roles/mosquitto: Update for Mosquitto 2.x

Mosquitto 2.x included two significant changes from 1.6: * There is no longer a "default" listener; all listeners are configured in the same way * The daemon drops privileges *before* reading TLS certificates and private keys
2021-07-19 13:24:34 -05:00
parent 0f70a5b6ba
commit 57b3039f2c
3 changed files with 130 additions and 225 deletions
--- a/roles/mosquitto/tasks/main.yml
+++ b/roles/mosquitto/tasks/main.yml
@@ -9,6 +9,8 @@
  copy:
    src: certs/mosquitto/{{ inventory_hostname }}.cer
    dest: '{{ mosquitto_certfile }}'
+    owner: root
+    group: mosquitto
    mode: '0644'
  notify:
  - restart mosquitto
@@ -17,7 +19,10 @@
  copy:
    src: certs/mosquitto/{{ inventory_hostname }}.key
    dest: '{{ mosquitto_keyfile }}'
-    mode: '0400'
+    owner: root
+    group: mosquitto
+    mode: '0440'
+  diff: false
  notify:
  - restart mosquitto
  when: mosquitto_keyfile is defined
@@ -39,4 +44,4 @@
 - name: ensure mosquitto is running
  service:
    name: mosquitto
-    state: started
+    state: started