Running thin-edge in a docker container & Using my own mosquitto broker

Hi, I’m in the process of create a containerized setup for thin-edge.

First of all, is there any documentation regarding running thin-edge and the services that comes with it in a container?

I’ve recently stumbled upon an issue where the thin edge services are trying to spin up a mosquitto broker, preferably I’d like to use my own in a separate container. But I can’t seem to find how I can prevent the start of the mosquitto broker. Major issue is that it’s attempting to use the default configuration for mosquitto, and that does not work well with running it in a container as it’s attempting to bind addresses it’s not supposed to do, causing errors.

@Simon55 Please refer to the below GitHub documentation to install the thin edge as container.

Sorry for the delayed response, I was preparing the example as the answer is slightly more involved.

In the tedge-demo-container project, we have recently added an example which matches what you’re asking.

But first a bit of of background on the initial goals of the tedge-demo-container repo. This repo was aimed at reducing the reliance on raspberry pi when users just want to explore We wanted to provide an environment which mirrored a debian based operating system, with all of the dependencies which are normally found on a full Debian installation, this included Systemd. The goal was not to create a “slim” container, but to create a containerized “device”.

However, we’ve added a new example recently which goes in the direction of a real “containerized” setup.

Have a look at the alpine-s6 folder in the tedge-demo-container project for the example you’re looking for.

The alpine-s6 example uses two containers:

  1. mosquitto container (using custom entrypoint script)
  2. alpine image running components and talks with the mosquitto hosted in the other container.

Now I must admit the setup is not yet perfect, but we are getting close. The sections below describes each of the containers used in the setup, and a few key points about them.

mosquitto container

The mosquitto container is slightly tricky as there needs to be some initialization before the mosquitto process starts up, though the exactly handling depends on your use-case, but it should give you an idea of one way to solve it, and you can adjust it to your needs.

But the key point of the mosquitto container is:

  • the bridge file/configuration and bridge certificates must be created before the mosquitto process starts

There are different ways to fulfill this requirement, and the solution generally depends on how you plan on injecting the device’s certificate into the container.

The example in the repository uses a customer entrypoint to solve this problem by blocking the startup of the mosquitto process until the device’s certificate and bridge configuration has been configured. This makes sure that when the mosquitto process starts up, it has all the information it needs to make a successful cloud connection. container

The container uses a light weight and container friendly init system called s6-overlay. This init system applies the “one container, one function” mindset (not “one container, one process”). This means that this container actually runs multiple processes in the same container, however since s6-overlay was designed from the ground up to work in containers, it plays nicely with environment variables, logging and container start/stop/restart commands.

You can check out the custom to see for yourself what is going on.

The container uses an external mosquitto client (communicating over the tedge docker network) to reach the mosquitto mqtt broker (running in the other container). You don’t need to run tedge connect c8y in this container, that is reserved for the mosquitto container.

Currently the container must a shared volume with the mosquitto container to gain read access to the public device certificate (as the certificate’s common name is the device’s identity when communicating with the cloud). Though this requirement will be removed in the future when this information will be made available via the MQTT interface.


Though it must be noted that extra configuration may be required to get some of the other features to work. For example, if you want to use the log file retrieval functionality, then you need to also make sure the container has access to the filesystem where the logs are stored. You can achieve this by sharing volumes with the container. The normal container best practice rules also apply, so you should not do any state manipulation inside the container itself (e.g. don’t install additional applications/services in the containers at runtime, instead add them to your container definition via the Dockerfile).

1 Like

Thanks so much for the thorough response!

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.