Thank you so much for the response. I am getting error in HA “Command failed: ssh -oStrictHostKeyChecking=no [email protected] ‘docker exec pihole bash /etc/pihole/setGroupStatus.sh School status’”
I added passwordless ssh from my home assistant LVM (192.168.0.200) to Debian Machine where pihole is installed (192.168.0.253). My group is School (not Kids-NoGames)
via HA machine (192.168.0.200) the following commands work perfectly. I issue the command via putty session on HA machine logged in as root
ssh -oStrictHostKeyChecking=no [email protected] ‘docker exec pihole bash /etc/pihole/setGroupStatus.sh School status’
ssh -oStrictHostKeyChecking=no [email protected] ‘docker exec pihole bash /etc/pihole/setGroupStatus.sh School enable’
ssh -oStrictHostKeyChecking=no [email protected] ‘docker exec pihole bash /etc/pihole/setGroupStatus.sh School disable’
My problem is that I cannot get the same command to work correct from HA. All the above commands give me the same error in hassio- Command failed: where from HA machine It work
I do not know what to do. I searched for command_line switches and the HA documentation is telling me to add command_on argument within " … " and I did but still get the same error
My HA switche is added to switches.yaml. I am running HA 2021.10.7, Debian 11, Docker 20+
Hi,
yes, it is not a very elegant solution with SSH and keys and in my case it was no-password login.
Over the weekend I tried to implement an API that can be used to enable/disable the groups.
it is the first attempt and I have not yet added it to my setup, but it might be a bit better than the script.
Not sure if you want to give this a go ar keep looking at the script.
I won’t be able to tinker with it more until the weekend and there is no guarantee it is working. There is also no security implemented, anyone with access to the API can enable/disable all groups.
Thanks. i figure it out. The problem is that rsa passworless for the ssh command work for my virtual machine (my HA is in Debian 11 and docker - supervised install) but not for the home assistant which is in a docker container within the Debian 11.
So when i go inside my homeassistant docker it still ask for password for ssh command. What I tehrefore did was to go inside homeassistant docker with “sudo docker exe -it homeassistant bash” where homeassistant is the name of my hassio docker container name and then created rsa in there with “ssh–keygen -t rsa” and then copiy keys to the pihole machine with “ssh-copy-id [email protected]” where 192.168.0.253 is the machine where pihoole is running- again in a docker container
with above my ssh commands work within homeassistant docker container
as such now the switch work within home assistant interface. so when I turn on the switch it enable the group in pihole and when i turn off the switch it turn off the pihole group school
Thanks again. Just adding some notes here in case someone else get the same issue.
The problem has always being that ssh commands need password to execute. if not you get error in HA as such you need to make it able to access pihole machine passwordless. rsa method is secure so no problem there. If your HA is in a docker within a OS like debian then install RSA tocken in Debian does not automatically give that privilege to docker containers in that OS as sich will not work for homeassistant install in docker so you need to make ssh passwordless for each docker container and in this case homeassistant docker container by going to docker via “sudo docker exe -it homeassistant bash” where homeassistant is name of the docker container that has home assistant
I will do HA update to 2021.11 and report back and I am sure it would not break it as I do not update the container to update HA - just like hassio on pi I just go to supervisor and update. That is how my install work. However if you install HA in docker say via docker compose etc it as long as you have config outside the container I cannot see why that would break it
well you are right. when I update HA it break the thing so need to do it each time I update HA. Not a big deal but not good. Need to figure out to change the location of tocken so it would in a folder like config where it would not get deleted each time docker update happen.
I will look at the API you are developing before I do the next HA update.
Not sure if there is a way to pass the password via shell_command rather than command_line. Only thing to fix is find a way to pass the password in the ssh command or have rsa tockens in a place where it will not get deleted
OK, a bit of a disappointment.
I have the API ready, but if we can’t execute the pihole restartdns reload-lists command then there is no point.
To run that command the whole SSH problem is back.
I might have to have another look at ssh from one container to the other and the keys have to survive a docker update.
Another idea I had was to add my dbAPI on into the pihole container, but I am not sure about that yet.
I also changed the setGroupStatus.sh script a bit to not restart pihole DNS on every status check.
#!/bin/bash
# takes the group name and enable disable and status as input and
# updates the pihole gravity database accordingly
# then restarts the pihole dns and lists
# Data Monkey January 2021
case "$2" in
"enable")
sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=1 where name='$1'";
# refresh PiHole
/usr/local/bin/pihole restartdns reload-lists >/dev/null
;;
"disable")
sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=0 where name='$1'";
# refresh PiHole
/usr/local/bin/pihole restartdns reload-lists >/dev/null
;;
"status")
stat=`sqlite3 /etc/pihole/gravity.db " select enabled from 'group' where name = '$1';"`
echo $stat
exit 0
;;
*)
echo $"Usage: $0 {GroupName enable|disable|status}"
exit 1
esac
Thank you for this. I looked around the database file and was able to modify your script to work with blacklist. You use domainlist table and change from name to domain.
Credit to Data Monkey for the script.
#!/bin/bash
# takes the domain and enable disable and status as input and
# updates the pihole gravity database accordingly
# then restarts the pihole dns and lists
# Data Monkey January 2021
case "$2" in
"enable")
sqlite3 /etc/pihole/gravity.db "update 'domainlist' set 'enabled'=1 where domain='$1'";
# refresh PiHole
/usr/local/bin/pihole restartdns reload-lists >/dev/null
;;
"disable")
sqlite3 /etc/pihole/gravity.db "update 'domainlist' set 'enabled'=0 where domain='$1'";
# refresh PiHole
/usr/local/bin/pihole restartdns reload-lists >/dev/null
;;
"status")
stat=`sqlite3 /etc/pihole/gravity.db " select enabled from 'domainlist' where domain = '$1';"`
echo $stat
exit 0
;;
*)
echo $"Usage: $0 {domain enable|disable|status}"
exit 1
esac
I have a question around the switch configuration. My config only seems to turn the pihole on. I am not trying to implement specific gravity or use groups. I simply want to toggle the pihole on and off completely using the switch. Is there something I’m missing or another way to configure just a basic toggle on/off? The toggle slides to the ‘on’ indication, but then slides back to the ‘off’. Nothing happens if pihole is on. However, if I turn pihole off manually, either through command line or the gui, and then toggle it in home assistant it will turn back on. It’s like the command_off can’t be executed, and I’m not sure the command_state is even doing anything.
Also, what exactly is the value_template supposed to be doing?
EDIT:
Checked documentation, and found that command_state wasn’t helping and value_template needed to be changed in order to send the right command, based on the switch.
New code:
Last thing I would like to see is the icon_template variable to work. It would be nice for the icon to be of the pi-hole mdi and change color based on if pihole is enabled or disabled.
Hi,
if you just want to disable all of Pi-Hole you would be better off using the official integration that will give you a service to disable Pi-Hole for a duration of your choice.
The topic here is to enable/disable specific groups in pi-hole that are not exposed via an official API (yet).
Yeah, I tried that, including adding the apikey generated from within the pi-hole instance, but the lovelace card it generates doesn’t really toggle too well. It turns on, but the toggle off doesn’t really work.
@datamonkey
Short note to thank you for sharing this. It’s exactly what I was looking for. I’ve set up as described and it just works.
As for the command line switch I’ve taken a simpler, however somewhat less secure approach. However I can live with it.
I run HA in docker and I’ve given HA access to the host docker engine, adding below to volumes:
emphasized textThank you so much for this. It’s done the job well.
I have Home Assistant now enabling/disabling Pi-Hole groups. Both are in separate docker containers.
The only issue I had is that the Lovelace switch cards didn’t appear to stay at the on position, but cycled to off, then on every 1 min. 1 min on, one min off and repeat. The actual group status in Pi-Hole was unaffected, it was just an annoyance in my dashboard.
Adding ‘scan_interval: 300’ to my configuration.yaml in an attempt to resolve this has only lengthened the cycle to 5 minutes. I can’t understand why the status is flipping at every scan.
Help please!
#!/bin/bash
# takes the group name and enable disable and status as input and
# updates the pihole gravity database accordingly
# then restarts the pihole dns and lists
# Data Monkey January 2021
case "$2" in
"enable")
sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=1 where name='$1'";
# refresh PiHole
/usr/local/bin/pihole restartdns reload-lists >/dev/null
;;
"disable")
sqlite3 /etc/pihole/gravity.db "update 'group' set 'enabled'=0 where name='$1'";
# refresh PiHole
/usr/local/bin/pihole restartdns reload-lists >/dev/null
;;
"status")
stat=`sqlite3 /etc/pihole/gravity.db " select enabled from 'group' where name = '$1';"`
echo $stat
exit 0
;;
*)
echo $"Usage: $0 {GroupName enable|disable|status}"
exit 1
esac
UPDATE:
I’ve now sort of resolved the issue using the revisions offered above by the-bort-the. Thanks.
It address the strange unwanted toggle to off in HA, but I have lost the proper status checking unfortunately. So if I toggle a group on the Pi-Hole front end HA will not update.
But I’ll try to live with that for now.
FURTHER UPDATE:
I find that updating Home Assistant breaks the connection to Pi-hole.
Running the following command within the Home Assistant container (via Portainer) fixes it for me.
ssh -i /config/.ssh/pihole USERNAME@SERVER IP ADDRESS
Thank you for this! It has been the inspiration to build a small script that exposes PiHole groups via MQTT to HA with autoconf!
I can finally automate the site-blocking “parental control style” from Home Assistant! https://github.com/Andrec83/pihole-ha-mqtt-service/tree/main
This is a great idea.
But I am running pihole in docker, will need to see if I can make your script persistent in the docker container, that would be great!
the install script for docker integration was next in line, I added yesterday a couple of features that were missing (and did some code clean-up, although still very ugly) and was planning to work on a set-up script in the next few days. I will hold on for now since the API route is of course preferred.