Mosquito update 4.1 - ACL messages in logs

bmcgair · March 17, 2019, 4:58am

Oh it’s definitely very broken. No more communication between mosquitto broker and my hubitat bridge.

I just rolled back as described here:

As far as ranting goes, I’ve been working in this industry for 30 years and its more than time that more people are held liable and/or called out for crap code and sloppy rollouts. As seems to be the case with the 737 Max, bad software is now killing people.

deddc23efb · March 18, 2019, 3:59pm

I agree with you on the breaking/modified. The HA dev team plays fast and loose with backwards compatibility and testing.

It wouldn’t matter so much if these were minor things, but people’s houses are directly affected by these kinds of things.

deddc23efb · March 18, 2019, 4:01pm

– deleted since context was missing.

tom_l · April 4, 2019, 11:32pm

I’m still confused.

HA seems to be working with the Mosquitto 4.1 aadon except after every HA version update I have to restart HA once more.

I would like to try adding the ACL files but am not sure what I need. I do not want unrestricted access.

I have one user, “mqtt_user”, that all my devices use. It’s a home assistant user. So I guess I add this to the file:

user mqtt_user
topic #

Do I also need to add an entry for home assistant to access the broker?

DavidFW1960 · April 4, 2019, 11:50pm

ACL wouldn’t work for me until I added homeassistant user as well. I have no idea why. You also need to set active: true in the broker. You should then see the errors and warnings go away.

tom_l · April 5, 2019, 12:00am

So to be 100% clear, I do this:

Edit the broker config to be this and save:

  "customize": {
    "active": true,
    "folder": "mosquitto"

create /share/mosquitto/acl.conf and add the line

acl_file /share/mosquitto/accesscontrollist

create /share/mosquitto/accesscontrollist and add

user mqtt_user
topic #
user homeassistant
topic #

restart broker

DavidFW1960 · April 5, 2019, 12:13am

That did it for me yes.

tom_l · April 5, 2019, 12:28am

I’ve completed it and everything still seems to be working. The test will be next HA version update.

DavidFW1960 · April 5, 2019, 12:32am

I’m on 0.91.0 now and it’s working well… A few custom components needed to be updated but otherwise no issues. (all the ones I was using updated already) The early betas were so bad I had to roll back but the release version is awesome. I also had to reconfigure my Yeelights as they are now their own platform but it is pretty stable here.

tom_l · April 5, 2019, 12:36am

I’m on 0.91.0 as well. The last two updates (including that one) caused mqtt broker spaz-outs for me (fixed with more HA restarts). I believe this started to occur after updating the broker to v4.1 so I’m hoping this fixes it when the 0.92 update comes around.

DavidFW1960 · April 5, 2019, 12:47am

I saw @cogneato had the same issue but I have never seen that.

tom_l · April 5, 2019, 2:04am

Well that didn’t last long. Just lost connection to all my mqtt devices.

Seems to be authenticating correctly, system log:

19-04-05 02:00:32 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user
19-04-05 02:00:33 INFO (MainThread) [hassio.auth] Success login from mqtt_user
19-04-05 02:00:34 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user
19-04-05 02:00:35 INFO (MainThread) [hassio.auth] Success login from mqtt_user
19-04-05 02:00:35 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user
19-04-05 02:00:37 INFO (MainThread) [hassio.auth] Success login from mqtt_user
19-04-05 02:00:37 INFO (MainThread) [hassio.auth] Auth request from core_mosquitto for mqtt_user

But there are socket errors in the broker log:

1554429736: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429736: Client sonoff_dining_heater_north already connected, closing old connection.
1554429736: Socket error on client sonoff_dining_heater_north, disconnecting.
1554429736: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429736: |-- ** checking backend http
1554429736: |-- url=http://127.0.0.1:8080/login
1554429736: |-- data=username=mqtt_user&password=readcted&topic=&acc=-1&clientid=
1554429736: New client connected from 10.1.1.188 as sonoff_dining_heater_north (c1, k15, u'mqtt_user').
[INFO] found mqtt_user on Home Assistant
1554429737: Client sonoff_dishwasher already connected, closing old connection.
1554429737: Socket error on client sonoff_dishwasher, disconnecting.
1554429737: New client connected from 10.1.1.192 as sonoff_dishwasher (c1, k15, u'mqtt_user').
1554429737: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429737: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429737: |-- ** checking backend http
1554429737: |-- url=http://127.0.0.1:8080/login
1554429737: |-- data=username=mqtt_user&password=redacted&topic=&acc=-1&clientid=
[INFO] found mqtt_user on Home Assistant
1554429740: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429740: Client sonoff_lounge_dehumidifier already connected, closing old connection.
1554429740: Socket error on client sonoff_lounge_dehumidifier, disconnecting.
1554429740: New client connected from 10.1.1.185 as sonoff_lounge_dehumidifier (c1, k15, u'mqtt_user').
1554429740: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429740: |-- ** checking backend http
1554429740: |-- url=http://127.0.0.1:8080/login
1554429740: |-- data=username=mqtt_user&password=redacted&topic=&acc=-1&clientid=
[INFO] found mqtt_user on Home Assistant
1554429742: |-- getuser(mqtt_user) AUTHENTICATED=1 by http
1554429742: |-- mosquitto_auth_unpwd_check(mqtt_user)
1554429742: Client sonoff_washing_machine already connected, closing old connection.
1554429742: Socket error on client sonoff_washing_machine, disconnecting.
1554429742: New client connected from 10.1.1.193 as sonoff_washing_machine (c1, k15, u'mqtt_user').
1554429742: |-- ** checking backend http
1554429742: |-- url=http://127.0.0.1:8080/login
1554429742: |-- data=username=mqtt_user&password=redacted&topic=&acc=-1&clientid=

Restarting the broker did not help.

Restarting HA seems to have restored the service for now…

DavidFW1960 · April 5, 2019, 2:10am

is that a home assistant user or have you defined a local user in the broker?

tom_l · April 5, 2019, 2:11am

mqtt_user is a HA user.

DavidFW1960 · April 5, 2019, 2:15am

are you using discovery or manual config? can you share your config

tom_l · April 5, 2019, 2:19am

Manual config for some (sonoff’s) discovery for others (ESPhome ESP boards).

Broker config:

{
  "logins": [],
  "anonymous": false,
  "customize": {
    "active": true,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

No mqtt entry in configuration.yaml.

DavidFW1960 · April 5, 2019, 2:23am

you’re using esp with MQTT?

tom_l · April 5, 2019, 2:26am

Yep. I like to be able to see what is going on when things go awry. “If it ain’t broke don’t fix it” also applies as I do not want to introduce more problems while planning a move from pi to mini pc. I’ll try the api eventually but it’s a low priority at the moment.

DavidFW1960 · April 5, 2019, 2:28am

some people have tried disabling the broker and reenabling it as well as restarting the host a couple of times… but that does not make any sense to me.

tom_l · April 5, 2019, 2:30am

It’s what has been rectifying the problem for me too. It’s like HA stops talking to the broker until it is restarted than all is well for a while.