Enable RBAC for the MQTT Broker

Enable RBAC

1. Open UMHLens / OpenLens
2. Navigate to Helm > Releases.
3. Select the united-manufacturing-hub release and click Upgrade.
4. Find the mqtt_broker section.
5. Locate the rbacEnabled parameter and change its value from false to true.
6. Click Upgrade.

Now all MQTT connections require password authentication with the following defaults:

• Username: node-red
• Password: INSECURE_INSECURE_INSECURE

Change default credentials

1. Open UMHLens / OpenLens

2. Navigate to Workloads > Pods.

3. Select the united-manufacturing-hub-hivemqce-0 Pod.

4. Click the Pod Shell button to open a shell in the container.

   

   

5. Navigate to the installation directory of the RBAC extension.

   cd extensions/hivemq-file-rbac-extension/
   

6. Generate a password hash with this command.

   java -jar hivemq-file-rbac-extension-<version>.jar -p <password>
   

   • Replace <version> with the version of the HiveMQ CE extension. If you are not sure which version is installed, you can press Tab after typing java -jar hivemq-file-rbac-extension- to autocomplete the version.
   • Replace <password> with your desired password. Do not use any whitespaces.

7. Copy the output of the command. It should look similar to this:

   $2a$10$Q8ZQ8ZQ8ZQ8ZQ8ZQ8ZQ8Zu
   

8. Navigate to Config > ConfigMaps.

9. Select the united-manufacturing-hub-hivemqce-extension ConfigMap.

10. Click the Edit button to open the ConfigMap editor.

11. In the data.credentials.xml section, replace the strings inbetween the <password> tags with the password hash generated in step 7.

    You can use a different password for each different microservice. Just remember that you will need to update the configuration in each one to use the new password.

12. Click Save to apply the changes.

13. Go back to Workloads > Pods and select the united-manufacturing-hub-hivemqce-0 Pod.

14. Click the Delete button to delete the Pod.

    

    

What’s next

• Setting up HiveMQ PKI