You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
> The move overwrites the default. At this point, the moved file will probably be owned by user "pi" but that does not matter.
184
-
184
+
185
185
2. Mosquitto will always enforce correct ownership (1883:1883) on any restart but it will not overwrite permissions. If in doubt, use mode 644 as your default for permissions:
186
186
187
187
```bash
@@ -193,7 +193,7 @@ Using `mosquitto.conf` as the example, assume you wish to use your existing file
193
193
```bash
194
194
$ docker-compose restart mosquitto
195
195
```
196
-
196
+
197
197
4. Check your work:
198
198
199
199
```bash
@@ -279,7 +279,7 @@ A common problem with the previous version of Mosquitto for IOTstack occurred wh
279
279
The Mosquitto container performs self-repair each time the container is brought up or restarts. If `pwfile` is missing, an empty file is created as a placeholder. This prevents the restart loop. What happens next depends on `allow_anonymous`:
280
280
281
281
* If `true` then:
282
-
282
+
283
283
- Any MQTT request *without* credentials will be permitted;
284
284
- Any MQTT request *with* credentials will be rejected (because `pwfile` is empty so there is nothing to match on).
285
285
@@ -292,13 +292,17 @@ To create a username and password, use the following as a template.
Replace «username» and «password» with appropriate values, then execute the command. For example, to create the username "hello" with password "world":
297
-
297
+
298
298
```
299
299
$ docker exec mosquitto mosquitto_passwd -b /mosquitto/pwfile/pwfile hello world
300
300
```
301
-
301
+
302
+
Note:
303
+
304
+
* See also [customising health-check](#healthCheckCustom). If you are creating usernames and passwords, you may also want to create credentials for the health-check agent.
## <aname="healthCheck"> Container health check </a>
484
+
485
+
### <aname="healthCheckTheory"> theory of operation </a>
486
+
487
+
A script , or "agent", to assess the health of the Mosquitto container has been added to the *local image* via the *Dockerfile*. In other words, the script is specific to IOTstack.
488
+
489
+
The agent is invoked 30 seconds after the container starts, and every 30 seconds thereafter. The agent:
490
+
491
+
* Publishes a retained MQTT message to the broker running in the same container. The message payload is the current date and time, and the default topic string is:
492
+
493
+
```
494
+
iotstack/mosquitto/healthcheck
495
+
```
496
+
497
+
* Subscribes to the same broker for the same topic for a single message event.
498
+
* Compares the payload sent with the payload received. If the payloads (ie time-stamps) match, the agent concludes that the Mosquitto broker (the process running inside the same container) is functioning properly for round-trip messaging.
* This assumes you are running the command *outside* container-space on the *same* host as your Mosquitto container. If you run this command from *another* host, replace `localhost` with the IP address or domain name of the host where your Mosquitto container is running.
542
+
* The `-p 1883` is the *external* port. You will need to adjust this if you are using a different *external* port for your MQTT service.
543
+
* If you enable authentication for your Mosquitto broker, you will need to add `-u «user»` and `-P «password»` parameters to this command.
544
+
* You should expect to see a new message appear approximately every 30 seconds. That indicates the health-check agent is functioning normally. Use <kbd>control</kbd>+<kbd>c</kbd> to terminate the command.
You can customise the operation of the health-check agent by editing the `mosquitto` service definition in your *Compose* file:
549
+
550
+
1. By default, the mosquitto broker listens to **internal** port 1883. If you need change that port, you also need to inform the health-check agent via an environment variable. For example, suppose you changed the **internal** port to 12345:
551
+
552
+
```yaml
553
+
environment:
554
+
- HEALTHCHECK_PORT=12345
555
+
```
556
+
557
+
2. If the default topic string used by the health-check agent causes a name-space collision, you can override it. For example, you could use a Universally-Unique Identifier (UUID):
* You will also need to use the same topic string in the `mosquitto_sub` command shown at [monitoring health-check](#healthCheckMonitor).
567
+
568
+
3. If you have enabled authentication for your Mosquitto broker service, you will need to provide appropriate credentials for your health-check agent:
569
+
570
+
```yaml
571
+
environment:
572
+
- HEALTHCHECK_USER=healthyUser
573
+
- HEALTHCHECK_PASSWORD=healthyUserPassword
574
+
```
575
+
576
+
4. If the health-check agent misbehaves in your environment, or if you simply don't want it to be active, you can disable all health-checking for the container by adding the following lines to its service definition:
577
+
578
+
```yaml
579
+
healthcheck:
580
+
disable: true
581
+
```
582
+
583
+
Notes:
584
+
585
+
* The directives to disable health-checking are independent of the environment variables. If you want to disable health-checking temporarily, there is no need to remove any `HEALTHCHECK_` environment variables that may already be in place.
586
+
* Conversely, the mere presence of a `healthcheck:` clause in the `mosquitto` service definition overrides the supplied agent. In other words, the following can't be used to re-enable the supplied agent:
@@ -549,7 +665,7 @@ If you need to pin Mosquitto to a particular version:
549
665
```
550
666
551
667
The new *local image* is built, then the new container is instantiated based on that image. The `prune` deletes the old *local image*.
552
-
668
+
553
669
Note:
554
670
555
671
* As well as preventing Docker from updating the *base image*, pinning will also block incoming updates to the *Dockerfile* from a `git pull`. Nothing will change until you decide to remove the pin.
@@ -585,7 +701,7 @@ If you have a use-case that needs port 9001, you can re-enable support by:
585
701
listener 1883
586
702
listener 9001
587
703
```
588
-
704
+
589
705
You need **both** lines. If you omit 1883 then Mosquitto will stop listening to port 1883 and will only listen to port 9001.
0 commit comments