Added roles mqtt/application and mqtt/user

5 years ago · 0b69a41ebc
parent 7c57dc4325
commit 0b69a41ebc
11 changed files with 177 additions and 0 deletions
--- a/roles/mqtt/application/defaults/main.yml
+++ b/roles/mqtt/application/defaults/main.yml
@ -0,0 +1,17 @@
+---
+
+configuration_directory: "/etc/mosquitto"
+configuration_file: "{{ configuration_directory }}/conf.d/0_ansible_main.conf"
+
+environment_directory: "{{ global_configuration_environment_directory }}/mosquitto"
+environment_link_name: "conf"
+
+acl_file_name: "acl"
+acl_file: "{{ configuration_directory }}/{{ acl_file_name }}"
+auth_file_name: "auth"
+auth_file: "{{ configuration_directory }}/{{ auth_file_name }}"
+
+admin_username: "root"
+admin_password: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mqtt/root length=80') }}"
+
+acl_directives: ""
--- a/roles/mqtt/application/handlers/main.yml
+++ b/roles/mqtt/application/handlers/main.yml
@ -0,0 +1,19 @@
+---
+
+- name: reconfigure mosquitto acl
+  make:
+    chdir: "{{ environment_directory }}"
+    target: "{{ acl_file_name }}"
+  notify: restart mosquitto
+
+- name: reconfigure mosquitto auth
+  make:
+    chdir: "{{ environment_directory }}"
+    target: "{{ auth_file_name }}"
+  notify: restart mosquitto
+
+- name: restart mosquitto
+  systemd:
+    enabled: yes
+    name: mosquitto
+    state: restarted
--- a/roles/mqtt/application/meta/main.yml
+++ b/roles/mqtt/application/meta/main.yml
@ -0,0 +1,5 @@
+---
+
+allow_duplicates: no
+
+dependencies:
--- a/roles/mqtt/application/tasks/main.yml
+++ b/roles/mqtt/application/tasks/main.yml
@ -0,0 +1,50 @@
+---
+
+- name: Install required packages
+  apt:
+    state: present
+    name:
+      - mosquitto
+
+- name: Create configuration environment directory
+  file:
+    state: directory
+    path: "{{ environment_directory }}"
+    owner: root
+    group: root
+    mode: "u=rwx,g=rx,o=rx"
+
+- name: Configure makefile for environment directory
+  template:
+    src: mosquitto.makefile
+    dest: "{{ environment_directory }}/makefile"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+
+- name: Store acl main file
+  template:
+    src: main.acl
+    dest: "{{ environment_directory }}/0_main.acl"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notifiy: reconfigure mosquitto acl
+
+- name: Store auth main file
+  command: >-
+    mosquitto_passwd
+    -b
+    {{ environment_directory | quote }}/0_main.auth
+    {{ admin_user | quote }}
+    {{ admin_pass | quote }}
+  notifiy: reconfigure mosquitto auth
+
+- name: Configure mosquitto configuration
+  template:
+    src: "main.conf"
+    dest: "{{ mosquitto_configuration_directory }}/mosquitto.conf"
+    owner: "root"
+    group: "root"
+    mode: "u=rw,g=r,o=r"
+  notifiy: restart mosquitto
--- a/roles/mqtt/application/templates/main.acl
+++ b/roles/mqtt/application/templates/main.acl
@ -0,0 +1,4 @@
+{{ acl_directives }}
+
+user root
+topic readwrite #
--- a/roles/mqtt/application/templates/main.conf
+++ b/roles/mqtt/application/templates/main.conf
@ -0,0 +1,11 @@
+# Authentication
+allow_anonymous false
+acl_file TODO
+use_username_as_clientid true
+
+# Socket
+protocol mqtt
+port 8883
+
+# TLS
+require_certificate false
--- a/roles/mqtt/application/templates/mosquitto.makefile
+++ b/roles/mqtt/application/templates/mosquitto.makefile
@ -0,0 +1,25 @@
+dest:={{ environment_link_name }}
+
+# acl file generation
+
+acl_files:=$(wildcard *.acl)
+acl_file_name:={{ acl_file_name }}
+acl_file:=${dest}/${acl_file_name}
+
+.PHONY: ${acl_file_name}
+${acl_file_name}: ${acl_file}
+
+${acl_file}: ${acl_files}
+	cat $^ > "$@";
+
+# auth file generation
+
+auth_files:=$(wildcard *.auth)
+auth_file_name:={{ auth_file_name }}
+auth_file:=${dest}/${auth_file_name}
+
+.PHONY: ${auth_file_name}
+${auth_file_name}: ${auth_file}
+
+${auth_file}: ${auth_files}
+	cat $^ > "$@";
--- a/roles/mqtt/user/defaults/main.yml
+++ b/roles/mqtt/user/defaults/main.yml
@ -0,0 +1,8 @@
+---
+
+# user:
+pass: "{{ lookup('password', 'credentials/' + inventory_hostname + '/mqtt/' + username + ' length=80') }}"
+
+read_topics: []
+write_topics: []
+readwrite_topics: []
--- a/roles/mqtt/user/meta/main.yml
+++ b/roles/mqtt/user/meta/main.yml
@ -0,0 +1,6 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - mqtt/application
--- a/roles/mqtt/user/tasks/main.yml
+++ b/roles/mqtt/user/tasks/main.yml
@ -0,0 +1,19 @@
+---
+
+- name: Store acl file for user
+  template:
+    src: user.acl
+    dest: "{{ environment_directory }}/{{ user }}.acl"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reconfigure mosquitto acl
+
+- name: Store auth file for user
+  command: >-
+    mosquitto_passwd
+    -b
+    {{ environment_directory | quote }}/{{ user | quote }}.auth
+    {{ user | quote }}
+    {{ pass | quote }}
+  notifiy: reconfigure mosquitto auth
--- a/roles/mqtt/user/templates/user.acl
+++ b/roles/mqtt/user/templates/user.acl
@ -0,0 +1,13 @@
+user {{ user }}
+
+{% for topic in read_topics %}
+topic read {{ topic }}
+{% endfor %}
+
+{% for topic in write_topics %}
+topic write {{ topic }}
+{% endfor %}
+
+{% for topic in readwrite_topics %}
+topic readwrite {{ topic }}
+{% endfor %}