Added roles mqtt/application and mqtt/user

5 years ago · 0b69a41ebc
parent 7c57dc4325
commit 0b69a41ebc
11 changed files with 177 additions and 0 deletions
--- a/roles/mqtt/application/defaults/main.yml
+++ b/roles/mqtt/application/defaults/main.yml
@ -0,0 +1,17 @@
 ---
 configuration_directory: "/etc/mosquitto"
 configuration_file: "{{ configuration_directory }}/conf.d/0_ansible_main.conf"
 environment_directory: "{{ global_configuration_environment_directory }}/mosquitto"
 environment_link_name: "conf"
 acl_file_name: "acl"
 acl_file: "{{ configuration_directory }}/{{ acl_file_name }}"
 auth_file_name: "auth"
 auth_file: "{{ configuration_directory }}/{{ auth_file_name }}"
 admin_username: "root"
 admin_password: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mqtt/root length=80') }}"
 acl_directives: ""
--- a/roles/mqtt/application/handlers/main.yml
+++ b/roles/mqtt/application/handlers/main.yml
@ -0,0 +1,19 @@
 ---
 - name: reconfigure mosquitto acl
  make:
    chdir: "{{ environment_directory }}"
    target: "{{ acl_file_name }}"
  notify: restart mosquitto
 - name: reconfigure mosquitto auth
  make:
    chdir: "{{ environment_directory }}"
    target: "{{ auth_file_name }}"
  notify: restart mosquitto
 - name: restart mosquitto
  systemd:
    enabled: yes
    name: mosquitto
    state: restarted
--- a/roles/mqtt/application/meta/main.yml
+++ b/roles/mqtt/application/meta/main.yml
@ -0,0 +1,5 @@
 ---
 allow_duplicates: no
 dependencies:
--- a/roles/mqtt/application/tasks/main.yml
+++ b/roles/mqtt/application/tasks/main.yml
@ -0,0 +1,50 @@
 ---
 - name: Install required packages
  apt:
    state: present
    name:
      - mosquitto
 - name: Create configuration environment directory
  file:
    state: directory
    path: "{{ environment_directory }}"
    owner: root
    group: root
    mode: "u=rwx,g=rx,o=rx"
 - name: Configure makefile for environment directory
  template:
    src: mosquitto.makefile
    dest: "{{ environment_directory }}/makefile"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
 - name: Store acl main file
  template:
    src: main.acl
    dest: "{{ environment_directory }}/0_main.acl"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notifiy: reconfigure mosquitto acl
 - name: Store auth main file
  command: >-
    mosquitto_passwd
    -b
    {{ environment_directory | quote }}/0_main.auth
    {{ admin_user | quote }}
    {{ admin_pass | quote }}
  notifiy: reconfigure mosquitto auth
 - name: Configure mosquitto configuration
  template:
    src: "main.conf"
    dest: "{{ mosquitto_configuration_directory }}/mosquitto.conf"
    owner: "root"
    group: "root"
    mode: "u=rw,g=r,o=r"
  notifiy: restart mosquitto
--- a/roles/mqtt/application/templates/main.acl
+++ b/roles/mqtt/application/templates/main.acl
@ -0,0 +1,4 @@
 {{ acl_directives }}
 user root
 topic readwrite #
--- a/roles/mqtt/application/templates/main.conf
+++ b/roles/mqtt/application/templates/main.conf
@ -0,0 +1,11 @@
 # Authentication
 allow_anonymous false
 acl_file TODO
 use_username_as_clientid true
 # Socket
 protocol mqtt
 port 8883
 # TLS
 require_certificate false
--- a/roles/mqtt/application/templates/mosquitto.makefile
+++ b/roles/mqtt/application/templates/mosquitto.makefile
@ -0,0 +1,25 @@
 dest:={{ environment_link_name }}
 # acl file generation
 acl_files:=$(wildcard *.acl)
 acl_file_name:={{ acl_file_name }}
 acl_file:=${dest}/${acl_file_name}
 .PHONY: ${acl_file_name}
 ${acl_file_name}: ${acl_file}
 ${acl_file}: ${acl_files}
 	cat $^ > "$@";
 # auth file generation
 auth_files:=$(wildcard *.auth)
 auth_file_name:={{ auth_file_name }}
 auth_file:=${dest}/${auth_file_name}
 .PHONY: ${auth_file_name}
 ${auth_file_name}: ${auth_file}
 ${auth_file}: ${auth_files}
 	cat $^ > "$@";
--- a/roles/mqtt/user/defaults/main.yml
+++ b/roles/mqtt/user/defaults/main.yml
@ -0,0 +1,8 @@
 ---
 # user:
 pass: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mqtt/' + username + ' length=80') }}"
 read_topics: []
 write_topics: []
 readwrite_topics: []
--- a/roles/mqtt/user/meta/main.yml
+++ b/roles/mqtt/user/meta/main.yml
@ -0,0 +1,6 @@
 ---
 allow_duplicates: yes
 dependencies:
  - mqtt/application
--- a/roles/mqtt/user/tasks/main.yml
+++ b/roles/mqtt/user/tasks/main.yml
@ -0,0 +1,19 @@
 ---
 - name: Store acl file for user
  template:
    src: user.acl
    dest: "{{ environment_directory }}/{{ user }}.acl"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify: reconfigure mosquitto acl
 - name: Store auth file for user
  command: >-
    mosquitto_passwd
    -b
    {{ environment_directory | quote }}/{{ user | quote }}.auth
    {{ user | quote }}
    {{ pass | quote }}
  notifiy: reconfigure mosquitto auth
--- a/roles/mqtt/user/templates/user.acl
+++ b/roles/mqtt/user/templates/user.acl
@ -0,0 +1,13 @@
 user {{ user }}
 {% for topic in read_topics %}
 topic read {{ topic }}
 {% endfor %}
 {% for topic in write_topics %}
 topic write {{ topic }}
 {% endfor %}
 {% for topic in readwrite_topics %}
 topic readwrite {{ topic }}
 {% endfor %}