How to restart binding with in rules?

I try to copy /.ssh to ~openhab/.ssh but fail in the process. A step by step guide would be great :slight_smile:

Follow the steps in the link.

Try running it with excuteCommandLine and log what is being written by the script. This will tell you what the problem is and give you a clue how to solve it.

User openHAB IS running it when it is executed by openHAB. That’s the point. It’s a different user than when you run the script from the command line. This is almost always the source of problems with exec.

Everyone’s setup is different making a step by step all but impossible.

I’ve already posted my openhab.log after executing python script containing executeCommandLine.
I get :

[WARN ] [shd.server.session.ServerSessionImpl] - exceptionCaught(ServerSessionImpl[null@/127.0.0.1:40886])[state=Opened] IOException: Connection reset by peer

I’ve followed the steps in the link, copied .ssh files from openhabian to openhab, but no changes in my results :frowning:
As I can run the command from terminal using openhabian user, I now need to make openhab user permissions to run it to solve my problem.
The exec guide is very good and well written, but I can’t get my head to fully understand how to do this :blush:

Like I already said. You need to use executeCommandLine from a rule and log out what the python script is writing out.

For the purposes of solving your problem, that log statement is irrelevant.

I’m sorry Rich, I feel very stupid :smiley: I understand what you mean now. I have generated another rule now with log out from my script. this is what’s returned:

2017-09-18 18:41:36.517 [INFO ] [lipse.smarthome.io.net.exec.ExecUtil] - executed commandLine '/etc/openhab2/scripts/restartspotify.py'
2017-09-18 18:41:36.568 [INFO ] [ipse.smarthome.model.script.execTest] - 
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
sudo: no tty present and no askpass program specified

AND now I have managed to corrupt my sudoers file :frowning: the openhabian user is no longer part of sudo group. and I have no privileges to do anything to fix this
 Would really like to avoid reinstalling my entire setup, due to privileges issues though :blush:
Have tried almost everything i’ve found on google, without luck

used these tips:

I get this:

openhabian@openHABianPi:~$ sudo openhabian-config
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Oh boy. You are pretty thoroughly hosed. Not impossibly hosed but your system is in dire straights. Messing up sudoers on a no-longinable-root account system is probably second only to rm -rf / and tied with sudo chmod -R a-x / in single commands that can almost completely disable a system.

In the future and all you future readers of this thread:

ONLY EDIT sudoers USING visudo!

I speak from experience.

You need to boot into some other OS, mount the file system from your server, and re-edit sudoers to make it valid. I have no idea what could be wrong with it. It might just be the file permissions (it should be read/write for root only and no permissions for everyone else).

Since you are running openhabian, you might be able to do this easily if you have a Linux machine or VM that you can mount the SD card to. You can then use visudo -f /path/to/sdcard/sudoers/file. If you have a spare card and USB SD card reader, you might be able to put a stock raspbian on a new SD card and mount the old SD card from the USB reader.

If not, you need to decide if it is going to be more work to set up an environment where you can mount the SD card’s file system or just rebuild the OS from scratch. Of course, if you have files you need off of that SD card, you will have to do this anyway if you don’t have recent backups.

I had an Ubuntu server that I messed up sudoers on and had to boot into a live CD, chroot, and then edit using visudo in order to get my system back. Hopefully, you will have an easier time of it.

BUT, you are on the right track in solving your original problem. :wink:

1 Like

I think I got it done almost.
However, when I call:

sudo -u openhab ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_dsa openhab@localhost

I always get the request for entering the passphrase.
How to get rid of this?

Did you configure karaf to use the cert by adding the public key to keys.properties?

Also, I notice you are using dsa. In another thread some users have discovered that karaf doesn’t like dsa and prefers rsa certs.

Thanks, Rich

I did the same stuff again with rsa:

sudo -u openhab ssh-keygen -t rsa -f openhab.id_rsa -N openhab

and have put the result from openhab.id_rsa.pub into /srv/openhab2-userdata/etc/keys.properties:

openhab=AAAAB3....xyz,_g_:admingroup

sudo -u openhab ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost

It does not ask for the password anymore, but for the passphrase (specified by -N above).
How to get rid of this?

Two questions:

  1. Will this be different, when running the command from OH’s rules (I am the real “openhab” user)?
  2. Is this related to the location of the key files? Means, do I need to put them into a specific folder?

EDIT:
Answer to 1 is NO:

2017-11-30 08:40:33.755 [INFO ] [.smarthome.model.script.system.rules] - Karaf_output: Password authentication^M
Password authentication^M
Password authentication^M
Permission denied, please try again.^M
Permission denied, please try again.^M
Permission denied (keyboard-interactive,password,publickey).

EDIT II:
If I generate the key without a passphrase, it seems to be working in the console:
sudo -u openhab ssh-keygen -t rsa -f openhab.id_rsa
(just confirm with enter if passphrase is requested)
entering karaf without password works:
sudo -u openhab ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost
Next I will test it from the rule

When you created the keys, did you supply a password? If I understand what you’ve done so far, if you applied a password to your private key then you will have to enter that password every time you need to authenticate against your public key (i.e. when you log in via ssh), which you discovered in your EDIT II.

Glad you got it to work. I am pretty sure it should work from a rule as well now.

It does work on the console with:
ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost 'bundle:restart org.openhab.binding.netatmo'

I hope it will do so from OH2 as well


Thanks for your help

Sorry, I did not answer your question.

Yes, previously I provided a passphrase with -N, but after I did it again without it, I was able to run it from bash.

However, it does not run from within OH - and it does not provide any response (same like running it from bash).
I guess I need to go to DEBUG level for all Karaf relevant packages


EDIT:
I tried this as well - no change:
executeCommandLine("ssh@@-p@@8101@@-i@@/home/openhab/karaf_keys/openhab.id_rsa@@openhab@localhost@@'bundle:restart org.openhab.binding.netatmo'", 6000)

Are you catching and logging the output?

val results = executeCommandLine(...
logInfo("testing", results)

What do you see if you run:

sudo -u openhab ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost 'bundle:restart org.openhab.binding.netatmo'

That’s actually the problem - The command is executed and restarts the binding, but does not give any feedback:

[07:21:58] openhabian@Homer:~$ sudo -u openhab ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost 'bundle:restart org.openhab.binding.netatmo'
[07:22:17] openhabian@Homer:~$

I also set some karaf related bindings to DEBUG, but this does not show any DEBUG entry in openhab.log:
57 | Active | 80 | 4.0.8 | Apache Karaf :: Wrapper :: Core
110 | Active | 80 | 0.9.0.b5 | Eclipse SmartHome Console for OSGi runtime Karaf
167 | Active | 80 | 2.1.0 | openHAB Karaf Integration

EDIT:
Obviously there is a difference if I switch “really” to openhab user and run from there:
sudo su (to switch to root)
su openhab
this time I ran:
ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost

and confirmed:
Warning: Permanently added ‘[localhost]:8101’ (RSA) to the list of known hosts.

However, it did not change something (from rule it’s still not doing anything)

I don’t really have anything else to offer in teens of help. My experience with exec binding and executeCommandLine one guess so far.

Does it work if you put the commands into a script and executed the script?

Thanks anyway - your help is greatly appreciated.
I guess you are the one with (by far) the most responses to any kind of problems.

So again - thanks for your patience and endurance :slight_smile:

You have been right:
It does NOT work with:
executeCommandLine("/usr/bin/ssh -p 8101 -i /home/openhab/karaf_keys/openhab.id_rsa openhab@localhost 'bundle:restart org.openhab.binding.netatmo'", 6000)

but it DOES with the same stuff in a script:
executeCommandLine("/etc/openhab2/scripts/restartNetatmo.sh", 7000)

Now I remember, that I struggled a lot with the same inconsistant behavious, when I started with OH.
I am wondering, why this general issue is still present


Because it is exceptionally difficult to execute command line scripts from Java and have it behave consistently across all operating systems and platforms.

1 Like

I have permission issues:
Execution failed (Exit value: -559038737. Caused by java.io.IOException: Cannot run program “/etc/openhab2/scripts/renewFritzBoxWANIP.sh” (in directory “.”): error=13, Permission denied)

any idea?

Works with:

executeCommandLine(“bash /etc/openhab2/scripts/renewFritzBoxWANIP.sh”, 7000)