I updated net/mosquitto from 1.6.7_1 to 2.0.8 on March 14, 2021. It did not get restarted at that time.
It wasn’t until sysutils/anvil brought in a new certificate and attempted to restart mosquitto did the monitoring start detecting the problem: mosquitto wasn’t running.
It’s the pid file
Looking into it, nothing was logged when starting via rc.d:
$ sudo service mosquitto start Starting mosquitto.
Starting it from the command line gave useful information:
$ sudo /usr/local/sbin/mosquitto -c /usr/local/etc/mosquitto/mosquitto.conf -v 1616184446: Error: Unable to write pid file.
Looking at the rc.d file and comparing it to the documentation I found the documentation refers to pid_file and the script is looking for pidfile.
The following represents the patch I made to the script:
+ pidfile=$(grep pid_file ${mosquitto_config} | awk '{print($2)}')
- pidfile=$(grep pidfile ${mosquitto_config} | awk '{print($2)}')
It’s permissions
After updating the rc.d script to search for the correct pid file, the previously described problem persisted. An internet search for this led me to create a new directory for the pid file, owned by the mosquitto user.
$ sudo mkdir /var/run/mosquitto $ sudo chown mosquitto:mosquitto /var/run/mosquitto $ ls -ld /var/run/mosquitto/ drwxr-xr-x 2 mosquitto mosquitto 512 Mar 22 13:16 /var/run/mosquitto/
I modified /usr/local/etc/mosquitto/mosquitto.conf to locate the pid file to this directory.
Starting mosquitto again, got me past the pid file problems. Now the file was being created and populated, but mosquitto did not stay running.
It’s the password file
Checking /var/log/messages, I found:
Mar 21 13:13:23 supernews mosquitto[8586]: 1616418803: Error: Unable to open pwfile "/usr/local/etc/mosquitto/mosquitto.passwd".
Looking at that file it was:
$ ls -l /usr/local/etc/mosquitto/mosquitto.passwd -rw-r----- 1 root wheel 231 Sep 6 2019 /usr/local/etc/mosquitto/mosquitto.passwd
Let’s try this:
$ sudo chgrp mosquitto /usr/local/etc/mosquitto/mosquitto.passwd $ ls -l /usr/local/etc/mosquitto/mosquitto.passwd -rw-r----- 1 root mosquitto 231 Sep 6 2019 /usr/local/etc/mosquitto/mosquitto.passwd
When I started mosquitto and I saw new errors this time.
It’s the certificate key file
Looking at /var/log/messages, I found:
Mar 21 13:14:33 supernews mosquitto[27095]: 1616418873: Error: Unable to load server key file "/usr/local/etc/ssl/example.org.key". Check keyfile. Mar 21 13:14:33 supernews mosquitto[27095]: 1616418873: OpenSSL Error[0]: error:0200100D:system library:fopen:Permission denied Mar 21 13:14:33 supernews mosquitto[27095]: 1616418873: OpenSSL Error[1]: error:20074002:BIO routines:file_ctrl:system lib Mar 21 13:14:33 supernews mosquitto[27095]: 1616418873: OpenSSL Error[2]: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
I know how to fix this one:
$ ls -l /us/usr/local/etc/ssl/example.org.key -rw------- 1 root wheel 1675 Apr 11 2018 /usr/local/etc/ssl/example.org.key $ sudo chgrp mosquitto /usr/local/etc/ssl/example.org.key $ sudo chmod g+r /usr/local/etc/ssl/example.org.key $ ls -l /usr/local/etc/ssl/example.org.key -rw-r----- 1 root mosquitto 1675 Apr 11 2018 /usr/local/etc/ssl/example.org.key
One More Time!
Let’s try again:
$ sudo service mosquitto start Starting mosquitto. $ ps auwwx | grep mosq mosquitto 41513 0.8 0.1 19628 9956 - Ss 13:16 0:00.13 /usr/local/sbin/mosquitto -c /usr/local/etc/mosquitto/mosquitto.conf -d dan 41965 0.0 0.0 11432 2360 1 S+ 13:16 0:00.00 grep mosq
There we go.
Why all this hassle?
Conclusions: it seems that mosquitto is now dropping privs before writing the PID file and before reading the certificate and password files.
I think the
rc.d
script needs updating and an entry added to UPDATING.
I upgraded two more mosquitto instances today. Same issues.