用环境变量配置authentication为mysql，报mechanism_field_required

lxd · 2022 年11 月 25 日 06:43

错误报告

[error] crasher: initial call: application_master:init/4, pid: <0.2571.0>, registered_name: [], exit: {{{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}},[{application_master,init,4,[{file,“application_master.erl”},{line,142}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,226}]}]}, ancestors: [<0.2570.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.2572.0>,normal}], links: [<0.2570.0>,<0.1688.0>], dictionary: [], trap_exit: true, status: running, heap_size: 376, stack_size: 29, reductions: 167; neighbours:

环境

EMQX 版本：5.0.10
操作系统版本：docker

重现此问题的步骤

docker-> emqx/emqx:5.0.10
环境变量：EMQX_AUTHENTICATION__1
环境变量值:{mechanism=“password_based”,backend=“mysql”,server=“xxx:3306”,database=“emqx”,username=“emqx”,password=“emqx”,query=“SELECT password_hash, salt, is_superuser FROM mqtt_user WHERE username = ${username} LIMIT 1”,password_hash_algorithm={name=sha256,salt_position=prefix},enable=true}

预期行为

不应该启动失败

实际行为

启动失败，报缺少mechanism字段

功能请求

描述你需要的功能

为什么你需要这个功能

其他

lxd · 2022 年11 月 25 日 06:45

这个是详细错误日志

2022-11-25T06:34:01.241839+00:00 [error] crasher: initial call: application_master:init/4, pid: <0.2571.0>, registered_name: [], exit: {{{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}},[{application_master,init,4,[{file,“application_master.erl”},{line,142}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,226}]}]}, ancestors: [<0.2570.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.2572.0>,normal}], links: [<0.2570.0>,<0.1688.0>], dictionary: [], trap_exit: true, status: running, heap_size: 376, stack_size: 29, reductions: 167; neighbours:
2022-11-25T06:34:01.242084+00:00 [notice] Application: emqx_authn. Exited: {{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}}. Type: temporary.
2022-11-25T06:34:01.243861+00:00 [notice] Application: jose. Exited: stopped. Type: temporary.
2022-11-25T06:34:01.243916+00:00 [critical] app: emqx_authn, line: 88, mfa: emqx_machine_boot:start_one_app/1, msg: failed_to_start_app, reason: {emqx_authn,{{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}}}
2022-11-25T06:34:01.244006+00:00 [error] Supervisor: {local,emqx_machine_sup}. Context: start_error. Reason: {‘EXIT’,{{failed_to_start_app,emqx_authn,{emqx_authn,{{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}}}},[{emqx_machine_boot,start_one_app,1,[{file,“emqx_machine_boot.erl”},{line,89}]},{lists,foreach,2,[{file,“lists.erl”},{line,1342}]},{emqx_machine_boot,post_boot,0,[{file,“emqx_machine_boot.erl”},{line,38}]},{supervisor,do_start_child_i,3,[{file,“supervisor.erl”},{line,414}]},{supervisor,do_start_child,2,[{file,“supervisor.erl”},{line,400}]},{supervisor,‘-start_children/2-fun-0-’,3,[{file,“supervisor.erl”},{line,384}]},{supervisor,children_map,4,[{file,“supervisor.erl”},{line,1250}]},{supervisor,init_children,2,[{file,“supervisor.erl”},{line,350}]},{gen_server,init_it,2,[{file,“gen_server.erl”},{line,423}]},{gen_server,init_it,6,[{file,“gen_server.erl”},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,226}]}]}}. Offender: id=emqx_machine_boot,pid=undefined.
2022-11-25T06:34:01.244388+00:00 [error] crasher: initial call: application_master:init/4, pid: <0.1924.0>, registered_name: [], exit: {{{shutdown,{failed_to_start_child,emqx_machine_boot,{‘EXIT’,{{failed_to_start_app,emqx_authn,{emqx_authn,{{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}}}},[{emqx_machine_boot,start_one_app,1,[{file,“emqx_machine_boot.erl”},{line,89}]},{lists,foreach,2,[{file,“lists.erl”},{line,1342}]},{emqx_machine_boot,post_boot,0,[{file,“emqx_machine_boot.erl”},{line,38}]},{supervisor,do_start_child_i,3,[{file,“supervisor.erl”},{line,414}]},{supervisor,do_start_child,2,[{file,“supervisor.erl”},{line,400}]},{supervisor,‘-start_children/2-fun-0-’,3,[{file,“supervisor.erl”},{line,384}]},{supervisor,children_map,4,[{file,“supervisor.erl”},{line,1250}]},{supervisor,init_children,2,[{file,“supervisor.erl”},{line,350}]},{gen_server,init_it,2,[{file,“gen_server.erl”},{line,423}]},{gen_server,init_it,6,[{file,“gen_server.erl”},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,226}]}]}}}},{emqx_machine_app,start,[normal,[]]}},[{application_master,init,4,[{file,“application_master.erl”},{line,142}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,226}]}]}, ancestors: [<0.1923.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.1925.0>,normal}], links: [<0.1923.0>,<0.1688.0>], dictionary: [], trap_exit: true, status: running, heap_size: 1598, stack_size: 29, reductions: 243; neighbours:
2022-11-25T06:34:01.244684+00:00 [notice] Application: emqx_machine. Exited: {{shutdown,{failed_to_start_child,emqx_machine_boot,{‘EXIT’,{{failed_to_start_app,emqx_authn,{emqx_authn,{{failed_to_initialize_authentication,{invalid_config,“mechanism_field_required”}},{emqx_authn_app,start,[normal,[]]}}}},[{emqx_machine_boot,start_one_app,1,[{file,“emqx_machine_boot.erl”},{line,89}]},{lists,foreach,2,[{file,“lists.erl”},{line,1342}]},{emqx_machine_boot,post_boot,0,[{file,“emqx_machine_boot.erl”},{line,38}]},{supervisor,do_start_child_i,3,[{file,“supervisor.erl”},{line,414}]},{supervisor,do_start_child,2,[{file,“supervisor.erl”},{line,400}]},{supervisor,‘-start_children/2-fun-0-’,3,[{file,“supervisor.erl”},{line,384}]},{supervisor,children_map,4,[{file,“supervisor.erl”},{line,1250}]},{supervisor,init_children,2,[{file,“supervisor.erl”},{line,350}]},{gen_server,init_it,2,[{file,“gen_server.erl”},{line,423}]},{gen_server,init_it,6,[{file,“gen_server.erl”},{line,390}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,226}]}]}}}},{emqx_machine_app,start,[normal,[]]}}. Type: permanent.

t1ger · 2022 年11 月 25 日 08:59

可以看下你环境变量是怎么设置的吗？

lxd · 2022 年11 月 28 日 04:43

---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: emqx
  namespace: emqx
spec:
  replicas: 1
  serviceName: emqx
  template:
    spec:
      containers:
        - env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: status.podIP
            - name: EMQX_NODE_NAME
              value: emqx@$(POD_IP)
            - name: EMQX_CLUSTER__DNS__NAME
              value: emqx.emqx.svc.cluster.local
            - name: EMQX_CLUSTER__DISCOVERY_STRATEGY
              value: dns
            - name: EMQX_NODE__COOKIE
              value: emqx-tengwow-2022
            - name: EMQX_LOG__CONSOLE_HANDLER__LEVEL
              value: info
            - name: EMQX_AUTHORIZATION__SOURCES__1
              value: >-
                {type="mysql",server="xxx:3306",database="xxx",username="xxx",password="xxx",query="SELECT
                action, permission, topic FROM mqtt_acl where username =
                ${username}"}
            - name: EMQX_AUTHENTICATION__1
              value: >-
                {mechanism="password_based",backend="mysql",server="xxx:3306",database="xxx",username="xxx",password=xxx",query="SELECT
                password_hash, salt, is_superuser FROM mqtt_user WHERE username
                = ${username} LIMIT
                1",password_hash_algorithm={name=sha256,salt_position=prefix},enable=true}
            - name: EMQX_DASHBOARD__DEFAULT_USERNAME
              value: xxx
            - name: EMQX_DASHBOARD__DEFAULT_PASSWORD
              value: 'xxx'
            - name: EMQX_DASHBOARD__I18N_LANG
              value: zh
            - name: EMQX_RETAINER__BACKEND__STORAGE_TYPE
              value: disc
          image: 'emqx/emqx:5.0.10'
          imagePullPolicy: IfNotPresent
          name: emqx
          ports:
            - containerPort: 1883
              name: mqtt
              protocol: TCP
            - containerPort: 8883
              name: mqtts
              protocol: TCP
            - containerPort: 8083
              name: ws
              protocol: TCP
            - containerPort: 8084
              name: wss
              protocol: TCP
            - containerPort: 18083
              name: http
              protocol: TCP

lxd · 2022 年11 月 28 日 04:43

上面是k8s的配置，谢谢了

zhongwencool · 2022 年11 月 28 日 07:22

lxd:

{type="mysql",server="xxx:3306",database="xxx",username="xxx",password="xxx",query="SELECT
                action, permission, topic FROM mqtt_acl where username =
                ${username}"}

正常情况下写用环境变量写array object，应该是可以的。但是你的格式要改一下：
export EMQX_AUTHORIZATION__SOURCES=“{"1":{type="mysql",server="xxx:3306",database="xxx",username="xxx",password="xxx",query="SELECT action, permission, topic FROM mqtt_acl where username=${username}"}}”

上面是授权的，可以正常工作。
但是认证的authentication 目前通过环境变量配置还有一点问题，需要在下个版本安排修复。谢谢

lxd · 2022 年11 月 28 日 07:30

好的，EMQX_AUTHORIZATION__SOURCES__1这个使用没有问题，5.0.11会更新么？如果能更新那真是太好了

zhongwencool · 2022 年11 月 28 日 08:47

5.0.11今天已经发布了，最快也得5.0.12

zhongwencool · 2022 年11 月 28 日 13:16

github.com/emqx/emqx

fix: set authentication array from ENV failed

emqx:master ← zhongwencool:authn-env-failed

opened 01:16PM - 28 Nov 22 UTC

zhongwencool

+11 -4

Fixes https://askemq.com/t/topic/3505 ## PR Checklist Please convert it to… a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked: - [ ] Added tests for the changes - [ ] Changed lines covered in coverage report - [ ] Change log has been added to `changes/` dir - [ ] For EMQX 4.x: `appup` files updated (execute `scripts/update-appup.sh emqx`) - [ ] For internal contributor: there is a jira ticket to track this change - [ ] If there should be document changes, a PR to emqx-docs.git is sent, or a jira ticket is created to follow up - [ ] In case of non-backward compatible changes, reviewer should check this item as a write-off, and add details in **Backward Compatibility** section ## Backward Compatibility ## More information