Versions Compared

Old Version 6

changes.mady.by.user Wes Johnson

Saved on

compared with

New Version Current

changes.mady.by.user Nathan Davenport

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When logging into Chariot MQTT Server the first time you will likely get security warnings from your browser due to using a certificate that is not signed by a trusted Certificate Authority (CA).  This is fine, just accept the certificate (typically by clicking an 'advanced' button or something similar depending on the browser type). 

NOTE: Internet Explorer is not supported for connecting to the Chariot MQTT Server web front-end. Please use Chrome or Firefox.

Below is an example warning from Google Chrome.

...

  • Adding a User
    • Users can be added by Instance Admin and Account Admins
    • The user being added must be at the role level of the creator or lower
    • Done by clicking 'Add User' which opens the following Window
    • Username and Password must be set as well as one of the three roles.
    • ACLs must be defined.  This is a comma separated list of ACLs that define which topics users can publish and subscribe on

    • ACLs are defined by the following format: [R|W|RW] topic

      where:

      R = Read or 'subscribe' privileges

      W = Write or 'publish' privileges

      RW = Read and Write (subscribe and publish) privileges

      topic = The topic or wildcard topic representing the scope of the privilege

      Below are some example ACL definitions

      • RW #
        • This allows clients connecting using this username/password to publish and subscribe on any topic
      • R #
        • This allows clients connecting using this username/password to subscribe on any topic but not publish on any topics
      • W #
        • This allows clients connecting using this username/password to publish on any topic but not subscribe on any topics
      • W device_one/temp/#,R state/#
        • This allows clients connecting using this username/password to publish on device_one/temp/# and subscribe on state/# topics

      ACLs should be designed with a 'principal of least privilege' model while also considering device management and maintenance.  For example gateways and devices in the field should be limited to publishing and subscribing only on the topics for which they should be expected to.  The same should be true of 'consumer' applications that will be either sending commands to devices in the field or consuming data coming from those devices.

      It is also important to note that a username is not limited to a single MQTT client.  A username/password pair could be used for multiple MQTT clients.

      If you are new to MQTT topics, Eclipse provides good information here on the basics and wildcards.

  • Editing a User
    • This is the same as adding a user except does not allow modifying the username.  It also doesn't allow resetting the passwords from this view.
  • Resetting a User Password
    • Resets the password for another user.
  • Deleting a User
    • Deletes a user.  This is only allowed for users other than the one currently logged in.
  • Reset Trial Timer
    • Resets the trial timer to two hours.  This is only allowed once the trial timer has expired and as long as a license has not been issued to this instance.  If a valid license has been uploaded to this instance, the trial timer is unnecessary.
    • Important: The trial must be running or the instance must have a valid license from Cirrus Link for the MQTT server to work!
    • Once the Chariot MQTT Server is licensed, this option goes away.
  • Change Password
    • Resets the password for the currently logged in user.
  • Change Network Settings
    • Allows for changing the following parameters:
      • Hostname
      • IP Address
      • Network Mask
      • Default Gateway
      • DNS Servers
    • Once the Chariot MQTT Server is licensed, this option goes away.
  • Generate License Request
    • Used to create a license request to submit to Cirrus Link for acquire a Chariot MQTT Server license.  Once generated and downloaded, this is the file to submit to Cirrus Link to receive a license file.
    • Once the Chariot MQTT Server is licensed, this option goes away.
  • Upload License
    • This is used to upload a license file after Cirrus Link creates it from the license request file.
    • Once the Chariot MQTT Server is licensed, this option goes away.
  • Uploading a TLS Certificate
    • Allows for uploading of the three components of a TLS Certificate.  This can be a 'self signed cert' or one signed by a known public trusted CA.  All of these must be in PEM format.
      • Certificate File - The signed certificate.
      • Private Key File - The private key associated with the certificate.
      • CA File - The public CA PEM that signed the certificate.  If there are intermediate certificate(s) they should be chained in a single PEM file with the root CA PEM as well.
  • Logout
    • Logs the current user out of the system.

 


Connecting to Chariot MQTT Server

...

After the connection profile is created, from the main MQTT.fx window, select 'Chariot MQTT Server', and click Connect.

 


After a valid connection is established, you should see the connection indicator in the top right corner light green as shown below:

 


If the connection does not get established, check the following:

  • The Trial Timer is not at 00:00:00
  • The MQTT Server is on the same network as the computer running MQTT.fx

...


Once connected, you can use the publish and subscribe buttons in MQTT.fx to send and receive messages.  To send a message and receive it back in this client, do the following.

...