Tag Archives: Centos

Setup OpenZWave on Home Assistant under CentOS 8

Introduction

Home Assistant Legacy Z-Wave Integration
Home Assistant Legacy Z-Wave Integration
In an earlier blog I created on how to set up Home Assistant natively using CentOS 8. I explained how you can set Z-Wave using a platform that the Home Assistant team plan on eventually retiring. They’re making room for a new and improved way of doing things; that’s what this blog focuses on.

The new method of setting up Z-Wave with Home Assistant is still in Beta (at the time of writing this blog) and is called OpenZWave. It is more than stable enough to add to your environment if you want to try it out.

While OpenZWave’s integration into Home Assistant is a little more complicated to set up (more moving parts too), it is a completely separately maintained component; this is a good thing! Z-Wave integration becomes much easier to maintain as a separate system (with separate release schedules).

OpenZWave Home Assistant Integration
The New OpenZWave Home Assistant Integration

Requirements

Aeon Labs - Aeotec Z-Wave Z-Stick - Gen5 - ZW090It is presumed that you have a Z-Wave Hub that is plugged into the same server hosting Home Assistant.If everything is working as expected, you should see a device (visible as /dev/ttyXXXN) that you can interact with.

I personally own a Gen5 Aeon Labs Aeotec Z-Wave Z-Stick which shows up as /dev/ttyACM0 on my system.

The other requirements (which are explained further in the next sections):

  1. A MQTT Server (Mosquitto)
  2. The OpenZWave Daemon

The Setup

MQTT Server

A MQTT is lightweight messaging protocol for small sensors and mobile devices, optimized for high-latency or unreliable networks. This becomes the channel to which OpenZWave can report all of your devices back to Home Assistant with. You also use this medium to trigger, and update your devices as well. Home Assistant recommends we use Mosquitto which is a light weight free tool that works great. It’s installation and setup is as easy as:

# Install Mosquitto
sudo dnf install -y mosquitto
# Start it up
sudo systemctl start mosquitto
# Enable it
sudo systemctl enable mosquitto

To get this configured in Home Assistant, you just need to add the following line to your configuration.yaml file:

# Example configuration.yaml entry
# If you followed my earlier blog, this just has to go anywhere in
# /etc/homeassistant/configuration.yaml
mqtt:
  broker: localhost

The OpenZWave Daemon

The OpenZWave Daemon is the key component that communicates to and from all of your Z-Wave devices and relays their status through the MQTT server (for Home Assistant to interpret). We can install this easily through Snapcraft:

# First you need snap installed
sudo dnf install -y snapd
sudo systemctl enable --now snapd.socket
 
# You just need  log out and back in again
# to run the next few commands (because of new environment variables
# put in place)... but this is easier; log in a root with a fresh
# environment set up:
sudo su -
 
# Install Snap
snap install ozwdaemon
 
# Get our configuration
snap get ozwdaemon -d
 
# I had to set a few things myself.  This is not really my network key
# but it's what you may need to do if you're coming from the old z-wave
# configuration; you'll want to re-import your secure key so you can still
# talk to your secure devices:
snap set ozwdaemon ozw.network-key=0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01

# By default it is already set up to use an mqtt server installed on
# localhost.  So no changes are needed here.

# It is also by default looking for your Z-Wave Hub at /dev/ttyACM0
# While this works great for me (requiring no change at all), you can
# set yours to whatever path you need like so:
snap set ozwdaemon usb-path=/dev/ttyACM0

# Connect our device to our Z-Wave USB device we configured
snap connect ozwdaemon:raw-usb

# Set up our dameon to start and restart if we ever restart our pc
snap start --enable ozwdaemon.ozwdaemon

At this point you can add the OpenZWave Integration inside Home Assistant. It should detect everything if all of the instructions went well above. This is done by:

  1. Click on Configuration which is on the left hand side when logged into Home Assistant using an Administrator account
  2. Click on Add Integration
  3. Search for OpenZWave
  4. Choose to Add this Integration

Troubleshooting

You can follow the OpenZWave logs as follows if you run into any issues:

# Follow our logs:
snap logs ozwdaemon -f
# or snapd:
journalctl -u snapd -f

You can also increase the logs provided by Home Assistant for the 2 things in question to help isolate any issues; simply add the following to your Home Assistant’s configuration.yaml file:

# Extra Z-Wave/MQTT Logging configuration.yaml entry
# If you followed my earlier blog, this just has to go anywhere in
# /etc/homeassistant/configuration.yaml
logger:
  logs:
    homeassistant.components.ozw: debug
    homeassistant.components.mqtt: debug

Older versions of the Home Assistant OpenZWave front end do not handle secure nodes properly which was identified here.

Credit

If you like what you see and wish to copy and paste this HOWTO, please reference back to this blog post at the very least. It’s really all I ask. Alternatively, I certainly won’t turn down a coffee if you wish to buy me one! πŸ™‚

Sources

The Perfect Home Assistant CentOS 8 Installation

Introduction

If you have a dedicated server that you want to set up Home Assistant on and would like to run it natively (not in a container), then this is the tutorial for you. This tutorial focuses on using CentOS 8 because I am personally familiar with RedHat based products. But those who chose to use Ubuntu, Debian, Alpine, Arch, etc should be able to benefit from a good chunk of the information explained here too.

Minimum Requirements

While Home Assistant works awesome on a Raspberry Pi for simple things, it can start to get sluggish and feel under-powered over time as you get addicted like the rest of us and continue to add automations to it. It specifically takes a hard it once you start adding automations that involve video and get fancy with others.

nuc6i5syh
Intel Nuc Kit nuc6i5syh
Thus, if you’re a hobbyist who plans on continuing to evolve your homes automation over time, a Raspberry Pi is not good enough. A small PC (and this tutorial of course πŸ˜‰ ) is the best way to go.

I am personally using a very old (outdated) model of an Intel Nuc that works great. But even if you just have an old PC lying around in the corner, that would be a fantastic choice too! Despite the official requirements identified here, for the most optimal experience (in my opinion), your Home Assistant PC should have:

Type My Suggested Minimum Requirement
RAM 8GB
CPU >= Intel i5
Network >=100Mbit/s
It’s strongly recommended that the server you choose to set up Home Assistant utilize a physical network cable and not WiFi.
Storage >=32GB
Storage is only really important if you plan on installing home surveillance (specifically video cameras). If you do, then target your storage to be at least 512GB or more instead. This will allow you to record with them and save the content locally (should you choose to do this).

Here is the breakdown of where the storage all goes (with respect to this tutorial):

Path Size Details
/etc/homeassistant/ 1GB Your configuration files are small (less then 256KB), however Home Assistant maintains what is called a Recorder which tracks itself in an SQLite database. This SQLite database tends to grow over time in size (which you can control). This is also the location of your homeassistant.log file which can also grow in size as well. By giving yourself (at least) 1GB here, you just provide enough room for future growth that will never interrupt your setup over time. More on the contents of this directory is discussed near the end of this blog.
/opt/homeassistant/ 2GB The entire installation of Home Assistant will sit here once you’ve completed this tutorial. The actual installation (with most bells and whistles) is just under 1GB. 2GB is just a suggested size because it will leave you with plenty of room for future growth.
/ 6GB Your root filesystem and all the core directories that go with it such as /boot, /tmp, /home, /usr, /var, … etc.
6GB is more than enough to host the Linux operating system and all of it’s needs while still leaving you ample space for growth.
/opt/homeassistant/video/ >128GB I’m just throwing this in here… Those who don’t have video recording cameras at their home (inside and out) can ignore this. But consider at LEAST 32GB per camera depending on how much you want to record. You may also want to plan for an expansion down the road too; I said >=512GB earlier and I meant it. Storage is cheap these days, so plan properly at the start.

Download the latest copy of CentOS 8 and stick it on a spare USB Drive you have and/or burn it to a DVD so that you can install it onto your PC.

The Base Home Assistant Setup

It is assumed at this point that you’ve set up your server or already had one running. Let’s set up a working environment that Home Assistant can work in. It’s important to have root or sudo privileges prior to running the commands below in each section.

General Server Preparation

The safest way to run Home Assistant is with it’s own dedicated user and permissions. The following will set up a working environment for us to build further onto:

# Again.. our basic layout will be:
# User: homeassistant
# HA Config: /etc/homeassistant
# HA Core: /opt/homeassistant

# Prepare our user:
sudo useradd -rm homeassistant \
   --home-dir /opt/homeassistant

# The dialout group allows us to access our external USB
# devices such as the Aeotec Z-Stick Series 5 (which is
# what I use). We want to add our user to this group:
sudo usermod -aG dialout homeassistant

# Prepare our configuration directory
sudo mkdir /etc/homeassistant

# Adjust our permissions
sudo chown -R homeassistant:homeassistant \
   /opt/homeassistant /etc/homeassistant

# Some of the packages later installed with pip3
# require that they are compiled in your environment
# (or it will not work) so the following is also
# required:
sudo dnf install -y gcc make gcc-c++ systemd-devel \
    unzip tar

Python 3.8 Setup

We need to setup Python 3.8 into our CentOS environment because it is the minimum requirement for Home Assistant to work. So basically we have 2 options here: Take the most stable version of v3.8, or take the one manged by CentOS which is sometimes outdated. Either way, I’ve explained both below:

  1. Option 1: The CentOS Maintained Version:
    # Simply install the module
    sudo dnf module -y install python38 python38-devel
    
    # That's it... you're done :)
    
  2. Option 2: The Latest Stable Version:
    sudo dnf install -y bzip2-devel expat-devel gdbm-devel \
        libuuid-devel libffi-devel\
        ncurses-devel openssl-devel readline-devel \
        sqlite-devel tk-devel xz-devel zlib-devel wget \
        gcc make gcc-c++ tar
     
    # At the time this blog was written, the current
    # version was v3.8.5:
    VERSION=3.8.5
    
    #
    # Acquire
    #
    wget https://www.python.org/ftp/python/${VERSION}/Python-${VERSION}.tgz
    tar -xf Python-${VERSION}.tgz
     
    #
    # Configure
    #
    cd Python-${VERSION}
    ./configure --enable-optimizations
    
    #
    # Build
    #
    
    # This step can take a while - so be patient!
    make -j 4
    
    #
    # Install
    #
    
    # This is very safe and will not over-write
    # existing Python that ships with CentOS
    sudo make altinstall
    

Regardless of which route you chose to take, you can test the version out to see if you were successful:

# Test the version out:
python3.8 -V

Surveillance Video Camera Setup

Run the following commands if you have or plan on having surveillance cameras installed into your environment. Feel free to run this at a later time if you want. Basically you need a copy of ffmpeg available if you plan on accessing your camera stream in Home Assistant.

sudo dnf install -y epel-release dnf-utils
yum-config-manager --set-enabled PowerTools
sudo yum-config-manager \
   --add-repo=https://negativo17.org/repos/epel-multimedia.repo
sudo dnf install -y ffmpeg

Home Assistant Installation

Assuming you’ve followed the sections Python 3.8 Setup and General Server Preparation above, we can now install Home Assistant:

# First we switch to our new homeassistant user we created:
sudo -u homeassistant -H -s
 
# Optional SSH Keygen Setup
[ ! -f ~/.ssh/id_rsa.pub ] && \
   ssh-keygen -f ~/.ssh/id_rsa -C "Home Assistant" -q -N ""

# Change to our home directory (if we're not there already)
cd /opt/homeassistant

# Prepare our virtual environment
python3.8 -m venv .

# It's always VERY important you activate your
# environment before you start running pip3
# commands
. ./bin/activate

# Perform our installation:
pip3 install homeassistant home-assistant-frontend \
     homeassistant-pyozw colorlog flask-sqlalchemy

# Return back to our root user
exit

Finally we must create an System D Startup file to make it easy to start/stop our instance of Home Assistant:

# the following will drop us in a startup script we can use with our environment
sudo bash <<EOF
cat << _EOF > /usr/lib/systemd/system/home-assistant.service
[Unit]
Description=Home Assistant
After=network-online.target
 
[Service]
Type=simple
User=homeassistant
ExecStart=/opt/homeassistant/bin/hass -c "/etc/homeassistant"
WorkingDirectory=/opt/homeassistant
PrivateTmp=true
Restart=on-failure
 
[Install]
WantedBy=multi-user.target
_EOF
EOF

# Pick up our new configuration
sudo systemctl daemon-reload

# Make it so Home Assistant starts even after a
# server reboot
sudo systemctl enable home-assistant

# Let's start it up now
sudo systemctl start home-assistant

The final piece of the puzzle is to expose port 8123 to our network so that we can access our instance of Home Assistant:

sudo bash <<EOF
cat << _EOF > /usr/lib/firewalld/services/home-assistant.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Home Assistant</short>
  <description>Home Assistant Web Portal</description>
  <port protocol="tcp" port="8123"/>
</service>
_EOF
EOF

# Reload our firewall so it can find our recently
# created configuration file (defined above)
sudo firewall-cmd --reload
 
# Now we'll add our new firewall service
sudo firewall-cmd --zone=public \
   --add-service=home-assistant --permanent

# once again reload our firewall to open our newly
# declared port:
sudo firewall-cmd --reload

Finalizing Your Installation

Home Assistant Initial Login PageYou can now visit your new Home Assistant server at http://ip.to.your.server:8123 and start setting up your account for the first time.

When you first access the page you will be able to create the first system user (also the administrator account) that you can build automations with.

Home Assistant Upgrades

You’ll find that Home Assistant is rapidly expanding and always fixing issues and adding more cool features you can play with. Upgrading Home Assistant is as easy as this:

# Switch to our home assistant user:
sudo -u homeassistant -H -s

# Change to our home directory (if we're not there already)
cd /opt/homeassistant

# It's always VERY important you activate your
# environment before you start running pip3
# commands
. ./bin/activate
 
# Switch to our homeassistant user
pip3 install --upgrade homeassistant

# Return to our user with sudoer's permission
exit

# Restart Home Assistant
sudo systemctl restart home-assistant

A Quick Overview

At this point you should be all set up with a running copy of Home Assistant to play with. Here are some general files and directories that will begin appearing in your server’s filesystem in the /etc/homeassistant/ directory that you may want to know about:

homeassistant.log

All of the logs associated with Home Assistant will show up here. This is a fantastic location to begin your troubleshooting should you run into problems.

configuration.yaml

This is the core configuration that will drive your entire Home Assistant application from this point forward. Any changes to this file will require you to restart Home Assistant for the changes to take effect.

home-assistant_v2.db

This is the Home Assistant Recorder. From within your Home Assistant Dashboard, you can click on History button off of the dashboard to see the contents.

/etc/homeassistant/home-assistant_v2.db example

secrets.yaml

This is a simple file that allows you to map key/value pairs. The idea is to keep all of your passwords and/or tokens that you otherwise want to keep from prying eyes. This file should be given very strict permissions:

# protect this file if you intend to use it
chmod 600 /etc/homeassistant/secrets.yaml

For example, you might use Apprise to send you an email notification. In order to send an email Apprise needs your personal email information. As an example, in your configuration.yaml file you might do this:

# /etc/homeassistant/configuration.yaml
# ...
notify:
  name: apprise
  platform: apprise
  url: !secret apprise_url

Then in your secrets.yaml file you now need an entry for a new keyword you created called apprise_url. Your entry in the secrets.yaml file might look like this:

# /etc/homeassistant/secrets.yaml
# Define your Apprise details in a secure location:
apprise_url: mailto://myuser:mypassword@gmail.com

More details on how secrets work can be found here in the Home Assistant documentation. Also, check out the Apprise wiki to see all of the different services you can notify with it.

automations.yaml

This is where you can begin constructing your own Home Assistant automations once you’ve added a few integrations into Home Assistant.

An example of an automation you might have set up could send us an email using Apprise at sunset:

# /etc/homeassistant/automations.yaml
#
# Utilize Apprise to send a notification
#
alias: "[Interactive] - Sunset Apprise Notice"
trigger:
  platform: sun
  event: sunset

action:
  service: notify.apprise
  data:
    title: "Good evening"
    message: "This sun is setting."

Configuration Backup

No setup is complete without regular backups taking place. The following is just a basic configuration backup setup you can use to get you started:

# For Backups (run these commands as the homeassistant user):
sudo mkdir -p /opt/homeassistant/backups
sudo chown homeassistant.homeassistant /opt/homeassistant/backups

# This is a simple script to get you started:
sudo bash <<EOF
cat << _EOF > /opt/homeassistant/bin/backup.sh
#!/bin/sh
# Create a backup of Home Assistant
TARGET=/opt/homeassistant/backups
SOURCE=/etc/homeassistant
 
[ ! -d "\$TARGET" ] && /usr/bin/mkdir -p "\$TARGET"
[ ! -d "\$TARGET" ] && exit 1
 
tar cfz "\$TARGET/\$(date +'%Y.%m.%d')-config.tgz" -C \$SOURCE . 
RET=\$?
 
# Tidy; Keep X days worth
find -L \$TARGET/ -mindepth 1 -maxdepth 1 -name "*.config.tgz" -mtime +120 -delete
exit \$RET
_EOF
EOF

# Permissions to be executable
sudo chmod 775 /opt/homeassistant/bin/backup.sh

# Prepare ourselves a cron job that will run our backup every week
sudo bash <<EOF
cat << _EOF > /etc/cron.d/homeassistant_backup
0 0 * * 0 homeassistant /opt/homeassistant/bin/backup.sh &>/dev/null
_EOF
EOF

Credit

This blog took me a very (,very) long time to put together and test! If you like what you see and wish to copy and paste this HOWTO, please reference back to this blog post at the very least. It’s really all I ask. Alternatively, I certainly won’t turn down a coffee if you wish to buy me one! πŸ™‚

Sources

A Free SSL Web Hosting Solution

Introduction

SSL Web Hosting has been made free by a number of providers such as Let’s Encrypt and ZeroSSL for years now. I wrote this blog because I truly believe web administrators and developers should leverage this if they aren’t already.

I’ve personally come across an amazing tool called Dehydrated which I used to leverage this. The best part about Dehydrated is that it even operates using the MIT license, meaning it’s also completely free to use!

Dehydrated Setup

An ideal SSL Web Hosting solution comes with the perfect tool to do all of the work for you…

Installation

#
# Make sure curl is installed:
#
# RedHat/CentOS v5,6, and 7 Users
sudo yum install -y curl

# RedHat/CentOS v8+ and Fedora Systems:
sudo dnf install -y curl

# Debian/Ubuntu Systems
sudo apt update && sudo apt get curl

# Download Dehydrated (as root)
curl https://raw.githubusercontent.com/dehydrated-io/dehydrated/master/dehydrated \
   --output /usr/bin/dehydrated

# Set proper permissions
chmod 755 /usr/bin/dehydrated

# Make a wellknown directory for the acme-challenge strings
mkdir -p /var/www/dehydrated

# SELinux Proof it (for those that use it - and you should!)
semanage fcontext -a -t httpd_sys_content_t \
          '/var/www/dehydrated/(/.*)?'

Initial Preparation

Next we need to just prepare some basic configuration needed by Dehydrated:

mkdir -p /etc/pki/dehydrated
pushd /etc/pki/dehydrated

# SSL Hosting Configuration; Identify your hosts
#
# Below shows how I set up nuxref.com; you will want to
# identify ALL of the SSL hostnames you plan on supporting
# here:
cat << _EOF > domains.txt
# nuxref Hosts; swap these with your own:
# syntax:
#   domain sub1.domain sub2.domain subx.domain > output_file
nuxref.com www.nuxref.com repo.nuxref.com > nuxref_com
_EOF

# Create ourselves a config file:
cat << _EOF > config
# our wellknown directory
WELLKNOWN=/var/www/dehydrated
_EOF

# First time use only
/usr/bin/dehydrated --register --accept-terms

Nginx Configuration

You’ll want to create the the following parameter file that you can source in all of your domain configuration files:

cat << _EOF > /etc/nginx/dehydrated_params
location ^~ /.well-known/acme-challenge {
   alias /var/www/dehydrated;
}
_EOF

The sourcing part is really easy now. You must add this entry in all of your configuration files that you’ve defined in your /etc/pki/dehydrated/domains.txt file (above).

# Place this in all of your NginX files in the server{} block(s):
include        dehydrated_params;

You’ll want to make sure once you got all of the include statements in place, and that you reload NginX so that it can take on your new configuration:

sudo systemctl reload nginx

Generating our SSL Keys

We’re now at the part of the blog where we test to see if all of our setup (defined above) was correctly put into place.

# We must always run Dehydrated from within this directory
pushd /etc/pki/dehydrated

# Force an initial update
dehydrated -c

The above command will run against all of the domains you defined in /etc/pki/dehydrated/domains.txt and attempt to verify them (in order to generate an SSL key for you). If it fails, it’s most likely because of the following:

  1. You’re not correctly hosting that domain on port 80 on this server we just set up together.
  2. You have an error in your NginX configuration and/or you forgot to add an include dehydrated_params; within one of your domain configuration(s).

If everything went smoothly, you’ll now have new SSL keys you can add to your NginX configuration. This allows you to host your website secured now using your own set of registered SSL keys. You’re almost home free now! You need to dive back into NginX and prepare yourself a new server block of code that listens on port 443 with SSL turned on.

server {
  # SSL
  listen 443;
  ssl on;

  #
  # your security setup and location entries here
  # See https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  # for some ideas

  # Don't forget to point to your newly generated SSL Keys:
  # swap nuxref_com
  ssl_certificate /etc/pki/dehydrated/certs/nuxref_com/cert.pem;
  ssl_certificate_key /etc/pki/dehydrated/certs/nuxref_com/privkey.pem;
}

Set It and Forget It

Free SSL Web Hosting keys being free do however come with a catch: they don’t last long. They don’t expire in 2-3 years like a normal paid key would – these ones expire in 30 days in some cases. So it’s up to you to either remember to run dehydrated -c often, OR just automated it like so:

# next add a cronjob so it updates automatically
cat << _EOF > /etc/cron.d/dehydrated
# at 14:20 every day update SSL certificates
20 14 * * * root cd /etc/pki/dehydrated/ && dehydrated -c &>/dev/null && systemctl reload nginx &>/dev/null
_EOF

Sources