-
|
It would be great to init a fully runnable container just via env-variables. Using this works fine, but we need an additional initial user to have a working instance without the need to login to the dashboard. version: '3'
services:
emqx:
image: emqx/emqx:5.0.8
container_name: emqx
environment:
# cookie secret
- EMQX_NODE__COOKIE=super-secret-cookie-secret
# dashboard credentials
- EMQX_DASHBOARD__DEFAULT_USERNAME=admin
- EMQX_DASHBOARD__DEFAULT_PASSWORD=secret-pass
# basic authentication, username/password
- EMQX_AUTHENTICATION__1__MECHANISM=password_based
- EMQX_AUTHENTICATION__1__BACKEND=built_in_database
# TODO: maybe add something like this?
- EMQX_AUTHENTICATION__1__USER__1__USERNAME=test
- EMQX_AUTHENTICATION__1__USER__1__PASSWORD=pass
healthcheck:
test: [ "CMD", "/opt/emqx/bin/emqx_ctl", "status" ]
interval: 5s
timeout: 25s
retries: 5
ports:
- 1883:1883
- 18083:18083How can we achieve this right now? :) |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 16 replies
-
|
@slaesh |
Beta Was this translation helpful? Give feedback.
-
|
this would work for sure. but we would need another container "just for that" .. it would be great to have a standalone running and working container ready-to-go. :) |
Beta Was this translation helpful? Give feedback.
-
|
so there is no "mechanism" for that right now? maybe I need to play around with the CLI tool though.. or the API 🤔 |
Beta Was this translation helpful? Give feedback.
-
|
Yes, there is no such feature now |
Beta Was this translation helpful? Give feedback.
-
|
in k8s there is a lifeCycle "postStart" which would be handy to use the using the API may work, but the emqx-container has no curl/wget intalled =/ |
Beta Was this translation helpful? Give feedback.
-
|
damn! sadly the lifecycle "postStart" only supports http-GET and not http-POST .. =/ any chance we can get a cli command for the authN stuff @lafirest ? :) |
Beta Was this translation helpful? Give feedback.
-
|
e.g. The format in this file is: |
Beta Was this translation helpful? Give feedback.
-
|
good hint, not what I was searching for, but I will test that too :) |
Beta Was this translation helpful? Give feedback.
-
|
so.. what I have done now.. maybe it helps someone else 🤷 apiVersion: apps/v1
kind: Deployment
metadata:
name: mqtt-emqx
namespace: customer-x
labels:
app: mqtt-emqx
spec:
replicas: 1
selector:
matchLabels:
app: mqtt-emqx
template:
metadata:
labels:
app: mqtt-emqx
spec:
containers:
- name: mqtt-emqx
image: emqx/emqx:5.0.8
ports:
- containerPort: 1883
name: mqtt-port
- containerPort: 8083
name: websocket-port
- containerPort: 18083
name: http-dashboard
env:
- name: EMQX_NODE__COOKIE
value: "super-secret-cookie-secret" # TODO: use secret manager
- name: EMQX_DASHBOARD__DEFAULT_USERNAME
value: "admin"
- name: EMQX_DASHBOARD__DEFAULT_PASSWORD
value: "pass" # TODO: use secret manager
- name: EMQX_AUTHENTICATION__1__MECHANISM
value: "password_based"
- name: EMQX_AUTHENTICATION__1__BACKEND
value: "built_in_database"
- name: EMQX_AUTHENTICATION__1__USER_ID_TYPE
value: "username"
# init container for our EMQX broker
- name: mqtt-emqx-init
image: alpine/curl
volumeMounts:
- name: emqx-init-script
mountPath: /emqx_init.sh
subPath: emqx_init.sh
env:
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: EMQX_DASHBOARD__DEFAULT_USERNAME
value: "admin"
- name: EMQX_DASHBOARD__DEFAULT_PASSWORD
value: "pass" # TODO: use secret manager
command:
- sh
- /emqx_init.sh
volumes:
- name: emqx-init-script
configMap:
name: emqx-init-script-configmap
tolerations:
- key: instance_type
value: spot
effect: NoSchedule
operator: Equal
---
apiVersion: v1
kind: Service
metadata:
name: mqtt-emqx
namespace: customer-x
spec:
type: NodePort
selector:
app: mqtt-emqx
ports:
- port: 1883
name: mqtt-port
- port: 8083
name: websocket-port
- port: 18083
name: http-dashboard
---
apiVersion: v1
kind: ConfigMap
metadata:
name: emqx-init-script-configmap
data:
emqx_init.sh: |
echo $MY_POD_IP
BASE_API_URL="http://$EMQX_DASHBOARD__DEFAULT_USERNAME:$EMQX_DASHBOARD__DEFAULT_PASSWORD@$MY_POD_IP:18083/api/v5"
while ! curl -s \
"$BASE_API_URL/authentication/password_based:built_in_database/users";
do
echo 'waiting for EMQX to start..';
sleep 5;
done;
echo 'EMQX started, ready to initialize..';
curl -s \
"$BASE_API_URL/authentication/password_based:built_in_database/users" \
-H 'Content-Type: application/json' \
-d '{ "user_id": "admin", "password": "password" }'
echo 'done!'
sleep 10
while true; do echo 'idling..'; sleep 60; done
|
Beta Was this translation helpful? Give feedback.
-
|
thanks @thalesmg , and here I can use the dashboard auth-creds? will try that! :) |
Beta Was this translation helpful? Give feedback.
-
|
Yes, after obtaining the API key and secret, use those as if they were basic auth username and password. |
Beta Was this translation helpful? Give feedback.
-
|
@slaesh did you figure out how to do it with token? |
Beta Was this translation helpful? Give feedback.
-
|
hey @perotom , yes but we did not used it. Maybe I have these changes on disk still, will have a look soon :)) |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the information, would be awesome if you can find the script ;) Thank you! |
Beta Was this translation helpful? Give feedback.
-
|
Delivered in 5.7.2 https://docs.emqx.com/en/emqx/v5.8.4/hocon/#V-authentication-S-builtin_db-bootstrap_file |
Beta Was this translation helpful? Give feedback.
so.. what I have done now.. maybe it helps someone else 🤷