Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DietPi-Software | Mosquitto: Updates for v2 and other enhancements #4223

Merged
merged 4 commits into from
Apr 5, 2021
Merged

DietPi-Software | Mosquitto: Updates for v2 and other enhancements #4223

merged 4 commits into from
Apr 5, 2021

Conversation

MichaIng
Copy link
Owner

@MichaIng MichaIng commented Mar 26, 2021
edited
Loading

Status: Review

Commit list/description:

  • DietPi-Software | Mosquitto: Since the Bullseye suite of the official repository does not yet exist, use Buster instead
  • DietPi-Software | Mosquitto: Restore pre-v2.0 behaviour by explicitly adding the port 1883 listener without IP binding, as by default it now binds to the loopback IP: Mosquitto: In default mosquitto.conf, add a listener on port 1883  #4133
  • DietPi-Software | Mosquitto: Instead of restoring pre-v2.0 behaviour on anonymous requests, enable authenticated requests via password file by default, using username "mosquitto" and global software password.
  • DietPi-Software | Mosquitto: Always use our own systemd unit, which allows us to simplify and align it with other units we ship.
  • DietPi-Software | Mosquitto: Disable PID and log file, both not required when using the systemd unit as it can track the service status directly and logs can be viewed via journalctl then. This allows to simplify the systemd unit and start it as mosquitto user directly, instead of having the daemon forking itself as mosquitto user.
  • DietPi-Software | Mosquitto: Do not automatically restart the service on failure. Generally we think that a failed service has a reason that should be recognised and investigated ASAP before starting it again, whether it is OOM failure, filesystem/database corruption or a DDoS attack and such things, where an automatic restart might cause further damage. When services restart automatically (up to five times by default in a certain time), they do not only mess logs, making debugging difficult, but also as the service can stay up, an urgent reason for the crash might be recognised with much delay. When a service is that important that it must stay even when the server is running into troubles that lead to service crashes, then this should be configured only manually by admins that do know what they do.
  • DietPi-Software | MPD: Simplify systemd service runtime directory creation by using the RuntimeDirectory setting
  • DietPi-Software | ownCloud/Nextcloud: Instead of "", show "XXXX" as replacement for passwords during CLI install with the amount of Xes matching the length of the password

@MichaIng
v7.1
363952d 
+ DietPi-Software | Mosquitto: Since the Bullseye suite of the official repository does not yet exist, use Buster instead
+ DietPi-Software | MPD: Simplify systemd service runtime directory creation by using the RuntimeDirectory setting
+ DietPi-Software | Mosquitto: Restore pre-v2.0 behaviour by explicitly adding the port 1883 listener without IP binding, as by default it now binds to the loopback IP: #4133
+ DietPi-Software | Mosquitto: Restore pre-v2.0 behaviour by explicitly allowing anonymous client connections. We might switch to a user+password authenticated default, using the global software password, but for now restoring the previous default should be fine.
+ DietPi-Software | Mosquitto: Always use our own systemd unit, which allows us to simplify and align it with other units we ship.
+ DietPi-Software | Mosquitto: Disable PID and log file, both not required when using the systemd unit as it can track the service status directly and logs can be viewed via journalctl then. This allows to simplify the systemd unit and start it as mosquitto user directly, instead of having the daemon forking itself as mosquitto user.
+ DietPi-Software | Mosquitto: Do not automatically restart the service on failure. Generally we think that a failed service has a reason that should be recognised and investigated ASAP before starting it again, whether it is OOM failure, filesystem/database corruption or a DDoS attack and such things, where an automatic restart might cause further damage. When services restart automatically (up to five times by default in a certain time), they do not only mess logs, making debugging difficult, but also as the service can stay up, an urgent reason for the crash might be recognised with much delay. When a service is that important that it must stay even when the server is running into troubles that lead to service crashes, then this should be configured only manually by admins that do know what they do.
@MichaIng MichaIng added this to the v7.1 milestone Mar 26, 2021
@MichaIng MichaIng linked an issue Mar 26, 2021 that may be closed by this pull request
Mosquitto: In default mosquitto.conf, add a listener on port 1883 #4133
Closed
MichaIng added 3 commits April 4, 2021 15:09
@MichaIng
v7.1
6c19ad6 
+ CHANGELOG | Mosquitto: Since v2, by default remote connections and no unauthenticated requests are possible anymore. On fresh installs and reinstalls, we'll enable remote connections, but create a password file, so that MQTT clients need to authenticate with the "dietpi" user and the global software password by default.
@MichaIng
v7.1
4baf283 
+ DietPi-Software | ownCloud/Nextcloud: Instead of "<omitted>", show "XXXX" as replacement for passwords during CLI install with the amount of Xes matching the length of the password
+ DietPi-Software | Mosquitto: Switch from unauthenticated requests to authenticated requests via password file by default, with "mosquitto" username and global software password. Use umask to have it created with strict permissions, as by default it's 644, i.e. world-readable, even that passwords are sha512-pbkdf2-hashed. Grant write access to root only (default) but read access to "mosquitto" so that it can read it even when starting as "mosquitto" in the first place (instead of re-forking from "root" to "mosquitto").
@MichaIng
v7.1
a70dcd6 
+ CHANGELOG | Mosquitto: Default username changed to "mosquitto"
@MichaIng MichaIng mentioned this pull request Apr 5, 2021
Merged
@MichaIng
Copy link
Owner Author

MichaIng commented Apr 5, 2021

Related documentation changes: MichaIng/DietPi-Docs#413

@MichaIng MichaIng merged commit 64c8411 into dev Apr 5, 2021
@MichaIng MichaIng deleted the mosquitto branch April 5, 2021 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ravenclaw900 ravenclaw900 ravenclaw900 approved these changes

@Joulinar Joulinar Joulinar approved these changes

Assignees
No one assigned
Labels
Enhancement 💨
Projects
None yet
Milestone
v7.1
Development

Successfully merging this pull request may close these issues.

Mosquitto: In default mosquitto.conf, add a listener on port 1883
3 participants
@MichaIng @Joulinar @ravenclaw900