Dustin C. Hatch
57b3039f2c
Mosquitto 2.x included two significant changes from 1.6: * There is no longer a "default" listener; all listeners are configured in the same way * The daemon drops privileges *before* reading TLS certificates and private keys
48 lines
1.0 KiB
YAML
48 lines
1.0 KiB
YAML
- name: ensure mosquitto is installed
|
|
package:
|
|
name: mosquitto
|
|
state: present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure mosquitto certificate is installed
|
|
copy:
|
|
src: certs/mosquitto/{{ inventory_hostname }}.cer
|
|
dest: '{{ mosquitto_certfile }}'
|
|
owner: root
|
|
group: mosquitto
|
|
mode: '0644'
|
|
notify:
|
|
- restart mosquitto
|
|
when: mosquitto_certfile is defined
|
|
- name: ensure mosquitto private key is installed
|
|
copy:
|
|
src: certs/mosquitto/{{ inventory_hostname }}.key
|
|
dest: '{{ mosquitto_keyfile }}'
|
|
owner: root
|
|
group: mosquitto
|
|
mode: '0440'
|
|
diff: false
|
|
notify:
|
|
- restart mosquitto
|
|
when: mosquitto_keyfile is defined
|
|
|
|
- name: ensure mosquitto is configured
|
|
template:
|
|
src: mosquitto.conf.j2
|
|
dest: /etc/mosquitto/mosquitto.conf
|
|
mode: '0644'
|
|
notify:
|
|
- restart mosquitto
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: ensure mosquitto starts at boot
|
|
service:
|
|
name: mosquitto
|
|
enabled: true
|
|
- name: ensure mosquitto is running
|
|
service:
|
|
name: mosquitto
|
|
state: started
|