Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use built-in database authentication when initializing with docker #11068

Closed
vvanglro opened this issue Jun 16, 2023 · 4 comments
Closed

Use built-in database authentication when initializing with docker #11068

vvanglro opened this issue Jun 16, 2023 · 4 comments
Labels
BUG

Comments

@vvanglro
Copy link

What happened?

I was wondering if it is possible to use built-in data authentication via environment variables when deploying services using docker.

version: "3.8"

networks:
  db_network:
    driver: bridge


services:
  emqx:
    image: emqx/emqx:latest
    environment:
      - EMQX_DASHBOARD__DEFAULT_USERNAME=admin
      - EMQX_DASHBOARD__DEFAULT_PASSWORD=123321
      - EMQX_AUTHN_BUILTIN_DB_AUTHENTICATION__MECHANISM=password_based
      - EMQX_AUTHN_BUILTIN_DB_AUTHENTICATION__BACKEND=built_in_database
      - EMQX_AUTHN_BUILTIN_DB_AUTHENTICATION__USER_ID_TYPE=username
      - EMQX_AUTHN_BUILTIN_DB_AUTHENTICATION_PASSWORD_HASH_ALGORITHM={"name":"sha256","salt_position":"prefix"}
      - EMQX_AUTHN_BUILTIN_DB_AUTHENTICATION__ENABLE=true
      - EMQX_AUTHORIZATION__USER__1__USERNAME=admin
      - EMQX_AUTHORIZATION__USER__1__PASSWORD=admin123
    ports:
      - 1883:1883
      - 8083:8083
      - 8084:8084
      - 8883:8883
      - 18083:18083
    networks:
      - db_network
hulk-emqx-1  | WARNING: Default (insecure) Erlang cookie is in use.
hulk-emqx-1  | WARNING: Configure node.cookie in /opt/emqx/etc/emqx.conf or override from environment variable EMQX_NODE__COOKIE
hulk-emqx-1  | WARNING: NOTE: Use the same cookie for all nodes in the cluster.
hulk-emqx-1  | [warning] unknown_env_vars: ["EMQX_AUTHORIZATION__USER__1__PASSWORD",
hulk-emqx-1  |                    "EMQX_AUTHORIZATION__USER__1__USERNAME"]
hulk-emqx-1  | EMQX_DASHBOARD__DEFAULT_PASSWORD [dashboard.default_password]: ******
hulk-emqx-1  | EMQX_DASHBOARD__DEFAULT_USERNAME [dashboard.default_username]: admin
hulk-emqx-1  | EMQX_RPC__PORT_DISCOVERY [rpc.port_discovery]: manual
hulk-emqx-1  | EMQX_LOG__FILE_HANDLERS__DEFAULT__ENABLE [log.file_handlers.default.enable]: false
hulk-emqx-1  | EMQX_LOG__CONSOLE_HANDLER__ENABLE [log.console_handler.enable]: true
hulk-emqx-1  | EMQX_NODE__NAME [node.name]: emqx@172.19.0.2
hulk-emqx-1  | 2023-06-16T02:50:03.030203+00:00 [warning] unknown_env_vars: ["EMQX_AUTHORIZATION__USER__1__PASSWORD", "EMQX_AUTHORIZATION__USER__1__USERNAME"]
hulk-emqx-1  | Listener ssl:default on 0.0.0.0:8883 started.
hulk-emqx-1  | Listener tcp:default on 0.0.0.0:1883 started.
hulk-emqx-1  | Listener ws:default on 0.0.0.0:8083 started.
hulk-emqx-1  | Listener wss:default on 0.0.0.0:8084 started.
hulk-emqx-1  | Listener http:dashboard on :18083 started.
hulk-emqx-1  | EMQX 5.0.24 is running now!

What did you expect to happen?

Authentication is expected to be set via an environment variable.

How can we reproduce it (as minimally and precisely as possible)?

No response

Anything else we need to know?

No response

EMQX version

$ ./bin/emqx_ctl broker
# paste output here

OS version

# On Linux:
$ cat /etc/os-release
# paste output here
$ uname -a
# paste output here

# On Windows:
C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
# paste output here

Log files
@vvanglro vvanglro added the BUG label Jun 16, 2023
@id
Copy link
Collaborator

id commented Jun 19, 2023

Hi @vvanglro. Not like this, no. But you could import users from file after emqx has started, see e.g. https://www.emqx.io/docs/en/v5.0/access-control/authn/user_management.html#importing-users.

@vvanglro
Copy link
Author

Hi @vvanglro. Not like this, no. But you could import users from file after emqx has started, see e.g. https://www.emqx.io/docs/en/v5.0/access-control/authn/user_management.html#importing-users.

Thank you for your reply, but I would like to know if it is not possible to directly initialize and use built-in authentication when using Docker startup, except for using built-in authentication on the management page and API after startup.

@zmstone
Copy link
Member

zmstone commented Jun 19, 2023

Hi @vvanglro
No, it's not possible to initialize the database from config or environment variables.
We understand it is handy to have,
however, there are potentially millions of clients, so this is consider in the "data" category, but not "config" hence no config for it.

@zmstone zmstone closed this as completed Jun 19, 2023
@zmstone zmstone mentioned this issue Feb 12, 2024
Closed
@zmstone
Copy link
Member

zmstone commented Feb 12, 2024

Planed a feature to import MQTT credentials from file.
Considering this issue to be duplicated with #8714. We'll update there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BUG
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@id @zmstone @vvanglro