Hi there.
I have written a script to restart a bundle inside of openhab
The script works just the way i intend it to when i launch it from my terminal, but when i try to execute it from openhab it doesn’t restart the bundle, I’m positive that it executes the script (tried to execute other things in the script and that works fine).
I’m starting to wonder if it’s some problems with my key certificate.
And if i execute the script from terminal i get the following in the logs:
17:04:11.437 [INFO ] [b.core.service.AbstractActiveService] - IHC / ELKO LS refresh and notification listener service has been shut down
17:04:15.509 [INFO ] [b.core.service.AbstractActiveService] - IHC / ELKO LS refresh and notification listener service has been started
17:04:15.509 [INFO ] [nhab.binding.ihc.internal.IhcBinding] - Connecting to IHC / ELKO LS controller [IP=‘’ Username=‘’ Password=‘’].
If i edit the script with "say ‘hello world’
It speaks from my mac when i execute it from openhab, so it’s being executed alright.
Anyone out there who could help me get further, perhaps with the right certificates or what not. ?
So yeah it looks like it’s a problem in my keys then it’s just down to how to fix it.
— OLD
I’m looking at your link and I’m note sure if i can use all of it since i’m on a mac.
Trying to ssh but the host is not part of the openhab user’s known hosts. Either copy the .ssh folder from your usual account to ~/openhab/.ssh (changing permissions and ownership of course) or run sudo -u openhab /usr/bin/ssh user@host and typing “yes” when ssh asks if you want to accept the ssh key.
I don’t have a openhab user on my mac.
When I start openhab as a service I use sudo, but the key I have paired with openhab is my primary user.
sudo -u myuser /usr/bin/ssh openhab@localhost
If I write this in terminal I’m asked for a password, but neither my normal root password nor habopen works
Everything on that link applies except instead of running as the openhab user it is running as root. So you need to set up the root user with your ssh key pair.
According to the docs you connect using the following command:
ssh -p 8101 openhab@localhost
Note that the user in the karaf console has nothing to do with your OS account. There is only an openhab user in the karaf console.
And the ssh key really isn’t directly associated with any specific account. So long a the key pair that karaf is looking for is in the user’s .ssh folder it will authenticate.
In other words, you need to make a copy of your .ssh keys in ~root/.ssh.
You also must connect on port 8101, not the default port.
Well, as long as you run openhab using sudo this is the only solution.
A better solution, particularly if you plan on running openHAB all the time, would be to create an openhab user and run openHAB under that user. Then configure that user with the ssh keys.
The risk is if OH is successfully attacked and it is running as root, the attacker will have full root access to your machine. If openHAB runs as some other user, the attacker can only do what that user can do. You can then limit what that user can do to make you system safer.
Looking to do this too; say a rule at x time, restart a bundle.
Not very saavy with key pairs, etc.
What does one need to do to set this up(the more detailed the better).
What would the script need to look like based on whatever settings are necessary.
Seems like this is for remote machines; im running openhab on a linux box; i simply want to be able to restart a binding with an openhab rule on the same box…is this necessary?
I haven’t tried it since I don’t use the Rule DSL but I don’t know why the rule engine wouldn’t have access. JMX is a core Java API so I’d guess it should be accessible by the rules classloader. I’ve done quite a lot with JMX in JSR223 rules so I’m about 99% sure it would be possible to reload bundles that way (but, again, I haven’t tried it).
I thought it would require a specific library from Karaf. If it is part of the core API then you should be able to access it. If you figure out a posting in the Tutorials and Examples section would be wonderful.
JSR223 has A LOT more access to things than the Rules DSL so I wouldn’t be that certain. But if everything you need is a core Java package you should be OK.
Just to be clear, I’m 99% sure that JSR223 rules can do it. I’m not nearly as sure that the crippled DSL rule engine can do it. However, if I used that rules engine I’d at least try the JMX API from a rule before using the ssh workaround.
