summaryrefslogtreecommitdiff
path: root/inventory/host_vars
diff options
context:
space:
mode:
Diffstat (limited to 'inventory/host_vars')
-rw-r--r--inventory/host_vars/ch-testvm-phoebe.yml38
-rw-r--r--inventory/host_vars/ch-testvm-prometheus.yml29
2 files changed, 55 insertions, 12 deletions
diff --git a/inventory/host_vars/ch-testvm-phoebe.yml b/inventory/host_vars/ch-testvm-phoebe.yml
index d15e4142..7eae49e7 100644
--- a/inventory/host_vars/ch-testvm-phoebe.yml
+++ b/inventory/host_vars/ch-testvm-phoebe.yml
@@ -39,3 +39,41 @@ network:
address: "{{ network_zones.iot.prefix | ansible.utils.ipaddr(network_zones.iot.offsets[inventory_hostname]) }}"
ntp_variant: systemd-timesyncd
+
+
+###
+mosquitto_client_tls:
+ foo-consumer:
+ certificate_provider: managed-ca
+ certificate_config:
+ ca:
+ host: ch-testvm-prometheus
+ name: foo
+ cert:
+ common_name: consumer
+ organization_name: "spreadspace"
+ organizational_unit_name: "ansible"
+ san_extra:
+ - "IP:192.168.32.43"
+ extended_key_usage:
+ - clientAuth
+ extended_key_usage_critical: yes
+ create_subject_key_identifier: yes
+ not_after: +100w
+ foo-producer:
+ certificate_provider: managed-ca
+ certificate_config:
+ ca:
+ host: ch-testvm-prometheus
+ name: foo
+ cert:
+ common_name: producer
+ organization_name: "spreadspace"
+ organizational_unit_name: "ansible"
+ san_extra:
+ - "IP:192.168.32.43"
+ extended_key_usage:
+ - clientAuth
+ extended_key_usage_critical: yes
+ create_subject_key_identifier: yes
+ not_after: +100w
diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index de31921f..ff36f733 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -55,11 +55,17 @@ managed_ca_authorities:
not_after: +520w
-mosquitto_global_config_options:
+mosquitto_broker_global_config_options:
per_listener_settings: "true"
-mosquitto_listeners:
+mosquitto_broker_listeners:
example:
+ bind: 1883
+ options:
+ allow_anonymous: "false"
+ acl_file: /etc/mosquitto/example.acl
+ password_file: /etc/mosquitto/example.passwd
+ foo:
bind: 1884 192.168.32.42
hostnames:
- mqtt.example.com
@@ -74,22 +80,21 @@ mosquitto_listeners:
organizational_unit_name: "ansible"
san_extra:
- "IP:192.168.32.42"
+ extended_key_usage:
+ - serverAuth
+ extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +100w
options:
- allow_anonymous: "true"
+ allow_anonymous: "false"
require_certificate: "true"
+ cafile: /etc/mosquitto/ca_certificates/foo-ca-crt.pem
+ use_identity_as_username: "true"
acl_file: /etc/mosquitto/foo.acl
- foo:
- bind: 1883
- options:
- allow_anonymous: "false"
- acl_file: /etc/mosquitto/example.acl
- password_file: /etc/mosquitto/example.passwd
-mosquitto_prometheus_listener: true
+mosquitto_broker_prometheus_listener: true
-mosquitto_acl_files:
+mosquitto_broker_acl_files:
example: |
user admin
topic read test/+
@@ -101,7 +106,7 @@ mosquitto_acl_files:
user producer
topic write foo/+
-mosquitto_password_files:
+mosquitto_broker_password_files:
example: |
admin:{{ 'admin' | mosquitto_passwd_hash('admin@mqtt.example.com') }}
equinox:{{ 'secret' | mosquitto_passwd_hash('equinox@mqtt.example.com') }}