Hi,
I’m wondering if bundles could be restartet by a trigger automatically.
In OH1 I had some helper shell scripts, which forced the reload of a binding, if it failed (monit watched the oh logs and made a “touch /path/to/binding”).
Is there a chance to get a bundle restart automatically, maybe by a shell script?
This might be no more needed in OH2 (when all bindings work as excpected), but I prefer a selfhealing attempt.
As karaf allows ssh, you can run karaf commands directly from your shell script, e.g.
ssh openhab@127.0.0.1 -p 8101 bundle:restart 206
would restart the bundle with id 206. If you want to get around ssh asking for password, you can install sshpass if you are using a linux based system.
Of course you would need to know the ID of the bundle (or add on) that you want to restart, which you could get for example with a bundle:list | grep 'ZWave Binding' | cut -c1-3 etc
That’s what I’m doing now (maybe it’s usefull for someone):
I use openssh key as I want a passwordless interaction.
mkdir /var/lib/openhab2/.ssh cd /var/lib/openhab2/.ssh ssh-keygen -t dsa -f openhab.id_dsa cd .. chown -R openhab:openhab .ssh ; chmod 700 .ssh
Import the public key (openhab.id_dsa.pub) into /var/lib/openhab/etc/keys.properties like
openhab=AAAAB3NzaC1kc3M...XWKpeyW789IBpcZfyYQ=,_g_:admingroup
Be aware that the leading “ssh-key” and trailing “user@server” has to be omitted.
A login to the console should work now with
ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101
The excution of a karaf command should work with
ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 bundle:restart 209
The monitoring software monit could be used to monitor for ERROR in openhab.log and than e.g. restart a bundle. A monit-file could look lie this
check file openhab.log with path /var/log/openhab2/openhab.log if match "some string to match in openhab.log" then exec "ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 bundle:restart xyz"
Hope this helps.
This is brilliant.
Just putting this together, I can now restart the HomeKit binding from the commandline with:
ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 bundle:restart `ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 bundle:list | grep HomeKit | cut -c1-3`
which is pretty handy given the HomeKit binding seems to break every day or so
Dan
Hello Michael, I am new to OH2 and I have a binding that needs to be restarted if changes are made outside of OH2. I followed your instructions, but when I try to run the ssh command I still get prompted for a password. I have OH2 running on Ubuntu Server 16.04 and I installed OH2 using the apt-get command of the stable release. When creating the openhab.id_dsa file it prompted me to enter a passphrase which I have tried two different ways one: using the password for the OH-cli console and two: I left it blank, but both ways I get prompted for a password. If I enter the password for the console it works fine. I am not seeing what I am doing wrong here. Can you please shed some light on what I am not getting? Any help would be greatly appreciated.
Thanks John
Hi John,
the passphrase you are asked for during ssh key generation is to protect your private key. In your case you won’t protect your key with a passphrase, as this ssh-process would than need your interaction. So leave the key empty, just hit enter when your are asked for the passphrase.
You need to set the right file permissions for your key file and - I think - also for the directory.
So try to
chown -R openhab:openhab .ssh chmod 700 .ssh chmod 600 .ssh/openhab.id_dsa
The directory and key file should only be accessable by openhab user.
Hope this help.
Regards
Michael
Thank you for the very quick response. I will try that out and let you know. Thanks again.
OK so I created a dummy item of switch type and created a rule
rule "RestartBind"
when
Item LgTvRestart changed from OFF to ON
then
logInfo("RestartBind","RestartBind rule triggered")
var String results = executeCommandLine("/etc/openhab2/scripts/Restart.sh",1000)
logInfo("RestartBind", "Results from binding restart: " + results)
end
Then script is:
`ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 bundle:restart 208`
and the logfile:
2018-01-26 12:17:50.192 [INFO ] [e.smarthome.model.script.RestartBind] - RestartBind rule triggered
2018-01-26 12:17:50.251 [WARN ] [shd.server.session.ServerSessionImpl] - exceptionCaught(ServerSessionImpl[null@/127.0.0.1:38352])[state=Opened] IOException: Connection reset by peer
2018-01-26 12:17:50.295 [INFO ] [e.smarthome.model.script.RestartBind] - Results from binding restart: Host key verification failed.
So when the rule is triggered it runs the command and it getting Host key verification failed.
Any Thoughts?
Can you successfully execute
ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101
from the console?
You need in every case one manual ssh login to accecpt the host key.
No, I still get prompted for a password. Sorry for the delay, at work.
Just a last try, might be your sshd_config is misconfigured?
Do you find in /etc/ssh/sshd_config the parameter
PubkeyAuthentication yes
Yes PubkeyAuthentication is set to yes. When I try to open in the console this is the error message I get right before it asks for a password
`Warning: Identity file /var/lib/openhab2/.ssh/openhab.id_dsa not accessible: Permission denied.`
Now the first part of your instructions was done under the su account, because it kept failing and instead of typing sudo every time I just elevated to root. Could this be causing an issue?
I did notice in your path you have it going to openhab and I have openhab2. Could this be a difference between versions 1 and 2 or did you just type it wrong. Also what about nightly builds, I’m on a stable release, would converting to a nightly build make any difference?
The warning message suggests maybe my file permissions are not correct or there maybe something else in the ssh config file. I have not done anything with the openhab user except install OH2 and changed the password from the default. Is there anything else I should do with it?
This really looks like something that I could use and solve a lot of my issues, so I would love to get this configured correctly. I could even try reinstalling OH2 from scratch to see if that makes a difference. I have OH2 installed on a VM running on an ESXi server. I could easily spin up another copy to try something different. I’m new to OH, but I am far from a beginner and not afraid of messing things up. Like I said before this is built on a VM and I take snapshots regularly and did take one before starting this adventure.
Here is some more information on my setup, maybe it will help. In my lab I have an ESXi server with dual Xeon processers with hyper-threading, 48GB of RAM, each VM runs on it’s own SSD, 2 1 Gigabit NICs and 4 10 Gigabit NICs. So it’s not a lack of resources or bottlenecking.
OpenHAB is running on a VM which I allotted 2 core processor and 4GB RAM. It runs on Ubuntu Server 16.04 LTS and I have openssh server, Zulu 8 and openhab installed. I only have a few bindings installed, the LGTV binding which is what I am trying to configure, the HomeKit Integration for Alexa and the openHAB Cloud Connector for remote access.
I like to configure one binding at a time just incase I mess something up. After each step I take a snapshot so I can go back to that point without having to redo everything over.
Well, the error tells all what you need. openhab can not access the key
file, so take care that this is possible. If you know linux, you should
know how to use chmod and chown commands. It should look like this (if
you use the user openhab):
ls -la /var/lib/openhab2/.ssh/openhab.id_dsa
-rw------- 1 openhab openhab 668 Okt 17 08:05
/var/lib/openhab2/.ssh/openhab.id_dsa
I have been using Linux for a couple years now. I am by far an expert, but I know enough to get by. When I run the command other than the date it’s the same thing.
-rw------- 1 openhab openhab 668 Jan 26 19:51 /var/lib/openhab2/.ssh/openhab.id_dsa
When I run the command just on the .ssh directory I get:
total 16
drwx------ 2 openhab openhab 4096 Jan 26 19:51 .
drwxr-xr-x 12 openhab openhab 4096 Jan 26 19:50 ..
-rw------- 1 openhab openhab 668 Jan 26 19:51 openhab.id_dsa
-rw-r--r-- 1 openhab openhab 602 Jan 26 19:51 openhab.id_dsa.pub
root@OpenHAB:/home/goug# ls -la /var/lib/openhab2/.ssh/openhab.id_dsa
So the openhab user has the correct permissions so I am at a lost. I’m going to try a few things and try to spin up a new copy and see where that takes me.
I do applicate all of the help and guidance you provided me. I will let you know if I can get this working. Thanks again!
What does your ssh login show. Look at mine, maybe you find a hint:
ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 -v
OpenSSH_6.7p1 Debian-5+deb8u4, OpenSSL 1.0.1t 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8101.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/lib/openhab2/.ssh/openhab.id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/openhab.id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u4
debug1: Remote protocol version 2.0, remote software version SSHD-CORE-1.6.0
debug1: no match: SSHD-CORE-1.6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA e9:c4:ac:21:80:e6:0c:8b:fc:ae:1e:ed:9d:35:dd:72
debug1: Host ‘[127.0.0.1]:8101’ is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:24
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: keyboard-interactive,password,publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: imported-openssh-key
debug1: Authentications that can continue: keyboard-interactive,password,publickey
debug1: Offering DSA public key: /var/lib/openhab2/.ssh/openhab.id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: Authentication succeeded (publickey).
Authenticated to 127.0.0.1 ([127.0.0.1]:8101).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8__ _____ ________ ____ ___ ____ / / / / | / __ )
/ __ / __ / _ / __ / // / /| | / __ |
/ // / // / __/ / / / __ / ___ |/ // /
_/ ./_// /// /// |/___/
/_/ 2.2.0-SNAPSHOT
Build #1075Hit ‘’ for a list of available commands
and ‘[cmd] --help’ for help on a specific command.
Hit ‘’ or type ‘system:shutdown’ or ‘logout’ to shutdown openHAB.openhab>
It looks like it’s looking in my home directory for the identity file instead of the .ssh directory
goug@OpenHAB:~$ ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 -v
Warning: Identity file /var/lib/openhab2/.ssh/openhab.id_dsa not accessible: Permission denied.
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8101.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/goug/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version SSHD-CORE-1.6.0
debug1: no match: SSHD-CORE-1.6.0
debug1: Authenticating to 127.0.0.1:8101 as 'openhab'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:axMwMQ5dz0Sr4gsUxJGdB1et9GoFVLKC7Oni7QrPVH8
debug1: Host '[127.0.0.1]:8101' is known and matches the RSA host key.
debug1: Found key in /home/goug/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: keyboard-interactive,password,publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/goug/.ssh/id_rsa
debug1: Trying private key: /home/goug/.ssh/id_dsa
debug1: Trying private key: /home/goug/.ssh/id_ecdsa
debug1: Trying private key: /home/goug/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password authentication
Password:I think this all steams back from creating the directory and what not using the root user. I am going to roll it back and try all of this again.
Here is the log when I run the same command as root.
root@OpenHAB:/home/goug# ssh -i /var/lib/openhab2/.ssh/openhab.id_dsa openhab@127.0.0.1 -p 8101 -v
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8101.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /var/lib/openhab2/.ssh/openhab.id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /var/lib/openhab2/.ssh/openhab.id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version SSHD-CORE-1.6.0
debug1: no match: SSHD-CORE-1.6.0
debug1: Authenticating to 127.0.0.1:8101 as ‘openhab’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:axMwMQ5dz0Sr4gsUxJGdB1et9GoFVLKC7Oni7QrPVH8
debug1: Host ‘[127.0.0.1]:8101’ is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: Skipping ssh-dss key /var/lib/openhab2/.ssh/openhab.id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: keyboard-interactive,password,publickey
debug1: Next authentication method: publickey
debug1: Next authentication method: keyboard-interactive
Password authentication
Password:
Notice how it looks for the identity file in the .ssh directory and not my home folder.
Is openhab’s home dir /var/lib/openhab2? Look for it in the /etc/passwd.