[oe] [PATCH 2/2] mosquitto: add default configuration file
Khem Raj
raj.khem at gmail.com
Fri Jun 1 16:38:20 UTC 2018
On 6/1/18 3:35 AM, Nicola Lunghi wrote:
> From: Nicola Lunghi <nicola.lunghi at jci.com>
>
> Signed-off-by: Nicola Lunghi <nicola.lunghi at jci.com>
> ---
> .../mosquitto/files/mosquitto.conf | 837 ++++++++++++++++++
> .../mosquitto/mosquitto_1.4.14.bb | 4 +
> 2 files changed, 841 insertions(+)
> create mode 100644 meta-networking/recipes-connectivity/mosquitto/files/mosquitto.conf
whats the source of this conf file ? if its adapted from some sample
file, may be we can just use some sed/awk operations in do_install
instead of adding this file explicitly.
>
> diff --git a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.conf b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.conf
> new file mode 100644
> index 0000000000..e4223c75d6
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.conf
> @@ -0,0 +1,837 @@
> +# Config file for mosquitto
> +#
> +# See mosquitto.conf(5) for more information.
> +#
> +# Default values are shown, uncomment to change.
> +#
> +# Use the # character to indicate a comment, but only if it is the
> +# very first character on the line.
> +
> +# =================================================================
> +# General configuration
> +# =================================================================
> +
> +# Time in seconds to wait before resending an outgoing QoS=1 or
> +# QoS=2 message.
> +#retry_interval 20
> +
> +# Time in seconds between updates of the $SYS tree.
> +# Set to 0 to disable the publishing of the $SYS tree.
> +#sys_interval 10
> +
> +# Time in seconds between cleaning the internal message store of
> +# unreferenced messages. Lower values will result in lower memory
> +# usage but more processor time, higher values will have the
> +# opposite effect.
> +# Setting a value of 0 means the unreferenced messages will be
> +# disposed of as quickly as possible.
> +#store_clean_interval 10
> +
> +# Write process id to a file. Default is a blank string which means
> +# a pid file shouldn't be written.
> +# This should be set to /var/run/mosquitto.pid if mosquitto is
> +# being run automatically on boot with an init script and
> +# start-stop-daemon or similar.
> +#pid_file
> +
> +# When run as root, drop privileges to this user and its primary
> +# group.
> +# Leave blank to stay as root, but this is not recommended.
> +# If run as a non-root user, this setting has no effect.
> +# Note that on Windows this has no effect and so mosquitto should
> +# be started by the user you wish it to run as.
> +#user mosquitto
> +
> +# The maximum number of QoS 1 and 2 messages currently inflight per
> +# client.
> +# This includes messages that are partway through handshakes and
> +# those that are being retried. Defaults to 20. Set to 0 for no
> +# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
> +# and 2 messages.
> +#max_inflight_messages 20
> +
> +# The maximum number of QoS 1 and 2 messages to hold in a queue
> +# above those that are currently in-flight. Defaults to 100. Set
> +# to 0 for no maximum (not recommended).
> +# See also queue_qos0_messages.
> +#max_queued_messages 100
> +
> +# Set to true to queue messages with QoS 0 when a persistent client is
> +# disconnected. These messages are included in the limit imposed by
> +# max_queued_messages.
> +# Defaults to false.
> +# This is a non-standard option for the MQTT v3.1 spec but is allowed in
> +# v3.1.1.
> +#queue_qos0_messages false
> +
> +# This option sets the maximum publish payload size that the broker will allow.
> +# Received messages that exceed this size will not be accepted by the broker.
> +# The default value is 0, which means that all valid MQTT messages are
> +# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
> +#message_size_limit 0
> +
> +# This option controls whether a client is allowed to connect with a zero
> +# length client id or not. This option only affects clients using MQTT v3.1.1
> +# and later. If set to false, clients connecting with a zero length client id
> +# are disconnected. If set to true, clients will be allocated a client id by
> +# the broker. This means it is only useful for clients with clean session set
> +# to true.
> +#allow_zero_length_clientid true
> +
> +# If allow_zero_length_clientid is true, this option allows you to set a prefix
> +# to automatically generated client ids to aid visibility in logs.
> +#auto_id_prefix
> +
> +# This option allows persistent clients (those with clean session set to false)
> +# to be removed if they do not reconnect within a certain time frame.
> +#
> +# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
> +#
> +# Badly designed clients may set clean session to false whilst using a randomly
> +# generated client id. This leads to persistent clients that will never
> +# reconnect. This option allows these clients to be removed.
> +#
> +# The expiration period should be an integer followed by one of h d w m y for
> +# hour, day, week, month and year respectively. For example
> +#
> +# persistent_client_expiration 2m
> +# persistent_client_expiration 14d
> +# persistent_client_expiration 1y
> +#
> +# The default if not set is to never expire persistent clients.
> +#persistent_client_expiration
> +
> +# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
> +# and foo/+/baz , then MQTT expects that when the broker receives a message on
> +# a topic that matches both subscriptions, such as foo/bar/baz, then the client
> +# should only receive the message once.
> +# Mosquitto keeps track of which clients a message has been sent to in order to
> +# meet this requirement. The allow_duplicate_messages option allows this
> +# behaviour to be disabled, which may be useful if you have a large number of
> +# clients subscribed to the same set of topics and are very concerned about
> +# minimising memory usage.
> +# It can be safely set to true if you know in advance that your clients will
> +# never have overlapping subscriptions, otherwise your clients must be able to
> +# correctly deal with duplicate messages even when then have QoS=2.
> +#allow_duplicate_messages false
> +
> +# The MQTT specification requires that the QoS of a message delivered to a
> +# subscriber is never upgraded to match the QoS of the subscription. Enabling
> +# this option changes this behaviour. If upgrade_outgoing_qos is set true,
> +# messages sent to a subscriber will always match the QoS of its subscription.
> +# This is a non-standard option explicitly disallowed by the spec.
> +#upgrade_outgoing_qos false
> +
> +# =================================================================
> +# Default listener
> +# =================================================================
> +
> +# IP address/hostname to bind the default listener to. If not
> +# given, the default listener will not be bound to a specific
> +# address and so will be accessible to all network interfaces.
> +# bind_address ip-address/host name
> +#bind_address
> +
> +# Port to use for the default listener.
> +#port 1883
> +
> +# The maximum number of client connections to allow. This is
> +# a per listener setting.
> +# Default is -1, which means unlimited connections.
> +# Note that other process limits mean that unlimited connections
> +# are not really possible. Typically the default maximum number of
> +# connections possible is around 1024.
> +#max_connections -1
> +
> +# Choose the protocol to use when listening.
> +# This can be either mqtt or websockets.
> +# Websockets support is currently disabled by default at compile time.
> +# Certificate based TLS may be used with websockets, except that
> +# only the cafile, certfile, keyfile and ciphers options are supported.
> +#protocol mqtt
> +
> +# When a listener is using the websockets protocol, it is possible to serve
> +# http data as well. Set http_dir to a directory which contains the files you
> +# wish to serve. If this option is not specified, then no normal http
> +# connections will be possible.
> +#http_dir
> +
> +# Set use_username_as_clientid to true to replace the clientid that a client
> +# connected with with its username. This allows authentication to be tied to
> +# the clientid, which means that it is possible to prevent one client
> +# disconnecting another by using the same clientid.
> +# If a client connects with no username it will be disconnected as not
> +# authorised when this option is set to true.
> +# Do not use in conjunction with clientid_prefixes.
> +# See also use_identity_as_username.
> +#use_username_as_clientid
> +
> +# -----------------------------------------------------------------
> +# Certificate based SSL/TLS support
> +# -----------------------------------------------------------------
> +# The following options can be used to enable SSL/TLS support for
> +# this listener. Note that the recommended port for MQTT over TLS
> +# is 8883, but this must be set manually.
> +#
> +# See also the mosquitto-tls man page.
> +
> +# At least one of cafile or capath must be defined. They both
> +# define methods of accessing the PEM encoded Certificate
> +# Authority certificates that have signed your server certificate
> +# and that you wish to trust.
> +# cafile defines the path to a file containing the CA certificates.
> +# capath defines a directory that will be searched for files
> +# containing the CA certificates. For capath to work correctly, the
> +# certificate files must have ".crt" as the file ending and you must run
> +# "c_rehash <path to capath>" each time you add/remove a certificate.
> +#cafile
> +#capath
> +
> +# Path to the PEM encoded server certificate.
> +#certfile
> +
> +# Path to the PEM encoded keyfile.
> +#keyfile
> +
> +# This option defines the version of the TLS protocol to use for this listener.
> +# The default value allows v1.2, v1.1 and v1.0, if they are all supported by
> +# the version of openssl that the broker was compiled against. For openssl >=
> +# 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the
> +# valid values are tlsv1.
> +#tls_version
> +
> +# By default a TLS enabled listener will operate in a similar fashion to a
> +# https enabled web server, in that the server has a certificate signed by a CA
> +# and the client will verify that it is a trusted certificate. The overall aim
> +# is encryption of the network traffic. By setting require_certificate to true,
> +# the client must provide a valid certificate in order for the network
> +# connection to proceed. This allows access to the broker to be controlled
> +# outside of the mechanisms provided by MQTT.
> +#require_certificate false
> +
> +# If require_certificate is true, you may set use_identity_as_username to true
> +# to use the CN value from the client certificate as a username. If this is
> +# true, the password_file option will not be used for this listener.
> +#use_identity_as_username false
> +
> +# If you have require_certificate set to true, you can create a certificate
> +# revocation list file to revoke access to particular client certificates. If
> +# you have done this, use crlfile to point to the PEM encoded revocation file.
> +#crlfile
> +
> +# If you wish to control which encryption ciphers are used, use the ciphers
> +# option. The list of available ciphers can be optained using the "openssl
> +# ciphers" command and should be provided in the same format as the output of
> +# that command.
> +# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
> +#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
> +
> +# -----------------------------------------------------------------
> +# Pre-shared-key based SSL/TLS support
> +# -----------------------------------------------------------------
> +# The following options can be used to enable PSK based SSL/TLS support for
> +# this listener. Note that the recommended port for MQTT over TLS is 8883, but
> +# this must be set manually.
> +#
> +# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
> +# support" section. Only one of certificate or PSK encryption support can be
> +# enabled for any listener.
> +
> +# The psk_hint option enables pre-shared-key support for this listener and also
> +# acts as an identifier for this listener. The hint is sent to clients and may
> +# be used locally to aid authentication. The hint is a free form string that
> +# doesn't have much meaning in itself, so feel free to be creative.
> +# If this option is provided, see psk_file to define the pre-shared keys to be
> +# used or create a security plugin to handle them.
> +#psk_hint
> +
> +# Set use_identity_as_username to have the psk identity sent by the client used
> +# as its username. Authentication will be carried out using the PSK rather than
> +# the MQTT username/password and so password_file will not be used for this
> +# listener.
> +#use_identity_as_username false
> +
> +# When using PSK, the encryption ciphers used will be chosen from the list of
> +# available PSK ciphers. If you want to control which ciphers are available,
> +# use the "ciphers" option. The list of available ciphers can be optained
> +# using the "openssl ciphers" command and should be provided in the same format
> +# as the output of that command.
> +#ciphers
> +
> +# =================================================================
> +# Extra listeners
> +# =================================================================
> +
> +# Listen on a port/ip address combination. By using this variable
> +# multiple times, mosquitto can listen on more than one port. If
> +# this variable is used and neither bind_address nor port given,
> +# then the default listener will not be started.
> +# The port number to listen on must be given. Optionally, an ip
> +# address or host name may be supplied as a second argument. In
> +# this case, mosquitto will attempt to bind the listener to that
> +# address and so restrict access to the associated network and
> +# interface. By default, mosquitto will listen on all interfaces.
> +# Note that for a websockets listener it is not possible to bind to a host
> +# name.
> +# listener port-number [ip address/host name]
> +#listener
> +
> +# The maximum number of client connections to allow. This is
> +# a per listener setting.
> +# Default is -1, which means unlimited connections.
> +# Note that other process limits mean that unlimited connections
> +# are not really possible. Typically the default maximum number of
> +# connections possible is around 1024.
> +#max_connections -1
> +
> +# The listener can be restricted to operating within a topic hierarchy using
> +# the mount_point option. This is achieved be prefixing the mount_point string
> +# to all topics for any clients connected to this listener. This prefixing only
> +# happens internally to the broker; the client will not see the prefix.
> +#mount_point
> +
> +# Choose the protocol to use when listening.
> +# This can be either mqtt or websockets.
> +# Certificate based TLS may be used with websockets, except that only the
> +# cafile, certfile, keyfile and ciphers options are supported.
> +#protocol mqtt
> +
> +# When a listener is using the websockets protocol, it is possible to serve
> +# http data as well. Set http_dir to a directory which contains the files you
> +# wish to serve. If this option is not specified, then no normal http
> +# connections will be possible.
> +#http_dir
> +
> +# Set use_username_as_clientid to true to replace the clientid that a client
> +# connected with with its username. This allows authentication to be tied to
> +# the clientid, which means that it is possible to prevent one client
> +# disconnecting another by using the same clientid.
> +# If a client connects with no username it will be disconnected as not
> +# authorised when this option is set to true.
> +# Do not use in conjunction with clientid_prefixes.
> +# See also use_identity_as_username.
> +#use_username_as_clientid
> +
> +# -----------------------------------------------------------------
> +# Certificate based SSL/TLS support
> +# -----------------------------------------------------------------
> +# The following options can be used to enable certificate based SSL/TLS support
> +# for this listener. Note that the recommended port for MQTT over TLS is 8883,
> +# but this must be set manually.
> +#
> +# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
> +# support" section. Only one of certificate or PSK encryption support can be
> +# enabled for any listener.
> +
> +# At least one of cafile or capath must be defined to enable certificate based
> +# TLS encryption. They both define methods of accessing the PEM encoded
> +# Certificate Authority certificates that have signed your server certificate
> +# and that you wish to trust.
> +# cafile defines the path to a file containing the CA certificates.
> +# capath defines a directory that will be searched for files
> +# containing the CA certificates. For capath to work correctly, the
> +# certificate files must have ".crt" as the file ending and you must run
> +# "c_rehash <path to capath>" each time you add/remove a certificate.
> +#cafile
> +#capath
> +
> +# Path to the PEM encoded server certificate.
> +#certfile
> +
> +# Path to the PEM encoded keyfile.
> +#keyfile
> +
> +# By default an TLS enabled listener will operate in a similar fashion to a
> +# https enabled web server, in that the server has a certificate signed by a CA
> +# and the client will verify that it is a trusted certificate. The overall aim
> +# is encryption of the network traffic. By setting require_certificate to true,
> +# the client must provide a valid certificate in order for the network
> +# connection to proceed. This allows access to the broker to be controlled
> +# outside of the mechanisms provided by MQTT.
> +#require_certificate false
> +
> +# If require_certificate is true, you may set use_identity_as_username to true
> +# to use the CN value from the client certificate as a username. If this is
> +# true, the password_file option will not be used for this listener.
> +#use_identity_as_username false
> +
> +# If you have require_certificate set to true, you can create a certificate
> +# revocation list file to revoke access to particular client certificates. If
> +# you have done this, use crlfile to point to the PEM encoded revocation file.
> +#crlfile
> +
> +# If you wish to control which encryption ciphers are used, use the ciphers
> +# option. The list of available ciphers can be optained using the "openssl
> +# ciphers" command and should be provided in the same format as the output of
> +# that command.
> +#ciphers
> +
> +# -----------------------------------------------------------------
> +# Pre-shared-key based SSL/TLS support
> +# -----------------------------------------------------------------
> +# The following options can be used to enable PSK based SSL/TLS support for
> +# this listener. Note that the recommended port for MQTT over TLS is 8883, but
> +# this must be set manually.
> +#
> +# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
> +# support" section. Only one of certificate or PSK encryption support can be
> +# enabled for any listener.
> +
> +# The psk_hint option enables pre-shared-key support for this listener and also
> +# acts as an identifier for this listener. The hint is sent to clients and may
> +# be used locally to aid authentication. The hint is a free form string that
> +# doesn't have much meaning in itself, so feel free to be creative.
> +# If this option is provided, see psk_file to define the pre-shared keys to be
> +# used or create a security plugin to handle them.
> +#psk_hint
> +
> +# Set use_identity_as_username to have the psk identity sent by the client used
> +# as its username. Authentication will be carried out using the PSK rather than
> +# the MQTT username/password and so password_file will not be used for this
> +# listener.
> +#use_identity_as_username false
> +
> +# When using PSK, the encryption ciphers used will be chosen from the list of
> +# available PSK ciphers. If you want to control which ciphers are available,
> +# use the "ciphers" option. The list of available ciphers can be optained
> +# using the "openssl ciphers" command and should be provided in the same format
> +# as the output of that command.
> +#ciphers
> +
> +# =================================================================
> +# Persistence
> +# =================================================================
> +
> +# If persistence is enabled, save the in-memory database to disk
> +# every autosave_interval seconds. If set to 0, the persistence
> +# database will only be written when mosquitto exits. See also
> +# autosave_on_changes.
> +# Note that writing of the persistence database can be forced by
> +# sending mosquitto a SIGUSR1 signal.
> +#autosave_interval 1800
> +
> +# If true, mosquitto will count the number of subscription changes, retained
> +# messages received and queued messages and if the total exceeds
> +# autosave_interval then the in-memory database will be saved to disk.
> +# If false, mosquitto will save the in-memory database to disk by treating
> +# autosave_interval as a time in seconds.
> +#autosave_on_changes false
> +
> +# Save persistent message data to disk (true/false).
> +# This saves information about all messages, including
> +# subscriptions, currently in-flight messages and retained
> +# messages.
> +# retained_persistence is a synonym for this option.
> +#persistence false
> +
> +# The filename to use for the persistent database, not including
> +# the path.
> +#persistence_file mosquitto.db
> +
> +# Location for persistent database. Must include trailing /
> +# Default is an empty string (current directory).
> +# Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or
> +# similar.
> +#persistence_location
> +
> +# =================================================================
> +# Logging
> +# =================================================================
> +
> +# Places to log to. Use multiple log_dest lines for multiple
> +# logging destinations.
> +# Possible destinations are: stdout stderr syslog topic file
> +#
> +# stdout and stderr log to the console on the named output.
> +#
> +# syslog uses the userspace syslog facility which usually ends up
> +# in /var/log/messages or similar.
> +#
> +# topic logs to the broker topic '$SYS/broker/log/<severity>',
> +# where severity is one of D, E, W, N, I, M which are debug, error,
> +# warning, notice, information and message. Message type severity is used by
> +# the subscribe/unsubscribe log_types and publishes log messages to
> +# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
> +#
> +# The file destination requires an additional parameter which is the file to be
> +# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
> +# closed and reopened when the broker receives a HUP signal. Only a single file
> +# destination may be configured.
> +#
> +# Note that if the broker is running as a Windows service it will default to
> +# "log_dest none" and neither stdout nor stderr logging is available.
> +# Use "log_dest none" if you wish to disable logging.
> +#log_dest stderr
> +
> +# If using syslog logging (not on Windows), messages will be logged to the
> +# "daemon" facility by default. Use the log_facility option to choose which of
> +# local0 to local7 to log to instead. The option value should be an integer
> +# value, e.g. "log_facility 5" to use local5.
> +#log_facility
> +
> +# Types of messages to log. Use multiple log_type lines for logging
> +# multiple types of messages.
> +# Possible types are: debug, error, warning, notice, information,
> +# none, subscribe, unsubscribe, websockets, all.
> +# Note that debug type messages are for decoding the incoming/outgoing
> +# network packets. They are not logged in "topics".
> +#log_type error
> +#log_type warning
> +#log_type notice
> +#log_type information
> +
> +# Change the websockets logging level. This is a global option, it is not
> +# possible to set per listener. This is an integer that is interpreted by
> +# libwebsockets as a bit mask for its lws_log_levels enum. See the
> +# libwebsockets documentation for more details. "log_type websockets" must also
> +# be enabled.
> +#websockets_log_level 0
> +
> +# If set to true, client connection and disconnection messages will be included
> +# in the log.
> +#connection_messages true
> +
> +# If set to true, add a timestamp value to each log message.
> +#log_timestamp true
> +
> +# =================================================================
> +# Security
> +# =================================================================
> +
> +# If set, only clients that have a matching prefix on their
> +# clientid will be allowed to connect to the broker. By default,
> +# all clients may connect.
> +# For example, setting "secure-" here would mean a client "secure-
> +# client" could connect but another with clientid "mqtt" couldn't.
> +#clientid_prefixes
> +
> +# Boolean value that determines whether clients that connect
> +# without providing a username are allowed to connect. If set to
> +# false then a password file should be created (see the
> +# password_file option) to control authenticated client access.
> +# Defaults to true.
> +#allow_anonymous true
> +
> +# In addition to the clientid_prefixes, allow_anonymous and TLS
> +# authentication options, username based authentication is also
> +# possible. The default support is described in "Default
> +# authentication and topic access control" below. The auth_plugin
> +# allows another authentication method to be used.
> +# Specify the path to the loadable plugin and see the
> +# "Authentication and topic access plugin options" section below.
> +#auth_plugin
> +
> +# If auth_plugin_deny_special_chars is true, the default, then before an ACL
> +# check is made, the username/client id of the client needing the check is
> +# searched for the presence of either a '+' or '#' character. If either of
> +# these characters is found in either the username or client id, then the ACL
> +# check is denied before it is sent to the plugin.o
> +#
> +# This check prevents the case where a malicious user could circumvent an ACL
> +# check by using one of these characters as their username or client id. This
> +# is the same issue as was reported with mosquitto itself as CVE-2017-7650.
> +#
> +# If you are entirely sure that the plugin you are using is not vulnerable to
> +# this attack (i.e. if you never use usernames or client ids in topics) then
> +# you can disable this extra check and have all ACL checks delivered to your
> +# plugin by setting auth_plugin_deny_special_chars to false.
> +#auth_plugin_deny_special_chars true
> +
> +# -----------------------------------------------------------------
> +# Default authentication and topic access control
> +# -----------------------------------------------------------------
> +
> +# Control access to the broker using a password file. This file can be
> +# generated using the mosquitto_passwd utility. If TLS support is not compiled
> +# into mosquitto (it is recommended that TLS support should be included) then
> +# plain text passwords are used, in which case the file should be a text file
> +# with lines in the format:
> +# username:password
> +# The password (and colon) may be omitted if desired, although this
> +# offers very little in the way of security.
> +#
> +# See the TLS client require_certificate and use_identity_as_username options
> +# for alternative authentication options.
> +#password_file
> +
> +# Access may also be controlled using a pre-shared-key file. This requires
> +# TLS-PSK support and a listener configured to use it. The file should be text
> +# lines in the format:
> +# identity:key
> +# The key should be in hexadecimal format without a leading "0x".
> +#psk_file
> +
> +# Control access to topics on the broker using an access control list
> +# file. If this parameter is defined then only the topics listed will
> +# have access.
> +# If the first character of a line of the ACL file is a # it is treated as a
> +# comment.
> +# Topic access is added with lines of the format:
> +#
> +# topic [read|write|readwrite] <topic>
> +#
> +# The access type is controlled using "read", "write" or "readwrite". This
> +# parameter is optional (unless <topic> contains a space character) - if not
> +# given then the access is read/write. <topic> can contain the + or #
> +# wildcards as in subscriptions.
> +#
> +# The first set of topics are applied to anonymous clients, assuming
> +# allow_anonymous is true. User specific topic ACLs are added after a
> +# user line as follows:
> +#
> +# user <username>
> +#
> +# The username referred to here is the same as in password_file. It is
> +# not the clientid.
> +#
> +#
> +# If is also possible to define ACLs based on pattern substitution within the
> +# topic. The patterns available for substition are:
> +#
> +# %c to match the client id of the client
> +# %u to match the username of the client
> +#
> +# The substitution pattern must be the only text for that level of hierarchy.
> +#
> +# The form is the same as for the topic keyword, but using pattern as the
> +# keyword.
> +# Pattern ACLs apply to all users even if the "user" keyword has previously
> +# been given.
> +#
> +# If using bridges with usernames and ACLs, connection messages can be allowed
> +# with the following pattern:
> +# pattern write $SYS/broker/connection/%c/state
> +#
> +# pattern [read|write|readwrite] <topic>
> +#
> +# Example:
> +#
> +# pattern write sensor/%u/data
> +#
> +#acl_file
> +
> +# -----------------------------------------------------------------
> +# Authentication and topic access plugin options
> +# -----------------------------------------------------------------
> +
> +# If the auth_plugin option above is used, define options to pass to the
> +# plugin here as described by the plugin instructions. All options named
> +# using the format auth_opt_* will be passed to the plugin, for example:
> +#
> +# auth_opt_db_host
> +# auth_opt_db_port
> +# auth_opt_db_username
> +# auth_opt_db_password
> +
> +
> +# =================================================================
> +# Bridges
> +# =================================================================
> +
> +# A bridge is a way of connecting multiple MQTT brokers together.
> +# Create a new bridge using the "connection" option as described below. Set
> +# options for the bridges using the remaining parameters. You must specify the
> +# address and at least one topic to subscribe to.
> +# Each connection must have a unique name.
> +# The address line may have multiple host address and ports specified. See
> +# below in the round_robin description for more details on bridge behaviour if
> +# multiple addresses are used.
> +# The direction that the topic will be shared can be chosen by
> +# specifying out, in or both, where the default value is out.
> +# The QoS level of the bridged communication can be specified with the next
> +# topic option. The default QoS level is 0, to change the QoS the topic
> +# direction must also be given.
> +# The local and remote prefix options allow a topic to be remapped when it is
> +# bridged to/from the remote broker. This provides the ability to place a topic
> +# tree in an appropriate location.
> +# For more details see the mosquitto.conf man page.
> +# Multiple topics can be specified per connection, but be careful
> +# not to create any loops.
> +# If you are using bridges with cleansession set to false (the default), then
> +# you may get unexpected behaviour from incoming topics if you change what
> +# topics you are subscribing to. This is because the remote broker keeps the
> +# subscription for the old topic. If you have this problem, connect your bridge
> +# with cleansession set to true, then reconnect with cleansession set to false
> +# as normal.
> +#connection <name>
> +#address <host>[:<port>] [<host>[:<port>]]
> +#topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
> +
> +# Set the version of the MQTT protocol to use with for this bridge. Can be one
> +# of mqttv31 or mqttv311. Defaults to mqttv31.
> +#bridge_protocol_version mqttv31
> +
> +# If a bridge has topics that have "out" direction, the default behaviour is to
> +# send an unsubscribe request to the remote broker on that topic. This means
> +# that changing a topic direction from "in" to "out" will not keep receiving
> +# incoming messages. Sending these unsubscribe requests is not always
> +# desirable, setting bridge_attempt_unsubscribe to false will disable sending
> +# the unsubscribe request.
> +#bridge_attempt_unsubscribe true
> +
> +# If the bridge has more than one address given in the address/addresses
> +# configuration, the round_robin option defines the behaviour of the bridge on
> +# a failure of the bridge connection. If round_robin is false, the default
> +# value, then the first address is treated as the main bridge connection. If
> +# the connection fails, the other secondary addresses will be attempted in
> +# turn. Whilst connected to a secondary bridge, the bridge will periodically
> +# attempt to reconnect to the main bridge until successful.
> +# If round_robin is true, then all addresses are treated as equals. If a
> +# connection fails, the next address will be tried and if successful will
> +# remain connected until it fails
> +#round_robin false
> +
> +# Set the client id to use on the remote end of this bridge connection. If not
> +# defined, this defaults to 'name.hostname' where name is the connection name
> +# and hostname is the hostname of this computer.
> +# This replaces the old "clientid" option to avoid confusion. "clientid"
> +# remains valid for the time being.
> +#remote_clientid
> +
> +# Set the clientid to use on the local broker. If not defined, this defaults to
> +# 'local.<clientid>'. If you are bridging a broker to itself, it is important
> +# that local_clientid and clientid do not match.
> +#local_clientid
> +
> +# Set the clean session variable for this bridge.
> +# When set to true, when the bridge disconnects for any reason, all
> +# messages and subscriptions will be cleaned up on the remote
> +# broker. Note that with cleansession set to true, there may be a
> +# significant amount of retained messages sent when the bridge
> +# reconnects after losing its connection.
> +# When set to false, the subscriptions and messages are kept on the
> +# remote broker, and delivered when the bridge reconnects.
> +#cleansession false
> +
> +# If set to true, publish notification messages to the local and remote brokers
> +# giving information about the state of the bridge connection. Retained
> +# messages are published to the topic $SYS/broker/connection/<clientid>/state
> +# unless the notification_topic option is used.
> +# If the message is 1 then the connection is active, or 0 if the connection has
> +# failed.
> +#notifications true
> +
> +# Choose the topic on which notification messages for this bridge are
> +# published. If not set, messages are published on the topic
> +# $SYS/broker/connection/<clientid>/state
> +#notification_topic
> +
> +# Set the keepalive interval for this bridge connection, in
> +# seconds.
> +#keepalive_interval 60
> +
> +# Set the start type of the bridge. This controls how the bridge starts and
> +# can be one of three types: automatic, lazy and once. Note that RSMB provides
> +# a fourth start type "manual" which isn't currently supported by mosquitto.
> +#
> +# "automatic" is the default start type and means that the bridge connection
> +# will be started automatically when the broker starts and also restarted
> +# after a short delay (30 seconds) if the connection fails.
> +#
> +# Bridges using the "lazy" start type will be started automatically when the
> +# number of queued messages exceeds the number set with the "threshold"
> +# parameter. It will be stopped automatically after the time set by the
> +# "idle_timeout" parameter. Use this start type if you wish the connection to
> +# only be active when it is needed.
> +#
> +# A bridge using the "once" start type will be started automatically when the
> +# broker starts but will not be restarted if the connection fails.
> +#start_type automatic
> +
> +# Set the amount of time a bridge using the automatic start type will wait
> +# until attempting to reconnect. Defaults to 30 seconds.
> +#restart_timeout 30
> +
> +# Set the amount of time a bridge using the lazy start type must be idle before
> +# it will be stopped. Defaults to 60 seconds.
> +#idle_timeout 60
> +
> +# Set the number of messages that need to be queued for a bridge with lazy
> +# start type to be restarted. Defaults to 10 messages.
> +# Must be less than max_queued_messages.
> +#threshold 10
> +
> +# If try_private is set to true, the bridge will attempt to indicate to the
> +# remote broker that it is a bridge not an ordinary client. If successful, this
> +# means that loop detection will be more effective and that retained messages
> +# will be propagated correctly. Not all brokers support this feature so it may
> +# be necessary to set try_private to false if your bridge does not connect
> +# properly.
> +#try_private true
> +
> +# Set the username to use when connecting to a broker that requires
> +# authentication.
> +# This replaces the old "username" option to avoid confusion. "username"
> +# remains valid for the time being.
> +#remote_username
> +
> +# Set the password to use when connecting to a broker that requires
> +# authentication. This option is only used if remote_username is also set.
> +# This replaces the old "password" option to avoid confusion. "password"
> +# remains valid for the time being.
> +#remote_password
> +
> +# -----------------------------------------------------------------
> +# Certificate based SSL/TLS support
> +# -----------------------------------------------------------------
> +# Either bridge_cafile or bridge_capath must be defined to enable TLS support
> +# for this bridge.
> +# bridge_cafile defines the path to a file containing the
> +# Certificate Authority certificates that have signed the remote broker
> +# certificate.
> +# bridge_capath defines a directory that will be searched for files containing
> +# the CA certificates. For bridge_capath to work correctly, the certificate
> +# files must have ".crt" as the file ending and you must run "c_rehash <path to
> +# capath>" each time you add/remove a certificate.
> +#bridge_cafile
> +#bridge_capath
> +
> +# Path to the PEM encoded client certificate, if required by the remote broker.
> +#bridge_certfile
> +
> +# Path to the PEM encoded client private key, if required by the remote broker.
> +#bridge_keyfile
> +
> +# When using certificate based encryption, bridge_insecure disables
> +# verification of the server hostname in the server certificate. This can be
> +# useful when testing initial server configurations, but makes it possible for
> +# a malicious third party to impersonate your server through DNS spoofing, for
> +# example. Use this option in testing only. If you need to resort to using this
> +# option in a production environment, your setup is at fault and there is no
> +# point using encryption.
> +#bridge_insecure false
> +
> +# -----------------------------------------------------------------
> +# PSK based SSL/TLS support
> +# -----------------------------------------------------------------
> +# Pre-shared-key encryption provides an alternative to certificate based
> +# encryption. A bridge can be configured to use PSK with the bridge_identity
> +# and bridge_psk options. These are the client PSK identity, and pre-shared-key
> +# in hexadecimal format with no "0x". Only one of certificate and PSK based
> +# encryption can be used on one
> +# bridge at once.
> +#bridge_identity
> +#bridge_psk
> +
> +
> +# =================================================================
> +# External config files
> +# =================================================================
> +
> +# External configuration files may be included by using the
> +# include_dir option. This defines a directory that will be searched
> +# for config files. All files that end in '.conf' will be loaded as
> +# a configuration file. It is best to have this as the last option
> +# in the main file. This option will only be processed from the main
> +# configuration file. The directory specified must not contain the
> +# main configuration file.
> +#include_dir
> +
> +# =================================================================
> +# rsmb options - unlikely to ever be supported
> +# =================================================================
> +
> +#ffdc_output
> +#max_log_entries
> +#trace_level
> +#trace_output
> diff --git a/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb b/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb
> index ea76c36e61..9fea03a5c8 100644
> --- a/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb
> +++ b/meta-networking/recipes-connectivity/mosquitto/mosquitto_1.4.14.bb
> @@ -16,6 +16,7 @@ SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \
> file://0003-makefile-remove-example-files-from-installation.patch \
> file://mosquitto.service \
> file://mosquitto.init \
> + file://mosquitto.conf \
> "
>
> SRC_URI[md5sum] = "6b0966e93f118bc71ad7b61600a6c2d3"
> @@ -49,6 +50,7 @@ do_install() {
> install -m 0644 ${WORKDIR}/mosquitto.service ${D}${systemd_unitdir}/system/
>
> install -d ${D}${sysconfdir}/mosquitto
> + install -m 0644 ${WORKDIR}/mosquitto.conf ${D}${sysconfdir}/mosquitto/mosquitto.conf
>
> install -d ${D}${sysconfdir}/init.d/
> install -m 0755 ${WORKDIR}/mosquitto.init ${D}${sysconfdir}/init.d/mosquitto
> @@ -76,6 +78,8 @@ FILES_${PN}-clients = "${bindir}/mosquitto_pub \
> ${bindir}/mosquitto_sub \
> "
>
> +CONFFILES_${PN} = "${sysconfdir}/mosquitto"
> +
> SYSTEMD_SERVICE_${PN} = "mosquitto.service"
>
> INITSCRIPT_NAME = "mosquitto"
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20180601/636735e5/attachment-0002.sig>
More information about the Openembedded-devel
mailing list