From f5932dc9a4080240faaf381293bee73c9eef363a Mon Sep 17 00:00:00 2001 From: JianBo He Date: Mon, 19 Jun 2023 17:21:41 +0800 Subject: [PATCH 01/36] fix: add libsasl2-modules-gssapi-mit for CI To supplement for #11076 --- .github/workflows/build_and_push_docker_images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_and_push_docker_images.yaml b/.github/workflows/build_and_push_docker_images.yaml index 3495c647b..d1c5727d0 100644 --- a/.github/workflows/build_and_push_docker_images.yaml +++ b/.github/workflows/build_and_push_docker_images.yaml @@ -169,7 +169,7 @@ jobs: fi extra_deps= if [[ "${{ matrix.profile }}" = *enterprise* ]]; then - extra_deps='libsasl2-2' + extra_deps='libsasl2-2,libsasl2-modules-gssapi-mit' fi echo "img_suffix=$img_suffix" >> $GITHUB_OUTPUT From d4cf6d52614025265d098ce4e42e6d7cba3f9f92 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Mon, 19 Jun 2023 11:29:43 +0200 Subject: [PATCH 02/36] chore: add a comment to build script --- build | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/build b/build index 5464219b3..b6276b8c3 100755 --- a/build +++ b/build @@ -367,7 +367,9 @@ docker_cleanup() { rm -f ./.dockerignore >/dev/null } -## This function builds the default docker image based on debian 11 +## Build the default docker image based on debian 11. +## NOTE: docker image build in github action does not call this +## function, see build_and_push_docker_images.yaml make_docker() { EMQX_BUILDER="${EMQX_BUILDER:-${EMQX_DEFAULT_BUILDER}}" EMQX_RUNNER="${EMQX_RUNNER:-${EMQX_DEFAULT_RUNNER}}" From 6efb07f6eb15db6391fc134e85ddaa2b5036dbef Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Mon, 19 Jun 2023 18:12:33 +0800 Subject: [PATCH 03/36] fix: crash on emqx_ctl listeners --- apps/emqx_management/src/emqx_mgmt_cli.erl | 37 +++++++++++++--------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/apps/emqx_management/src/emqx_mgmt_cli.erl b/apps/emqx_management/src/emqx_mgmt_cli.erl index a3a643681..e0685b2ff 100644 --- a/apps/emqx_management/src/emqx_mgmt_cli.erl +++ b/apps/emqx_management/src/emqx_mgmt_cli.erl @@ -616,21 +616,28 @@ listeners([]) -> Acceptors = maps:get(acceptors, Conf), ProxyProtocol = maps:get(proxy_protocol, Conf, undefined), Running = maps:get(running, Conf), - CurrentConns = - case emqx_listeners:current_conns(ID, Bind) of - {error, _} -> []; - CC -> [{current_conn, CC}] - end, - MaxConn = - case emqx_listeners:max_conns(ID, Bind) of - {error, _} -> []; - MC -> [{max_conns, MC}] - end, - ShutdownCount = - case emqx_listeners:shutdown_count(ID, Bind) of - {error, _} -> []; - SC -> [{shutdown_count, SC}] - end, + case Running of + true -> + CurrentConns = + case emqx_listeners:current_conns(ID, Bind) of + {error, _} -> []; + CC -> [{current_conn, CC}] + end, + MaxConn = + case emqx_listeners:max_conns(ID, Bind) of + {error, _} -> []; + MC -> [{max_conns, MC}] + end, + ShutdownCount = + case emqx_listeners:shutdown_count(ID, Bind) of + {error, _} -> []; + SC -> [{shutdown_count, SC}] + end; + false -> + CurrentConns = [], + MaxConn = [], + ShutdownCount = [] + end, Info = [ {listen_on, {string, emqx_listeners:format_bind(Bind)}}, From 64612cab1404c6bf95f0076cb066af0a6512fa89 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Mon, 19 Jun 2023 18:22:51 +0800 Subject: [PATCH 04/36] chore: bump to v5.1.0.alpha.8 --- apps/emqx/include/emqx_release.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl index fe37a75ff..a2d469bde 100644 --- a/apps/emqx/include/emqx_release.hrl +++ b/apps/emqx/include/emqx_release.hrl @@ -32,7 +32,7 @@ %% `apps/emqx/src/bpapi/README.md' %% Opensource edition --define(EMQX_RELEASE_CE, "5.1.0-alpha.5"). +-define(EMQX_RELEASE_CE, "5.1.0-alpha.8"). %% Enterprise edition -define(EMQX_RELEASE_EE, "5.1.0-alpha.7"). From a3e50a0d4cde86ae06f9d59b0bd5443fa6b30afd Mon Sep 17 00:00:00 2001 From: JianBo He Date: Mon, 19 Jun 2023 21:06:36 +0800 Subject: [PATCH 05/36] chore: pin paho-test version to avoid test failures --- .ci/docker-compose-file/python/pytest.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.ci/docker-compose-file/python/pytest.sh b/.ci/docker-compose-file/python/pytest.sh index 245ee8a2b..4df9d3a71 100755 --- a/.ci/docker-compose-file/python/pytest.sh +++ b/.ci/docker-compose-file/python/pytest.sh @@ -18,7 +18,12 @@ else fi apk update && apk add git curl -git clone -b develop-5.0 https://github.com/emqx/paho.mqtt.testing.git /paho.mqtt.testing +## Use 5.1.0 to bypass the newly added test cases in +## https://github.com/emqx/paho.mqtt.testing/pull/13 +## This is a temporary solution for 5.1.0 release. After 5.1.0 release, we should use +## the develop-5.0 branch +git clone -b 5.1.0 https://github.com/emqx/paho.mqtt.testing.git /paho.mqtt.testing + pip install pytest==7.1.2 pytest-retry pytest --retries 3 -v /paho.mqtt.testing/interoperability/test_client/V5/test_connect.py -k test_basic --host "$TARGET_HOST" From b0a6c18917ef63152d941dda988e5cfcd8ab9133 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Mon, 19 Jun 2023 22:59:05 +0800 Subject: [PATCH 06/36] chore: bump vsn to 5.1.0-alpha.8 --- apps/emqx/include/emqx_release.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl index fe37a75ff..f23916960 100644 --- a/apps/emqx/include/emqx_release.hrl +++ b/apps/emqx/include/emqx_release.hrl @@ -35,7 +35,7 @@ -define(EMQX_RELEASE_CE, "5.1.0-alpha.5"). %% Enterprise edition --define(EMQX_RELEASE_EE, "5.1.0-alpha.7"). +-define(EMQX_RELEASE_EE, "5.1.0-alpha.8"). %% The HTTP API version -define(EMQX_API_VERSION, "5.0"). From f82c56ae169d32808510285329d4ddd1e5dfd0a8 Mon Sep 17 00:00:00 2001 From: ieQu1 <99872536+ieQu1@users.noreply.github.com> Date: Mon, 19 Jun 2023 19:28:17 +0200 Subject: [PATCH 07/36] chore(mria): Bump version to 0.5.5 --- apps/emqx/include/emqx.hrl | 7 ------- apps/emqx/rebar.config | 2 +- apps/emqx/src/emqx_app.erl | 4 ---- mix.exs | 2 +- rebar.config | 2 +- 5 files changed, 3 insertions(+), 14 deletions(-) diff --git a/apps/emqx/include/emqx.hrl b/apps/emqx/include/emqx.hrl index 64cd4687b..faf3f4828 100644 --- a/apps/emqx/include/emqx.hrl +++ b/apps/emqx/include/emqx.hrl @@ -25,13 +25,6 @@ -define(ROUTE_SHARD, route_shard). -define(PERSISTENT_SESSION_SHARD, emqx_persistent_session_shard). --define(BOOT_SHARDS, [ - ?ROUTE_SHARD, - ?COMMON_SHARD, - ?SHARED_SUB_SHARD, - ?PERSISTENT_SESSION_SHARD -]). - %% Banner %%-------------------------------------------------------------------- diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config index fd7855004..20e428ac9 100644 --- a/apps/emqx/rebar.config +++ b/apps/emqx/rebar.config @@ -27,7 +27,7 @@ {gproc, {git, "https://github.com/emqx/gproc", {tag, "0.9.0.1"}}}, {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.9.0"}}}, {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.9.6"}}}, - {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.15.2"}}}, + {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.15.3"}}}, {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.8.1"}}}, {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.39.7"}}}, {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.5.2"}}}, diff --git a/apps/emqx/src/emqx_app.erl b/apps/emqx/src/emqx_app.erl index 77ece1c60..1fb2feb87 100644 --- a/apps/emqx/src/emqx_app.erl +++ b/apps/emqx/src/emqx_app.erl @@ -44,7 +44,6 @@ start(_Type, _Args) -> ok = emqx_persistent_session:init_db_backend(), ok = maybe_start_quicer(), ok = emqx_bpapi:start(), - wait_boot_shards(), ok = emqx_alarm_handler:load(), {ok, Sup} = emqx_sup:start_link(), ok = maybe_start_listeners(), @@ -60,9 +59,6 @@ prep_stop(_State) -> stop(_State) -> ok. -wait_boot_shards() -> - ok = mria_rlog:wait_for_shards(?BOOT_SHARDS, infinity). - %% @doc Call this function to make emqx boot without loading config, %% in case we want to delegate the config load to a higher level app %% which manages emqx app. diff --git a/mix.exs b/mix.exs index fbd88e61d..622ff6829 100644 --- a/mix.exs +++ b/mix.exs @@ -55,7 +55,7 @@ defmodule EMQXUmbrella.MixProject do {:cowboy, github: "emqx/cowboy", tag: "2.9.0", override: true}, {:esockd, github: "emqx/esockd", tag: "5.9.6", override: true}, {:rocksdb, github: "emqx/erlang-rocksdb", tag: "1.7.2-emqx-11", override: true}, - {:ekka, github: "emqx/ekka", tag: "0.15.2", override: true}, + {:ekka, github: "emqx/ekka", tag: "0.15.3", override: true}, {:gen_rpc, github: "emqx/gen_rpc", tag: "2.8.1", override: true}, {:grpc, github: "emqx/grpc-erl", tag: "0.6.8", override: true}, {:minirest, github: "emqx/minirest", tag: "1.3.10", override: true}, diff --git a/rebar.config b/rebar.config index 8bbba5b96..c6e090170 100644 --- a/rebar.config +++ b/rebar.config @@ -62,7 +62,7 @@ , {cowboy, {git, "https://github.com/emqx/cowboy", {tag, "2.9.0"}}} , {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.9.6"}}} , {rocksdb, {git, "https://github.com/emqx/erlang-rocksdb", {tag, "1.7.2-emqx-11"}}} - , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.15.2"}}} + , {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.15.3"}}} , {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "2.8.1"}}} , {grpc, {git, "https://github.com/emqx/grpc-erl", {tag, "0.6.8"}}} , {minirest, {git, "https://github.com/emqx/minirest", {tag, "1.3.10"}}} From ead511a128c9d2885e3226c1826ffed9d2ac7bc6 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Mon, 19 Jun 2023 23:19:27 +0200 Subject: [PATCH 08/36] chore: bump to 5.1.0-rc.1 --- apps/emqx/include/emqx_release.hrl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl index e6f43ab32..8faa00abd 100644 --- a/apps/emqx/include/emqx_release.hrl +++ b/apps/emqx/include/emqx_release.hrl @@ -32,10 +32,10 @@ %% `apps/emqx/src/bpapi/README.md' %% Opensource edition --define(EMQX_RELEASE_CE, "5.1.0-alpha.8"). +-define(EMQX_RELEASE_CE, "5.1.0-rc.1"). %% Enterprise edition --define(EMQX_RELEASE_EE, "5.1.0-alpha.8"). +-define(EMQX_RELEASE_EE, "5.1.0-rc.1"). %% The HTTP API version -define(EMQX_API_VERSION, "5.0"). From 36ee8723619e77e366cba3a410e49ac01ed8370b Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Mon, 19 Jun 2023 15:57:40 +0800 Subject: [PATCH 09/36] chore: hide plugins from conf load cli --- apps/emqx_conf/src/emqx_conf_cli.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/emqx_conf/src/emqx_conf_cli.erl b/apps/emqx_conf/src/emqx_conf_cli.erl index 70e9c3a5e..7e5a5b891 100644 --- a/apps/emqx_conf/src/emqx_conf_cli.erl +++ b/apps/emqx_conf/src/emqx_conf_cli.erl @@ -170,7 +170,7 @@ drop_hidden_roots(Conf) -> lists:foldl(fun(K, Acc) -> maps:remove(K, Acc) end, Conf, hidden_roots()). hidden_roots() -> - [<<"trace">>, <<"stats">>, <<"broker">>, <<"persistent_session_store">>]. + [<<"trace">>, <<"stats">>, <<"broker">>, <<"persistent_session_store">>, <<"plugins">>]. get_config(Key) -> case emqx:get_raw_config([Key], undefined) of From 2bb3a93e032d167d00de510a25a4cd38c7715cbd Mon Sep 17 00:00:00 2001 From: JianBo He Date: Tue, 20 Jun 2023 14:18:33 +0800 Subject: [PATCH 10/36] chore: bump dashboard vsn --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f04f2fd77..2453528be 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ endif # Dashboard version # from https://github.com/emqx/emqx-dashboard5 export EMQX_DASHBOARD_VERSION ?= v1.3.0 -export EMQX_EE_DASHBOARD_VERSION ?= e1.1.0-beta.7 +export EMQX_EE_DASHBOARD_VERSION ?= e1.1.0 # `:=` should be used here, otherwise the `$(shell ...)` will be executed every time when the variable is used # In make 4.4+, for backward-compatibility the value from the original environment is used. From c4222557baacee5d83158e84e043dd0492145350 Mon Sep 17 00:00:00 2001 From: firest Date: Mon, 19 Jun 2023 02:25:05 +0800 Subject: [PATCH 11/36] chore: add examples of how to configure --- .gitignore | 2 +- delayed.conf.example | 15 +++ examples/README.md | 16 +++ examples/alarm.conf.example | 22 ++++ examples/auto_subscribe.conf.example | 30 +++++ examples/broker.conf.example | 30 +++++ examples/cluster-with-dns.conf.example | 33 +++++ examples/cluster-with-etcd-ssl.conf.example | 84 +++++++++++++ examples/cluster-with-etcd.conf.example | 36 ++++++ examples/cluster-with-k8s.conf.example | 42 +++++++ examples/cluster-with-manual.conf.example | 24 ++++ examples/cluster-with-static.conf.example | 27 +++++ examples/conn_congestion.conf.example | 15 +++ examples/dashboard-with-http.conf.example | 44 +++++++ examples/dashboard-with-https.conf.example | 91 ++++++++++++++ examples/exhook.conf.example | 52 ++++++++ ..._transfer-with-local-exporter.conf.example | 50 ++++++++ ...ile_transfer-with-s3-exporter.conf.example | 71 +++++++++++ examples/flapping_detect.conf.example | 21 ++++ examples/force_gc.conf.example | 18 +++ examples/force_shutdown.conf.example | 19 +++ examples/license.conf.example | 19 +++ examples/listeners.quic.conf.example | 48 ++++++++ examples/listeners.ssl.conf.example | 66 ++++++++++ examples/listeners.tcp.conf.example | 78 ++++++++++++ examples/listeners.ws.conf.example | 62 ++++++++++ examples/listeners.wss.conf.example | 64 ++++++++++ examples/log.console.conf.example | 27 +++++ examples/log.file.conf.example | 38 ++++++ examples/mqtt.conf.example | 113 ++++++++++++++++++ examples/node.conf.example | 43 +++++++ examples/overload_protection.conf.example | 25 ++++ examples/plugin.conf.example | 27 +++++ examples/prometheus.conf.example | 28 +++++ examples/psk_authentication.conf.example | 21 ++++ examples/retainer.conf.example | 40 +++++++ examples/rpc-with-ssl.conf.example | 76 ++++++++++++ examples/rpc-with-tcp.conf.example | 67 +++++++++++ examples/slow_subs.conf.example | 28 +++++ examples/sys_topics.conf.example | 25 ++++ examples/sysmon.os.conf.example | 30 +++++ examples/sysmon.vm.conf.example | 42 +++++++ rel/i18n/emqx_prometheus_schema.hocon | 2 +- 43 files changed, 1709 insertions(+), 2 deletions(-) create mode 100644 delayed.conf.example create mode 100644 examples/README.md create mode 100644 examples/alarm.conf.example create mode 100644 examples/auto_subscribe.conf.example create mode 100644 examples/broker.conf.example create mode 100644 examples/cluster-with-dns.conf.example create mode 100644 examples/cluster-with-etcd-ssl.conf.example create mode 100644 examples/cluster-with-etcd.conf.example create mode 100644 examples/cluster-with-k8s.conf.example create mode 100644 examples/cluster-with-manual.conf.example create mode 100644 examples/cluster-with-static.conf.example create mode 100644 examples/conn_congestion.conf.example create mode 100644 examples/dashboard-with-http.conf.example create mode 100644 examples/dashboard-with-https.conf.example create mode 100644 examples/exhook.conf.example create mode 100644 examples/file_transfer-with-local-exporter.conf.example create mode 100644 examples/file_transfer-with-s3-exporter.conf.example create mode 100644 examples/flapping_detect.conf.example create mode 100644 examples/force_gc.conf.example create mode 100644 examples/force_shutdown.conf.example create mode 100644 examples/license.conf.example create mode 100644 examples/listeners.quic.conf.example create mode 100644 examples/listeners.ssl.conf.example create mode 100644 examples/listeners.tcp.conf.example create mode 100644 examples/listeners.ws.conf.example create mode 100644 examples/listeners.wss.conf.example create mode 100644 examples/log.console.conf.example create mode 100644 examples/log.file.conf.example create mode 100644 examples/mqtt.conf.example create mode 100644 examples/node.conf.example create mode 100644 examples/overload_protection.conf.example create mode 100644 examples/plugin.conf.example create mode 100644 examples/prometheus.conf.example create mode 100644 examples/psk_authentication.conf.example create mode 100644 examples/retainer.conf.example create mode 100644 examples/rpc-with-ssl.conf.example create mode 100644 examples/rpc-with-tcp.conf.example create mode 100644 examples/slow_subs.conf.example create mode 100644 examples/sys_topics.conf.example create mode 100644 examples/sysmon.os.conf.example create mode 100644 examples/sysmon.vm.conf.example diff --git a/.gitignore b/.gitignore index ceb12182f..91183b48b 100644 --- a/.gitignore +++ b/.gitignore @@ -6,7 +6,7 @@ deps *.o *.beam *.plt -*.example +#*.example erl_crash.dump ebin !ebin/.placeholder diff --git a/delayed.conf.example b/delayed.conf.example new file mode 100644 index 000000000..7b0d243c2 --- /dev/null +++ b/delayed.conf.example @@ -0,0 +1,15 @@ +##-------------------------------------------------------------------- +## Delayed publish +## +## Configuring the delayed publish feature +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +delayed { + enable = true ## false for disabled + + ## Maximum number of delayed messages + ## Default: 0 (0 is no limit) + max_delayed_messages = 0 +} diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 000000000..013939394 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,16 @@ +# Examples + +Here are examples of how to configure features In EMQX, most of them can be used directly by copy-paste content into the `emqx.conf` file, others may need to be slightly modified to use, for example, you should change the listener port or HTTP URL to what you actually used. + +Although we have tried to show every configurable field in the example, +you do not need to care about each one, since most of them already have default values and can be omitted in the configuration file. + +If you are confused about some fields, please refer to our documents, here are just some simple configuration examples with necessary descriptions. + + +## Documentation + +The EMQX documentation is available at [www.emqx.io/docs/en/latest/](https://www.emqx.io/docs/en/latest/). + +The EMQX Enterprise documentation is available at [docs.emqx.com/en/](https://docs.emqx.com/en/). + diff --git a/examples/alarm.conf.example b/examples/alarm.conf.example new file mode 100644 index 000000000..84c92f974 --- /dev/null +++ b/examples/alarm.conf.example @@ -0,0 +1,22 @@ +##-------------------------------------------------------------------- +## Alarm +## +## Configuring how to handle the alarms generated from sysmon.*.conf.example +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +alarm { + ## The actions triggered when the alarm is activated + ## Type: Array of the below enum + ## - log :: write the alarm to log + ## - publish :: publish the alarm as an MQTT message to the system topics + actions = [log] + + ## Maximum total number of deactivated alarms to keep as history + ## Type: Range from 1 to 3000 + size_limit = 1000 + + ## Retention time of deactivated alarms + validity_period = 24h +} diff --git a/examples/auto_subscribe.conf.example b/examples/auto_subscribe.conf.example new file mode 100644 index 000000000..7a5523f2a --- /dev/null +++ b/examples/auto_subscribe.conf.example @@ -0,0 +1,30 @@ +##-------------------------------------------------------------------- +## Auto Subscribe +## +## Subscribe the Topics automatically when client connected +##-------------------------------------------------------------------- + +auto_subscribe.topics = [ + { + ## Topic name, placeholders are supported + ## For example: client/${clientid}/username/${username}/host/${host}/port/${port} + topic = "/auto/${clientid}", + + ## QoS + qos = 0, + + ## Retain Handling + ## Value: 0 | 1 | 2 + rh = 0, + + ## Retain As Publish + ## Value: 0 | 1 + rap = 0, + + ## No Local + ## Value: 0 | 1 + nl = 0 + }, + {topic = "/foo/${username}/#", qos = 1}, + {topic = "/boo/${ip}/+"} +] diff --git a/examples/broker.conf.example b/examples/broker.conf.example new file mode 100644 index 000000000..be898128c --- /dev/null +++ b/examples/broker.conf.example @@ -0,0 +1,30 @@ +##-------------------------------------------------------------------- +## Broker +## +## Message broker options +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: If you and finding how to configure EMQX itself, have a look at the node.conf.example + +broker { + ## Session locking strategy in a cluster + ## Type: + ## - local :: only lock the session on the current node + ## - leader :: select only one remote node to lock the session + ## - quorum :: select some nodes to lock the session + ## - all :: lock the session on all the nodes in the cluster + session_locking_strategy = quorum + + ## Dispatch strategy for shared subscription + ## Type: + ## - random :: dispatch the message to a random selected subscriber + ## - round_robin :: select the subscribers in a round-robin manner + ## - round_robin_per_group :: select the subscribers in round-robin fashion within each shared subscriber group + ## - local :: select random local subscriber otherwise select random cluster-wide + ## - sticky :: always use the last selected subscriber to dispatch, until the subscriber disconnects. + ## - hash_clientid :: select the subscribers by hashing the `clientIds` + ## - hash_topic :: select the subscribers by hashing the source topic""" + shared_subscription_strategy = round_robin + } diff --git a/examples/cluster-with-dns.conf.example b/examples/cluster-with-dns.conf.example new file mode 100644 index 000000000..f17ce8303 --- /dev/null +++ b/examples/cluster-with-dns.conf.example @@ -0,0 +1,33 @@ +##-------------------------------------------------------------------- +## Cluster in service discovery via DNS SRV records mode +## +## Configs to instruct how individual nodes can discover each other +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +cluster { + ## Human-friendly name of the EMQX cluster. + name = emqxcl + + ## Service discovery method for the cluster nodes + discovery_strategy = dns + + ## List of core nodes that the replicant will connect to + core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + + ## Remove disconnected nodes from the cluster after this interval + autoclean = 5m + + ## If true, the node will try to heal network partitions automatically + autoheal = true + + dns { + ## The domain name from which to discover peer EMQX nodes' IP addresses + name = localhost + + ## DNS record type + ## Type: enum: a | srv + record_type = a + } + } diff --git a/examples/cluster-with-etcd-ssl.conf.example b/examples/cluster-with-etcd-ssl.conf.example new file mode 100644 index 000000000..2d4ce35ac --- /dev/null +++ b/examples/cluster-with-etcd-ssl.conf.example @@ -0,0 +1,84 @@ +##-------------------------------------------------------------------- +## Cluster in service discovery using 'etcd' service mode +## +## Configs to instruct how individual nodes can discover each other +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +cluster { + ## Human-friendly name of the EMQX cluster. + name = emqxcl + + ## Service discovery method for the cluster nodes + discovery_strategy = etcd + + ## List of core nodes that the replicant will connect to + core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + + ## Remove disconnected nodes from the cluster after this interval + autoclean = 5m + + ## If true, the node will try to heal network partitions automatically + autoheal = true + + etcd { + ## List of endpoint URLs of the etcd cluster + server = "http://ur1,http://ur2" + + ## Key prefix used for EMQX service discovery + prefix = emqxcl + + ## Expiration time of the etcd key associated with the node. + node_ttl = 1m + + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable + + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false + + ## Enable TLS session reuse + reuse_sessions = true + + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 + + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] + + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true + + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice + + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s + + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true + + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true + + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s + } + } +} diff --git a/examples/cluster-with-etcd.conf.example b/examples/cluster-with-etcd.conf.example new file mode 100644 index 000000000..b13313438 --- /dev/null +++ b/examples/cluster-with-etcd.conf.example @@ -0,0 +1,36 @@ +##-------------------------------------------------------------------- +## Cluster in service discovery using 'etcd' service mode +## +## Configs to instruct how individual nodes can discover each other +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +cluster { + ## Human-friendly name of the EMQX cluster. + name = emqxcl + + ## Service discovery method for the cluster nodes + discovery_strategy = etcd + + ## List of core nodes that the replicant will connect to + core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + + ## Remove disconnected nodes from the cluster after this interval + autoclean = 5m + + ## If true, the node will try to heal network partitions automatically + autoheal = true + + etcd { + ## List of endpoint URLs of the etcd cluster + ## Type: Comma Separated String + server = "http://ur1,http://ur2" + + ## Key prefix used for EMQX service discovery + prefix = emqxcl + + ## Expiration time of the etcd key associated with the node + node_ttl = 1m + } +} diff --git a/examples/cluster-with-k8s.conf.example b/examples/cluster-with-k8s.conf.example new file mode 100644 index 000000000..ea94818c0 --- /dev/null +++ b/examples/cluster-with-k8s.conf.example @@ -0,0 +1,42 @@ +##-------------------------------------------------------------------- +## Cluster in service discovery via Kubernetes API server mode +## +## Configs to instruct how individual nodes can discover each other +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +cluster { + ## Human-friendly name of the EMQX cluster. + name = emqxcl + + ## Service discovery method for the cluster nodes + discovery_strategy = k8s + + ## List of core nodes that the replicant will connect to + core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + + ## Remove disconnected nodes from the cluster after this interval + autoclean = 5m + + ## If true, the node will try to heal network partitions automatically + autoheal = true + + k8s { + ## Kubernetes API endpoint URL + apiserver = "http://10.110.111.204:8080" + + ## EMQX broker service name + service_name = emqx + + ## Address type used for connecting to the discovered nodes + ## Type: ip | dns | hostname + address_type = ip + + ## Kubernetes namespace + namespace = default + + ## Node name suffix + suffix = "pod.local" + } +} diff --git a/examples/cluster-with-manual.conf.example b/examples/cluster-with-manual.conf.example new file mode 100644 index 000000000..17bc92346 --- /dev/null +++ b/examples/cluster-with-manual.conf.example @@ -0,0 +1,24 @@ +##-------------------------------------------------------------------- +## Cluster in service discovery via manual join mode +## +## Configs to instruct how individual nodes can discover each other +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +cluster { + ## Human-friendly name of the EMQX cluster. + name = emqxcl + + ## Service discovery method for the cluster nodes + discovery_strategy = manual + + ## List of core nodes that the replicant will connect to + core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + + ## Remove disconnected nodes from the cluster after this interval + autoclean = 5m + + ## If true, the node will try to heal network partitions automatically + autoheal = true + } diff --git a/examples/cluster-with-static.conf.example b/examples/cluster-with-static.conf.example new file mode 100644 index 000000000..7851b260f --- /dev/null +++ b/examples/cluster-with-static.conf.example @@ -0,0 +1,27 @@ +##-------------------------------------------------------------------- +## Cluster in service discovery via static nodes mode +## +## Configs to instruct how individual nodes can discover each other +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +cluster { + ## Human-friendly name of the EMQX cluster. + name = emqxcl + + ## Service discovery method for the cluster nodes + discovery_strategy = static + + ## List of core nodes that the replicant will connect to + core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + + ## Remove disconnected nodes from the cluster after this interval + autoclean = 5m + + ## If true, the node will try to heal network partitions automatically + autoheal = true + + ## List EMQX node names in the static cluster + static.seeds = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + } diff --git a/examples/conn_congestion.conf.example b/examples/conn_congestion.conf.example new file mode 100644 index 000000000..e6f3597d1 --- /dev/null +++ b/examples/conn_congestion.conf.example @@ -0,0 +1,15 @@ +##-------------------------------------------------------------------- +## Connection Congestion +## +## Generating alarm when MQTT connection congested +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +conn_congestion { + ## Enable or disable connection congestion alarm + enable_alarm = true + + ## Minimal time before clearing the alarm + min_alarm_sustain_duration = 1m +} diff --git a/examples/dashboard-with-http.conf.example b/examples/dashboard-with-http.conf.example new file mode 100644 index 000000000..292c56212 --- /dev/null +++ b/examples/dashboard-with-http.conf.example @@ -0,0 +1,44 @@ +##-------------------------------------------------------------------- +## Dashboard with HTTP Listener +## +## Configuration for EMQX dashboard +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +dashboard { + ## JWT token expiration time + token_expired_time = 60m + + ## Support Cross-Origin Resource Sharing (CORS) + cors = false + + listeners.http { + ## Whether to enable the listener + enable = true + + ## Port or Address to listen on + bind = "0.0.0.0:18083" ## or just a port number, e.g. 18083 + + ## Socket acceptor pool size for TCP protocols + num_acceptors = 8 + + ## Maximum number of simultaneous connections + max_connections = 512 + + ## Defines the maximum length that the queue of pending connections can grow to + backlog = 1024 + + ## Send timeout for the socket + send_timeout = 10s + + ## Enable IPv6 support, default is false, which means IPv4 only + inet6 = false + + ## Disable IPv4-to-IPv6 mapping for the listener + ipv6_v6only = false + + ## Enable support for `HAProxy` header + proxy_header = false + } +} diff --git a/examples/dashboard-with-https.conf.example b/examples/dashboard-with-https.conf.example new file mode 100644 index 000000000..cf7cc28a5 --- /dev/null +++ b/examples/dashboard-with-https.conf.example @@ -0,0 +1,91 @@ +##-------------------------------------------------------------------- +## Dashboard with HTTPS Listener +## +## Configuration for EMQX dashboard +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +dashboard { + ## JWT token expiration time + token_expired_time = 60m + + ## Support Cross-Origin Resource Sharing (CORS) + cors = false + + listeners.https { + ## Whether to enable the listener + enable = true + + ## Port or Address to listen on + bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084 + + ## Socket acceptor pool size for TCP protocols + num_acceptors = 8 + + ## Maximum number of simultaneous connections + max_connections = 512 + + ## Defines the maximum length that the queue of pending connections can grow to + backlog = 1024 + + ## Send timeout for the socket + send_timeout = 10s + + ## Enable IPv6 support, default is false, which means IPv4 only + inet6 = false + + ## Disable IPv4-to-IPv6 mapping for the listener + ipv6_v6only = false + + ## Enable support for `HAProxy` header + proxy_header = false + + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable + + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false + + ## Enable TLS session reuse + reuse_sessions = true + + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 + + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] + + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true + + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice + + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s + + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true + + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true + + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s + } +} diff --git a/examples/exhook.conf.example b/examples/exhook.conf.example new file mode 100644 index 000000000..8adcfcab9 --- /dev/null +++ b/examples/exhook.conf.example @@ -0,0 +1,52 @@ +##-------------------------------------------------------------------- +## gRPC Hook Extension +## +## Allows users to process EMQX Hooks using other programming languages +##-------------------------------------------------------------------- + +exhook.servers = [ + { + ## Name of the exhook server + name = "server_1" + + ## Feature switch + enable = false + + ## URL of gRPC server + url = "http://127.0.0.1:9090" + + ## The timeout of request gRPC server + request_timeout = 5s + + ## This value will be returned when the request to the gRPC server fails for any reason + ## Type: + ## - deny :: stop to execute this hook. + ## - ignore :: continue to execute this hook + failed_action = deny + + ## Interval of automatically reconnecting the gRPC server when the connection is broken + ## Type: + ## - false :: Never reconnect + ## - Time Duration, e.g.15s, 10m, 1h :: Reconnecting Interval + auto_reconnect = 60s + + ## The process pool size for gRPC client + pool_size = 8 + + ## Connection socket options + socket_options { + ## Whether periodic transmission on a connected socket when no other data is exchanged + keepalive = true + + ## TCP_NODELAY switch + nodelay = true + + ## The minimum size of receive buffer to use for the socket + recbuf = "64KB" + + ## The minimum size of send buffer to use for the socket + sndbuf = "16KB" + } + }, + {name = "server_2", url = "http://127.0.0.1:9091"} +] diff --git a/examples/file_transfer-with-local-exporter.conf.example b/examples/file_transfer-with-local-exporter.conf.example new file mode 100644 index 000000000..8dbd04f66 --- /dev/null +++ b/examples/file_transfer-with-local-exporter.conf.example @@ -0,0 +1,50 @@ +##-------------------------------------------------------------------- +## File Transfer +## +## Enables the File Transfer over MQTT feature +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: This configuration only works for the EMQX Enterprise version + +file_transfer { + ## Enable the File Transfer feature + enable = true + + ## Storage backend settings + storage { + ## Local file system backend setting + ## Currently, it's the only available storage backend. + local { + ## Enable the backend + enable = true + + ## Segments and temporary files storage settings + segments { + ## Directory where these files are stored + root = "/var/lib/emqx/transfers/segments" + + ## Garbage collection settings + gc { + ## How often to run GC + interval = 1h + + ## Maximum time to keep parts of incomplete transfers for + maximum_segments_ttl = 24h + } + } + + ## Local filesystem exporter + exporter.local { + + ## Enable the backend + ## Note: Only one backend may be enabled at a time + enable = true + + ## Directory in the local file system where to store transferred files + root = "/var/lib/emqx/transfers/exports" + } + } + } +} diff --git a/examples/file_transfer-with-s3-exporter.conf.example b/examples/file_transfer-with-s3-exporter.conf.example new file mode 100644 index 000000000..62801d8ad --- /dev/null +++ b/examples/file_transfer-with-s3-exporter.conf.example @@ -0,0 +1,71 @@ +##-------------------------------------------------------------------- +## File Transfer +## +## Enables the File Transfer over MQTT feature +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: This configuration only works for the EMQX Enterprise version + +file_transfer { + ## Enable the File Transfer feature + enable = true + + ## Storage backend settings + storage { + ## Local file system backend setting + ## Currently, it's the only available storage backend. + local { + ## Enable the backend + enable = true + + ## Segments and temporary files storage settings + segments { + ## Directory where these files are stored + root = "/var/lib/emqx/transfers/segments" + + ## Garbage collection settings + gc { + ## How often to run GC + interval = 1h + + ## Maximum time to keep parts of incomplete transfers for + maximum_segments_ttl = 24h + } + } + + ## S3-compatible object storage exporter + exporter.s3 { + + ## Disable the backend + ## Note: Only one backend may be enabled at a time. + enable = true + + ## Endpoint of S3 API of the object storage service of your choice + host = "s3.us-east-1.amazonaws.com" + port = 443 + + ## Credentials to use to authorize with the S3 API + access_key_id = "AKIA27EZDDM9XLINWXFE" + secret_access_key = "..." + + ## Which bucket to store transferred files in? + bucket = "my-bucket" + + ## TTL of file download URLs exposed through File Transfer API + url_expire_time = 1h + + ## Enable the HTTPS + transport_options.ssl.enable = true + + ## Timeout for connection attempts + connect_timeout = 15s + + ## Attempt to talk through IPv6 first + ipv6_probe = true + } + } + + } +} diff --git a/examples/flapping_detect.conf.example b/examples/flapping_detect.conf.example new file mode 100644 index 000000000..c570a3640 --- /dev/null +++ b/examples/flapping_detect.conf.example @@ -0,0 +1,21 @@ +##-------------------------------------------------------------------- +## Flapping Detect +## +## Ban the client when the times of connections exceed the limit in the time window +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +flapping_detect { + ## Feature switch + enable = false + + ## Time window for flapping detection + window_time = 1m + + ## Maximum number of connects allowed for a MQTT Client in window_time + max_count = 15 + + ## How long the flapping clientid will be banned + ban_time = 5m +} diff --git a/examples/force_gc.conf.example b/examples/force_gc.conf.example new file mode 100644 index 000000000..e682d723d --- /dev/null +++ b/examples/force_gc.conf.example @@ -0,0 +1,18 @@ +##-------------------------------------------------------------------- +## Force garbage collection +## +## Force garbage collection in MQTT connection process after they process certain number of messages or bytes of data +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +force_gc { + ## set to false to disable this + enable = true + + ## GC the process after this many received messages + count = 16000 + + ## GC the process after specified number of bytes have passed through + bytes = 16MB +} diff --git a/examples/force_shutdown.conf.example b/examples/force_shutdown.conf.example new file mode 100644 index 000000000..b049691c6 --- /dev/null +++ b/examples/force_shutdown.conf.example @@ -0,0 +1,19 @@ +##-------------------------------------------------------------------- +## Force Shutdown +## +## Forced closing of the overloaded session +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +force_shutdown { + ## false to disable this + enable = true + + ## Maximum mailbox size for each Erlang process + ## Note: Do not modify this unless you know what this is for + max_mailbox_size = 1000 + + ## Maximum heap size for each session process + max_heap_size = 32MB +} diff --git a/examples/license.conf.example b/examples/license.conf.example new file mode 100644 index 000000000..7444ae795 --- /dev/null +++ b/examples/license.conf.example @@ -0,0 +1,19 @@ +##-------------------------------------------------------------------- +## License +## +## Defines the EMQX Enterprise license +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: This configuration only works for the EMQX Enterprise version + +license { + ## License Key + key = "MjIwMTExCjAKMTAKRXZhbHVhdGlvbgpjb250YWN0QGVtcXguaW8KZGVmYXVsdAoyMDIzMDEwOQoxODI1CjEwMAo=.MEUCIG62t8W15g05f1cKx3tA3YgJoR0dmyHOPCdbUxBGxgKKAiEAhHKh8dUwhU+OxNEaOn8mgRDtiT3R8RZooqy6dEsOmDI=" + ## Low watermark limit below which license connection quota usage alarms are deactivated + connection_low_watermark = "75%" + + ## High watermark limit above which license connection quota usage alarms are activated + connection_high_watermark = "80%" +} diff --git a/examples/listeners.quic.conf.example b/examples/listeners.quic.conf.example new file mode 100644 index 000000000..2f4fca0b8 --- /dev/null +++ b/examples/listeners.quic.conf.example @@ -0,0 +1,48 @@ +##-------------------------------------------------------------------- +## QUIC Listener +## +## Add a QUIC Listener +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: Modifying the 'quicname' to what you need +listeners.quic.quicname { + ## Whether to enable the listener + enable = true + + ## Port or Address to listen on + bind = 14567 ## or with an IP, e.g. "127.0.0.1:14567" + + ## When publishing or subscribing, prefix all topics with a mountpoint string + mountpoint = "${clientid}/msg" + + ## Client authentication + ## Type: + ## - true :: enable + ## - false :: disable + ## - quick_deny_anonymous :: denied immediately without if username is not provided + enable_authn = true + + ## Socket acceptor pool size for TCP protocols + acceptors = 16 + + ## Maximum number of simultaneous connections + ## Type: infinity | Integer + max_connections = infinity + + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## to verify_peer to enable + + ## TLS cipher suite names + ciphers = ["TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"] +} diff --git a/examples/listeners.ssl.conf.example b/examples/listeners.ssl.conf.example new file mode 100644 index 000000000..bf7d3817a --- /dev/null +++ b/examples/listeners.ssl.conf.example @@ -0,0 +1,66 @@ +##-------------------------------------------------------------------- +## SSL Listener +## +## Add a SSL Listener +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## The SSL listener also supports all the fields listed in listeners.tcp.conf.example +## only the SSL-specific fields are shown here + +## Note: Modifying the 'sslname' to what you need +listeners.ssl.sslname { + ## Whether to enable the listener + enable = true + + ## Port or Address to listen on + bind = 8883 ## or with an IP e.g. "127.0.0.1:8883" + + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable + + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false + + ## Enable TLS session reuse + reuse_sessions = true + + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 + + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] + + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true + + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice + + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s + + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true + + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true + + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s +} diff --git a/examples/listeners.tcp.conf.example b/examples/listeners.tcp.conf.example new file mode 100644 index 000000000..d7392962b --- /dev/null +++ b/examples/listeners.tcp.conf.example @@ -0,0 +1,78 @@ +##-------------------------------------------------------------------- +## TCP Listener +## +## Add a TCP Listener +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: Modifying the 'tcpname' to what you need +listeners.tcp.tcpname { + ## false to disable this + enable = true + + ## Port or Address to listen on + bind = 1883 ## or with an IP e.g. "127.0.0.1:1883" + + ## Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx + proxy_protocol = false + + ## Timeout for proxy protocol + proxy_protocol_timeout = 8 + + ## When publishing or subscribing, prefix all topics with a mountpoint string + mountpoint = "mqtt" ## Do not set this unless you know what is it for + + ## Client authentication + ## Type: + ## - true :: enable + ## - false :: disable + ## - quick_deny_anonymous :: denied immediately without if username is not provided + enable_authn = true + + ## The access control rules for this listener + ## Type: See: https://github.com/emqtt/esockd#allowdeny + access_rules = ["allow all"] + + ## Socket acceptor pool size for TCP protocols + acceptors = 16 + + ## Maximum number of simultaneous connections + ## Type: infinity | Integer + max_connections = infinity + + ## TCP backlog defines the maximum length that the queue of pending connections can grow to + backlog = 1024 + + ## The TCP send timeout for the connections + send_timeout = 15s + + ## Timeout for proxy protocol + send_timeout_close = true + + ## The TCP receive buffer (OS kernel) for the connections + recbuf = 2KB + + ## The TCP send buffer (OS kernel) for the connections + sndbuf = 4KB + + ## The size of the user-space buffer used by the driver + buffer = 4KB + + ## The socket is set to a busy state when the amount of data queued internally by the VM socket implementation reaches this limit + high_watermark = 1MB + + ## The TCP_NODELAY flag for the connections + nodelay = true + + ## The SO_REUSEADDR flag for the connections + reuseaddr = true + + ## Enable TCP keepalive for MQTT connections over TCP or SSL + ## Type: three comma separated numbers in the format of 'Idle,Interval,Probes' + ## - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200). + ## - Interval: The number of seconds between TCP keep-alive probes (Linux default 75). + ## - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9). + ## For example "240,30,5" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection + keepalive = "none" +} diff --git a/examples/listeners.ws.conf.example b/examples/listeners.ws.conf.example new file mode 100644 index 000000000..7e1176518 --- /dev/null +++ b/examples/listeners.ws.conf.example @@ -0,0 +1,62 @@ +##-------------------------------------------------------------------- +## WebSocket Listener +## +## Add a WebSocket Listener +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## The WebSocket listener supports all the fields listed in listeners.tcp.conf.example +## only the WebSocket-specific fields are shown here + +## Note: Modifying the 'wsname' to what you need +listeners.ws.wsname { + ## for to disable this + enable = true + + ## Port or Address to listen on + bind = "0.0.0.0:8083" # or just a port number, e.g. 8083 + + ## WebSocket's MQTT protocol path + ## Type: String + ## For Example: + ## with the default value, the address of EMQX Broker's WebSocket is: ws://8083/mqtt + mqtt_path = "/mqtt" + + ## Whether a WebSocket message is allowed to contain multiple MQTT packets + ## Type: single | multiple + mqtt_piggyback = multiple + + ## If true, compress WebSocket messages using zlib + compress = false + + ## Close transport-layer connections from the clients that have not sent MQTT CONNECT message within this interval + idle_timeout = 7200s + + ## The maximum length of a single MQTT packet + ## Type: infinity | Integer + max_frame_size = infinity + + ## If true, the server will return an error when the client does not carry the Sec-WebSocket-Protocol field + fail_if_no_subprotocol = true + + ## Comma-separated list of supported subprotocols + ## Type: Comma Separated List + supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" + + ## If true, origin HTTP header will be validated against the list of allowed origins configured in check_origins parameter + check_origin_enable = false + + ## If false and check_origin_enable is true, the server will reject requests that don't have origin HTTP header + allow_origin_absence = true + + ## List of allowed origins + ## Type: Comma Separated List + check_origins = "http://localhost:18083, http://127.0.0.1:18083" + + ## HTTP header used to pass information about the client IP address + proxy_address_header = "x-forwarded-for" + + ## The maximum length of a single MQTT packet + proxy_port_header = "x-forwarded-port" +} diff --git a/examples/listeners.wss.conf.example b/examples/listeners.wss.conf.example new file mode 100644 index 000000000..1f41ccd64 --- /dev/null +++ b/examples/listeners.wss.conf.example @@ -0,0 +1,64 @@ +##-------------------------------------------------------------------- +## WSS Listener +## +## Add a WSS Listener +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## The WSS listener supports all the fields listed in listeners.ws.conf.example +## only the WSS-specific fields are shown here + +## Note: Modifying the 'wssname' to what you need +listeners.wss.wssname { + ## false to disable this + enable = true + + ## Port or Address to listen on + ## Default: 8084 + bind = 8084 ## or with an IP, e.g. "127.0.0.1:8084" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable + + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false + + ## Enable TLS session reuse + reuse_sessions = true + + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 + + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] + + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true + + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice + + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s + + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true + + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true + + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s +} diff --git a/examples/log.console.conf.example b/examples/log.console.conf.example new file mode 100644 index 000000000..1dd30e120 --- /dev/null +++ b/examples/log.console.conf.example @@ -0,0 +1,27 @@ +##-------------------------------------------------------------------- +## Log +## +## Configure the log output location, log level, log file storage path, and parameters +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +log.console { + ## set true to enable this + enable = false + + ## Log level + ## Type: debug | info | notice | warning | error | critical | alert | emergency + level = warning + + ## Log formatter, text for free text, and json for structured logging + ## Type: text | json + formatter = text + + ## Time offset for formatting the timestamp + ## Type: + ## - system :: local system time + ## - utc :: UTC time + ## - +-[hh]:[mm]: user specified time offset, such as "-02:00" or "+00:00" Defaults to: system + time_offset = system +} diff --git a/examples/log.file.conf.example b/examples/log.file.conf.example new file mode 100644 index 000000000..e4e3769fc --- /dev/null +++ b/examples/log.file.conf.example @@ -0,0 +1,38 @@ +##-------------------------------------------------------------------- +## Log +## +## Configure the log output location, log level, log file storage path, and parameters +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## The default-enabled log handler can use all the above fields listed fields +log.file { + ## use false to disable this + enable = true + + ## Log level + ## Type: debug | info | notice | warning | error | critical | alert | emergency + level = warning + + ## Log formatter, text for free text, and json for structured logging + ## Type: text | json + formatter = text + + ## Time offset for formatting the timestamp + ## Type: + ## - system :: local system time + ## - utc :: UTC time + ## - +-[hh]:[mm]: user specified time offset, such as "-02:00" or "+00:00" Defaults to: system + time_offset = system + + ## Maximum number of log files + ## Type: Range from 1 to 128 + rotation_count = 10 + + ## This parameter controls log file rotation + ## Type: + ## - infinity :: the log file will grow indefinitely + ## - ByteSize :: the log file will be rotated once it reaches this value in bytes + rotation_size = "50MB" +} diff --git a/examples/mqtt.conf.example b/examples/mqtt.conf.example new file mode 100644 index 000000000..a07877f9d --- /dev/null +++ b/examples/mqtt.conf.example @@ -0,0 +1,113 @@ +##-------------------------------------------------------------------- +## MQTT +## +## MQTT configuration +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +mqtt { + ## After the TCP connection is established, + ## if the MQTT CONNECT packet from the client is not received within the time specified by idle_timeout, the connection will be disconnected + ## Type: + ## - infinity :: Never disconnect + ## - Time Duration :: The idle time + idle_timeout = 15s + + ## Maximum MQTT packet size allowed + max_packet_size = 1MB + + ## Maximum allowed length of MQTT Client ID + ## Type: Rnage from 23 to 65535 + max_clientid_len = 65535 + + ## Maximum topic levels allowed + ## Type: Range from 1 to 65535 + max_topic_levels = 128 + + ## Maximum QoS allowed + max_qos_allowed = 2 + + ## Maximum topic alias, 0 means no topic alias supported + ## Type: Range from 0 to 65535 + max_topic_alias = 65535 + + ## Whether to enable support for MQTT retained message + retain_available = true + + ## Whether to enable support for MQTT wildcard subscription + wildcard_subscription = true + + ## Whether to enable support for MQTT shared subscription + shared_subscription = true + + ## Whether to enable support for MQTT exclusive subscription + exclusive_subscription = false + + ## Ignore loop delivery of messages for MQTT v3.1.1/v3.1.0, similar to No Local subscription option in MQTT 5.0 + ignore_loop_deliver = false + + ## Parse MQTT messages in strict mode. + ## When set to true, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected + strict_mode = false + + ## Specify the response information returned to the client + response_information = "" + + ## The keep alive that EMQX requires the client to use + ## Type: + ## - disabled :: the keep alive specified by the client will be used + ## - Integer :: Keepalive time, only applicable to clients using MQTT 5.0 protocol + server_keepalive = disabled + + ## Keep-Alive Timeout = Keep-Alive interval × Keep-Alive Multiplier + keepalive_multiplier = 1.5 + + ## Maximum number of subscriptions allowed per client + ## Type: infinity | Integer + max_subscriptions = infinity + + ## Force upgrade of QoS level according to subscription + upgrade_qos = false + + ## Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment + ## Type: Range from 1 to 65535 + max_inflight = 32 + + ## Retry interval for QoS 1/2 message delivering + retry_interval = 30s + + ## For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL + ## Type: infinity | Integer + max_awaiting_rel = 100 + + ## For client to broker QoS 2 message, the time limit for the broker to wait before the PUBREL message is received + await_rel_timeout = 300s + + ## Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections + session_expiry_interval = 2h + + ## Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full + ## Type: infinity | Integer + max_mqueue_len = 1000 + + ## Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains + mqueue_store_qos0 = true + + ## Whether to user Client ID as Username + use_username_as_clientid = false + + ## Use the CN, DN field in the peer certificate or the entire certificate content as Username + ## Type: + ## - disabled + ## - cn :: CN field of the certificate + ## - dn :: DN field of the certificate + ## - crt :: the content of the DER or PEM certificate + ## - pem :: PEM format content converted from DER certificate content + ## - md5 :: the MD5 value of the content of the DER or PEM certificate + peer_cert_as_username = disabled + + ## Use the CN, DN field in the peer certificate or the entire certificate content as Client ID + ## Type: See the above + peer_cert_as_clientid = disabled + } diff --git a/examples/node.conf.example b/examples/node.conf.example new file mode 100644 index 000000000..e7d6979ed --- /dev/null +++ b/examples/node.conf.example @@ -0,0 +1,43 @@ +##-------------------------------------------------------------------- +## Node +## +## configuring for current EMQX node +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: all fields in this section are immutable after EMQX started, and most of the time you only need to modify the value for the name and cookie. +node { + ## The actions triggered when the alarm is activated + ## Type: Formatted String + ## Format: any_name@any_domain or an_name@any_ip + ## Note: Make sure the IP resolve from the domain is deterministic and unique and never change + name = "emqx@127.0.0.1" + + ## Secret cookie is a random string that should be the same on all nodes in the given EMQX cluster, but unique per EMQX cluster + cookie = "Yzc0NGExM2RjYzYxYzM0YzQ5MWQ0NmI1NWM0MWRhMzY4NzgxYmFkMmI2MWJjZWQ5NTQzYTMxNjE1ODVmYmJmMyAgLQo=" + + ## Select a node role + ## Type: + ## - core :: nodes provide durability of the data, and take care of writes + ## - replicant :: nodes are ephemeral worker nodes + role = core + + ## Maximum number of simultaneously existing processes for this Erlang system + ## Type: Range from 1024 to 134217727 + process_limit = 2097152 + + ## Maximum number of simultaneously existing ports for this Erlang system + ## Type: Range from 1024 to 134217727 + max_ports = 1048576 + + ## Erlang's distribution buffer busy limit in kilobytes + ## Type: Range from 1 to 2097152 + dist_buffer_size = 8192 + + ## Path to the persistent data directory + data_dir = "var/emqx/data" + + ## Type: Periodic garbage collection interval + global_gc_interval = "15m" +} diff --git a/examples/overload_protection.conf.example b/examples/overload_protection.conf.example new file mode 100644 index 000000000..36aba702c --- /dev/null +++ b/examples/overload_protection.conf.example @@ -0,0 +1,25 @@ +##-------------------------------------------------------------------- +## Overload Protection +## +## Monitoring the load of the system and temporarily disable some features when the load is high +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: Do not modify this unless you know what this is for +overload_protection { + ## set true to enable this + enable = false + + ## Maximum duration of delay for background task execution during high load conditions + backoff_delay = 1 + + ## When at high load, skip forceful GC + backoff_gc = false + + ## When at high load, skip process hibernation + backoff_hibernation = true + + ## When at high load, close new incoming connections + backoff_new_conn = true +} diff --git a/examples/plugin.conf.example b/examples/plugin.conf.example new file mode 100644 index 000000000..b82f8e0db --- /dev/null +++ b/examples/plugin.conf.example @@ -0,0 +1,27 @@ +##-------------------------------------------------------------------- +## Plugin +## +## Manage EMQX plugins +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +plugin { + ## Plugins declaration + ## Note: The plugins are started in the defined order + states = [ + { + ## Name and version of this plugin + ## Type: Formatted String + ## Format: {name}-{version} + ## Note: name and version should be what it is in the plugin application + name_vsn = "my_acl-0.1.0", + + enable = true ## enable this plugin + }, + {name_vsn = "my_rule-0.1.1", enable = false} + ] + + ## The installation directory for the external plugins + install_dir = "plugins" +} \ No newline at end of file diff --git a/examples/prometheus.conf.example b/examples/prometheus.conf.example new file mode 100644 index 000000000..274612c5d --- /dev/null +++ b/examples/prometheus.conf.example @@ -0,0 +1,28 @@ +##-------------------------------------------------------------------- +## Prometheus +## +## Settings for reporting metrics to Prometheus +##-------------------------------------------------------------------- + +prometheus { + ## URL of Prometheus server + push_gateway_server = "http://127.0.0.1:9091" + + ## Data reporting interval + interval = 15s + + ## A HTTP Headers when pushing to Push Gateway. + headers = { + Authorization = "some-authz-tokens", + Connection = "keep-alive" + } + + ## Job Name that is pushed to the Push Gateway. + ## Available variable: + ## - ${name}: Name of EMQX node + ## - ${host}: Host name of EMQX node + job_name = "${name}/instance/${name}~${host}" + + ## set true to enable this + enable = false +} \ No newline at end of file diff --git a/examples/psk_authentication.conf.example b/examples/psk_authentication.conf.example new file mode 100644 index 000000000..9aef02421 --- /dev/null +++ b/examples/psk_authentication.conf.example @@ -0,0 +1,21 @@ +##-------------------------------------------------------------------- +## Pre-Shared Keys authentication +## +## Config to enable TLS-PSK authentication +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +psk_authentication { + ## set true to enable TLS PSK support + enable = false + + ## If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime + init_file = "psk" + + ## The separator between PSKIdentity and SharedSecret in the PSK file + separator = ":" + + ## The size of each chunk used to import to the built-in database from PSK file + chunk_size = 50 + } diff --git a/examples/retainer.conf.example b/examples/retainer.conf.example new file mode 100644 index 000000000..1cef31c30 --- /dev/null +++ b/examples/retainer.conf.example @@ -0,0 +1,40 @@ +##-------------------------------------------------------------------- +## Retainer +## +## Configuration related to handling PUBLISH packets with a retain flag set to 1 +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +retainer { + ## set to false to disable this + enable = true + + ## Message retention time. 0 means message will never be expired + msg_expiry_interval = 0s + + ## Periodic interval for cleaning up expired messages. Never clear if the value is 0 + msg_clear_interval = 0s + + ## Maximum retained message size + max_payload_size = 1MB + + ## When the retained flag of the PUBLISH message is set and Payload is empty, whether to continue to publish the message + stop_publish_clear_msg = false + + ## Maximum retained messages delivery rate per session + deliver_rate = "1000/s" + + ## Retained messages store backend + backend { + ## Backend type + type = built_in_database + + ## Specifies whether the messages are stored in RAM or persisted on disc + ## Type: enum: ram | disc + storage_type = ram + + ## Maximum number of retained messages. 0 means no limit + max_retained_messages = 0 + } + } diff --git a/examples/rpc-with-ssl.conf.example b/examples/rpc-with-ssl.conf.example new file mode 100644 index 000000000..89086d887 --- /dev/null +++ b/examples/rpc-with-ssl.conf.example @@ -0,0 +1,76 @@ +##-------------------------------------------------------------------- +## RPC With SSL +## See rpc-with-tcp.conf.example for RPC with TCP +## EMQX inter-broker communication +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: Most of the time the default config should work +## you do not need to modify it unless you know what it is for +rpc { + ## Communication mode + ## Type: async | sync + mode = async + + ## Transport protocol used for inter-broker communication + ## Type: tcp | ssl + protocol = ssl + + ## The maximum number of batch messages sent in asynchronous mode + ## Type: Integer + async_batch_size = 256 + + ## Port discovery strategy + ## Type: + ## - manual :: discover ports by tcp_server_port + ## - stateless :: discover ports in a stateless manner, using the following algorithm: + ## If node name is emqxN@127.0.0.1, where the N is an integer, then the listening port will be 5370 + N + port_discovery = stateless + + ## Listening port used by RPC local service + ssl_server_port = 5369 + + ## Set the maximum number of RPC communication channels initiated by this node to each remote node + ## Type: Range from 1 to 256 + tcp_client_num = 10 + + ## Timeout for establishing an RPC connection + connect_timeout = 5s + + ## Path to TLS certificate file used to validate identity of the cluster nodes + certfile = "data/cert.pem" + + ## Path to the private key file + keyfile = "data/key.pem" + + ## Path to certification authority TLS certificate file + cacertfile = "data/cacert.pem" + + ## Timeout for sending the RPC request + send_timeout = 5s + + ## Timeout for the remote node authentication + authentication_timeout = 5s + + ## Timeout for the reply to a synchronous RPC + call_receive_timeout = 15s + + ## How long the connections between the brokers should remain open after the last message is sent + socket_keepalive_idle = 15m + + ## The interval between keepalive messages + socket_keepalive_interval = 75s + + ## How many times the keepalive probe message can fail to receive a reply until the RPC connection is considered lost + socket_keepalive_count = 9 + + ## TCP sending buffer size + socket_sndbuf = 1MB + + ## TCP receiving buffer size + socket_recbuf = 1MB + + ## Socket buffer size in user mode + socket_buffer = 1MB + } \ No newline at end of file diff --git a/examples/rpc-with-tcp.conf.example b/examples/rpc-with-tcp.conf.example new file mode 100644 index 000000000..38bf46c60 --- /dev/null +++ b/examples/rpc-with-tcp.conf.example @@ -0,0 +1,67 @@ +##-------------------------------------------------------------------- +## RPC With TCP +## See rpc-with-ssl.conf.example for RPC with SSL +## EMQX inter-broker communication +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +## Note: Most of the time the default config should work +## you do not need to modify it unless you know what it is for +rpc { + ## Communication mode + ## Type: sync | async + mode = async + + ## Transport protocol used for inter-broker communication + ## Type: tcp | ssl + protocol = tcp + + ## The maximum number of batch messages sent in asynchronous mode + ## Type: Integer + async_batch_size = 256 + + ## Port discovery strategy + ## Type: + ## - manual :: discover ports by tcp_server_port + ## - stateless :: discover ports in a stateless manner, using the following algorithm: + ## If node name is emqxN@127.0.0.1, where the N is an integer, then the listening port will be 5370 + N + port_discovery = stateless + + ## Listening port used by RPC local service + tcp_server_port = 5369 + + ## Set the maximum number of RPC communication channels initiated by this node to each remote node + ## Type: Range from 1 to 256 + tcp_client_num = 10 + + ## Timeout for establishing an RPC connection + connect_timeout = 5s + + ## Timeout for sending the RPC request + send_timeout = 5s + + ## Timeout for the remote node authentication + authentication_timeout = 5s + + ## Timeout for the reply to a synchronous RPC + call_receive_timeout = 15s + + ## How long the connections between the brokers should remain open after the last message is sent + socket_keepalive_idle = 15m + + ## The interval between keepalive messages + socket_keepalive_interval = 75s + + ## How many times the keepalive probe message can fail to receive a reply until the RPC connection is considered lost + socket_keepalive_count = 9 + + ## TCP sending buffer size + socket_sndbuf = 1MB + + ## TCP receiving buffer size + socket_recbuf = 1MB + + ## Socket buffer size in user mode + socket_buffer = 1MB + } \ No newline at end of file diff --git a/examples/slow_subs.conf.example b/examples/slow_subs.conf.example new file mode 100644 index 000000000..547076e81 --- /dev/null +++ b/examples/slow_subs.conf.example @@ -0,0 +1,28 @@ +##-------------------------------------------------------------------- +## Slow Subscribers Statistics +## +## Count subscribers with topics whose transfer time exceeds the threshold +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +slow_subs { + ## Stats Threshold + threshold = 500ms + + ## Expire time of the record which in Top-K record + expire_interval = 300ms + + ## Maximum number of Top-K record + top_k_num = 10 + + ## Stats Type + ## Value: + ## - whole: from the time the message arrives at EMQX until the message transmission completes + ## - internal: from when the message arrives at EMQX until when EMQX starts delivering the message + ## - response: from the time EMQX starts delivering the message until the message transmission completes + stats_type = whole + + ## use true to enable this + enable = false +} \ No newline at end of file diff --git a/examples/sys_topics.conf.example b/examples/sys_topics.conf.example new file mode 100644 index 000000000..b249efd35 --- /dev/null +++ b/examples/sys_topics.conf.example @@ -0,0 +1,25 @@ +##-------------------------------------------------------------------- +## System Topic +## +## Publishing client lifecycle events to "$SYS" topics +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +sys_topics { + ## Time interval of publishing `$SYS` messages + sys_msg_interval = 1m + + ## Time interval for publishing following heartbeat messages: + ## - `$SYS/brokers//uptime` + ## - `$SYS/brokers//datetime` + sys_heartbeat_interval = 30s + + ## Client events messages toggle + sys_event_messages = { + client_connected = true + client_disconnected = true + client_subscribed = false + client_unsubscribed = false + } +} diff --git a/examples/sysmon.os.conf.example b/examples/sysmon.os.conf.example new file mode 100644 index 000000000..9883890dc --- /dev/null +++ b/examples/sysmon.os.conf.example @@ -0,0 +1,30 @@ +##-------------------------------------------------------------------- +## System Monitoring For System +## +## System monitoring and introspection +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +sysmon.os { + ## Time interval for the periodic CPU check + cpu_check_interval = "60s" + + ## For how much system cpu can be used before the corresponding alarm is raised + cpu_high_watermark = "80%" + + ## For how much system cpu can be used before the corresponding alarm is cleared + cpu_low_watermark = "60%" + + ## Time interval for the periodic memory check + ## Type: + ## - disabled :: Never check + ## - Time Duration :: The time period + mem_check_interval = "60s" + + ## For how much system memory can be allocated before the corresponding alarm is raised + sysmem_high_watermark = "70%" + + ## For how much system memory can be allocated by one Erlang process before the corresponding alarm is raised + procmem_high_watermark = "5%" +} diff --git a/examples/sysmon.vm.conf.example b/examples/sysmon.vm.conf.example new file mode 100644 index 000000000..75eb2fef6 --- /dev/null +++ b/examples/sysmon.vm.conf.example @@ -0,0 +1,42 @@ +##-------------------------------------------------------------------- +## System Monitoring For Erlang VM +## +## System monitoring and introspection +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +sysmon.vm { + ## Time interval for the periodic process limit check + process_check_interval = 30s + + ## For how many processes can simultaneously exist at the local node before the corresponding alarm is raised + process_high_watermark = "80%" + + ## For how many processes can simultaneously exist at the local node before the corresponding alarm is cleared + process_low_watermark = "60%" + + ## Generated an alarm when an Erlang process spends a long time to perform garbage collection + ## Type: + ## - disabled :: Never alarm + ## - Time During :: The maximum GC time for generating an alarm + long_gc = 100ms + + ## Generating an alarm is generated when the Erlang VM detect a task scheduled for too long + ## Type: + ## - disabled :: Never alarm + ## - Time During :: The maximum schedule time for generating an alarm + long_schedule = 240ms + + ## Generating an alarm when an Erlang process consumed a large amount of memory for its heap space + ## Type: + ## - disabled :: Never alarm + ## - ByteSize :: The maximum heap size for generating an alarm + large_heap = 32M + + ## Generating an alarm when the RPC connection is overloaded + busy_dist_port = true + + ## Generating an alarm when a port (e.g. TCP socket) is overloaded + busy_port = true +} diff --git a/rel/i18n/emqx_prometheus_schema.hocon b/rel/i18n/emqx_prometheus_schema.hocon index d79685a4d..a0c4d899c 100644 --- a/rel/i18n/emqx_prometheus_schema.hocon +++ b/rel/i18n/emqx_prometheus_schema.hocon @@ -4,7 +4,7 @@ enable.desc: """Turn Prometheus data pushing on or off""" headers.desc: -"""A list of HTTP Headers when pushing to Push Gateway.
+"""A HTTP Headers when pushing to Push Gateway.
For example, { Authorization = "some-authz-tokens"}""" interval.desc: From bb2bf059ac05443475643636223d8fa866d1d95e Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 12:09:01 +0800 Subject: [PATCH 12/36] chore: modify the build to copy examples into the release --- apps/emqx_conf/README.md | 1 - apps/emqx_conf/etc/emqx_conf.conf | 2 +- apps/emqx_conf/src/emqx_conf.erl | 20 +------------------- mix.exs | 6 +++--- rebar.config.erl | 2 +- 5 files changed, 6 insertions(+), 25 deletions(-) diff --git a/apps/emqx_conf/README.md b/apps/emqx_conf/README.md index f1efe7987..d33af7ce2 100644 --- a/apps/emqx_conf/README.md +++ b/apps/emqx_conf/README.md @@ -5,7 +5,6 @@ This application provides configuration management capabilities for EMQX. At compile time it reads all configuration schemas and generates the following files: * `config-en.md`: documentation for all configuration options. * `schema-en.json`: JSON description of all configuration schema options. - * `emqx.conf.example`: an example of a complete configuration file. At runtime, it provides: - Cluster configuration synchronization capability. diff --git a/apps/emqx_conf/etc/emqx_conf.conf b/apps/emqx_conf/etc/emqx_conf.conf index 2d7b8d910..2f2d1a779 100644 --- a/apps/emqx_conf/etc/emqx_conf.conf +++ b/apps/emqx_conf/etc/emqx_conf.conf @@ -7,7 +7,7 @@ ## To avoid confusion, please do not store the same configs in both files. ## ## See {{ emqx_configuration_doc }} for more details. -## Configuration full example can be found in emqx.conf.example +## Configuration full example can be found in etc/examples node { name = "emqx@127.0.0.1" diff --git a/apps/emqx_conf/src/emqx_conf.erl b/apps/emqx_conf/src/emqx_conf.erl index 584a10a8d..51c353edf 100644 --- a/apps/emqx_conf/src/emqx_conf.erl +++ b/apps/emqx_conf/src/emqx_conf.erl @@ -30,7 +30,6 @@ -export([reset/2, reset/3]). -export([dump_schema/2]). -export([schema_module/0]). --export([gen_example_conf/2]). -export([check_config/2]). %% TODO: move to emqx_dashboard when we stop building api schema at build time @@ -161,8 +160,7 @@ dump_schema(Dir, SchemaModule) -> ok = gen_schema_json(Dir, SchemaModule, Lang) end, ["en", "zh"] - ), - ok = gen_example_conf(Dir, SchemaModule). + ). %% for scripts/spellcheck. gen_schema_json(Dir, SchemaModule, Lang) -> @@ -202,11 +200,6 @@ gen_config_md(Dir, SchemaModule, Lang) -> io:format(user, "===< Generating: ~s~n", [SchemaMdFile]), ok = gen_doc(SchemaMdFile, SchemaModule, Lang). -gen_example_conf(Dir, SchemaModule) -> - SchemaMdFile = filename:join([Dir, "emqx.conf.example"]), - io:format(user, "===< Generating: ~s~n", [SchemaMdFile]), - ok = gen_example(SchemaMdFile, SchemaModule). - %% @doc return the root schema module. -spec schema_module() -> module(). schema_module() -> @@ -250,17 +243,6 @@ gen_doc(File, SchemaModule, Lang) -> Doc = hocon_schema_md:gen(SchemaModule, Opts), file:write_file(File, Doc). -gen_example(File, SchemaModule) -> - %% we do not generate description in example files - %% so there is no need for a desc_resolver - Opts = #{ - title => <<"EMQX Configuration Example">>, - body => <<"">>, - include_importance_up_from => ?IMPORTANCE_MEDIUM - }, - Example = hocon_schema_example:gen(SchemaModule, Opts), - file:write_file(File, Example). - gen_api_schema_json_iodata(SchemaMod, SchemaInfo) -> emqx_dashboard_swagger:gen_api_schema_json_iodata( SchemaMod, diff --git a/mix.exs b/mix.exs index 1274991ff..5f60a2e34 100644 --- a/mix.exs +++ b/mix.exs @@ -541,9 +541,9 @@ defmodule EMQXUmbrella.MixProject do profile = System.get_env("MIX_ENV") - Mix.Generator.copy_file( - "_build/docgen/#{profile}/emqx.conf.example", - Path.join(etc, "emqx.conf.example"), + File.cp_r!( + "examples", + Path.join(etc, "examples"), force: overwrite? ) diff --git a/rebar.config.erl b/rebar.config.erl index a0bfa8744..fc91878d9 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -524,7 +524,7 @@ etc_overlay(ReleaseType, _Edition) -> [ {mkdir, "etc/"}, {copy, "{{base_dir}}/lib/emqx/etc/certs", "etc/"}, - {copy, "_build/docgen/" ++ profile() ++ "/emqx.conf.example", "etc/emqx.conf.example"} + {copy, "examples", "etc/"} ] ++ lists:map( fun From 8b3c751a078e12dbb36dae1a6b8af5c9d311bbf5 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 12:47:34 +0800 Subject: [PATCH 13/36] chore: add some simple gateway examples --- examples/gateway.coap.conf.example | 19 ++++++++++++++ examples/gateway.exproto.conf.example | 19 ++++++++++++++ examples/gateway.lwm2m.conf.example | 37 +++++++++++++++++++++++++++ examples/gateway.mqttsn.conf.example | 23 +++++++++++++++++ examples/gateway.stomp.conf.example | 19 ++++++++++++++ 5 files changed, 117 insertions(+) create mode 100644 examples/gateway.coap.conf.example create mode 100644 examples/gateway.exproto.conf.example create mode 100644 examples/gateway.lwm2m.conf.example create mode 100644 examples/gateway.mqttsn.conf.example create mode 100644 examples/gateway.stomp.conf.example diff --git a/examples/gateway.coap.conf.example b/examples/gateway.coap.conf.example new file mode 100644 index 000000000..fc56169fd --- /dev/null +++ b/examples/gateway.coap.conf.example @@ -0,0 +1,19 @@ +##-------------------------------------------------------------------- +## Gateway CoAP +## +## Add a CoAP gateway +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +gateway.coap { + enable = true + connection_required = false + enable_stats = true + heartbeat = 30s + idle_timeout = 30s + mountpoint = "coap2/" + notify_type = qos + publish_qos = coap + subscribe_qos = coap +} diff --git a/examples/gateway.exproto.conf.example b/examples/gateway.exproto.conf.example new file mode 100644 index 000000000..b9c0b08d1 --- /dev/null +++ b/examples/gateway.exproto.conf.example @@ -0,0 +1,19 @@ +##-------------------------------------------------------------------- +## Gateway Exproto +## +## Add an Exproto gateway +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +gateway.exproto { + enable = true + enable_stats = true + frame { + max_body_length = 655350 + max_headers = 100 + max_headers_length = 10240 + } + idle_timeout = 30s + mountpoint = "stomp2/" +} diff --git a/examples/gateway.lwm2m.conf.example b/examples/gateway.lwm2m.conf.example new file mode 100644 index 000000000..27ce58615 --- /dev/null +++ b/examples/gateway.lwm2m.conf.example @@ -0,0 +1,37 @@ +##-------------------------------------------------------------------- +## Gateway LwM2M +## +## Add a LwM2M gateway +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +gateway.lwm2m { + auto_observe = false + enable = true + enable_stats = true + idle_timeout = 30s + lifetime_max = 86400s + lifetime_min = 1s + mountpoint = "lwm2m2/" + qmode_time_window = 22s + translators { + command { + topic = "dn/#" + } + notify { + topic = "up/notify" + } + register { + topic = "up/resp" + }, + response { + topic = "up/resp" + }, + update { + topic = "up/resp" + } + } + update_msg_publish_condition = always + xml_dir = "/etc/emqx/lwm2m_xml" +} \ No newline at end of file diff --git a/examples/gateway.mqttsn.conf.example b/examples/gateway.mqttsn.conf.example new file mode 100644 index 000000000..7bfc78f53 --- /dev/null +++ b/examples/gateway.mqttsn.conf.example @@ -0,0 +1,23 @@ +##-------------------------------------------------------------------- +## Gateway MQTT-SN +## +## Add a MQTT-SN gateway +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +gateway.mqttsn { + broadcast = true + enable = true + enable_qos3 = false + enable_stats = true + gateway_id = 1 + idle_timeout = 30s + mountpoint = "mqttsn2/" + predefined = [ + { + id = 1003 + topic = "pred/1003" + } + ] +} diff --git a/examples/gateway.stomp.conf.example b/examples/gateway.stomp.conf.example new file mode 100644 index 000000000..7f4fe20c4 --- /dev/null +++ b/examples/gateway.stomp.conf.example @@ -0,0 +1,19 @@ +##-------------------------------------------------------------------- +## Gateway STOMP +## +## Add STOMP CoAP gateway +##-------------------------------------------------------------------- +## Note: This is an example of how to configure this feature +## you should copy and paste the below data into the emqx.conf for working + +gateway.stomp { + enable: true + enable_stats: true + frame: { + max_body_length: 655350 + max_headers: 100 + max_headers_length: 10240 + } + idle_timeout: 30s + mountpoint: "stomp2/" +} From 42140b3d8962f35924b1eea8d0e0f2b56b42ae2d Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 14:30:33 +0800 Subject: [PATCH 14/36] chore: fix spell && style error --- examples/gateway.lwm2m.conf.example | 2 +- examples/plugin.conf.example | 2 +- examples/prometheus.conf.example | 2 +- examples/rpc-with-ssl.conf.example | 2 +- examples/rpc-with-tcp.conf.example | 2 +- examples/slow_subs.conf.example | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/gateway.lwm2m.conf.example b/examples/gateway.lwm2m.conf.example index 27ce58615..2803f24ef 100644 --- a/examples/gateway.lwm2m.conf.example +++ b/examples/gateway.lwm2m.conf.example @@ -34,4 +34,4 @@ gateway.lwm2m { } update_msg_publish_condition = always xml_dir = "/etc/emqx/lwm2m_xml" -} \ No newline at end of file +} diff --git a/examples/plugin.conf.example b/examples/plugin.conf.example index b82f8e0db..d704f9981 100644 --- a/examples/plugin.conf.example +++ b/examples/plugin.conf.example @@ -24,4 +24,4 @@ plugin { ## The installation directory for the external plugins install_dir = "plugins" -} \ No newline at end of file +} diff --git a/examples/prometheus.conf.example b/examples/prometheus.conf.example index 274612c5d..c6df97f2b 100644 --- a/examples/prometheus.conf.example +++ b/examples/prometheus.conf.example @@ -25,4 +25,4 @@ prometheus { ## set true to enable this enable = false -} \ No newline at end of file +} diff --git a/examples/rpc-with-ssl.conf.example b/examples/rpc-with-ssl.conf.example index 89086d887..89695d748 100644 --- a/examples/rpc-with-ssl.conf.example +++ b/examples/rpc-with-ssl.conf.example @@ -73,4 +73,4 @@ rpc { ## Socket buffer size in user mode socket_buffer = 1MB - } \ No newline at end of file +} diff --git a/examples/rpc-with-tcp.conf.example b/examples/rpc-with-tcp.conf.example index 38bf46c60..26de872e5 100644 --- a/examples/rpc-with-tcp.conf.example +++ b/examples/rpc-with-tcp.conf.example @@ -64,4 +64,4 @@ rpc { ## Socket buffer size in user mode socket_buffer = 1MB - } \ No newline at end of file +} diff --git a/examples/slow_subs.conf.example b/examples/slow_subs.conf.example index 547076e81..8409cf466 100644 --- a/examples/slow_subs.conf.example +++ b/examples/slow_subs.conf.example @@ -25,4 +25,4 @@ slow_subs { ## use true to enable this enable = false -} \ No newline at end of file +} From 3f0d9db67450a6ff53801ed01c489f0938b9c4f1 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 15:38:30 +0800 Subject: [PATCH 15/36] chore: update examples to new version and fix errors --- examples/alarm.conf.example | 2 +- examples/broker.conf.example | 30 -------- examples/cluster-with-dns.conf.example | 2 +- examples/cluster-with-etcd-ssl.conf.example | 2 +- examples/cluster-with-etcd.conf.example | 2 +- examples/cluster-with-k8s.conf.example | 4 +- examples/cluster-with-manual.conf.example | 2 +- examples/cluster-with-static.conf.example | 4 +- examples/dashboard-with-http.conf.example | 5 +- examples/dashboard-with-https.conf.example | 32 ++++----- examples/listeners.quic.conf.example | 31 ++++----- examples/listeners.ssl.conf.example | 71 ++++++++++--------- examples/listeners.tcp.conf.example | 57 ++++++++-------- examples/listeners.ws.conf.example | 67 +++++++++--------- examples/listeners.wss.conf.example | 71 +++++++++---------- examples/mqtt.conf.example | 11 +++ examples/rpc-with-ssl.conf.example | 76 --------------------- examples/rpc-with-tcp.conf.example | 67 ------------------ rel/i18n/emqx_prometheus_schema.hocon | 2 +- 19 files changed, 183 insertions(+), 355 deletions(-) delete mode 100644 examples/broker.conf.example delete mode 100644 examples/rpc-with-ssl.conf.example delete mode 100644 examples/rpc-with-tcp.conf.example diff --git a/examples/alarm.conf.example b/examples/alarm.conf.example index 84c92f974..537341ea2 100644 --- a/examples/alarm.conf.example +++ b/examples/alarm.conf.example @@ -11,7 +11,7 @@ alarm { ## Type: Array of the below enum ## - log :: write the alarm to log ## - publish :: publish the alarm as an MQTT message to the system topics - actions = [log] + actions = [log, publish] ## Maximum total number of deactivated alarms to keep as history ## Type: Range from 1 to 3000 diff --git a/examples/broker.conf.example b/examples/broker.conf.example deleted file mode 100644 index be898128c..000000000 --- a/examples/broker.conf.example +++ /dev/null @@ -1,30 +0,0 @@ -##-------------------------------------------------------------------- -## Broker -## -## Message broker options -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: If you and finding how to configure EMQX itself, have a look at the node.conf.example - -broker { - ## Session locking strategy in a cluster - ## Type: - ## - local :: only lock the session on the current node - ## - leader :: select only one remote node to lock the session - ## - quorum :: select some nodes to lock the session - ## - all :: lock the session on all the nodes in the cluster - session_locking_strategy = quorum - - ## Dispatch strategy for shared subscription - ## Type: - ## - random :: dispatch the message to a random selected subscriber - ## - round_robin :: select the subscribers in a round-robin manner - ## - round_robin_per_group :: select the subscribers in round-robin fashion within each shared subscriber group - ## - local :: select random local subscriber otherwise select random cluster-wide - ## - sticky :: always use the last selected subscriber to dispatch, until the subscriber disconnects. - ## - hash_clientid :: select the subscribers by hashing the `clientIds` - ## - hash_topic :: select the subscribers by hashing the source topic""" - shared_subscription_strategy = round_robin - } diff --git a/examples/cluster-with-dns.conf.example b/examples/cluster-with-dns.conf.example index f17ce8303..f979eb689 100644 --- a/examples/cluster-with-dns.conf.example +++ b/examples/cluster-with-dns.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = dns ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-etcd-ssl.conf.example b/examples/cluster-with-etcd-ssl.conf.example index 2d4ce35ac..b7c642770 100644 --- a/examples/cluster-with-etcd-ssl.conf.example +++ b/examples/cluster-with-etcd-ssl.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = etcd ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-etcd.conf.example b/examples/cluster-with-etcd.conf.example index b13313438..17ab604d6 100644 --- a/examples/cluster-with-etcd.conf.example +++ b/examples/cluster-with-etcd.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = etcd ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-k8s.conf.example b/examples/cluster-with-k8s.conf.example index ea94818c0..4fd329b24 100644 --- a/examples/cluster-with-k8s.conf.example +++ b/examples/cluster-with-k8s.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = k8s ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m @@ -24,7 +24,7 @@ cluster { k8s { ## Kubernetes API endpoint URL - apiserver = "http://10.110.111.204:8080" + apiserver = "https://kubernetes.default.svc:443" ## EMQX broker service name service_name = emqx diff --git a/examples/cluster-with-manual.conf.example b/examples/cluster-with-manual.conf.example index 17bc92346..f075ea389 100644 --- a/examples/cluster-with-manual.conf.example +++ b/examples/cluster-with-manual.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = manual ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m diff --git a/examples/cluster-with-static.conf.example b/examples/cluster-with-static.conf.example index 7851b260f..76a9d9980 100644 --- a/examples/cluster-with-static.conf.example +++ b/examples/cluster-with-static.conf.example @@ -14,7 +14,7 @@ cluster { discovery_strategy = static ## List of core nodes that the replicant will connect to - core_nodes = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] ## Remove disconnected nodes from the cluster after this interval autoclean = 5m @@ -23,5 +23,5 @@ cluster { autoheal = true ## List EMQX node names in the static cluster - static.seeds = ['emqx1@192.168.0.1', 'emqx2@192.168.0.2'] + static.seeds = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] } diff --git a/examples/dashboard-with-http.conf.example b/examples/dashboard-with-http.conf.example index 292c56212..8cf68ab33 100644 --- a/examples/dashboard-with-http.conf.example +++ b/examples/dashboard-with-http.conf.example @@ -14,10 +14,7 @@ dashboard { cors = false listeners.http { - ## Whether to enable the listener - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:18083" ## or just a port number, e.g. 18083 ## Socket acceptor pool size for TCP protocols diff --git a/examples/dashboard-with-https.conf.example b/examples/dashboard-with-https.conf.example index cf7cc28a5..6f399dea3 100644 --- a/examples/dashboard-with-https.conf.example +++ b/examples/dashboard-with-https.conf.example @@ -14,10 +14,8 @@ dashboard { cors = false listeners.https { - ## Whether to enable the listener - enable = true - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084 ## Socket acceptor pool size for TCP protocols @@ -43,48 +41,48 @@ dashboard { ## Trusted PEM format CA certificates bundle file cacertfile = "data/certs/cacert.pem" - + ## PEM format certificates chain file certfile = "data/certs/cert.pem" - + ## PEM format private key file keyfile = "data/certs/key.pem" - + ## Enable or disable peer verification verify = verify_none ## use verify_peer to enable - + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send fail_if_no_peer_cert = false - + ## Enable TLS session reuse reuse_sessions = true - + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path depth = 10 - + ## Which versions are to be supported versions = [tlsv1.3, tlsv1.2] - + ## TLS cipher suite names ## Note: By default, all available suites are supported, you do not need to set this ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] - + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly secure_renegotiate = true - + ## Log level for SSL communication ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all log_level = notice - + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint hibernate_after = 5s - + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order honor_cipher_order = true - + ## Setting this to false to disable client-initiated renegotiation client_renegotiation = true - + ## Maximum time duration allowed for the handshake to complete handshake_timeout = 15s } diff --git a/examples/listeners.quic.conf.example b/examples/listeners.quic.conf.example index 2f4fca0b8..49d4f58a1 100644 --- a/examples/listeners.quic.conf.example +++ b/examples/listeners.quic.conf.example @@ -8,10 +8,7 @@ ## Note: Modifying the 'quicname' to what you need listeners.quic.quicname { - ## Whether to enable the listener - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = 14567 ## or with an IP, e.g. "127.0.0.1:14567" ## When publishing or subscribing, prefix all topics with a mountpoint string @@ -31,18 +28,20 @@ listeners.quic.quicname { ## Type: infinity | Integer max_connections = infinity - ## Trusted PEM format CA certificates bundle file - cacertfile = "data/certs/cacert.pem" - - ## PEM format certificates chain file - certfile = "data/certs/cert.pem" - - ## PEM format private key file - keyfile = "data/certs/key.pem" - - ## Enable or disable peer verification - verify = verify_none ## to verify_peer to enable - ## TLS cipher suite names ciphers = ["TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"] + + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" + + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" + + ## PEM format private key file + keyfile = "data/certs/key.pem" + + ## Enable or disable peer verification + verify = verify_none ## to verify_peer to enable + } } diff --git a/examples/listeners.ssl.conf.example b/examples/listeners.ssl.conf.example index bf7d3817a..e86bd6b4d 100644 --- a/examples/listeners.ssl.conf.example +++ b/examples/listeners.ssl.conf.example @@ -11,56 +11,55 @@ ## Note: Modifying the 'sslname' to what you need listeners.ssl.sslname { - ## Whether to enable the listener - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = 8883 ## or with an IP e.g. "127.0.0.1:8883" - ## Trusted PEM format CA certificates bundle file - cacertfile = "data/certs/cacert.pem" + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" - ## PEM format certificates chain file - certfile = "data/certs/cert.pem" + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" - ## PEM format private key file - keyfile = "data/certs/key.pem" + ## PEM format private key file + keyfile = "data/certs/key.pem" - ## Enable or disable peer verification - verify = verify_none ## use verify_peer to enable + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send - fail_if_no_peer_cert = false + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false - ## Enable TLS session reuse - reuse_sessions = true + ## Enable TLS session reuse + reuse_sessions = true - ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path - depth = 10 + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 - ## Which versions are to be supported - versions = [tlsv1.3, tlsv1.2] + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] - ## TLS cipher suite names - ## Note: By default, all available suites are supported, you do not need to set this - ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] - ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly - secure_renegotiate = true + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true - ## Log level for SSL communication - ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all - log_level = notice + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice - ## Hibernate the SSL process after idling for amount of time reducing its memory footprint - hibernate_after = 5s + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s - ## Forces the cipher to be set based on the server-specified order instead of the client-specified order - honor_cipher_order = true + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true - ## Setting this to false to disable client-initiated renegotiation - client_renegotiation = true + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true - ## Maximum time duration allowed for the handshake to complete - handshake_timeout = 15s + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s + } } diff --git a/examples/listeners.tcp.conf.example b/examples/listeners.tcp.conf.example index d7392962b..42e98b071 100644 --- a/examples/listeners.tcp.conf.example +++ b/examples/listeners.tcp.conf.example @@ -8,10 +8,7 @@ ## Note: Modifying the 'tcpname' to what you need listeners.tcp.tcpname { - ## false to disable this - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = 1883 ## or with an IP e.g. "127.0.0.1:1883" ## Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx @@ -41,38 +38,40 @@ listeners.tcp.tcpname { ## Type: infinity | Integer max_connections = infinity - ## TCP backlog defines the maximum length that the queue of pending connections can grow to - backlog = 1024 + tcp_options { + ## TCP backlog defines the maximum length that the queue of pending connections can grow to + backlog = 1024 - ## The TCP send timeout for the connections - send_timeout = 15s + ## The TCP send timeout for the connections + send_timeout = 15s - ## Timeout for proxy protocol - send_timeout_close = true + ## Timeout for proxy protocol + send_timeout_close = true - ## The TCP receive buffer (OS kernel) for the connections - recbuf = 2KB + ## The TCP receive buffer (OS kernel) for the connections + recbuf = 2KB - ## The TCP send buffer (OS kernel) for the connections - sndbuf = 4KB + ## The TCP send buffer (OS kernel) for the connections + sndbuf = 4KB - ## The size of the user-space buffer used by the driver - buffer = 4KB + ## The size of the user-space buffer used by the driver + buffer = 4KB - ## The socket is set to a busy state when the amount of data queued internally by the VM socket implementation reaches this limit - high_watermark = 1MB + ## The socket is set to a busy state when the amount of data queued internally by the VM socket implementation reaches this limit + high_watermark = 1MB - ## The TCP_NODELAY flag for the connections - nodelay = true + ## The TCP_NODELAY flag for the connections + nodelay = true - ## The SO_REUSEADDR flag for the connections - reuseaddr = true + ## The SO_REUSEADDR flag for the connections + reuseaddr = true - ## Enable TCP keepalive for MQTT connections over TCP or SSL - ## Type: three comma separated numbers in the format of 'Idle,Interval,Probes' - ## - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200). - ## - Interval: The number of seconds between TCP keep-alive probes (Linux default 75). - ## - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9). - ## For example "240,30,5" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection - keepalive = "none" + ## Enable TCP keepalive for MQTT connections over TCP or SSL + ## Type: three comma separated numbers in the format of 'Idle,Interval,Probes' + ## - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200). + ## - Interval: The number of seconds between TCP keep-alive probes (Linux default 75). + ## - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9). + ## For example "240,30,5" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection + keepalive = "none" + } } diff --git a/examples/listeners.ws.conf.example b/examples/listeners.ws.conf.example index 7e1176518..ad9ddbf8a 100644 --- a/examples/listeners.ws.conf.example +++ b/examples/listeners.ws.conf.example @@ -11,52 +11,49 @@ ## Note: Modifying the 'wsname' to what you need listeners.ws.wsname { - ## for to disable this - enable = true - - ## Port or Address to listen on + ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:8083" # or just a port number, e.g. 8083 - ## WebSocket's MQTT protocol path - ## Type: String - ## For Example: - ## with the default value, the address of EMQX Broker's WebSocket is: ws://8083/mqtt - mqtt_path = "/mqtt" + websocket { + ## WebSocket's MQTT protocol path + ## Type: String + ## For Example: + ## with the default value, the address of EMQX Broker's WebSocket is: ws://8083/mqtt + mqtt_path = "/mqtt" - ## Whether a WebSocket message is allowed to contain multiple MQTT packets - ## Type: single | multiple - mqtt_piggyback = multiple + ## Whether a WebSocket message is allowed to contain multiple MQTT packets + ## Type: single | multiple + mqtt_piggyback = multiple - ## If true, compress WebSocket messages using zlib - compress = false + ## If true, compress WebSocket messages using zlib + compress = false - ## Close transport-layer connections from the clients that have not sent MQTT CONNECT message within this interval - idle_timeout = 7200s + ## Close transport-layer connections from the clients that have not sent MQTT CONNECT message within this interval + idle_timeout = 7200s - ## The maximum length of a single MQTT packet - ## Type: infinity | Integer - max_frame_size = infinity + ## The maximum length of a single MQTT packet + ## Type: infinity | Integer + max_frame_size = infinity - ## If true, the server will return an error when the client does not carry the Sec-WebSocket-Protocol field - fail_if_no_subprotocol = true + ## If true, the server will return an error when the client does not carry the Sec-WebSocket-Protocol field + fail_if_no_subprotocol = true - ## Comma-separated list of supported subprotocols - ## Type: Comma Separated List - supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" + ## Comma-separated list of supported subprotocols + supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" - ## If true, origin HTTP header will be validated against the list of allowed origins configured in check_origins parameter - check_origin_enable = false + ## If true, origin HTTP header will be validated against the list of allowed origins configured in check_origins parameter + check_origin_enable = false - ## If false and check_origin_enable is true, the server will reject requests that don't have origin HTTP header - allow_origin_absence = true + ## If false and check_origin_enable is true, the server will reject requests that don't have origin HTTP header + allow_origin_absence = true - ## List of allowed origins - ## Type: Comma Separated List - check_origins = "http://localhost:18083, http://127.0.0.1:18083" + ## List of allowed origins + check_origins = "http://localhost:18083, http://127.0.0.1:18083" - ## HTTP header used to pass information about the client IP address - proxy_address_header = "x-forwarded-for" + ## HTTP header used to pass information about the client IP address + proxy_address_header = "x-forwarded-for" - ## The maximum length of a single MQTT packet - proxy_port_header = "x-forwarded-port" + ## The maximum length of a single MQTT packet + proxy_port_header = "x-forwarded-port" + } } diff --git a/examples/listeners.wss.conf.example b/examples/listeners.wss.conf.example index 1f41ccd64..a5801b160 100644 --- a/examples/listeners.wss.conf.example +++ b/examples/listeners.wss.conf.example @@ -11,54 +11,55 @@ ## Note: Modifying the 'wssname' to what you need listeners.wss.wssname { - ## false to disable this - enable = true - - ## Port or Address to listen on - ## Default: 8084 + ## Port or Address to listen on, 0 means disable bind = 8084 ## or with an IP, e.g. "127.0.0.1:8084" - ## PEM format certificates chain file - certfile = "data/certs/cert.pem" + ssl_options { + ## Trusted PEM format CA certificates bundle file + cacertfile = "data/certs/cacert.pem" - ## PEM format private key file - keyfile = "data/certs/key.pem" + ## PEM format certificates chain file + certfile = "data/certs/cert.pem" - ## Enable or disable peer verification - verify = verify_none ## use verify_peer to enable + ## PEM format private key file + keyfile = "data/certs/key.pem" - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send - fail_if_no_peer_cert = false + ## Enable or disable peer verification + verify = verify_none ## use verify_peer to enable - ## Enable TLS session reuse - reuse_sessions = true + ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + fail_if_no_peer_cert = false - ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path - depth = 10 + ## Enable TLS session reuse + reuse_sessions = true - ## Which versions are to be supported - versions = [tlsv1.3, tlsv1.2] + ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path + depth = 10 - ## TLS cipher suite names - ## Note: By default, all available suites are supported, you do not need to set this - ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] + ## Which versions are to be supported + versions = [tlsv1.3, tlsv1.2] - ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly - secure_renegotiate = true + ## TLS cipher suite names + ## Note: By default, all available suites are supported, you do not need to set this + ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"] - ## Log level for SSL communication - ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all - log_level = notice + ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly + secure_renegotiate = true - ## Hibernate the SSL process after idling for amount of time reducing its memory footprint - hibernate_after = 5s + ## Log level for SSL communication + ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all + log_level = notice - ## Forces the cipher to be set based on the server-specified order instead of the client-specified order - honor_cipher_order = true + ## Hibernate the SSL process after idling for amount of time reducing its memory footprint + hibernate_after = 5s - ## Setting this to false to disable client-initiated renegotiation - client_renegotiation = true + ## Forces the cipher to be set based on the server-specified order instead of the client-specified order + honor_cipher_order = true - ## Maximum time duration allowed for the handshake to complete - handshake_timeout = 15s + ## Setting this to false to disable client-initiated renegotiation + client_renegotiation = true + + ## Maximum time duration allowed for the handshake to complete + handshake_timeout = 15s + } } diff --git a/examples/mqtt.conf.example b/examples/mqtt.conf.example index a07877f9d..c5f81f753 100644 --- a/examples/mqtt.conf.example +++ b/examples/mqtt.conf.example @@ -110,4 +110,15 @@ mqtt { ## Use the CN, DN field in the peer certificate or the entire certificate content as Client ID ## Type: See the above peer_cert_as_clientid = disabled + + ## Dispatch strategy for shared subscription + ## Type: + ## - random :: dispatch the message to a random selected subscriber + ## - round_robin :: select the subscribers in a round-robin manner + ## - round_robin_per_group :: select the subscribers in round-robin fashion within each shared subscriber group + ## - local :: select random local subscriber otherwise select random cluster-wide + ## - sticky :: always use the last selected subscriber to dispatch, until the subscriber disconnects. + ## - hash_clientid :: select the subscribers by hashing the `clientIds` + ## - hash_topic :: select the subscribers by hashing the source topic""" + shared_subscription_strategy = round_robin } diff --git a/examples/rpc-with-ssl.conf.example b/examples/rpc-with-ssl.conf.example deleted file mode 100644 index 89695d748..000000000 --- a/examples/rpc-with-ssl.conf.example +++ /dev/null @@ -1,76 +0,0 @@ -##-------------------------------------------------------------------- -## RPC With SSL -## See rpc-with-tcp.conf.example for RPC with TCP -## EMQX inter-broker communication -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: Most of the time the default config should work -## you do not need to modify it unless you know what it is for -rpc { - ## Communication mode - ## Type: async | sync - mode = async - - ## Transport protocol used for inter-broker communication - ## Type: tcp | ssl - protocol = ssl - - ## The maximum number of batch messages sent in asynchronous mode - ## Type: Integer - async_batch_size = 256 - - ## Port discovery strategy - ## Type: - ## - manual :: discover ports by tcp_server_port - ## - stateless :: discover ports in a stateless manner, using the following algorithm: - ## If node name is emqxN@127.0.0.1, where the N is an integer, then the listening port will be 5370 + N - port_discovery = stateless - - ## Listening port used by RPC local service - ssl_server_port = 5369 - - ## Set the maximum number of RPC communication channels initiated by this node to each remote node - ## Type: Range from 1 to 256 - tcp_client_num = 10 - - ## Timeout for establishing an RPC connection - connect_timeout = 5s - - ## Path to TLS certificate file used to validate identity of the cluster nodes - certfile = "data/cert.pem" - - ## Path to the private key file - keyfile = "data/key.pem" - - ## Path to certification authority TLS certificate file - cacertfile = "data/cacert.pem" - - ## Timeout for sending the RPC request - send_timeout = 5s - - ## Timeout for the remote node authentication - authentication_timeout = 5s - - ## Timeout for the reply to a synchronous RPC - call_receive_timeout = 15s - - ## How long the connections between the brokers should remain open after the last message is sent - socket_keepalive_idle = 15m - - ## The interval between keepalive messages - socket_keepalive_interval = 75s - - ## How many times the keepalive probe message can fail to receive a reply until the RPC connection is considered lost - socket_keepalive_count = 9 - - ## TCP sending buffer size - socket_sndbuf = 1MB - - ## TCP receiving buffer size - socket_recbuf = 1MB - - ## Socket buffer size in user mode - socket_buffer = 1MB -} diff --git a/examples/rpc-with-tcp.conf.example b/examples/rpc-with-tcp.conf.example deleted file mode 100644 index 26de872e5..000000000 --- a/examples/rpc-with-tcp.conf.example +++ /dev/null @@ -1,67 +0,0 @@ -##-------------------------------------------------------------------- -## RPC With TCP -## See rpc-with-ssl.conf.example for RPC with SSL -## EMQX inter-broker communication -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: Most of the time the default config should work -## you do not need to modify it unless you know what it is for -rpc { - ## Communication mode - ## Type: sync | async - mode = async - - ## Transport protocol used for inter-broker communication - ## Type: tcp | ssl - protocol = tcp - - ## The maximum number of batch messages sent in asynchronous mode - ## Type: Integer - async_batch_size = 256 - - ## Port discovery strategy - ## Type: - ## - manual :: discover ports by tcp_server_port - ## - stateless :: discover ports in a stateless manner, using the following algorithm: - ## If node name is emqxN@127.0.0.1, where the N is an integer, then the listening port will be 5370 + N - port_discovery = stateless - - ## Listening port used by RPC local service - tcp_server_port = 5369 - - ## Set the maximum number of RPC communication channels initiated by this node to each remote node - ## Type: Range from 1 to 256 - tcp_client_num = 10 - - ## Timeout for establishing an RPC connection - connect_timeout = 5s - - ## Timeout for sending the RPC request - send_timeout = 5s - - ## Timeout for the remote node authentication - authentication_timeout = 5s - - ## Timeout for the reply to a synchronous RPC - call_receive_timeout = 15s - - ## How long the connections between the brokers should remain open after the last message is sent - socket_keepalive_idle = 15m - - ## The interval between keepalive messages - socket_keepalive_interval = 75s - - ## How many times the keepalive probe message can fail to receive a reply until the RPC connection is considered lost - socket_keepalive_count = 9 - - ## TCP sending buffer size - socket_sndbuf = 1MB - - ## TCP receiving buffer size - socket_recbuf = 1MB - - ## Socket buffer size in user mode - socket_buffer = 1MB -} diff --git a/rel/i18n/emqx_prometheus_schema.hocon b/rel/i18n/emqx_prometheus_schema.hocon index a0c4d899c..d68e1d418 100644 --- a/rel/i18n/emqx_prometheus_schema.hocon +++ b/rel/i18n/emqx_prometheus_schema.hocon @@ -4,7 +4,7 @@ enable.desc: """Turn Prometheus data pushing on or off""" headers.desc: -"""A HTTP Headers when pushing to Push Gateway.
+"""An HTTP Headers when pushing to Push Gateway.
For example, { Authorization = "some-authz-tokens"}""" interval.desc: From e5803a61f12edb29cac9980a8619bc36818828ab Mon Sep 17 00:00:00 2001 From: ieQu1 <99872536+ieQu1@users.noreply.github.com> Date: Tue, 20 Jun 2023 10:08:41 +0200 Subject: [PATCH 16/36] fix(management): Don't wait for an empty shard --- apps/emqx_management/include/emqx_mgmt.hrl | 2 -- apps/emqx_management/src/emqx_mgmt_app.erl | 1 - 2 files changed, 3 deletions(-) diff --git a/apps/emqx_management/include/emqx_mgmt.hrl b/apps/emqx_management/include/emqx_mgmt.hrl index 7f6b5a675..58e0e8692 100644 --- a/apps/emqx_management/include/emqx_mgmt.hrl +++ b/apps/emqx_management/include/emqx_mgmt.hrl @@ -14,6 +14,4 @@ %% limitations under the License. %%-------------------------------------------------------------------- --define(MANAGEMENT_SHARD, emqx_management_shard). - -define(DEFAULT_ROW_LIMIT, 100). diff --git a/apps/emqx_management/src/emqx_mgmt_app.erl b/apps/emqx_management/src/emqx_mgmt_app.erl index 2d48ed662..e8bd5d76e 100644 --- a/apps/emqx_management/src/emqx_mgmt_app.erl +++ b/apps/emqx_management/src/emqx_mgmt_app.erl @@ -28,7 +28,6 @@ -include("emqx_mgmt.hrl"). start(_Type, _Args) -> - ok = mria_rlog:wait_for_shards([?MANAGEMENT_SHARD], infinity), case emqx_mgmt_auth:init_bootstrap_file() of ok -> emqx_conf:add_handler([api_key], emqx_mgmt_auth), From fe77a04581bd8c3e0d4993143d7888eaf52892be Mon Sep 17 00:00:00 2001 From: ieQu1 <99872536+ieQu1@users.noreply.github.com> Date: Tue, 20 Jun 2023 10:27:40 +0200 Subject: [PATCH 17/36] chore: Add changelog --- changes/ce/fix-11092.en.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changes/ce/fix-11092.en.md diff --git a/changes/ce/fix-11092.en.md b/changes/ce/fix-11092.en.md new file mode 100644 index 000000000..64d8adfd5 --- /dev/null +++ b/changes/ce/fix-11092.en.md @@ -0,0 +1,2 @@ +Fix problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. +Relevant mria pull request: https://github.com/emqx/mria/pull/143 From 97fc7040c8cb92c0b4af6687900b66afdf964ea9 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Tue, 20 Jun 2023 17:06:37 +0800 Subject: [PATCH 18/36] chore: update gateway configurations examples --- examples/gateway.coap.conf.example | 21 +++++---- examples/gateway.exproto.conf.example | 28 +++++++---- examples/gateway.lwm2m.conf.example | 67 ++++++++++++++++++--------- examples/gateway.mqttsn.conf.example | 33 +++++++++---- examples/gateway.stomp.conf.example | 27 +++++++---- 5 files changed, 122 insertions(+), 54 deletions(-) diff --git a/examples/gateway.coap.conf.example b/examples/gateway.coap.conf.example index fc56169fd..a4d4bb267 100644 --- a/examples/gateway.coap.conf.example +++ b/examples/gateway.coap.conf.example @@ -7,13 +7,18 @@ ## you should copy and paste the below data into the emqx.conf for working gateway.coap { - enable = true + + ## When publishing or subscribing, prefix all topics with a mountpoint string. + ## It's a way that you can use to implement isolation of message routing between different + ## gateway protocols + mountpoint = "coap/" + + ## Enable or disable connection mode. + ## Connection mode is a feature of non-standard protocols. When connection mode is enabled, + ## it is necessary to maintain the creation, authentication and alive of connection resources connection_required = false - enable_stats = true - heartbeat = 30s - idle_timeout = 30s - mountpoint = "coap2/" - notify_type = qos - publish_qos = coap - subscribe_qos = coap + + listeners.udp.default { + bind = "0.0.0.0:5683" + } } diff --git a/examples/gateway.exproto.conf.example b/examples/gateway.exproto.conf.example index b9c0b08d1..04c95d98c 100644 --- a/examples/gateway.exproto.conf.example +++ b/examples/gateway.exproto.conf.example @@ -7,13 +7,25 @@ ## you should copy and paste the below data into the emqx.conf for working gateway.exproto { - enable = true - enable_stats = true - frame { - max_body_length = 655350 - max_headers = 100 - max_headers_length = 10240 + + ## When publishing or subscribing, prefix all topics with a mountpoint string. + ## It's a way that you can use to implement isolation of message routing between different + ## gateway protocols + mountpoint = "exproto/" + + ## Configurations for starting the ConnectionAdapter service + server { + bind = "0.0.0.0:9100" + ssl_options {verify = "verify_none"} + } + + ## Configurations for request to ConnectionHandler service + handler { + address = "http://127.0.0.1:9001" + ssl_options {enable = false} + } + + listeners.tcp.default { + bind = "0.0.0.0:7993" } - idle_timeout = 30s - mountpoint = "stomp2/" } diff --git a/examples/gateway.lwm2m.conf.example b/examples/gateway.lwm2m.conf.example index 2803f24ef..2c9b55c04 100644 --- a/examples/gateway.lwm2m.conf.example +++ b/examples/gateway.lwm2m.conf.example @@ -7,31 +7,56 @@ ## you should copy and paste the below data into the emqx.conf for working gateway.lwm2m { + + ## When publishing or subscribing, prefix all topics with a mountpoint string. + ## It's a way that you can use to implement isolation of message routing between different + ## gateway protocols + mountpoint = "lwm2m/" + + ## The Directory for LwM2M Resource definition. + xml_dir = "etc/lwm2m_xml/" + + ## Automatically observe the object list of REGISTER packet. auto_observe = false - enable = true - enable_stats = true - idle_timeout = 30s - lifetime_max = 86400s + + ## Minimum value of lifetime allowed to be set by the LwM2M client. lifetime_min = 1s - mountpoint = "lwm2m2/" + + ## Maximum value of lifetime allowed to be set by the LwM2M client. + lifetime_max = 86400s + + ## The value of the time window during which the network link is considered valid by + ## the LwM2M Gateway in QMode mode. qmode_time_window = 22s + + ## Topic configuration for LwM2M's gateway publishing and subscription. translators { - command { - topic = "dn/#" - } - notify { - topic = "up/notify" - } - register { - topic = "up/resp" - }, - response { - topic = "up/resp" - }, - update { - topic = "up/resp" - } + ## The topic for receiving downstream commands. + ## For each new LwM2M client that succeeds in going online, the gateway creates a + ## subscription relationship to receive downstream commands and send it to the LwM2M client + command { topic = "dn/#" } + + ## The topic for gateway to publish the notify events from LwM2M client. + ## After succeed observe a resource of LwM2M client, Gateway will send the notify events + ## via this topic, if the client reports any resource changes + notify { topic = "up/notify" } + + ## The topic for gateway to publish the register events from LwM2M client. + register { topic = "up/register" }, + + ## The topic for gateway to publish the acknowledge events from LwM2M client. + response { topic = "up/resp" }, + + ## The topic for gateway to publish the update events from LwM2M client. + update { topic = "up/resp" } } + + ## Policy for publishing UPDATE event message.
+ ## - always: send update events as long as the UPDATE request is received.
+ ## - contains_object_list: send update events only if the UPDATE request carries any Object List""" update_msg_publish_condition = always - xml_dir = "/etc/emqx/lwm2m_xml" + + listeners.udp.default { + bind = "0.0.0.0:5784" + } } diff --git a/examples/gateway.mqttsn.conf.example b/examples/gateway.mqttsn.conf.example index 7bfc78f53..7785454f3 100644 --- a/examples/gateway.mqttsn.conf.example +++ b/examples/gateway.mqttsn.conf.example @@ -7,17 +7,32 @@ ## you should copy and paste the below data into the emqx.conf for working gateway.mqttsn { + + ## When publishing or subscribing, prefix all topics with a mountpoint string. + ## It's a way that you can use to implement isolation of message routing between different + ## gateway protocols + mountpoint = "mqttsn/" + + ## Whether to periodically broadcast ADVERTISE messages broadcast = true - enable = true - enable_qos3 = false - enable_stats = true + + ## The Gateway ID. + ## When the broadcast option is enabled, the gateway will broadcast ADVERTISE message with this value gateway_id = 1 - idle_timeout = 30s - mountpoint = "mqttsn2/" + + ## Allows connectionless clients to publish messages with a Qos of -1. + ## This feature is defined for very simple client implementations which do not support any other + ## features except this one. There is no connection setup nor tear down, no registration nor + ## subscription. The client just sends its 'PUBLISH' messages to a GW + enable_qos3 = false + + ## The pre-defined topic IDs and topic names predefined = [ - { - id = 1003 - topic = "pred/1003" - } + {id = 1, topic = "predefined/topic1"}, + {id = 2, topic = "predefined/topic2"} ] + + listeners.udp.default { + bind = "0.0.0.0:1884" + } } diff --git a/examples/gateway.stomp.conf.example b/examples/gateway.stomp.conf.example index 7f4fe20c4..8e6cdd764 100644 --- a/examples/gateway.stomp.conf.example +++ b/examples/gateway.stomp.conf.example @@ -7,13 +7,24 @@ ## you should copy and paste the below data into the emqx.conf for working gateway.stomp { - enable: true - enable_stats: true - frame: { - max_body_length: 655350 - max_headers: 100 - max_headers_length: 10240 + + ## When publishing or subscribing, prefix all topics with a mountpoint string. + ## It's a way that you can use to implement isolation of message routing between different + ## gateway protocols + mountpoint = "stomp/" + + frame { + ## The maximum number of Header + max_headers = 10 + + ## The maximum string length of the Header name and value. + max_headers_length = 1024 + + ## The Maximum number of bytes of Body allowed per Stomp packet. + max_body_length = 65536 + } + + listeners.tcp.default { + bind = 0.0.0.0:61613 } - idle_timeout: 30s - mountpoint: "stomp2/" } From 53fdda8eef99f9365e85b8db128249a7d2e621b0 Mon Sep 17 00:00:00 2001 From: zhongwencool Date: Tue, 20 Jun 2023 17:52:03 +0800 Subject: [PATCH 19/36] chore: more detail for examples --- examples/auto_subscribe.conf.example | 30 ----------------- examples/listeners.ssl.conf.example | 29 ++++++++++++++-- examples/listeners.ws.conf.example | 17 ++++++++++ examples/listeners.wss.conf.example | 41 ++++++++++++++++++++++- examples/log.file.conf.example | 2 +- examples/node.conf.example | 2 +- examples/overload_protection.conf.example | 25 -------------- examples/slow_subs.conf.example | 28 ---------------- examples/sysmon.os.conf.example | 12 +++---- examples/sysmon.vm.conf.example | 6 ++-- 10 files changed, 95 insertions(+), 97 deletions(-) delete mode 100644 examples/auto_subscribe.conf.example delete mode 100644 examples/overload_protection.conf.example delete mode 100644 examples/slow_subs.conf.example diff --git a/examples/auto_subscribe.conf.example b/examples/auto_subscribe.conf.example deleted file mode 100644 index 7a5523f2a..000000000 --- a/examples/auto_subscribe.conf.example +++ /dev/null @@ -1,30 +0,0 @@ -##-------------------------------------------------------------------- -## Auto Subscribe -## -## Subscribe the Topics automatically when client connected -##-------------------------------------------------------------------- - -auto_subscribe.topics = [ - { - ## Topic name, placeholders are supported - ## For example: client/${clientid}/username/${username}/host/${host}/port/${port} - topic = "/auto/${clientid}", - - ## QoS - qos = 0, - - ## Retain Handling - ## Value: 0 | 1 | 2 - rh = 0, - - ## Retain As Publish - ## Value: 0 | 1 - rap = 0, - - ## No Local - ## Value: 0 | 1 - nl = 0 - }, - {topic = "/foo/${username}/#", qos = 1}, - {topic = "/boo/${ip}/+"} -] diff --git a/examples/listeners.ssl.conf.example b/examples/listeners.ssl.conf.example index e86bd6b4d..11078db6c 100644 --- a/examples/listeners.ssl.conf.example +++ b/examples/listeners.ssl.conf.example @@ -13,7 +13,24 @@ listeners.ssl.sslname { ## Port or Address to listen on, 0 means disable bind = 8883 ## or with an IP e.g. "127.0.0.1:8883" - + enabled = true + acceptors = 16 + enable_authn = true + max_connections = infinity + mountpoint = "" + proxy_protocol = false + proxy_protocol_timeout = 3s + tcp_options { + active_n = 100 + backlog = 1024 + buffer = 4KB + high_watermark = 1MB + keepalive = none + nodelay = true + reuseaddr = true + send_timeout = 15s + send_timeout_close = true + } ssl_options { ## Trusted PEM format CA certificates bundle file cacertfile = "data/certs/cacert.pem" @@ -27,7 +44,7 @@ listeners.ssl.sslname { ## Enable or disable peer verification verify = verify_none ## use verify_peer to enable - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + ## if `verify' is enabled, whit true, the connection fails if the client does not have a certificate to send fail_if_no_peer_cert = false ## Enable TLS session reuse @@ -61,5 +78,13 @@ listeners.ssl.sslname { ## Maximum time duration allowed for the handshake to complete handshake_timeout = 15s + + ocsp { + enable_ocsp_stapling = false + responder_url = "http://ocsp.example.com" + issuer_pem = true + refresh_http_timeout = 15s + refresh_interval = 5m + } } } diff --git a/examples/listeners.ws.conf.example b/examples/listeners.ws.conf.example index ad9ddbf8a..60523ac7a 100644 --- a/examples/listeners.ws.conf.example +++ b/examples/listeners.ws.conf.example @@ -13,6 +13,23 @@ listeners.ws.wsname { ## Port or Address to listen on, 0 means disable bind = "0.0.0.0:8083" # or just a port number, e.g. 8083 + enabled = true + enable_authn = true + max_connections = infinity + proxy_protocol = false + proxy_protocol_timeout = 3s + mountpoint = "" + tcp_options { + active_n = 100 + backlog = 1024 + buffer = 4KB + high_watermark = 1MB + keepalive = none + nodelay = true + reuseaddr = true + send_timeout = 15s + send_timeout_close = true + } websocket { ## WebSocket's MQTT protocol path diff --git a/examples/listeners.wss.conf.example b/examples/listeners.wss.conf.example index a5801b160..799d082d7 100644 --- a/examples/listeners.wss.conf.example +++ b/examples/listeners.wss.conf.example @@ -13,6 +13,45 @@ listeners.wss.wssname { ## Port or Address to listen on, 0 means disable bind = 8084 ## or with an IP, e.g. "127.0.0.1:8084" + enabled = true + enable_authn = true + max_connections = infinity + proxy_protocol = false + proxy_protocol_timeout = 3s + mountpoint = "" + tcp_options { + active_n = 100 + backlog = 1024 + buffer = 4KB + high_watermark = 1MB + keepalive = none + nodelay = true + reuseaddr = true + send_timeout = 15s + send_timeout_close = true + } + websocket { + allow_origin_absence = true + check_origin_enable = false + check_origins = "http://localhost:18083, http://127.0.0.1:18083" + compress = false + deflate_opts { + client_context_takeover = "takeover" + client_max_window_bits = 15 + mem_level = 8 + server_context_takeover = "takeover" + server_max_window_bits = 15 + strategy = "default" + } + fail_if_no_subprotocol = true + idle_timeout = "7200s" + max_frame_size = "infinity" + mqtt_path = "/mqtt" + mqtt_piggyback = "multiple" + proxy_address_header = "x-forwarded-for" + proxy_port_header = "x-forwarded-port" + supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" + } ssl_options { ## Trusted PEM format CA certificates bundle file @@ -27,7 +66,7 @@ listeners.wss.wssname { ## Enable or disable peer verification verify = verify_none ## use verify_peer to enable - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send + ## if `verify' is enabled, whit true, the connection fails if the client does not have a certificate to send fail_if_no_peer_cert = false ## Enable TLS session reuse diff --git a/examples/log.file.conf.example b/examples/log.file.conf.example index e4e3769fc..deb9b16b9 100644 --- a/examples/log.file.conf.example +++ b/examples/log.file.conf.example @@ -34,5 +34,5 @@ log.file { ## Type: ## - infinity :: the log file will grow indefinitely ## - ByteSize :: the log file will be rotated once it reaches this value in bytes - rotation_size = "50MB" + rotation_size = 50MB } diff --git a/examples/node.conf.example b/examples/node.conf.example index e7d6979ed..65c08b337 100644 --- a/examples/node.conf.example +++ b/examples/node.conf.example @@ -39,5 +39,5 @@ node { data_dir = "var/emqx/data" ## Type: Periodic garbage collection interval - global_gc_interval = "15m" + global_gc_interval = 15m } diff --git a/examples/overload_protection.conf.example b/examples/overload_protection.conf.example deleted file mode 100644 index 36aba702c..000000000 --- a/examples/overload_protection.conf.example +++ /dev/null @@ -1,25 +0,0 @@ -##-------------------------------------------------------------------- -## Overload Protection -## -## Monitoring the load of the system and temporarily disable some features when the load is high -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -## Note: Do not modify this unless you know what this is for -overload_protection { - ## set true to enable this - enable = false - - ## Maximum duration of delay for background task execution during high load conditions - backoff_delay = 1 - - ## When at high load, skip forceful GC - backoff_gc = false - - ## When at high load, skip process hibernation - backoff_hibernation = true - - ## When at high load, close new incoming connections - backoff_new_conn = true -} diff --git a/examples/slow_subs.conf.example b/examples/slow_subs.conf.example deleted file mode 100644 index 8409cf466..000000000 --- a/examples/slow_subs.conf.example +++ /dev/null @@ -1,28 +0,0 @@ -##-------------------------------------------------------------------- -## Slow Subscribers Statistics -## -## Count subscribers with topics whose transfer time exceeds the threshold -##-------------------------------------------------------------------- -## Note: This is an example of how to configure this feature -## you should copy and paste the below data into the emqx.conf for working - -slow_subs { - ## Stats Threshold - threshold = 500ms - - ## Expire time of the record which in Top-K record - expire_interval = 300ms - - ## Maximum number of Top-K record - top_k_num = 10 - - ## Stats Type - ## Value: - ## - whole: from the time the message arrives at EMQX until the message transmission completes - ## - internal: from when the message arrives at EMQX until when EMQX starts delivering the message - ## - response: from the time EMQX starts delivering the message until the message transmission completes - stats_type = whole - - ## use true to enable this - enable = false -} diff --git a/examples/sysmon.os.conf.example b/examples/sysmon.os.conf.example index 9883890dc..95e7aa1ec 100644 --- a/examples/sysmon.os.conf.example +++ b/examples/sysmon.os.conf.example @@ -8,23 +8,23 @@ sysmon.os { ## Time interval for the periodic CPU check - cpu_check_interval = "60s" + cpu_check_interval = 60s ## For how much system cpu can be used before the corresponding alarm is raised - cpu_high_watermark = "80%" + cpu_high_watermark = 80% ## For how much system cpu can be used before the corresponding alarm is cleared - cpu_low_watermark = "60%" + cpu_low_watermark = 60% ## Time interval for the periodic memory check ## Type: ## - disabled :: Never check ## - Time Duration :: The time period - mem_check_interval = "60s" + mem_check_interval = 60s ## For how much system memory can be allocated before the corresponding alarm is raised - sysmem_high_watermark = "70%" + sysmem_high_watermark = 70% ## For how much system memory can be allocated by one Erlang process before the corresponding alarm is raised - procmem_high_watermark = "5%" + procmem_high_watermark = 5% } diff --git a/examples/sysmon.vm.conf.example b/examples/sysmon.vm.conf.example index 75eb2fef6..d68141cea 100644 --- a/examples/sysmon.vm.conf.example +++ b/examples/sysmon.vm.conf.example @@ -11,10 +11,10 @@ sysmon.vm { process_check_interval = 30s ## For how many processes can simultaneously exist at the local node before the corresponding alarm is raised - process_high_watermark = "80%" + process_high_watermark = 80% ## For how many processes can simultaneously exist at the local node before the corresponding alarm is cleared - process_low_watermark = "60%" + process_low_watermark = 60% ## Generated an alarm when an Erlang process spends a long time to perform garbage collection ## Type: @@ -32,7 +32,7 @@ sysmon.vm { ## Type: ## - disabled :: Never alarm ## - ByteSize :: The maximum heap size for generating an alarm - large_heap = 32M + large_heap = 32MB ## Generating an alarm when the RPC connection is overloaded busy_dist_port = true From 528f49aa2ed66e24bb111ac186e20aa313f41a29 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 18:13:49 +0800 Subject: [PATCH 20/36] chore: fix errors in the example for the file transfer configuration --- .../file_transfer-with-s3-exporter.conf.example | 17 +++++++++-------- examples/flapping_detect.conf.example | 4 ++-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/examples/file_transfer-with-s3-exporter.conf.example b/examples/file_transfer-with-s3-exporter.conf.example index 62801d8ad..a59c7918c 100644 --- a/examples/file_transfer-with-s3-exporter.conf.example +++ b/examples/file_transfer-with-s3-exporter.conf.example @@ -48,7 +48,7 @@ file_transfer { ## Credentials to use to authorize with the S3 API access_key_id = "AKIA27EZDDM9XLINWXFE" - secret_access_key = "..." + secret_access_key = "******" ## Which bucket to store transferred files in? bucket = "my-bucket" @@ -57,15 +57,16 @@ file_transfer { url_expire_time = 1h ## Enable the HTTPS - transport_options.ssl.enable = true + transport_options { + ssl.enable = true - ## Timeout for connection attempts - connect_timeout = 15s + ## Timeout for connection attempts + connect_timeout = 15s - ## Attempt to talk through IPv6 first - ipv6_probe = true - } + ## Attempt to talk through IPv6 first + ipv6_probe = true + } + } } - } } diff --git a/examples/flapping_detect.conf.example b/examples/flapping_detect.conf.example index c570a3640..b33a805ea 100644 --- a/examples/flapping_detect.conf.example +++ b/examples/flapping_detect.conf.example @@ -7,8 +7,8 @@ ## you should copy and paste the below data into the emqx.conf for working flapping_detect { - ## Feature switch - enable = false + ## use false to disabled + enable = true ## Time window for flapping detection window_time = 1m From a6aae657a967804cd89ce967bc25cac397e86177 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Tue, 20 Jun 2023 18:19:40 +0800 Subject: [PATCH 21/36] chore(example): fix gateway.stomp.conf.example --- examples/gateway.stomp.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/gateway.stomp.conf.example b/examples/gateway.stomp.conf.example index 8e6cdd764..ab09a45f7 100644 --- a/examples/gateway.stomp.conf.example +++ b/examples/gateway.stomp.conf.example @@ -25,6 +25,6 @@ gateway.stomp { } listeners.tcp.default { - bind = 0.0.0.0:61613 + bind = "0.0.0.0:61613" } } From f95787d22915d32e223103959b7f98b536957731 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 20 Jun 2023 10:39:47 +0200 Subject: [PATCH 22/36] test: make possible to test core/replica locally --- apps/emqx/include/emqx_release.hrl | 2 +- apps/emqx/src/emqx_release.erl | 9 ++-- apps/emqx/test/emqx_release_tests.erl | 4 ++ apps/emqx_conf/src/emqx_conf_app.erl | 2 +- scripts/test/start-two-nodes-in-host.sh | 57 ++++++++++++++++++++++--- 5 files changed, 64 insertions(+), 10 deletions(-) diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl index 8faa00abd..f77336e13 100644 --- a/apps/emqx/include/emqx_release.hrl +++ b/apps/emqx/include/emqx_release.hrl @@ -35,7 +35,7 @@ -define(EMQX_RELEASE_CE, "5.1.0-rc.1"). %% Enterprise edition --define(EMQX_RELEASE_EE, "5.1.0-rc.1"). +-define(EMQX_RELEASE_EE, "5.1.0-rc.2"). %% The HTTP API version -define(EMQX_API_VERSION, "5.0"). diff --git a/apps/emqx/src/emqx_release.erl b/apps/emqx/src/emqx_release.erl index c052eecc9..7d065e15b 100644 --- a/apps/emqx/src/emqx_release.erl +++ b/apps/emqx/src/emqx_release.erl @@ -132,10 +132,13 @@ parse_vsn(Vsn) -> Suffix = case Suffix0 of "" -> - %% For the case like "5.1.0" + %% "5.1.0" ""; - [ReleaseStage, Number] -> - %% For the case like "5.1.0-rc.1" + ["g" ++ _] -> + %% "5.1.0-g53ab85b1" + ""; + [ReleaseStage, Number | _] -> + %% "5.1.0-rc.1" or "5.1.0-rc.1-g53ab85b1" {ReleaseStage, list_to_integer(Number)} end, {{list_to_integer(V1), list_to_integer(V2), list_to_integer(V3)}, Suffix} diff --git a/apps/emqx/test/emqx_release_tests.erl b/apps/emqx/test/emqx_release_tests.erl index 45d9a53c4..3f4e4ebfd 100644 --- a/apps/emqx/test/emqx_release_tests.erl +++ b/apps/emqx/test/emqx_release_tests.erl @@ -47,6 +47,10 @@ vsn_compre_test_() -> ?assertEqual(older, emqx_release:vsn_compare("1.1.1", "1.1.1-rc.1")), ?assertEqual(newer, emqx_release:vsn_compare("1.1.1-rc.1", "1.1.1")) end}, + {"git hash suffix is ignored", fun() -> + ?assertEqual(older, emqx_release:vsn_compare("1.1.1-gabcd", "1.1.1-rc.1-g1234")), + ?assertEqual(newer, emqx_release:vsn_compare("1.1.1-rc.1-gabcd", "1.1.1-g1234")) + end}, {"invalid version string will crash", fun() -> ?assertError({invalid_version_string, "1.1.a"}, emqx_release:vsn_compare("v1.1.a")), ?assertError( diff --git a/apps/emqx_conf/src/emqx_conf_app.erl b/apps/emqx_conf/src/emqx_conf_app.erl index 6a7638cc2..1505b8c3e 100644 --- a/apps/emqx_conf/src/emqx_conf_app.erl +++ b/apps/emqx_conf/src/emqx_conf_app.erl @@ -223,7 +223,7 @@ sync_cluster_conf4(Ready) -> msg => "sync_cluster_conf_success", synced_from_node => Node, has_deprecated_file => HasDeprecatedFile, - local_release => emqx_app:get_release(), + local_release => emqx_release:version_with_prefix(), remote_release => maps:get(release, Info, "before_v5.0.24|e5.0.3"), data_dir => emqx:data_dir(), tnx_id => TnxId diff --git a/scripts/test/start-two-nodes-in-host.sh b/scripts/test/start-two-nodes-in-host.sh index 3d0b0bf61..ffd4b6b19 100755 --- a/scripts/test/start-two-nodes-in-host.sh +++ b/scripts/test/start-two-nodes-in-host.sh @@ -12,10 +12,40 @@ set -euo pipefail # ensure dir cd -P -- "$(dirname -- "$0")/../../" -DEFAULT_BOOT='./_build/emqx/rel/emqx/bin/emqx' +help() { + echo + echo "-h|--help: To display this usage info" + echo "-b|--boots: boot scripts, comma separate if more than one" + echo " default is ./_build/emqx/rel/emqx/bin/emqx" + echo "-r|--roles: node (db) roles, comma separate" +} -BOOT1="${1:-$DEFAULT_BOOT}" -BOOT2="${2:-$BOOT1}" +BOOT='./_build/emqx/rel/emqx/bin/emqx' +ROLES='core,core' +while [ "$#" -gt 0 ]; do + case $1 in + -h|--help) + help + exit 0 + ;; + -b|--boots) + BOOT="$2" + shift 2 + ;; + -r|--roles) + ROLES="$2" + shift 2 + ;; + *) + echo "unknown option $1" + exit 1 + ;; + esac +done + +BOOT1="$(echo "$BOOT" | cut -d ',' -f1)" +BOOT2="$(echo "$BOOT" | cut -d ',' -f2)" +[ -z "$BOOT2" ] && BOOT2="$BOOT1" export IP1='127.0.0.1' export IP2='127.0.0.2' @@ -24,6 +54,22 @@ export IP2='127.0.0.2' NODE1="emqx1@$IP1" NODE2="emqx2@$IP2" +ROLE1="$(echo "$ROLES" | cut -d ',' -f1)" +ROLE2="$(echo "$ROLES" | cut -d ',' -f2)" +export ROLE1 ROLE2 + +if [ "$ROLE1" = 'core' ] && [ "$ROLE2" = 'core' ]; then + SEEDS="$NODE1,$NODE2" +elif [ "$ROLE1" = 'core' ]; then + SEEDS="$NODE1" +elif [ "$ROLE2" = 'core' ]; then + SEEDS="$NODE2" +else + echo "missing 'core' role in -r|--roles option" + exit 1 +fi +export SEEDS + start_cmd() { local index="$1" local nodehome @@ -33,11 +79,12 @@ start_cmd() { mkdir -p "${nodehome}/data" "${nodehome}/log" cat <<-EOF env DEBUG="${DEBUG:-0}" \ -EMQX_CLUSTER__STATIC__SEEDS="[\"$NODE1\",\"$NODE2\"]" \ +EMQX_NODE_NAME="emqx${index}@\$IP${index}" \ +EMQX_CLUSTER__STATIC__SEEDS="$SEEDS" \ EMQX_CLUSTER__DISCOVERY_STRATEGY=static \ +EMQX_NODE__DB_ROLE="\$ROLE${index}" \ EMQX_LOG__FILE_HANDLERS__DEFAULT__LEVEL="${EMQX_LOG__FILE_HANDLERS__DEFAULT__LEVEL:-debug}" \ EMQX_LOG__FILE_HANDLERS__DEFAULT__FILE="${nodehome}/log/emqx.log" \ -EMQX_NODE_NAME="emqx${index}@\$IP${index}" \ EMQX_NODE__COOKIE="${EMQX_NODE__COOKIE:-cookie1}" \ EMQX_LOG_DIR="${nodehome}/log" \ EMQX_NODE__DATA_DIR="${nodehome}/data" \ From 4d1de6509de7f346e5d91201c0737f2313f0d9a9 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 20 Jun 2023 18:44:21 +0800 Subject: [PATCH 23/36] chore: change the value of all feature switches to `enable` in examples --- examples/dashboard-with-https.conf.example | 3 --- delayed.conf.example => examples/delayed.conf.example | 0 examples/prometheus.conf.example | 4 ++-- examples/psk_authentication.conf.example | 4 ++-- 4 files changed, 4 insertions(+), 7 deletions(-) rename delayed.conf.example => examples/delayed.conf.example (100%) diff --git a/examples/dashboard-with-https.conf.example b/examples/dashboard-with-https.conf.example index 6f399dea3..5cc277e47 100644 --- a/examples/dashboard-with-https.conf.example +++ b/examples/dashboard-with-https.conf.example @@ -51,9 +51,6 @@ dashboard { ## Enable or disable peer verification verify = verify_none ## use verify_peer to enable - ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send - fail_if_no_peer_cert = false - ## Enable TLS session reuse reuse_sessions = true diff --git a/delayed.conf.example b/examples/delayed.conf.example similarity index 100% rename from delayed.conf.example rename to examples/delayed.conf.example diff --git a/examples/prometheus.conf.example b/examples/prometheus.conf.example index c6df97f2b..645e10364 100644 --- a/examples/prometheus.conf.example +++ b/examples/prometheus.conf.example @@ -23,6 +23,6 @@ prometheus { ## - ${host}: Host name of EMQX node job_name = "${name}/instance/${name}~${host}" - ## set true to enable this - enable = false + ## set to false to enable this + enable = true } diff --git a/examples/psk_authentication.conf.example b/examples/psk_authentication.conf.example index 9aef02421..272eb41b5 100644 --- a/examples/psk_authentication.conf.example +++ b/examples/psk_authentication.conf.example @@ -7,8 +7,8 @@ ## you should copy and paste the below data into the emqx.conf for working psk_authentication { - ## set true to enable TLS PSK support - enable = false + ## set to false to disable + enable = true ## If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime init_file = "psk" From b588b88a6039a9e4160760132f00050a1e71e834 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 20 Jun 2023 15:43:37 +0200 Subject: [PATCH 24/36] chore: change autoclean interval default value to 24h There is currently a bug in OTP causing external backends to fail when merge schema (mnesia_schema:change_storage_type/3). To avoid forcing users to clean up the DB after the node is stopped for a short while (5m before this change), we increase the default auto-clean interval to 24 hours. This PR also has the autoclean config removed from examples. --- apps/emqx_conf/src/emqx_conf_schema.erl | 2 +- examples/cluster-with-dns.conf.example | 3 --- examples/cluster-with-etcd-ssl.conf.example | 3 --- examples/cluster-with-etcd.conf.example | 3 --- examples/cluster-with-k8s.conf.example | 3 --- examples/cluster-with-manual.conf.example | 3 --- examples/cluster-with-static.conf.example | 3 --- 7 files changed, 1 insertion(+), 19 deletions(-) diff --git a/apps/emqx_conf/src/emqx_conf_schema.erl b/apps/emqx_conf/src/emqx_conf_schema.erl index e6cb93ac0..ce7bbb8b2 100644 --- a/apps/emqx_conf/src/emqx_conf_schema.erl +++ b/apps/emqx_conf/src/emqx_conf_schema.erl @@ -165,7 +165,7 @@ fields("cluster") -> emqx_schema:duration(), #{ mapping => "mria.cluster_autoclean", - default => <<"5m">>, + default => <<"24h">>, desc => ?DESC(cluster_autoclean), 'readOnly' => true } diff --git a/examples/cluster-with-dns.conf.example b/examples/cluster-with-dns.conf.example index f979eb689..ae617a808 100644 --- a/examples/cluster-with-dns.conf.example +++ b/examples/cluster-with-dns.conf.example @@ -16,9 +16,6 @@ cluster { ## List of core nodes that the replicant will connect to core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] - ## Remove disconnected nodes from the cluster after this interval - autoclean = 5m - ## If true, the node will try to heal network partitions automatically autoheal = true diff --git a/examples/cluster-with-etcd-ssl.conf.example b/examples/cluster-with-etcd-ssl.conf.example index b7c642770..d3a31c7d0 100644 --- a/examples/cluster-with-etcd-ssl.conf.example +++ b/examples/cluster-with-etcd-ssl.conf.example @@ -16,9 +16,6 @@ cluster { ## List of core nodes that the replicant will connect to core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] - ## Remove disconnected nodes from the cluster after this interval - autoclean = 5m - ## If true, the node will try to heal network partitions automatically autoheal = true diff --git a/examples/cluster-with-etcd.conf.example b/examples/cluster-with-etcd.conf.example index 17ab604d6..3eae3b980 100644 --- a/examples/cluster-with-etcd.conf.example +++ b/examples/cluster-with-etcd.conf.example @@ -16,9 +16,6 @@ cluster { ## List of core nodes that the replicant will connect to core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] - ## Remove disconnected nodes from the cluster after this interval - autoclean = 5m - ## If true, the node will try to heal network partitions automatically autoheal = true diff --git a/examples/cluster-with-k8s.conf.example b/examples/cluster-with-k8s.conf.example index 4fd329b24..7a0ad3b29 100644 --- a/examples/cluster-with-k8s.conf.example +++ b/examples/cluster-with-k8s.conf.example @@ -16,9 +16,6 @@ cluster { ## List of core nodes that the replicant will connect to core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] - ## Remove disconnected nodes from the cluster after this interval - autoclean = 5m - ## If true, the node will try to heal network partitions automatically autoheal = true diff --git a/examples/cluster-with-manual.conf.example b/examples/cluster-with-manual.conf.example index f075ea389..7c031b44a 100644 --- a/examples/cluster-with-manual.conf.example +++ b/examples/cluster-with-manual.conf.example @@ -16,9 +16,6 @@ cluster { ## List of core nodes that the replicant will connect to core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] - ## Remove disconnected nodes from the cluster after this interval - autoclean = 5m - ## If true, the node will try to heal network partitions automatically autoheal = true } diff --git a/examples/cluster-with-static.conf.example b/examples/cluster-with-static.conf.example index 76a9d9980..e2263da15 100644 --- a/examples/cluster-with-static.conf.example +++ b/examples/cluster-with-static.conf.example @@ -16,9 +16,6 @@ cluster { ## List of core nodes that the replicant will connect to core_nodes = ["emqx1@192.168.0.1", "emqx2@192.168.0.2"] - ## Remove disconnected nodes from the cluster after this interval - autoclean = 5m - ## If true, the node will try to heal network partitions automatically autoheal = true From 80fdb26b64ab912cd4181a69d91eae2681e30b61 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 20 Jun 2023 15:49:06 +0200 Subject: [PATCH 25/36] chore: bump to opensource edition dashboard v1.3.0-1 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2453528be..ee0d306fa 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ endif # Dashboard version # from https://github.com/emqx/emqx-dashboard5 -export EMQX_DASHBOARD_VERSION ?= v1.3.0 +export EMQX_DASHBOARD_VERSION ?= v1.3.0-1 export EMQX_EE_DASHBOARD_VERSION ?= e1.1.0 # `:=` should be used here, otherwise the `$(shell ...)` will be executed every time when the variable is used From 728656d4f63754ca55c475f5c347a32b4f05ac74 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 20 Jun 2023 17:08:18 +0200 Subject: [PATCH 26/36] chore: bump to e5.1.0 official cut --- apps/emqx/include/emqx_release.hrl | 2 +- rebar.config.erl | 13 ------------- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl index f77336e13..2d4e5476c 100644 --- a/apps/emqx/include/emqx_release.hrl +++ b/apps/emqx/include/emqx_release.hrl @@ -35,7 +35,7 @@ -define(EMQX_RELEASE_CE, "5.1.0-rc.1"). %% Enterprise edition --define(EMQX_RELEASE_EE, "5.1.0-rc.2"). +-define(EMQX_RELEASE_EE, "5.1.0"). %% The HTTP API version -define(EMQX_API_VERSION, "5.0"). diff --git a/rebar.config.erl b/rebar.config.erl index fc91878d9..8d8e7c437 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -652,16 +652,3 @@ list_dir(Dir) -> false -> [] end. - -profile() -> - case os:getenv("PROFILE") of - Profile = "emqx-enterprise" ++ _ -> - Profile; - Profile = "emqx" ++ _ -> - Profile; - false -> - "emqx-enterprise"; - Profile -> - io:format(standard_error, "ERROR: bad_PROFILE ~p~n", [Profile]), - exit(bad_PROFILE) - end. From 6bf3fc5e2379535eeca6f1aee7e6a1998e1f26bf Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 20 Jun 2023 17:08:52 +0200 Subject: [PATCH 27/36] docs: Generate changelog for e5.1.0 --- changes/e5.1.0.en.md | 275 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 275 insertions(+) create mode 100644 changes/e5.1.0.en.md diff --git a/changes/e5.1.0.en.md b/changes/e5.1.0.en.md new file mode 100644 index 000000000..cb289b55e --- /dev/null +++ b/changes/e5.1.0.en.md @@ -0,0 +1,275 @@ +# e5.1.0 + +## Enhancements + +- [#10584](https://github.com/emqx/emqx/pull/10584) Add log level configuration to SSL communication + +- [#10598](https://github.com/emqx/emqx/pull/10598) Provide a callback method of Unary type in ExProto to avoid possible message disorder issues. + +- [#10676](https://github.com/emqx/emqx/pull/10676) Implement configuration and user data import/export CLI. + + The `emqx ctl export` and `emqx ctl import` commands allow to export configuration and built-in database + data from a running EMQX cluster and later import it to the same or another running EMQX cluster. + +- [#10702](https://github.com/emqx/emqx/pull/10702) Introduce a more straightforward configuration option `keepalive_multiplier` and + deprecate the old `keepalive_backoff` configuration. + After this enhancement, EMQX checks the client's keepalive timeout status + period by multiplying the "Client Requested Keepalive Interval" with `keepalive_multiplier`. + +- [#10782](https://github.com/emqx/emqx/pull/10782) Added a new `deliver_rate` option to the retainer configuration, which can limit the maximum delivery rate per session in the retainer. + + +- [#10858](https://github.com/emqx/emqx/pull/10858) A new utility function timezone_to_offset_seconds/1 has been added to the rule engine SQL language. This function converts a timezone string (for example, "+02:00", "Z" and "local") to the corresponding offset in seconds. + +- [#10909](https://github.com/emqx/emqx/pull/10909) Remove the deprecated HTTP APIs for gateways + +- [#10910](https://github.com/emqx/emqx/pull/10910) The data bridge resource option `auto_restart_interval` was deprecated in favor of `health_check_interval`, and `request_timeout` was renamed to `request_ttl`. Also, the default `request_ttl` value went from 15 seconds to 45 seconds. + + The previous existence of both `auto_restart_interval` and `health_check_interval` was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, `health_check_interval` is used both to control the periodicity of health checks that may transition the data bridge into `disconnected` or `connecting` states, as well as recovering from `disconnected`. + +- [#10926](https://github.com/emqx/emqx/pull/10926) Allow 'enable' as well as 'enabled' as the state flag for listeners. + + Prior to this change, listener can be enable/disabled by setting the 'true' or 'false' on the 'enabled' config. + This is slightly different naming comparing to other state flags in the system. + No the 'enable' flag is added as an aliase on listeners. + +- [#10929](https://github.com/emqx/emqx/pull/10929) Upgrade Erlang/OTP to 25.3.2-1 + +- [#10933](https://github.com/emqx/emqx/pull/10933) Add support for configuring TCP keep-alive in MQTT/TCP and MQTT/SSL listeners + +- [#10948](https://github.com/emqx/emqx/pull/10948) Add `live_connections` field for some HTTP APIs, i.e: + - `/monitor_current`, `/monitor_current/nodes/{node}` + - `/monitor/nodes/{node}`, `/monitor` + - `/node/{node}`, `/nodes` + +- [#10961](https://github.com/emqx/emqx/pull/10961) Adds support for unlimited max connections for gateway listeners by allowing + infinity as a valid value for the `max_connections` field in the configuration + and HTTP API + +- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed emqx ctl command 'cluster_call' to 'conf cluster_sync'. + The old command 'cluster_call' is still a valid command, but not included in usage info. + +- [#11034](https://github.com/emqx/emqx/pull/11034) Hide the broker and move the `broker.shared_subscription_strategy` to `mqtt.shared_subscription_strategy` as it belongs to `mqtt`. + +- [#11045](https://github.com/emqx/emqx/pull/11045) The listener's authentication and zone related apis have been officially removed in version `5.1.0`. + +- [#11062](https://github.com/emqx/emqx/pull/11062) Rename `log.file.to` to `log.file.path`. + +- [#10778](https://github.com/emqx/emqx/pull/10778) Refactored Pulsar Producer bridge to avoid leaking resources during crashes at creation. + +- [#10813](https://github.com/emqx/emqx/pull/10813) Refactored Kafka Producer and Consumer bridges to avoid leaking resources during crashes at creation. + +- [#10841](https://github.com/emqx/emqx/pull/10841) Added a schema validation to ensure message key is not empty when dispatching by key in Kafka and Pulsar Producer bridges. + +- [#10877](https://github.com/emqx/emqx/pull/10877) Bump RocketMQ driver to enhance security for sensitive data. + +- [#10892](https://github.com/emqx/emqx/pull/10892) Require that SID or Service Name is set on Oracle Database bridge creation. + +- [#10895](https://github.com/emqx/emqx/pull/10895) Refactored most of the bridges to avoid resource leaks during crashes during creation. + +- [#10908](https://github.com/emqx/emqx/pull/10908) Refactored the RocketMQ bridge to avoid leaking resources during crashes at creation. + +- [#10924](https://github.com/emqx/emqx/pull/10924) Refactored influxdb bridge connector to avoid resource leaks during crashes at creation. + +- [#10944](https://github.com/emqx/emqx/pull/10944) Improved the GCP PubSub bridge to avoid a potential issue where messages could fail to be sent when restarting a node. + +- [#10970](https://github.com/emqx/emqx/pull/10970) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode. + +- [#11003](https://github.com/emqx/emqx/pull/11003) Add an option to configure TCP keepalive in Kafka bridge. + +- [#11024](https://github.com/emqx/emqx/pull/11024) Added a small improvement to reduce the chance of seeing the `connecting` state when creating/updating a Pulsar Producer bridge. + +- [#10678](https://github.com/emqx/emqx/pull/10678) Optimized counter increment calls to avoid work if increment is zero. + +- [#10690](https://github.com/emqx/emqx/pull/10690) Added a retry mechanism to webhook bridge that attempts to improve throughput. + + This optimization retries request failures without blocking the buffering layer, which can improve throughput in situations of high messaging rate. + +- [#10698](https://github.com/emqx/emqx/pull/10698) Optimize memory usage when accessing the configuration during runtime. + +- [#10754](https://github.com/emqx/emqx/pull/10754) The MQTT bridge has been enhanced to utilize connection pooling and leverage available parallelism, substantially improving throughput. + + As a consequence, single MQTT bridge now uses a pool of `clientid`s to connect to the remote broker. + +- [#10790](https://github.com/emqx/emqx/pull/10790) Reducing overhead of reading configs per zone. + + +- [#10941](https://github.com/emqx/emqx/pull/10941) Improve the collection speed of Prometheus metrics when setting + `prometheus.vm_dist_collector=disabled` and + metric `erlang_vm_statistics_run_queues_length_total` is renamed to `erlang_vm_statistics_run_queues_length` + +- [#10988](https://github.com/emqx/emqx/pull/10988) Improve log security when data bridge creation fails to ensure sensitive data is always obfuscated. + +- [#11019](https://github.com/emqx/emqx/pull/11019) Improve log security for JWT, now it will be obfuscated before print. + +- [#11035](https://github.com/emqx/emqx/pull/11035) Bump Cassandra driver to avoid sensitive data leakages. + +## Bug Fixes + +- [#10563](https://github.com/emqx/emqx/pull/10563) Corrected an issue where the no_local flag was not functioning correctly. + + +- [#10600](https://github.com/emqx/emqx/pull/10600) Deleted emqx_statsd application. + + +- [#10653](https://github.com/emqx/emqx/pull/10653) Store gateway authentication TLS certificates and keys in the data directory. + +- [#10677](https://github.com/emqx/emqx/pull/10677) In Rule API, reapond with 404 HTTP error code when trying to delete a rule that does not exist. + +- [#10682](https://github.com/emqx/emqx/pull/10682) Fix the timestamp for the will message is incorrectly assigned at the session creation time, now this timestamp is the disconnected time of the session. + +- [#10701](https://github.com/emqx/emqx/pull/10701) RPM package for Amazon Linux 2 did not support TLS v1.3 as it was assembled with Erlang/OTP built with openssl 1.0. + +- [#10715](https://github.com/emqx/emqx/pull/10715) Postpone trimming the connection information structure until after `client.connected` hooks have been executed. These hooks once again have access to the client's peer certificate. + +- [#10737](https://github.com/emqx/emqx/pull/10737) Fix the issue where the HTTP API interface of Gateway cannot handle ClientIDs with + special characters, such as: `!@#$%^&*()_+{}:"<>?/`. + +- [#10785](https://github.com/emqx/emqx/pull/10785) Ensure `EMQX_LOG_DIR` is set by Windows boot script. + + The environment variable `EMQX_LOG_DIR` was missing in v5.0.25, caused EMQX Windows package fail to boot unless set by sysadmin. + +- [#10809](https://github.com/emqx/emqx/pull/10809) Address `** ERROR ** Mnesia post_commit hook failed: error:badarg` error messages happening during node shutdown or restart. + Mria pull request: https://github.com/emqx/mria/pull/142 + +- [#10818](https://github.com/emqx/emqx/pull/10818) Fixing `emqx_ctl traces` command. + +- [#10820](https://github.com/emqx/emqx/pull/10820) In case the cluster updated license before the new node join in. The new node will not apply the updated license. + After this change, the new joined node will use the cluster's license key. + + Sometimes the new node must start with a outdated license. + e.g. use emqx-operator deployed and needed to scale up after license expired. + At the time the cluster's license key already updated by API/CLI, but the new node won't use it. + +- [#10833](https://github.com/emqx/emqx/pull/10833) Only include enabled authenticators and authorizers in telemetry report, not all of them. + +- [#10851](https://github.com/emqx/emqx/pull/10851) Obfuscated sensitive data in the bad API logging. + +- [#10871](https://github.com/emqx/emqx/pull/10871) Fixes for connection deletion and message publishing requests not taking effect + issues once the connection has been created in a different UDP port first. + +- [#10880](https://github.com/emqx/emqx/pull/10880) Add a new HTTP API endpoint `/clients/kickout/bulk` for kicking out multiple clients in bulk. + +- [#10884](https://github.com/emqx/emqx/pull/10884) Fixes an issue where trying to get rule info or metrics could result in a crash when a node is joining a cluster. + +- [#10887](https://github.com/emqx/emqx/pull/10887) Fixed a potential issue where requests to bridges might take a long time to be retried. + + This only affected low throughput scenarios, where the buffering layer could take a long time to detect connectivity and driver problems. + +- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes runing a newer version than self. + + During cluster rolling upgrade, if an older version node has to restart due to whatever reason, + if it copies the cluster.hocon file from a newer version node, it may fail to start. + After this fix, the older version node will not copy the cluster.hocon file from a newer, + so it will use its own cluster.hocon file to start. + +- [#10911](https://github.com/emqx/emqx/pull/10911) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand. + +- [#10923](https://github.com/emqx/emqx/pull/10923) Fix a race-condition in channel info registration. + + Prior to this fix, when system is under heavy load, it might happen that a client is disconnected (or has its session expired) but still can be found in the clients page in dashboard. + One of the possible reasons is a race condition fixed in this PR: the connection is killed in the middle of channel data registration. + +- [#10930](https://github.com/emqx/emqx/pull/10930) Added a schema validation for values that might be used in timeouts to avoid invalid values. + + Before this fix, it was possible to use absurd values in the schema that would exceed the system limit, causing a crash. + +- [#10943](https://github.com/emqx/emqx/pull/10943) Deprecated UDP mcast mechanism for cluster discovery. + + This feature has been planed for deprecation since 5.0 mainly due to the lack of + actual production use. + This feature code is not yet removed in 5.1, but the document interface is demoted. + +- [#10950](https://github.com/emqx/emqx/pull/10950) Fix the issue where the `enable_qos` option does not take effect in the MQTT-SN gateway. + +- [#10951](https://github.com/emqx/emqx/pull/10951) Fix the issue in MQTT-SN gateway where the `mountpoint` does not take effect on message publishing. + +- [#10952](https://github.com/emqx/emqx/pull/10952) Disallow enabling `fail_if_no_peer_cert` in listener SSL options if `verify_none` is set. + + Setting `fail_if_no_peer_cert = true` and `verify = verify_none` caused connection errors + due to incompatible options. + This fix validates the options when creating or updating a listener to avoid these errors. + + Note: any old listener configuration with `fail_if_no_peer_cert = true` and `verify = verify_none` + that was previously allowed will fail to load after applying this fix and must be manually fixed. + +- [#10955](https://github.com/emqx/emqx/pull/10955) Fix the issue in MQTT-SN gateway where deleting Predefined Topics configuration does not work. + +- [#10977](https://github.com/emqx/emqx/pull/10977) Fix delay in updating subscription count metric and correct configuration issues in Stomp gateway. + +- [#10983](https://github.com/emqx/emqx/pull/10983) Fix issue when mqtt clients could not connect over TLS if the listener was configured to use TLS v1.3 only. + + The problem was that TLS connection was trying to use options incompatible with TLS v1.3. + +- [#10994](https://github.com/emqx/emqx/pull/10994) Redact `proxy-authorization` headers as used by HTTP connector to not leak secrets into log-files. + +- [#10996](https://github.com/emqx/emqx/pull/10996) Default to 404 for any HTTP/API request, we don't know, rather than the dashboard's index.html. + +- [#11005](https://github.com/emqx/emqx/pull/11005) Fix the issue where the `method` field cannot be correctly printed in the trace logs of AuthN HTTP. + +- [#11018](https://github.com/emqx/emqx/pull/11018) Fixed multiple issues with the Stomp gateway, including: + - Fixed an issue where `is_superuser` was not working correctly. + - Fixed an issue where the mountpoint was not being removed in message delivery. + - After a message or subscription request fails, the Stomp client should be disconnected + immediately after replying with an ERROR message. + +- [#11028](https://github.com/emqx/emqx/pull/11028) Disallow using multiple TLS versions in the listener config that include tlsv1.3 but exclude tlsv1.2. + + Using TLS configuration with such version gap caused connection errors. + Additionally, drop and log TLS options that are incompatible with the selected TLS version(s). + + Note: any old listener configuration with the version gap described above will fail to load + after applying this fix and must be manually fixed. + +- [#11030](https://github.com/emqx/emqx/pull/11030) Improved error messages when a validation error occurs while using the Listeners HTTP API. + +- [#11033](https://github.com/emqx/emqx/pull/11033) Deprecates the `mountpoint` field in `AuthenticateRequest` in ExProto gateway. + + This field was introduced in v4.x, but in fact, in 5.0 we have provided + `gateway.exproto.mountpoint` for configuration, so there is no need to override + it through the Authenticate request. + + Additionally, updates the default value of `subscriptions_max`, `inflight_max`, + `mqueue_max` to `infinity` + +- [#11042](https://github.com/emqx/emqx/pull/11042) Fix crash on `/api/listeners` when listener's max_connections is set to a string. + +- [#11051](https://github.com/emqx/emqx/pull/11051) Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer. + +- [#11056](https://github.com/emqx/emqx/pull/11056) - Fix the issue where newly created listeners do not start properly at times, + when you delete a system default listener and add a new one named 'default', it will not start correctly. + - Fix the bug where configuration failure on certain nodes can cause dashboard unavailability. + +- [#11070](https://github.com/emqx/emqx/pull/11070) Fix the problem that the cluster.autoclean configuration item does not take effect. + +- [#11092](https://github.com/emqx/emqx/pull/11092) Fix problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. + Relevant mria pull request: https://github.com/emqx/mria/pull/143 + +- [#10807](https://github.com/emqx/emqx/pull/10807) Removed license check debug logs. + +- [#10878](https://github.com/emqx/emqx/pull/10878) A vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files, has been rectified + +- [#10913](https://github.com/emqx/emqx/pull/10913) Fixed an issue where a node that left the cluster would still report plugin status from other nodes. + +- [#10967](https://github.com/emqx/emqx/pull/10967) Fixed error message formatting in rebalance API: previously they could be displayed as unclear dumps of internal Erlang structures. + + Added `wait_health_check` option to node evacuation CLI and API. This is a time interval when the node reports "unhealthy status" without beginning actual evacuation. We need this to allow a Load Balancer (if any) to remove the evacuated node from balancing and not forward (re)connecting clients to the evacuated node. + +- [#10997](https://github.com/emqx/emqx/pull/10997) The ClickHouse bridge had a problem that could cause messages to be dropped when the ClickHouse server is closed while sending messages even when the request_ttl is set to infinity. This has been fixed by treating errors due to a closed connection as recoverable errors. + +- [#10998](https://github.com/emqx/emqx/pull/10998) Do not allow `batch_size` option for MongoDB bridge resource. + MongoDB connector currently does not support batching, the `bath_size` config value is forced to be 1 if provided. + +- [#10999](https://github.com/emqx/emqx/pull/10999) Changed schema validation for Kafka fields 'Partition Count Refresh Interval' and 'Offset Commit Interval' to avoid accepting values larger then maximum allowed. + +- [#11006](https://github.com/emqx/emqx/pull/11006) Fix QUIC listeners's default cert file paths. + + Prior to this change, the default cert file paths are prefixed with environment variable `${EMQX_ETC_DIR}` which were not interpolated before used in QUIC listeners. + +- [#11025](https://github.com/emqx/emqx/pull/11025) Fixed a `case_clause` error that could arise in race conditions in Pulsar Producer bridge. + +- [#11031](https://github.com/emqx/emqx/pull/11031) Fixed credential validation when creating bridge and checking status for InfluxDB Bridges. + +- [#11038](https://github.com/emqx/emqx/pull/11038) Fixed a health check issue for Pulsar Producer that could lead to loss of messages when the connection to Pulsar's brokers were down. + +- [#11040](https://github.com/emqx/emqx/pull/11040) Fixed a health check issue for Kafka Producer that could lead to loss of messages when the connection to Kafka's brokers were down. From dddccfdc5c934aab89ed4b04e9f2f24bad8753de Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 20 Jun 2023 17:09:17 +0200 Subject: [PATCH 28/36] chore: bump to v5.1.0 official cut --- apps/emqx/include/emqx_release.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl index 2d4e5476c..c83444efc 100644 --- a/apps/emqx/include/emqx_release.hrl +++ b/apps/emqx/include/emqx_release.hrl @@ -32,7 +32,7 @@ %% `apps/emqx/src/bpapi/README.md' %% Opensource edition --define(EMQX_RELEASE_CE, "5.1.0-rc.1"). +-define(EMQX_RELEASE_CE, "5.1.0"). %% Enterprise edition -define(EMQX_RELEASE_EE, "5.1.0"). From 045ed340dd404db8e4f3d83deaa462aa424100f2 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 09:17:34 +0200 Subject: [PATCH 29/36] fix(emqx_conf_app): fix release version detect during cluster conf sync --- apps/emqx_conf/src/emqx_conf_app.erl | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/apps/emqx_conf/src/emqx_conf_app.erl b/apps/emqx_conf/src/emqx_conf_app.erl index 1505b8c3e..f5ecbedb6 100644 --- a/apps/emqx_conf/src/emqx_conf_app.erl +++ b/apps/emqx_conf/src/emqx_conf_app.erl @@ -180,17 +180,7 @@ sync_cluster_conf2(Nodes) -> %% @private Filter out the nodes which are running a newer version than this node. sync_cluster_conf3(Ready) -> - NotNewer = fun({ok, #{release := RemoteRelease}}) -> - try - emqx_release:vsn_compare(RemoteRelease) =/= newer - catch - _:_ -> - %% If the version is not valid (without v or e prefix), - %% we know it's older than v5.1.0/e5.1.0 - true - end - end, - case lists:filter(NotNewer, Ready) of + case lists:filter(fun is_older_or_same_version/1, Ready) of [] -> %% All available core nodes are running a newer version than this node. %% Start this node without syncing cluster config from them. @@ -213,6 +203,19 @@ sync_cluster_conf3(Ready) -> sync_cluster_conf4(Ready2) end. +is_older_or_same_version({ok, #{release := RemoteRelease}}) -> + try + emqx_release:vsn_compare(RemoteRelease) =/= newer + catch + _:_ -> + %% If the version is not valid (without v or e prefix), + %% we know it's older than v5.1.0/e5.1.0 + true + end; +is_older_or_same_version(_) -> + %% older version has no 'release' field + true. + %% @private Some core nodes are running and replied with their configs successfully. %% Try to sort the results and save the first one for local use. sync_cluster_conf4(Ready) -> From 5f47649d4d0eaf7a21117e70e787b64d0b9bdd32 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 09:45:45 +0200 Subject: [PATCH 30/36] chore: downgrade log severity level of 'not_ready' nodes to info --- apps/emqx_conf/src/emqx_conf_app.erl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/apps/emqx_conf/src/emqx_conf_app.erl b/apps/emqx_conf/src/emqx_conf_app.erl index f5ecbedb6..459e13676 100644 --- a/apps/emqx_conf/src/emqx_conf_app.erl +++ b/apps/emqx_conf/src/emqx_conf_app.erl @@ -134,7 +134,7 @@ sync_cluster_conf2(Nodes) -> msg => "ignored_nodes_when_sync_cluster_conf" }, ?SLOG(warning, Warning); - true -> + true when Failed =/= [] -> %% There are core nodes running but no one was able to reply. ?SLOG(error, #{ msg => "failed_to_sync_cluster_conf", @@ -142,6 +142,14 @@ sync_cluster_conf2(Nodes) -> failed => Failed, not_ready => NotReady }); + true -> + %% There are core nodes booting up + ?SLOG(info, #{ + msg => "peer_not_ready_for_config_sync", + reason => "The 'not_ready' peer node(s) are loading configs", + nodes => Nodes, + not_ready => NotReady + }); false -> ok end, From e305d5d5dbd50537676f75113e8ff45dd0f2bb97 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 14:38:03 +0200 Subject: [PATCH 31/36] docs: update changelog for 5.1.0 both opensource and enterprise editions --- changes/e5.1.0.en.md | 399 ++++++++++++++----------------------------- 1 file changed, 131 insertions(+), 268 deletions(-) diff --git a/changes/e5.1.0.en.md b/changes/e5.1.0.en.md index cb289b55e..4026dc493 100644 --- a/changes/e5.1.0.en.md +++ b/changes/e5.1.0.en.md @@ -2,274 +2,137 @@ ## Enhancements -- [#10584](https://github.com/emqx/emqx/pull/10584) Add log level configuration to SSL communication - -- [#10598](https://github.com/emqx/emqx/pull/10598) Provide a callback method of Unary type in ExProto to avoid possible message disorder issues. - -- [#10676](https://github.com/emqx/emqx/pull/10676) Implement configuration and user data import/export CLI. - - The `emqx ctl export` and `emqx ctl import` commands allow to export configuration and built-in database - data from a running EMQX cluster and later import it to the same or another running EMQX cluster. - -- [#10702](https://github.com/emqx/emqx/pull/10702) Introduce a more straightforward configuration option `keepalive_multiplier` and - deprecate the old `keepalive_backoff` configuration. - After this enhancement, EMQX checks the client's keepalive timeout status - period by multiplying the "Client Requested Keepalive Interval" with `keepalive_multiplier`. - -- [#10782](https://github.com/emqx/emqx/pull/10782) Added a new `deliver_rate` option to the retainer configuration, which can limit the maximum delivery rate per session in the retainer. - - -- [#10858](https://github.com/emqx/emqx/pull/10858) A new utility function timezone_to_offset_seconds/1 has been added to the rule engine SQL language. This function converts a timezone string (for example, "+02:00", "Z" and "local") to the corresponding offset in seconds. - -- [#10909](https://github.com/emqx/emqx/pull/10909) Remove the deprecated HTTP APIs for gateways - -- [#10910](https://github.com/emqx/emqx/pull/10910) The data bridge resource option `auto_restart_interval` was deprecated in favor of `health_check_interval`, and `request_timeout` was renamed to `request_ttl`. Also, the default `request_ttl` value went from 15 seconds to 45 seconds. - - The previous existence of both `auto_restart_interval` and `health_check_interval` was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, `health_check_interval` is used both to control the periodicity of health checks that may transition the data bridge into `disconnected` or `connecting` states, as well as recovering from `disconnected`. - -- [#10926](https://github.com/emqx/emqx/pull/10926) Allow 'enable' as well as 'enabled' as the state flag for listeners. - - Prior to this change, listener can be enable/disabled by setting the 'true' or 'false' on the 'enabled' config. - This is slightly different naming comparing to other state flags in the system. - No the 'enable' flag is added as an aliase on listeners. - -- [#10929](https://github.com/emqx/emqx/pull/10929) Upgrade Erlang/OTP to 25.3.2-1 - -- [#10933](https://github.com/emqx/emqx/pull/10933) Add support for configuring TCP keep-alive in MQTT/TCP and MQTT/SSL listeners - -- [#10948](https://github.com/emqx/emqx/pull/10948) Add `live_connections` field for some HTTP APIs, i.e: - - `/monitor_current`, `/monitor_current/nodes/{node}` - - `/monitor/nodes/{node}`, `/monitor` - - `/node/{node}`, `/nodes` - -- [#10961](https://github.com/emqx/emqx/pull/10961) Adds support for unlimited max connections for gateway listeners by allowing - infinity as a valid value for the `max_connections` field in the configuration - and HTTP API - -- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed emqx ctl command 'cluster_call' to 'conf cluster_sync'. - The old command 'cluster_call' is still a valid command, but not included in usage info. - -- [#11034](https://github.com/emqx/emqx/pull/11034) Hide the broker and move the `broker.shared_subscription_strategy` to `mqtt.shared_subscription_strategy` as it belongs to `mqtt`. - -- [#11045](https://github.com/emqx/emqx/pull/11045) The listener's authentication and zone related apis have been officially removed in version `5.1.0`. - -- [#11062](https://github.com/emqx/emqx/pull/11062) Rename `log.file.to` to `log.file.path`. - -- [#10778](https://github.com/emqx/emqx/pull/10778) Refactored Pulsar Producer bridge to avoid leaking resources during crashes at creation. - -- [#10813](https://github.com/emqx/emqx/pull/10813) Refactored Kafka Producer and Consumer bridges to avoid leaking resources during crashes at creation. - -- [#10841](https://github.com/emqx/emqx/pull/10841) Added a schema validation to ensure message key is not empty when dispatching by key in Kafka and Pulsar Producer bridges. - -- [#10877](https://github.com/emqx/emqx/pull/10877) Bump RocketMQ driver to enhance security for sensitive data. - -- [#10892](https://github.com/emqx/emqx/pull/10892) Require that SID or Service Name is set on Oracle Database bridge creation. - -- [#10895](https://github.com/emqx/emqx/pull/10895) Refactored most of the bridges to avoid resource leaks during crashes during creation. - -- [#10908](https://github.com/emqx/emqx/pull/10908) Refactored the RocketMQ bridge to avoid leaking resources during crashes at creation. - -- [#10924](https://github.com/emqx/emqx/pull/10924) Refactored influxdb bridge connector to avoid resource leaks during crashes at creation. - -- [#10944](https://github.com/emqx/emqx/pull/10944) Improved the GCP PubSub bridge to avoid a potential issue where messages could fail to be sent when restarting a node. - -- [#10970](https://github.com/emqx/emqx/pull/10970) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode. - -- [#11003](https://github.com/emqx/emqx/pull/11003) Add an option to configure TCP keepalive in Kafka bridge. - -- [#11024](https://github.com/emqx/emqx/pull/11024) Added a small improvement to reduce the chance of seeing the `connecting` state when creating/updating a Pulsar Producer bridge. - -- [#10678](https://github.com/emqx/emqx/pull/10678) Optimized counter increment calls to avoid work if increment is zero. - -- [#10690](https://github.com/emqx/emqx/pull/10690) Added a retry mechanism to webhook bridge that attempts to improve throughput. - - This optimization retries request failures without blocking the buffering layer, which can improve throughput in situations of high messaging rate. - -- [#10698](https://github.com/emqx/emqx/pull/10698) Optimize memory usage when accessing the configuration during runtime. - -- [#10754](https://github.com/emqx/emqx/pull/10754) The MQTT bridge has been enhanced to utilize connection pooling and leverage available parallelism, substantially improving throughput. - - As a consequence, single MQTT bridge now uses a pool of `clientid`s to connect to the remote broker. - -- [#10790](https://github.com/emqx/emqx/pull/10790) Reducing overhead of reading configs per zone. - - -- [#10941](https://github.com/emqx/emqx/pull/10941) Improve the collection speed of Prometheus metrics when setting - `prometheus.vm_dist_collector=disabled` and - metric `erlang_vm_statistics_run_queues_length_total` is renamed to `erlang_vm_statistics_run_queues_length` - -- [#10988](https://github.com/emqx/emqx/pull/10988) Improve log security when data bridge creation fails to ensure sensitive data is always obfuscated. - -- [#11019](https://github.com/emqx/emqx/pull/11019) Improve log security for JWT, now it will be obfuscated before print. - -- [#11035](https://github.com/emqx/emqx/pull/11035) Bump Cassandra driver to avoid sensitive data leakages. +- [#11035](https://github.com/emqx/emqx/pull/11035) Upgraded Cassandra driver to avoid username and password leakage in data bridge logs. +- [#10584](https://github.com/emqx/emqx/pull/10584) Added log level configuration to SSL communication +- [#10678](https://github.com/emqx/emqx/pull/10678) Optimized counter increment calls to avoid work if increment is zero. +- [#10690](https://github.com/emqx/emqx/pull/10690) Added a retry mechanism to webhook bridge that attempts to improve throughput. + This optimization retries request failures without blocking the buffering layer, which can improve throughput in situations of high messaging rate. +- [#10702](https://github.com/emqx/emqx/pull/10702) Introduced a more straightforward configuration option `keepalive_multiplier` and deprecate the old `keepalive_backoff` configuration. After this enhancement, EMQX checks the client's keepalive timeout status period by multiplying the "Client Requested Keepalive Interval" with `keepalive_multiplier`. +- [#10698](https://github.com/emqx/emqx/pull/10698) Optimized memory usage when accessing the configuration during runtime. +- [#10778](https://github.com/emqx/emqx/pull/10778) Refactored Pulsar Producer bridge to avoid leaking resources during crashes at creation. +- [#10813](https://github.com/emqx/emqx/pull/10813) Refactored Kafka Producer and Consumer bridges to avoid leaking resources during crashes at creation. +- [#10858](https://github.com/emqx/emqx/pull/10858) A new utility function timezone_to_offset_seconds/1 has been added to the rule engine SQL language. This function converts a timezone string (for example, "+02:00", "Z" and "local") to the corresponding offset in seconds. +- [#10841](https://github.com/emqx/emqx/pull/10841) Added a schema validation to ensure message key is not empty when "dispatching by key" is selected in Kafka and Pulsar Producer bridges. +- [#10754](https://github.com/emqx/emqx/pull/10754) The MQTT bridge has been enhanced to utilize connection pooling and leverage available parallelism, substantially improving throughput. + As a consequence, single MQTT bridge now uses a pool of `clientid`s to connect to the remote broker. +- [#10782](https://github.com/emqx/emqx/pull/10782) Added a new `deliver_rate` option to the retainer configuration, which can limit the maximum delivery rate per session in the retainer. +- [#10877](https://github.com/emqx/emqx/pull/10877) Upgraded RocketMQ driver to enhance security for sensitive data. +- [#10598](https://github.com/emqx/emqx/pull/10598) Provided a callback method of Unary type in ExProto to avoid possible message disorder issues. +- [#10895](https://github.com/emqx/emqx/pull/10895) Refactored most of the bridges to avoid resource leaks during crashes at creation. +- [#10790](https://github.com/emqx/emqx/pull/10790) Reduced the overhead during configuration reads by optimizing the configuration read mechanism. +- [#10892](https://github.com/emqx/emqx/pull/10892) Added the requirement for setting SID or Service Name in Oracle Database bridge creation. +- [#10910](https://github.com/emqx/emqx/pull/10910) The data bridge resource option `auto_restart_interval` was deprecated in favor of `health_check_interval`, and `request_timeout` was renamed to `request_ttl`. Also, the default `request_ttl` value went from 15 seconds to 45 seconds. + The previous existence of both `auto_restart_interval` and `health_check_interval` was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, `health_check_interval` is used both to control the periodicity of health checks that may transition the data bridge into `disconnected` or `connecting` states, as well as recovering from `disconnected`. +- [#10929](https://github.com/emqx/emqx/pull/10929) Upgraded Erlang/OTP to 25.3.2-1. +- [#10909](https://github.com/emqx/emqx/pull/10909) Removed the deprecated HTTP APIs for gateways. +- [#10908](https://github.com/emqx/emqx/pull/10908) Refactored the RocketMQ bridge to avoid leaking resources during crashes at creation. +- [#10924](https://github.com/emqx/emqx/pull/10924) Refactored Influxdb bridge connector to avoid resource leaks during crashes at creation. +- [#10944](https://github.com/emqx/emqx/pull/10944) Improved the GCP PubSub bridge to avoid a potential issue where messages could fail to be sent when restarting a node. +- [#10933](https://github.com/emqx/emqx/pull/10933) Added support for configuring TCP keep-alive in MQTT/TCP and MQTT/SSL listeners. +- [#10948](https://github.com/emqx/emqx/pull/10948) Added `live_connections` field for some HTTP APIs, i.e: + - `/monitor_current`, `/monitor_current/nodes/{node}` + - `/monitor/nodes/{node}`, `/monitor` + - `/node/{node}`, `/nodes` +- [#10941](https://github.com/emqx/emqx/pull/10941) Improved the collection speed of Prometheus metrics when setting `prometheus.vm_dist_collector=disabled` and metric `erlang_vm_statistics_run_queues_length_total` is renamed to `erlang_vm_statistics_run_queues_length` +- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed emqx ctl command 'cluster_call' to 'conf cluster_sync'. The old command 'cluster_call' is still a valid command, but not included in usage info. +- [#10988](https://github.com/emqx/emqx/pull/10988) Improved log security when data bridge creation fails to ensure sensitive data is always obfuscated. +- [#10926](https://github.com/emqx/emqx/pull/10926) Allowed 'enable' as well as 'enabled' as the state flag for listeners. + Prior to this change, listener can be enable/disabled by setting the 'true' or 'false' on the 'enabled' config. This is slightly different naming comparing to other state flags in the system. No the 'enable' flag is added as an aliase on listeners. +- [#10970](https://github.com/emqx/emqx/pull/10970) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode. +- [#10676](https://github.com/emqx/emqx/pull/10676) Added CLI commands `emqx ctl export` and `emqx ctl import` for importing/exporting configuration and user data. This allows exporting configurations and built-in database data from a running EMQX cluster and importing them into the same or another running EMQX cluster. +- [#11003](https://github.com/emqx/emqx/pull/11003) Added an option to configure TCP keepalive in Kafka bridge. +- [#10961](https://github.com/emqx/emqx/pull/10961) Added support for unlimited max connections for gateway listeners by allowing infinity as a valid value for the `max_connections` field in the configuration and HTTP API. +- [#11019](https://github.com/emqx/emqx/pull/11019) Improved log security for JWT, now it will be obfuscated before print. +- [#11024](https://github.com/emqx/emqx/pull/11024) Added a small improvement to reduce the chance of seeing the `connecting` state when creating/updating a Pulsar Producer bridge. +- [#11034](https://github.com/emqx/emqx/pull/11034) Hid the broker config and changed the `broker.shared_subscription_strategy` to `mqtt.shared_subscription_strategy` as it belongs to `mqtt`. +- [#11045](https://github.com/emqx/emqx/pull/11045) The listener's authentication and zone related apis have been officially removed in version `5.1.0`. +- [#11062](https://github.com/emqx/emqx/pull/11062) Renamed config `log.file.to` to `log.file.path`. ## Bug Fixes -- [#10563](https://github.com/emqx/emqx/pull/10563) Corrected an issue where the no_local flag was not functioning correctly. - - -- [#10600](https://github.com/emqx/emqx/pull/10600) Deleted emqx_statsd application. - - -- [#10653](https://github.com/emqx/emqx/pull/10653) Store gateway authentication TLS certificates and keys in the data directory. - -- [#10677](https://github.com/emqx/emqx/pull/10677) In Rule API, reapond with 404 HTTP error code when trying to delete a rule that does not exist. - -- [#10682](https://github.com/emqx/emqx/pull/10682) Fix the timestamp for the will message is incorrectly assigned at the session creation time, now this timestamp is the disconnected time of the session. - -- [#10701](https://github.com/emqx/emqx/pull/10701) RPM package for Amazon Linux 2 did not support TLS v1.3 as it was assembled with Erlang/OTP built with openssl 1.0. - -- [#10715](https://github.com/emqx/emqx/pull/10715) Postpone trimming the connection information structure until after `client.connected` hooks have been executed. These hooks once again have access to the client's peer certificate. - -- [#10737](https://github.com/emqx/emqx/pull/10737) Fix the issue where the HTTP API interface of Gateway cannot handle ClientIDs with - special characters, such as: `!@#$%^&*()_+{}:"<>?/`. - -- [#10785](https://github.com/emqx/emqx/pull/10785) Ensure `EMQX_LOG_DIR` is set by Windows boot script. - - The environment variable `EMQX_LOG_DIR` was missing in v5.0.25, caused EMQX Windows package fail to boot unless set by sysadmin. - -- [#10809](https://github.com/emqx/emqx/pull/10809) Address `** ERROR ** Mnesia post_commit hook failed: error:badarg` error messages happening during node shutdown or restart. - Mria pull request: https://github.com/emqx/mria/pull/142 - -- [#10818](https://github.com/emqx/emqx/pull/10818) Fixing `emqx_ctl traces` command. - -- [#10820](https://github.com/emqx/emqx/pull/10820) In case the cluster updated license before the new node join in. The new node will not apply the updated license. - After this change, the new joined node will use the cluster's license key. - - Sometimes the new node must start with a outdated license. - e.g. use emqx-operator deployed and needed to scale up after license expired. - At the time the cluster's license key already updated by API/CLI, but the new node won't use it. - -- [#10833](https://github.com/emqx/emqx/pull/10833) Only include enabled authenticators and authorizers in telemetry report, not all of them. - -- [#10851](https://github.com/emqx/emqx/pull/10851) Obfuscated sensitive data in the bad API logging. - -- [#10871](https://github.com/emqx/emqx/pull/10871) Fixes for connection deletion and message publishing requests not taking effect - issues once the connection has been created in a different UDP port first. - -- [#10880](https://github.com/emqx/emqx/pull/10880) Add a new HTTP API endpoint `/clients/kickout/bulk` for kicking out multiple clients in bulk. - -- [#10884](https://github.com/emqx/emqx/pull/10884) Fixes an issue where trying to get rule info or metrics could result in a crash when a node is joining a cluster. - -- [#10887](https://github.com/emqx/emqx/pull/10887) Fixed a potential issue where requests to bridges might take a long time to be retried. - - This only affected low throughput scenarios, where the buffering layer could take a long time to detect connectivity and driver problems. - -- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes runing a newer version than self. - - During cluster rolling upgrade, if an older version node has to restart due to whatever reason, - if it copies the cluster.hocon file from a newer version node, it may fail to start. - After this fix, the older version node will not copy the cluster.hocon file from a newer, - so it will use its own cluster.hocon file to start. - -- [#10911](https://github.com/emqx/emqx/pull/10911) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand. - -- [#10923](https://github.com/emqx/emqx/pull/10923) Fix a race-condition in channel info registration. - - Prior to this fix, when system is under heavy load, it might happen that a client is disconnected (or has its session expired) but still can be found in the clients page in dashboard. - One of the possible reasons is a race condition fixed in this PR: the connection is killed in the middle of channel data registration. - -- [#10930](https://github.com/emqx/emqx/pull/10930) Added a schema validation for values that might be used in timeouts to avoid invalid values. - - Before this fix, it was possible to use absurd values in the schema that would exceed the system limit, causing a crash. - -- [#10943](https://github.com/emqx/emqx/pull/10943) Deprecated UDP mcast mechanism for cluster discovery. - - This feature has been planed for deprecation since 5.0 mainly due to the lack of - actual production use. - This feature code is not yet removed in 5.1, but the document interface is demoted. - -- [#10950](https://github.com/emqx/emqx/pull/10950) Fix the issue where the `enable_qos` option does not take effect in the MQTT-SN gateway. - -- [#10951](https://github.com/emqx/emqx/pull/10951) Fix the issue in MQTT-SN gateway where the `mountpoint` does not take effect on message publishing. - -- [#10952](https://github.com/emqx/emqx/pull/10952) Disallow enabling `fail_if_no_peer_cert` in listener SSL options if `verify_none` is set. - - Setting `fail_if_no_peer_cert = true` and `verify = verify_none` caused connection errors - due to incompatible options. - This fix validates the options when creating or updating a listener to avoid these errors. - - Note: any old listener configuration with `fail_if_no_peer_cert = true` and `verify = verify_none` - that was previously allowed will fail to load after applying this fix and must be manually fixed. - -- [#10955](https://github.com/emqx/emqx/pull/10955) Fix the issue in MQTT-SN gateway where deleting Predefined Topics configuration does not work. - -- [#10977](https://github.com/emqx/emqx/pull/10977) Fix delay in updating subscription count metric and correct configuration issues in Stomp gateway. - -- [#10983](https://github.com/emqx/emqx/pull/10983) Fix issue when mqtt clients could not connect over TLS if the listener was configured to use TLS v1.3 only. - - The problem was that TLS connection was trying to use options incompatible with TLS v1.3. - -- [#10994](https://github.com/emqx/emqx/pull/10994) Redact `proxy-authorization` headers as used by HTTP connector to not leak secrets into log-files. - -- [#10996](https://github.com/emqx/emqx/pull/10996) Default to 404 for any HTTP/API request, we don't know, rather than the dashboard's index.html. - -- [#11005](https://github.com/emqx/emqx/pull/11005) Fix the issue where the `method` field cannot be correctly printed in the trace logs of AuthN HTTP. - -- [#11018](https://github.com/emqx/emqx/pull/11018) Fixed multiple issues with the Stomp gateway, including: - - Fixed an issue where `is_superuser` was not working correctly. - - Fixed an issue where the mountpoint was not being removed in message delivery. - - After a message or subscription request fails, the Stomp client should be disconnected - immediately after replying with an ERROR message. - -- [#11028](https://github.com/emqx/emqx/pull/11028) Disallow using multiple TLS versions in the listener config that include tlsv1.3 but exclude tlsv1.2. - - Using TLS configuration with such version gap caused connection errors. - Additionally, drop and log TLS options that are incompatible with the selected TLS version(s). - - Note: any old listener configuration with the version gap described above will fail to load - after applying this fix and must be manually fixed. - -- [#11030](https://github.com/emqx/emqx/pull/11030) Improved error messages when a validation error occurs while using the Listeners HTTP API. - -- [#11033](https://github.com/emqx/emqx/pull/11033) Deprecates the `mountpoint` field in `AuthenticateRequest` in ExProto gateway. - - This field was introduced in v4.x, but in fact, in 5.0 we have provided - `gateway.exproto.mountpoint` for configuration, so there is no need to override - it through the Authenticate request. - - Additionally, updates the default value of `subscriptions_max`, `inflight_max`, - `mqueue_max` to `infinity` - -- [#11042](https://github.com/emqx/emqx/pull/11042) Fix crash on `/api/listeners` when listener's max_connections is set to a string. - -- [#11051](https://github.com/emqx/emqx/pull/11051) Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer. - -- [#11056](https://github.com/emqx/emqx/pull/11056) - Fix the issue where newly created listeners do not start properly at times, - when you delete a system default listener and add a new one named 'default', it will not start correctly. - - Fix the bug where configuration failure on certain nodes can cause dashboard unavailability. - -- [#11070](https://github.com/emqx/emqx/pull/11070) Fix the problem that the cluster.autoclean configuration item does not take effect. - -- [#11092](https://github.com/emqx/emqx/pull/11092) Fix problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. - Relevant mria pull request: https://github.com/emqx/mria/pull/143 - -- [#10807](https://github.com/emqx/emqx/pull/10807) Removed license check debug logs. - -- [#10878](https://github.com/emqx/emqx/pull/10878) A vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files, has been rectified - -- [#10913](https://github.com/emqx/emqx/pull/10913) Fixed an issue where a node that left the cluster would still report plugin status from other nodes. - -- [#10967](https://github.com/emqx/emqx/pull/10967) Fixed error message formatting in rebalance API: previously they could be displayed as unclear dumps of internal Erlang structures. - - Added `wait_health_check` option to node evacuation CLI and API. This is a time interval when the node reports "unhealthy status" without beginning actual evacuation. We need this to allow a Load Balancer (if any) to remove the evacuated node from balancing and not forward (re)connecting clients to the evacuated node. - -- [#10997](https://github.com/emqx/emqx/pull/10997) The ClickHouse bridge had a problem that could cause messages to be dropped when the ClickHouse server is closed while sending messages even when the request_ttl is set to infinity. This has been fixed by treating errors due to a closed connection as recoverable errors. - -- [#10998](https://github.com/emqx/emqx/pull/10998) Do not allow `batch_size` option for MongoDB bridge resource. - MongoDB connector currently does not support batching, the `bath_size` config value is forced to be 1 if provided. - -- [#10999](https://github.com/emqx/emqx/pull/10999) Changed schema validation for Kafka fields 'Partition Count Refresh Interval' and 'Offset Commit Interval' to avoid accepting values larger then maximum allowed. - -- [#11006](https://github.com/emqx/emqx/pull/11006) Fix QUIC listeners's default cert file paths. - - Prior to this change, the default cert file paths are prefixed with environment variable `${EMQX_ETC_DIR}` which were not interpolated before used in QUIC listeners. - -- [#11025](https://github.com/emqx/emqx/pull/11025) Fixed a `case_clause` error that could arise in race conditions in Pulsar Producer bridge. - -- [#11031](https://github.com/emqx/emqx/pull/11031) Fixed credential validation when creating bridge and checking status for InfluxDB Bridges. - -- [#11038](https://github.com/emqx/emqx/pull/11038) Fixed a health check issue for Pulsar Producer that could lead to loss of messages when the connection to Pulsar's brokers were down. - -- [#11040](https://github.com/emqx/emqx/pull/11040) Fixed a health check issue for Kafka Producer that could lead to loss of messages when the connection to Kafka's brokers were down. +- [#11018](https://github.com/emqx/emqx/pull/11018) Fixed multiple issues with the Stomp gateway, including: + - Fixed an issue where `is_superuser` was not working correctly. + - Fixed an issue where the mountpoint was not being removed in message delivery. + - After a message or subscription request fails, the Stomp client should be disconnected + immediately after replying with an ERROR message. +- [#11051](https://github.com/emqx/emqx/pull/11051) Added validation to ensure that certificate `depth` (listener SSL option) is a non negative integer. +- [#10563](https://github.com/emqx/emqx/pull/10563) Corrected an issue where the no_local flag was not functioning correctly in subscription. +- [#10653](https://github.com/emqx/emqx/pull/10653) Stored gateway authentication TLS certificates and keys in the data directory to fix the problem of memory leakage. +- [#10682](https://github.com/emqx/emqx/pull/10682) Fixed the timestamp for the will message is incorrectly assigned at the session creation time, now this timestamp is the disconnected time of the session. +- [#10701](https://github.com/emqx/emqx/pull/10701) RPM package for Amazon Linux 2 did not support TLS v1.3 as it was assembled with Erlang/OTP built with openssl 1.0. +- [#10677](https://github.com/emqx/emqx/pull/10677) Fixed an issue in the Rule API where attempting to delete a non-existent rule resulted in a 404 HTTP error code response. +- [#10715](https://github.com/emqx/emqx/pull/10715) Support for getting the client certificate in the client.connected hook. Previously, this data was removed after the connection was established to reduce memory usage. +- [#10737](https://github.com/emqx/emqx/pull/10737) Fixed the issue where the HTTP API interface of Gateway cannot handle ClientIDs with special characters, such as: `!@#$%^&*()_+{}:"<>?/`. +- [#10809](https://github.com/emqx/emqx/pull/10809) Addressed `** ERROR ** Mnesia post_commit hook failed: error:badarg` error messages happening during node shutdown or restart. Mria pull request: [https://github.com/emqx/mria/pull/142](https://github.com/emqx/mria/pull/142) +- [#10807](https://github.com/emqx/emqx/pull/10807) The debug-level logs related to license checks will no longer be printed. These logs were generated too frequently and could interfere with log recording. +- [#10818](https://github.com/emqx/emqx/pull/10818) Fixed `emqx_ctl traces` command error where the `traces start` command in the `emqx_mgmt_cli` module was not working properly with some filters. +- [#10600](https://github.com/emqx/emqx/pull/10600) Deleted emqx_statsd application. +- [#10820](https://github.com/emqx/emqx/pull/10820) Fixed the issue where newly added nodes in the cluster would not apply the new license after a cluster license update and would continue to use the old license. + Sometimes the new node must start with a outdated license. e.g. use emqx-operator deployed and needed to scale up after license expired. At the time the cluster's license key already updated by API/CLI, but the new node won't use it. +- [#10851](https://github.com/emqx/emqx/pull/10851) Obfuscated sensitive data in the bad API logging. +- [#10884](https://github.com/emqx/emqx/pull/10884) Fixed an issue where trying to get rule info or metrics could result in a crash when a node is joining a cluster. +- [#10887](https://github.com/emqx/emqx/pull/10887) Fixed a potential issue where requests to bridges might take a long time to be retried. + This only affected low throughput scenarios, where the buffering layer could take a long time to detect connectivity and driver problems. +- [#10878](https://github.com/emqx/emqx/pull/10878) Rectified a vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files. +- [#10871](https://github.com/emqx/emqx/pull/10871) Fixed an issue where the Dashboard shows that the connection still exists after a CoAP connection is disconnected, but deletion and message posting requests do not take effect. +- [#10880](https://github.com/emqx/emqx/pull/10880) Added a new REST API `POST /clients/kickout/bulk` for kicking out multiple clients in bulk. +- [#10913](https://github.com/emqx/emqx/pull/10913) Fixed an issue where the plugin status REST API of a node would still include the cluster node status after the node left the cluster. +- [#10923](https://github.com/emqx/emqx/pull/10923) Fixed a race-condition in channel info registration. + Prior to this fix, when system is under heavy load, it might happen that a client is disconnected (or has its session expired) but still can be found in the clients page in dashboard. One of the possible reasons is a race condition fixed in this PR: the connection is killed in the middle of channel data registration. +- [#10930](https://github.com/emqx/emqx/pull/10930) Added a schema validation for duration data type to avoid invalid values. + Before this fix, it was possible to use absurd values in the schema that would exceed the system limit, causing a crash. +- [#10952](https://github.com/emqx/emqx/pull/10952) Disallow enabling `fail_if_no_peer_cert` in listener SSL options if `verify = verify_none` is set. + Setting `fail_if_no_peer_cert = true` and `verify = verify_none` caused connection errors due to incompatible options. This fix validates the options when creating or updating a listener to avoid these errors. + + Note: any old listener configuration with `fail_if_no_peer_cert = true` and `verify = verify_none` that was previously allowed will fail to load after applying this fix and must be manually fixed. +- [#10951](https://github.com/emqx/emqx/pull/10951) Fixed the issue in MQTT-SN gateway where the `mountpoint` does not take effect on message publishing. +- [#10943](https://github.com/emqx/emqx/pull/10943) Deprecated UDP mcast mechanism for cluster discovery. + This feature has been planed for deprecation since 5.0 mainly due to the lack of actual production use. This feature code is not yet removed in 5.1, but the document interface is demoted. +- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes runing a newer version than the self-node. + During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the cluster.hocon file from a newer version node, it may fail to start. After this fix, the older version node will not copy the cluster.hocon file from a newer, so it will use its own cluster.hocon file to start. +- [#10967](https://github.com/emqx/emqx/pull/10967) Fixed error message formatting in rebalance API: previously they could be displayed as unclear dumps of internal Erlang structures. + Added `wait_health_check` option to node evacuation CLI and API. This is a time interval when the node reports "unhealthy status" without beginning actual evacuation. We need this to allow a Load Balancer (if any) to remove the evacuated node from balancing and not forward (re)connecting clients to the evacuated node. +- [#10911](https://github.com/emqx/emqx/pull/10911) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand. +- [#10983](https://github.com/emqx/emqx/pull/10983) Fixed the issue when mqtt clients could not connect over TLS if the listener was configured to use TLS v1.3 only. + The problem was that TLS connection was trying to use options incompatible with TLS v1.3. +- [#10977](https://github.com/emqx/emqx/pull/10977) Fixed the delay in updating subscription count metric and corrected configuration issues in Stomp gateway. +- [#10950](https://github.com/emqx/emqx/pull/10950) Fixed the issue where the `enable_qos` option does not take effect in the MQTT-SN gateway. +- [#10999](https://github.com/emqx/emqx/pull/10999) Changed schema validation for Kafka fields 'Partition Count Refresh Interval' and 'Offset Commit Interval' to avoid accepting values larger then maximum allowed. +- [#10997](https://github.com/emqx/emqx/pull/10997) The ClickHouse bridge had a problem that could cause messages to be dropped when the ClickHouse server is closed while sending messages even when the request_ttl is set to infinity. This has been fixed by treating errors due to a closed connection as recoverable errors. +- [#10994](https://github.com/emqx/emqx/pull/10994) Redacted `proxy-authorization` headers as used by HTTP connector to avoid leaking secrets into log files. +- [#10996](https://github.com/emqx/emqx/pull/10996) For any unknown HTTP/API request, the default response is a 404 error rather than the dashboard's index.html. +- [#11005](https://github.com/emqx/emqx/pull/11005) Fixed the issue where the `method` field cannot be correctly printed in the trace logs of AuthN HTTP. +- [#11006](https://github.com/emqx/emqx/pull/11006) Fixed QUIC listeners's default cert file paths. + Prior to this change, the default cert file paths are prefixed with environment variable `${EMQX_ETC_DIR}` which were not interpolated before used in QUIC listeners. +- [#10998](https://github.com/emqx/emqx/pull/10998) Do not allow `batch_size` option for MongoDB bridge resource. MongoDB connector currently does not support batching, the `bath_size` config value is forced to be 1 if provided. +- [#10955](https://github.com/emqx/emqx/pull/10955) Fixed the issue in MQTT-SN gateway where deleting Predefined Topics configuration does not work. +- [#11025](https://github.com/emqx/emqx/pull/11025) Fixed a `case_clause` error that could arise in race conditions in Pulsar Producer bridge. +- [#11030](https://github.com/emqx/emqx/pull/11030) Improved error messages when a validation error occurs while using the Listeners HTTP API. +- [#11033](https://github.com/emqx/emqx/pull/11033) Deprecated the `mountpoint` field in `AuthenticateRequest` in ExProto gateway. + This field was introduced in e4.x, but in fact, in e5.0 we have provided + `gateway.exproto.mountpoint` for configuration, so there is no need to override + it through the Authenticate request. + + Additionally, updates the default value of `subscriptions_max`, `inflight_max`, + `mqueue_max` to `infinity`. +- [#11040](https://github.com/emqx/emqx/pull/11040) Fixed a health check issue for Kafka Producer that could lead to loss of messages when the connection to Kafka's brokers were down. +- [#11038](https://github.com/emqx/emqx/pull/11038) Fixed a health check issue for Pulsar Producer that could lead to loss of messages when the connection to Pulsar's brokers were down. +- [#11042](https://github.com/emqx/emqx/pull/11042) Fixed crash on REST API `GET /listeners` when listener's `max_connections` is set to a string. +- [#11028](https://github.com/emqx/emqx/pull/11028) Disallowed using multiple TLS versions in the listener config that include tlsv1.3 but exclude tlsv1.2. + Using TLS configuration with such version gap caused connection errors. + Additionally, drop and log TLS options that are incompatible with the selected TLS version(s). + + Note: any old listener configuration with the version gap described above will fail to load + after applying this fix and must be manually fixed. +- [#11031](https://github.com/emqx/emqx/pull/11031) Fixed credential validation when creating bridge and checking status for InfluxDB Bridges. +- [#11056](https://github.com/emqx/emqx/pull/11056) Fixed the issue where newly created listeners sometimes do not start properly. + When you delete a system default listener and add a new one named 'default', it will not start correctly. + - Fixed the bug where configuration failure on certain nodes can cause Dashboard unavailability. +- [#11070](https://github.com/emqx/emqx/pull/11070) Fixed the problem that the `cluster.autoclean` configuration item does not take effect. +- [#11092](https://github.com/emqx/emqx/pull/11092) and [#11100](https://github.com/emqx/emqx/pull/11100) Fixed problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. + Relevant mria pull request: [https://github.com/emqx/mria/pull/143](https://github.com/emqx/mria/pull/143) + + +## [Breaking Changes](https://github.com/emqx/emqx-docs/blob/release-5.1/en_US/changes/breaking-changes-5.1.0.md) + +## [Known Issues](https://github.com/emqx/emqx-docs/blob/release-5.1/en_US/changes/known-issues-5.1.0.md) From 99d4f54ff9cde2e247adcbd9f381f70d62133914 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 14:38:03 +0200 Subject: [PATCH 32/36] docs: add changelog for v5.1.0 --- changes/v5.1.0.en.md | 94 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 changes/v5.1.0.en.md diff --git a/changes/v5.1.0.en.md b/changes/v5.1.0.en.md new file mode 100644 index 000000000..a463739c5 --- /dev/null +++ b/changes/v5.1.0.en.md @@ -0,0 +1,94 @@ +# v5.1.0 + +## Enhancements + +- [#10858](https://github.com/emqx/emqx/pull/10858) A new utility function timezone_to_offset_seconds/1 has been added to the rule engine SQL language. This function converts a timezone string (for example, "+02:00", "Z" and "local") to the corresponding offset in seconds. +- [#10754](https://github.com/emqx/emqx/pull/10754) The MQTT bridge has been enhanced to utilize connection pooling and leverage available parallelism, substantially improving throughput. + As a consequence, single MQTT bridge now uses a pool of `clientid`s to connect to the remote broker. +- [#10782](https://github.com/emqx/emqx/pull/10782) Added a new `deliver_rate` option to the retainer configuration, which can limit the maximum delivery rate per session in the retainer. +- [#10598](https://github.com/emqx/emqx/pull/10598) Provided a callback method of Unary type in ExProto to avoid possible message disorder issues. +- [#10790](https://github.com/emqx/emqx/pull/10790) Reduced the overhead during configuration reads by optimizing the configuration read mechanism. +- [#10910](https://github.com/emqx/emqx/pull/10910) The data bridge resource option `auto_restart_interval` was deprecated in favor of `health_check_interval`, and `request_timeout` was renamed to `request_ttl`. Also, the default `request_ttl` value went from 15 seconds to 45 seconds. + The previous existence of both `auto_restart_interval` and `health_check_interval` was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, `health_check_interval` is used both to control the periodicity of health checks that may transition the data bridge into `disconnected` or `connecting` states, as well as recovering from `disconnected`. +- [#10929](https://github.com/emqx/emqx/pull/10929) Upgraded Erlang/OTP to 25.3.2-1. +- [#10909](https://github.com/emqx/emqx/pull/10909) Removed the deprecated HTTP APIs for gateways. +- [#10933](https://github.com/emqx/emqx/pull/10933) Added support for configuring TCP keep-alive in MQTT/TCP and MQTT/SSL listeners. +- [#10948](https://github.com/emqx/emqx/pull/10948) Added `live_connections` field for some HTTP APIs, i.e: + - `/monitor_current`, `/monitor_current/nodes/{node}` + - `/monitor/nodes/{node}`, `/monitor` + - `/node/{node}`, `/nodes` +- [#10941](https://github.com/emqx/emqx/pull/10941) Improved the collection speed of Prometheus metrics when setting `prometheus.vm_dist_collector=disabled` and metric `erlang_vm_statistics_run_queues_length_total` is renamed to `erlang_vm_statistics_run_queues_length` +- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed emqx ctl command 'cluster_call' to 'conf cluster_sync'. The old command 'cluster_call' is still a valid command, but not included in usage info. +- [#10988](https://github.com/emqx/emqx/pull/10988) Improved log security when data bridge creation fails to ensure sensitive data is always obfuscated. +- [#10926](https://github.com/emqx/emqx/pull/10926) Allowed 'enable' as well as 'enabled' as the state flag for listeners. + Prior to this change, listener can be enable/disabled by setting the 'true' or 'false' on the 'enabled' config. This is slightly different naming comparing to other state flags in the system. No the 'enable' flag is added as an aliase on listeners. +- [#10970](https://github.com/emqx/emqx/pull/10970) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode. +- [#10676](https://github.com/emqx/emqx/pull/10676) Added CLI commands `emqx ctl export` and `emqx ctl import` for importing/exporting configuration and user data. This allows exporting configurations and built-in database data from a running EMQX cluster and importing them into the same or another running EMQX cluster. +- [#10961](https://github.com/emqx/emqx/pull/10961) Added support for unlimited max connections for gateway listeners by allowing infinity as a valid value for the `max_connections` field in the configuration and HTTP API. +- [#11019](https://github.com/emqx/emqx/pull/11019) Improved log security for JWT, now it will be obfuscated before print. +- [#11034](https://github.com/emqx/emqx/pull/11034) Hid the broker config and changed the `broker.shared_subscription_strategy` to `mqtt.shared_subscription_strategy` as it belongs to `mqtt`. +- [#11045](https://github.com/emqx/emqx/pull/11045) The listener's authentication and zone related apis have been officially removed in version `5.1.0`. +- [#11062](https://github.com/emqx/emqx/pull/11062) Renamed config `log.file.to` to `log.file.path`. +- [#10833](https://github.com/emqx/emqx/pull/10833) Only include enabled authenticators and authorizers in telemetry report, not all of them. + +## Bug Fixes + +- [#11018](https://github.com/emqx/emqx/pull/11018) Fixed multiple issues with the Stomp gateway, including: + - Fixed an issue where `is_superuser` was not working correctly. + - Fixed an issue where the mountpoint was not being removed in message delivery. + - After a message or subscription request fails, the Stomp client should be disconnected + immediately after replying with an ERROR message. +- [#11051](https://github.com/emqx/emqx/pull/11051) Added validation to ensure that certificate `depth` (listener SSL option) is a non negative integer. +- [#10884](https://github.com/emqx/emqx/pull/10884) Fixed an issue where trying to get rule info or metrics could result in a crash when a node is joining a cluster. +- [#10887](https://github.com/emqx/emqx/pull/10887) Fixed a potential issue where requests to bridges might take a long time to be retried. + This only affected low throughput scenarios, where the buffering layer could take a long time to detect connectivity and driver problems. +- [#10871](https://github.com/emqx/emqx/pull/10871) Fixed an issue where the Dashboard shows that the connection still exists after a CoAP connection is disconnected, but deletion and message posting requests do not take effect. +- [#10880](https://github.com/emqx/emqx/pull/10880) Added a new REST API `POST /clients/kickout/bulk` for kicking out multiple clients in bulk. +- [#10923](https://github.com/emqx/emqx/pull/10923) Fixed a race-condition in channel info registration. + Prior to this fix, when system is under heavy load, it might happen that a client is disconnected (or has its session expired) but still can be found in the clients page in dashboard. One of the possible reasons is a race condition fixed in this PR: the connection is killed in the middle of channel data registration. +- [#10930](https://github.com/emqx/emqx/pull/10930) Added a schema validation for duration data type to avoid invalid values. + Before this fix, it was possible to use absurd values in the schema that would exceed the system limit, causing a crash. +- [#10952](https://github.com/emqx/emqx/pull/10952) Disallow enabling `fail_if_no_peer_cert` in listener SSL options if `verify = verify_none` is set. + Setting `fail_if_no_peer_cert = true` and `verify = verify_none` caused connection errors due to incompatible options. This fix validates the options when creating or updating a listener to avoid these errors. + + Note: any old listener configuration with `fail_if_no_peer_cert = true` and `verify = verify_none` that was previously allowed will fail to load after applying this fix and must be manually fixed. +- [#10951](https://github.com/emqx/emqx/pull/10951) Fixed the issue in MQTT-SN gateway where the `mountpoint` does not take effect on message publishing. +- [#10943](https://github.com/emqx/emqx/pull/10943) Deprecated UDP mcast mechanism for cluster discovery. + This feature has been planed for deprecation since 5.0 mainly due to the lack of actual production use. This feature code is not yet removed in 5.1, but the document interface is demoted. +- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes runing a newer version than the self-node. + During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the cluster.hocon file from a newer version node, it may fail to start. After this fix, the older version node will not copy the cluster.hocon file from a newer, so it will use its own cluster.hocon file to start. +- [#10911](https://github.com/emqx/emqx/pull/10911) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand. +- [#10983](https://github.com/emqx/emqx/pull/10983) Fixed the issue when mqtt clients could not connect over TLS if the listener was configured to use TLS v1.3 only. + The problem was that TLS connection was trying to use options incompatible with TLS v1.3. +- [#10977](https://github.com/emqx/emqx/pull/10977) Fixed the delay in updating subscription count metric and corrected configuration issues in Stomp gateway. +- [#10950](https://github.com/emqx/emqx/pull/10950) Fixed the issue where the `enable_qos` option does not take effect in the MQTT-SN gateway. +- [#10994](https://github.com/emqx/emqx/pull/10994) Redacted `proxy-authorization` headers as used by HTTP connector to avoid leaking secrets into log files. +- [#10996](https://github.com/emqx/emqx/pull/10996) For any unknown HTTP/API request, the default response is a 404 error rather than the dashboard's index.html. +- [#11005](https://github.com/emqx/emqx/pull/11005) Fixed the issue where the `method` field cannot be correctly printed in the trace logs of AuthN HTTP. +- [#10955](https://github.com/emqx/emqx/pull/10955) Fixed the issue in MQTT-SN gateway where deleting Predefined Topics configuration does not work. +- [#11030](https://github.com/emqx/emqx/pull/11030) Improved error messages when a validation error occurs while using the Listeners HTTP API. +- [#11033](https://github.com/emqx/emqx/pull/11033) Deprecated the `mountpoint` field in `AuthenticateRequest` in ExProto gateway. + This field was introduced in e4.x, but in fact, in e5.0 we have provided + `gateway.exproto.mountpoint` for configuration, so there is no need to override + it through the Authenticate request. + + Additionally, updates the default value of `subscriptions_max`, `inflight_max`, + `mqueue_max` to `infinity`. +- [#11042](https://github.com/emqx/emqx/pull/11042) Fixed crash on REST API `GET /listeners` when listener's `max_connections` is set to a string. +- [#11028](https://github.com/emqx/emqx/pull/11028) Disallowed using multiple TLS versions in the listener config that include tlsv1.3 but exclude tlsv1.2. + Using TLS configuration with such version gap caused connection errors. + Additionally, drop and log TLS options that are incompatible with the selected TLS version(s). + + Note: any old listener configuration with the version gap described above will fail to load + after applying this fix and must be manually fixed. +- [#11056](https://github.com/emqx/emqx/pull/11056) Fixed the issue where newly created listeners sometimes do not start properly. + When you delete a system default listener and add a new one named 'default', it will not start correctly. + - Fixed the bug where configuration failure on certain nodes can cause Dashboard unavailability. +- [#11070](https://github.com/emqx/emqx/pull/11070) Fixed the problem that the `cluster.autoclean` configuration item does not take effect. +- [#11092](https://github.com/emqx/emqx/pull/11092) and [#11100](https://github.com/emqx/emqx/pull/11100) Fixed problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. + Relevant mria pull request: [https://github.com/emqx/mria/pull/143](https://github.com/emqx/mria/pull/143) + + +## [Breaking Changes](https://github.com/emqx/emqx-docs/blob/release-5.1/en_US/changes/breaking-changes-5.1.0.md) + +## [Known Issues](https://github.com/emqx/emqx-docs/blob/release-5.1/en_US/changes/known-issues-5.1.0.md) From 78da1efd3bb4793cd8dab24741584c728ca359bb Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 15:08:52 +0200 Subject: [PATCH 33/36] docs: update changelogs --- changes/e5.1.0.en.md | 36 ++++++++++++++++++------------------ changes/v5.1.0.en.md | 12 ++++++------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/changes/e5.1.0.en.md b/changes/e5.1.0.en.md index 4026dc493..ea36721c5 100644 --- a/changes/e5.1.0.en.md +++ b/changes/e5.1.0.en.md @@ -9,35 +9,35 @@ This optimization retries request failures without blocking the buffering layer, which can improve throughput in situations of high messaging rate. - [#10702](https://github.com/emqx/emqx/pull/10702) Introduced a more straightforward configuration option `keepalive_multiplier` and deprecate the old `keepalive_backoff` configuration. After this enhancement, EMQX checks the client's keepalive timeout status period by multiplying the "Client Requested Keepalive Interval" with `keepalive_multiplier`. - [#10698](https://github.com/emqx/emqx/pull/10698) Optimized memory usage when accessing the configuration during runtime. -- [#10778](https://github.com/emqx/emqx/pull/10778) Refactored Pulsar Producer bridge to avoid leaking resources during crashes at creation. -- [#10813](https://github.com/emqx/emqx/pull/10813) Refactored Kafka Producer and Consumer bridges to avoid leaking resources during crashes at creation. +- [#10778](https://github.com/emqx/emqx/pull/10778) Refactored Pulsar Producer bridge to avoid leaking resources in case bridge crashed during initialization phase. +- [#10813](https://github.com/emqx/emqx/pull/10813) Refactored Kafka Producer and Consumer bridges to avoid leaking resources in case bridge crashed during initialization phase. - [#10858](https://github.com/emqx/emqx/pull/10858) A new utility function timezone_to_offset_seconds/1 has been added to the rule engine SQL language. This function converts a timezone string (for example, "+02:00", "Z" and "local") to the corresponding offset in seconds. -- [#10841](https://github.com/emqx/emqx/pull/10841) Added a schema validation to ensure message key is not empty when "dispatching by key" is selected in Kafka and Pulsar Producer bridges. +- [#10841](https://github.com/emqx/emqx/pull/10841) Added a schema validation to ensure message key is not empty when "key_dispatch" strategy is selected in Kafka and Pulsar Producer bridges. - [#10754](https://github.com/emqx/emqx/pull/10754) The MQTT bridge has been enhanced to utilize connection pooling and leverage available parallelism, substantially improving throughput. As a consequence, single MQTT bridge now uses a pool of `clientid`s to connect to the remote broker. - [#10782](https://github.com/emqx/emqx/pull/10782) Added a new `deliver_rate` option to the retainer configuration, which can limit the maximum delivery rate per session in the retainer. - [#10877](https://github.com/emqx/emqx/pull/10877) Upgraded RocketMQ driver to enhance security for sensitive data. - [#10598](https://github.com/emqx/emqx/pull/10598) Provided a callback method of Unary type in ExProto to avoid possible message disorder issues. -- [#10895](https://github.com/emqx/emqx/pull/10895) Refactored most of the bridges to avoid resource leaks during crashes at creation. -- [#10790](https://github.com/emqx/emqx/pull/10790) Reduced the overhead during configuration reads by optimizing the configuration read mechanism. +- [#10895](https://github.com/emqx/emqx/pull/10895) Refactored most of the bridges to avoid resource leaks in case bridge crashed during initialization phase. +- [#10790](https://github.com/emqx/emqx/pull/10790) Optimized access to configuration in runtime by reducing overhead of reading configuration per zone. - [#10892](https://github.com/emqx/emqx/pull/10892) Added the requirement for setting SID or Service Name in Oracle Database bridge creation. - [#10910](https://github.com/emqx/emqx/pull/10910) The data bridge resource option `auto_restart_interval` was deprecated in favor of `health_check_interval`, and `request_timeout` was renamed to `request_ttl`. Also, the default `request_ttl` value went from 15 seconds to 45 seconds. - The previous existence of both `auto_restart_interval` and `health_check_interval` was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, `health_check_interval` is used both to control the periodicity of health checks that may transition the data bridge into `disconnected` or `connecting` states, as well as recovering from `disconnected`. + The previous existence of both `auto_restart_interval` and `health_check_interval` was a source of confusion, as both parameters influenced the recovery of data bridges under failures. An inconsistent configuration of those two parameters could lead to messages being expired without a chance to retry. Now, `health_check_interval` is used both to control the interval of health checks that may transition the data bridge into `disconnected` or `connecting` states, as well as recovering from `disconnected`. - [#10929](https://github.com/emqx/emqx/pull/10929) Upgraded Erlang/OTP to 25.3.2-1. - [#10909](https://github.com/emqx/emqx/pull/10909) Removed the deprecated HTTP APIs for gateways. -- [#10908](https://github.com/emqx/emqx/pull/10908) Refactored the RocketMQ bridge to avoid leaking resources during crashes at creation. -- [#10924](https://github.com/emqx/emqx/pull/10924) Refactored Influxdb bridge connector to avoid resource leaks during crashes at creation. -- [#10944](https://github.com/emqx/emqx/pull/10944) Improved the GCP PubSub bridge to avoid a potential issue where messages could fail to be sent when restarting a node. +- [#10908](https://github.com/emqx/emqx/pull/10908) Refactored the RocketMQ bridge to avoid resources leaks in case bridge crashed during initialization phase. +- [#10924](https://github.com/emqx/emqx/pull/10924) Refactored Influxdb bridge connector to avoid resource leaks in case bridge crashed during initialization phase. +- [#10944](https://github.com/emqx/emqx/pull/10944) Improved the GCP PubSub bridge to avoid a potential issue that the bridge could fail to send messsages after node restart. - [#10933](https://github.com/emqx/emqx/pull/10933) Added support for configuring TCP keep-alive in MQTT/TCP and MQTT/SSL listeners. - [#10948](https://github.com/emqx/emqx/pull/10948) Added `live_connections` field for some HTTP APIs, i.e: - `/monitor_current`, `/monitor_current/nodes/{node}` - `/monitor/nodes/{node}`, `/monitor` - `/node/{node}`, `/nodes` - [#10941](https://github.com/emqx/emqx/pull/10941) Improved the collection speed of Prometheus metrics when setting `prometheus.vm_dist_collector=disabled` and metric `erlang_vm_statistics_run_queues_length_total` is renamed to `erlang_vm_statistics_run_queues_length` -- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed emqx ctl command 'cluster_call' to 'conf cluster_sync'. The old command 'cluster_call' is still a valid command, but not included in usage info. +- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed `emqx ctl` command `cluster_call` to `conf cluster_sync`. The old command `cluster_call` is still a valid command, but not included in usage info. - [#10988](https://github.com/emqx/emqx/pull/10988) Improved log security when data bridge creation fails to ensure sensitive data is always obfuscated. -- [#10926](https://github.com/emqx/emqx/pull/10926) Allowed 'enable' as well as 'enabled' as the state flag for listeners. - Prior to this change, listener can be enable/disabled by setting the 'true' or 'false' on the 'enabled' config. This is slightly different naming comparing to other state flags in the system. No the 'enable' flag is added as an aliase on listeners. +- [#10926](https://github.com/emqx/emqx/pull/10926) Allowed `enable` as well as `enabled` as the state flag for listeners. + Prior to this change, listener can be enable/disabled by setting the `true` or `false` on the `enabled` config. This is slightly different naming comparing to other state flags in the system. Now the `enable` flag is added as an alias in listener config. - [#10970](https://github.com/emqx/emqx/pull/10970) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode. - [#10676](https://github.com/emqx/emqx/pull/10676) Added CLI commands `emqx ctl export` and `emqx ctl import` for importing/exporting configuration and user data. This allows exporting configurations and built-in database data from a running EMQX cluster and importing them into the same or another running EMQX cluster. - [#11003](https://github.com/emqx/emqx/pull/11003) Added an option to configure TCP keepalive in Kafka bridge. @@ -73,7 +73,7 @@ - [#10884](https://github.com/emqx/emqx/pull/10884) Fixed an issue where trying to get rule info or metrics could result in a crash when a node is joining a cluster. - [#10887](https://github.com/emqx/emqx/pull/10887) Fixed a potential issue where requests to bridges might take a long time to be retried. This only affected low throughput scenarios, where the buffering layer could take a long time to detect connectivity and driver problems. -- [#10878](https://github.com/emqx/emqx/pull/10878) Rectified a vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files. +- [#10878](https://github.com/emqx/emqx/pull/10878) Fixed a vulnerability in the RabbitMQ bridge, which could potentially expose passwords to log files. - [#10871](https://github.com/emqx/emqx/pull/10871) Fixed an issue where the Dashboard shows that the connection still exists after a CoAP connection is disconnected, but deletion and message posting requests do not take effect. - [#10880](https://github.com/emqx/emqx/pull/10880) Added a new REST API `POST /clients/kickout/bulk` for kicking out multiple clients in bulk. - [#10913](https://github.com/emqx/emqx/pull/10913) Fixed an issue where the plugin status REST API of a node would still include the cluster node status after the node left the cluster. @@ -85,11 +85,11 @@ Setting `fail_if_no_peer_cert = true` and `verify = verify_none` caused connection errors due to incompatible options. This fix validates the options when creating or updating a listener to avoid these errors. Note: any old listener configuration with `fail_if_no_peer_cert = true` and `verify = verify_none` that was previously allowed will fail to load after applying this fix and must be manually fixed. -- [#10951](https://github.com/emqx/emqx/pull/10951) Fixed the issue in MQTT-SN gateway where the `mountpoint` does not take effect on message publishing. +- [#10951](https://github.com/emqx/emqx/pull/10951) Fixed the issue in MQTT-SN gateway when the `mountpoint` did not take effect on message publishing. - [#10943](https://github.com/emqx/emqx/pull/10943) Deprecated UDP mcast mechanism for cluster discovery. This feature has been planed for deprecation since 5.0 mainly due to the lack of actual production use. This feature code is not yet removed in 5.1, but the document interface is demoted. -- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes runing a newer version than the self-node. - During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the cluster.hocon file from a newer version node, it may fail to start. After this fix, the older version node will not copy the cluster.hocon file from a newer, so it will use its own cluster.hocon file to start. +- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes running a newer version than the self-node. + During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the `cluster.hocon` file from a newer version node, it may fail to start. After this fix, the older version node will not copy the `cluster.hocon` file from a newer, so it will use its own `cluster.hocon` file to start. - [#10967](https://github.com/emqx/emqx/pull/10967) Fixed error message formatting in rebalance API: previously they could be displayed as unclear dumps of internal Erlang structures. Added `wait_health_check` option to node evacuation CLI and API. This is a time interval when the node reports "unhealthy status" without beginning actual evacuation. We need this to allow a Load Balancer (if any) to remove the evacuated node from balancing and not forward (re)connecting clients to the evacuated node. - [#10911](https://github.com/emqx/emqx/pull/10911) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand. @@ -104,7 +104,7 @@ - [#11005](https://github.com/emqx/emqx/pull/11005) Fixed the issue where the `method` field cannot be correctly printed in the trace logs of AuthN HTTP. - [#11006](https://github.com/emqx/emqx/pull/11006) Fixed QUIC listeners's default cert file paths. Prior to this change, the default cert file paths are prefixed with environment variable `${EMQX_ETC_DIR}` which were not interpolated before used in QUIC listeners. -- [#10998](https://github.com/emqx/emqx/pull/10998) Do not allow `batch_size` option for MongoDB bridge resource. MongoDB connector currently does not support batching, the `bath_size` config value is forced to be 1 if provided. +- [#10998](https://github.com/emqx/emqx/pull/10998) Do not allow `batch_size` option for MongoDB bridge resource. MongoDB connector currently does not support batching, the `batch_size` config value is forced to be 1 if provided. - [#10955](https://github.com/emqx/emqx/pull/10955) Fixed the issue in MQTT-SN gateway where deleting Predefined Topics configuration does not work. - [#11025](https://github.com/emqx/emqx/pull/11025) Fixed a `case_clause` error that could arise in race conditions in Pulsar Producer bridge. - [#11030](https://github.com/emqx/emqx/pull/11030) Improved error messages when a validation error occurs while using the Listeners HTTP API. @@ -129,7 +129,7 @@ When you delete a system default listener and add a new one named 'default', it will not start correctly. - Fixed the bug where configuration failure on certain nodes can cause Dashboard unavailability. - [#11070](https://github.com/emqx/emqx/pull/11070) Fixed the problem that the `cluster.autoclean` configuration item does not take effect. -- [#11092](https://github.com/emqx/emqx/pull/11092) and [#11100](https://github.com/emqx/emqx/pull/11100) Fixed problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. +- [#11092](https://github.com/emqx/emqx/pull/11092) and [#11100](https://github.com/emqx/emqx/pull/11100) Fixed problem when replicat nodes were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. Relevant mria pull request: [https://github.com/emqx/mria/pull/143](https://github.com/emqx/mria/pull/143) diff --git a/changes/v5.1.0.en.md b/changes/v5.1.0.en.md index a463739c5..c2a332997 100644 --- a/changes/v5.1.0.en.md +++ b/changes/v5.1.0.en.md @@ -18,10 +18,10 @@ - `/monitor/nodes/{node}`, `/monitor` - `/node/{node}`, `/nodes` - [#10941](https://github.com/emqx/emqx/pull/10941) Improved the collection speed of Prometheus metrics when setting `prometheus.vm_dist_collector=disabled` and metric `erlang_vm_statistics_run_queues_length_total` is renamed to `erlang_vm_statistics_run_queues_length` -- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed emqx ctl command 'cluster_call' to 'conf cluster_sync'. The old command 'cluster_call' is still a valid command, but not included in usage info. +- [#10985](https://github.com/emqx/emqx/pull/10985) Renamed `emqx ctl` command `cluster_call` to `conf cluster_sync`. The old command `cluster_call` is still a valid command, but not included in usage info. - [#10988](https://github.com/emqx/emqx/pull/10988) Improved log security when data bridge creation fails to ensure sensitive data is always obfuscated. -- [#10926](https://github.com/emqx/emqx/pull/10926) Allowed 'enable' as well as 'enabled' as the state flag for listeners. - Prior to this change, listener can be enable/disabled by setting the 'true' or 'false' on the 'enabled' config. This is slightly different naming comparing to other state flags in the system. No the 'enable' flag is added as an aliase on listeners. +- [#10926](https://github.com/emqx/emqx/pull/10926) Allowed `enable` as well as `enabled` as the state flag for listeners. + Prior to this change, listener can be enable/disabled by setting the `true` or `false` on the `enabled` config. This is slightly different naming comparing to other state flags in the system. Now the `enable` flag is added as an alias in listener config. - [#10970](https://github.com/emqx/emqx/pull/10970) A query_mode parameter has been added to the Kafka producer bridge. This parameter allows you to specify if the bridge should use the asynchronous or synchronous mode when sending data to Kafka. The default is asynchronous mode. - [#10676](https://github.com/emqx/emqx/pull/10676) Added CLI commands `emqx ctl export` and `emqx ctl import` for importing/exporting configuration and user data. This allows exporting configurations and built-in database data from a running EMQX cluster and importing them into the same or another running EMQX cluster. - [#10961](https://github.com/emqx/emqx/pull/10961) Added support for unlimited max connections for gateway listeners by allowing infinity as a valid value for the `max_connections` field in the configuration and HTTP API. @@ -55,8 +55,8 @@ - [#10951](https://github.com/emqx/emqx/pull/10951) Fixed the issue in MQTT-SN gateway where the `mountpoint` does not take effect on message publishing. - [#10943](https://github.com/emqx/emqx/pull/10943) Deprecated UDP mcast mechanism for cluster discovery. This feature has been planed for deprecation since 5.0 mainly due to the lack of actual production use. This feature code is not yet removed in 5.1, but the document interface is demoted. -- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes runing a newer version than the self-node. - During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the cluster.hocon file from a newer version node, it may fail to start. After this fix, the older version node will not copy the cluster.hocon file from a newer, so it will use its own cluster.hocon file to start. +- [#10902](https://github.com/emqx/emqx/pull/10902) Avoid syncing cluser.hocon file from the nodes running a newer version than the self-node. + During cluster rolling upgrade, if an older version node has to restart due to whatever reason, if it copies the `cluster.hocon` file from a newer version node, it may fail to start. After this fix, the older version node will not copy the `cluster.hocon` file from a newer, so it will use its own `cluster.hocon` file to start. - [#10911](https://github.com/emqx/emqx/pull/10911) The error message and log entry that appear when one tries to create a bridge with a name the exceeds 255 bytes is now easier to understand. - [#10983](https://github.com/emqx/emqx/pull/10983) Fixed the issue when mqtt clients could not connect over TLS if the listener was configured to use TLS v1.3 only. The problem was that TLS connection was trying to use options incompatible with TLS v1.3. @@ -85,7 +85,7 @@ When you delete a system default listener and add a new one named 'default', it will not start correctly. - Fixed the bug where configuration failure on certain nodes can cause Dashboard unavailability. - [#11070](https://github.com/emqx/emqx/pull/11070) Fixed the problem that the `cluster.autoclean` configuration item does not take effect. -- [#11092](https://github.com/emqx/emqx/pull/11092) and [#11100](https://github.com/emqx/emqx/pull/11100) Fixed problem when replicants were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. +- [#11092](https://github.com/emqx/emqx/pull/11092) and [#11100](https://github.com/emqx/emqx/pull/11100) Fixed problem when replicant nodes were unable to connect to the core node due to timeout in `mria_lb:core_nodes()` call. Relevant mria pull request: [https://github.com/emqx/mria/pull/143](https://github.com/emqx/mria/pull/143) From 7cf8a6c892aed6a3ed8c7d0de33491ce423cfb85 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 16:36:51 +0200 Subject: [PATCH 34/36] chore: bump app vsns --- apps/emqx/src/emqx.app.src | 2 +- apps/emqx_authn/src/emqx_authn.app.src | 2 +- apps/emqx_connector/src/emqx_connector.app.src | 2 +- apps/emqx_dashboard/src/emqx_dashboard.app.src | 2 +- apps/emqx_ft/src/emqx_ft.app.src | 2 +- apps/emqx_gateway/src/emqx_gateway.app.src | 2 +- apps/emqx_gateway_exproto/src/emqx_gateway_exproto.app.src | 2 +- apps/emqx_management/src/emqx_management.app.src | 2 +- apps/emqx_modules/src/emqx_modules.app.src | 2 +- apps/emqx_node_rebalance/src/emqx_node_rebalance.app.src | 2 +- apps/emqx_resource/src/emqx_resource.app.src | 2 +- apps/emqx_rule_engine/src/emqx_rule_engine.app.src | 2 +- apps/emqx_slow_subs/src/emqx_slow_subs.app.src | 2 +- apps/emqx_utils/src/emqx_utils.app.src | 2 +- 14 files changed, 14 insertions(+), 14 deletions(-) diff --git a/apps/emqx/src/emqx.app.src b/apps/emqx/src/emqx.app.src index e156d8cf0..007c0e72a 100644 --- a/apps/emqx/src/emqx.app.src +++ b/apps/emqx/src/emqx.app.src @@ -2,7 +2,7 @@ {application, emqx, [ {id, "emqx"}, {description, "EMQX Core"}, - {vsn, "5.1.0"}, + {vsn, "5.1.1"}, {modules, []}, {registered, []}, {applications, [ diff --git a/apps/emqx_authn/src/emqx_authn.app.src b/apps/emqx_authn/src/emqx_authn.app.src index 8a5b29642..571ac88b7 100644 --- a/apps/emqx_authn/src/emqx_authn.app.src +++ b/apps/emqx_authn/src/emqx_authn.app.src @@ -1,7 +1,7 @@ %% -*- mode: erlang -*- {application, emqx_authn, [ {description, "EMQX Authentication"}, - {vsn, "0.1.21"}, + {vsn, "0.1.22"}, {modules, []}, {registered, [emqx_authn_sup, emqx_authn_registry]}, {applications, [kernel, stdlib, emqx_resource, emqx_connector, ehttpc, epgsql, mysql, jose]}, diff --git a/apps/emqx_connector/src/emqx_connector.app.src b/apps/emqx_connector/src/emqx_connector.app.src index 283c27f31..eb82a0eec 100644 --- a/apps/emqx_connector/src/emqx_connector.app.src +++ b/apps/emqx_connector/src/emqx_connector.app.src @@ -1,7 +1,7 @@ %% -*- mode: erlang -*- {application, emqx_connector, [ {description, "EMQX Data Integration Connectors"}, - {vsn, "0.1.25"}, + {vsn, "0.1.26"}, {registered, []}, {mod, {emqx_connector_app, []}}, {applications, [ diff --git a/apps/emqx_dashboard/src/emqx_dashboard.app.src b/apps/emqx_dashboard/src/emqx_dashboard.app.src index b8fba8b13..e2909eca6 100644 --- a/apps/emqx_dashboard/src/emqx_dashboard.app.src +++ b/apps/emqx_dashboard/src/emqx_dashboard.app.src @@ -2,7 +2,7 @@ {application, emqx_dashboard, [ {description, "EMQX Web Dashboard"}, % strict semver, bump manually! - {vsn, "5.0.23"}, + {vsn, "5.0.24"}, {modules, []}, {registered, [emqx_dashboard_sup]}, {applications, [kernel, stdlib, mnesia, minirest, emqx, emqx_ctl]}, diff --git a/apps/emqx_ft/src/emqx_ft.app.src b/apps/emqx_ft/src/emqx_ft.app.src index 74d1b84b7..713774409 100644 --- a/apps/emqx_ft/src/emqx_ft.app.src +++ b/apps/emqx_ft/src/emqx_ft.app.src @@ -1,6 +1,6 @@ {application, emqx_ft, [ {description, "EMQX file transfer over MQTT"}, - {vsn, "0.1.2"}, + {vsn, "0.1.3"}, {registered, []}, {mod, {emqx_ft_app, []}}, {applications, [ diff --git a/apps/emqx_gateway/src/emqx_gateway.app.src b/apps/emqx_gateway/src/emqx_gateway.app.src index ca99dc615..bfcf4f2f2 100644 --- a/apps/emqx_gateway/src/emqx_gateway.app.src +++ b/apps/emqx_gateway/src/emqx_gateway.app.src @@ -1,7 +1,7 @@ %% -*- mode: erlang -*- {application, emqx_gateway, [ {description, "The Gateway management application"}, - {vsn, "0.1.19"}, + {vsn, "0.1.20"}, {registered, []}, {mod, {emqx_gateway_app, []}}, {applications, [kernel, stdlib, emqx, emqx_authn, emqx_ctl]}, diff --git a/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.app.src b/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.app.src index 96b40f30e..66f9ddc89 100644 --- a/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.app.src +++ b/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.app.src @@ -1,6 +1,6 @@ {application, emqx_gateway_exproto, [ {description, "ExProto Gateway"}, - {vsn, "0.1.1"}, + {vsn, "0.1.2"}, {registered, []}, {applications, [kernel, stdlib, grpc, emqx, emqx_gateway]}, {env, []}, diff --git a/apps/emqx_management/src/emqx_management.app.src b/apps/emqx_management/src/emqx_management.app.src index 4ee7dea10..0e2c2646e 100644 --- a/apps/emqx_management/src/emqx_management.app.src +++ b/apps/emqx_management/src/emqx_management.app.src @@ -2,7 +2,7 @@ {application, emqx_management, [ {description, "EMQX Management API and CLI"}, % strict semver, bump manually! - {vsn, "5.0.24"}, + {vsn, "5.0.25"}, {modules, []}, {registered, [emqx_management_sup]}, {applications, [kernel, stdlib, emqx_plugins, minirest, emqx, emqx_ctl]}, diff --git a/apps/emqx_modules/src/emqx_modules.app.src b/apps/emqx_modules/src/emqx_modules.app.src index 55995fea4..1b934e015 100644 --- a/apps/emqx_modules/src/emqx_modules.app.src +++ b/apps/emqx_modules/src/emqx_modules.app.src @@ -1,7 +1,7 @@ %% -*- mode: erlang -*- {application, emqx_modules, [ {description, "EMQX Modules"}, - {vsn, "5.0.16"}, + {vsn, "5.0.17"}, {modules, []}, {applications, [kernel, stdlib, emqx, emqx_ctl]}, {mod, {emqx_modules_app, []}}, diff --git a/apps/emqx_node_rebalance/src/emqx_node_rebalance.app.src b/apps/emqx_node_rebalance/src/emqx_node_rebalance.app.src index 453afb5cb..c175097e5 100644 --- a/apps/emqx_node_rebalance/src/emqx_node_rebalance.app.src +++ b/apps/emqx_node_rebalance/src/emqx_node_rebalance.app.src @@ -1,6 +1,6 @@ {application, emqx_node_rebalance, [ {description, "EMQX Node Rebalance"}, - {vsn, "5.0.2"}, + {vsn, "5.0.3"}, {registered, [ emqx_node_rebalance_sup, emqx_node_rebalance, diff --git a/apps/emqx_resource/src/emqx_resource.app.src b/apps/emqx_resource/src/emqx_resource.app.src index 28b3bd05c..57ab8129a 100644 --- a/apps/emqx_resource/src/emqx_resource.app.src +++ b/apps/emqx_resource/src/emqx_resource.app.src @@ -1,7 +1,7 @@ %% -*- mode: erlang -*- {application, emqx_resource, [ {description, "Manager for all external resources"}, - {vsn, "0.1.18"}, + {vsn, "0.1.19"}, {registered, []}, {mod, {emqx_resource_app, []}}, {applications, [ diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src index 7b4d1ee98..321d4a8b0 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src @@ -2,7 +2,7 @@ {application, emqx_rule_engine, [ {description, "EMQX Rule Engine"}, % strict semver, bump manually! - {vsn, "5.0.19"}, + {vsn, "5.0.20"}, {modules, []}, {registered, [emqx_rule_engine_sup, emqx_rule_engine]}, {applications, [kernel, stdlib, rulesql, getopt, emqx_ctl]}, diff --git a/apps/emqx_slow_subs/src/emqx_slow_subs.app.src b/apps/emqx_slow_subs/src/emqx_slow_subs.app.src index 922eed668..6a24bc90b 100644 --- a/apps/emqx_slow_subs/src/emqx_slow_subs.app.src +++ b/apps/emqx_slow_subs/src/emqx_slow_subs.app.src @@ -1,7 +1,7 @@ {application, emqx_slow_subs, [ {description, "EMQX Slow Subscribers Statistics"}, % strict semver, bump manually! - {vsn, "1.0.6"}, + {vsn, "1.0.7"}, {modules, []}, {registered, [emqx_slow_subs_sup]}, {applications, [kernel, stdlib, emqx]}, diff --git a/apps/emqx_utils/src/emqx_utils.app.src b/apps/emqx_utils/src/emqx_utils.app.src index 0b172565a..df7d67321 100644 --- a/apps/emqx_utils/src/emqx_utils.app.src +++ b/apps/emqx_utils/src/emqx_utils.app.src @@ -2,7 +2,7 @@ {application, emqx_utils, [ {description, "Miscellaneous utilities for EMQX apps"}, % strict semver, bump manually! - {vsn, "5.0.3"}, + {vsn, "5.0.4"}, {modules, [ emqx_utils, emqx_utils_api, From fe1cc5ca92efbb165f4dd14cc25fb543f1facbfb Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 21 Jun 2023 16:41:11 +0200 Subject: [PATCH 35/36] ci: delete temp fix code --- .ci/docker-compose-file/python/pytest.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.ci/docker-compose-file/python/pytest.sh b/.ci/docker-compose-file/python/pytest.sh index 4df9d3a71..924c30212 100755 --- a/.ci/docker-compose-file/python/pytest.sh +++ b/.ci/docker-compose-file/python/pytest.sh @@ -18,11 +18,7 @@ else fi apk update && apk add git curl -## Use 5.1.0 to bypass the newly added test cases in -## https://github.com/emqx/paho.mqtt.testing/pull/13 -## This is a temporary solution for 5.1.0 release. After 5.1.0 release, we should use -## the develop-5.0 branch -git clone -b 5.1.0 https://github.com/emqx/paho.mqtt.testing.git /paho.mqtt.testing +git clone -b develop-5.0 https://github.com/emqx/paho.mqtt.testing.git /paho.mqtt.testing pip install pytest==7.1.2 pytest-retry From 75eb18bc8180312e10ffc4de0554c69f1d459338 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Thu, 22 Jun 2023 11:09:09 +0200 Subject: [PATCH 36/36] chore: bump app vsns --- apps/emqx_bridge_kafka/src/emqx_bridge_kafka.app.src | 2 +- apps/emqx_oracle/src/emqx_oracle.app.src | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/emqx_bridge_kafka/src/emqx_bridge_kafka.app.src b/apps/emqx_bridge_kafka/src/emqx_bridge_kafka.app.src index 64811c91c..59c26717e 100644 --- a/apps/emqx_bridge_kafka/src/emqx_bridge_kafka.app.src +++ b/apps/emqx_bridge_kafka/src/emqx_bridge_kafka.app.src @@ -1,6 +1,6 @@ {application, emqx_bridge_kafka, [ {description, "EMQX Enterprise Kafka Bridge"}, - {vsn, "0.1.3"}, + {vsn, "0.1.4"}, {registered, [emqx_bridge_kafka_consumer_sup]}, {applications, [ kernel, diff --git a/apps/emqx_oracle/src/emqx_oracle.app.src b/apps/emqx_oracle/src/emqx_oracle.app.src index 10dbe7990..a5ca822e8 100644 --- a/apps/emqx_oracle/src/emqx_oracle.app.src +++ b/apps/emqx_oracle/src/emqx_oracle.app.src @@ -1,6 +1,6 @@ {application, emqx_oracle, [ {description, "EMQX Enterprise Oracle Database Connector"}, - {vsn, "0.1.2"}, + {vsn, "0.1.3"}, {registered, []}, {applications, [ kernel,