Comments (12)
Instead of using env vars, maybe you could use file-based secrets for the bridges. This was added to 5.4.0.
- #11896 Introduced an enhancement for configuring sensitive authentication fields in bridges, such as passwords, tokens, and secret keys. This improvement allows the use of secrets stored as files in the file system. These secrets can be securely referenced in configuration files using the special
file://
prefix, enhancing the security of sensitive data handling in bridge configurations.
Since the original problem is resolved, I'll close this.
from emqx.
Hi, are you using persistence in k8s (PVC)?
If you made changes to the bridge configuration using the dashboard UI, then those changes would have been saved to data/configs/cluster.hocon
. In that case, you would need to either delete the bridge using the dashboard, or edit the persisted cluster.hocon
files as well.
from emqx.
Hi, exactly k8s with pvc. I´ve tested like you subscribe. Delete the old bridge over the emqx dashboard. After that I´d delete the config lines from the old bridge in the values.yml and upgrade over helm.
But same failure:
[error] failed_to_check_schema: emqx_conf_schema [error] #{kind => validation_error,path => "bridges.mqtt.bridge_name.server",reason => required_field}
from emqx.
Are you upgrading from some older version to 5.4.1, or from 5.4.1 to 5.5.0?
How many nodes are in your cluster?
Could you please share the contents of your data/configs
directory? i.e.: ls data/configs
.
I'm checking if that directory contains a cluster-overrides.conf
file by any chance.
Also, after deleting the bridge via the dashboard UI, could you please confirm that cluster.hocon
does not contain any traces of said bridge?
from emqx.
There´re 3 nodes in the cluster. The problem is not only even, if I try to upgrade the version. Also if I did a helm upgrade only with deleted bridge values in the values.yml
There´re no more bridge options in the cluster.hocon file.
from emqx.
Should I sync the cluster config after delete the bridge over emqx dashboard? For example with the emqx_ctl tool?
It´s possible that this is the same problem? #12311
from emqx.
Should I sync the cluster config after delete the bridge over emqx dashboard? For example with the emqx_ctl tool?
Shouldn't be needed. Using the dashboard already takes care of that.
It´s possible that this is the same problem? #12311
Only if you are using environment variables like in that issue. If something like EMQX_BRIDGES__MQTT__...
is also being set, then it's likely the cause.
Could you share your values.yaml
file (with any sensitive data censored)?
from emqx.
Damn. Off course values from the values.yml file are set as environment variables.
from emqx.
@N0tronic was the problem solved after removing the bridge-related environment variables from values.yaml
?
from emqx.
I've solved the problem, but it was a bit more complicated. First the failure was still there, after I deleted all bridge variables from the values.yml
Then I realized, that I outsourced the bridge user password into a secret, that loaded as environment variable during deployment. Deleting the secret solved the problem.
But I'm not very satisfied with this restricted behavior of the system. One forgotten bridge variable prevents the whole deployment 😩
from emqx.
But I'm not very satisfied with this restricted behavior of the system. One forgotten bridge variable prevents the whole deployment 😩
Hi @N0tronic
We understand the frustration.
Though I consider this a necessary trade-off for strictly type-checked config.
Maybe we can improve error logging to help locating the issue faster, we are open to suggestions in this regard.
from emqx.
@zmstone I understand, it's a narrow line. Some systems gives the user more flexibility, cause they can decide to turn the strict mode on or off. It would be nice, if u can think about such possibilities 🙂
But more details in the logs is also great as a first step 👍🏼
from emqx.
Related Issues (20)
- Not getting Emqx dashboard HOT 1
- EMQX Clustering - Message Replication HOT 4
- STOMP GW does not send heartbeat to client HOT 4
- EMQX cluster cannot restart after persistence HOT 1
- After STOMP enables authentication, authentication fails when the account password carries a colon
- runq_overload everyday for few minutes HOT 4
- Receive Maximum Not Sent in Bridge CONNACK HOT 4
- ~10ms latency on publishing and receiving message on the same machine on windows HOT 6
- webhook监听上下线事件时,事件时序有误,原因不明(connected and disconnected events may out of order) HOT 3
- Authentication fails periodically and restart fixes it HOT 9
- For my project required kafka and kerberos integration with EMQX opensource,So any how is it possible to do these integration with Emqx OPenSource version HOT 2
- Get acknowledgement from subscriber(s) after publish messages HOT 2
- Restored retained message have no payload HOT 2
- error messages received and MQTT broker keep running up and down, very HOT 4
- Several protocol violations or bugs in EMQX HOT 26
- Upgrade to Openssl 3.0 or higher HOT 7
- LDAP server treated as down due to wrong error returned than expected? HOT 1
- EMQX Cluster error msg: failed_to_kick_session_on_remote_node HOT 4
- Bug: v5.7.0 /api/v5/monitor API return 500 Error becasue of the incompatible conf changes HOT 1
- MemoryDB certificate verification fails after upgrade to version 5.7.0
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emqx.