Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

get password from secret file

Abhishek Kondur 2 years ago
parent
fed66c4b8d
commit
f31c40408c
3 changed files with 21 additions and 10 deletions
Unified View Show Diff Stats
  1. 5 6
      compose/docker-compose.yml
  2. 2 0
      docker/mosquitto.conf
  3. 14 4
      netclient/functions/daemon.go

+ 5 - 6
compose/docker-compose.yml
View File 

@@ -122,14 +122,13 @@ services:
 
       - "8883"
 
       - "8883"
 
     labels:
 
     labels:
 
       - traefik.enable=true
 
       - traefik.enable=true
 
-      - traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
 
-      - traefik.tcp.routers.mqtts.tls.passthrough=true
 
-      - traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883
 
-      - traefik.tcp.routers.mqtts.service=mqtts-svc
 
-      - traefik.tcp.routers.mqtts.entrypoints=websecure
 
+      - traefik.tcp.routers.mqtt.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
 
+      - traefik.tcp.routers.mqtt.tls.certresolver=http
 
+      - traefik.tcp.services.mqtt.loadbalancer.server.port=8883
 
+      - traefik.tcp.routers.mqtt.entrypoints=websecure
 
 volumes:
 
 volumes:
 
   traefik_certs: {}
 
   traefik_certs: {}
 
   sqldata: {}
 
   sqldata: {}
 
   dnsconfig: {}
 
   dnsconfig: {}
 
   mosquitto_data: {}
 
   mosquitto_data: {}
 
-  mosquitto_logs: {}
 
+  mosquitto_logs: {}

+ 2 - 0
docker/mosquitto.conf
View File 

@@ -1,8 +1,10 @@
 
 per_listener_settings false
 
 per_listener_settings false
 
 listener 8883
 
 listener 8883
 
 allow_anonymous false
 
 allow_anonymous false
 
+
 
 listener 1883
 
 listener 1883
 
 allow_anonymous false
 
 allow_anonymous false
 
+
 
 plugin /usr/lib/mosquitto_dynamic_security.so
 
 plugin /usr/lib/mosquitto_dynamic_security.so
 
 plugin_opt_config_file /mosquitto/data/dynamic-security.json
 
 plugin_opt_config_file /mosquitto/data/dynamic-security.json

+ 14 - 4
netclient/functions/daemon.go
View File 

@@ -237,8 +237,14 @@ func setupMQTTSingleton(cfg *config.ClientConfig) error {
 
 	opts := mqtt.NewClientOptions()
 
 	opts := mqtt.NewClientOptions()
 
 	server := cfg.Server.Server
 
 	server := cfg.Server.Server
 
 	port := cfg.Server.MQPort
 
 	port := cfg.Server.MQPort
 
-	opts.AddBroker("tcp://" + server + ":" + port)
 
-	mqclient = mqtt.NewClient(opts)
 
+	pass, err := os.ReadFile(ncutils.GetNetclientPathSpecific() + "secret-" + cfg.Network)
 
+	if err != nil {
 
+		return fmt.Errorf("could not read secrets file %w", err)
 
+	}
 
+	opts.AddBroker("mqtts://" + server + ":" + port)
 
+	opts.SetUsername(cfg.Node.ID)
 
+	opts.SetPassword(string(pass))
 
+	mqclient := mqtt.NewClient(opts)
 
 	var connecterr error
 
 	var connecterr error
 
 	opts.SetClientID(ncutils.MakeRandomString(23))
 
 	opts.SetClientID(ncutils.MakeRandomString(23))
 
 	if token := mqclient.Connect(); !token.WaitTimeout(30*time.Second) || token.Error() != nil {
 
 	if token := mqclient.Connect(); !token.WaitTimeout(30*time.Second) || token.Error() != nil {
 
@@ -258,9 +264,13 @@ func setupMQTT(cfg *config.ClientConfig) error {
 
 	opts := mqtt.NewClientOptions()
 
 	opts := mqtt.NewClientOptions()
 
 	server := cfg.Server.Server
 
 	server := cfg.Server.Server
 
 	port := cfg.Server.MQPort
 
 	port := cfg.Server.MQPort
 
-	opts.AddBroker(fmt.Sprintf("tcp://%s:%s", server, port))
 
+	pass, err := os.ReadFile(ncutils.GetNetclientPathSpecific() + "secret-" + cfg.Network)
 
+	if err != nil {
 
+		return fmt.Errorf("could not read secrets file %w", err)
 
+	}
 
+	opts.AddBroker(fmt.Sprintf("mqtts://%s:%s", server, port))
 
 	opts.SetUsername(cfg.Node.ID)
 
 	opts.SetUsername(cfg.Node.ID)
 
-	opts.SetPassword(cfg.Node.Password)
 
+	opts.SetPassword(string(pass))
 
 	opts.SetClientID(ncutils.MakeRandomString(23))
 
 	opts.SetClientID(ncutils.MakeRandomString(23))
 
 	opts.SetDefaultPublishHandler(All)
 
 	opts.SetDefaultPublishHandler(All)
 
 	opts.SetAutoReconnect(true)
 
 	opts.SetAutoReconnect(true)