software/mosquitto: Implement password-based authentication ...

See merge request nexedi/slapos!1298

software/mosquitto: Implement password-based authentication ...
See merge request nexedi/slapos!1298
4f5af09f · Ivan Tyagov · 32447daf · af34e75b · 4f5af09f · 4f5af09f
Commit 4f5af09f authored Dec 08, 2022 by Ivan Tyagov
3 changed files
--- a/software/mosquitto/buildout.hash.cfg
+++ b/software/mosquitto/buildout.hash.cfg
 [instance-profile]
 filename = instance.cfg.in
-md5sum = 6bfa6ce34bc99511d71ef68f677c99a9
+md5sum = 4c7aa7b2132dc13ddee37fb416decf81
--- a/software/mosquitto/instance.cfg.in
+++ b/software/mosquitto/instance.cfg.in
@@ -34,21 +34,47 @@ bin = ${:home}/bin
 [mosquitto-config-file]
 recipe = slapos.recipe.build
 location = ${directory:etc}/${:_buildout_section_name_}.cfg
-ip = ${instance-parameter:ipv4-random}
+ipv4 = ${instance-parameter:ipv4-random}
+ipv6 = ${instance-parameter:ipv6-random}
+port = 1883
+password = ${mosquitto-password-file:location}
 install =
  config = open(self.options["location"], "w")
-  ip = self.options["ip"]
-  config.write(f"listener 1883 {ip}\nprotocol mqtt")
+  port = self.options["port"]
+  ipv4 = self.options["ipv4"]
+  ipv6 = self.options["ipv6"]
+  password = self.options["password"]
+  config.write(f"listener {port} {ipv4}\nprotocol mqtt\n\n")
+  config.write(f"listener {port} {ipv6}\nprotocol mqtt\n\n")
+  config.write(f"password_file {password}\n\n")
+
+[mosquitto-password-file]
+recipe = plone.recipe.command
+location = ${directory:etc}/${:_buildout_section_name_}.txt
+command = 
+  touch ${:location}
+  {{ mosquitto_location }}/bin/mosquitto_passwd -b ${:location} ${mosquitto-password:username} ${mosquitto-password:passwd}
+stop-on-error = true
+
+[mosquitto-password]
+recipe = slapos.cookbook:generate.password
+username = mosquitto

-[mosquitto-listen-promise]
+[mosquitto-listen-promise-ipv4]
 <= check-port-listening-promise
-hostname = ${mosquitto-config-file:ip}
-port = 1883
+hostname = ${mosquitto-config-file:ipv4}
+port = ${mosquitto-config-file:port}
+
+[mosquitto-listen-promise-ipv6]
+<= check-port-listening-promise
+hostname = ${mosquitto-config-file:ipv6}
+port = ${mosquitto-config-file:port}

 [promises]
 recipe =
 instance-promises =
-  ${mosquitto-listen-promise:path}
+  ${mosquitto-listen-promise-ipv4:path}
+  ${mosquitto-listen-promise-ipv6:path}

 [mosquitto-service]
 recipe  = slapos.cookbook:wrapper
@@ -58,4 +84,7 @@ output = $${:wrapper-path}

 [publish-connection-parameter]
 recipe = slapos.cookbook:publish
-url = mqtt://${mosquitto-listen-promise:hostname}:${mosquitto-listen-promise:port}
+ipv4 = mqtt://${mosquitto-config-file:ipv4}:${mosquitto-config-file:port}
+ipv6 = mqtt://${mosquitto-config-file:ipv6}:${mosquitto-config-file:port}
+username = ${mosquitto-password:username}
+password = ${mosquitto-password:passwd}
--- a/software/mosquitto/software.cfg
+++ b/software/mosquitto/software.cfg
@@ -8,6 +8,10 @@ extends =
 parts =
  slapos-cookbook
  instance-profile
+  plone.recipe.command
+
+[plone.recipe.command]
+recipe = zc.recipe.egg

 [instance-profile]
 recipe = slapos.recipe.template:jinja2