Trying to restart bundle from script outside openhab

rules
openhab2
scripts
Tags: #<Tag:0x00007f1e5ca9a0c0> #<Tag:0x00007f1e5ca99f58> #<Tag:0x00007f1e5ca99df0>
(Esben Uth) #1

Hi there.
I have written a script to restart a bundle inside of openhab

The script works just the way i intend it to when i launch it from my terminal, but when i try to execute it from openhab it doesn’t restart the bundle, I’m positive that it executes the script (tried to execute other things in the script and that works fine).
I’m starting to wonder if it’s some problems with my key certificate.

The script i execute is as follows:

ssh -p 8101 openhab@localhost bundle:stop 195
sleep 5
ssh -p 8101 openhab@localhost bundle:start 195

I use the following to execute it from openhab

executeCommandLine("/Library/Scripts/oh_restart.sh")

When i execute it from within openhab i get the following in the logs:

16:52:08.791 [INFO ] [lipse.smarthome.io.net.exec.ExecUtil] - executed commandLine ‘/Library/Scripts/oh_restart.sh’

And if i execute the script from terminal i get the following in the logs:

17:04:11.437 [INFO ] [b.core.service.AbstractActiveService] - IHC / ELKO LS refresh and notification listener service has been shut down
17:04:15.509 [INFO ] [b.core.service.AbstractActiveService] - IHC / ELKO LS refresh and notification listener service has been started
17:04:15.509 [INFO ] [nhab.binding.ihc.internal.IhcBinding] - Connecting to IHC / ELKO LS controller [IP=’’ Username=’’ Password=’’].

If i edit the script with "say 'hello world’
It speaks from my mac when i execute it from openhab, so it’s being executed alright.

Anyone out there who could help me get further, perhaps with the right certificates or what not. ?

0 Likes

(Rich Koshak) #2

See:

I’m sure the problem has something to do with the fact that it is running as the openhab user and something isn’t configured right for that user.

1 Like

(Esben Uth) #3

** UPDATED **
Tried working with your debugs and tried this

val results = executeCommandLine(“ssh -p 8101 openhab@localhost ‘bundle:stop 195’”, 5000)

And this is from the log

18:44:04.880 [INFO ] [ipse.smarthome.model.script.execTest] - Host key verification failed.

So yeah it looks like it’s a problem in my keys then it’s just down to how to fix it.

— OLD
I’m looking at your link and I’m note sure if i can use all of it since i’m on a mac.

Trying to ssh but the host is not part of the openhab user’s known hosts. Either copy the .ssh folder from your usual account to ~/openhab/.ssh (changing permissions and ownership of course) or run sudo -u openhab /usr/bin/ssh user@host and typing “yes” when ssh asks if you want to accept the ssh key.

I don’t have a openhab user on my mac.
When I start openhab as a service I use sudo, but the key I have paired with openhab is my primary user.

sudo -u myuser /usr/bin/ssh openhab@localhost

If I write this in terminal I’m asked for a password, but neither my normal root password nor habopen works

0 Likes

(Rich Koshak) #4

Everything on that link applies except instead of running as the openhab user it is running as root. So you need to set up the root user with your ssh key pair.

According to the docs you connect using the following command:

ssh -p 8101 openhab@localhost

Note that the user in the karaf console has nothing to do with your OS account. There is only an openhab user in the karaf console.

And the ssh key really isn’t directly associated with any specific account. So long a the key pair that karaf is looking for is in the user’s .ssh folder it will authenticate.

In other words, you need to make a copy of your .ssh keys in ~root/.ssh.

You also must connect on port 8101, not the default port.

1 Like

(Esben Uth) #5

So I got it to work! Not sure if this was the proper way but here goes.

First i followed this guide to activate the root user on my mac server
http://snowleopardtips.net/tips/enable-root-account-in-snow-leopard.html

With that done i copied the contents from my users .ssh folder to the root .ssh folder, and now it all works.

What are you’re thoughts on this solutions ?
And many thanks for your help :slight_smile:

0 Likes

(Rich Koshak) #6

Well, as long as you run openhab using sudo this is the only solution.

A better solution, particularly if you plan on running openHAB all the time, would be to create an openhab user and run openHAB under that user. Then configure that user with the ssh keys.

The risk is if OH is successfully attacked and it is running as root, the attacker will have full root access to your machine. If openHAB runs as some other user, the attacker can only do what that user can do. You can then limit what that user can do to make you system safer.

0 Likes

(Rich Smith) #7

Looking to do this too; say a rule at x time, restart a bundle.
Not very saavy with key pairs, etc.

What does one need to do to set this up(the more detailed the better).
What would the script need to look like based on whatever settings are necessary.

Thanks in advance.

0 Likes

(Esben Uth) #8

Generating the keys, depends on which system you’re on.

If you’re on linux try looking at this: https://jamiej.co.uk/blog/ssh-key-pair-openhab-exec-binding/

0 Likes

(Rich Smith) #9

Seems like this is for remote machines; im running openhab on a linux box; i simply want to be able to restart a binding with an openhab rule on the same box…is this necessary?

0 Likes

(Esben Uth) #10

I run mine on a local server, in my research this is the only way to restart a bundle from inside openhab

0 Likes

(Rich Koshak) #11

Yes, this is necessary.

0 Likes

(steve1) #12

@rlkoshak and @milty456, wouldn’t it be possible to restart a bundle from a rule using the Karaf JMX API?

0 Likes

(Rich Koshak) #13

I don’t know if one has access to the JMX API in Rules.

0 Likes

(steve1) #14

I haven’t tried it since I don’t use the Rule DSL but I don’t know why the rule engine wouldn’t have access. JMX is a core Java API so I’d guess it should be accessible by the rules classloader. I’ve done quite a lot with JMX in JSR223 rules so I’m about 99% sure it would be possible to reload bundles that way (but, again, I haven’t tried it).

0 Likes

(Rich Koshak) #15

I thought it would require a specific library from Karaf. If it is part of the core API then you should be able to access it. If you figure out a posting in the Tutorials and Examples section would be wonderful.

JSR223 has A LOT more access to things than the Rules DSL so I wouldn’t be that certain. But if everything you need is a core Java package you should be OK.

0 Likes

(steve1) #16

Just to be clear, I’m 99% sure that JSR223 rules can do it. I’m not nearly as sure that the crippled DSL rule engine can do it. However, if I used that rules engine I’d at least try the JMX API from a rule before using the ssh workaround.

0 Likes