Run Mosquitto MQTT Broker on Red Hat OpenShift
An MQTT Broker is a great candidate for running as a Container on something like Docker, Kubernetes, or Red Hat OpenShift. While there are several blog posts about running on Docker, I didn’t find one about OpenShift. Red Hat has a JBoss configuration for running Fuse as an MQTT Broker, but it seemed like a lot of work for a simple MQTT Broker.
So….I went out and figured out how to get Mosquitto up and running on OpenShift (Well, MiniShift, but pretty much the same thing.)
The latest and greatest version of this manifest file will be out on GitHub: https://github.com/john2exonets/OpenShift-MQTT-Mosquitto
Here is the manifest file:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mosquitto-config
data:
mosquitto.conf: |
# Config file for mosquitto
user mosquitto
retry_interval 20
sys_interval 10
max_inflight_messages 40
max_queued_messages 200
queue_qos0_messages false
message_size_limit 0
allow_zero_length_clientid true
persistent_client_expiration 3m
allow_duplicate_messages false
autosave_interval 60
autosave_on_changes false
# Persistence configuration
persistence true
persistence_location /mqtt/data/
# Logging
connection_messages true
log_dest stderr
log_dest stdout
log_dest file /mqtt/log/mosquitto.log
log_type error
log_type warning
log_type notice
log_type information
log_type all
log_type debug
log_timestamp true
# Listeners
listener 1883
mosquitto.acl: |
# This affects access control for clients with no username.
topic read $SYS/#
# This affects all clients.
pattern write $SYS/broker/connection/%c/state
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: mosquitto
openshift.io/deployment-config.name: mosquitto
name: mosquitto
namespace: myproject
spec:
selector:
matchLabels:
app: mosquitto
replicas: 1
template:
metadata:
name: mosquitto
labels:
app: mosquitto
spec:
containers:
- name: mostquitto
image: toke/mosquitto
imagePullPolicy: Always
ports:
- containerPort: 1883
protocol: TCP
resources:
requests:
memory: 512Mi
cpu: 0.5
volumeMounts:
- mountPath: /mqtt/config
name: mosquitto-volume-1
- mountPath: /mqtt/data
name: mosquitto-volume-2
- mountPath: /mqtt/log
name: mosquitto-volume-3
volumes:
- name: mosquitto-volume-1
configMap:
name: mosquitto-config
items:
- key: mosquitto.conf
path: mosquitto.conf
- emptyDir: {}
name: mosquitto-volume-2
- emptyDir: {}
name: mosquitto-volume-3
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mosquitto
name: mosquitto
spec:
ports:
- name: mqtt
port: 1883
loadBalancerIP:
selector:
name: mosquitto
type: LoadBalancer
There are three parts to this manifest file: a ConfigMap, a Deployment, and a Service. If I ever figure out a good NodePort, that might also be out on the GitHub distro.
The ConfigMap is the configuration files for the Mosquitto broker. They are attached as a Volume in the Deployment part of the manifest file. The Service is there to generate a NodePort that you will need to connect your MQTT clients to. This is a very simple configuration for non-SSL connections to port 1883. If you want SSL connections, then you will need to add to the mosquitto.conf file to listen to port 8883, and to define the SSL certs. You will also need to update the mosquitto.acl part of the ConfigMap to include those certs.
Starting the Mosquitto MQTT Broker
If you use the mosquitto.yaml file from the repository, starting the broker is just one command:
$ oc create -f mosquitto.yaml
configmap/mosquitto-config created
deployment.apps/mosquitto created
service/mosquitto createdAt this point, you will need to know what NodePort has been assigned to Mosquitto:
$ oc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mosquitto LoadBalancer 172.30.5.13 172.29.175.9,172.29.175.9 1883:32342/TCP 3mIn this case, it is port 32342…that is the externally facing port. To use the MQTT broker, you just need to use the External-IP, or in this case below, the IP address of the MiniShift VM:
$ node node_modules/mqtt/mqtt.js pub -h $(minishift ip) -t "test/blatt" \
-m '{"test": "blatt"}' -p 32342 -vThis is a configuration that I use for development and testing of MQTT Security and MQTT Packet Validation. One day I will come back and write about that more once what I am working on has become public.