Failing in accessing MQTT broker using node-red using MING

I’ve discovered and successfully install Ming by @mpous, willing to use it at a standard brick for my experiments and projects.

I’m facing a problem I don’t get from my installation: I am unable to connect to the local mosquitto server.
I have to admit the I normally use aedes rather than mosquitto itself, so I’m not used to the authentication methods. How do I tell mosquitto to use mosquitto-no-auth.conf?

I’ve tried many strategies:

  1. I’ve uncommented # allow_anonymous and set it to true. Didn’t work, and when I restart the broker, it comes back as commented.
  2. I’ve created a pasword, and tried to login inserting user/pasw in the mqtt node in node-red, but it didn’t work. The file is nowhere to be found indeed when the broker restarted.
  3. I’ve created a variable USERNAME and PASSWORD system-wide
    , when node-red asked me for user / password, while I previously logged in using this method, I now noticed the Device Variables menus is empty

As you can possibly imagine, I’m studying and testing Balena Cloud, which I find incredible, but I am kinda lost.

Any help is appreciated!

1 Like

The mosquitto documentation suggests that since version 2.0 authentication is required. As per this link:

It is important to configure authentication on your Mosquitto instance, so unauthorised clients cannot connect.

In Mosquitto 2.0 and up, you must choose your authentication options explicitly before clients can connect. In earlier versions the default is to allow clients to connect without authentication.

There are three choices for authentication: password files, authentication plugins, and unauthorised/anonymous access. It is possible to use a combination of all three choices.

Indeed.
Do you have any advice about the reasons my edits to the files done from the balena console are erased?
I think I’m missing something in the proper use of this platform.
Will go through more tutorials today.

Ok.
I’ve been editing the configuration file, and created an external password file using the mosquitto commands.

I really don’t understand why when I’m reboiting the service all edits are gone, and I don’t happen to find this behaviour documented.

Now I really want to understand what I’m doing wrong :slight_smile:

Hello @dgomba welcome to the balena community!

Are you still using the docker-compose as is? or did you add the configuration file on the Dockerfile template?

Could you please share more details? Thanks!

Hi @mpous thanks for answering.

I haven’t edited anything, just pressed “deploy” from the hub.

I assume you are referring to the other apporach of cloning your repo and pushing using balena-cli.
Haven’t done that, but I don’t see how mqtt would be affected / edited since you are just defining its ports here. Am I correct?

Anyway I haven’t edited the docker compose (I though it was enought to press “deploy”).

How do I edit the variables of mosquitto?
How do I add or erase services?

I’ve been goingt through many tutorials in the last few days, but it’s still foggy to me.

Thanks in advance for your help.

1 Like

Hello @dgomba,

Thanks for sharing more details. I’d like to share some background with you:
When you change a file or setting on the running service container on a balena device, the data you change will not persist over restarts. The service container does not write back the changed files to an image, this is by design and not possible. Thus, on a restart the image is loaded again and the modified files are not modified anymore.
Side note: If you need persistent data in a service please check this documentation Communicate outside the container - Balena Documentation

In your case, you want to create a service image that already contains the necessary information to run a mosquitto mqtt broker that allows anonymous connections.
This setting needs to run from a clone of the repository, which either:

  • changes only the docker-compose file
  • or changes the docker-compose file and defines a custom Dockerfile

The most simplest solution would follow these three steps

Step 1:
git clone git@github.com:mpous/ming.git

Step 2.
Overwrite the command property in the docker-compose file located in somepath/ming
As you can check here from the eclipse-mosquitto Dockerfile there is already a no-auth configuration file existing in the docker image.

In eclipse run CMD line is defined that mosquitto is started with a config file path parameter.

The mqtt section of the docker-compose file that allows anonymous connections on port 1883 will be:

...
  mqtt:
    image: eclipse-mosquitto
    ports:
      - "1883:1883"
    restart: always
    command: ["/usr/sbin/mosquitto", "-c", "/mosquitto-no-auth.conf"]
...

Step 3.
go to somepath/ming
balena push <yourFleetName>


How do I edit the variables of mosquitto?

If you need a more sophisticated user:password authentication, please check this Authentication methods | Eclipse Mosquitto the password files section.
To utilise this tool you may need to specify your own dockerfile, that copies your mosquitto.conf into the service image. Then it’s on you to decide if you:

  1. want to create the password file during image build time with mosquitto_passwd <password file> <username> <password> or
  2. if you want to run the mosquitto_passwd <password file> <username> <password> in an entry.sh script to create a user:password at startup time from service / device environment variables.

How do I add or erase services?
Can you please share more details about this question, what do you mean by ‘erase services’?

Best Regards
Harald

2 Likes

Wow.
Thanks for this super detailed answer @fisehara
Wonderful.

I will go through this in the next hours, I think I have all I need now.

How do I add or erase services?

Can you please share more details about this question, what do you mean by ‘erase services’?

This question was based on the (wrong) use I was doing of this ming image.
I can take out (or add) services by adding the docker compose file.

Thanks!

1 Like

@dgomba were you able to make this work?

Hi!
Thanks so much for asking @mpous.

The little guide from @fisehara works great. I really appreciate your response and your attention.

Mqtt now works, but I had to set it in Node-RED using the pi’s local area network’s IP, rather than using
localhost or 127.0.0.1, do you have any workarounds on this?

Now I’m trying to add zigbee2mqtt to your server.
I’m plannin to integrate this docker compose yml file with yours

version: '3.8'
services:
  zigbee2mqtt:
    container_name: zigbee2mqtt
    image: koenkk/zigbee2mqtt
    restart: unless-stopped
    volumes:
      - ./data:/app/data
      - /run/udev:/run/udev:ro
    ports:
      # Frontend port
      - 8080:8080
    environment:
      - TZ=Europe/Berlin
    devices:
      # Make sure this matched your adapter location
      - /dev/serial/by-id/usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B0018ED3DDF-if00:/dev/ttyACM0

Obviously adding the zigbee2mqtt at the end of the file generates a Bind mounts are not allowed error: How would I mix the two file in the proper way?
do I have to edit the balena.yml as well?

Thanks again for the splendid support.

Hi.
A little update on this.

I could find a Balena experiment involving zigbee2mqtt

I managed to clone and mix the two (preserving the zigbee2mqtt folder as well - you can see it here in this temporary repository.

Now my docker-compose looks like this, and complies, but the service never starts.

version: '2'

volumes:
  node-red-data:
  grafana-data:
  influxdb-data:
  influxdb-etc:
  volume_zigbee2mqtt:


services:

  # ------------------------------------------------------------------------------------
  # BalenaLabs WiFi-Connect
  # ------------------------------------------------------------------------------------
  wifi-connect:
    image: bh.cr/balenalabs/wifi-connect-rpi
    container_name: wifi-connect
    network_mode: "host"
    labels:
        io.balena.features.dbus: '1'
        io.balena.features.firmware: '1'
    cap_add:
        - NET_ADMIN
    environment:
        DBUS_SYSTEM_BUS_ADDRESS: "unix:path=/host/run/dbus/system_bus_socket"

  # ------------------------------------------------------------------------------------
  # Node-RED
  # ------------------------------------------------------------------------------------
  node-red:
    image: bh.cr/balenalabs/balena-node-red
    container_name: node-red
    privileged: true
    restart: unless-stopped
    volumes:
        - 'node-red-data:/data'
    labels:
        io.balena.features.dbus: '1'
        io.balena.features.sysfs: '1'
        io.balena.features.supervisor-api: '1'
        io.balena.features.balena-api: '1'
    ports:
        - 80:80
    environment:
        PORT: 80
        USERNAME: "balena"
        PASSWORD: "balena"
        ENCRIPTION_KEY: "balena"        
    cap_add:
        - SYS_RAWIO
    devices:
        - "/dev/mem:/dev/mem"
        - "/dev/gpiomem:/dev/gpiomem"
        - "/dev/i2c-1:/dev/i2c-1"

  # ------------------------------------------------------------------------------------
  # Influxdb
  # ------------------------------------------------------------------------------------
  influxdb:
    image: influxdb:1.7.11
    container_name: influxdb
    restart: unless-stopped
    volumes:
        - influxdb-data:/var/lib/influxdb
        - influxdb-etc:/etc/influxdb

  # ------------------------------------------------------------------------------------
  # Grafana
  # ------------------------------------------------------------------------------------
  grafana:
    image: bh.cr/balenalabs/dashboard
    container_name: grafana
    restart: unless-stopped
    ports:
        - "8080:80"
    volumes:
        - "grafana-data:/data"

  # ------------------------------------------------------------------------------------
  # MQTT
  # ------------------------------------------------------------------------------------
  mqtt:
    image: eclipse-mosquitto
    network_mode: host
    ports:
      - "1883:1883"
    restart: always
    command: ["/usr/sbin/mosquitto", "-c", "/mosquitto-no-auth.conf"]

  # ------------------------------------------------------------------------------------
  # Zigbee2mqtt
  # ------------------------------------------------------------------------------------

  zigbee2mqtt:
    build: zigbee2mqtt
    restart: always
    volumes:
      - volume_zigbee2mqtt:/app/data
    ports:
      # Frontend port
      - 8888:8888
    devices:
      - /dev/ttyACM0:/dev/ttyACM0
    environment:
      - DATA=/app/data
      - TZ=Europe/Rome

keeping on debugging and looking for the solution:

I assumed the problem was the port forwading of the zigbee2mqtt service, I changed it like this.

    ports:
      # Frontend port
      - 8080:8888

but I’m still not seeing the service starting.
Will keep on working on this, if you have any clues, feel free to point me to the solution!

I’m suffering the same behaviour in my case. I added another service (Thingsboard) and it doesn’t start. I reviewed your config and seems good to me, but as my case, not sure what’s happening behind the scenes and logs doesn’t (in local mode) help me to address the issue.

I’ll stay tuned for your thread and let’s see if we can finally fix it :wink: Surely it’s not complicated!

1 Like

I’m sure there is a little tiny bit missing, hopefully the support team will help us out.

I’ve subscribed to your thread in case something happens there!

good luck!