Exec Node red. about iotstack HOT 18 OPEN

Exec nodes will run in the container not the host. You can install nmap in the container or there is an nmap node if memory serves

from iotstack.

@gcgarner thank you for the info. Apologies as this now show my ignorance. How do you install an application within the container?
So far I found the following :
docker run -it [yourcontainer] bash
but when I run :
docker run -it iotstack_nodered bash
It starts a new instance of node-red. So I assume that I have it wrong

from iotstack.

When you need to connect to a container you generally use docker exec -it container command

docker exec = docker execute (not "docker run", the run command creates and starts a container)

-it = interactive terminal

container = your container (can be found by running docker ps

command = what you want to run, normally /bin/bash but could be just bash or sh (i think you can even have multiple entires for more complicated commands)

so for Node-RED it would be docker exec -it nodered /bin/bash ... or you could just run ./services/nodered/terminal.sh :) (that reminds me i should add terminals for all containers)

Remember that is built on Alpine linux so you need to use apk and not apt to install something

from iotstack.

I just realised something ... when you run docker-compose down your container will be deleted (except for your volume). The problem is when you install something i will get deleted when the container goes down. Then only way to get that change to stay is to bake it into your Dockerfile

When the Dockerfile is built it creates a new container called iotstack_nodered i think and that is what the nodered container is built off (Node-RED installs additional nodes in the volume thats why they survive the docker-compose up -d)

FROM nodered/node-red:latest
RUN for addonnodes in \
node-red-node-pi-gpiod \
node-red-dashboard \
node-red-contrib-influxdb \
; do \
npm install ${addonnodes} ;\
done;

apk add nmap

from iotstack.

I am slowly getting my head around this.
There is another way, I think :
Within node-red use the exec node and install nmap with apk update , apk add nmap
I have restarted Node-red as well as the Pi and it seems to work.
Then I can run the Nmap commands. The next challenge would be to run a command as root within the container.
Example :
sudo nmap -sn 192.168.8.1-254 but that does not work within the container
Any ideas?

from iotstack.

I'll take a crack at it tomorrow morning and report back

from iotstack.

Thank you! Ill also keep on playing with it.

from iotstack.

I got this working

changed ./services/nodered/Dockerfile to:

FROM nodered/node-red:latest
RUN for addonnodes in \
node-red-node-pi-gpiod \
node-red-dashboard \
node-red-contrib-influxdb \
; do \
npm install ${addonnodes} ;\
done;
USER root
RUN apk add nmap
USER node-red

ran docker-compose build nodered the docker-compose up -d

and nmap is running after a down and up ( typed in the wrong IP in the screenshot, when i typed the correct one the scan is successful. I just made a visual demo you could put your script in the containers /data directory (IOTstack/volumes/nodered/data) and execute that script

from iotstack.

Thank you Graham , Did you managed to be able to scan for the device mac address? The demo seems to also only give the IP and status.

from iotstack.

I re-read you post from above, didnt realise you needed sudo to get the MAC information
for security reasons the users in docker arent given sudo access. So running sudo fails. looking for a solution

from iotstack.

the only way i can think to get around this is to write a script on the Pi (and place it on a cron job to execute every couple of minutes) and let it do a sudo nmap and output some formatted information including the mac addresses to a file accessible by container i.e ~/IOTstack/volumes/services/nodered/data/nmap.txt. then inside the nodered you could put a file watch node down to run a script with an exec node against that list every time it changes

from iotstack.

So far it is the only method that I could come up with as well. Not ideal but giving the advantage that you have with the container you can't have everything.
Also, a couple of lessons learned along the way :)

from iotstack.

I agree, doing that kind of defeats to object of containers

I tried this. There is a node called "node-red-contrib-arp" once triggered it will return an array of all IP's and mac addresses in the ARP table (requires nodered to be in network_mode host). I doubt it is as reliable as nmap. I have a DMZ for my Pi, tested it then tested it again after joining my phone into that network and it did pick up the new MAC. you would need to filter by iface and somehow flush the ARP table from time to time to flush out old devices

from iotstack.

I Paul its been a while but i do have a viable solution

https://github.com/gcgarner/IOTstack/wiki/Node-RED#running-the-exec-node-against-the-host-pi

you could outsource the nmap section of your script to the host Pi and output the contents to the /data folder and process it from there

from iotstack.

Hi, this solution works like a charm exept for the fact that the ssh-key won't survive "docker-compose down/docker-compose up -d". Maybe there should be some more directories to map in docker-compose.yml or generate a new key every time the container is recreated?

from iotstack.

from iotstack.

Hi, I found the problem.

It was not the ssh-key itself.

First time after 'docker-compose down/docker-compose up -d' there is a question like:
The authenticity of host 'blah.blah.blah (10.10.10.10)' can't be established.
RSA key fingerprint is a4:d9:a4:d9:a4:d9a4:d9:a4:d9a4:d9a4:d9a4:d9a4:d9a4:d9.
Are you sure you want to continue connecting (yes/no)?

If you do ssh -i /data/ssh/nodered in the terminal you can answer 'yes' but from an Exec-node in Node-Red you can not see it.

If I use the StrictHostKeyChecking option it worked for me :-)
ssh -oStrictHostKeyChecking=no -i /data/ssh/nodered

Your solution to access the host in this way is excelent!

from iotstack.

from iotstack.