Install problems Hassio with IOTstack #211
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
|
Hey @To1952P just so you know, the project has been moved to: https://github.com/SensorsIot/IOTstack this repo is abandoned. |
Doc improvements
Timescaledb: fix broken template
menu: fix error on empty compose-override.yml
docs/Changelog: update to reflect latest changes
.bash_aliases: auto-remove orphan containers
docs/pi-hole: clarify and improve beginner-friendliness
Telegraf: report 'iotstack' as hostname to influx
Telegraf: fix deprecated options and doc typos
menu: run in python virtualenv
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
fix typo in CGNAT diagrams
Fixes the problem reported by #599. This is an unfortunate, predictable and predicted side-effect of moving from this style of anchored title: ``` ``` to this style: ``` ``` The former style is testable by generating HTML from the Markdown and running it through a validator. The latter style isn't amenable to that approach because anchor generation is done "just in time" by mkdocs. Until we find some way to test mkdocs output in a systematic way, fairly trivial semantic errors (like the missing "#" in this case) will occasionally slip through the cracks. Also fixed another broken link (`#authWarning`). Fixes #599. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
20220913 Influx documentation - master branch
Fix typo in example - container should be referenced as `influxdb2` across the internal bridged network. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Clarify what happens if the container starts with the default device `/dev/ttyAMA0` in the service definition. The process probes the device, finds it doesn't respond like a Zigbee adapter, and aborts without starting the web GUI. Because of the `restart: unless-stopped` clause, Docker restarts the container and the same sequence repeats. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
WireGuard has started renaming the `custom-services.d` and `custom-cont-init.d` directories to have random suffixes, along with the following README.txt: ``` ******************************************************** ******************************************************** * * * !!!! * * Custom scripts or services found in legacy locations * * !!!! * * Please move your custom scripts and services * * to /custom-cont-init.d and /custom-services.d * * respectively to ensure they continue working. * * * * Visit https://linuxserver.io/custom for more info. * * * ******************************************************** ******************************************************** ``` Some existing installations have also failed. Remote clients are unable to connect with `docker logs wireguard` cycling the following messages: ``` s6-supervise custom-svc-README.txt (child): fatal: unable to exec run: Exec format error s6-supervise custom-svc-README.txt: warning: unable to spawn ./run - waiting 10 seconds ``` The container does not go into a restart loop so `docker ps` does not alert the user to the situation. This PR: 1. implements the required changes to the WireGuard service definition; 2. provides a script to assist with the necessary folder restructuring; 3. adds a section to the IOTstack WireGuard documentation (master branch) to explain the process. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
A [Discord question](https://discord.com/channels/638610460567928832/638610461109256194/1028011748323762276) revealed that the Portainer-CE UI no longer uses the term "endpoint". It has been replaced with the term "environment". This PR updates the documentation accordingly. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Adds `nodered_version_check.sh` script to scripts folder (previously available via [gist](https://gist.github.com/Paraphraser/c8939213faf2de8a10f2a1f67452b0c1#-useful-script-nodered_version_check-)). Adds documentation to Node-RED wiki page. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
A Discord question has led to the discovert that the previous peer name syntax which supported hyphens in names no longer works as expected. Names now need to be like "identifiers", a letter followed by letters and digits. Documentation updated accordingly. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Getting Started: * Expands on PiBuilder option * Explains purpose of dhcpcd patch Troubleshooting: * Adds section on device errors (eg ttyAMA0 not present on non-Pi hardware) * Adds section on system freezes. Primarily aimed at misbehaving SSDs. Includes trying USB2 port, checking dhcpcd patch is in place, and adding quirks string for some SSDs. Touches-up some miscellaneous layout issues noted in passing. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
`raymondmm/tasmoadmin` on DockerHub was last updated two years ago. Switches image to `ghcr.io/tasmoadmin/tasmoadmin:latest`. Also adds `TZ` to template. Removes `build.py` as not necessary. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Re-orders topology 1 reachability table so "from" host is on the left with "to" host+interface on the right. I'm hoping this will lead to improved understanding. Also adds dagger to one case omitted from the original version. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Per issue #620, the default `config.yml` should reference: - `prometheus-cadvisor:8080` not `cadvisor:8080` - `prometheus-nodeexporter:9100` not `nodeexporter:9100` Master branch doco updated to add migration tips. Fixes #620 Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Adds first-cut service definition for "scrypted" to master branch. Only for testing at this point. Minimal documentation added. Not yet added to old-menu or experimental. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Fixes some incorrect discussion relating to old-menu/new-menu differences. Updates screen captures of Nextcloud GUI. Adds explanation about networking. This follows on from a question on Discord. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
A DM on the IOTstack Discord channel pointed out that the Pi-hole documentation did not explain how to alter the resolver configuration in the presence of NetworkManager. This PR adds the necessary instructions. Takes the opportunity to move the focus away from an assumption of a Raspberry Pi (and discussions of Bullseye-and-earlier vs Bookworm; or Raspberry Pi OS vs Debian) by adopting the term "Pi-hole system" as meaning "The host platform where the Pi-hole service is running." Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Updates service definition to incorporate recent changes. Simpler layout of ports structure. Updates documentation. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
1. Dockerfile syntax deprecates `ENV key value` in favour of `ENV key=value`. 2. Adjust health-check script to deal with two problems: a. An issue where `MYSQL_ROOT_PASSWORD` does not result in a root password being set on a newly-initialised database. See [docker-mariadb issue 163](linuxserver/docker-mariadb#163) b. Steady deprecation of `mysqladmin` in favour of `mariadb-admin`. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
1. Updates to image which is being actively maintained. 2. Adopts environment variable conventions of new image. 3. Uses custom MariaDB instance as back-end. 4. Removes `/etc/timezone` mapping (without replacing with `TZ`) because new image is built without `tzdata`. 5. Adds basic documentation. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Adds environment vars to support HTTPS. Adds documentation: * enabling HTTPS * migrating existing repositories Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
When HTTPS was enabled, the healthcheck script failed for a number of reasons, not the least of which were `curl` needing to be provided with the path to the container's self-signed certificate and problems associated with using "localhost" rather than the container name. In theory, `gitea cert` will generate for `--host gitea,localhost` and those do turn up in the certificate. But `curl` doesn't seem to like it. Rather than try to figure out why `curl` gets upset, it's easier to just use "hostname" syntax in the healthcheck URL. In other words: ``` https://gitea:3000 ``` rather than: ``` https://localhost:3000 ``` Although it isn't strictly necessary for HTTP, I used "hostname" syntax for that URL too, for consistency. Unlike `localhost`, "hostname" syntax also steers clear of IPv6 `::1`. Documentation updated to include instructions for swapping the healthcheck URLs when enabling HTTPS. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Using the [`CMD-SHELL`](https://docs.docker.com/reference/compose-file/services/#healthcheck) form of the `healthcheck` test allows for passing the variable **name** `GITEA__server__CERT_FILE` to the check. The `$$` prefix stops docker compose from trying to substitute the variable name at "up" time. The variable will be substituted at run time, which means it will take on the **value** of that variable as specified in the `environment` clause in the service definition. This approach will automatically keep the health check in sync with the value of the environment variable (ie reducing the likelihood of any mismatch if the user "gets creative" with certificate generation). Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Signed-off-by: Phill <34226495+Paraphraser@users.noreply.github.com>
2025-04-24 gitea - master branch - PR 1 of 2
2025-04-24 mariadb - master branch - PR 1 of 2
2025-03-16 AdGuard Home - master branch - PR 1 of 2
2025-03-16 Pi-hole - master branch
InfluxDB has departed from the pattern established in 2021 whereby pinning to the `1.8` tag was (effectively) a synonym for "the latest release of InfluxDB 1". At some point in the last few months, the `1.11` tag took on this role. This seems to have happened after a period of experimentation involving variants of `1.9-xx` and `1.10-xx`. It looks like there never were plain `1.9` or `1.10` tags so we (IOTstack) really haven't missed much. The 1.8 (and earlier) containers launched as root. The 1.11 container launches as root but downgrades its privileges to user ID 1500 (user `influxdb` inside the container). In a clean-slate situation, `docker-compose` will create the persistent store owned by root. In an "upgrade 1.8 to 1.11" situation, the persistent store will be owned by root. Version 1.11 does not appear to contain any self-repair code for dealing with either of these situations, which means the container is unable to access its persistent store, crashes, and goes into a restart loop. Adding a `user: "0"` clause restores the 1.8 behaviour so 1.11 launches properly. I have been running v1.11 for the last month without issues so I see no reason not to make this the default for IOTstack. The InfluxDB documentation web site for v1 which used to include a `v1.8` path component now uses just `v1`. IOTstack documentation updated accordingly. The IOTstack documentation for InfluxDB 2 had numerous references to "1.8". Updated to refer to version "1". Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Adds Nginx template and documentation. I do not know whether it is possible for a later PR to close an earlier PR, in the same way that a PR can mark an issue for closure. Neither do I know whether it is appropriate GitHub etiquette to even try. I will simply say that, in my view, this PR supersedes any need for #638 and that, providing @enriquedelpino (the creator) and @robertcsakany (who made several contributions) do not object, I recommend #638 be closed. The Nginx container being proposed in this PR is a self-contained all-in-one solution. It is a single template and does not touch any other service definitions. That compares/contrasts with #638 which was spread across three service definitions, touched 15 existing service definitions and, I infer, would have implied similar changes to the service definitions of any "proxyable" (if that's a word) containers added subsequently. I have been testing the `jc21/nginx-proxy-manager` for the past couple of months. I won't claim to have given it a full workout because my testing has been limited to self-signed SSL certificates (ie no Let's Encrypt) and I have only defined "proxy hosts" (ie no "redirection hosts", "streams" or "404 hosts", and no "access lists"). The proxy hosts that I have defined include a judicious mix of HTTP and HTTPS services, running on the same and different hosts, and running in both host mode and non-host mode. I have also tested in conjunction with CNAME records defined by both PiHole and BIND9. The Nginx service as implemented by the `jc21` Docker image works and is reliable. The only problems I have found are: 1. A situation where obsolete private SSL certificates are not removed from the database when they are deleted. This was filed as [Issue 4442](NginxProxyManager/nginx-proxy-manager#4442). 2. The procedure for the "forgot password" use case is not exactly well documented. For example it's buried in places like [Issue 230](NginxProxyManager/nginx-proxy-manager#230). It's also a little bit coarse in that it kills **all** user records. Granted, in most IOTstack environments there will only be one user anyway but it's still poor practice in an SQL sense and I'd rather not perpetuate it. The documentation included with this PR adopts the approach of resetting the password of the problematic account to a known value. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2025-05-27 nginx - master branch - PR 1 of 2
2025-04-24 influxdb - master branch - PR 1 of 2
Amend formatting on page
Changes to `install.sh`: 1. Bumps version number to 2025v01. 2. Rather than defaulting to `~/IOTstack` or requiring the `IOTSTACK` environment variable to point to the correct directory, now gives precedence to the directory where `install.sh` is running. Maintains backwards compatibility with earlier methods. 3. Adds `dialout` to groups list. This is needed for `deconz` and should probably always have been present. Equivalent PiBuilder change made. 4. Adds `version_json()` function which returns JSON structure with: - version number (as above) - commit ID of `install.sh` - exit code of installer script 5. Adds `should_run_installer()` which can be invoked via: ``` $ ./install.sh should_run_installer ``` returning either "false" or "true". In essence, if `install.sh` is updated, its commit-ID will change and that will cause `should_run_installer` to return "true". The condition will persist until the installer is run to completion successfully and updates `~/IOTstack/.new_install` with the matching commit-ID. 6. Also supports: ``` $ ./install.sh version ``` which displays a JSON string containing the version (eg `2025v01'`), commit-ID of the current file, plus a return code of zero. 7. `handle_exit()` now writes above JSON structure to `.new_install` rather than either the exit code (current) or touching the file (older). The menu only senses the presence/absence of `.new_install` so it doesn't care about the contents. 8. Trixie has removed `/etc/timezone` so it is no longer possible to initialise `TZ` in `~/IOTstack.env` from that source. Now invokes: ``` timedatectl show --value --property=Timezone ``` This is backwards-compatible (tested on Bullseye and Bookworm). 9. Adds `pwgen` to dependencies (needed for a separate project I'm working on). Changes to `menu.sh` (new menu): 1. Removes duplicate-named but different implementations of `user_in_group()` functions. Functionality replaced with `do_required_groups_checks()` which checks for `dialout` membership as well as `docker` and `bluetooth` (as now). 2. `do_required_groups_checks()` called wherever older code did explicit checks for `docker` and `bluetooth`. 3. Adds do_installer_checks() which queries `install.sh` to see if it should be re-run. If yes, presents a dialog asking for permission to proceed. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2025-09-16 installer and menu improvements - master branch
Updated service definition to explicitly pull Postgres v18 and remap the persistent store to be v18-friendly. My assumptions are: 1. The adjusted service definition is appropriate for **new** users installing the Postgres container for the first time. 2. Existing users will be running v17 (or earlier) and will not bang into the problem reported in #808 until they do a `pull` from DockerHub. There is no easy way to avoid the migration problem. Users will just have to read the Wiki. Wiki updated to explain how to restore database access by reverting to v17, then performing a controlled migration to v18. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2025-10-09 postgres - master branch - PR 1 of 2
Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
fix container name typos for docker-compose commands
Adds Pi-hole version 6 as variant to avoid backwards compatibility problems with Pi-hole version 5. The primary issue was adapting the four standard environment variables from version 5 to version 6 requirements. The defaults for version 6 are unchanged from version 5. Documentation added to master branch. Also took the opportunity to extend and clarify certain aspects of Pi-hole usage, such as local upstream resolvers. Pi-hole v5 documentation adjusted to alert readers to presence of version 6. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
Adding the service definition for Pi-hole 6 made me realise that there were several service definitions competing for port 443. This PR rationalises that situation. It gives precedence to `nginx` for port 443, on the same basis that `nginx` also needs port 80. Service | Existing | Adjusted | Note | |------------|----------|----------|------| |nginx |443 |443 | | |domoticz |1443 |1443 | 1 | |diyhue |443 |2443 | 2 | |adguardhome |443 |4443 | 2 | |pihole6 | |4443 | 3 | |deconz |443 |7443 | 2 | |heimdall |8443 |8443 | 1 | |nextcloud |9343 |9343 | 1 | Notes: 1. No change. Included for list completeness. 2. Updated by this PR. 3. Added by related PR. Claims same external port as AdGuardHome on the basis both Pi-hole and AdGuardHome can't run at the same time. Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
2025-11-12 port443 - master branch - PR 1 of 2
2025-11-12 pihole6 - master branch - PR 1 of 2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For all those whoes trying to install hassio and get the message "Missing apparmor and network manager". Enter after installing raspbian the following:
sudo apt-get install aaparmor
sudo apt-get install network-manager