IOTstack
IOTstack copied to clipboard
gcgarner
Exec Node red.
Ok , I am pretty sure this is more of an IO issue but how do I run a command from Node-red Exec on the host?
I build a small app in Node red and need run a nmap command "nmap -sn 192.168.4.1-254".
Exec nodes will run in the container not the host. You can install nmap in the container or there is an nmap node if memory serves
@gcgarner thank you for the info. Apologies as this now show my ignorance. How do you install an application within the container?
So far I found the following :
docker run -it [yourcontainer] bash
but when I run :
docker run -it iotstack_nodered bash
It starts a new instance of node-red. So I assume that I have it wrong
When you need to connect to a container you generally use docker exec -it container command
docker exec = docker execute (not "docker run", the run command creates and starts a container)
-it = interactive terminal
container = your container (can be found by running docker ps
command = what you want to run, normally /bin/bash but could be just bash or sh (i think you can even have multiple entires for more complicated commands)
so for Node-RED it would be docker exec -it nodered /bin/bash ... or you could just run ./services/nodered/terminal.sh :) (that reminds me i should add terminals for all containers)
Remember that is built on Alpine linux so you need to use apk and not apt to install something
I just realised something ... when you run docker-compose down your container will be deleted (except for your volume). The problem is when you install something i will get deleted when the container goes down. Then only way to get that change to stay is to bake it into your Dockerfile
When the Dockerfile is built it creates a new container called iotstack_nodered i think and that is what the nodered container is built off (Node-RED installs additional nodes in the volume thats why they survive the docker-compose up -d)
FROM nodered/node-red:latest
RUN for addonnodes in \
node-red-node-pi-gpiod \
node-red-dashboard \
node-red-contrib-influxdb \
; do \
npm install ${addonnodes} ;\
done;
apk add nmap
I am slowly getting my head around this.
There is another way, I think :
Within node-red use the exec node and install nmap with apk update , apk add nmap
I have restarted Node-red as well as the Pi and it seems to work.
Then I can run the Nmap commands. The next challenge would be to run a command as root within the container.
Example :
sudo nmap -sn 192.168.8.1-254 but that does not work within the container
Any ideas?
I got this working
changed ./services/nodered/Dockerfile to:
FROM nodered/node-red:latest
RUN for addonnodes in \
node-red-node-pi-gpiod \
node-red-dashboard \
node-red-contrib-influxdb \
; do \
npm install ${addonnodes} ;\
done;
USER root
RUN apk add nmap
USER node-red
ran docker-compose build nodered the docker-compose up -d
and nmap is running after a down and up ( typed in the wrong IP in the screenshot, when i typed the correct one the scan is successful. I just made a visual demo you could put your script in the containers /data directory (IOTstack/volumes/nodered/data) and execute that script
Thank you Graham , Did you managed to be able to scan for the device mac address? The demo seems to also only give the IP and status.
I re-read you post from above, didnt realise you needed sudo to get the MAC information for security reasons the users in docker arent given sudo access. So running sudo fails. looking for a solution
the only way i can think to get around this is to write a script on the Pi (and place it on a cron job to execute every couple of minutes) and let it do a sudo nmap and output some formatted information including the mac addresses to a file accessible by container i.e ~/IOTstack/volumes/services/nodered/data/nmap.txt. then inside the nodered you could put a file watch node down to run a script with an exec node against that list every time it changes
So far it is the only method that I could come up with as well. Not ideal but giving the advantage that you have with the container you can't have everything. Also, a couple of lessons learned along the way :)
I agree, doing that kind of defeats to object of containers
I tried this. There is a node called "node-red-contrib-arp" once triggered it will return an array of all IP's and mac addresses in the ARP table (requires nodered to be in network_mode host). I doubt it is as reliable as nmap. I have a DMZ for my Pi, tested it then tested it again after joining my phone into that network and it did pick up the new MAC. you would need to filter by iface and somehow flush the ARP table from time to time to flush out old devices
I Paul its been a while but i do have a viable solution
https://github.com/gcgarner/IOTstack/wiki/Node-RED#running-the-exec-node-against-the-host-pi
you could outsource the nmap section of your script to the host Pi and output the contents to the /data folder and process it from there
Hi, this solution works like a charm exept for the fact that the ssh-key won't survive "docker-compose down/docker-compose up -d". Maybe there should be some more directories to map in docker-compose.yml or generate a new key every time the container is recreated?
The ssh-key should survive the down-up because the ssh-keygen -f /data/ssh/nodered put the key in the mapped volume directory
and when you call the exec from nodered you call ssh -i /data/ssh/nodered
with the persistent key.
I'm quite sure i tested this multiple times, does it not work on your end?
On Tue, 7 Jan 2020 at 17:09, mane-wt [email protected] wrote:
Hi, this solution works like a charm exept for the fact that the ssh-key won't survive "docker-compose down/docker-compose up -d". Maybe there should be some more directories to map in docker-compose.yml or generate a new key every time the container is recreated?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/gcgarner/IOTstack/issues/56?email_source=notifications&email_token=ALECSYMH23CHHZUBAQVTSRLQ4SLJBA5CNFSM4JLLRZ6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIJFJMI#issuecomment-571626673, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALECSYPE66F7QG546EMCMWDQ4SLJBANCNFSM4JLLRZ6A .
Hi, I found the problem.
It was not the ssh-key itself.
First time after 'docker-compose down/docker-compose up -d' there is a question like: The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established. RSA key fingerprint is a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9. Are you sure you want to continue connecting (yes/no)?
If you do ssh -i /data/ssh/nodered in the terminal you can answer 'yes' but from an Exec-node in Node-Red you can not see it.
If I use the StrictHostKeyChecking option it worked for me :-)
ssh -oStrictHostKeyChecking=no -i /data/ssh/nodered
Your solution to access the host in this way is excelent!
Thanks, I'll check the wiki and make sure it says you need to accept and add the key
On Sat, 11 Jan 2020, 13:21 mane-wt, [email protected] wrote:
Hi, I found the problem.
It was not the ssh-key itself.
First time after 'docker-compose down/docker-compose up -d' there is a question like:
The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established. RSA key fingerprint is a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9. Are you sure you want to continue connecting (yes/no)?
If you do ssh -i /data/ssh/nodered in the terminal you can answer 'yes' but from an Exec-node in Node-Red you can not see it.
If I use the StrictHostKeyChecking option it worked for me :-) ssh -oStrictHostKeyChecking=no -i /data/ssh/nodered
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/gcgarner/IOTstack/issues/56?email_source=notifications&email_token=ALECSYMJHRSWOVZUSFY3AG3Q5G2UNA5CNFSM4JLLRZ6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIWAZMI#issuecomment-573312177, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALECSYKDGAWN6MT6LUNKIFTQ5G2UNANCNFSM4JLLRZ6A .