search

vernemq / docker-vernemq

VerneMQ Docker image - Starts the VerneMQ MQTT broker and listens on 1883 and 8080 (for websockets).
https://vernemq.com
Apache License 2.0
177 stars 230 forks source link

Overwriting default value #177

Closed GiuseppeP closed 4 years ago

GiuseppeP commented 4 years ago

Hello, installing VerneMQ via Helm Chart I found that the custom enviroment variables don't overwrite the default value, but append it to end of file. This way doesn't work for overwrite the default values.

I specified:

  - name: DOCKER_VERNEMQ_VMQ_DIVERSITY__AUTH_MYSQL__ENABLED
    value: "on"

But in vernemq.conf I found:

root@master-1:~# kubectl exec vernemq-0 -- cat /etc/vernemq/vernemq.conf | grep mysql | grep enable
vmq_diversity.auth_mysql.enabled = off
vmq_diversity.auth_mysql.enabled=on

Sadly the result if that the plugin is not loaded

larshesel commented 4 years ago

Hi, to use the mysql authentication you need to enable the vmq_diversity plugin as well. See https://docs.vernemq.com/configuration/db-auth#introduction-and-general-setup

GiuseppeP commented 4 years ago

... Of course I enabled it. In order to prevent any other doubt:

root@master-1:~# kubectl exec vernemq-0 -- cat /etc/vernemq/vernemq.conf | grep diversity | egrep -v "^#"
plugins.vmq_diversity = off
vmq_diversity.script_dir = ./share/lua
vmq_diversity.auth_postgres.enabled = off
vmq_diversity.postgres.ssl = off
vmq_diversity.postgres.password_hash_method = crypt
vmq_diversity.auth_cockroachdb.enabled = off
vmq_diversity.cockroachdb.ssl = on
vmq_diversity.cockroachdb.password_hash_method = bcrypt
vmq_diversity.auth_mysql.enabled = off
vmq_diversity.mysql.password_hash_method = password
vmq_diversity.auth_mongodb.enabled = off
vmq_diversity.mongodb.ssl = off
vmq_diversity.auth_redis.enabled = off
plugins.vmq_diversity=on
vmq_diversity.mysql.port=3306
vmq_diversity.mysql.user=HIDDEN
vmq_diversity.mysql.database=HIDDEN
vmq_diversity.mysql.password=HIDDEN
vmq_diversity.mysql.host=HIDDEN
vmq_diversity.mysql.password_hash_method=sha256
vmq_diversity.auth_mysql.enabled=on
larshesel commented 4 years ago

How do you detect that the plugin isn't loaded? What is the output of exec vernemq-0 -- vmq-admin plugin show ?

GiuseppeP commented 4 years ago 
+-------------+-----------+--------------------+-------------------------------------------+
|   Plugin    |   Type    |      Hook(s)       |                   M:F/A                   |
+-------------+-----------+--------------------+-------------------------------------------+
|vmq_diversity|application|  auth_on_register  |  vmq_diversity_plugin:auth_on_register/5  |
|             |           |  auth_on_publish   |  vmq_diversity_plugin:auth_on_publish/6   |
|             |           | auth_on_subscribe  | vmq_diversity_plugin:auth_on_subscribe/3  |
|             |           |    on_register     |    vmq_diversity_plugin:on_register/3     |
|             |           |     on_publish     |     vmq_diversity_plugin:on_publish/6     |
|             |           |    on_subscribe    |    vmq_diversity_plugin:on_subscribe/3    |
|             |           |   on_unsubscribe   |   vmq_diversity_plugin:on_unsubscribe/3   |
|             |           |     on_deliver     |     vmq_diversity_plugin:on_deliver/4     |
|             |           |auth_on_register_m5 |vmq_diversity_plugin:auth_on_register_m5/6 |
|             |           | auth_on_publish_m5 | vmq_diversity_plugin:auth_on_publish_m5/7 |
|             |           |auth_on_subscribe_m5|vmq_diversity_plugin:auth_on_subscribe_m5/4|
|             |           |   on_register_m5   |   vmq_diversity_plugin:on_register_m5/4   |
|             |           |   on_publish_m5    |   vmq_diversity_plugin:on_publish_m5/7    |
|             |           |  on_subscribe_m5   |  vmq_diversity_plugin:on_subscribe_m5/4   |
|             |           | on_unsubscribe_m5  | vmq_diversity_plugin:on_unsubscribe_m5/4  |
|             |           |   on_deliver_m5    |   vmq_diversity_plugin:on_deliver_m5/5    |
|             |           |     on_auth_m5     |     vmq_diversity_plugin:on_auth_m5/3     |
|             |           | on_offline_message | vmq_diversity_plugin:on_offline_message/5 |
|             |           |  on_client_wakeup  |  vmq_diversity_plugin:on_client_wakeup/1  |
|             |           | on_client_offline  | vmq_diversity_plugin:on_client_offline/1  |
|             |           |   on_client_gone   |   vmq_diversity_plugin:on_client_gone/1   |
+-------------+-----------+--------------------+-------------------------------------------+

I don't see any MySQL, look like using passwd file, but I disable that too:

root@master-1:~# kubectl exec vernemq-0 -- cat /etc/vernemq/vernemq.conf | grep passwd
plugins.vmq_passwd = on
## Default: ./etc/vmq.passwd
vmq_passwd.password_file = ./etc/vmq.passwd
vmq_passwd.password_reload_interval = 10
plugins.vmq_passwd=off
larshesel commented 4 years ago

ok - so the vmq_diversity plugin is loaded, which is good. How do you see that it isn't working? Perhaps there's something in the logs that mysql couldn't connect?

GiuseppeP commented 4 years ago

You're right! MYSQL plugin being loaded but fail the authentication.

13:24:31.814 [info] enable auth script for mysql "./share/lua/auth/mysql.lua"
13:24:31.891 [error] can't load script "./share/lua/auth/mysql.lua" due to {throw,{auth_fail,{error_packet,2,1045,<<"28000">>,"Access denied for user 'ziot'@'k8s1.seewebiot.com' (using password: YES)"}}}

Of course I tested the authentication with mysql-client and it works fine.

I'm using MySQL 8 with authentication_plugin native_password

mysql> select plugin from mysql.user where User='USER'\G;
*************************** 1. row ***************************
plugin: mysql_native_password
1 row in set (0.00 sec)
GiuseppeP commented 4 years ago

I used a low complex password and now it works, looks like a problem in the special character.

Thanks anyway for the support.