openHAB co-existing with Asterisk & FreePBX on Raspberry Pi 3B

CrazyIvan359 · December 3, 2019, 2:10am

Ok I don’t have time right now to dig into your config but it seems like you aren’t doing volumes right. I will post my openhab and mqtt docker-compose files below, hopefully you can use them as a starting point as you seem to be understanding all of this as you work through it.

Your adding the openhab user to the pi user’s group is not going to work, and also I recommend against it, it’s a security hole. It won’t work because the user named openhab in raspbian is not going to have the same UID as the user named openhab in the container. You need to tell the container the UID and GID of the host’s user named openhab. Remove openhab from the pi group and only add it to groups it needs access to.

My network setup is almost entirely docker’s internal network and NGINX routes all requests from the outside, even for local traffic on my LAN. Your network setup may not be so in-depth.

So here is my file structure and docker-compose files for openhab and mosquitto containers:

srv
 |- openhab2
 |   |- docker-compose.yml
 |   |- addons/
 |   |- conf/
 |   |- cont-init.d/
 |   |- userdata/
 |
 |- mqtt
     |- docker-compose.yml
     |- config/
     |- data/
     |- log/

version: '3.6'

networks:
  nginx_alfred:
    external: true

services:
  openhab:
#    image: openhab/openhab:latest
#    image: openhab/openhab:milestone
    image: openhab/openhab:snapshot
    container_name: openhab
    restart: always

    networks:
      - nginx_alfred

    ports:
      - 8080:8080
      - 8443:8443
      - 8101:8101
      - 5007:5007

    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /srv/openhab2/cont-init.d:/etc/cont-init.d
      - /srv/openhab2/conf:/openhab/conf
      - /srv/openhab2/userdata:/openhab/userdata
      - /srv/openhab2/addons:/openhab/addons

    environment:
      - USER_ID=xx
      - GROUP_ID=xx

version: '3.6'

networks:
  nginx_alfred:
    external: true

services:
  mqtt:
    image: eclipse-mosquitto:latest
    container_name: mqtt
    restart: always

    networks:
      - nginx_alfred

    ports:
      - '1883:1883'

    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /srv/mqtt/data:/mosquitto/data
      - /srv/mqtt/config:/mosquitto/config
      - /srv/mqtt/log:/mosquitto/log

Alan-uk · December 3, 2019, 12:20pm

Many thanks Michael. Always good to be able to study a working system. I will certainly take your advice and remove the pi account from the openhab group.

Looking at your reply I think I have mistakenly thought the user/group openhab outside the container and having ownership of the Volumes directories was the same as the user/group openhab inside the container. As Docker creates and synchronises the Volumes directories I presumed it would open those directories up.

I will add the environment: USER_ID & GROUP_ID and hopefully that will solve the issue.

CrazyIvan359 · December 3, 2019, 3:02pm

That should work for permissions. I don’t know how docker handles the volumes that you are working with, but I think those are meant to be managed only by docker and not you. Notice how all my volumes are in custom locations and mounted differently than yours.

Alan-uk · December 5, 2019, 5:19pm

After many more hours I solved the problem myself. I checked the whole path permissions folder by folder until:

ls -l /var/lib/docker
drwx------ 5 root root 4096 Dec 3 12:42 volumes

According to Linux rules (as I understand them) the whole path needs Execute permissions in order to access a sub-folder, including accessing from a Samba share. So I changed volumes to

cd /var/lib/docker
chmod g=x volumes
chmod o=x volumes
drwx–x--x 5 root root 4096 Dec 3 12:42 volumes

In the process I did alter the Samba file so the changes from stock now reads:

workgroup = —my workgroup—
wins support = yes
[openHAB2]
comment=openHAB2
path=/var/lib/docker/volumes/openhab_data
browseable=Yes
writeable=Yes
only guest=no
public=no
create mask=0777
directory mask=0777
force group = openhab
valid users = pi

My Docker-Compose script says

      - "/var/lib/docker/volumes/openhab_data/openhab_addons:/openhab/addons"
      - "/var/lib/docker/volumes/openhab_data/openhab_conf:/openhab/conf"
      - "/var/lib/docker/volumes/openhab_data/openhab_userdata:/openhab/userdata"

The other folders are OK

cd /var/lib/docker/volumes
ls -l
drwxr-xr-x 5 openhab openhab  4096 Dec  3 23:20 openhab_data
cd openhab_data
ls -l
drwxrwxr-x  2 openhab openhab 4096 Nov 30 21:38 openhab_addons
etc

I also had to add write permissions to the openhab_data folder and sub-folders

chmod g=rwx -R openhab_data

Note that pi was defined as a member of the openhab group (as recommended in the
openHAB 2 inside a Docker Container

I can now access the share from Windows. In fact I have 3 folders in Windows Network:

openHAB Share - cannot access - who knows why this was created!
openHAB2 Share - can access
pi Share - can access - pi’s Home

Onwards and upwards as they say. I shall now take a break and focus on some soldering of the hardware, linking inputs and outputs to my Pi and test with some simple python before incorporating into openHAB.

Alan-uk · December 5, 2019, 5:32pm

Hi Michael. As you can see from my other post I solved my access problem

My understanding is that as openHAB runs in a container, Docker sets up symbolic links to the configuration folders so that the folders are then accessible outside the container.

According to some youtube videos and openHAB Configuring you Smart Home guidelines Paper UI has limitations and therefore some changes need to be done by editing Configuration files. Unfortunately Paper UI definitions are held separately so they recommend using Paper UI OR Configuration files for different aspects. All a bit messy if you ask me. I read it will all change in OpenHAB3 - let’s hope there are migration tools.

My folders are also in a custom locations: /var/lib/docker/volumes/openhab_data whereas the openHAB guide uses opt/openhab/ . I based mine on another user written guide. Putting the openhab_data under /var/lib/docker/volumes/ along with other data folders (e.g. mosquitto_data) seems more logical to me.

CrazyIvan359 · December 5, 2019, 5:35pm

This makes sense, did I misunderstand what you did earlier? I thought you had put openhab in the pi group.

Alan-uk · December 5, 2019, 5:48pm

I wrote sudo

usermod -a -G openhab pi

which adds pi to the openhab group but I failed to pick up when you said the opposite in the next post - sorry.

I do think many of the Linux commands are written back to front!

CrazyIvan359 · December 5, 2019, 8:57pm

My mistake, sorry. This one is written this way because you can modify one user, but add them to many groups with the single command.