MQTT User?

[jwilleke]

The problem

What to do with MQTT User?

Documentation Page says: _Create a new user for MQTT via the Configuration -> Users (manage users). Notes:

This name cannot be homeassistant or addon, those are reserved usernames. If you do not see the option to create a new user, ensure that Advanced Mode is enabled in your profile._

But I fail to see what is to be done with this created user?

Environment

• Add-on with the issue: MQTT
• Add-on release with the issue: Current version: 5.1
• Last working add-on release (if known):
• Operating environment (OS/Supervised): Home Assistant OS 5.10/core-2021.1.3/supervisor-2021.01.4

Problem-relevant configuration

logins: []
anonymous: false
customize:
  active: false
  folder: mosquitto
certfile: fullchain.pem
keyfile: privkey.pem
require_certificate: false

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.68.0/24
        - fd00::/8
        - 127.0.0.1
    - type: homeassistant

Traceback/Error logs

1610790452: Socket error on client <unknown>, disconnecting.
1610790467: New connection from 172.30.32.1 on port 1883.
1610790467: Socket error on client <unknown>, disconnecting.

Additional information

[nadovich]

Yes, I was wondering the same thing myself. What's that user for and what are those errors all about.

[fliphess]

The addons user is used for the bashio::services discovery for MQTT credentials for addons, the homeassistant user is used for autoconfiguration of core: https://github.com/home-assistant/addons/blob/aa4f2d7f0f447c57b4cd4ebda24ebc738a3d3176/mosquitto/data/run.sh#L134

[nadovich]

I don't think you understand what we're saying @fliphess. The docs say to create a user in HA, but they don't say where to put that username/password after it's been created. There's no suggestion that it's to be entered into any add on configuration or anywhere else. I looked at the shell script you quote. Please explain why you think that line answers our question.

[nadovich]

You can scan through the forum/chat and find this same issue repeatedly identified with no answer.

[fliphess]

Sorry, I'll extend my answer a bit:

I'm responding to:

Yes, I was wondering the same thing myself. What's that user for and what are those errors all about.

And:

But I fail to see what is to be done with this created user?

If all goes well (your mosquitto addon installs properly and starts successfully), there is no need to configure home assistant (and the addons that support it) to connect to mosquitto as this is done using discovery through supervisor.

Under the hood this means the startup script of the mosquitto service (The one that I quoted), creates two sets of user credentials at startup: one for the user homeassistant and one for the user addons and registers those users and passwords in supervisor so that homeassistant and addons (that support it) can use those credentials to connect to mosquitto.

What the docs mention is that you can also create additional user credentials for mosquitto by adding users in home assistant.

These additional user accounts, that you can create for your other devices, cannot be one of either addons or homeassistant as these usernames are already in use for authenticating connections to mqtt from the addons containers and the home assistant instance.

There is no need to create a manual user in home assistant for this addon to work, but when you need more useraccounts for your devices to connect, you can do that, there is only a limitation in which usernames this can be ;)

Hope this explains it a bit more 👍

[fliphess]

The Socket error on client errors can be multiple things (it's quite a generic error)

Can you check if you have declared yaml configuration for mqtt while using the addon? It happens that home assistant tries to connect using the old creds from yaml while mosquitto expects the credentials that are set at startup

Setting logging to debug could point you in the right direction too

[nadovich]

Thank you for your excellent explanation. If I understand it correctly, then the docs are very misleading. The docs seem to imply that this extra user/pass MUST BE CREATED as part of the installation and configuration of the add on. Whoever maintains that addon should change the doc to remove this seemingly required step from the instructions, or at least add your sentence: "There is no need to create a manual user in home assistant for this addon to work, but when you need more useraccounts for your devices to connect, you can do that, there is only a limitation in which usernames this can be".

In the specific case of the OpenZwave (beta) addon, there doesn't seem to be a place to configure a user/pass for MQTT access by that OZWB addon. Would you think that the OZWB addon uses the autocreated "homeassistant" or "addons" user for its communication with MQTT? That would be my guess based on what you said @fliphess

[nadovich]

Regarding the socket error and YAML configuration. I don't do any YAML configuration for MQTT + OZWB because the docs don't explicitly say to do any. Is this another error in the docs?

[fliphess]

The docs seem to imply that this extra user/pass MUST BE CREATED as part of the installation and configuration of the add on.

In a way that is true assuming you need to create user accounts for your devices (excluding homeassistant and addons)....

In the specific case of the OpenZwave (beta) addon, there doesn't seem to be a place to configure a user/pass for MQTT access by that OZWB addon.

I'm not sure about the openzwave module (don't use it myself), it seems to have it's own mosquitto daemon attached, which is another story... (This is not really bug or issue material, so I think you'd better ask more about that on discord)

[fliphess]

Regarding the socket error and YAML configuration. I don't do any YAML configuration for MQTT + OZWB because the docs don't explicitly say to do any. Is this another error in the docs?

Try adding:

logging: debug

... To the mosquitto addon configuration, it should show you more about what is going on with the authentication

[nadovich]

Cool. I will. I should note, BTW, that I'm not the guy that created this issue. @jwilleke did. I just agreed with him that it's an issue that confuses a LOT of people. It's also quite possible that the HA <-> MQTT <-> OZW interface is broken somehow in a related way -- related to authentication. Or it could be something else. Nevetheless, I can't get my ZWave RGBW devices to work with the standard install -- devices that I'm assured by the manufacturer "used to work" in earlier versions of HA -- and everything seems to point to some kind of MQTT interface lossage. In any case, at a minimum I think the doc should be fixed as suggested above. It would help people.

[jwilleke]

Well, I have spent hours trying to understand how this is configured and how it even supposed to work. I am new at home assistant but been working with technology for many years.

It appears you make too many assumptions that users of this just do not understand.

You mention: "check if you have declared yaml configuration for mqtt". Where might I check that?

Try adding: logging: debug Where would I do that? Adding to configuration.yaml is not valid.

Where does this IP Address come from? 1610790467: New connection from 172.30.32.1 on port 1883. I have not setup any IP Address like that so I wouldGuess it is a docker container running the add on.

Running:

mosquitto_pub -h 172.30.32.1 -t home-assistant/switch/1/on -m "Switch is ON"
Connection error: Connection Refused: not authorised.

And then there is this almost hidden page https://homeassistant.local:8123/config/mqtt?config_entry=--contentsurpressed--

Which generates: (a real quick message saying something like: "Service not Found"

Meanwhile nothing seems to work. MQTT Log:

[18:01:52] INFO: Setup mosquitto configuration
[18:01:52] INFO: No local user available
[18:01:53] INFO: Initialize Hass.io Add-on services
[18:01:53] INFO: Initialize Home Assistant discovery
[18:01:53] INFO: Start Mosquitto daemon
1611097313: mosquitto version 1.6.3 starting
1611097313: Config loaded from /etc/mosquitto.conf.
1611097313: Loading plugin: /usr/share/mosquitto/auth-plug.so
1611097313: |-- *** auth-plug: startup
1611097313:  ├── Username/password checking enabled.
1611097313:  ├── TLS-PSK checking enabled.
1611097313:  └── Extended authentication not enabled.
1611097313: Opening ipv4 listen socket on port 1883.
1611097313: Opening ipv6 listen socket on port 1883.
1611097313: Opening websockets listen socket on port 1884.
1611097313: Opening ipv4 listen socket on port 8883.
1611097313: Opening ipv6 listen socket on port 8883.
1611097313: Opening websockets listen socket on port 8884.
1611097313: Warning: Mosquitto should not be run as root/administrator.
...
1611172777: New connection from 172.30.32.1 on port 1883.
1611172777: Socket error on client <unknown>, disconnecting.
1611172954: Saving in-memory database to /data/mosquitto.db.
1611173597: New connection from 172.30.32.1 on port 1883.
1611173597: Socket error on client <unknown>, disconnecting.

Found this error in home-assistant.log

2021-01-20 15:28:05 ERROR (MainThread) [homeassistant.config_entries] Error setting up entry configuration.yaml for mqtt
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 236, in async_setup
    result = await component.async_setup_entry(hass, self)  # type: ignore
  File "/usr/src/homeassistant/homeassistant/components/mqtt/__init__.py", line 555, in async_setup_entry
    await hass.data[DATA_MQTT].async_connect()
  File "/usr/src/homeassistant/homeassistant/components/mqtt/__init__.py", line 808, in async_connect
    self.conf[CONF_BROKER],
KeyError: 'broker'

[nadovich]

Hats off to you @jwilleke. As you say: "It appears you make too many assumptions that users of this just do not understand." I'd edit that to add the word "new" in front of users, but that's not to suggest that us new users are idiots. I'm an experienced engineer with 40+ years experience hacking all sorts of abysmally documented and poorly designed crap. No doubt you have a similar claim. The issue from my perspective is that these HA "add ons" are presented as done-deal debugged packages that people are supposed to pop in and expect to "just work", and the way they are implemented hides all the tweaking possibilities that would be needed to make them work if they don't. Clearly "just work" has not been achieved in the case of the OZW (beta) plug in and all we can do, you and I, is to report what's wrong with it and find another way to accomplish our goals.

[akram]

Hi,

is it me or the "Users" tab in recent homeassistant is not here anymore? Before:

After:

[akram]

ok, find it. There a smaaaaaal link at the end of the page. It is required to enable "Advanced options" then "Users" will appear. And then, it is possible to create a user just like it was before. And then mosquitto can work.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[GaTechThomas]

@jwilleke Did you get any relief on this topic? You took the words out of my mouth. It is exasperating to spend most of a weekend trying to get things like this work, and to end the weekend worse off than the beginning.

[jwilleke]

@jwilleke Did you get any relief on this topic? You took the words out of my mouth. It is exasperating to spend most of a weekend trying to get things like this work, and to end the weekend worse off than the beginning.

Nothing but what is in this thread. I have spent many hours and many $$$$ and IMHO the entries home assistant thing is Alpha at best mostly due to the scattered hap-hazard documentation.

[GaTechThomas]

@jwilleke Did you get any relief on this topic? You took the words out of my mouth. It is exasperating to spend most of a weekend trying to get things like this work, and to end the weekend worse off than the beginning.

Nothing but what is in this thread. I have spent many hours and many $$$$ and IMHO the entries home assistant thing is Alpha at best mostly due to the scattered hap-hazard documentation.

I am sooo with you. I'm thinking that we need a good wiki. I suspect that you and I aren't the only ones feeling these pains. The architecture of this system is strong, and most things are just a step away from being ready for public consumption, so I'm willing to put in some time to try to make things better. Interested?