search

kpetremann / mqtt-exporter

Simple generic MQTT Prometheus exporter for IoT working out of the box
https://hub.docker.com/r/kpetrem/mqtt-exporter
MIT License
103 stars 29 forks source link

Support TLS with optional CA validation #52

Closed Matthew-Beckett closed 5 months ago

Matthew-Beckett commented 1 year ago

Fixes/Implement: TLS support for MQTT endoints

Description:

This PR will allow you to connect to TLS secured MQTT endpoints. It also allows you to disable verification of the server's certificate if it is not signed by an trusted CA.

Before the commit:

mqtt-exporter_1  | Traceback (most recent call last):
mqtt-exporter_1  |   File "/opt/mqtt-exporter/exporter.py", line 5, in <module>
mqtt-exporter_1  |     main()
mqtt-exporter_1  |   File "/opt/mqtt-exporter/mqtt_exporter/main.py", line 353, in main
mqtt-exporter_1  |     client.connect(settings.MQTT_ADDRESS, settings.MQTT_PORT, settings.MQTT_KEEPALIVE)
mqtt-exporter_1  |   File "/usr/local/lib/python3.10/site-packages/paho/mqtt/client.py", line 914, in connect
mqtt-exporter_1  |     return self.reconnect()
mqtt-exporter_1  |   File "/usr/local/lib/python3.10/site-packages/paho/mqtt/client.py", line 1073, in reconnect
mqtt-exporter_1  |     sock.do_handshake()
mqtt-exporter_1  |   File "/usr/local/lib/python3.10/ssl.py", line 1342, in do_handshake
mqtt-exporter_1  |     self._sslobj.do_handshake()
mqtt-exporter_1  | ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)

After the commit:

DEBUG:mqtt-exporter:Enabling TLS on MQTT client
DEBUG:mqtt-exporter:Not verifying MQTT certificate authority is trusted
DEBUG:mqtt-exporter:Sending CONNECT (u1, p1, wr0, wq0, wf0, c1, k60) client_id=b''
DEBUG:mqtt-exporter:Received CONNACK (0, 0)
INFO:mqtt-exporter:subscribing to "<REDACTED>"
DEBUG:mqtt-exporter:Sending SUBSCRIBE (d0, m1) [(b'<REDACTED>', 0)]
DEBUG:mqtt-exporter:Received SUBACK
kpetremann commented 1 year ago

Hello @Matthew-Beckett,

Nice, thanks for this contribution! Could you please just fix the error reported by the CI? I'll merge it once good.

Matthew-Beckett commented 1 year ago

@kpetremann needs Action running

Matthew-Beckett commented 1 year ago

@kpetremann can you offer some insight into how they imports are failing the tests?

kpetremann commented 1 year ago

@Matthew-Beckett sure, you just need to run isort . to fix the issue.

Result on my side:

#!/usr/bin/env python3
"""MQTT exporter."""

import fnmatch
import json
import logging
import re
import signal
import ssl
import sys

import paho.mqtt.client as mqtt
from prometheus_client import Counter, Gauge, start_http_server

from mqtt_exporter import settings

logging.basicConfig(level=settings.LOG_LEVEL)
LOG = logging.getLogger("mqtt-exporter")
...

If it can help, this is documented in https://github.com/kpetremann/mqtt-exporter/blob/master/CONTRIBUTING.md

kpetremann commented 1 year ago

hello @Matthew-Beckett, was my last message helpful?

Matthew-Beckett commented 1 year ago

Yes, sorry, just been very busy. Will resolve this ASAP.

kpetremann commented 5 months ago

Hi @Matthew-Beckett,

I am closing this PR as I created a replica with needed rebase and fixes - including your commit with you as author :)

see #75