although I'm not holding my breath)

Change-Id: I4b5c919dac5cb225d348545dc67ab4f55a8febc1
2016-09-21 09:39:20 -04:00
Jeremy Stanley 801c9ada97 Fix typo for websocket_tls_port
The websocket_tls_port variable referenced in the configuration
template should match the spelling of our corresponding class
parameter.

Change-Id: I1fa0e98534524dbb0a0512a23e0d1a4337dafec8
2016-08-10 18:24:30 +00:00
Matthew Treinish 23e5990b74
Add support for configuring tls ports
This commit adds support for enabling tls encrypted port listeners.
If enable_tls is set you can specify the cert files necessary and
mosquitto will be configured to setup additional ports that are
encryped in addition to the unencrypted ports.

Change-Id: I7c77285e347d8c1b2c3318360258246b78f885a8
2016-08-09 09:54:08 -04:00
Matthew Treinish 695d94cc3c Enable real logging
This commit turns on logging for INFO+ levels, incoming connections,
and also turns on timestamps in the log file. This should be useful
for actually being able to debug issues.

Change-Id: I489df9b602ef2f0389d055a102612db3990a7ddc
2016-08-02 15:44:54 -04:00
Matthew Treinish 30a782d0b5
Remove trailing whitespace from mosquitto.conf template
This commit fixes the trailing whitespace in the mosquitto.conf
template file. This was originally created by copy and pasting the
sample config file which obviously had some stray whitespace.

Change-Id: I36fc8c6877bcc432a19b9d69ba9750f550b6bd3d
2016-07-28 09:16:23 -04:00
Matthew Treinish b0ab19c7c6
Add websocket listner to mosquitto
This commit adds configuring a websocket listener to the mosquitto
config. By default it will listen on port 80. The next step will be
enabling an ssl/tls encrypted websocket port too.

Change-Id: Ibec91fd0abc637ea7087872cab1ec8487c73acae
2016-07-27 19:04:15 -04:00
Matthew Treinish e6e978cae7
Add basic permissions and security
This commit adds configuring some basic security. It enables
anonymous read only access (which is important for this use case)
also setups a privileged user which has global readwrite on the
broker. Eventually we can move to a more fine grained permission
model with per service and per topic write permission, but this is
a sane starting point.

Change-Id: I546007f1f4fc57d9edd54294a27c2cd726a134db
2016-07-27 18:43:42 -04:00
Matthew Treinish 5b97169e50
Make things work
This patch gets to a point where mosquitto is installed and configured
with sane defaults. The next step is to add configurability to the
point necessary for the infra use case.
2016-07-25 16:22:36 -04:00
Matthew Treinish c5f32fc7a4
Add basic setup formula to module
This commit adds a config template and the basic setup we need for
actually installing and configuring mosquitto. The next step is to
fill in the details of the config file and tunables from puppet.
2016-07-18 18:18:51 -04:00