On systems of this complexity I would expect to have a process to display running scripts with a way to view the script and terminate the script if needed.
We should be able to see who invoked the script, its parent script and how long it has been running.
Is this in the debugging section or something that has not been implemented.
In my case today I am the only person interacting directly with openhab and for me I shut down the server to kill whatever scripts were still running. However what if I had a bad actor on my network who was doing a DOS attack on the server. No better way to disable a Openhab security/control system than overload the server.
There are events generated when a rule runs and when it returns to IDLE. You can enable those to be logged out to events.log by changing the logging level for openhab.event.RuleStatusInfoEvent.
Keep in mind that only one instance of and OH rule can run at a time. So if a rule triggers again while it’s currently running, that trigger is queued up until the running rule exits.
Note that the event bus that drives openHAB does not track the origin of the events. So there is no way to track “who” triggered a rule to run (i.e. what was the source of that event). But it’s usually not too hard to correlate events with what’s going on with rules.
Finally, remember that the “H” in openHAB stands for “Home”. openHAB is not designed nor is it suitable for use in industrial and in many cases commercial environments. And in my opinion which is shared by others, OH is also not suitable as a security system.
I know lots of people use OH in these ways but OH lacks many controls, security controls, and determinacy features that would be required in these environments.
And it’s far more likely that an attacker would just jam your WiFi/Zigbee/Zwave bands to DOS your system. No knowledge of OH required and no need to somehow hack into your WiFi to reach OH in the first place.
So, for now at least, if you have a bad actor on your network, you’ve got bigger problems than a DOS on your openHAB instance. If you’ve exposed your openHAB outside you local network, then you probably shouldn’t have done that in the first place. If you are concerned about someone blocking OH’s security system features it might not be the best choice to implement those features.
Everyone needs to make their own risk assessment and choose a solution accordingly.
Thank you, I used to work in medical research and I so could have used openhab to control our 16 linux servers.
As for me knowing what my scripts are doing, well I went back to basics and some of the first lessons we learn in programming classes and that is to use write to operator statements or WTO.
WTO’s are what large data centres use to communicate something to ops. So I created an item. Have a rule to set it back to empty at midnight. So in my script it just sends text to the item periodically at various steps of the script so then I can add that item to a page and now I know what my script thinks it is doing.
As for a dos attack oh the best one I saw was someone plugged a dhcp server into one of the largest hospitals in Sydney Australia, totally crashed their network for hours including the Emergency department. I know this because we all got an email threatening us with terrorism charges for the next fool to do that stunt.
Well, my main point in my reply is that openHAB really isn’t suitable for use in this sort of environment. For one, it’s simply not built with concepts like WTO, transactions, heck we can’t even guarantee order of operations. If two events come in really close together, we cannot guarantee that the one that arrived first is processed first.
And it’s frankly not a great tool to control servers either (better look to something like Zabbix or Prometheus or Nagios or the link). Can OH do some stuff in this space? Sure and I do so myself in some cases where knowing whether or not a server or service is online and working could change the home automation (e.g. send an alert after requesting the garage door opener to trigger but the RPi that connects to the relay is offline). But for whole network and device monitoring and control, I use Zabbix which I’m reasonably happy with.
I am starting to get used to the issues Openhab has and they are not party stoppers. When I was working in medical science I wrote my own scheduler and queuing system to process medical data on 15 servers. The scheduler was wrote in one PHP file, stored its state in a mysql database and used mysql to community back and forward with the servers on the network.
So with Openhab and MQTT we have the platform, so what we are missing is what we call profesionally SDSF and OPC, that is spool display and search facility and operator program control.
So why did I pick PHP, well it was because we used that for our website and if I was run over by a bus then any fool who replaced me should know php.
So far openhab is basically ticking boxes and I am looking forward to making use of it in our business. Open thing I am looking to implement on my server is a dead man switch, so I will periodically write something to an item that a wemos d1 mini polls to see if the server is alive. If the wemos does not detect the server heart beat then it will ground the reset line on the server forcing it to reboot. So that should deal with server hangs.
Well, SDSF doesn’t really apply to OH since it’s an event driven system, not a job based system (way back in the day I spent a lot of time writing JCL on IBM mainframes). OH doesn’t even have the beginnings of a concept of a “job” to apply. OPC is a set of industrial standards I’ve most frequently used in SCADA applications and, as I said OH would be unsuitable to be used in anyway.
That’s not to say that OPC would be out of the question for OH, but given the problem space OH addresses I can’t imagine anyone taking the time to implement it.
Since you mention you are using MQTT, why not let the MQTT Broker handle that. OH can publish a retained “ONLINE” message to the LWT topic (I’ve even written the rule for you. Configure the MQTT Broker Thing register with the broker to publish “OFFLINE” as retained in the LWT config. When OH disconnects from the MQTT Broker, the Broker will publish OFFLINE and your wemos can subscribe for that and take action as appropriate.
Since the wemos needs to poll anyway, have it ping the openHAB port(s) or even better http GET one of the API endpoints looking for a timely and reasonable response.
Note, if you are concerned about the rules stopping for some reason, I can say that I’ve never seen a report of this happening since OH 3.0 came out. Even in OH 2.x the only time rules would stop for users was when using Rules DSL.
The way that the rules work, if you somehow coded a rule that would run amok and never return it’s only that one rule that would be blocked. All the rest of your rules would continue running as normal. So even if you wrote a rule to post to an Item or something periodically as a heartbeat, all that would prove is that one rule is still running and therefore, by proxy OH itself is still running. But it gives you no insight into how the rest of your rules are running or if any are stuck.
But you would almost have to deliberately set up this sort of situation by either not using OH features (all the long running actions OH provides offer a timeout beyond which the command will fail instead of blocking forever) or setting up an infinite loop in a rule so it never returns. In all other cases the rule is going to run to completion or it’s going to error out.
So make sure you are trying to mitigate something that is actually a problem. In my experience, if OH itself is running, it’s rules will be running too.
I was porting routines from Alexa to Openhab and I screwed it up something shocking however with some persistence and simplifying my code I was able to sort out my issues. So my code ran perfectly this morning.
So back to my medical example, having come from a mainframe environment I put a sdsf/opc type interface on top of it because that was easy for us to see what had happened. However at the core of my system everything was event based. The system would do an action and then post the status to mysql. I had a simple set of rules that worked out what had happened and that trigger the next job which involved adding an entry to a mysql database.
So the server would check the database once every minute and see a new request and then update the entry to show it had been actioned and then it would trigger what task were required.
So where does Openhab come into this, well we need to see the status of the network, what computers are online, how much free memory they have, what is the CPU load. Is there an alert on the machine. Yes I needed to know this stuff in real time and why reinvent the wheel when I can just use openhab and then write my own code to do what openhab does not do.
I had problems with power outages at the hospital I was at because someone decided to put a coffee shop on the mains feeder that we were using and it took us a week of computer time to process one dataset from one patient. So I needed to write a script to reset the status of all running task to not started so automation would start the jobs again. However I needed a GUI for me to kick off that task. So I wrote a program where I could trigger house keeping routines.
Some of the new stuff I will be working on will be automating some manual processes by adding motors which will use wemos so basically it will be event based. What I am now doing is building up my openhab skillset so I can take on more complex task.
It sends emails on problems and monitors everything that I want it to including which services are running and which Docker containers are running. I can even have it monitor how many clients and message rates on Mosquitto if I wanted to. Heck, I could even hook it up to OH (since OH is Java) and get details down to how many threads are active and what Objects are taking up the most amount of memory and stuff like that. CPU, temp, hard drive health, memory utilization, all that stuff is in there. And while it was a little bit complicated to learn, it was way less work than trying to make openHAB do it, and I’ve been doing OH since 1.6. It’s mainly just a matter of applying templates to hosts to say “I want to monitor this stuff” and it’s there.
OH is good for home automation. It’s kind of crappy to use for IT infrastructure monitoring.
But it’s possible for Zabbix to call out to openHAB too so maybe the best is to use both.
I still need to get Zabbix to monitor my HAProxy endpoints and I want to get it to monitor the LWT topics on Mosquitto so I can keep track o my little microcontrollers scattered throughout the house.
Thank you for your feedback, Zabbix and Openhab are so exciting. These tools give us the ability to rapidly develop a system and bring it online which is critical in medical research because we need to be able to pivot when a new study is funded.
