Mosquito update 4.1 - ACL messages in logs

I switched to the Community MQTT & HiveMQ add on and it seems to be more reliable again. I have a couple of clients that refused to stay connected to the official 4.1 release now. After removing and reconfiguring to the community add-on, all my old stuff started working immediately again.

1 Like

I added users to HA, removed MQTT config from config.yaml, works OK.
Then I enabled acl as described above and log flood disapeared, but with each connection log show client user name and password in clear text, which “security expert” programed it???

Blockquote
1552674144: |-- mosquitto_auth_unpwd_check(hasscore) 1552674144: |-- ** checking backend http 1552674144: |-- url=http://127.0.0.1:8080/login 1552674144: |-- data=username=…name…&password=…pwd…&topic=&acc=-1&clientid= [INFO] found hasscore on Home Assistant 1552674146: |-- getuser(hasscore) AUTHENTICATED=1 by http
Blockquote

1 Like

HI, you sure is that? Somewhere else I red its

topic readwrite #

also you know how to allow access without username?

Also how to put if you have 2 usernames

user bobby
topic readwrite # 

user paul
topic readwrite #  

?

user bobby
topic #

This format works for me.

It’s not a breaking change and didn’t break anything for my system… Perhaps instead of ranting you can post the broker config here?

Oh it’s definitely very broken. No more communication between mosquitto broker and my hubitat bridge.

I just rolled back as described here:

As far as ranting goes, I’ve been working in this industry for 30 years and its more than time that more people are held liable and/or called out for crap code and sloppy rollouts. As seems to be the case with the 737 Max, bad software is now killing people.

1 Like

I agree with you on the breaking/modified. The HA dev team plays fast and loose with backwards compatibility and testing.

It wouldn’t matter so much if these were minor things, but people’s houses are directly affected by these kinds of things.

2 Likes

– deleted since context was missing.

I’m still confused.

HA seems to be working with the Mosquitto 4.1 aadon except after every HA version update I have to restart HA once more.

I would like to try adding the ACL files but am not sure what I need. I do not want unrestricted access.

I have one user, “mqtt_user”, that all my devices use. It’s a home assistant user. So I guess I add this to the file:

user mqtt_user
topic #

Do I also need to add an entry for home assistant to access the broker?

ACL wouldn’t work for me until I added homeassistant user as well. I have no idea why. You also need to set active: true in the broker. You should then see the errors and warnings go away.

So to be 100% clear, I do this:

  1. Edit the broker config to be this and save:
  "customize": {
    "active": true,
    "folder": "mosquitto"
  1. create /share/mosquitto/acl.conf and add the line
acl_file /share/mosquitto/accesscontrollist
  1. create /share/mosquitto/accesscontrollist and add
user mqtt_user
topic #
user homeassistant
topic #
  1. restart broker
1 Like

That did it for me yes.

1 Like

I’ve completed it and everything still seems to be working. The test will be next HA version update.

1 Like

I’m on 0.91.0 now and it’s working well… A few custom components needed to be updated but otherwise no issues. (all the ones I was using updated already) The early betas were so bad I had to roll back but the release version is awesome. I also had to reconfigure my Yeelights as they are now their own platform but it is pretty stable here.

I’m on 0.91.0 as well. The last two updates (including that one) caused mqtt broker spaz-outs for me (fixed with more HA restarts). I believe this started to occur after updating the broker to v4.1 so I’m hoping this fixes it when the 0.92 update comes around.

I saw @cogneato had the same issue but I have never seen that.

Well that didn’t last long. Just lost connection to all my mqtt devices.

Seems to be authenticating correctly, system log:

19-04-05 02:00:32 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user
19-04-05 02:00:33 INFO (MainThread) [hassio.auth] Success login from mqtt_user
19-04-05 02:00:34 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user
19-04-05 02:00:35 INFO (MainThread) [hassio.auth] Success login from mqtt_user
19-04-05 02:00:35 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user
19-04-05 02:00:37 INFO (MainThread) [hassio.auth] Success login from mqtt_user
19-04-05 02:00:37 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user

But there are socket errors in the broker log:

1554429736: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429736: Client sonoff_dining_heater_north already connected, closing old connection.
1554429736: Socket error on client sonoff_dining_heater_north, disconnecting.
1554429736: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429736: |-- ** checking backend http
1554429736: |-- url=http://127.0.0.1:8080/login
1554429736: |-- data=username=mqtt_user&password=readcted&topic=&acc=-1&clientid=
1554429736: New client connected from 10.1.1.188 as sonoff_dining_heater_north (c1, k15, u'mqtt_user').
[INFO] found mqtt_user on Home Assistant
1554429737: Client sonoff_dishwasher already connected, closing old connection.
1554429737: Socket error on client sonoff_dishwasher, disconnecting.
1554429737: New client connected from 10.1.1.192 as sonoff_dishwasher (c1, k15, u'mqtt_user').
1554429737: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429737: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429737: |-- ** checking backend http
1554429737: |-- url=http://127.0.0.1:8080/login
1554429737: |-- data=username=mqtt_user&password=redacted&topic=&acc=-1&clientid=
[INFO] found mqtt_user on Home Assistant
1554429740: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429740: Client sonoff_lounge_dehumidifier already connected, closing old connection.
1554429740: Socket error on client sonoff_lounge_dehumidifier, disconnecting.
1554429740: New client connected from 10.1.1.185 as sonoff_lounge_dehumidifier (c1, k15, u'mqtt_user').
1554429740: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429740: |-- ** checking backend http
1554429740: |-- url=http://127.0.0.1:8080/login
1554429740: |-- data=username=mqtt_user&password=redacted&topic=&acc=-1&clientid=
[INFO] found mqtt_user on Home Assistant
1554429742: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429742: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429742: Client sonoff_washing_machine already connected, closing old connection.
1554429742: Socket error on client sonoff_washing_machine, disconnecting.
1554429742: New client connected from 10.1.1.193 as sonoff_washing_machine (c1, k15, u'mqtt_user').
1554429742: |-- ** checking backend http
1554429742: |-- url=http://127.0.0.1:8080/login
1554429742: |-- data=username=mqtt_user&password=redacted&topic=&acc=-1&clientid=

Restarting the broker did not help.

Restarting HA seems to have restored the service for now…

is that a home assistant user or have you defined a local user in the broker?

mqtt_user is a HA user.

are you using discovery or manual config? can you share your config