I created a bash script for easy one click update of home assistant. The script executes with no problems when I do this manually in the console. The problem is that I am not able to execute the script from the home assistant frontend.
This is the bash script:
#!/bin/bash
# Stop the Home Assistant service running on Hassbian
sudo systemctl stop home-assistant@pi
# Open a shell as the homeassistant user running the Homeassistant service
# and that has ownership over the Home Assistant installation.
sudo -u homeassistant -H -s <<'EOF'
# Change into the virtual Python environment at /srv/homeassistant/
# containing the Home Assistant installation.
source /srv/homeassistant/bin/activate
# Upgrade the Home Assistant installation to the latest release.
pip3 install --upgrade homeassistant
# Exit the shell and return to the pi user.
exit
EOF
# Start the Home Assistant service.
sudo systemctl start home-assistant@pi
I suspect you’ll need to rethink this quite dramatically as homeassistant user doesn’t normally have sudo, and even if it does in your case, scripting with a password won’t work either.
Best way to do it is to use the sudoers config to allow the homeassistant user to execute specific commands without requiring a password at all.
This is my upgrade script for example:
link removed
There are other scripts in the parent folder too.
I’d have to get back to you with my current sudoers file as I’m not at home right now.
Hi, thanks for the advice! I am relatively new to home assistant, so it would be great if I can see your sudoers file, in order to understand the whole configuration.
I have also created some other shell commands, which restart or shutdown the Raspbian OS. And they work totally fine, which is actually the reason, why I decided to do the update in this way. But can you explain to me what is the difference between them and the command, which runs the update script?
As far as I know they are all executed by the homeassistant user, so I though that it should be relatively the same process for the update, except the fact that it should run a separate file containing all commands, because homeassistant needs to be shutdown first so it won’t be able to run the rest of the commands, if they are not in one bash script.
I’ll come back to you with the sudoers file tomorrow morning when I’m back at home, but to answer the question as to why the other one works…
(I’m no expert with bash scripts, but I think…)
I think it’s because the other shell commands are a single command, so you’re saying ‘run this command and drop the password in straight after’, but when you’re running a script the script itself doesn’t need the password, it’s the commands that are in the script, so it’s like an extra step that can’t be handled in the way you’re trying to.
The sudo -S argument was the key to run the command and automatically enter the sudo password properly. Note that homeassistant should be also added to the sudoers.
The update script also got some changes. Now it looks like this:
#!/bin/bash
# Open a shell as the homeassistant user running the Homeassistant service
# and that has ownership over the Home Assistant installation.
sudo -u homeassistant -H -s <<'EOF'
# Change into the virtual Python environment at /srv/homeassistant/
# containing the Home Assistant installation.
source /srv/homeassistant/bin/activate
# Upgrade the Home Assistant installation to the latest release.
pip3 install --upgrade homeassistant
# Exit the shell and return to the pi user.
exit
EOF
# Restart the Home Assistant service.
sudo systemctl restart home-assistant@pi
The most important part here was not to stop the homeassistant service in the beginning of the script, because shutting homeassistant down causes all active scripts to be terminated. I think it makes all the sense in the world, that the system terminates all its active scripts before shutting itself down. So the update action should be made while homeassistant is still running and in the end the system should be restarted in order to make the updated version active.
This sequence works great for me, but if anyone has concerns that it can have some flows, please let me know. Thanks!
Hi all.
I need help. I create in my Home Assistant which works on HASBIAN shell command looks like this:
shell_command:
update: ‘echo [hass password] | /home/homeassistant/.homeassistant/updateHA.sh’
It run update Home Assistant by Hassbian Script.
But when i use command to update in putty it show all info in putty. But when use it as shell_command in HA i dont see any info. Is any chance to save all logs/info which was show in putty to any file when i run it from shell_command ? Example to see error or other…
Sorry for the huge delay on my side, but nevertheless I think that shouldn’t be such a big problem, because all other passwords are saved in the same way in the secrets.yaml file. I don’t think it is more secure than every other yaml file. It is a separate file probably just for convenience and not so much for security. So in the end I think that storing my password in the shell_command.yaml file shouldn’t be less secure than the secrets.yaml file.
Please correct me, if I am wrong.