How to connect hivemq swarm with hivemq broker

Hi, I’m new to hivemq swarm. I want to connect to hivemq swarm with hivemq enterprise broker. Used username and password in base 64 fromat. But I’m unable to connect hivemq swam with broker. I’m confused. No proper support documents on internet. Can anyone help me in fixing this. Here is my scenario.xml file

    <broker id="broker">
    <clientGroup id="publishers">
    <clientGroup id="subscribers">
    <topicGroup id="topic">
Below are the logs after running scenario.xml 2023-06-09 14:17:43,603 INFO - Successfully loaded ExtensionMain 'class' from '/opt/hivemq-4.9.0/tools/hivemq-swarm/extensions/standard-security-extension-4.9.0.jar' 2023-06-09 14:17:43,913 INFO - Waiting for Commander connection on localhost:3881 2023-06-09 14:17:43,922 INFO - Successfully loaded ExtensionMain 'class' from '/opt/hivemq-4.9.0/tools/hivemq-swarm/extensions/standard-security-extension-4.9.0.jar' 2023-06-09 14:17:44,000 INFO - Checking license. 2023-06-09 14:17:44,015 INFO - No valid license file found. Using trial license, restricted to 25 clients and 1 agent. 2023-06-09 14:17:44,021 INFO - Attempting to connect to agents 0/1. 2023-06-09 14:17:44,023 INFO - Connecting to agent localhost:3881 2023-06-09 14:17:44,045 INFO - Commander successfully connected to Agent localhost:3881 2023-06-09 14:17:44,046 INFO - All Agents connected. 2023-06-09 14:17:44,076 INFO - Commander connected on localhost:3881 2023-06-09 14:17:44,125 INFO - Scenario data distributed. 2023-06-09 14:17:44,127 INFO - Scenario in progress: Stage with id 'connectStage' (1/2). 2023-06-09 14:17:45,048 INFO - Scenario in progress: Stage with id 'publishStage' (2/2). Even after using the the script is not disconnecting. Not sure what is the problem.

Hello @saradha ,

Thank you for the outreach, and welcome to the HiveMQ Community!

A few details I wanted to clarify :

  • You had mentioned using the HiveMQ Enterprise Broker. Could you please confirm the port that is configured for access to this broker? The port specified in the configuration file, 8883, is typically used for HiveMQ Cloud brokers, though this may be how your setup is configured, so I wanted to verify.

  • Are any clients shown as connecting successfully in the HiveMQ Control Center when attempting to launch Swarm? The testing clients should be visible within the metrics provided in the Control Center.

  • You had mentioned “Even after using the the script is not disconnecting” - is the script itself not terminated after executed, or are the clients used for the connection not disconnecting once complete?

Aaron from the HiveMQ Team

Hi Aaron,

First of all, Thank you. We are using Hivemq professional edition. No Hivemq Control center has 0 connections. The script not terminated after executed. Now i have added one diconnectStage and now the script is terminating. But i couldn’t connect hivemq swarm with hivemq broker.

At first my script was like this.

but the disconnect didn work.

Hello @saradha ,

Thank you for the follow-up.

Based on the configuration provided, this disconnect tag is placed and notated as expected. This leads me to believe that, potentially due to the failure when attempting to connect, the clients are failing to properly receive the disconnect command.

As per my previous message, were we able to identify :

  • If the port specified in the configuration file 8883 is both accurate for the local configuration, and open for the swarm clients, and for the broker?

  • Is this new disconnection stage a separate stage entirely?

  • Are other non-swarm clients able to connect to the broker with these configuration details? A good example for testing may be the HiveMQ CLI Client, which can be found here.

Aaron from HiveMQ Team

Hi @AaronTLFranz,

Thank you for the response. I tried to connect to mqttbroker using mqtt-cli. In mqtt-cli a client requires --cafile information to connect to hivemq broker. Is possible to add cafile info to scenario.xml. If yes, could you please guide me how to add the --cafile information in scenario.xml?
Thanks in advance.

Hello @saradha ,

HiveMQ Swarm can be configured to connect to an enterprise broker over a non-TLS secured connection, though this would require that a non-TLS listener be configured on the broker to allow the connection to occur for testing.

Otherwise, HiveMQ Swarm does not have a default configuration for implementing a CA file, and instead to enable the use of TLS key stores and trust stores for client authentication, you will need to implement a security provider as a HiveMQ Swarm Extension. The Security Provider has access to the attributes of the ‘connect’ command, and for example, the directory of the certificates could be provided as an additional attribute of the connect tag.

We hope this answers your question, and if you have any more or need additional clarification, please do not hesitate to follow-up!

Aaron from the HiveMQ Team

Hello @Aaron,

Thank you for the response. I’m new to Java. Could you please throw some light on how this custom security provider works? How this security provider access the keys and passwords? Will be really helpful if you can guide us in security provider as a HiveMQ Swarm extension.
Thanks in advance.

Hello @saradha ,

Absolutely - we actually have a bit of a historical guide on TLS implementation for HiveMQ swarm available in the community forum from one of our team members, Dasha, here.

This should provide a fairly step-by-step implementation guide for TLS with Swarm, as well as some configuration examples to get started.

Aaron from the HiveMQ Team

Hello @AaronTLFranz ,

Actually we tried the guide on TLS implementation for HiveMQ swarm available in the community forum. But that didn’t work. As I already said we have the keys and passwords. So the mentioned guide is bit confusing.

Could you please guide me how to create a custom security extension with the keys and passwords we have?
Thank you in advance.

Hello @saradha ,

In the event that you are using already generated keys, the configuration would be very similar - the only major departure from the instructions previously provided would be to not run the script, and instead to utilize the existing cert files you have to generate a broker truststore and keystore, and a client truststore and keystore. This script simply automates this process for you, and generates new certificates when executed.

The exact method to generated a JKS trust and keystore for your existing certificates will differ depending on the format your certificates are currently in, though the Swarm configuration will remain the same.

Aaron from the HiveMQ Team

Hello @AaronTLFranz ,

I m able to connect to HiveMQ swarm with HiveMQ broker. Thank you so much