Skip to content

xs3-cert-tool

Xesar MQTT Broker Access Configuration

Section titled “Xesar MQTT Broker Access Configuration”

General information about access to the MQTT broker to interact with the interface can be found here.

Using the REST interface is simple, but it is kind of a standard issue and requires some thinking about startup sequence and timing of acquisition of the access configuration.

To address these issues we have built a statically linked tool: xs3-cert

At the repo you can find statically linked arm64 and amd64 Linux binaries that can obtain and store the access configuration with the client key and certificate.

This tool can also act as a launcher, so it’s useful launching your own service either through systemd or within a container.

This also makes it pretty easy to define a restart policy and automatically pull a certificate update :)

Local usage

Section titled “Local usage”
./xs3-cert get --params-file api.properties --outpath ./certs"

You can then use that configuration with an MQTT client like MQTTX:

MQTTX Client configuration.

api.properties

Section titled “api.properties”
USERNAME=<username>
PASSWORD=<password>
XS3_URL=<URL to Xesar>

systemd unit files

Section titled “systemd unit files”

You can use systemd to run your service and restart it fetching new certificates from the backend. This will also provide improved security for the certificates.

myservice.service
[Unit]
Description=My Service with Certificate Fetch
After=network.target
StartLimitIntervalSec=0


[Service]
Type=simple
Restart=always
RestartSec=1
User=root
ExecStart=/usr/bin/xs3-cert get --params-file api.properties --outpath /opt/myservice/  --start-process /opt/myservice/bin/myservice
WorkingDirectory=/opt/myservice
StartLimitBurst=1
StartLimitIntervalSec=60
KillMode=control-group
TimeoutStopSec=10
EnvironmentFile=-/etc/environment
EnvironmentFile=-/etc/xs3-cert/api.properties


[Install]
WantedBy=multi-user.target
myservice-restart.service
[Unit]
Description=Restart myservice service


[Service]
Type=oneshot
ExecStart=/bin/systemctl restart myservice.service
EOF
myservice-restart.timer
[Unit]
Description=Monthly restart of myservice binary


[Timer]
Unit=myservice-restart.service
OnCalendar=*-*-01 03:00:00


[Install]
WantedBy=timers.target

Container startup

Section titled “Container startup”
Dockerfile entry point
ENTRYPOINT [ "/service/xs3-cert", "get", "--params-file", "/etc/xs3-cert/api.properties", "--outpath", "/certs", "--start-process", "/service/service"]