From e05b5f283d61aefd0d328ea729ed3b1806af406f Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Wed, 9 Sep 2020 09:45:38 -0400 Subject: [PATCH] Update set allow_anonymous flag to be explicitly true In newer mosquitto version the default for the allow_anonymous config flag was changed from true to a conditional true. It defaults to false if you have certain auth methods enabled. Since the config generated by puppet-mosquitto has these auth methods enabled the implicit value of true changed to false when we upgraded the mosquitto version. This commit fixes this case by explicitly setting allow_anonymous to be true so that we allow anonymous connections so we can have the public read only access to the firehose. Change-Id: I6fceb1daf55b0e3a7345461dca1c4c7ef5a80440 --- templates/mosquitto.conf.erb | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/templates/mosquitto.conf.erb b/templates/mosquitto.conf.erb index 92a5952..4913510 100644 --- a/templates/mosquitto.conf.erb +++ b/templates/mosquitto.conf.erb @@ -537,11 +537,19 @@ log_timestamp true #clientid_prefixes # Boolean value that determines whether clients that connect -# without providing a username are allowed to connect. If set to -# false then a password file should be created (see the -# password_file option) to control authenticated client access. -# Defaults to true. -#allow_anonymous true +# without providing a username are allowed to connect. +# If set to false then another means of connection should be created to +# control authenticated client access. +# +#Defaults to true if no other security options are set. If password_file or +#psk_file is set, or if an authentication plugin is loaded which implements +#username/password or TLS-PSK checks, then allow_anonymous defaults to false. +# +#If per_listener_settings is true, this option applies to the current listener +#being configured only. If per_listener_settings is false, this option applies +#to all listeners. +# +allow_anonymous true # In addition to the clientid_prefixes, allow_anonymous and TLS # authentication options, username based authentication is also