[ZBX-22399] No possible to establish connection to MQTT Broker by TLS Created: 2023 Feb 22  Updated: 2024 Apr 10  Resolved: 2023 Jun 20

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Agent2 plugin (G)
Affects Version/s: 6.2.7
Fix Version/s: 6.0.19rc1, 6.4.4rc1, 7.0.0alpha2, 7.0 (plan)

Type: Problem report Priority: Major
Reporter: Nico MS Assignee: Eriks Sneiders
Resolution: Fixed Votes: 0
Labels: mqtt, plugin
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Team: Team INT
Sprint: Sprint 100 (May 2023), Sprint 101 (Jun 2023)
Story Points: 2

 Description   

Steps to reproduce:

  1. Connection to MQTT Broker to receive messages using the integrated MQTT Plugin of Zabbix Agent2.
  2. The CA Cert file is stored in /etc/ssl/certs
  3. This is the item key:  
    mqtt.get[tls://<broker_ip>:8883,<topic>,<user>,<pass>]
  1. It seems CA cert file is not read, because if I delete it there is no change in logs.
  2. Using a tool like mosquitto_sub I can subscribe to topic without any problem:
mosquitto_sub -h <broker_ip> -C 1 -t "<topic>" -p 8883 -u <user> -P <pass> --insecure  --cafile /etc/ssl/certs/cafile.crt

 

Result:

Log: zabbix_agent2.log

2023/02/22 10:25:51.861890 connecting to [127.0.0.1:10051] [timeout:10s, connection timeout:10s]
2023/02/22 10:25:51.862183 sending [{"request":"active checks","host":"agatamonitor02","version":"6.2","port":10057}] to [127.0.0.1:10051]
2023/02/22 10:25:51.862572 receiving data from [127.0.0.1:10051]
2023/02/22 10:25:51.864833 received [{"response":"success","data":[{"key":"mqtt.get[tls://<broker_ip>:8883,<topic>,<user>,<pass>]","itemid":36242,"delay":"0","lastlogsize":0,"mtime":0}]}] from [127.0.0.1:10051]
2023/02/22 10:25:51.864969 [101] End of refreshActiveChecks() from [127.0.0.1:10051]
2023/02/22 10:25:51.865013 [101] processing update request (1 requests)
2023/02/22 10:25:51.865052 [101] adding new request for key: 'mqtt.get[tls://<broker_ip>:8883,<topic>,<user>,<pass>]'
2023/02/22 10:25:51.865118 [101] created watcher task for plugin MQTT
2023/02/22 10:25:51.865224 plugin MQTT: executing watcher task
2023/02/22 10:25:51.865289 [MQTT] establishing connection to [tls://192.168.20.61:8883]
2023/02/22 10:25:56.866268 [MQTT] cannot establish connection to [tls://192.168.20.61:8883]: timed out while connecting
2023/02/22 10:25:58.862120 [101] upload history data, 1/100 value(s)
2023/02/22 10:25:58.862277 connecting to [127.0.0.1:10051] [timeout:10s, connection timeout:10s]
2023/02/22 10:25:58.862550 sending [{"request":"agent data","data":[{"id":20,"itemid":36242,"state":1,"value":"timed out while connecting","clock":1677057951,"ns":865253515}],"session":"121a71c069c6198b9179d98bdc1e8916","host":"agatamonitor02","version":"6.2"}] to [127.0.0.1:10051]
2023/02/22 10:25:58.862888 receiving data from [127.0.0.1:10051]

 Comments   
Comment by Eriks Sneiders [ 2023 Jun 13 ]

Implemented in 

Comment by Marina Generalova [ 2023 Jun 19 ]

Documentation updated:

Generated at Mon Mar 31 04:37:16 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.