Install problems Hassio with IOTstack #211
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hey @To1952P just so you know, the project has been moved to: https://github.com/SensorsIot/IOTstack this repo is abandoned. |
Expand InfluxDB 1.8 documentation by incorporating material from: * [Tutorial: Enabling authentication in InfluxDB](https://gist.github.com/Paraphraser/9f3aa21fddd5d4e8141a7ab03ffb4dd7) * [Tutorial: Enabling UDP support in InfluxDB](https://gist.github.com/Paraphraser/15483641fc657a147dfae7b03d291bc0) I thought I had already added this material but a Discord question made me realise I was mistaken. General tidy-up because a lot of the example material was either wrong or out-of-date. Signed-off-by: Phill Kelley <[email protected]>
20220901 InfluxDB - master branch - documentation
20220811 ZeroTier - master branch - PR 1 of 2
20220810 domoticz - master branch - PR 1 of 3
20220708 Node-RED - master branch - PR 1 of 2
20220705 NextCloud documentation
webthingsio_gateway: fix template folder name
mkdocs: script automating python virtualenv use
menu: rename env.yml to docker-compose-base.yml
postgres: remove broken menu options and fix docs
Doc improvements
Timescaledb: fix broken template
menu: fix error on empty compose-override.yml
docs/Changelog: update to reflect latest changes
.bash_aliases: auto-remove orphan containers
docs/pi-hole: clarify and improve beginner-friendliness
Telegraf: report 'iotstack' as hostname to influx
Telegraf: fix deprecated options and doc typos
menu: run in python virtualenv
Signed-off-by: Phill Kelley <[email protected]>
fix typo in CGNAT diagrams
Fixes the problem reported by #599. This is an unfortunate, predictable and predicted side-effect of moving from this style of anchored title: ``` ``` to this style: ``` ``` The former style is testable by generating HTML from the Markdown and running it through a validator. The latter style isn't amenable to that approach because anchor generation is done "just in time" by mkdocs. Until we find some way to test mkdocs output in a systematic way, fairly trivial semantic errors (like the missing "#" in this case) will occasionally slip through the cracks. Also fixed another broken link (`#authWarning`). Fixes #599. Signed-off-by: Phill Kelley <[email protected]>
20220913 Influx documentation - master branch
Fix typo in example - container should be referenced as `influxdb2` across the internal bridged network. Signed-off-by: Phill Kelley <[email protected]>
Clarify what happens if the container starts with the default device `/dev/ttyAMA0` in the service definition. The process probes the device, finds it doesn't respond like a Zigbee adapter, and aborts without starting the web GUI. Because of the `restart: unless-stopped` clause, Docker restarts the container and the same sequence repeats. Signed-off-by: Phill Kelley <[email protected]>
WireGuard has started renaming the `custom-services.d` and `custom-cont-init.d` directories to have random suffixes, along with the following README.txt: ``` ******************************************************** ******************************************************** * * * !!!! * * Custom scripts or services found in legacy locations * * !!!! * * Please move your custom scripts and services * * to /custom-cont-init.d and /custom-services.d * * respectively to ensure they continue working. * * * * Visit https://linuxserver.io/custom for more info. * * * ******************************************************** ******************************************************** ``` Some existing installations have also failed. Remote clients are unable to connect with `docker logs wireguard` cycling the following messages: ``` s6-supervise custom-svc-README.txt (child): fatal: unable to exec run: Exec format error s6-supervise custom-svc-README.txt: warning: unable to spawn ./run - waiting 10 seconds ``` The container does not go into a restart loop so `docker ps` does not alert the user to the situation. This PR: 1. implements the required changes to the WireGuard service definition; 2. provides a script to assist with the necessary folder restructuring; 3. adds a section to the IOTstack WireGuard documentation (master branch) to explain the process. Signed-off-by: Phill Kelley <[email protected]>
A [Discord question](https://discord.com/channels/638610460567928832/638610461109256194/1028011748323762276) revealed that the Portainer-CE UI no longer uses the term "endpoint". It has been replaced with the term "environment". This PR updates the documentation accordingly. Signed-off-by: Phill Kelley <[email protected]>
Adds `nodered_version_check.sh` script to scripts folder (previously available via [gist](https://gist.github.com/Paraphraser/c8939213faf2de8a10f2a1f67452b0c1#-useful-script-nodered_version_check-)). Adds documentation to Node-RED wiki page. Signed-off-by: Phill Kelley <[email protected]>
A Discord question has led to the discovert that the previous peer name syntax which supported hyphens in names no longer works as expected. Names now need to be like "identifiers", a letter followed by letters and digits. Documentation updated accordingly. Signed-off-by: Phill Kelley <[email protected]>
Signed-off-by: Phill Kelley <[email protected]>
2024-12-09 Zigbee2MQTT doc - master branch
2024-12-09 install.sh - master branch
Added python-matter-server, thread and matterbridge
Update service.yml
[PR 781](influxdata/influxdata-docker#781) was submitted on 2025-01-21 but is has now been over 40 days without any response. It isn't clear whether it is simply taking the time it needs to take, or if this is a signal that it will never be processed. The basic problem occurs with Docker "bind mounts" which are the convention for IOTstack containers. If Chronograf launches from a clean slate, Docker will create `./volumes/chronograf` with root ownership. Although the container *launches* as root, it does not take the opportunity to enforce its ownership conventions prior to downgrading its privileges to that of (internal) user `chronograf` (ID=999). The result is the container can't write to its persistent store, crashes and goes into a restart loop. This PR provides an augmented entry point script which sets ownership correctly prior to launching the `chronograf` process. This PR applies the patch for IOTstack users via a local Dockerfile. It can be unwound if/when PR781 is processed. Signed-off-by: Phill Kelley <[email protected]>
2025-03-05 Chronograf - master branch - PR 1 of 2
Update service.yml for Pi-hole, pinned to 2024.07.0
A DM on the IOTstack Discord channel pointed out that the Pi-hole documentation did not explain how to alter the resolver configuration in the presence of NetworkManager. This PR adds the necessary instructions. Takes the opportunity to move the focus away from an assumption of a Raspberry Pi (and discussions of Bullseye-and-earlier vs Bookworm; or Raspberry Pi OS vs Debian) by adopting the term "Pi-hole system" as meaning "The host platform where the Pi-hole service is running." Signed-off-by: Phill Kelley <[email protected]>
Updates service definition to incorporate recent changes. Simpler layout of ports structure. Updates documentation. Signed-off-by: Phill Kelley <[email protected]>
1. Dockerfile syntax deprecates `ENV key value` in favour of `ENV key=value`. 2. Adjust health-check script to deal with two problems: a. An issue where `MYSQL_ROOT_PASSWORD` does not result in a root password being set on a newly-initialised database. See [docker-mariadb issue 163](linuxserver/docker-mariadb#163) b. Steady deprecation of `mysqladmin` in favour of `mariadb-admin`. Signed-off-by: Phill Kelley <[email protected]>
1. Updates to image which is being actively maintained. 2. Adopts environment variable conventions of new image. 3. Uses custom MariaDB instance as back-end. 4. Removes `/etc/timezone` mapping (without replacing with `TZ`) because new image is built without `tzdata`. 5. Adds basic documentation. Signed-off-by: Phill Kelley <[email protected]>
Adds environment vars to support HTTPS. Adds documentation: * enabling HTTPS * migrating existing repositories Signed-off-by: Phill Kelley <[email protected]>
Signed-off-by: Phill Kelley <[email protected]>
Signed-off-by: Phill Kelley <[email protected]>
When HTTPS was enabled, the healthcheck script failed for a number of reasons, not the least of which were `curl` needing to be provided with the path to the container's self-signed certificate and problems associated with using "localhost" rather than the container name. In theory, `gitea cert` will generate for `--host gitea,localhost` and those do turn up in the certificate. But `curl` doesn't seem to like it. Rather than try to figure out why `curl` gets upset, it's easier to just use "hostname" syntax in the healthcheck URL. In other words: ``` https://gitea:3000 ``` rather than: ``` https://localhost:3000 ``` Although it isn't strictly necessary for HTTP, I used "hostname" syntax for that URL too, for consistency. Unlike `localhost`, "hostname" syntax also steers clear of IPv6 `::1`. Documentation updated to include instructions for swapping the healthcheck URLs when enabling HTTPS. Signed-off-by: Phill Kelley <[email protected]>
Using the [`CMD-SHELL`](https://docs.docker.com/reference/compose-file/services/#healthcheck) form of the `healthcheck` test allows for passing the variable **name** `GITEA__server__CERT_FILE` to the check. The `$$` prefix stops docker compose from trying to substitute the variable name at "up" time. The variable will be substituted at run time, which means it will take on the **value** of that variable as specified in the `environment` clause in the service definition. This approach will automatically keep the health check in sync with the value of the environment variable (ie reducing the likelihood of any mismatch if the user "gets creative" with certificate generation). Signed-off-by: Phill Kelley <[email protected]>
Signed-off-by: Phill Kelley <[email protected]>
Signed-off-by: Phill <[email protected]>
2025-04-24 gitea - master branch - PR 1 of 2
2025-04-24 mariadb - master branch - PR 1 of 2
2025-03-16 AdGuard Home - master branch - PR 1 of 2
2025-03-16 Pi-hole - master branch
InfluxDB has departed from the pattern established in 2021 whereby pinning to the `1.8` tag was (effectively) a synonym for "the latest release of InfluxDB 1". At some point in the last few months, the `1.11` tag took on this role. This seems to have happened after a period of experimentation involving variants of `1.9-xx` and `1.10-xx`. It looks like there never were plain `1.9` or `1.10` tags so we (IOTstack) really haven't missed much. The 1.8 (and earlier) containers launched as root. The 1.11 container launches as root but downgrades its privileges to user ID 1500 (user `influxdb` inside the container). In a clean-slate situation, `docker-compose` will create the persistent store owned by root. In an "upgrade 1.8 to 1.11" situation, the persistent store will be owned by root. Version 1.11 does not appear to contain any self-repair code for dealing with either of these situations, which means the container is unable to access its persistent store, crashes, and goes into a restart loop. Adding a `user: "0"` clause restores the 1.8 behaviour so 1.11 launches properly. I have been running v1.11 for the last month without issues so I see no reason not to make this the default for IOTstack. The InfluxDB documentation web site for v1 which used to include a `v1.8` path component now uses just `v1`. IOTstack documentation updated accordingly. The IOTstack documentation for InfluxDB 2 had numerous references to "1.8". Updated to refer to version "1". Signed-off-by: Phill Kelley <[email protected]>
Adds Nginx template and documentation. I do not know whether it is possible for a later PR to close an earlier PR, in the same way that a PR can mark an issue for closure. Neither do I know whether it is appropriate GitHub etiquette to even try. I will simply say that, in my view, this PR supersedes any need for #638 and that, providing @enriquedelpino (the creator) and @robertcsakany (who made several contributions) do not object, I recommend #638 be closed. The Nginx container being proposed in this PR is a self-contained all-in-one solution. It is a single template and does not touch any other service definitions. That compares/contrasts with #638 which was spread across three service definitions, touched 15 existing service definitions and, I infer, would have implied similar changes to the service definitions of any "proxyable" (if that's a word) containers added subsequently. I have been testing the `jc21/nginx-proxy-manager` for the past couple of months. I won't claim to have given it a full workout because my testing has been limited to self-signed SSL certificates (ie no Let's Encrypt) and I have only defined "proxy hosts" (ie no "redirection hosts", "streams" or "404 hosts", and no "access lists"). The proxy hosts that I have defined include a judicious mix of HTTP and HTTPS services, running on the same and different hosts, and running in both host mode and non-host mode. I have also tested in conjunction with CNAME records defined by both PiHole and BIND9. The Nginx service as implemented by the `jc21` Docker image works and is reliable. The only problems I have found are: 1. A situation where obsolete private SSL certificates are not removed from the database when they are deleted. This was filed as [Issue 4442](NginxProxyManager/nginx-proxy-manager#4442). 2. The procedure for the "forgot password" use case is not exactly well documented. For example it's buried in places like [Issue 230](NginxProxyManager/nginx-proxy-manager#230). It's also a little bit coarse in that it kills **all** user records. Granted, in most IOTstack environments there will only be one user anyway but it's still poor practice in an SQL sense and I'd rather not perpetuate it. The documentation included with this PR adopts the approach of resetting the password of the problematic account to a known value. Signed-off-by: Phill Kelley <[email protected]>
2025-05-27 nginx - master branch - PR 1 of 2
2025-04-24 influxdb - master branch - PR 1 of 2
Amend formatting on page
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For all those whoes trying to install hassio and get the message "Missing apparmor and network manager". Enter after installing raspbian the following:
sudo apt-get install aaparmor
sudo apt-get install network-manager