ARM SBC: MQTT Server Install with Rootless Podman
Note In this article, MQTT server does not encrypt the communications. Please setup the TLS encryption for production use.
MQTT Configuration File
Create MQTT configuration file.
-
persistence_fileis the relative path frompersistence_location -
In Rootless Podman,
root userinside the container is mapped to the host's non-root user who runs the Podman process. In this config, MQTT user will be container root then files are owned by host normal user.
cat >> mqtt.conf <<EOF allow_anonymous false listener 1883 listener 9001 protocol websockets persistence true password_file /srv/mqtt/mqtt.pwfile persistence_file mqtt.db persistence_location /srv/mqtt/data/ user root # for podman rootless EOF
Podman Configuration
Here is the Containerfile for MQTT service:
mkdir app.mqtt; cd app.mqtt cat > Containerfile <<EOF FROM debian:12.11-slim RUN apt update -y RUN apt install -y mosquitto RUN mkdir -p /srv/mqtt/data /srv/mqtt/log RUN mosquitto_passwd -c -b /srv/mqtt/mqtt.pwfile admin ?????? RUN mosquitto_passwd -b /srv/mqtt/mqtt.pwfile sensor1 ????? RUN mosquitto_passwd -b /srv/mqtt/mqtt.pwfile sensor2 ????? RUN mosquitto_passwd -b /srv/mqtt/mqtt.pwfile viewer ????? COPY mqtt.conf /srv/mqtt/mqtt.conf CMD ["mosquitto", "-c", "/srv/mqtt/mqtt.conf"] EOF
Share password ??? with each MQTT sensor and viewer.
Build and Start the Container and its service
Run the podman commands to enable the MQTT service:
podman build -t mqtt-server . ... it may take some time to download ... ext=/mnt/external/mqtt podman run -v $ext/data:/srv/mqtt/data:z \ -v $ext/log:/srv/mqtt/log:z \ -p 1883:1883 -p 9001:9001 \ -d mqtt-server
Finally, you should launch podman container persistently using Quadlet service or your own systemd configuration.
Another article [../id03006] shows systemd configuration as user service. Please refer to it.
コメント
Comments powered by Disqus