安装在K8S集群中的EMQX，安装后如何关闭acl_nomatch = deny

环境信息

• EMQX 版本：emqx/emqx:4.4.3
• 操作系统及版本：华为云CCE K8S集群

问题描述

请教一下，使用镜像在K8S集群中部署完EMQX之后，如何关闭acl allow all，然后启用 Mnesia ACL

在k8s集群里面的EMQX和正常的EMQ应该没区别，可以启动时改配置文件：
acl_nomatch = deny,

在Configmap中配置：
EMQX_ACL_NOMATCH: “deny” （这相当于修改了etc/emqx.conf)

然后再执行./bin/emqx_ctl plugins load emqx_auth_mnesia
如果不想用命令行来操作，也可以在启动前想办法操作
data/loaded_plugins上加上：
{emqx_auth_mnesia,true}.
后再启动。

非常感谢快速回复，按照指导在k8s容器的环境变量中增加了EMQX_ACL_NOMATCH: “deny”配置，然后重启集群实例。
并且启用了EMQ X Authentication with Mnesia插件，然后调用acl http api针对clientid添加了一条Topic/A deny的规则，然后使用MQTTX工具连接上EMQX，往Topic/A仍然可以发送消息。不知道是哪里的问题？

image1586×133 5.16 KB

image1615×50 4.37 KB

image1205×575 18.6 KB

image672×624 17.8 KB

EMQX_ACL__NOMATCH

1. 如果会操作，最好推荐开启动emqx的debug日志。看看log
   所有改etc/emqx.conf的都可以通过configmap来改，规则：
   EMQX__xxx_xxx: “Value”
   比如：改 log.level 为debug，则是EMQX__LOG_LEVEL: “debug”
   注意：EMQX后面是2个下划线，其它的配置中用点(.)隔开的使用一个下划线。

2. 改好重启后，可以到pod中运行
   ./bin/emqx_ctl log primary-level
   ./bin/emqx_ctl log handlers list

如果是想查看acl_nomatch是不是改成功了。可以直接运行：
./bin/emqx eval “application:get_env(emqx,acl_nomatch)”
他会返回{ok, deny}

看看是不是成功了

昨天在华为云K8S集群中，配置了ConfigMap，前后双下划线都试过了，但发现acl_nomatch还是没有启用成功。

image1504×206 13.8 KB

然后我又在本地docker环境下测试了emqx/emqx:4.4.3版本，通过进容器手动修改emqx.conf文件，把acl_nomatch的值改为了deny，然后重启了容器，再次进入容器，这时候获取环境变量发现已经返回{ok, deny}，生效了。然后再启用了EMQ X Authentication with Mnesia，通过postman添加ACL规则，这时候发现MQTTX客户端工具连不上EMQX了。是不是需要把认证禁用掉？

image1545×237 5.23 KB

image1645×620 28.1 KB

image673×631 21.8 KB

看上去你的操作应该是对的。

1. 可以在docker里面运行：

./bin/emqx_ctl acl list clientid
看看规则列表。

2. 你都手动改配置了。直接把日志等级改成debug，然后把整个日志发一下看看

image722×107 1.87 KB

完整日志如下：

listener.ssl.external.acceptors = "32"
listener.ssl.external.max_connections = "102400"
listener.tcp.external.acceptors = "64"
listener.tcp.external.max_connections = "1024000"
listener.ws.external.acceptors = "16"
listener.ws.external.max_connections = "102400"
listener.wss.external.acceptors = "16"
listener.wss.external.max_connections = "102400"
log.to = "console"
node.max_ets_tables = "2097152"
node.max_ports = "1048576"
node.name = "9e19f752fdfc@172.17.0.5"
node.process_limit = "2097152"
rpc.port_discovery = "manual"
Starting emqx on node 9e19f752fdfc@172.17.0.5
Start mqtt:tcp:internal listener on 127.0.0.1:11883 successfully.
Start mqtt:tcp:external listener on 0.0.0.0:1883 successfully.
Start mqtt:ws:external listener on 0.0.0.0:8083 successfully.
Start mqtt:ssl:external listener on 0.0.0.0:8883 successfully.
Start mqtt:wss:external listener on 0.0.0.0:8084 successfully.
Start http:management listener on 8081 successfully.
2022-06-15T10:51:16.324409+00:00 [warning] [Dashboard] Using default password for dashboard 'admin' user. Please use './bin/emqx_ctl admins' command to change it. NOTE: the default password in config file is only used to initialise the database record, changing the config file after database is initialised has no effect.
Start http:dashboard listener on 18083 successfully.
EMQ X Broker 4.4.3 is running now!
2022-06-15T10:51:39.784558+00:00 [warning] [Ctl] CMD acl is overidden by {emqx_acl_mnesia_cli,cli}
2022-06-15T10:51:46.520118+00:00 [error] crasher: initial call: eredis_client:init/1, pid: <0.2178.0>, registered_name: [], exit: {{connection_error,econnrefused},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,407}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2177.0>,<0.2176.0>,<0.2174.0>,emqx_auth_redis_sup,<0.2172.0>], message_queue_len: 0, messages: [], links: [<0.2177.0>], dictionary: [{options,[]}], trap_exit: false, status: running, heap_size: 610, stack_size: 28, reductions: 1026; neighbours:
2022-06-15T10:51:46.520301+00:00 [error] [Redis] Can't connect to Redis server: Connection refused.
2022-06-15T10:51:46.520506+00:00 [error] Supervisor: {<0.2176.0>,ecpool_worker_sup}. Context: start_error. Reason: {connection_error,econnrefused}. Offender: id={worker,1},pid=undefined.
2022-06-15T10:51:46.520578+00:00 [error] crasher: initial call: ecpool_worker:init/1, pid: <0.2177.0>, registered_name: [], exit: {{connection_error,econnrefused},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,407}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2176.0>,<0.2174.0>,emqx_auth_redis_sup,<0.2172.0>], message_queue_len: 1, messages: [{'EXIT',<0.2178.0>,{connection_error,econnrefused}}], links: [<0.2176.0>], dictionary: [], trap_exit: true, status: running, heap_size: 1598, stack_size: 28, reductions: 5446; neighbours:
2022-06-15T10:51:46.520824+00:00 [error] Supervisor: {<0.2174.0>,ecpool_pool_sup}. Context: start_error. Reason: {shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}. Offender: id=worker_sup,pid=undefined.
2022-06-15T10:51:46.521301+00:00 [error] Supervisor: {local,emqx_auth_redis_sup}. Context: start_error. Reason: {shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}. Offender: id=emqx_auth_redis,pid=undefined.
2022-06-15T10:51:46.521461+00:00 [error] crasher: initial call: application_master:init/4, pid: <0.2171.0>, registered_name: [], exit: {{bad_return,{{emqx_auth_redis_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emqx_auth_redis,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}}}}},[{emqx_auth_redis_app,start,2,[{file,"emqx_auth_redis_app.erl"},{line,30}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,293}]}]}}}},[{application_master,init,4,[{file,"application_master.erl"},{line,142}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2170.0>], message_queue_len: 1, messages: [{'EXIT',<0.2172.0>,normal}], links: [<0.2170.0>,<0.1459.0>], dictionary: [], trap_exit: true, status: running, heap_size: 610, stack_size: 28, reductions: 214; neighbours:
2022-06-15T10:51:46.521795+00:00 [error] [Plugins] Load plugin emqx_auth_redis failed, cannot start plugin emqx_auth_redis for {bad_return,{{emqx_auth_redis_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emqx_auth_redis,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}}}}},[{emqx_auth_redis_app,start,2,[{file,"emqx_auth_redis_app.erl"},{line,30}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,293}]}]}}}}
Stop http:management listener on 0.0.0.0:8081 successfully.
[os_mon] memory supervisor port (memsup): Erlang has closed
[os_mon] cpu supervisor port (cpu_sup): Erlang has closed
listener.ssl.external.acceptors = "32"
listener.ssl.external.max_connections = "102400"
listener.tcp.external.acceptors = "64"
listener.tcp.external.max_connections = "1024000"
listener.ws.external.acceptors = "16"
listener.ws.external.max_connections = "102400"
listener.wss.external.acceptors = "16"
listener.wss.external.max_connections = "102400"
log.to = "console"
node.max_ets_tables = "2097152"
node.max_ports = "1048576"
node.name = "9e19f752fdfc@172.17.0.5"
node.process_limit = "2097152"
rpc.port_discovery = "manual"
Starting emqx on node 9e19f752fdfc@172.17.0.5
Start mqtt:tcp:internal listener on 127.0.0.1:11883 successfully.
Start mqtt:tcp:external listener on 0.0.0.0:1883 successfully.
Start mqtt:ws:external listener on 0.0.0.0:8083 successfully.
Start mqtt:ssl:external listener on 0.0.0.0:8883 successfully.
Start mqtt:wss:external listener on 0.0.0.0:8084 successfully.
Start http:management listener on 8081 successfully.
2022-06-15T10:54:33.907242+00:00 [warning] [Dashboard] Using default password for dashboard 'admin' user. Please use './bin/emqx_ctl admins' command to change it. NOTE: the default password in config file is only used to initialise the database record, changing the config file after database is initialised has no effect.
Start http:dashboard listener on 18083 successfully.
2022-06-15T10:54:33.968530+00:00 [warning] [Ctl] CMD acl is overidden by {emqx_acl_mnesia_cli,cli}
EMQ X Broker 4.4.3 is running now!
2022-06-15T11:00:36.813839+00:00 [warning] 1234567890@172.17.0.1:33040 [Channel] Cannot publish message to Topic/A due to Not authorized.
2022-06-15T11:00:37.875348+00:00 [warning] 1234567890@172.17.0.1:33040 [Channel] Cannot publish message to Topic/A due to Not authorized.
2022-06-15T11:00:38.879554+00:00 [warning] 1234567890@172.17.0.1:33040 [Channel] Cannot publish message to Topic/A due to Not authorized.
2022-06-15T11:01:54.287094+00:00 [warning] 1234567890@172.17.0.1:33040 [Channel] Cannot publish message to Topic/A due to Not authorized.
2022-06-15T11:01:55.034676+00:00 [warning] 1234567890@172.17.0.1:33040 [Channel] Cannot publish message to Topic/A due to Not authorized.
2022-06-15T11:01:55.774264+00:00 [warning] 1234567890@172.17.0.1:33040 [Channel] Cannot publish message to Topic/A due to Not authorized.
2022-06-16T01:51:20.396887+00:00 [error] 1234567890@172.17.0.1:33332 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:51:20.401488+00:00 [warning] 1234567890@172.17.0.1:33332 [Channel] Client 1234567890 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:51:33.950170+00:00 [error] 1234567890@172.17.0.1:33358 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:51:33.950347+00:00 [warning] 1234567890@172.17.0.1:33358 [Channel] Client 1234567890 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:51:46.976774+00:00 [error] 1234567890@172.17.0.1:33384 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:51:46.976888+00:00 [warning] 1234567890@172.17.0.1:33384 [Channel] Client 1234567890 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:52:27.000276+00:00 [error] 1234567890@172.17.0.1:33414 [Auth http] Request auth path: /mqtt/auth, error: {shutdown,econnrefused}
2022-06-16T01:52:27.000678+00:00 [warning] 1234567890@172.17.0.1:33414 [Channel] Client 1234567890 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:52:49.756268+00:00 [error] 123456789@172.17.0.1:33440 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:52:49.756715+00:00 [warning] 123456789@172.17.0.1:33440 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:53:01.576923+00:00 [error] 123456789@172.17.0.1:33470 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:53:01.577179+00:00 [warning] 123456789@172.17.0.1:33470 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:53:27.660563+00:00 [error] 123456789@172.17.0.1:33504 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:53:27.660714+00:00 [warning] 123456789@172.17.0.1:33504 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:53:35.212306+00:00 [error] 1234567890@172.17.0.1:33524 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:53:35.212672+00:00 [warning] 1234567890@172.17.0.1:33524 [Channel] Client 1234567890 (Username: 'undefined') login failed for server_unavailable
Stop http:management listener on 0.0.0.0:8081 successfully.
[os_mon] memory supervisor port (memsup): Erlang has closed
[os_mon] cpu supervisor port (cpu_sup): Erlang has closed
listener.ssl.external.acceptors = "32"
listener.ssl.external.max_connections = "102400"
listener.tcp.external.acceptors = "64"
listener.tcp.external.max_connections = "1024000"
listener.ws.external.acceptors = "16"
listener.ws.external.max_connections = "102400"
listener.wss.external.acceptors = "16"
listener.wss.external.max_connections = "102400"
log.to = "console"
node.max_ets_tables = "2097152"
node.max_ports = "1048576"
node.name = "9e19f752fdfc@172.17.0.5"
node.process_limit = "2097152"
rpc.port_discovery = "manual"
Starting emqx on node 9e19f752fdfc@172.17.0.5
Start mqtt:tcp:internal listener on 127.0.0.1:11883 successfully.
Start mqtt:tcp:external listener on 0.0.0.0:1883 successfully.
Start mqtt:ws:external listener on 0.0.0.0:8083 successfully.
Start mqtt:ssl:external listener on 0.0.0.0:8883 successfully.
Start mqtt:wss:external listener on 0.0.0.0:8084 successfully.
Start http:management listener on 8081 successfully.
2022-06-16T01:53:54.955848+00:00 [warning] [Dashboard] Using default password for dashboard 'admin' user. Please use './bin/emqx_ctl admins' command to change it. NOTE: the default password in config file is only used to initialise the database record, changing the config file after database is initialised has no effect.
Start http:dashboard listener on 18083 successfully.
2022-06-16T01:53:55.009049+00:00 [warning] [Ctl] CMD acl is overidden by {emqx_acl_mnesia_cli,cli}
EMQ X Broker 4.4.3 is running now!
2022-06-16T01:54:41.188556+00:00 [error] 123456789@172.17.0.1:33562 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:54:41.188819+00:00 [warning] 123456789@172.17.0.1:33562 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T01:55:01.934747+00:00 [error] 123456789@172.17.0.1:33592 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:55:01.935123+00:00 [warning] 123456789@172.17.0.1:33592 [Channel] Client 123456789 (Username: 'admin') login failed for server_unavailable
2022-06-16T01:55:13.227584+00:00 [error] 123456789@172.17.0.1:33618 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:55:13.227720+00:00 [warning] 123456789@172.17.0.1:33618 [Channel] Client 123456789 (Username: 'admin') login failed for server_unavailable
2022-06-16T01:59:25.754655+00:00 [error] 123456789@172.17.0.1:33680 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:59:25.754794+00:00 [warning] 123456789@172.17.0.1:33680 [Channel] Client 123456789 (Username: 'admin') login failed for server_unavailable
2022-06-16T01:59:45.127531+00:00 [error] 123456789@172.17.0.1:33706 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T01:59:45.127717+00:00 [warning] 123456789@172.17.0.1:33706 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T02:05:24.952603+00:00 [error] 123456789@172.17.0.1:33756 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T02:05:24.952765+00:00 [warning] 123456789@172.17.0.1:33756 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T03:32:12.170348+00:00 [error] 123456789@172.17.0.1:34140 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T03:32:12.172895+00:00 [warning] 123456789@172.17.0.1:34140 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T03:32:39.120679+00:00 [error] 123456789@172.17.0.1:34178 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T03:32:39.120850+00:00 [warning] 123456789@172.17.0.1:34178 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
Stop http:management listener on 0.0.0.0:8081 successfully.
[os_mon] memory supervisor port (memsup): Erlang has closed
[os_mon] cpu supervisor port (cpu_sup): Erlang has closed
listener.ssl.external.acceptors = "32"
listener.ssl.external.max_connections = "102400"
listener.tcp.external.acceptors = "64"
listener.tcp.external.max_connections = "1024000"
listener.ws.external.acceptors = "16"
listener.ws.external.max_connections = "102400"
listener.wss.external.acceptors = "16"
listener.wss.external.max_connections = "102400"
log.to = "console"
node.max_ets_tables = "2097152"
node.max_ports = "1048576"
node.name = "9e19f752fdfc@172.17.0.5"
node.process_limit = "2097152"
rpc.port_discovery = "manual"
2022-06-16T05:20:33.625095+00:00 [info] event=server_setup_successfully driver=tcp socket="#Port<0.11>"
2022-06-16T05:20:33.625948+00:00 [info] '$kind': gen_rpc_dispatcher_start, file: gen_rpc_dispatcher.erl, line: 52, mfa: {gen_rpc_dispatcher,init,0}, pid: <0.1578.0>
2022-06-16T05:20:33.630734+00:00 [notice] alarm_handler: {clear,lc_mem_alarm}
Starting emqx on node 9e19f752fdfc@172.17.0.5
2022-06-16T05:20:33.631857+00:00 [notice] alarm_handler: {clear,lc_runq_alarm}
Start mqtt:tcp:internal listener on 127.0.0.1:11883 successfully.
Start mqtt:tcp:external listener on 0.0.0.0:1883 successfully.
Start mqtt:ws:external listener on 0.0.0.0:8083 successfully.
Start mqtt:ssl:external listener on 0.0.0.0:8883 successfully.
Start mqtt:wss:external listener on 0.0.0.0:8084 successfully.
2022-06-16T05:20:33.755674+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.756736+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.756814+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.766820+00:00 [debug] Validation
2022-06-16T05:20:33.767290+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.767420+00:00 [debug] "emqx_management.application" in Translations to drop...
2022-06-16T05:20:33.767849+00:00 [debug] Running translation for emqx_management.listeners
2022-06-16T05:20:33.769183+00:00 [debug] Applied Translations
Start http:management listener on 8081 successfully.
2022-06-16T05:20:33.787046+00:00 [info] [Plugins] Started plugins: [emqx_plugin_libs,xmerl,jiffy,minirest,emqx_management]
2022-06-16T05:20:33.787190+00:00 [info] [Plugins] Load plugin emqx_management successfully
2022-06-16T05:20:33.833391+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.833529+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.833673+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.835233+00:00 [debug] Validation
2022-06-16T05:20:33.835718+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.835977+00:00 [debug] Running translation for emqx_dashboard.listeners
2022-06-16T05:20:33.839722+00:00 [debug] Applied Translations
2022-06-16T05:20:33.840580+00:00 [warning] [Dashboard] Using default password for dashboard 'admin' user. Please use './bin/emqx_ctl admins' command to change it. NOTE: the default password in config file is only used to initialise the database record, changing the config file after database is initialised has no effect.
Start http:dashboard listener on 18083 successfully.
2022-06-16T05:20:33.858188+00:00 [info] [Plugins] Started plugins: [emqx_dashboard]
2022-06-16T05:20:33.858366+00:00 [info] [Plugins] Load plugin emqx_dashboard successfully
2022-06-16T05:20:33.861592+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.861694+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.861868+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.862944+00:00 [debug] Validation
2022-06-16T05:20:33.863803+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.864123+00:00 [debug] Applied Translations
2022-06-16T05:20:33.866736+00:00 [info] [Plugins] Started plugins: [recon,emqx_recon]
2022-06-16T05:20:33.867900+00:00 [info] [Plugins] Load plugin emqx_recon successfully
2022-06-16T05:20:33.880345+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.880468+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.880522+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.880774+00:00 [debug] Validation
2022-06-16T05:20:33.880870+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.880924+00:00 [debug] Applied Translations
2022-06-16T05:20:33.885379+00:00 [info] [Plugins] Started plugins: [emqx_retainer]
2022-06-16T05:20:33.885837+00:00 [info] [Plugins] Load plugin emqx_retainer successfully
2022-06-16T05:20:33.895152+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.895339+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.895474+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.896058+00:00 [debug] Validation
2022-06-16T05:20:33.896161+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.896304+00:00 [debug] Applied Translations
2022-06-16T05:20:33.897716+00:00 [info] [Plugins] Started plugins: [emqx_telemetry]
2022-06-16T05:20:33.897867+00:00 [info] [Plugins] Load plugin emqx_telemetry successfully
2022-06-16T05:20:33.912361+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.912480+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.912720+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.913090+00:00 [debug] Validation
2022-06-16T05:20:33.913174+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.913250+00:00 [debug] Running translation for emqx_rule_engine.events
2022-06-16T05:20:33.914056+00:00 [debug] Applied Translations
2022-06-16T05:20:33.924666+00:00 [info] [Plugins] Started plugins: [rulesql,getopt,emqx_rule_engine]
2022-06-16T05:20:33.924770+00:00 [info] [Plugins] Load plugin emqx_rule_engine successfully
2022-06-16T05:20:33.963772+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.963909+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.963955+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.964580+00:00 [debug] Validation
2022-06-16T05:20:33.964876+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.965149+00:00 [debug] Running translation for emqx_auth_http.auth_req
2022-06-16T05:20:33.966061+00:00 [debug] Running translation for emqx_auth_http.super_req
2022-06-16T05:20:33.966273+00:00 [debug] Running translation for emqx_auth_http.acl_req
2022-06-16T05:20:33.967114+00:00 [debug] Applied Translations
2022-06-16T05:20:33.975067+00:00 [info] [Plugins] Started plugins: [gun,ehttpc,emqx_auth_http]
2022-06-16T05:20:33.975214+00:00 [info] [Plugins] Load plugin emqx_auth_http successfully
2022-06-16T05:20:33.982649+00:00 [debug] Adding Defaults
2022-06-16T05:20:33.982761+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:20:33.982803+00:00 [debug] Applying Datatypes
2022-06-16T05:20:33.982866+00:00 [debug] Validation
2022-06-16T05:20:33.982926+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:20:33.983058+00:00 [debug] "emqx_auth_mnesia.clientid_list" in Translations to drop...
2022-06-16T05:20:33.983247+00:00 [debug] "emqx_auth_mnesia.username_list" in Translations to drop...
2022-06-16T05:20:33.983367+00:00 [debug] Applied Translations
2022-06-16T05:20:33.984545+00:00 [info] file: emqx_acl_mnesia_migrator.erl, line: 107, mfa: {emqx_acl_mnesia_migrator,waiting_all_nodes,3}, msg: emqx_acl_mnesia_migrator_check_old_table, pid: <0.2081.0>
2022-06-16T05:20:33.984798+00:00 [warning] [Ctl] CMD acl is overidden by {emqx_acl_mnesia_cli,cli}
2022-06-16T05:20:33.985195+00:00 [info] file: emqx_acl_mnesia_migrator.erl, line: 122, mfa: {emqx_acl_mnesia_migrator,checking_old_table,3}, msg: emqx_acl_mnesia_migrator_finish, pid: <0.2081.0>
2022-06-16T05:20:33.986542+00:00 [info] [Plugins] Started plugins: [emqx_auth_mnesia]
2022-06-16T05:20:33.986635+00:00 [info] [Plugins] Load plugin emqx_auth_mnesia successfully
2022-06-16T05:20:33.988035+00:00 [info] [Modules] Load emqx_mod_delayed module successfully.
2022-06-16T05:20:33.988473+00:00 [info] [Modules] Load emqx_mod_topic_metrics module successfully.
2022-06-16T05:20:33.988618+00:00 [info] [Modules] Load emqx_mod_subscription module successfully.
2022-06-16T05:20:33.990098+00:00 [info] [Modules] Load emqx_mod_acl_internal module successfully.
2022-06-16T05:20:33.990370+00:00 [info] [Modules] Load emqx_mod_rewrite module successfully.
2022-06-16T05:20:33.990579+00:00 [info] [Modules] Load emqx_mod_presence module successfully.
2022-06-16T05:20:33.992120+00:00 [info] [Modules] Load emqx_mod_trace module successfully.
2022-06-16T05:20:33.992320+00:00 [info] [Modules] Load emqx_mod_slow_subs module successfully.
EMQ X Broker 4.4.3 is running now!
2022-06-16T05:20:35.659366+00:00 [debug] file: emqx_telemetry.erl, line: 363, mfa: {emqx_telemetry,report_telemetry,1}, msg: telemetry_data_reported, pid: <0.1984.0>
2022-06-16T05:21:39.888743+00:00 [debug] Adding Defaults
2022-06-16T05:21:39.888908+00:00 [debug] Right Hand Side Substitutions
2022-06-16T05:21:39.888972+00:00 [debug] Applying Datatypes
2022-06-16T05:21:39.889507+00:00 [debug] Validation
2022-06-16T05:21:39.889653+00:00 [debug] Applied 1:1 Mappings
2022-06-16T05:21:39.889811+00:00 [debug] Running translation for emqx_auth_redis.options
2022-06-16T05:21:39.889984+00:00 [debug] Running translation for emqx_auth_redis.server
2022-06-16T05:21:39.890340+00:00 [debug] Running translation for emqx_auth_redis.query_timeout
2022-06-16T05:21:39.890532+00:00 [debug] Running translation for emqx_auth_redis.password_hash
2022-06-16T05:21:39.890629+00:00 [debug] Applied Translations
2022-06-16T05:21:39.892648+00:00 [error] crasher: initial call: eredis_client:init/1, pid: <0.2193.0>, registered_name: [], exit: {{connection_error,econnrefused},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,407}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2192.0>,<0.2191.0>,<0.2189.0>,emqx_auth_redis_sup,<0.2187.0>], message_queue_len: 0, messages: [], links: [<0.2192.0>], dictionary: [{options,[]}], trap_exit: false, status: running, heap_size: 610, stack_size: 28, reductions: 1026; neighbours:
2022-06-16T05:21:39.893085+00:00 [error] [Redis] Can't connect to Redis server: Connection refused.
2022-06-16T05:21:39.893398+00:00 [error] Supervisor: {<0.2191.0>,ecpool_worker_sup}. Context: start_error. Reason: {connection_error,econnrefused}. Offender: id={worker,1},pid=undefined.
2022-06-16T05:21:39.893499+00:00 [error] crasher: initial call: ecpool_worker:init/1, pid: <0.2192.0>, registered_name: [], exit: {{connection_error,econnrefused},[{gen_server,init_it,6,[{file,"gen_server.erl"},{line,407}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2191.0>,<0.2189.0>,emqx_auth_redis_sup,<0.2187.0>], message_queue_len: 1, messages: [{'EXIT',<0.2193.0>,{connection_error,econnrefused}}], links: [<0.2191.0>], dictionary: [], trap_exit: true, status: running, heap_size: 1598, stack_size: 28, reductions: 5446; neighbours:
2022-06-16T05:21:39.893945+00:00 [error] Supervisor: {<0.2189.0>,ecpool_pool_sup}. Context: start_error. Reason: {shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}. Offender: id=worker_sup,pid=undefined.
2022-06-16T05:21:39.894950+00:00 [error] Supervisor: {local,emqx_auth_redis_sup}. Context: start_error. Reason: {shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}. Offender: id=emqx_auth_redis,pid=undefined.
2022-06-16T05:21:39.895225+00:00 [error] crasher: initial call: application_master:init/4, pid: <0.2186.0>, registered_name: [], exit: {{bad_return,{{emqx_auth_redis_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emqx_auth_redis,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}}}}},[{emqx_auth_redis_app,start,2,[{file,"emqx_auth_redis_app.erl"},{line,30}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,293}]}]}}}},[{application_master,init,4,[{file,"application_master.erl"},{line,142}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,226}]}]}, ancestors: [<0.2185.0>], message_queue_len: 1, messages: [{'EXIT',<0.2187.0>,normal}], links: [<0.2185.0>,<0.1459.0>], dictionary: [], trap_exit: true, status: running, heap_size: 610, stack_size: 28, reductions: 214; neighbours:
2022-06-16T05:21:39.895852+00:00 [notice] Application: emqx_auth_redis. Exited: {bad_return,{{emqx_auth_redis_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emqx_auth_redis,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}}}}},[{emqx_auth_redis_app,start,2,[{file,"emqx_auth_redis_app.erl"},{line,30}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,293}]}]}}}}. Type: temporary.
2022-06-16T05:21:39.896119+00:00 [error] [Plugins] Load plugin emqx_auth_redis failed, cannot start plugin emqx_auth_redis for {bad_return,{{emqx_auth_redis_app,start,[normal,[]]},{'EXIT',{{badmatch,{error,{shutdown,{failed_to_start_child,emqx_auth_redis,{shutdown,{failed_to_start_child,worker_sup,{shutdown,{failed_to_start_child,{worker,1},{connection_error,econnrefused}}}}}}}}},[{emqx_auth_redis_app,start,2,[{file,"emqx_auth_redis_app.erl"},{line,30}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,293}]}]}}}}
2022-06-16T05:23:30.436962+00:00 [debug] 172.17.0.1:34678 [MQTT] RECV <<16,21,0,4,77,81,84,84,4,2,0,60,0,9,49,50,51,52,53,54,55,56,57>>
2022-06-16T05:23:30.437148+00:00 [debug] 172.17.0.1:34678 [MQTT] RECV CONNECT(Q0, R0, D0, ClientId=123456789, ProtoName=MQTT, ProtoVsn=4, CleanStart=true, KeepAlive=60, Username=undefined, Password=undefined)
2022-06-16T05:23:40.444407+00:00 [error] 123456789@172.17.0.1:34678 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T05:23:40.444541+00:00 [warning] 123456789@172.17.0.1:34678 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T05:23:40.444663+00:00 [debug] 123456789@172.17.0.1:34678 [MQTT] SEND CONNACK(Q0, R0, D0, AckFlags=0, ReasonCode=3)
2022-06-16T05:23:40.444928+00:00 [info] 123456789@172.17.0.1:34678 file: emqx_connection.erl, line: 550, mfa: {emqx_connection,terminate,2}, msg: terminate, pid: <0.2223.0>, reason: {shutdown,server_unavailable}
2022-06-16T05:23:53.251888+00:00 [debug] 172.17.0.1:34708 [MQTT] RECV <<16,21,0,4,77,81,84,84,4,2,0,60,0,9,49,50,51,52,53,54,55,56,57>>
2022-06-16T05:23:53.252219+00:00 [debug] 172.17.0.1:34708 [MQTT] RECV CONNECT(Q0, R0, D0, ClientId=123456789, ProtoName=MQTT, ProtoVsn=4, CleanStart=true, KeepAlive=60, Username=undefined, Password=undefined)
2022-06-16T05:24:03.258620+00:00 [error] 123456789@172.17.0.1:34708 [Auth http] Request auth path: /mqtt/auth, error: connect_timeout
2022-06-16T05:24:03.259063+00:00 [warning] 123456789@172.17.0.1:34708 [Channel] Client 123456789 (Username: 'undefined') login failed for server_unavailable
2022-06-16T05:24:03.259584+00:00 [debug] 123456789@172.17.0.1:34708 [MQTT] SEND CONNACK(Q0, R0, D0, AckFlags=0, ReasonCode=3)
2022-06-16T05:24:03.261367+00:00 [info] 123456789@172.17.0.1:34708 file: emqx_connection.erl, line: 550, mfa: {emqx_connection,terminate,2}, msg: terminate, pid: <0.2237.0>, reason: {shutdown,server_unavailable}

2022-06-16T05:24:03.259063+00:00 [warning] 123456789@172.17.0.1:34708 [Channel] Client 123456789 (Username: ‘undefined’) login failed for server_unavailable
你开了redis的auth插件，但是redis不可用。

2022-06-16T05:21:39.893085+00:00 [error] [Redis] Can’t connect to Redis server: Connection refused.

确实是的，那会点击了EMQ X Authentication/ACL with Redis的start按钮，想测试一下ACL Redis是否可用，所以导致了这个错误日志。
然后我将容器删除，重新创建了一个容器，设置了acl_nomatch:deny，开启了EMQ X Authentication with Mnesia，添加了ACL规则，发现MQTTX客户端工具仍然能往被deny的topic发送消息。

image668×612 18.8 KB

但是日志里面显示的是这样的：

2022-06-16T09:22:20.787122+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV <<48,29,0,7,84,111,112,105,99,47,66,123,10,32,32,34,109,115,103,34,58,32,34,104,101,108,108,111,34,10,125>>
2022-06-16T09:22:20.787344+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV PUBLISH(Q0, R0, D0, Topic=Topic/B, PacketId=undefined, Payload=<<"{\n  \"msg\": \"hello\"\n}">>)
2022-06-16T09:22:20.787562+00:00 [warning] 123456789@172.17.0.1:35528 [Channel] Cannot publish message to Topic/B due to Not authorized.
2022-06-16T09:22:21.581341+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV <<48,29,0,7,84,111,112,105,99,47,66,123,10,32,32,34,109,115,103,34,58,32,34,104,101,108,108,111,34,10,125>>
2022-06-16T09:22:21.581458+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV PUBLISH(Q0, R0, D0, Topic=Topic/B, PacketId=undefined, Payload=<<"{\n  \"msg\": \"hello\"\n}">>)
2022-06-16T09:22:21.581596+00:00 [warning] 123456789@172.17.0.1:35528 [Channel] Cannot publish message to Topic/B due to Not authorized.
2022-06-16T09:22:22.438977+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV <<48,29,0,7,84,111,112,105,99,47,66,123,10,32,32,34,109,115,103,34,58,32,34,104,101,108,108,111,34,10,125>>
2022-06-16T09:22:22.439196+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV PUBLISH(Q0, R0, D0, Topic=Topic/B, PacketId=undefined, Payload=<<"{\n  \"msg\": \"hello\"\n}">>)
2022-06-16T09:22:22.439433+00:00 [warning] 123456789@172.17.0.1:35528 [Channel] Cannot publish message to Topic/B due to Not authorized.
2022-06-16T09:22:23.176542+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV <<48,29,0,7,84,111,112,105,99,47,66,123,10,32,32,34,109,115,103,34,58,32,34,104,101,108,108,111,34,10,125>>
2022-06-16T09:22:23.176689+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV PUBLISH(Q0, R0, D0, Topic=Topic/B, PacketId=undefined, Payload=<<"{\n  \"msg\": \"hello\"\n}">>)
2022-06-16T09:22:23.176831+00:00 [warning] 123456789@172.17.0.1:35528 [Channel] Cannot publish message to Topic/B due to Not authorized.
2022-06-16T09:22:39.051439+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV <<224,0>>
2022-06-16T09:22:39.051589+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] RECV DISCONNECT(Q0, R0, D0, ReasonCode=0)
2022-06-16T09:22:39.051815+00:00 [debug] 123456789@172.17.0.1:35528 [MQTT] Force to close the socket due to normal
2022-06-16T09:22:39.059171+00:00 [info] 123456789@172.17.0.1:35528 file: emqx_connection.erl, line: 550, mfa: {emqx_connection,terminate,2}, msg: terminate, pid: <0.2245.0>, reason: {shutdown,normal}
2022-06-16T09:22:57.707309+00:00 [debug] 172.17.0.1:35748 [MQTT] RECV <<16,21,0,4,77,81,84,84,4,2,0,60,0,9,49,50,51,52,53,54,55,56,57>>
2022-06-16T09:22:57.707475+00:00 [debug] 172.17.0.1:35748 [MQTT] RECV CONNECT(Q0, R0, D0, ClientId=123456789, ProtoName=MQTT, ProtoVsn=4, CleanStart=true, KeepAlive=60, Username=undefined, Password=undefined)
2022-06-16T09:22:57.708732+00:00 [debug] 123456789@172.17.0.1:35748 [Channel] RECV CONNECT(Q0, R0, D0, ClientId=123456789, ProtoName=MQTT, ProtoVsn=4, CleanStart=true, KeepAlive=60, Username=undefined, Password=undefined)
2022-06-16T09:22:57.714033+00:00 [debug] 123456789@172.17.0.1:35748 client_id: <<"123456789">>, file: emqx_cm.erl, line: 124, mfa: {emqx_cm,insert_channel_info,3}, msg: insert_channel_info, pid: <0.2617.0>
2022-06-16T09:22:57.714416+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] SEND CONNACK(Q0, R0, D0, AckFlags=0, ReasonCode=0)
2022-06-16T09:23:01.602069+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV <<48,29,0,7,84,111,112,105,99,47,66,123,10,32,32,34,109,115,103,34,58,32,34,104,101,108,108,111,34,10,125>>
2022-06-16T09:23:01.602243+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV PUBLISH(Q0, R0, D0, Topic=Topic/B, PacketId=undefined, Payload=<<"{\n  \"msg\": \"hello\"\n}">>)
2022-06-16T09:23:01.602494+00:00 [warning] 123456789@172.17.0.1:35748 [Channel] Cannot publish message to Topic/B due to Not authorized.
2022-06-16T09:24:02.000446+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV <<192,0>>
2022-06-16T09:24:02.000646+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV PINGREQ(Q0, R0, D0)
2022-06-16T09:24:02.000882+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] SEND PINGRESP(Q0, R0, D0)
2022-06-16T09:25:02.998152+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV <<192,0>>
2022-06-16T09:25:02.998326+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV PINGREQ(Q0, R0, D0)
2022-06-16T09:25:02.998456+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] SEND PINGRESP(Q0, R0, D0)
2022-06-16T09:26:04.007340+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV <<192,0>>
2022-06-16T09:26:04.007477+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV PINGREQ(Q0, R0, D0)
2022-06-16T09:26:04.007650+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] SEND PINGRESP(Q0, R0, D0)
2022-06-16T09:27:05.013965+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV <<192,0>>
2022-06-16T09:27:05.014639+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV PINGREQ(Q0, R0, D0)
2022-06-16T09:27:05.015429+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] SEND PINGRESP(Q0, R0, D0)
2022-06-16T09:28:06.003073+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV <<192,0>>
2022-06-16T09:28:06.003240+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] RECV PINGREQ(Q0, R0, D0)
2022-06-16T09:28:06.003373+00:00 [debug] 123456789@172.17.0.1:35748 [MQTT] SEND PINGRESP(Q0, R0, D0)