Extend add-on capabilities

bestlibre · May 17, 2017, 2:43pm

curl and rest api sound good.

Could it be possible to have an option to have access to the docker socket on a particular host (read-only if there is some security issues) ? (ie -v /var/run/docker.sock:/var/run/docker.sock:ro). It is needed for nginx-proxy.

pvizeli · May 17, 2017, 6:01pm

Yes we make a special option for local add-ons and it need to be activate per addon for user are aware that he run a add-on that can affect negative to hole system.

balloob · May 18, 2017, 4:41am

Why does the nginx-proxy need access to the Docker socket?

bestlibre · May 18, 2017, 5:30am

To be able to detect containers events (start/stop), read the virtualhost environment variable if it is set on the container and reload nginx with the new configuration if needed.

bestlibre · May 18, 2017, 5:35am

The use case for the environment variable on home assistant container is to be able to proxyfy it with the nginx proxy container. Another option would be to have the proxy configuration for homeassistant in an option. Perhaps it could also be done for all the containers, which would solve the socket problem. It would not be an automatic proxy container anymore, but it the case of hass.io it is not such a problem

balloob · May 18, 2017, 5:47am

I’m still a bit confused why these things are needed to setup nginx ?

A container shouldn’t want to control itself. Instead, the user should do it manually after a config change.
Environment variables are not needed since we have add-on specific config.
why would it need to know about container start/stop events?

bestlibre · May 18, 2017, 6:07am

The nginx proxy container whose link I had given is an auto configured proxy. It watch for container events, look for some specific environment variable in the other containers and configure the proxy accordingly. But I’m thinking it’s a bit overkill for Hass.io. Iam also thinking that the socket is used to discover exposed ports which is needed for the proxy configuration.

balloob · May 18, 2017, 6:11am

Sorry, I didn’t see that link.

I agree that it’s overkill for Hass.io, at least at this point. We’re still early and trying to figure out the best approach on getting a sustainable ecosystem of add-ons bootstrapped. Our #1 focus is to keep it very simple for the end-user and to some extend to the developers.

pvizeli · May 18, 2017, 7:15am

I think we should stay on Initial idea of hass.io and work with our addon concept for handing stuff. That give Aware that we not brake stuff on user device

bestlibre · May 18, 2017, 7:29am

The socket is also used by the configuration generator to find container ip and expose port to set up the reverse proxy, which allow not to publicly expose those ports but only the proxy. For simplicity sake, I’m going to stay with publicly expose ports if socket access is not doable.

EDIT : I’ve done some tests and it seems that docker block networking between containers, even with publicly exposed ports. From the host I can wget the homeassitant index

wget http://X.X.X.X:8123 --2017-05-18 12:22:28-- http://X.X.X.X:8123/ Connecting to X.X.X.X:8123... connected. HTTP request sent, awaiting response... 200 OK Length: 4720 (4.6K) [text/html] Saving to: ‘index.html’

If I try the same command from a container
wget http://X.X.X.X:8123 Connecting to X.X.X.X:8123 (X.X.X.X:8123) wget: error getting response

pvizeli · May 18, 2017, 11:49am

bestlibre · May 18, 2017, 12:38pm

What is the needed configuration to be able to access the others container from an addon ?

docker run --rm -ti homeassistant/armhf-addon-nginx_proxy bash
starting version 3.2.1
bash-4.3# wget http://172.17.0.1:8123
Connecting to 172.17.0.1:8123 (172.17.0.1:8123)
index.html

versus

docker run --rm -ti bestlibre/armhf-mopidy bash
starting version 3.2.2
bash-4.3# wget http://172.17.0.1:8123
Connecting to 172.17.0.1:8123 (172.17.0.1:8123)
wget: error getting response

pvizeli · May 18, 2017, 2:46pm

Nothing, 172.17.0.1 should work out of the box, since hass listen to 0.0.0.0
https://github.com/danielperna84/hassio-addons work in same way

Do you have adapt our base images?

bestlibre · May 18, 2017, 3:15pm

No, I’m using FROM %%BASE_IMAGE%% with the script from hassio build repo.

EDIT : After removing the upgrade line from the dockerfile, wget is working from the container.

pvizeli · May 18, 2017, 4:18pm

Which update line? Good to know, can you add a comment to dock about that?

bestlibre · May 18, 2017, 6:21pm

This line :
&& apk upgrade --no-cache --available \

bestlibre · May 19, 2017, 3:45pm

As I was working on a nginx_proxy with multiple vhost support, I was thinking that external port configuration could be a nice improvement. It could be needed if multiple addons publish the same ports and you want to proxify them. I don’t have an immediate need for that, but it could become necessary if the number of addons available increase.

olivierg · May 20, 2017, 5:03pm

The ability to choose the “host” network mode would be welcome.

I’m trying to build an add-on for homebridge (which rely on avahi/zeroconf and needs to be on the same network as the user’s iPhone) and I don’t think I’ll find a workaround.

If it’s already possible, please point me in the right direction (I’m pretty new to Docker).

pvizeli · May 22, 2017, 8:22am

I will look to it so you can finish you add-on with 0.32

olivierg · May 25, 2017, 5:03pm

Thanks, it works! I’ll post my homebridge add-on in the forum as soon as I find out why npm fails when pre-building the Docker images.