Introduction
In previous blog posts [1], [2], we’ve built the Mosquitto MQTT broker on Edison and created a sensor node for sensing motion, temperature, and light level. In this article, we will connect those sensors and actuators to the Mosquitto MQTT server we’ve built to turn those sensors into true IoT sensors.
Using MQTT
Basic MQTT Publish/Subscribe
MQTT is a publish/subscribe protocol built on top of TCP/IP protocol. MQTT is one of the popular protocols being used for M2M (Machine to Machine) communications. The two main components of MQTT are the MQTT clients and the MQTT broker. The MQTT clients publish messages to a particular topic or, subscribe and listen, to a particular topic. The MQTT broker receives all published messages from MQTT publishers and forward the relevant messages to all MQTT subscribers. Subscribers and publishers do not have to be aware of each other, only the topics and messages are relevant. To properly communicate, publishers and subscribers have to agree to use a common topic name and message format.
To publish or subscribe to an MQTT topic, a MQTT client program is needed. In the Mosquitto MQTT distribution, the publishing client is called ‘mosquitto_pub’ and the subscribing client is called‘mosquitto_sub’.
The screenshot below shows the sequence of activities we’ll be describing next. The red window shows outputs of the ‘mosquitto_sub’ commands and the black window shows the ‘mosquitto_pub’ commands. Commands were labeled so that we can refer to them conveniently.
The minimal arguments required for the MQTT clients are: the broker IP address, the topic name and for the publishing clients, the message. Assuming that we already have an MQTT broker running on 127.0.0.1 (localhost), the command below will listen to all messages published to a topic named ‘edison/hello’
1 |
sub 3> mosquitto_sub –h localhost –t edison/hello |
To publish to the topic ‘edison/hello’:
1 |
pub 3> mosquitto_pub –h localhost –t edison/hello –m “Message |
When the MQTT broker receives the publication to topic ‘edison/hello’ with the message ‘Message#1: Hello World’ from the publishing client (pub3), it scans for subscribers that was listening to the topic ‘edison/hello’. Having found that the subscribing client, (sub3) was listening to the same topic, the MQTT broker forward the message to (sub3). When subscribing client (sub3) receives the message, it echo the message content to the terminal window. In the (sub 3) and (pub 3) commands, the default MQTT port number was implicitly assumed to be 1883 and was not specificed on the commandline. In (sub 4) and (pub 4) commands, the port number is explicitly provided. In (sub 5) and (pub 5) commands, the option ‘-v’ was added to the subscription argument to enable printing of the topic name as well as the message. This will be useful when subscribing to multiple topics using wildcards. The subscription client is persistent, so that additional messages published to the topic ‘edison/hello’ in command (pub 6) will be seen by the subscription client.
The default MQTT broker behavior is to discard the message as soon as it was delivered to subscribing clients. When a new topic ‘edison/hello1’ was published by client (pub 7), subscribing client (sub 5) was listening to the topic ‘edison/hello’, hence was not informed. The subscribing client then subscribes to the new topic (sub 6), the previous message published to the topic ‘edison/hello1’ was already discarded. It will receive subsequent publish to ‘edison/hello1’ topic as shown in command (pub 8). There are additional options to tell the MQTT broker to retain the last message published to a topic as well as other QOS (Quality of Service) directives on how messages should be delivered by the broker. More details on these capabilities can be found at the MQTT Wiki site.
Depending on the configuration of the ports, additional arguments may be needed. We will discuss these later in this document.
Subscribing to multiple MQTT topics
Usually, one would have an MQTT client subscribing to multiple topics from a publisher and perform certain action based on the message received. It is worth a few words discussing how MQTT topic are organized.
MQTT topics are organized in a directory structure with the ‘/’ character used to indicate sub-topics. The listing below are examples of various topics:
1 |
Temperature/Building1/Room1/Location1 |
2 |
Temperature/Building1/Room1/Location2 |
3 |
Temperature/Building2/Room2 |
4 |
Temperature/Outdoor/West |
5 |
Temperature/Outdoor/East |
A subscribers can subscribe to one single topic, such as ‘Temperature/Outdoor/West’ or to multiple topics using wildcards. There are two wildcard characters in MQTT ‘+’ and ‘#’. The ‘+’ wildcard is used to subscribe to topics at the same hierarchical level. The ‘#’ wildcard is used to subscribe to all sub-topics below the specified topics. For example, subscribing to the topic ‘Temperature/#’ will return result when any of the topics in above list have a new message. Subscribing to ‘Temperature/+’ will return only ‘Temperature/Average’ since all other entries are sub-topic. More details on MQTT data organization can be found on the MQTT wiki site.
Configuring a secured Mosquitto broker
There are basically 4 methods to connect a MQTT client to the Mosquitto server.
- Open port or no security. This is a convenient method to develop and test MQTT devices before deployment. Data transmission between broker and client are transmitted in plain text and can be snooped on by anyone with the right tool.
- User and password protection. This is used basically to authenticate a client to the broker. It doesn’t encrypt the data transmission.
- TLS-PSK encryption. Clients and broker possess a shared secret key that they used to negotiate a secure connection. This is available in Mosquitto version 1.3.5 or later.
- SSL encryption. This is the most advanced encryption and authentication scheme available in the Mosquitto MQTT distribution. With SSL encryption, one needs to obtain a server certificate from a trusted Certificate Authority (CA) such as Verisign or Equifax. Often, for testing, one can create a self-signed certificate that can then be used to sign the server certificate. This encryption method, while more secured, is cumbersome to implement as it requires all client devices to be provisioned with the correct certificates and mechanism for in-the-field upgrade must be developed to keep the certificate versions between clients and broker in sync.
To configure a secure Mosquitto MQTT broker, use the configuration directives shown below. The certificate we used in this case is a self-signed certificate for testing purpose and should not be used in production servers.
02 |
password_file /home/mosquitto/conf/pwdfile.txt |
09 |
pid_file /home/mosquitto/logs/mosquitto.pid |
11 |
persistence_location /home/mosquitto/db/ |
12 |
log_dest file /home/mosquitto/logs/mosquitto.log |
17 |
psk_file /home/mosquitto/conf/pskfile.txt |
25 |
cafile /home/mosquitto/certs/ca.crt |
26 |
certfile /home/mosquitto/certs/server.crt |
27 |
keyfile /home/mosquitto/certs/server.key |
The file, pwdfile.txt, is a password file, encrypted in similar manner as the Linux password file. It is generated by using the mosquitto_passwd utility that comes with the Mosquitto software. The file pskfile.txt, is the pre-shared password file to be used in a TLS-PSK connection. The format of this file is a text file of one user:password pair per line. The passwords used for TLS-PSK must use only hexadecimal characters and are case insensitive. Sample of the password_file and psk_file is shown below.
1 |
/* sample Mosquitto password_file */ |
2 |
user:$6$Su4WZkkQ0LmqeD/X$Q57AYfcu27McE14/MojWgto7fmloRyrZ7BpTtKOkME8UZzJZ5hGXpOea81RlgcXttJbeRFY9s0f+UTY2dO5xdg== |
3 |
/* sample Mosquitto PSK file */ |
5 |
user2:DEADBEEF0123456789ABCDEF0123456789abcdef0123456789abcdef0123456789abcdef |
Incorporating MQTT into an IoT Sensor
Since the Edison board is really a Linux board that ran an Arduino sketch as one of its processes, we will leverage the existing Mosquitto MQTT package we previously built. Within the Arduino sketch, we will simply use Linux programming facilities to call the ‘mosquitto_sub’ and ‘mosquitto_pub’ programs. There are several advantages to this approach:
- We don’t have to rewrite the MQTT clients for Arduino. The Mosquitto MQTT package is a well- accepted and well-tested piece of software. We only need to create a wrapper class to enable usage within an Arduino sketch.
- The Mosquitto MQTT clients are capable of secured connections using SSL. The small microcontroller in a generic Arduino, on the other hand, simply cannot handle the computational demands of SSL.
- When a different or better MQTT software package is found or a newer version of the existing MQTT software is released, we can re-use most of the existing code and only add new code to leverage new capability of the new package.
The MQTTClient Class
Since the Intel Edison board is a full-fledged Linux operating system, all of the Linux programming facilities are available to our Arduino sketches. We will create a wrapper class called MQTTClient that will be used in the sketch. Within the MQTTClient methods, we will use Linux system calls to invoke the mosquitto_suband mosquitto_pub program that will perform the actual MQTT data transfer for us. Below is the class definition for a minimalist MQTTClient.
08 |
#ifndef __MQTTClient_H__ |
09 |
#define __MQTTClient_H__ |
14 |
enum security_mode {OPEN = 0, SSL = 1, PSK = 2}; |
21 |
void begin(char * broker, int port, security_mode mode, |
22 |
char* certificate_file, char *psk_identity, char *psk); |
23 |
boolean publish(char *topic, char *message); |
24 |
boolean subscribe(char* topic, void (*callback)(char *topic, char* message)); |
30 |
void parseDataBuffer(); |
35 |
char certificate_file[64]; |
36 |
char psk_identity[32]; |
37 |
char psk_password[32]; |
42 |
void (*callback_function)(char* topic, char* message); |
To use the class, one starts with creating an MQTTClient object, then use MQTTClient::begin() to initialize various variables that MQTTClient::subscribe() and MQTTClient::publish() will use to connect with the MQTT broker. These variables are:
- mqtt_broker: name of the MQTT broker. This can be an IP address or a DNS name. For this article, we’ll use ‘localhost’ as the broker is running on the same Edison board as the Arduino sketch. If the Edison board was configured to use static IP address, this address can be used instead.
- serverPort: the port to be used. We configured 3 different ports on the Mosquitto broker with different security policy:
- Port 1883 is the MQTT default port that is open to all clients.
- Port 1994 is configured as a secured SSL port. User must supply an SSL certificate from the CA that issued the server certificate.
- Port 1995 is configured as a secured TLS-PSK port. Users access this port with a user identity and a pre-shared password.
- mode: security mode to use. Currently, security mode can be one of OPEN, SSL or PSK. Depending on the selected security mode, the certificate, user identity and pre-shared password are supplied with the rest of the method’s arguments. Arguments that are not applicable to the selected security mode are ignored.
To subscribe to a topic, one calls MQTTClient::subscribe() with a topic name and a callback function to be invoked when a new message is available. To publish to a topic, one calls MQTTClient::publish() and supply a topic name and message to be publish.
For both subscribe and publish method, the appropriate command string to invoke either mosquitto_sub ormosquitto_pub is formed using the method’s arguments and stored parameters. A Linux pipe is then opened and the command string is executed with results piped back to the Arduino sketch. When publishing, the pipe is immediately closed after the message was sent. When subscribing, the pipe need to be kept open so that new data can be received. Within the Arduino sketch, one needs to periodically check the pipe to see if there is any new data. The MQTTClient::loop() method was designed to check for data in the pipe and invoke the callback function to process new messages. Because the Linux pipe will block if the pipe is empty when checked, we’ve made the pipe non-blocking so that the MQTTClient::loop() method will return if the pipe is empty. Pseudo-code below shows typical usage of the MQTTClient class.
01 |
#include <MQTTClient.h> |
02 |
#define SAMPLING_PERIOD 100 |
03 |
#define PUBLISH_INTERVAL 30000 |
05 |
MQTTClient mqttClient; |
08 |
mqttClient.begin(“localhost”,1833,PSK,NULL,”psk_user”,”psk_password”); |
09 |
mqttClient.subscribe(“edison/#”,myCallBack); |
12 |
void myCallBack(char* topic, char* message) { |
16 |
unsigned long publishTime = millis(); |
19 |
if (millis() > publishTime) { |
20 |
publishTime = millis() + PUBLISH_INTERVAL; |
21 |
mqttClient.publish(“edison/sensor1”,”sensor1value”); |
22 |
mqttClient.publish(“edison/sensor2”,”sensor2value”); |
24 |
delay(SAMPLING_PERIOD); |
The variable “SAMPLING_PERIOD” determines the frequency the code will check for new messages and should be chosen such that a new message that will cause some action from the sketch will not arrive too late for meaningful actions. Most of the time, MQTTClient::loop() method will return quickly and there is minimal overhead in sampling the loop frequently. The publication interval is determined by the variable“PUBLISH_INTERVAL” and should be chosen at the appropriate data rate for the given sensor e.g. a temperature sensor may publish its value once a minute if it is merely for informational purpose while a smoke sensor may want to update its result every few seconds so that a subscriber listening to the smoke sensor messages will have a chance to act before it is too late.
An implementation of the MQTTClient class is shown below.
002 |
#include "MQTTClient.h" |
008 |
MQTTClient::MQTTClient() |
011 |
MQTTClient::~MQTTClient() |
015 |
void MQTTClient::close() |
024 |
void MQTTClient::begin(char *broker, int port, security_mode smode, |
025 |
char* cafile, char *user, char *psk) |
027 |
strcpy(mqtt_broker, broker); |
031 |
strcpy(certificate_file, cafile); |
033 |
else if (mode == PSK) { |
034 |
strcpy(psk_identity, user); |
035 |
strcpy(psk_password, psk); |
037 |
Serial.println("MQTTClient initialized"); |
038 |
Serial.print("Broker: "); Serial.println(mqtt_broker); |
039 |
Serial.print("Port: "); Serial.println(serverPort); |
040 |
Serial.print("Mode: "); Serial.println(mode); |
046 |
boolean MQTTClient::subscribe(char* topic, |
047 |
void (*callback)(char* topic, char* message)) |
051 |
if (mqtt_broker == NULL) { |
058 |
callback_function = callback; |
062 |
"mosquitto_sub -h %s -p %d -t %s -v", |
063 |
mqtt_broker, serverPort, topic); |
067 |
"mosquitto_sub -h %s -p %d -t %s -v --cafile %s", |
068 |
mqtt_broker, serverPort, topic, certificate_file); |
072 |
"mosquitto_sub -h %s -p %d -t %s -v --psk-identity %s --psk %s", |
073 |
mqtt_broker, serverPort, topic, psk_identity, psk_password); |
078 |
if ((spipe = (FILE*)popen(cmdString, "r")) != NULL) { |
080 |
int fd = fileno(spipe); |
081 |
int flags = fcntl(fd, F_GETFL, 0); |
083 |
fcntl(fd, F_SETFL, flags); |
084 |
strcpy(topicString, topic); |
