Commit ca58c9cc authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Merge branch 'dev' into 'master' 

Agrega compatibilidad con modo clusterizado

See merge request redmic-project/mqtt/vernemq!10
parents c2a03ce9 4f7f6106

.gitlab-ci.yml

+1 −5
Original line number Diff line number Diff line 
include:

  - project: 'redmic-project/gitlab-ci-templates'

    ref: master

    file: '/deployment.yml'

    file: '/deployment-service/docker-deploy.yml'



stages:

  - deploy
@@ -9,7 +9,3 @@ stages: 
.deploy:

  variables:

    STACK: mqtt
 
    STATUS_CHECK_DELAY: 60

    DD_TRAEFIK_SUBDOMAIN: ${CI_PROJECT_NAME}

  environment:

    url: https://${DD_TRAEFIK_SUBDOMAIN}.${PUBLIC_HOSTNAME}

README.md

+44 −12
Original line number Diff line number Diff line
@@ -9,36 +9,68 @@ Check official docs about this topic here: <https://docs.vernemq.com/configurati 
To interact with database, you have to run `redis-cli` inside `vmq-redis` running container.

Use `docker exec ...` or start a shell session through Portainer to access `vmq-redis`.



### List clients

### Create clients



```sh

$ redis-cli



> KEYS *

> SET "[\"\",\"client-1\",\"user-1\"]" "{\"passhash\":\"$2a$12$4WvSLjSMai7viDn0Dh3VAeYkQEkSPefybwjUO8FkmLrEr7O2MBrue\",\"subscribe_acl\":[{\"pattern\":\"test-topic\"}]}"

OK



> SET "[\"\",\"client-2\",\"user-2\"]" "{\"passhash\":\"$2a$12$4WvSLjSMai7viDn0Dh3VAeYkQEkSPefybwjUO8FkmLrEr7O2MBrue\",\"publish_acl\":[{\"pattern\":\"test-topic\"}]}"

OK

```



### Create client

Here, you define a pair of new keys `"[\"\",\"client-1\",\"user-1\"]"` and `"[\"\",\"client-2\",\"user-2\"]"`. It means:



```sh

$ redis-cli

1. empty mountpoint.

1. `client-<n>` client IDs.

1. `user-<n>` usernames.



> SET "[\"\",\"test-client\",\"test-user\"]" "{\"passhash\":\"$2a$12$WDzmynWSMRVzfszQkB2MsOWYQK9qGtfjVpO8iBdimTOjCK/u6CzJK\",\"subscribe_acl\":[{\"pattern\":\"a/+/c\"}]}"

These keys are set with values:



```

1. `"{\"passhash\":\"$2a$12$4WvSLjSMai7viDn0Dh3VAeYkQEkSPefybwjUO8FkmLrEr7O2MBrue\",\"subscribe_acl\":[{\"pattern\":\"test-topic\"}]}"`.

1. `"{\"passhash\":\"$2a$12$4WvSLjSMai7viDn0Dh3VAeYkQEkSPefybwjUO8FkmLrEr7O2MBrue\",\"publish_acl\":[{\"pattern\":\"test-topic\"}]}"`.



This means subscribe granted to `test-topic` topic to `user-1` user (from `client-1` client) and publish granted to `test-topic` topic to `user-2` user (from `client-2` client), both using same password hash.



Here, you define a new key `"[\"\",\"test-client\",\"test-user\"]"` (empty mountpoint, `test-client` client ID, `test-user` username) with value `"{\"passhash\":\"$2a$12$WDzmynWSMRVzfszQkB2MsOWYQK9qGtfjVpO8iBdimTOjCK/u6CzJK\",\"subscribe_acl\":[{\"pattern\":\"a/+/c\"}]}"`.

This value contains a bcrypt password hash `passhash`, generated for password value `changeme`.



This value contains a bcrypt password hash `passhash` and a list of topic patterns `subscribe_acl` with granted access for this client.

Create a new password and generate a bcrypt hash (with 12 rounds) for it. You can use any tool, <https://www.browserling.com/tools/bcrypt> for example.



Decide a new password and generate a bcrypt hash (with 12 rounds) for it.

You can use any tool, <https://www.browserling.com/tools/bcrypt> for example.

### List clients



```sh

$ redis-cli



> KEYS *

1) "[\"\",\"client-1\",\"user-1\"]"

2) "[\"\",\"client-2\",\"user-2\"]"

```



### Delete client



```sh

$ redis-cli



> DEL "[\"\",\"test-client\",\"test-user\"]"

> DEL "[\"\",\"client-1\",\"user-1\"]" "[\"\",\"client-2\",\"user-2\"]"

(integer) 2

```



## Usage example



You can test broker using any MQTT client, like Mosquitto (install with `sudo apt install mosquitto-clients`).



First, subscribe with:



```sh

mosquitto_sub -h <mqtt-host> -t test-topic -u user-1 -P changeme -i client-1

```



Then, run publish in another session:



```sh

mosquitto_pub -h <mqtt-host> -t test-topic -u user-2 -P changeme -i client-2 -m "hello"

```



You should see now published message at first session.

deploy/.env

+19 −9
Original line number Diff line number Diff line 
DOCKER_NET_INTERFACE=eth2

DOCKER_VERNEMQ_LOG__CONSOLE__LEVEL=info

DOCKER_VERNEMQ_ALLOW_ANONYMOUS=off

DOCKER_IP_ADDRESS=0.0.0.0

DOCKER_VERNEMQ_DISTRIBUTED_COOKIE=changeme

DOCKER_VERNEMQ_PLUGINS__VMQ_PASSWD=off

DOCKER_VERNEMQ_PLUGINS__VMQ_ACL=off

DOCKER_VERNEMQ_PLUGINS__VMQ_DIVERSITY=on

DOCKER_VERNEMQ_VMQ_DIVERSITY__AUTH_REDIS__ENABLED=on

DOCKER_VERNEMQ_VMQ_DIVERSITY__REDIS__HOST=vmq-redis

DOCKER_VERNEMQ_VMQ_DIVERSITY__REDIS__PORT=6379

DOCKER_VERNEMQ_DISTRIBUTED_COOKIE=changeme

DOCKER_VERNEMQ_LISTENER__HTTP__METRICS=0.0.0.0:8888

DOCKER_VERNEMQ_LISTENER__WS__DEFAULT=0.0.0.0:8080

DOCKER_VERNEMQ_LISTENER__TCP__DEFAULT=0.0.0.0:1883

DOCKER_VERNEMQ_LISTENER__TCP__PROXY_PROTOCOL=on

DOCKER_VERNEMQ_ACCEPT_EULA=yes

DOCKER_VERNEMQ_DISCOVERY_NODE=vernemq0.local

DOCKER_VERNEMQ_NODENAME=vernemq{{.Task.Slot}}.local



EXTERNAL_MQTT_PORT=1883

HTTP_PORT=8888

MQTT_PORT=1883

EXTERNAL_MQTTWS_PORT=8080

MQTTWS_PORT=8080

PORT_MODE=ingress



HTTP_PORT=8888

TRAEFIK_SUBDOMAIN=vernemq

TRAEFIK_HTTP_ENTRYPOINT=http

TRAEFIK_MQTT_ENTRYPOINT=mqtt

TRAEFIK_HTTP_SUBDOMAIN=vernemq

TRAEFIK_MQTT_SUBDOMAIN=mqtt

PUBLIC_HOSTNAME=change.me



VERNEMQ_DATA_VOL_NAME=vernemq-data-vol

VERNEMQ_CONF_VOL_NAME=vernemq-conf-vol

VERNEMQ_LOG_VOL_NAME=vernemq-log-vol

REDIS_DATA_VOL_NAME=vernemq-redis-data-vol



VOL_DRIVER=local

VOL_TYPE=nfs4

VOL_ADDR=127.0.0.1

VOL_OPTIONS=rw,nolock,noatime,tcp,rsize=8192,wsize=8192,timeo=14

VOL_OPTS=rw,nolock,noatime,tcp,rsize=8192,wsize=8192,timeo=14



VERNEMQ_DATA_VOL_DEVICE=:/vernemq-data-vol/

VERNEMQ_CONF_VOL_DEVICE=:/vernemq-conf-vol/

REDIS_DATA_VOL_DEVICE=:/vernemq-redis-data-vol/

deploy/compose.dev.yaml

0 → 100644
+40 −0
Original line number Diff line number Diff line 
volumes:

  vernemq0-data-vol:

    name: ${VERNEMQ_DATA_VOL_NAME}-0

    driver: ${VOL_DRIVER}

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTS}

      device: ${VERNEMQ_DATA_VOL_DEVICE}0/



  vernemq-data-vol:

    name: ${VERNEMQ_DATA_VOL_NAME}-{{.Task.Slot}}

    driver: ${VOL_DRIVER}

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTS}

      device: ${VERNEMQ_DATA_VOL_DEVICE}{{.Task.Slot}}/



  vernemq0-conf-vol:

    name: ${VERNEMQ_CONF_VOL_NAME}-0

    driver: ${VOL_DRIVER}

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTS}

      device: ${VERNEMQ_CONF_VOL_DEVICE}0/



  vernemq-conf-vol:

    name: ${VERNEMQ_CONF_VOL_NAME}-{{.Task.Slot}}

    driver: ${VOL_DRIVER}

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTS}

      device: ${VERNEMQ_CONF_VOL_DEVICE}{{.Task.Slot}}/



  redis-data-vol:

    name: ${REDIS_DATA_VOL_NAME}

    driver: ${VOL_DRIVER}

    driver_opts:

      type: ${VOL_TYPE}

      o: addr=${VOL_ADDR},${VOL_OPTS}

      device: ${REDIS_DATA_VOL_DEVICE}

deploy/docker-compose.prod.ymldeploy/compose.prod.yaml

+15 −4
Original line number Diff line number Diff line 
version: '3.5'



services:

  vmq-redis:

    deploy:
@@ -14,15 +12,28 @@ services: 
          - node.role == worker



volumes:

  vernemq0-data-vol:

    name: ${VERNEMQ_DATA_VOL_NAME}-0

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared

      perfmode: maxio



  vernemq-data-vol:

    name: ${VERNEMQ_DATA_VOL_NAME}

    name: ${VERNEMQ_DATA_VOL_NAME}-{{.Task.Slot}}

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared

      perfmode: maxio



  vernemq0-conf-vol:

    name: ${VERNEMQ_CONF_VOL_NAME}-0

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared



  vernemq-conf-vol:

    name: ${VERNEMQ_CONF_VOL_NAME}

    name: ${VERNEMQ_CONF_VOL_NAME}-{{.Task.Slot}}

    driver: 'cloudstor:aws'

    driver_opts:

      backing: shared