When running the script outside of HASSIO (eg: docker/kubernetes), it is possible to define a secret that contains the usernames and password in a way that appends a newline to the end of the string. This will have several side effects:
the MQTT server will either return a Connection Reset by Peer (if the mqtt is behind a reverse proxy), or a Protocol Error or an Unspecified Error instead of the client error Connection Refused: Bad username or password or Connection Refused: Authorization error
the python logging will swallow the '\n' when printing the environment.
running the script manually inside the container will succeed but via a job or cronjob will fail and the log will be identical.
From my side, I spent days following red herrings on the kubernetes network and routing layer because of the Protocol Error. I tried MQTT, MQTTS, tlsv1.2, tlsv1.3, setting certificates, with and without reverse proxy, websockets, running on the same node, NodePort/ClusterIP, etc.
In sum, when creating a new kubernetes secret, use:
echo -n "password" | base64 instead of
echo "password" | base64
To be honest, this is not a bug in the code but rather an issue that will be logged and potentially crawled by google and github in case someone else is hit by this while using this addon so please feel free to immediately close it!
When running the script outside of HASSIO (eg: docker/kubernetes), it is possible to define a secret that contains the usernames and password in a way that appends a newline to the end of the string. This will have several side effects:
Connection Reset by Peer(if the mqtt is behind a reverse proxy), or aProtocol Erroror anUnspecified Errorinstead of the client errorConnection Refused: Bad username or passwordorConnection Refused: Authorization errorFrom my side, I spent days following red herrings on the kubernetes network and routing layer because of the
Protocol Error. I triedMQTT,MQTTS,tlsv1.2,tlsv1.3, setting certificates, with and without reverse proxy, websockets, running on the same node, NodePort/ClusterIP, etc.In sum, when creating a new kubernetes secret, use:
echo -n "password" | base64instead ofecho "password" | base64To be honest, this is not a bug in the code but rather an issue that will be logged and potentially crawled by google and github in case someone else is hit by this while using this addon so please feel free to immediately close it!