openHAB on an isolated network

vdid · July 28, 2024, 6:43pm

Platform information:
- Hardware:
  - MB: ASRock TRX40 Creator
  - Memory: 128.0 GiB
  - Processor: AMD Ryzen™ Threadripper™ 3960X × 48
  - Graphics: AMD Radeon™ RX 7900 XT
- Software:
  - OS: Fedora Linux 40 (Workstation Edition)
  - GNOME: 46
  - Windowing: Wayland
  - Kernel: Linux 6.9.10-200.fc40.x86_64
  - Podman: 5.1.2
  - openHAB: 4.2.0
  - Java: openjdk 21.0.4
- Details of the setup:
  
  The openHAB instance is intended to run in podman in an isolated user on an isolated network. There is no access to anything but the VLAN itself from inside that VLAN. This means that neither IoT devices nor the openHAB instance can access the internet.
  
  However, I can access the podman’s storage and web interface from the host on which it is running.

Issue of the topic:

openHAB fails to complete the initialization citing this in the log:

2024-07-27 17:08:02.283 [INFO ] [org.openhab.core.Activator          ] - Starting openHAB 4.2.0 (Release Build)
2024-07-27 17:08:12.181 [INFO ] [.core.model.lsp.internal.ModelServer] - Started Language Server Protocol (LSP) service on port 5007
2024-07-27 17:08:17.524 [INFO ] [e.automation.internal.RuleEngineImpl] - Rule engine started.
2024-07-27 17:15:46.322 [WARN ] [service.spi.util.WebContainerManager] - Can't get a WebContainer service from {org.osgi.service.http.HttpService, org.ops4j.pax.web.service.WebContainer}={org.ops4j.pax.web.log.ncsa.extended=true, org.ops4j.pax.web.ssl.keystore.password=********, service.scope=bundle, org.ops4j.pax.web.ssl.key.password=********, org.ops4j.pax.web.session.cookie.name=JSESSIONID, org.osgi.service.http.connector.name=default, org.ops4j.pax.web.enc.iterationcount=1000, org.ops4j.pax.web.log.ncsa.file=yyyy_mm_dd.request.log, org.ops4j.pax.web.server.eventDispatcherThreadCount=1, org.osgi.service.http.checkForwarded ...

Concerns and questions:
- I think there is the addons directory I need to populate manually since I do not allow openHAB to do it automatically from the Internet.
- Question 1: Is there a guide on setting up openHAB isolated as I intended above, which I missed?
- Question 2: If there is no complete guide, where should I pull add-ons from?
- Question 3: Anything else in addition to addons which I need to be concerned?

Service configuration related to the issue

[Unit]
Description=Podman openHAB service
Wants=network.target
After=network-online.target

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=no
TimeoutStopSec=64
ExecStartPre=/bin/rm -f %t/openhab.pid %t/openhab.ctr-id
ExecStart=/usr/bin/podman run \
        --name openhab \
        --net=pasta:-I,enp35s0 \
        --conmon-pidfile %t/openhab.pid \
        --cidfile %t/openhab.ctr-id \
        --label io.containers.autoupdate=image \
        --env=TZ=America/Los_Angeles \
        -v /etc/localtime:/etc/localtime:ro \
        -v /etc/timezone:/etc/timezone:ro \
        -v <snip>/.config/openhab/addons:/openhab/addons:z \
        -v <snip>/.config/openhab/conf:/openhab/conf:z \
        -v <snip>/.config/openhab/userdata:/openhab/userdata:z \
        -d \
        --restart=always \
        docker.io/openhab/openhab:4.2.0
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/openhab.ctr-id -t 5
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/openhab.ctr-id
PIDFile=%t/openhab.pid
Type=forking

vdid · July 28, 2024, 7:13pm

Hmm, I can’t replicate the issue today; something else is going on. Deleting the topic for now

moody_blue · July 29, 2024, 9:39am

I think you need to use Java 17, not 21.

I also have an isolated network but I open the firewall when installing / updating openhab, then close it. In cases where internet access is not possible at all you need to download and install the “stable add-ons”

ubeaut · July 29, 2024, 10:31am

Apparently OH 4.2 can use java 17 or 21 but 21 is still a bit experimental.

rlkoshak · July 29, 2024, 2:46pm

In answer to your question, you need to download the add-ons .kar file from Download openHAB | openHAB (scroll down to the “Manual Install” section. Put the .kar file into your addons folder which on Linux installed is going to be /usr/share/openhab/addons and a manual install $OH_HOME/addons where $OH_HOME is where ever you unzipped OH to (e.g. /opt/openhab).

Then when you install an add-on it will pull it from the .kar file instead of trying to pull it from the Internet.

Make sure you update that file when you update OH itself.

I’m not positive that your error is related to lack of access to the internet to install add-ons though. Nothing in that list is an OH add-on. I think something else was going wrong which is why the error seemed to go away.

vdid · July 29, 2024, 5:00pm

Thank you very much! I found that the userdata directory had the wrong owner ID, will fix on the weekend.

I will not force Fedora to downgrade the JVM, but I will at least pin it against further upgrades except patches. Thanks for the hints, moody_blue @ubeaut!

@rlkoshak: that is exactly the info I needed, too. I appreciate it, and I will try after the ID fix.