Node Red and restarting remote machines

This is something I have wanted to do for a long time. Let’s say you have a Node Red flow and want to restart your remote Raspberry or some other server. This sounds like a very simple thing to do but it is more difficult then you might think. Why?

  • You will not be able to execute a remote command without sudo
  • Because your Node Red is running in a container and not the actual server itself
  • If you create ssh keys it will be for the host, not the container
  • If you create keys they might be lost when the container is rebuilt
  • If the container is not running as root you might and up with an error

So let´s start by adding persistent storage to for the keys. I have modified my docker compose file like below. Adding the ssh volume.

nodered:
    container_name: node-red
    restart: unless-stopped
    image: nodered/node-red:latest
    user: root
    volumes:
      - /srv/docker/node-red/user:/data
      - /etc/localtime:/etc/localtime:ro
      - /srv/docker/node-red/~/.ssh:/root/.ssh
    ports:
    - "1880:1880"

Restart Docker.

By default, SSH will ask for password authentication each time. However, in this case that won’t work. To overcome this, we can use public-private key.

Generate public-private key pair

Execute this command on your docker container. I have used Portainer and pressed the console button to do this.

$ ssh-keygen

Now look in the /srv/docker/node-red/~/.ssh directory to make sure the key file is present there.

Add public key to on remote host

To do this is, use ssh-copy-id command.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub white@10.31.90.130

Now try to connect from the Docker container

 ssh white@10.31.90.130

Disabling SSH Password Authentication (optional)

Yo do not want to be forced to type the sudo password all the time.

Add a new user on the destination server.

sudo adduser nodred
usermod -a -G sudo nodered

Login as the new user on this machine. Open the SSH configuration file /etc/ssh/sshd_config, search for the following directives and modify as it follows:

sudo vi /etc/ssh/sshd_config

Change like below

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Once you are done save the file and restart the SSH service.

sudo systemctl restart ssh

You might not want to do this step above as you won’t be able to login using passwords after!

Get rid of password

So how do we get rid of the password prompt? For example you might run sudo vi text.txt and the password prompt will be shown. You do not want this as the exec node will fail later on.

Run command:

sudo visudo

I got some strange errors when using vim so you can change the default editor if you want to.

sudo update-alternatives --config editor

Go down to the bottom of the file, add the following line: (nodered is the username)

nodered ALL=(ALL) NOPASSWD: ALL

Save and exit the file, Run command:

sudo -k

To test login as nodered user if you do not already are login.

sudo ls

You should not be prompted for a password

Wrapping in up with Node Red

I planned to use the Exec Node but had problems getting this working so I the the big ssh node instead.

Install the node via palette. Add a timestamp and configure the destinationhost you have been setting up above. Press the button and watch the magic happens. It reboots!

You might want to do the same procedure with more servers.

 

 

 

 

 

 

0 0 vote
Article Rating
0
Would love your thoughts, please comment.x
()
x