https://netmaker.org logo
Join Discord
Powered by
okay found the error and fixed it (maybe temporari...
# client
f
okay found the error and fixed it (maybe temporarily). However, not sure why this was required. 1. The mqtt container was not able to read the file 
mosquitto_dynamic_security.so
due to permission issues (as per the log). Although it was available in the proper path 
/usr/lib
and had the correct permissions 2. I copied the file from the container and placed it in the 
volumes
of the docker compose file of mqtt. However, removing and restarting the mqtt container still does not pick up the file giving the impression that this 
mosquitto_dynamic_security.so
is probably corrupt 3. Edited the 
mosquitto.conf
and commented out the statement for the plugin. Any idea why this plugin is required and what it does? 4. Restarting the mqtt container, now makes all the connections fine, finally!. I made the allow_anonymous also true for good measure. This mqtt container is not accessible outside the node as i have not exposed the mqtt ports. This mqtt is accesible only within the netmaker network.
Copy code
per_listener_settings false
listener 8883
allow_anonymous true

listener 1883
allow_anonymous true

#plugin /usr/lib/mosquitto_dynamic_security.so
#plugin_opt_config_file /mosquitto/data/dynamic-security.json
b
the dynamic security module controls access to mq. Your changes have completly disabled the access controls and anyone can connect to your broker.
f
I know, but the broker ports are not exposed
Also any idea whatz the root cause of that plugin not working?
b
you would have to provide additional details, starting with your docker compose file
f
I actually used the quick installation method (using custom domain), however, when the netmaker was not working i found the root cause is this mqtt broker
So techically never modified the compose file
b
the nodes connect to the broker at the following url mqtts://broker. and anyone else can connect to that same endpoint with your current settings
f
ah didn't see that the 443 is enabled and bypassed to the mqtt by traefik
so back to the original question how do I resolve the 
mosquitto_dynamic_security.so
? the container had correct permissions
the netmaker is in ubuntu
b
the mosquitto container has the proper dynamic security shared lib and you should not touch it. If you suspect it is somehow corrupted, delete the image and repull the image from docker hub
f
well I did that earlier. let me try again though to setup by scratch. Is there a way when instaling via quick method to redirect all the compose and other files into custom path? currently it installs in /root by default
b
no, the quick method is an opinionated install script...... if you want to change I suggest you execute the step manually
f
okay. Let me go through the install steps in details. However, this mqtt issue aside, netmaker rocks! my earlier manual wireguard setup was a pain
1 last q - if I want to uninstall my current setup - I just terminate the containers and remove the files from /root - anything else to be done for clean uninstall?
b
there are the docker volumes that you could clean up
f
ah yes, thanks!
well, even after doing the manual quick install I still get this mq permission error
Copy code
Starting MQ...
1668296695: mosquitto version 2.0.11 starting
1668296695: Config loaded from /mosquitto/config/mosquitto.conf.
1668296695: Loading plugin: /usr/lib/mosquitto_dynamic_security.so
1668296695: Error loading Dynamic security plugin config: File is not readable - check permissions.

1668296695: Opening ipv4 listen socket on port 8883.
1668296695: Opening ipv6 listen socket on port 8883.
1668296695: Opening ipv4 listen socket on port 1883.
1668296695: Opening ipv6 listen socket on port 1883.
1668296695: mosquitto version 2.0.11 running
1668296725: New connection from 172.18.0.2:59642 on port 8883.
1668296725: Client <unknown> disconnected, not authorised.
1668296726: New connection from 172.18.0.2:59654 on port 8883.
1668296726: Client <unknown> disconnected, not authorised.
10 Views
PreviousNext
Powered by