In a couple of weeks I will be installing OH2.2 Stable on a New Install of 64 Bit Debian Stretch running on an Intel i3-7100u, and wonder whether running OH in Docker would be worth doing. Currently I have all programs residing happily together on 2 Pi’s and whilst I like the idea of being able to backup OH in a similar way to imaging an SD Card, I hear there is an excellent backup solution called Amanda in OpenHABian that does a similar job. I will be making most of the file system read only with logging and persistence in RAM to save the SSD from an early death. I also intend OpenHAB querying the SSD Smart attributes from time to time, so I can spot any excessive SSD wear.
Can someone with experience of OH and Docker tell me whether it would be worth using?
My list of programs are:
32Bit Zulu, hosting OpenHAB - I’m assuming the 64Bit version still doesn’t play nicely with USB Serial devices?
NGINX
Mosquitto
LIRC
Node.js
Python 2.7
Open Energy Monitor, which includes MYSQL and PHP Databases, and is served by Apache
Plugged into the machine will be:
Aeon Labs Z-Stick
IguanaWorks USB IR Sender
Phidgets USB Arduino Hub Device to query a couple of analogue devices.
RFXCOM Transceiver
Current Bindings are:
Astro
Exec
Expire
Hue
Mail
MAPDB
Network
iCloud
MQTT
Owntracks
RFXCOM
Samsung TV
Weather
WEMO
Z-Wave
It depends on how flexible you want to be an/or how locked down you want to be.
For example, it is pretty trivial to set up everything in Docker so the only way to get to your OH UIs is through the reverse proxy. There are other configuration options you have that will lower your attack surface as well.
Day to day I find running OH and surrounding services in containers to be no more or less difficult than using apt-get installed ones with the exception of upgrades and there is a PR right now to make upgrades seamless too. I find it convenient to have everything in one set of folders so I can check in my conf and jsondb files into my git repo without needing to repos or to mess with symlinks.
I don’t know how well Amanda works for non-SBCs so check whether that is viable for your setup.
SD cards are prone to wearing out from writes. SSDs, based on heavy testing in server farm environments have proven to have the same or longer lifespans compared to HDDs. So if you truly do have an SDD, don’t bother with the read only setup. SDDs use a different technology and are not as prone to wearing as SD cards.
I administer everything using Ansible which makes deploying OH in Docker a breeze. Downloading an image and starting a container with the desired parameters is a single command in my Ansible role. It would be a bit more using apt-get and I don’t think I could use openHABian at all.
Docker makes it very easy to spin up multiple instances of OH to help debug or test out a new binding or upgrade without taking down your production instance.
There is only one thing to watch it for. The Exec binding is basically useless. The image has next to nothing installed, by design, so you are unlikely to be able to use external scripts like you want. I use sensorReporter for that, a little python service I can send mqtt messages to to execute a script and return the result.
Thanks for the information, attack surface is something I hadn’t considered and I’ll do some further googling, it may make more sense to run NGINX and anything else that’s internet facing in a container, and run OH on the underlying OS if that’s possible to preserve functionality.
Losing the functionality of executeCommandline is probably something I can’t easily do without, especially when you add in the USB stuff I’ll have plugged into it that mainly relies on shell commands to access,
