this post was submitted on 04 Oct 2023
7 points (81.8% liked)

homeassistant

12130 readers
25 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 2 years ago
MODERATORS
 

This integration worked before, but something changed. I'm guessing it's a user/group permission issue based on the logs. I would appreciate some feedback on this process while I troubleshoot.

Setup:

  • Raspberry Pi 4 Model B Rev 1.1
  • aarch64
  • podman version 4.3.1
  • ImageName: "ghcr.io/home-assistant/home-assistant:stable"
  • ImageDigest: "sha256:067490d7b65cfa8b9e494a9447b0e5a7876be83ead7ec01738681c55d66e7cfe"

I created this script to be able to recreate my HA service with the latest container image:

#!/bin/bash

# Variables and env
PODMAN_NAME=home-assistant
loginctl enable-linger $USER
export XDG_RUNTIME_DIR=/run/user/$(id -u $USER)

# Cleanup
systemctl --user stop container-${PODMAN_NAME}.service
systemctl --user disable container-${PODMAN_NAME}.service
podman rm -f ${PODMAN_NAME}

# Pull images
podman pull --arch=arm ghcr.io/home-assistant/home-assistant:stable


# Create Home Assistant image
podman create \
--arch arm \
--env TZ=America/New_York \
--volume=/opt/home-assistant/config:/config \
--volume=/opt/home-assistant/config/www/media:/media \
--device /dev/ttyUSB0 \
--network=host \
--restart=always \
--name ${PODMAN_NAME} \
ghcr.io/home-assistant/home-assistant:stable
#--privileged \
#--annotation io.crun.keep_original_groups=1 \

# Generate user service with podman generate systemd
podman generate systemd --new --files --name ${PODMAN_NAME} --restart-policy=always

# Setup systemctl files correctly
mkdir -p ~/.config/sysetmd/user
mv container-${PODMAN_NAME}.service ~/.config/systemd/user/.

# Enable the service
systemctl --user enable container-${PODMAN_NAME}.service

# Start the service
systemctl --user start container-${PODMAN_NAME}.service

Recently my Zigbee integration stopped working. I'm certain it has to do with groups/user permissions for the container and the mounted usb device. here are the logs.



2023-10-04 01:19:38.443 ERROR (MainThread) [zigpy.application] Couldn't start application
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 322, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/ttyUSB0'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/zigpy/application.py", line 197, in startup
    await self.connect()
  File "/usr/local/lib/python3.11/site-packages/bellows/zigbee/application.py", line 138, in connect
    await ezsp.connect(use_thread=self.config[CONF_USE_THREAD])
  File "/usr/local/lib/python3.11/site-packages/bellows/ezsp/__init__.py", line 179, in connect
    self._gw = await bellows.uart.connect(self._config, self, use_thread=use_thread)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 406, in connect
    protocol, connection_done = await thread.run_coroutine_threadsafe(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 385, in _connect
    transport, protocol = await zigpy.serial.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/zigpy/serial.py", line 42, in create_serial_connection    transport, protocol = await pyserial_asyncio.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial_asyncio/__init__.py", line 448, in create_serial_connection
    serial_instance = serial.serial_for_url(*args, **kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial/__init__.py", line 90, in serial_for_url
    instance.open()
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 325, in open
    raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
serial.serialutil.SerialException: [Errno 13] could not open port /dev/ttyUSB0: [Errno 13] Permission denied: '/dev/ttyUSB0'


2023-10-04 01:19:38.571 WARNING (MainThread) [homeassistant.components.zha.core.gateway] Couldn't start EZSP = Silicon Labs EmberZNet protocol: Elelabs, HUSBZB-1, Telegesis coordinator (attempt 1 of 3)
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 322, in open
    self.fd = os.open(self.portstr, os.O_RDWR | os.O_NOCTTY | os.O_NONBLOCK)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/ttyUSB0'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/zha/core/gateway.py", line 209, in async_initialize
    await self.application_controller.startup(auto_form=True)
  File "/usr/local/lib/python3.11/site-packages/zigpy/application.py", line 197, in startup
    await self.connect()
  File "/usr/local/lib/python3.11/site-packages/bellows/zigbee/application.py", line 138, in connect
    await ezsp.connect(use_thread=self.config[CONF_USE_THREAD])
  File "/usr/local/lib/python3.11/site-packages/bellows/ezsp/__init__.py", line 179, in connect
    self._gw = await bellows.uart.connect(self._config, self, use_thread=use_thread)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 406, in connect
    protocol, connection_done = await thread.run_coroutine_threadsafe(
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/bellows/uart.py", line 385, in _connect
    transport, protocol = await zigpy.serial.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/zigpy/serial.py", line 42, in create_serial_connection    transport, protocol = await pyserial_asyncio.create_serial_connection(
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial_asyncio/__init__.py", line 448, in create_serial_connection
    serial_instance = serial.serial_for_url(*args, **kwargs)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/serial/__init__.py", line 90, in serial_for_url
    instance.open()
  File "/usr/local/lib/python3.11/site-packages/serial/serialposix.py", line 325, in open
    raise SerialException(msg.errno, "could not open port {}: {}".format(self._port, msg))
serial.serialutil.SerialException: [Errno 13] could not open port /dev/ttyUSB0: [Errno 13] Permission denied: '/dev/ttyUSB0'

I've toggled the --privileged parameter because that's worked for others, but i don't think it behaves the same in podman as it does in docker. I've also added the home-assistant user to the dialout group based on another post but still the zigbee integration fails to load.

Any hints on where to look next?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Sunnydmess 2 points 1 year ago* (last edited 1 year ago) (1 children)

Thank you it's a bit more complex but this helped me solve it. I'll update the post a working script later.

quick summary in case i get busy:

  • I had to install crun so i can use the 'podman --runtime crun' parameter instead of runc the podman default
  • I did NOT need to pass the --privileged parameter
  • our device mappings are equivalent, so i was good there.
  • I added a check for the dialout group, but think it's working now with the users default groups. will make sure to check this with restarts before update.

summary: working now!

[โ€“] shaun 1 points 1 year ago

Glad you got it sorted, and thanks for sharing the solution. I might see if I can remove privileged from mine in that case.