Unattended installation and configuration of OpenHAB - using Ansible for instance - is a nice way to recreate an OpenHAB environment or ‘clone’ a test setup, etc. (I know there are other ways, but that is not the point of my feature suggestion).
A manual step that cannot be skipped right now is the creation of the initial admin user through the UI.
What about a feature where OpenHAB checks for environment variables at first startup to specify the initial user parameters?
This mechanism is used quite common, especially when deploying container images. InfluxDB2 is an example where I can specify environment variables to control the one-off initial config, like this:
I guess it could also be part of the container image setup script, assuming there is some interface available that can check if it is an initial install and perform its magic. Checking if there is already a users.json would be one option.
And a similar issue exists for the token that can now only be generated in the UI. What about an option to provide OH with a self-generated token?
You can actually run a scripted console command on installation
openhab> openhab:users
Usage: openhab:users list - lists all users
Usage: openhab:users add <userId> <password> <role> - adds a new user with the specified role
Usage: openhab:users remove <userId> - removes the given user
Usage: openhab:users changePassword <userId> <newPassword> - changes the password of a user
Usage: openhab:users listApiTokens - lists the API tokens for all users
Usage: openhab:users addApiToken <userId> <tokenName> <scope> - adds a new API token on behalf of the specified user for the specified scope
Usage: openhab:users rmApiToken <userId> <tokenName> - removes (revokes) the specified API token
Usage: openhab:users clearSessions <userId> - clear the refresh tokens associated with the user (will sign the user out of all sessions)
openhab>
Thanks again. Works great for user and API token.
I use Ansible to deploy OH fully automated (from zero to operational) with Ansible and this was a missing piece.
Just in case there is another user somewhere on this planet that also uses Ansible:
- name: Add Karaf SSH key
ansible.builtin.replace:
dest: "{{ openhab_user_data_dir }}/etc/keys.properties"
regexp: '(^\#karaf=)(.*)$'
replace: "openhab={{ karaf_ssh_key }},_g_:admingroup"
# Create initial OpenHAB administrator user
#TODO: Add error checking
- name: Check if OpenHAB admin user already exists
ansible.builtin.command: ssh karaf openhab:users list
delegate_to: localhost
register: current_users
- name: Create OpenHAB admin user if it doesn't exist yet
ansible.builtin.command: "ssh karaf openhab:users add {{openhab_user_name}} {{openhab_user_password}} administrator"
delegate_to: localhost
register: current_users
when: "openhab_user_name not in current_users.stdout"
# Create and save OpenHAB API token
- name: Remove the existing OpenHAB API token
ansible.builtin.command: "ssh karaf openhab:users rmApiToken {{openhab_user_name}} RulesToken"
delegate_to: localhost
- name: Create a new OpenHAB API token
ansible.builtin.command: "ssh karaf openhab:users addApiToken {{openhab_user_name}} RulesToken All"
delegate_to: localhost
register: token_result
- name: Create a file to store the API token
ansible.builtin.file:
path: "{{openhab_conf_dir}}/apitoken.txt"
state: touch
- name: Write the API token to a file for future reference
ansible.builtin.lineinfile:
path: "{{openhab_conf_dir}}/apitoken.txt"
regexp: '^(.*)RulesToken(.*)$'
line: '{{ token_result.stdout }}'
- ansible.builtin.set_fact:
openhab_api_token: "{{token_result.stdout}}"
