Blame mqtt/README.md

Pat Riehecky 0b0750
# MQTT scripts
Pat Riehecky 0b0750
Pat Riehecky 0b0750
The mqtt.git.centos.org server requires authentication.  As a result we've provided some client server scripts that will let you protect your keys.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
These can also be used as a basis for building your own MQTT automation scripts.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
## Scripts:
Pat Riehecky 0b0750
Pat Riehecky 0b0750
* send-mqtt-to-dbus.py - Connects the MQTT messages to a dbus interface.
Pat Riehecky 0b0750
    To fully protect your keys you can setup the system bus (a config is provided by --dbus-config)
Pat Riehecky 0b0750
    Then you can have this run as a dedicated user that has access to your keys.
Pat Riehecky 0b0750
    See the `on_mqtt_connect` and `on_mqtt_message` functions for customizing the behavior.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
* listen-on-dbus-for-mqtt-signals.py - Listens to messages sent to dbus and performs an action.
Pat Riehecky 0b0750
    You can set this to run a generic command or customize it to fit your needs.
Pat Riehecky 0b0750
    See the `signal_recieved` function for customizing the behavior.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
* example-safe-command.py - It is an example of how to run a command from listen-on-dbus-for-mqtt-signals.py
Pat Riehecky 0b0750
Pat Riehecky 0b0750
* send-mqtt-to-irc.py - An untested IRC bot that will (in theory) chat out the messages.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
## Systemd Unit:
Pat Riehecky 0b0750
Pat Riehecky 0b0750
Some sample systemd unit files are provided to work with the example scripts.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
NOTE: They require customization before use.
Pat Riehecky 0b0750
      You must at minimum set the User= to a trusted user.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
* listen-on-dbus-for-mqtt-signals.service
Pat Riehecky 0b0750
    You should adjust the path of commands and select a safe command to execute.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
* send-mqtt-to-dbus.service
Pat Riehecky 0b0750
    You should setup the system dbus profile with --dbus-config
Pat Riehecky 0b0750
Pat Riehecky 0b0750
## Container notes:
Pat Riehecky 0b0750
Pat Riehecky 0b0750
It is _not_ considered safe to share the host dbus (system or session) with a container.  This can permit the container to escape into the host and violate the security of your system.
Pat Riehecky 0b0750
Pat Riehecky 0b0750
For example, here is how you can reboot a host from dbus if you've got rights.
Pat Riehecky 0b0750
```
Pat Riehecky 0b0750
DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket \
Pat Riehecky 0b0750
  dbus-send --system --print-reply    \
Pat Riehecky 0b0750
  --dest=org.freedesktop.systemd1     \
Pat Riehecky 0b0750
  /org/freedesktop/systemd1           \
Pat Riehecky 0b0750
  org.freedesktop.systemd1.Manager.Reboot
Pat Riehecky 0b0750
```