YunoHost-Apps / homeassistant_ynh

Home automation platform package for YunoHost
https://www.home-assistant.io/
Apache License 2.0
21 stars 17 forks source link

Can't add ZHA Conbee with homeassistant_ynh #40

Closed hovancik closed 2 years ago

hovancik commented 2 years ago

Hi, what's the upgrade strategy of homeassistant_ynh?

I've installed YNH on my raspberry, because I want to use multiple apps and Home Assistant is one of them. I have a Conbee II stick, but homeassistant_ynh is not able to add it with ZHA. I've googled many solution in regard to Conbee and Home Assistant but none helped. As a last test I decided to install Home Assistant in official way on spare card and boot it up. My Conbee works fine there, so I wonder maybe some problem with homeassistant_ynh version? Maybe upgrade would help?

When trying to add Conbee in homeassistant_ynh, I see no errors in logs, UI simply says "Failed to probe the usb device".

Many thanks!

hovancik commented 2 years ago

So I tried to install custom fork https://github.com/hovancik/homeassistant_ynh/tree/up with simply changed version of HA to the latest, but seeing the same issue.

Checked the logs again and only thing I can see now is. I've check previous logs and found it there as well, so it's not related to higher version of HA that I did in my fork.

2022-01-02 13:03:34 INFO (SyncWorker_0) [homeassistant.util.package] Attempting install of bellows==0.29.0
2022-01-02 13:03:36 ERROR (SyncWorker_0) [homeassistant.util.package] Unable to install package bellows==0.29.0: WARNING: The directory '/home/homeassistant/.cache/pip' or its parent directory is not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
ewilly commented 2 years ago

hi, homeassistant user does not have USB access rights it's why you get the following erro msg "Failed to probe the usb device". could you type usermod -a -G dialout homeassistant and see if it resolve your issue ?

ewilly commented 2 years ago

otherwise can test the testing branch

hovancik commented 2 years ago

Hi, trying your branch but I am seeing the same issue: "Failed to probe the usb device". Also tried to reboot to make sure groups are active.

What I see thought is:

groups homeassistant
homeassistant : homeassistant root

Adding dialout manually doesn't help

hovancik commented 2 years ago

Same with, based on groups from PR

groups homeassistant
homeassistant : homeassistant root dialout i2c gpio
ewilly commented 2 years ago

humm hard to go deeper in investigation on my side without having such a device. It could be due to so many things and not necessarily homeassistant_ynh... Did you try jeedom_ynh ?

hovancik commented 2 years ago

I haven't tried jeedom_ynh as it is not maintained anymore.

Do you know how I could see live logs from HomeAssistant? Maybe the error is something else. HA is telling me that it found new device but then it is not able to add it, so I wonder what really happens... Logs in YNH-> Services -> HA are spare...

By searching the error, I think I might end up here: https://github.com/home-assistant/core/blob/3bf12fcd29c42205a14082a4e7cbd7916d0c27e3/homeassistant/components/zha/config_flow.py#L150

hovancik commented 2 years ago

SO I enabled all messages in log via editing configuration and here is the error:

Traceback (most recent call last):
  File "/var/www/homeassistant/lib/python3.9/site-packages/serial/serialposix.py", line 322, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
PermissionError: [Errno 1] Operation not permitted: '/dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/www/homeassistant/lib/python3.9/site-packages/zigpy_znp/zigbee/application.py", line 139, in probe
    await znp.connect()
  File "/var/www/homeassistant/lib/python3.9/site-packages/zigpy_znp/api.py", line 545, in connect
    self._uart = await uart.connect(self._config[conf.CONF_DEVICE], self)
  File "/var/www/homeassistant/lib/python3.9/site-packages/zigpy_znp/uart.py", line 182, in connect
    _, protocol = await serial_asyncio.create_serial_connection(
  File "/var/www/homeassistant/lib/python3.9/site-packages/serial_asyncio/__init__.py", line 445, in create_serial_connection
    serial_instance = serial.serial_for_url(*args, **kwargs)
  File "/var/www/homeassistant/lib/python3.9/site-packages/serial/__init__.py", line 90, in serial_for_url
    instance.open()
  File "/var/www/homeassistant/lib/python3.9/site-packages/serial/serialposix.py", line 325, in open
    raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
serial.serialutil.SerialException: [Errno 1] could not open port /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00: [Errno 1] Operation not permitted: '/dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00'
2022-01-03 16:50:20 DEBUG (bellows.thread_0) [asyncio] Using selector: EpollSelector
2022-01-03 16:50:20 DEBUG (MainThread) [bellows.ezsp] Unsuccessful radio probe of '/dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00' port
Traceback (most recent call last):
  File "/var/www/homeassistant/lib/python3.9/site-packages/serial/serialposix.py", line 322, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
PermissionError: [Errno 1] Operation not permitted: '/dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00'
hovancik commented 2 years ago

I think I am getting closer, but all just guesses as this is not part of Linux that I am familiar with :)

Based on this, I can see the group should be root, which it is already:

admin@conta:~ $ $(stat --format="%G" /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00 )
-bash: root: command not found
admin@conta:~ $ groups homeassistant
homeassistant : homeassistant root dialout i2c gpio
ewilly commented 2 years ago

What is the output of ls -l /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00 ?

hovancik commented 2 years ago

lrwxrwxrwx 1 root root 13 Jan 3 19:40 /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00 -> ../../ttyACM0

hovancik commented 2 years ago

unterestingly crw-rw---- 1 root dialout 166, 0 Jan 3 19:40 /dev/ttyACM0

ewilly commented 2 years ago

strange homeassistant user is now in the dialout group and the dialoup group have write access to that device... can't figure why you have a permission issue :( Perhaps https://community.home-assistant.io could better help than me

ewilly commented 2 years ago

Did you try with /dev/ttyACM0 instead of /dev/serial/by-id/usb-dresden_elektronik_ingenieurtechnik_GmbH_ConBee_II_DE2473636-if00 ?

ewilly commented 2 years ago

one other thing to try is to comment all sanboxing options lines in /etc/systemd/system/homeassistant.service after StandardError=inherit

hovancik commented 2 years ago

/dev/ttyACM0 didn't help but editing service did :) What are those doing? Will I be less safe now?

Many thanks for helping me out :)

ewilly commented 2 years ago

yes a little less safe what would be great on your side is to check which line(s) exactly need to be commented in order to apply that change in github, otherwise after each update of the app you will have the issue

hovancik commented 2 years ago

Here's the working file, so seems it's DevicePolicy=closed

[Unit]
Description=Home Assistant
After=network.target

[Service]
Type=simple
User=homeassistant
WorkingDirectory=/home/yunohost.app/homeassistant
ExecStart=/var/www/homeassistant/bin/hass --config "/home/yunohost.app/homeassistant" --log-file "/var/log/homeassistant/homeassistant.log"
StandardOutput=append:/var/log/homeassistant/homeassistant.log
StandardError=inherit

# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these 
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
#CANT BE ACTIVATED FOR homeassistant #PrivateDevices=yes
#CANT BE ACTIVATED FOR homeassistant #RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
#DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap

# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 

[Install]
WantedBy=multi-user.target 

This is just for conbee stick.

I will be trying to add devices via it later.

hovancik commented 2 years ago

Adding device seems to fine as well, just added a motion sensor successfully :)

Feel free to close this with PR. I can test upgrade when you have code to test

ewilly commented 2 years ago

Thanks -> add in #43