homeserver/ansible_collections/community/general/plugins/modules/notification/mqtt.py
mg c648a48c4c systemd: sanoid (#346)
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#346
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
2022-04-03 11:04:27 +02:00

249 lines
7.6 KiB
Python

#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2013, 2014, Jan-Piet Mens <jpmens () gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
---
module: mqtt
short_description: Publish a message on an MQTT topic for the IoT
description:
- Publish a message on an MQTT topic.
options:
server:
type: str
description:
- MQTT broker address/name
default: localhost
port:
type: int
description:
- MQTT broker port number
default: 1883
username:
type: str
description:
- Username to authenticate against the broker.
password:
type: str
description:
- Password for C(username) to authenticate against the broker.
client_id:
type: str
description:
- MQTT client identifier
- If not specified, a value C(hostname + pid) will be used.
topic:
type: str
description:
- MQTT topic name
required: true
payload:
type: str
description:
- Payload. The special string C("None") may be used to send a NULL
(i.e. empty) payload which is useful to simply notify with the I(topic)
or to clear previously retained messages.
required: true
qos:
type: str
description:
- QoS (Quality of Service)
default: "0"
choices: [ "0", "1", "2" ]
retain:
description:
- Setting this flag causes the broker to retain (i.e. keep) the message so that
applications that subsequently subscribe to the topic can received the last
retained message immediately.
type: bool
default: 'no'
ca_cert:
type: path
description:
- The path to the Certificate Authority certificate files that are to be
treated as trusted by this client. If this is the only option given
then the client will operate in a similar manner to a web browser. That
is to say it will require the broker to have a certificate signed by the
Certificate Authorities in ca_certs and will communicate using TLS v1,
but will not attempt any form of authentication. This provides basic
network encryption but may not be sufficient depending on how the broker
is configured.
aliases: [ ca_certs ]
client_cert:
type: path
description:
- The path pointing to the PEM encoded client certificate. If this is not
None it will be used as client information for TLS based
authentication. Support for this feature is broker dependent.
aliases: [ certfile ]
client_key:
type: path
description:
- The path pointing to the PEM encoded client private key. If this is not
None it will be used as client information for TLS based
authentication. Support for this feature is broker dependent.
aliases: [ keyfile ]
tls_version:
description:
- Specifies the version of the SSL/TLS protocol to be used.
- By default (if the python version supports it) the highest TLS version is
detected. If unavailable, TLS v1 is used.
type: str
choices:
- tlsv1.1
- tlsv1.2
requirements: [ mosquitto ]
notes:
- This module requires a connection to an MQTT broker such as Mosquitto
U(http://mosquitto.org) and the I(Paho) C(mqtt) Python client (U(https://pypi.org/project/paho-mqtt/)).
author: "Jan-Piet Mens (@jpmens)"
'''
EXAMPLES = '''
- name: Publish a message on an MQTT topic
community.general.mqtt:
topic: 'service/ansible/{{ ansible_hostname }}'
payload: 'Hello at {{ ansible_date_time.iso8601 }}'
qos: 0
retain: False
client_id: ans001
delegate_to: localhost
'''
# ===========================================
# MQTT module support methods.
#
import os
import ssl
import traceback
import platform
from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
HAS_PAHOMQTT = True
PAHOMQTT_IMP_ERR = None
try:
import socket
import paho.mqtt.publish as mqtt
except ImportError:
PAHOMQTT_IMP_ERR = traceback.format_exc()
HAS_PAHOMQTT = False
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
from ansible.module_utils.common.text.converters import to_native
# ===========================================
# Main
#
def main():
tls_map = {}
try:
tls_map['tlsv1.2'] = ssl.PROTOCOL_TLSv1_2
except AttributeError:
pass
try:
tls_map['tlsv1.1'] = ssl.PROTOCOL_TLSv1_1
except AttributeError:
pass
module = AnsibleModule(
argument_spec=dict(
server=dict(default='localhost'),
port=dict(default=1883, type='int'),
topic=dict(required=True),
payload=dict(required=True),
client_id=dict(default=None),
qos=dict(default="0", choices=["0", "1", "2"]),
retain=dict(default=False, type='bool'),
username=dict(default=None),
password=dict(default=None, no_log=True),
ca_cert=dict(default=None, type='path', aliases=['ca_certs']),
client_cert=dict(default=None, type='path', aliases=['certfile']),
client_key=dict(default=None, type='path', aliases=['keyfile']),
tls_version=dict(default=None, choices=['tlsv1.1', 'tlsv1.2'])
),
supports_check_mode=True
)
if not HAS_PAHOMQTT:
module.fail_json(msg=missing_required_lib('paho-mqtt'), exception=PAHOMQTT_IMP_ERR)
server = module.params.get("server", 'localhost')
port = module.params.get("port", 1883)
topic = module.params.get("topic")
payload = module.params.get("payload")
client_id = module.params.get("client_id", '')
qos = int(module.params.get("qos", 0))
retain = module.params.get("retain")
username = module.params.get("username", None)
password = module.params.get("password", None)
ca_certs = module.params.get("ca_cert", None)
certfile = module.params.get("client_cert", None)
keyfile = module.params.get("client_key", None)
tls_version = module.params.get("tls_version", None)
if client_id is None:
client_id = "%s_%s" % (socket.getfqdn(), os.getpid())
if payload and payload == 'None':
payload = None
auth = None
if username is not None:
auth = {'username': username, 'password': password}
tls = None
if ca_certs is not None:
if tls_version:
tls_version = tls_map.get(tls_version, ssl.PROTOCOL_SSLv23)
else:
if LooseVersion(platform.python_version()) <= LooseVersion("3.5.2"):
# Specifying `None` on later versions of python seems sufficient to
# instruct python to autonegotiate the SSL/TLS connection. On versions
# 3.5.2 and lower though we need to specify the version.
#
# Note that this is an alias for PROTOCOL_TLS, but PROTOCOL_TLS was
# not available until 3.5.3.
tls_version = ssl.PROTOCOL_SSLv23
tls = {
'ca_certs': ca_certs,
'certfile': certfile,
'keyfile': keyfile,
'tls_version': tls_version,
}
try:
mqtt.single(
topic,
payload,
qos=qos,
retain=retain,
client_id=client_id,
hostname=server,
port=port,
auth=auth,
tls=tls
)
except Exception as e:
module.fail_json(
msg="unable to publish to MQTT broker %s" % to_native(e),
exception=traceback.format_exc()
)
module.exit_json(changed=False, topic=topic)
if __name__ == '__main__':
main()