After migration to OH3, my rules for restarting bundles and changing log-levels for bundles do no longer work. I did not find related info here in the forum.
What do I need to change, coming from working solution in OH 2.5?
Thanks for your suggestions.
Do you have a backup of your OH 2.5 setup ?
I assume that you use ssh command in your rule is that correct ?
Yes, this is correct. I use SSH.
I actually used a backup of my 2.5 system and restored it into the 3.0 system. But the exec-commands in my rules don’t execute. Renaming of directories might be part of the problem, I guess.
tail -f /var/log/openhab/openhab.log /var/log/openhab/events.log
2021-02-04 19:20:51.977 [INFO ] [org.openhab.core.model.script.System] - Shelly logging: INFO
2021-02-04 19:20:51.992 [WARN ] [rg.openhab.core.io.net.exec.ExecUtil] - Error occurred when executing commandLine '[sudo /usr/bin/ssh -p 8101 -i /home/openhabian/openhab.id_rsa
openhab@localhost log:set INFO org.openhab.binding.shelly]'
java.io.IOException: Cannot run program "sudo /usr/bin/ssh -p 8101 -i /home/openhabian/openhab.id_rsa
openhab@localhost log:set INFO org.openhab.binding.shelly": error=2, No such file or directory
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1128) ~[?:?]
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1071) ~[?:?]
at org.openhab.core.io.net.exec.ExecUtil.executeCommandLine(ExecUtil.java:59) [bundleFile:?]
at org.openhab.core.model.script.actions.Exec.executeCommandLine(Exec.java:40) [bundleFile:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1176) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1151) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._invokeFeature(XbaseInterpreter.java:1137) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeFeature(XbaseInterpreter.java:1082) [bundleFile:?]
at org.openhab.core.model.script.interpreter.ScriptInterpreter.invokeFeature(ScriptInterpreter.java:151) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:992) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:955) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:236) [bundleFile:?]
at org.openhab.core.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:226) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:216) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:459) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:240) [bundleFile:?]
at org.openhab.core.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:226) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:216) [bundleFile:?]
at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.evaluate(XbaseInterpreter.java:202) [bundleFile:?]
at org.openhab.core.model.script.runtime.internal.engine.ScriptImpl.execute(ScriptImpl.java:80) [bundleFile:?]
at org.openhab.core.model.script.runtime.internal.engine.DSLScriptEngine.eval(DSLScriptEngine.java:125) [bundleFile:?]
at org.openhab.core.automation.module.script.internal.handler.ScriptActionHandler.lambda$0(ScriptActionHandler.java:62) [bundleFile:?]
at java.util.Optional.ifPresent(Optional.java:183) [?:?]
at org.openhab.core.automation.module.script.internal.handler.ScriptActionHandler.execute(ScriptActionHandler.java:59) [bundleFile:?]
at org.openhab.core.automation.internal.RuleEngineImpl.executeActions(RuleEngineImpl.java:1179) [bundleFile:?]
at org.openhab.core.automation.internal.RuleEngineImpl.runRule(RuleEngineImpl.java:987) [bundleFile:?]
at org.openhab.core.automation.internal.TriggerHandlerCallbackImpl$TriggerData.run(TriggerHandlerCallbackImpl.java:89) [bundleFile:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.io.IOException: error=2, No such file or directory
at java.lang.ProcessImpl.forkAndExec(Native Method) ~[?:?]
at java.lang.ProcessImpl.<init>(ProcessImpl.java:340) ~[?:?]
at java.lang.ProcessImpl.start(ProcessImpl.java:271) ~[?:?]
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1107) ~[?:?]
... 35 moreIt’s a breaking change that was mentioned in the release notes. You’ll find lots of discussion if you search for “OH3 executeCommandLine”.
First modify your rules because of the changes of parameters of the executeCommandLine.
Then check again. In case the karaf console configs are replaced it could be that you need to insert the public ssh key again.
But the error messages in the log file are related to the changes in the executeCommandLine syntax.
Thank you for your help. Will try this tomorrow.
I guess, I do not get the split into the different attributes of the command right.
how exactly do I have to change the following statement?
executeCommandLine("sudo /usr/bin/ssh -p 8101 -i /home/openhabian/openhab.id_rsa openhab@localhost log:set DEBUG org.openhab.binding.shelly")
I really appreciate your help
executeCommandLine(“sudo”, "/usr/bin/ssh …
so everything else is in the same “string”, not to be further separated with commas?
Seems to be one of the lost postings …?
Everything needs to be separated with commas.
I think I need to create key again.
I do not have an openhab.id_rsa file on my system.
When I enter
sudo -u openhab ssh-keygen -t rsa -f openhabi.id_rsa
I get “Permission denied”. Has there been any changes from OH2.5 to OH3 in this space?
this is why I asked if you have a backup. In case yo have a backup the key is in directory .ssh in the home directory of user openhab2 which is: /var/lib/openhab2 thus in /var/lib/openhab2/.ssh
To make it work with OH3 you need to make sure that the key now is located in /var/lib/openhab/.ssh as the users home should have been migrated to /var/lib/openhab.
Depending on how the backup was restored resp. copied files now may be owned by user root which could result in permission denied.
Check who the owner of the files / directories is e.g. with
ls -ld /var/openhab* /var/openhab*/.ssh /var/openhab*/.ssh/*
Here you go
openhabian@openhabian:~ $ ls -ld /var/lib/openhab*
drwxrwxr-x 13 openhab openhab 4096 Feb 9 11:00 /var/lib/openhab
openhabian@openhabian:~ $
openhabian@openhabian:~ $ ls -ld /var/lib/openhab*/.ssh
ls: cannot access '/var/lib/openhab*/.ssh': No such file or directory
In my backup, I have two files in the directory /conf/
Openhab.id_rsa and
Openhab.id_rsa.pub
I actually went for a new key. Both files openhab.id_rsa and openhab.id_rsa.pub were created in the /var/lib/openhab/ directory. Then I copied the public key into the keys.properties file in /var/lib/openhab/etc/.
When submitting
sudo -u openhab ssh -p 8101 -i /var/lib/openhab/openhab.id_rsa openhab@openhabian
I get …
ssh: connect to host openhabian port 8101: Connection refused
What went wrong? Any idea?
What permissions of a directory that contains ssh private key MUST be readable, writeable by the owner only. As the directory is readable, writeable for group and readable for others the key will not be used when you try to run ssh.
Create a subdirectory .ssh inside the openhab directory and make it readable, writeable by the owner only. You may use any other directory in case you use switch -i.
I actually had a .ssh directory and copied the openhab.id_rsa file into it and changed the command line accordingly. Did not change the error message.
I also added the openhab user into a sudoers.d file with
openhab ALL = NOPASSWD: /usr/bin/ssh
Error is still there. Anything I miss?
Did you check the file’s and directory’s permission ? That is essential.
You get more detailed debug output by adding -vvv to the startup of the ssh command:
...ssh -vvv -p 8101...
By using one or two less v’s you will get less output which already might be sufficient.
In case it is a directory permission problem that should be shown there ( as far as I remember ).
Thank you very much for your continued support.
When I ran the ssh command with -vvv for openhab@localhost, I got …
............
debug1: Server host key: ssh-rsa SHA256:......
debug3: put_host_port: [127.0.0.1]:8101
debug3: put_host_port: [localhost]:8101
debug1: checking without port identifier
The authenticity of host '[localhost]:8101 ([127.0.0.1]:8101)' can't be established.
RSA key fingerprint is SHA256:........
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/lib/openhab/.ssh/known_hosts).
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: Will attempt key: /var/lib/openhab/.ssh/openhab.id_rsa RSA SHA256:......
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: keyboard-interactive,password,publickey
debug3: start over, passed a different list keyboard-interactive,password,publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /var/lib/openhab/.ssh/openhab.id_rsa RSA SHA256:.............
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: keyboard-interactive,password,publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
Permissions for the /.ssh directory is
openhabian@openhabian:/ $ ls -ld /var/lib/openhab*/.ssh
drwxr-xr-x 2 openhabian openhab 4096 Feb 11 21:15 /var/lib/openhab/.ssh
openhabian@openhabian:/ $
openhabian@openhabian:/ $ ls -ld /var/lib/openhab*/.ssh/*
-rw------- 1 root root 1823 Feb 11 21:14 /var/lib/openhab/.ssh/openhab.id_rsa
-rw-r--r-- 1 root root 400 Feb 11 21:15 /var/lib/openhab/.ssh/openhab.id_rsa.pub
Do I have to change permissions and how exactly do they need to be set?
UPDATE: I restarted the key gen from scratch and now have a set of working keys that enable terminal access to the openhab console without password. Next step is now to test it in a rule.
Directory /var/lib/openhab/.ssh needs to be owned by openhab:openhab ( that’s user:group ).
Permission of that directory has to be drwx for the owner only ( d is automatically as it is a directory ).
Once the above is done then the known_hosts file will be stored.
It is working now. Thanks a lot.
1 Like