Hi,
I’ve installed the ARM template in a Azure VM, installed the Postgresql and activated the ESE in my broker.
I currently have 2 issues.
The first one with the Control Center. I’m not able to log in with the default user/passwrd.
This is what I get in the log files:
2022-09-12 16:05:21,149 ERROR - An error occurred while querying user StringVariable{name=‘authentication-key’, value=‘admin’} in realm postgres-backend.
java.sql.SQLException: ERROR: relation “cc_users” does not exist
Position: 103 Query: SELECT u.id, u.username, u.password, u.password_salt, u.password_iterations, u.algorithm, r.name FROM cc_users AS u LEFT JOIN (SELECT cc_user_roles.user_id, cc_roles.name FROM cc_user_roles INNER JOIN cc_roles ON cc_user_roles.role_id = cc_roles.id) AS r ON u.id = r.user_id WHERE username = ? Parameters: [admin]
at org.apache.commons.dbutils.AbstractQueryRunner.rethrow(Unknown Source)
at org.apache.commons.dbutils.QueryRunner.query(Unknown Source)
at org.apache.commons.dbutils.QueryRunner.query(Unknown Source)
at aa.b.a(Unknown Source)
at aa.b.a(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700)
at dV.f.run(Unknown Source)
at com.codahale.metrics.InstrumentedScheduledExecutorService$InstrumentedRunnable.run(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
The second issue is with the mqtt cli, when I tried to conect, pub or sub, it says “CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.”
Could you please help me with these 2 issues?
Thank you in advance
Hi @Ramon
Great to see you interested in MQTT and HiveMQ, welcome to our community !
The Control Center default login works when you do not have custom authentication for the Control Center users. Otherwise you need to use that username and password that you have added to the ESE DB cc_users table. If you like I could review your enterprise-security-extension-configuration.xml and config.xml (I hope there is no private info , but if there is please clean it first)
To troubleshoot the “Not authorized” response, first you need to set root log level to DEBUG in the logback.xml ($HIVEMQ_HOME/conf/logback.xml). Then you will see DEBUG messages from the ESE in the hivemq.log and the log will contain more details regarding “Not authorized” and which AUTHORIZATION_ROLE_KEY is used. Feel free to share the log message here.
To see successful authorisations tail the access.log ($HIVEMQ_HOME/log/access/access.log)
So, when I run: opt/hivemq/conf$ mqtt pub -u admin -t test -m ‘testtt’
I get: PUBLISH: CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.
I don’t get any log in hivemq.log but in the access.log I get:
2022-09-12 18:15:05,964 UTC - authentication-failed - Client failed authentication: ID mqttClient-MQTT_5_0-ee9d1ab5-b879-436a-85d7-e5eb6d612921, IP 127.0.0.1, reason “unknown authentication key or wrong authentication secret”.
<realms>
<!-- a postgresql db-->
<sql-realm>
<name>postgres-backend</name>
<enabled>true</enabled>
<configuration>
<db-type>POSTGRES</db-type>
<db-name>hivemq-ese-db</db-name>
<db-host>localhost</db-host>
<db-port>5432</db-port>
<db-username>postgres</db-username>
<db-password>postgres</db-password>
</configuration>
</sql-realm>
</realms>
<pipelines>
<!-- secure access to the mqtt broker -->
<listener-pipeline listener="ALL">
<!-- authenticate over a sql db -->
<sql-authentication-manager>
<realm>postgres-backend</realm>
</sql-authentication-manager>
<!-- authorize over a sql db -->
<sql-authorization-manager>
<realm>postgres-backend</realm>
<use-authorization-key>false</use-authorization-key>
<use-authorization-role-key>true</use-authorization-role-key>
</sql-authorization-manager>
</listener-pipeline>
<!-- secure access to the control center -->
<control-center-pipeline>
<!-- authenticate over a sql db -->
<sql-authentication-manager>
<realm>postgres-backend</realm>
</sql-authentication-manager>
<!-- authorize over a sql db -->
<sql-authorization-manager>
<realm>postgres-backend</realm>
<use-authorization-key>true</use-authorization-key>
<use-authorization-role-key>true</use-authorization-role-key>
</sql-authorization-manager>
</control-center-pipeline>
</pipelines>
Hi,
when I tail "tail -f /opt/hivemq/log/access/access.log ", I get:
2022-09-13 01:33:45,392 UTC - authentication-failed - Client failed authentication: ID mqttClient-MQTT_5_0-1b7767c9-566f-4dfb-b032-4289557baf14, IP 127.0.0.1, reason “unknown authentication key or wrong authentication secret”.
I think it hasto be something with the config file from postgresql pg_hba.conf. Please have a look at my file below.
Database administrative login by Unix domain socket
local all postgres peer
TYPE DATABASE USER ADDRESS METHOD
“local” is for Unix domain socket connections only
local all all peer
IPv4 local connections:
host all all 83.40.226.159/32 md5
host all all 127.0.0.1/32 md5
IPv6 local connections:
host all all ::1/128 md5
Allow replication connections from localhost, by a user with the
replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
Hi Dasha,
I’ve been able to fix the issue with the Control Center user. Now I’m able to login to the Control Center.
The other issue still remains the same…and it is really annoying… for any try to connect, i always get the same error:
#mqtt pub -t test -m ‘sf’
PUBLISH: CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.
In access.log:
2022-09-13 07:49:53,230 UTC - authentication-failed - Client failed authentication: ID mqttClient-MQTT_5_0-6d19c605-5fbd-4ead-a7aa-7b4d7c2a1579, IP 127.0.0.1, reason “unknown authentication key or wrong authentication secret”.
I guess it should be something related to the client. When I go the shell and try to connect from a client:
mqtt> con -i myclient
CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.
mqtt>
To check your work, set the log level to DEBUG and monitor the hivemq.log for “authentication” warnings. To set the log level to DEBUG, in the logback.xml update this: