Mosquitto MQTT 4.1 doesnt work after update

no, its related to mosquitto, other people are having the same problem

1 Like

It’s not a problem

Might not be a problem, but how do I get rid of it? Don’t want my logs filled with that crap.

My HA (MQTT 4.1) is working with:

  "logins": [
    {
      "username": "redacted",
      "password": "redacted"
    }
  ],
  "anonymous": true,
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

With the new ACl system I thought that it would be better practice to setup the MQTT Add-on like this:

{
  "logins": [],
  "anonymous": false,
  "customize": {
    "active": true,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

I created the /share/mosquitto files as directed in the documentation. I have no mqtt: section in my configuration.yaml
ACL authorization failed according to the MQTT add-on log file.

Two strange things:

  1. The tried to create a new user for the MQTT add-on but it said that the username already existed even after uninstalling the add-on and rebooting. A MQTT username and password is “hard coded” into numerous DIY devices so changing it is too difficult. I have two hass.io system generated users in addition to my own login user name.
  2. I tried to manage MQTT on the Integration page but it said “This integration has no devices.”

Maybe a fresh install would clean things up? Meanwhile, I restored a snapshot and I am up and running again with my DIY MQTT devices communicating with HA.

1 Like

If you use a Home Assistant user (as per your second example) you must set active: false, not true.
You might need to use MQTT Discovery if you want them to show in the integration.

According to the instructions here active should be true to enable looking at the custom files for ACL?

I tried MQTT discovery as per here but none of my DYI (Arduino) MQTT devices were found probably because this setup adds a “homeassistant” prefix to all the topics. What’s that about?

I don’t know where the MQTT user is stored but it seems to be persistent and conflicting with a HA user. I can’t seem to change the MQTT user to a HA user.

Yes but if you do not have a local user it will use a home assistant user and active: true will FAIL and you can’t connect to the broker with the device.
I’m not seeing an added homeassistant to the topic but it does seem to have that as a seperate topic but not used so far as I can see… or maybe HA uses that internally when you turn switch on or off… I don’t publish payloads to topics for that I use the switch turn on/off.
Also, you can’t use a user called addon or homeassistant…

It looks like they have updated documentation, https://www.home-assistant.io/addons/mosquitto/#access-control-lists-acls testing now…

I don’t see any change. Good luck making that work… it’s the exact setup that doesn’t work (for me anyway). If you have a HA user don’t enable ACL.

It doesn’t even start or try to load…

I finally got my MQTT working with my desired configuration:

  "logins": [],
  "anonymous": false,
  "customize": {
    "active": true,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

I had to edit /config/.storage/auth_provider.homeassistant to remove what you called a “local user” which was my MQTT username left over from the old configuration with a login field.
Then I could create a new homeassistant user with my MQTT userame and password.
I think that this is the cause of many of the migration issues in this post.

To get "active": true working I had to put this:

user mqtt_username
topic readwrite #
user homeassistant
topic readwrite #

into the /share/mosquitto/accesscontrollist ( I tried just topic readwrite # but with no success.)

I still no MQTT integration showing. I don’t think discovery will work for me since I do not have a common prefix for my topics. Anyway, I am OK with managing the MQTT devices in the .yaml files.

2 Likes

I don’t call it a local user… Home Assistant does… it’s any user you define in the broker in the logins section.

I’ll try now with a homeassistant user in the ACL and see if that works for me…

EDIT: WELL who knew eh? That works perfectly…

Well that’s confusing…

I’ve been following these ‘4.1 upgrade problem’ posts with interest because I would love to stop my broker flooding my log with error/warning messages.

Apart from that my Mosquitto MQTT 4.1 is working fine as I thought yours was @DavidFW1960.

When you say

what has this change to active: true made work that wasn’t working before? Does it stop these log messages?

Yes working 100% before… just stops all the shit flooding in the log but no other difference…

Didn’t work for me…

I added a file named accesscontrollist to /share/mosquitto/ (no extension) with the contents

user Sonoff                    <--- This is the username defined in HA
topic readwrite #
user homeassistant
topic readwrite #

My Mosquitto config is

{
  "logins": [],
  "anonymous": false,
  "customize": {
    "active": true,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

Saved, stopped and Started Mosquitto.

Log message flood example

1553245716: |-- mosquitto_auth_acl_check(..., client id not available, homeassistant, sonoff01/tele/HASS_STATE, MOSQ_ACL_READ)
1553245716: |-- url=http://127.0.0.1:8080/superuser
1553245716: |-- data=username=homeassistant&password=&topic=&acc=-1&clientid=
1553245716: |-- aclcheck(homeassistant, sonoff01/tele/HASS_STATE, 1) SUPERUSER=Y by http
1553245716: |--  Cached  [XXXXXXXXXXXXXXX] for (client id not available,homeassistant,1)

and

1553246036: |-- mosquitto_auth_acl_check(..., client id not available, Sonoff, sonoff01/tele/SENSOR, MOSQ_ACL_WRITE)
1553246036: |-- aclcheck(Sonoff, sonoff01/tele/SENSOR, 2) CACHEDAUTH: 0

So the user Sonoff is the user defined in Tasmota?

Yes it is,
image
And defined in HA
image

I doubt it matters but maybe lowercase in the acl? Dunno… so is it working or not?

Yes everything seems to work ok but this log flood is a real PIA.

Nothing seems to have changed since I added "active": true

I’ll try lower case but that seems counterintuitive as the username has uppercase.

No… no change with lowercase