add mosquitto changes to this branch for later

wmo-im · Dec 16, 2024 · 9b812f3 · 9b812f3
1 parent 81a3ab6
commit 9b812f3
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 52 deletions.
diff --git a/wis2box-broker/Dockerfile b/wis2box-broker/Dockerfile
@@ -24,10 +24,8 @@ FROM eclipse-mosquitto:2.0.20
 RUN mkdir -p /data/wis2box/mosquitto
 RUN ln -s /mosquitto /data/wis2box/mosquitto
 
-COPY mosquitto-ssl.conf /mosquitto/config/mosquitto-ssl.conf
 COPY mosquitto.conf /mosquitto/config/mosquitto.conf
 
-COPY acl.conf /mosquitto/config/acl.conf
 COPY entrypoint.sh /docker-entrypoint.sh
 
 RUN chmod +x /docker-entrypoint.sh
diff --git a/wis2box-broker/acl.conf b/wis2box-broker/acl.conf
diff --git a/wis2box-broker/entrypoint.sh b/wis2box-broker/entrypoint.sh
@@ -1,28 +1,49 @@
 #!/bin/sh
 
-if [ -f /tmp/wis2box.crt ]; then
-    echo "SSL enabled"
-    echo "setup /mosquitto/certs"
-    mkdir -p /mosquitto/certs
-    cp /tmp/wis2box.crt /mosquitto/certs
-    cp /tmp/wis2box.key /mosquitto/certs
-    chown -R mosquitto:mosquitto /mosquitto/certs
-    cp -f /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf
-else
-    echo "SSL disabled"
-fi
-
 echo "Setting mosquitto authentication"
 if [ ! -e "/mosquitto/config/password.txt" ]; then
     echo "Adding wis2box users to mosquitto password file"
     mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD
     mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone
 else
-    echo "Mosquitto password file already exists. Skipping wis2box user addition."
+    echo "Mosquitto password file already exists. Update it if needed"
+    mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone
+    mosquitto_passwd -b /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD
+fi
+
+# add max_queued_messages to mosquitto.conf if not already there
+if ! grep -q "max_queued_messages" /mosquitto/config/mosquitto.conf; then
+    echo "max_queued_messages $WIS2BOX_BROKER_QUEUE_MAX" >> /mosquitto/config/mosquitto.conf
 fi
 
-sed -i "s#_WIS2BOX_BROKER_QUEUE_MAX#$WIS2BOX_BROKER_QUEUE_MAX#" /mosquitto/config/mosquitto.conf
-sed -i "s#_WIS2BOX_BROKER_USERNAME#$WIS2BOX_BROKER_USERNAME#" /mosquitto/config/acl.conf
+# prepare the acl.conf file
+if [ ! -e "/mosquitto/config/acl.conf" ]; then
+    echo "Creating mosquitto acl file"	
+    echo "user everyone" >> /mosquitto/config/acl.conf
+    echo "topic read origin/#" >> /mosquitto/config/acl.conf
+    echo " " >> /mosquitto/config/acl.conf
+    echo "user $WIS2BOX_BROKER_USERNAME" >> /mosquitto/config/acl.conf
+    echo "topic readwrite origin/#" >> /mosquitto/config/acl.conf
+    echo "topic readwrite wis2box/#" >> /mosquitto/config/acl.conf
+    echo "topic readwrite data-incoming/#" >> /mosquitto/config/acl.conf
+    echo "topic read \$SYS/#" >> /mosquitto/config/acl.conf
+else
+    echo "Mosquitto acl file already exists. Update it if needed"
+    # add user everyone to acl.conf if not already there
+    if ! grep -q "user everyone" /mosquitto/config/acl.conf; then
+        echo "user everyone" >> /mosquitto/config/acl.conf
+        echo "topic read origin/#" >> /mosquitto/config/acl.conf
+        echo " " >> /mosquitto/config/acl.conf
+    fi
+    # add user $WIS2BOX_BROKER_USERNAME to acl.conf if not already there
+    if ! grep -q "user $WIS2BOX_BROKER_USERNAME" /mosquitto/config/acl.conf; then
+        echo "user $WIS2BOX_BROKER_USERNAME" >> /mosquitto/config/acl.conf
+        echo "topic readwrite origin/#" >> /mosquitto/config/acl.conf
+        echo "topic readwrite wis2box/#" >> /mosquitto/config/acl.conf
+        echo "topic readwrite data-incoming/#" >> /mosquitto/config/acl.conf
+        echo "topic read \$SYS/#" >> /mosquitto/config/acl.conf
+    fi
+fi
 
 for i in `env | grep -Ee "\<WIS2BOX_BROKER_USERNAME_[[:alnum:]]+"`; do
     NAME_TAIL=`echo $i | awk -FWIS2BOX_BROKER_USERNAME_ '{print $2}' | awk -F= '{print $1}'`
@@ -35,8 +56,22 @@ for i in `env | grep -Ee "\<WIS2BOX_BROKER_USERNAME_[[:alnum:]]+"`; do
     echo "topic readwrite ${!topic}" >>  /mosquitto/config/acl.conf
 done
 
-# set ownership of mosquitto files
-chown -R mosquitto:mosquitto /mosquitto
+if [ -f /tmp/wis2box.crt ]; then
+    echo "SSL enabled"
+    echo "setup /mosquitto/certs"
+    mkdir -p /mosquitto/certs
+    cp /tmp/wis2box.crt /mosquitto/certs
+    cp /tmp/wis2box.key /mosquitto/certs
+    chown -R mosquitto:mosquitto /mosquitto/certs
+    # add listener 8883 block to mosquitto.conf, if not already there
+    if ! grep -q "listener 8883" /mosquitto/config/mosquitto.conf; then
+        echo "listener 8883" >> /mosquitto/config/mosquitto.conf
+        echo "certfile /mosquitto/certs/wis2box.crt" >> /mosquitto/config/mosquitto.conf
+        echo "keyfile /mosquitto/certs/wis2box.key" >> /mosquitto/config/mosquitto.conf
+    fi
+else
+    echo "SSL disabled"
+fi
 
 # set permission of acl.conf to 0700
 chmod 0700 /mosquitto/config/acl.conf

diff --git a/wis2box-broker/mosquitto-ssl.conf b/wis2box-broker/mosquitto-ssl.conf
diff --git a/wis2box-broker/mosquitto.conf b/wis2box-broker/mosquitto.conf
@@ -4,7 +4,6 @@ log_dest file /mosquitto/log/mosquitto.log
 log_dest stdout
 log_timestamp_format %Y-%m-%dT%H:%M:%S
 password_file /mosquitto/config/password.txt
-max_queued_messages _WIS2BOX_BROKER_QUEUE_MAX
 
 # ACLs
 acl_file /mosquitto/config/acl.conf