this post was submitted on 04 Oct 2023
7 points (81.8% liked)

homeassistant

12266 readers
218 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 2 years ago
MODERATORS
 

This integration worked before, but something changed. I'm guessing it's a user/group permission issue based on the logs. I would appreciate some feedback on this process while I troubleshoot.

Setup:

  • Raspberry Pi 4 Model B Rev 1.1
  • aarch64
  • podman version 4.3.1
  • ImageName: "ghcr.io/home-assistant/home-assistant:stable"
  • ImageDigest: "sha256:067490d7b65cfa8b9e494a9447b0e5a7876be83ead7ec01738681c55d66e7cfe"

I created this script to be able to recreate my HA service with the latest container image:

#!/bin/bash

# Variables and env
PODMAN_NAME=home-assistant
loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$(id -u $USER)

# Cleanup
systemctl --user stop container-${PODMAN_NAME}.service
systemctl --user disable container-${PODMAN_NAME}.service
podman rm -f ${PODMAN_NAME}

# Pull images
podman pull --arch=arm ghcr.io/home-assistant/home-assistant:stable


# Create Home Assistant image
podman create \
--arch arm \
--env TZ=America/New_York \
--volume=/opt/home-assistant/config:/config \
--volume=/opt/home-assistant/config/www/media:/media \
--device /dev/ttyUSB0 \
--network=host \
--restart=always \
--name ${PODMAN_NAME} \
ghcr.io/home-assistant/home-assistant:stable
#--privileged \
#--annotation io.crun.keep_original_groups=1 \

# Generate user service with podman generate systemd
podman generate systemd --new --files --name ${PODMAN_NAME} --restart-policy=always

# Setup systemctl files correctly
mkdir -p ~/.config/sysetmd/user
mv container-${PODMAN_NAME}.service ~/.config/systemd/user/.

# Enable the service
systemctl --user enable container-${PODMAN_NAME}.service

# Start the service
systemctl --user start container-${PODMAN_NAME}.service

Recently my Zigbee integration stopped working. I'm certain it has to do with groups/user permissions for the container and the mounted usb device. here are the logs.



2023-10-04 01:19:38.443 ERROR (MainThread) [zigpy.application] Couldn't start application
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 322, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/ttyUSB0'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/zigpy/application.py", line 197, in startup
    await self.connect()
  File "/usr/local/lib/python3.11/site-packages/bellows/zigbee/application.py", line 138, in connect
    await ezsp.connect(use_thread=self.config[CONF_USE_THREAD])
  File "/usr/local/lib/python3.11/site-packages/bellows/ezsp/__init__.py", line 179, in connect
    self._gw = await bellows.uart.connect(self._config, self, use_thread=use_thread)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 406, in connect
    protocol, connection_done = await thread.run_coroutine_threadsafe(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 385, in _connect
    transport, protocol = await zigpy.serial.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/zigpy/serial.py", line 42, in create_serial_connection    transport, protocol = await pyserial_asyncio.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial_asyncio/__init__.py", line 448, in create_serial_connection
    serial_instance = serial.serial_for_url(*args, **kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial/__init__.py", line 90, in serial_for_url
    instance.open()
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 325, in open
    raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
serial.serialutil.SerialException: [Errno 13] could not open port /dev/ttyUSB0: [Errno 13] Permission denied: '/dev/ttyUSB0'


2023-10-04 01:19:38.571 WARNING (MainThread) [homeassistant.components.zha.core.gateway] Couldn't start EZSP = Silicon Labs EmberZNet protocol: Elelabs, HUSBZB-1, Telegesis coordinator (attempt 1 of 3)
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 322, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/ttyUSB0'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/zha/core/gateway.py", line 209, in async_initialize
    await self.application_controller.startup(auto_form=True)
  File "/usr/local/lib/python3.11/site-packages/zigpy/application.py", line 197, in startup
    await self.connect()
  File "/usr/local/lib/python3.11/site-packages/bellows/zigbee/application.py", line 138, in connect
    await ezsp.connect(use_thread=self.config[CONF_USE_THREAD])
  File "/usr/local/lib/python3.11/site-packages/bellows/ezsp/__init__.py", line 179, in connect
    self._gw = await bellows.uart.connect(self._config, self, use_thread=use_thread)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 406, in connect
    protocol, connection_done = await thread.run_coroutine_threadsafe(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 385, in _connect
    transport, protocol = await zigpy.serial.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/zigpy/serial.py", line 42, in create_serial_connection    transport, protocol = await pyserial_asyncio.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial_asyncio/__init__.py", line 448, in create_serial_connection
    serial_instance = serial.serial_for_url(*args, **kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial/__init__.py", line 90, in serial_for_url
    instance.open()
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 325, in open
    raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
serial.serialutil.SerialException: [Errno 13] could not open port /dev/ttyUSB0: [Errno 13] Permission denied: '/dev/ttyUSB0'

I've toggled the --privileged parameter because that's worked for others, but i don't think it behaves the same in podman as it does in docker. I've also added the home-assistant user to the dialout group based on another post but still the zigbee integration fails to load.

Any hints on where to look next?

you are viewing a single comment's thread
view the rest of the comments
[–] shaun 3 points 1 year ago (1 children)

I'm on x86, but the below relevant lines have mine working:

--privileged

--group-add keep-groups

--device /dev/ttyUSB0:/dev/ttyUSB0

I also had to add my user that runs the container to group "dialout" as that owns the ttyUSB0 device. Keep in mind to log out and back in with this user after adding the group to apply the change.

Hope that helps!

[–] Sunnydmess 2 points 1 year ago* (last edited 1 year ago) (1 children)

Thank you it's a bit more complex but this helped me solve it. I'll update the post a working script later.

quick summary in case i get busy:

  • I had to install crun so i can use the 'podman --runtime crun' parameter instead of runc the podman default
  • I did NOT need to pass the --privileged parameter
  • our device mappings are equivalent, so i was good there.
  • I added a check for the dialout group, but think it's working now with the users default groups. will make sure to check this with restarts before update.

summary: working now!

[–] shaun 1 points 1 year ago

Glad you got it sorted, and thanks for sharing the solution. I might see if I can remove privileged from mine in that case.