So, I came with an idea of having a mosquitto broker in bridge mode with Losant platform, and the edge-agent container connected locally to the mosquitto. The reason I came with this is due a scenario where I have others applications talking MQTT within my Edge device (or gateway). Thus, this architecture would allow to have multiple MQTT clients connected to a local broker (including the edge-agent), which is connected in bridge to the Losant broker.
First off, I have already managed to make the bridge connection work, following the steps in the Mosquitto bridge post. So, the local mosquitto broker connects fine with the Losant broker. Then, I did the following steps:
In the Losant platform:
- I created an Edge Compute device (ID: 5dc33f44bfed950007ef1208);
- I created access keys for this device;
In my Edge device:
- I installed mosquitto broker, configured to listen locally at port 1883, as well as configured the bridge with the access keys generated;
- I successfully made the connection between mosquitto bridge and Losant broker, using port 8883 and RootCA.crt (from Losant github);
- I’ve pulled the losant/edge-agent image, set the
config.tomlwith the following config:
[logger]
out = '/data/losant-edge-agent-log.log'
level = 'verbose'
[gateway]
id = '5dc33f44bfed950007ef1208'
key = 'my-key'
secret = 'my-secret'
host = '192.168.0.20:1883'
[store]
path = '/data/losant-edge-agent-store.db'
- I’ve started the container and got the following logs:
root@cl-debian:~# tail -f /var/lib/losant-edge-agent/data/losant-edge-agent-log.log
2019-11-07T16:59:56.780Z [info] Agent Starting…
2019-11-07T16:59:56.798Z [info] Agent Version: 1.12.0
2019-11-07T16:59:57.133Z [info] Webserver started on port: 8080
2019-11-07T16:59:57.145Z [info] Workflows initialized and running…
2019-11-07T16:59:57.149Z [info] Connecting to: mqtts://192.168.0.20:1883 …
2019-11-07T16:59:57.490Z [warn] MQTT client error:
{“errno”: “ECONNRESET”, “code”: “ECONNRESET”, “syscall”: “read”}
2019-11-07T16:59:57.499Z [warn] MQTT client disconnected.
2019-11-07T16:59:57.501Z [verbose] Connection Stream Error:
{“errno”: “ECONNRESET”, “code”: “ECONNRESET”, “syscall”: “read”}
I also got the mosquitto logs:
root@cl-debian:~# mosquitto -v -c /etc/mosquitto/mosquitto.conf
1573145933: Loading config file /etc/mosquitto/mosquitto.d/bridge.conf
1573145934: mosquitto version 1.6.7 starting
1573145934: Config loaded from /etc/mosquitto/mosquitto.conf.
1573145934: Opening ipv4 listen socket on port 1883.
1573145934: Opening ipv6 listen socket on port 1883.
1573145934: Opening ipv4 listen socket on port 8883.
1573145934: Opening ipv6 listen socket on port 8883.
1573145934: Bridge local.5dc33f44bfed950007ef1208 doing local SUBSCRIBE on topic losant/#
1573145934: Connecting bridge bridge-to-losant broker.losant.com:8883
1573145934: Bridge 5dc33f44bfed950007ef1208 sending CONNECT
1573145934: Received CONNACK on connection local.5dc33f44bfed950007ef1208.
1573145934: Bridge local.5dc33f44bfed950007ef1208 sending SUBSCRIBE (Mid: 1, Topic: losant/#, QoS: 1, Options: 0x00)
1573145934: Received SUBACK from local.5dc33f44bfed950007ef1208
1573145994: Sending PINGREQ to local.5dc33f44bfed950007ef1208
1573145994: Received PINGRESP from local.5dc33f44bfed950007ef1208
1573145997: New connection from 172.17.0.2 on port 1883.
1573145997: Client disconnected due to protocol error.
Regarding the container log (Connecting to: mqtts://192.168.0.20:1883 ...), it looks like it always tries to connect with TLS. I tried to force host = 'mqtt://192.168.0.20:1883' in the config.toml, but it didn’t work.
Thus, based on this architecture, my only way out would be to configure certificates in the mosquitto. So I followed the Mosquitto TLS tutorial and made it work.
Now, I would need a field in the config.toml such as cafile = /path/to/cafile, so that I can specify a CA file different from one that is shipped within the docker image.
Does this idea make sense? Is it possible to set other cafile?
I am still open for suggestions.