SPDX-License-Identifier
CC-BY-SA-4.0

Home Automation Upgrade (2022)

I have a small set of smart switches (Z-Wave) controlling mostly lamps. I'm currently using Domoticz (version 2.0.2276) as the control software. This is seriously back version, because the Z-Wave integration was kicked out of version 3.x due to a political issue, which I take to be that Z-Wave is proprietary and its library is not 100% open source. However, modern (2022) Domoticz once again has Z-Wave support.

One of my switches died. I was not able to get the replacement to be recognized by Domoticz, i.e. paired with the Z-Wave controller. [In hindsight, this was my fault, not Domoticz's.] I have been meaning to replace Domoticz with something upgradable and I decided that now is the time. After research I decided on Home Assistant.

Abbreviations and Jargon Words

These jargon words are used in Home Assistant documentation:

• Jimc is using 'H-A' to abbreviate Home Assistant. The package basename and the core executable program are hass abbreviating Home Assistant.
• IoT: Internet of Things. These are objects that can communicate with each other. It's often used loosely; potential global communication on the IP (Internet Protocol) network is not a required element, just digital communication with other such Things including a local controller.
• Device: Often a hardware IoT Thing such as a switch, a lamp, a thermostat, or lots of others. Software Devices also occur such as a weather reporting service.
• Entity: Some Devices have multiple controllable aspects such as the brightness and hue of a lamp. Besides the on-off relay, a smart switch may include a power meter. Each of these aspects for each of the Devices is called an Entity.
• State: Most common is on or off. Must be binary, or at least an enumerated type.
• Attribute: An analog state, e.g. brightness, hue, temperature.
• Integration (as a noun): H-A's ability (in software) to interact with a particular kind of entity.
• Protocol: H-A interacts with Devices through another Device that frequently includes a radio. This interface is sometimes called a home automation hub. Protocol refers to the frequency, modulation, packet format, etc. of the particular communication Device. Presently popular protocols for home automation include Wi-Fi (IEEE 802.11 family), ZigBee (IEEE 802.15.4), Z-Wave (proprietary), and Bluetooth (IEEE 802.15.1).
• Lovelace: The name of the user interface of H-A.
• WAF: Wife Acceptance Factor, very important in picking a product.

Comparison of Home Automation Software

The probable market leading home automation software packages are Amazon's Alexa, Google Home, Apple's HomeKit, or various other closed source items. I'm rejecting them out of hand due to privacy concerns; specifically:

• They are designed for voice control.
• They are always listening for their trigger phrase.
• While they may respond only after hearing the trigger phrase, we need to trust them to not eavesdrop and forward subversive conversations to (fill in current conspiracy theory here).
• While they are believed non-authoritatively to do minimal speech recognition locally, they are believed to send voice commands to their herd of cloud servers for high-powered analysis, which is needed to understand users' mumbled, ambiguous and disorderly commands.
• Their corporate sponsors are not paying rent (or internal recharges) for the cloud servers without getting some value for doing so, but it isn't possible for an ordinary user to determine how they monetize the information they get from the user. (Insert conspiracy theory here).
• An unrelated shortcoming is that proprietary processing in the cloud looks bright and shiny when new, but support gets discontinued on a regular basis, either for older models for which you have to purchase upgrades, or the entire product line is abandoned.

So a hard requirement for jimc is open source software with local hosting of everything. A Google search for home automation comparison in 2022 reveals that current interest is focused on: (product names link to their home sites)

• OpenHAB.

• Home Assistant. I'm using the abbreviation 'H-A' frequently, and Hass is the name root of the package.

• Domoticz.

Lots of Comparison Articles

OpenHAB vs Home Assistant — Find the Difference?

September 7, 2021, by JOSNA on ElectronicsHub.

OpenHAB is in Java. Inception 2010. Advantages: It has a lot of extensions. It supports zillions of devices, communication protocols, etc. It runs on all kinds of UNIX, and Microsoft Windows. Among the comm protocols are ZigBee (IEEE 802.15.4) and Z-Wave (proprietary). The author rates positively the documentation and user community.

Drawbacks: Because OpenHAB does so much, the user needs to do a lot of work to learn it all. The author warns that you need prior knowledge for hassle-free usage. Updates require the command line. It's a memory pig; a Raspberry Pi 3 (1Gb RAM) may run out of memory.

Home Assistant is in Python-3; Apache-2.0 license. Inception 2013. Advantages: It can federate with Google Assistant and Alexa. (Jimc believes OpenHAB can do this also.) Software distribution from GitHub. Flexible and customizable automation rules. One click updates. Good documentation. Active user community.

Drawbacks: Case sensitivity and configuration syntax can trip you up. New users may find it overwhelming at first.

Author's evaluation point by point:

Aspect	OpenHAB	Home Assistant
Configuration:	OpenHAB takes 20-30 minutes, good documentation.	H-A during setup can discover all existing devices. (Jimc says: configure Z-Wave radio first.) One-click installation, so they say. Good docs.
Updates:	OpenHAB is complex and time consuming; looks like the update is installed like an add-on package.	H-A: just click a button on the UI.
Supported devices:	OpenHAB supports 792 kinds of devices from 111 vendors.	H-A has about 1400 components presumably meaning supported devices.
Automation rules:	OpenHAB extension language.	H-A has a choice of 2 extension languages.
User Interface:	OpenHAB has one.	H-A is praised by the author for having a UI that is more user friendly and less complex than OpenHAB.
Mobile App:	OpenHAB has them for iOS and Android; it is easy to use and user-friendly.	H-A is similar but the author says it's slightly less developed than OpenHAB.
Add-ons:	OpenHAB has extensive add-ons, e.g. Twitter notifications. It can use several databases including MySQL but not PostgreSQL.	H-A has fewer, and the only ones I recognize are the DHCP server and Git puller. Other articles mention a lot more add-ons for H-A. No database engine is mentioned. (From docs: SQLite is the default but MySQL/MariaDB can be used for big systems.)
Conclusion:	OpenHAB is more customizable at the cost of a steeper learning curve.	H-A is easier to use and to set up, particularly for the beginner.

Jimc's conclusion: I should give serious consideration to Home Assistant.

Best of open source smart home: Home Assistant vs OpenHAB

By Alex Brice, February 28, 2018, on Smart Home University.

We have selected Home Assistant as the overall winner. This is due to a number of reasons, but more powerful automation engine, friendlier UI, more powerful integrations and stronger community being the main ones. Saying that, OpenHAB has a number of winning aspects and the victory was only by a thin margin. (In 2018.)

Updated in 2022-05-xx: He has continued with H-A and has $2K of smart devices and over 100 automation routines.

He has a lot of very detailed comparisons of different aspects such as the automation languages (Xtend vs YAML). His overall winner is still H-A.

Home Assistant vs OpenHAB - Which one is better?

By Lewis Barclay, Aug 20, 2020, on Everything Smart Home.

This author's take on the two programs is similar to previous authors. They have good and bad points, but H-A's ease of use makes it the winner for him. As for stability, H-A has never failed him (in about 2020-2022, 1.5 years) except once he filled up his disc with something. He doesn't have the long term history with OpenHAB so he can't really rate its stability.

He gives a link to his set of articles Getting Started with Home Assistant. Their main focus is on deploying the pre-stuffed image on Raspberry Pi.

OpenHAB vs Home Assistant vs Domoticz: The Ultimate Fight

by David C, 2020-04-16, on SmartHome Blog.

He recommends putting the winning software on a Raspberry Pi. Jimc is not taking that advice; Jacinth, my main router, an Intel NUC6CAYH (Celeron), runs 24/7 and does a lot of this kind of service in my house.

Installation: OpenHAB is very easy, particularly on the pre-stuffed RPi image called OpenHabian. 20-40 minutes work. H-A is also easy, only 10 minutes using their image. Domoticz is slightly less straightforward because there's no image.

Configuration: A pox on all their houses! For OpenHAB and H-A both, you will be stuck editing files, so he says. Domoticz can be configured with the web UI, but it's not very intuitive, he says. [Jimc note: I got my Home Assistant configured without editing files, only snooping to see what they were doing.]

Flexibility: Similarly, he rates all three poorly.

Community of Users: OpenHAB's community is the most active and most helpful. H-A's community is growing (jimc says: likely this comment is from before 2020). Domoticz has substantially fewer users than the other two.

Pace of development: Author concentrates on adding new devices. OpenHAB is quite slow because of a rigorous approval process, which helps stability. H-A is much faster (and sometimes the integrations have bugs). Domoticz definitely lags behind.

Automation: OpenHAB can do anything you want, but the Xbase syntax is not the easiest one to deal with. H-A's YAML is by far worse. Domoticz uses LUA which I find very clean and powerful. But he says learning Python is probably a lot more practical than learning LUA.

Conclusion: Domoticz users are moving to OpenHAB or H-A. H-A is developing fast and the UI is going to have a good WAF (Wife Acceptance Factor). OpenHAB is amazingly flexible. If you don't mind a slightly steeper learning curve, OpenHAB is the way to go.

From the first posted comment that caught my eye, by Philip (2020-03-21): Hi There! I have tried OpenHAB some times ago, and the main thing that makes me change to another one is: JAVA. If all is going nice it's OK don't touch the f…ing working thing! But it's always so complicated, so heavy, so hard to tweak, so hard to understand why it's not working.

I think I have a feel now for the available products, and can stop reading blog posts.

Preliminary Planning

Years ago I installed Domoticz-2.0 for OpenSuSE Tumbleweed off a SuSE community repository, and I was planning to do the same this time. Available packages for Tumbleweed on OpenSuSE at the time of writing (2022-12-xx) are:

• home-assistant-2022.12.6-362.25 (recent) from experimental repo system:homeautomation:home-assistant.
• openhab-3.3.0 from community repo home:ecsos:server. openhab-2.X is also available.
• domoticz-2022-2 from community repo home:Ximi1970:Servers:Domoticz.

My evaluation of the three candidates goes like this:

• If I upgrade from ancient Domoticz-2.0 to modern Domoticz-2022.2, I'm afraid that the learning curve will be just as steep as for the other products. Do I want to invest this effort in a product that is losing market share, whose user interface is not so intuitive and whose WAF (Wife Acceptance Factor) is not very high? I don't think so.
• I started this project oriented on OpenHAB, but from the comparison articles I get the impression that it is not that easy to configure and use either. However, the authors seem to find OpenHAB and Home Assistant to be closely matched, each with its own strengths and weaknesses.
• Home Assistant is praised for ease of use and a good WAF. In my family those factors are important. So Home Assistamt is the product that I picked.

To install Domoticz you just install the package and its dependencies. H-A is not so simple; it is designed for both security and maintainability, and the kind of cowboy programming that I followed with Domoticz is not going to cut it. H-A has four levels of installation, ordered from easiest to hardest, all but one of which I tried (in reverse order):

• Home Assistant Operating System: You have a dedicated chassis, typically a Raspberry Pi or an Intel NUC, or you have a dedicated virtual machine (first item from the Linux option on the install page). You install their image on it. In ten to twenty minutes you have what amounts to a network appliance analogous to the controller hubs of the commercial products. You can now proceed to add your home automation Devices. Hacking the operating system is discouraged.

  This is the mode I ended up using.

• Home Assistant Container: They have images for these virtual machine frameworks: VirtualBox, KVM (what I use), and VMware. They also have an image for any OCI compatible runtime, of which Docker has the most name recognition. The image includes Home Assistant Core (and has the same limitations). This is the only mode I didn't try.

• Home Assistant Core: It does not run in a container or a virtual machine. You create a Python Virtual Environment into which you install the Home Assistant Core. (Here's a good tutorial on Virtual Environments. Basically special or back-version modules and tweaks are visible only in the Virtual Environment.) This looks like the best fit for me, because I can use my preferred distro (OpenSuSE Tumbleweed) and maintenance methods, yet can adapt to their special package requirements and version control. Also I don't have to deal with importing USB devices into a virtual machine. [Famous last words…]

  On the Installation page, click on Linux, then scroll down to Home Assistant Core. I got it working, until I started configuring Entities.

  The problem here is that Home Assistant Core can't do add-on packages, and Z-Wave support is an add-on. The key issue appears to me to be that add-ons are like daemons, running in a separate thread, which are started and controlled by the H-A Supervisor (similarly to how it supervises H-A Core), so you need to use the first or fourth installation modes, that include the Supervisor.

• Home Assistant Supervised: You run their Supervisor on your OS. Which must be Debian; Ubuntu and Raspberry Pi OS (formerly Raspbian) are not supported, and neither is SuSE. This is basically what I was trying to do, failing. I'm not sure how strict is the Debian dependence, but they will not consider bug reports unless they can be reproduced on an unhacked Debian OS.

If You Are Thinking of Changing Protocols

I found this useful discussion comparing the major communication protocols for home automation: ZigBee vs Z-Wave vs WiFi (OP CO_4x4, 2021-12-xx). He's doing an upgrade and refurb campaign on his IoT Devices, and wonders if changing the communication technology might be a good idea. He got 130 responses. The consensus is that each has its strengths and weaknesses, and the environment makes a difference too. Almost nobody uses a single technology. But here's kind of the majority opinion:

• ZigBee is the least expensive. But this sometimes means that you're getting low quality implementations. ZigBee uses the least power of the three, so people prefer it for battery powered Devices. ZigBee communication is more stable than the others (different people's mileage varies a lot though). But it suffers from interference from Wi-Fi (both are in 2,4GHz), which can be mitigated if you pick the two services' channels so they don't overlap, e.g. Wi-Fi channel 11 doesn't overlap ZigBee channel 11 (actually 11-17). Also Wi-Fi channel 1 doesn't overlap ZigBee channel 19-26, and Wi-Fi channel 6 misses ZigBee 11-12 and 24-26.

• Z-Wave is older technology and available Devices are declining. (Insteon is even older and more faded.) It has a lot more rigorous certification requirements, so interoperability between vendors is almost 100%. But the products are the most expensive. They use more power, so people tend to go with ZigBee for battery powered Devices. People with a lot of Z-Wave Devices say that their net has slowed down and become less reliable. The operating frequency is 908.42MHz in the USA, 868.42MHz in Europe, and various others elsewhere. Watch out that you get a product compatible with your regulatory domain. This frequency range penetrates walls better than 2.4GHz Wi-Fi.

• Wi-Fi generates a lot of strong opinions pro and con. Jimc noticed that the vast majority of IoT devices on Amazon are Wi-Fi, ZigBee is second, and there were only 3 or 4 Z-Wave Devices. It needs more power than ZigBee so people avoid battery powered Wi-Fi. Older access points and NICs have a small peer table, a problem if you buy a big swarm of Devices. An advantage is that everyone already has a Wi-Fi NIC, access point, or both, while with the other two you need a dedicated NIC for each protocol. ZigBee and Z-Wave use mesh technology, giving better coverage to the whole house, but Wi-Fi doesn't unless you put in dedicated repeaters. Many Wi-Fi Devices connect to a cloud server, which the controller also connects to, and many respondents discussed cases where the cloud server got discontinued. Cloud entanglement is also a privacy issue. (Jimc: my Honeywell thermostats are like this, though not discontinued yet.) There is a new standard called ESPHome which enables local control. The Tuya product line was also mentioned as easily controlled locally.

• Only one response mentioned Bluetooth. Jimc has seen Bluetooth door locks, but that's all.

• There's a new technology on the horizon called CHIP/Matter which will supersede all of these, so some people say. In 2022-12-xx (a year after this forum post) there are actual Devices available that use it.

The article doesn't say anything about layer 1 protocols, i.e. the operating frequency, but the presence of ZigBee in the alliance suggests that 2.4GHz Wi-Fi and IEEE 802.15.4 are likely to be included. Several devices including hubs were mentioned as having received firmware updates that added support for the Matter protocol.

Installing Home Assistant Operating System

The first step is to configure a virtual machine (KVM) for it to run on. Why don't I use the H-A Container image, you ask. Because I absolutely require add-ons: all my Devices are Z-Wave, with an Aeotec Z-Stick Gen5, which has official and community drivers in the form of add-on daemons, and H-A Container can't do add-ons. In forum posts, respondents often point out that add-ons frequently are available as Docker images and this is the way to go if you're running the Docker image of H-A Container. But I have no experience with Docker and I'm already leery of H-A Container on Docker, and I'm even more leery of add-ons on Docker. Therefore the next try is going to be H-A Operating System in a VM .

Here is the generic procedure to set up the VM. The following is From the H-A Installation page; follow the Linux link. Steps:

• The new VM's name will be Dragon.

• Do the research to pick the chipset and firmware of your VM. Which chipset should I use? See Virtual Win10 — i440FX vs Q35 by Gordan Bobic (2022-01-05): QEMU supports these two for x86_64. i440FX is from 1996 while Q35 is from 2007, but there's an urban legend of bugs in GPU passthrough on Q35. Gordan tested CPU usage on both (but not the urban legend). Windows being idle used about 3/4 the CPU on Q35 vs. i440FX (7% of elapsed, oink). Other forum posts describe working VMs involving Q35 doing GPU passthrough. Jimc is going to stick with Q35.

• About the firmware: QEMU — Which Firmware to use, OP kitman (2021-07-xx) has a good discussion of which one to use. The ones including the string ms include Microsoft signing certs, opensuse is for Tumbleweed and Leap, and suse has SLES certs. The ones without a vendor name have no certs and will fail Secure Boot unless you import your own cert. The KVM image already has Secure Boot turned off. If the kernel is signed at all, it's by either a Debian or a H-A cert, neither of which you have. So don't confuse yourself with Microsoft or SuSE certs.

• In a previous failed attempt during UEFI booting, I got a message:
  BdsDxe: failed to load Boot0001 UEFI Misc Device from PciRoot(0x0).Pci(0x2,0x3)/Pci(0x0,0x0): Access Denied

  I tried pressing any key to enter the Boot Manager Menu. We have a Standard PC (Q35+ICH9, 2009), pc-q35-7.1, 2.0GHz, 2048Mb RAM. Under Device Manager, the first category is Secure Boot Configuration. Current Secure Boot State: Enabled. Not a good sign if we have no certs. Next item is Attempt Secure Boot; I un-checked this. It says, please reset the platform to take effect! Hit escape until back on the main page. Reset is the last item. And the sucker booted! (But there were other issues and I had to start over from the beginning.)

• Download https://github.com/home-assistant/operating-system/releases/download/9.4/haos_ova-9.4.qcow2.xz (use the link on the Linux install page to get the current version). 0.34Gb, download took 71sec. Decompress it: xz --decompress --keep haos_ova-9.4.qcow2.xz ; Output 0.97Gb, took 20 sec. Rename to dragon-disc1.qcow2 .

• Start up the virt-manager GUI (no command line arguments).

  • Create a new VM (use icon, or file menu). It pops a sequence of windows per topic.
  • Mark Import Existing Disk Image.
  • Provide the existing disk image, the one you just decompressed, by using the file browser. What os-variant is this? Debian 11, type it in the box, which will auto-complete a partial name.
  • Tell it 2048MiB RAM and 2 CPUs (is the default).
  • Change the VM's name to dragon. Mark the box for Customize Before Install. Configure the network: for me, Bridge Device on br0. This is the last info gathering pop-up; hit Finish.
  • Customization screen, edit the title and description (I left them blank). Hypervisor details: Chipset choices are Q35 (default, kept) and i440FX. Firmware: Watch out here. Default is BIOS (i.e. legacy MBR) but the image won't boot with this; the instructions say it requires UEFI. I chose UEFI X86_64 with firmware file /usr/share/qemu/ovmf-x86_64-code.bin . See above for why I chose this chipset and firmware.
  • Additional customizations (select items from the left sidebar):
    • Memory: I tweaked Current Memory to 1024Mb.
    • NIC: MAC address set to its assigned value (vs. random), so DHCP will give the VM its assigned fixed IP.
    • Channel: The connection to unix: org.quemu.guest_agent.0 is mentioned in the instructions, but it was already configured by default.

• I hit Begin Installation. It started virt-viewer, The TianoCore logo was shown (Intel's open source EFI booter). Wonder of wonders, it booted promptly (evidently Secure Boot is turned off in the image), showed reasonable messages, and started the H-A CLI and the supervisor, which started H-A core. It got its assigned IPv4 address, but an aleatory IPv6 address. (I expect I'm going to have to jailbreak the master instance to fix this. Update: rather than fixing it, I statically assigned the correct IPv6 address in the Settings page for System/Host.) It has opened HTTP service on ports 8123 and 4357. The latter is labelled the Observer URL. 8123 has the expected H-A screen to create the administrator account. 4357 has a simple health monitor display: supervisor connected, configuration supported, system is healthy. On the console you can type commands to the CLI, which supposedly can do everything the GUI can, and possibly more. It took about 3 minutes from the start command until port 8123 was giving HTTP service.

• Now with Dragon booting, I need to make progress on two items:

  • All the Devices communicate by Z-Wave. The Aeotec Z-Stick Gen5 (USB) has to be passed through to the guest, Dragon.
  • Dragon needs its IPv6 address and default route. Turning this on is going to require root access to the guest, preferably SSH with authorized_keys.

• Steps to set these up:

  • In a previous attempt I started the VM and got this error message:

    qemu-system-x86_64: -device
    {"driver":"usb-host","hostbus":1,"hostaddr":14,"id":"hostdev0","bus":"usb.0","port":"2"}: 
    'usb-host' is not a valid device model name.  

    Arch Linux forum post about the same problem (OP ghost82, 2022-05-05). V1del (moderator) says it's likely in an add-in package; try qemu-hw-usb-host.

    qemu-hw-usb-host is also the name on OpeSuSE. (But in the SuSE package searcher you need to specify qemu-hw; plain qemu didn't match it for some reason.) I installed it. Now the error message is gone.

  • URL of a tutorial on how to pass through a device. I'm going to use virt-manager to do this. Steps:

    • Shut down the guest.
    • Use lsusb to discover the bus and device number of your device (for me, bus 1 device 14). (Actually virt-manager won't use these.) Also write down the vendor and product numbers of your device, which you will need to use.
    • Start virt-manager.
    • Open (click on) your VM; give it some time to open the window.
    • Open Virtual Hardware Details (lightbulb icon; in current version it's an 'i' info icon).
    • Click on Add Hardware (at the bottom of the sidebar).
    • Choose USB Host Device (in sidebar).
    • The resulting dialog has a list resembling lsusb output. Pick the device. (If you look at the XML, it specifies the Source by vendor and product ID, so the connection is not fixated on this bus slot.)
    • Hit Finish.

  • Exiting from virt-manager. Starting the VM (virsh start dragon). I wonder if the USB passthrough happened? For that, I'll need root access. There's an add-on package for this in H-A. [Confirmed later that the Z-Stick is visible to the guest because the Z-Wave integration is able to talk to the Devices.]

• Now that we have a domain definition that can be booted, we need to save the domain XML and the NVRAM. To do this (in /s1/kvm/dragon/):

  • virsh dumpxml dragon > dragon.xml
  • It also needs the NVRAM. Look in dragon.xml, the nvram element, to find the default filename. Copy that file to /s1/kvm/dragon/ (owner qemu:qemu mode 600) and in the nvram element replace the filename with its new location.
  • Compare the dumped dragon.xml with previous versions and reconcile features, descriptions and comments.

• If you need to undefine and redefine the domain, this is the procedure. undefine needs the --nvram option to give it permission to toss the former NVRAM contents.

  • virsh undefine --nvram dragon
  • virsh define ./dragon.xml
  • Undefining is necessary when and old VM instance exists with a different UUID. If the UUID is not changing you don't need this. --nvram means to toss the NVRAM content; otherwise it will refuse to undefine.

Onboarding: Configuring Home Assistant

• Follow the Onboarding link to start configuring. (Except the Home Assistant Core section doesn't have one; follow from another section, or use the link here.)

• It wants you to create an account for your administrator. This is not a system account; it's by and for H-A. I'm assuming that Name is like a full name and Username is like a loginID. Google search for Does Home Assistant hash passwords? shows a statement in the docs that it does so. I'm going to use H-A Administrator as the Name and homeauto as the Username, and something random (which I'll keep in Bitwarden) as the password. Later I'll create a different user account, shared by everyone in the family.

• The next page is to set your locale. I was successful using their button to detect it. It correctly identified my country, language, timezone (America/Los_Angeles), unit system (peasant) and currency.

  On the map it showed me the point of physical presence of my ISP (in San Francisco). To get the correct sunrise and sunset times, which I use, you need to move the pin. The map can be zoomed; diagonally drag the desired zoom center (the pin) to show a (much) larger area. Drag means here to move the cursor to the desired center, hold down the left mouse button, then move the mouse. Now double click on the pin, holding the left button down after the second click, and drag it near your actual location. With a similar double click or two finger drag in the map background, re-center the pin. Re-zoom the map, showing a smaller area. Repeat until the pin is in the living room of your house: the map is that detailed.

  When you hit Next it takes about 15 secs to get to the next page.

• Next it asks about (anonymized) information sharing. I'm a paranoid troglodyte: no basic analytics, no usage, no statistics, yes diagnostics (crash reports).

• Next it shows integrations that could be relevant for you. They say don't be alarmed if you don't have very many. You can configure them here or do later (recommended by jimc). I had these integrations:

  • Two printers; ignoring them since I really doubt that I will print reports of light bulb activations.
  • ttyACM0 with a Z-Wave symbol.
  • I hit More and waited. It greyed out everything. It might be doing network auto detection (or might not). I gave it 10 mins; no action. Still nothing. So I rebooted Dragon.
  • When I logged in again, I didn't do any configuration, just hit Finish.

• Rebooting takes about 3 min until the webserver gets alive.

• I'm taking some recommendations from Getting Started with Home Assistant (part 2) by Lewis Barclay (2019-09-21). Click your username in the lower left corner, opening your profile, and give yourself administrator privileges, called Advanced Mode in H-A.

• Yes we are using Hass.io and need SSH. Here's how to install an add-on. Evidently since Getting Started with H-A was written, the GUI has been reorganized; here's a modern translation of the procedure for version 9.4 (2022).

  • Pick Settings from the sidebar. You may have to scroll the listbox to find it, at the bottom.
  • Open (click on) Add-Ons. Beware, H-A Container and H-A Core don't have the Supervisor and therefore can't start the new add-on, so there's no item to install it either. You'll need, as I did, to reinstall H-A from the beginning with a supervised mode: H-A Operating System, or H-A Supervised (whose prerequisites were too much for me to deal with).
  • Click on Add-On Store (lower right corner).
  • The screenshot in Getting Started with H-A shows the Repositories section; if you need this (I didn't) you can open it via the dotdotdot menu, upper right corner.
  • Official add-ons are maintained by the H-A developers whereas Community add-ons are from outside. Specifically the official Aeotec Z-Wave add-on is in the Community section. But we're doing SSH now.
  • There are two SSH add-ons, official, titled Terminal and SSH. and the community one titled SSH & Web Terminal by Franck Nijhof, The official one has security features which, in my case, prevented it from starting up. In forum posts reporting this issue, the consensus is to use the community version. It includes various net tools such as curl and wget. Default shell is ZSH. It's advertised to give real root access (which the official one doesn't).
  • Installing community SSH & Web Terminal. Configs on the Info tab: yes start on boot, turn off protection mode (would block elevated system access which is what I want to do). Documentation: here are the options I want (mind the formatting, imitate the example):
    • ssh: username: root (authenticate as this user) [Done]
    • ssh: password: Omit or set to "" which disables passwd auth.
    • ssh: authorized_keys: The value is a [list], comma separated. Be safe, enclose each entire key in quotes. Start with the algo (ssh-rsa or better algo), to the end of the line.
    • ssh: sftp: false (only turn on if you actually use it.)
    • zsh: true (this is preset, and you get bash if you turn it off. Actually I wouldn't be surprised that you get /bin/sh, which on SuSE is linked to /bin/bash.)
  • Starting it up. nmap reports that port 22 is open! Connection works from the local LAN: ssh root@dragon. and I'm root in the session (which is customary but could have been configured differently). One annoyance: it uses a random hostname. I altered /etc/hostname; after the next reboot we'll see if that applies system wide. I tried echo dragon > /proc/sys/kernel/hostname but we're running in a Docker container and it's mounted readonly.
  • The usual tricks to troubleshoot network problems don't seem to be working on Dragon, probably because /proc is mounted readonly. At least for the moment, I'm going to have to ignore the lack of its fixed IPv6 address. Later I'll need to jailbreak the host system.

• Next is going to be installing the Z-Wave add-on. But which one, the official one or the one from Aeotec? This H-A Community Guide about Z-Wave Integrations (by Petro, 2021-02-xx, updated 2022-09-xx) looks useful. These schemes are or were available:

  • Zwave JS add-on and integration (official)
  • Zwave JS UI add-on (from Aeotec) with Zwave JS integration (official)
  • Zwave JS UI add-on (from Aeotec) with MQTT integration (official)
  • OpenZwave integration (deprecated)
  • Zwave 1.4 integration (deprecated)

  He/they recommend the official add-on and integration. The Aeotec add-on has a GUI that lets you do various actions that the H-A Zwave JS integration cannot perform. The one with MQTT integration is listed after these two. Comments seem to suggest that if you have the MQTT broker installed and are using it for something else, using it also for Z-Wave makes sense, but otherwise don't add this complexity.

  I think I'll use the official add-on and integration, until I hit some problem that requires the GUI to unscramble, not likely on my simple net. (Famous last words.)

• Continuing with activating Z-Wave:

  • The documentation suggests that you may need to type the Devices' security keys into the configuration. But the Domoticz database does not include them. In fact, they seem to be stored in the Z-Stick itself. Cross fingers, hoping that the existing pairings will be honored in the H-A context.
  • Log in to H-A as H-A Administrator (homeauto).
  • You will need your Z-Stick's full path name. Go to Settings - System - Hardware. In the dotdotdot menu pick All Hardware. Search for tty's; for me the devpath was under ttyACM0 and the full path is /dev/serial/by-uid/usb-0658_0200-if00 . Mind hyphens vs. underbar. The middle two numbers are the vendor and product ID which you can also see in the output of lsusb (in a SSH shell session), so likely the devpath will not change randomly.
  • Now go to Settings - Add-Ons - Add-On Store - Official section - Z-Wave JS. Click it. (When returning here after installation, click on the card for Z-Wave JS rather than Add-On Store.)
  • Click Install. It circulates for about 40 sec. Info tab configuration: yes start on boot, no watchdog, no auto update.
  • Change to the documentation tab. Read the docs.
  • Now on the Configuration tab: Nice, they have a list of possible devpaths; click on the correct one; you don't have to actually type it in.
  • Since the security keys were not revealed by Domoticz, leave them blank.
  • Click Save (to save the configuration).
  • Start the add-on.
  • Back to Overview - Devices & Services. You start on the Integrations tab. Wait for about 30sec; it should show a card (labelled Discovered) for ttyACM0 (Z-Wave) and a Configure button. Click it. (If no discovery, likely Add Integration would be helpful.) Confirm doing the configuration. Successful auto-detection proves that USB pass-through succeeded.
  • After about 5sec it pops a box saying Success! and a list of cards for Entities some of which have believable names, starting with the Z-Stick. Each could be assigned to an area. Evidently it's using security keys stored in the Z-Stick. The next challenge will be to figure out which is which, and to rename them. Close this box.
  • Change to the Device tab.

• Interruption: How to pair and un-pair a device from the Aeotec Z-Stick Gen5. See the Users guide for Aeotec Z-Stick Gen5+ (very similar to Gen5). To pair a device:

  • (Shut down the controlling software (H-A).)
  • Unplug the Z-Stick. It has a battery inside.
  • Tap its button once. It will blink blue slowly to indicate that it's in pairing mode.
  • Watch the Z-Stick and tap the on button once on the device. (But some devices have unusual rituals like double tap.)
  • The Z-Stick will show blue for 2 sec indicating success, then will go back to pairing mode.
  • You can repeat (tap the button) on additional devices if you have them.
  • To exit pairing mode, tap the Z-Stick's button once. The LED will shut off.
  • To un-pair a device the procedure is the same except in the first step you press and hold the button until the Z-Stick starts blinking amber rapidly. Then promptly release the button.

• My goal in this step is to change the names of the Devices to match their functions.

  • Navigate to Settings - Devices & Services - Devices tab. Click on a Device.
  • It gives you a deck of cards. At the upper right of the title row of a card, click on the pencil icon. Here you could provide its name, assign it to an area, or disable it. Give an arbitrary but unique name like Switch 1. Click Update when finished. There is a confirmation box asking if you want to similarly update the names of its Entities. Generally you would say yes.
  • I'm editing in one window, and monitoring and testing, using the Dashboard, in another. To see the edited Device and related Entities in the Dashboard, navigate elsewhere (e.g. Settings), then reselect Dashboard. Don't use the browser's refresh icon because it will make you log in again.
  • Now observe your switch(es) and use the Dashboard card to turn on the edited switch. Seeing which lamp etc. was turned on, you know what name the switch should have. Edit again, giving this name.
  • I have several Devices identified as Node5 to 8. I have two switches that I expect to be discovered but which aren't on the list, and two which I suspect are broken switches replaced long ago.
  • Open the Device page for one of them. Under Device Info, in the Configure row is a dotdotdot icon. Click it, and pick Re-Interview. In my first attempt the resulting box said Re-interview failed after 1-2 minutes. Nodes 5+6 took a long time (1-2 mins) to fail; nodes 7+8 failed in 15sec, suggesting that they are actually on the net while 5+6 are missing.
  • Network Heal causes the Z-Stick to refresh its routing table, so it knows which within-range node(s) can reach each Device by mesh handoffs. I did not try to do this. Beware, battery powered Devices (that can sleep) have to wake up to be included, and the controller will wait forever (12 hours or more) for them to do so. Generally there's a way to wake them manually, like turning on/off a switch. But that's impossible for nonexistent Devices, so don't try Network Heal if there area any nonexistent Devices.
  • I hit Remove-Failed on all the dead nodes. Node 5 would not go away because it was responding to ping. The rest are gone. I tried to Add Device (from Settings - Devices & Services - Devices tab) - Add a Z-Wave Device). It circulated for quite a while but found no new devices. The message says Make sure the device is active and in inclusion mode.
  • The new switch is a Jasco ZW4009.
  • See the previous section for how to pair a device. I shut down Dragon, did the pairing procedure for the Jasco ZW4009 switch (successfully), unpaired and re-paired the Aeon Labs smart switch that wasn't working (node 5) (successfully), and restarted Dragon. Now H-A can control the Jasco ZW4009, turning on/off its lamp. I renamed the device.
  • Node 5 is another story. Following documentation links, I find that I'll need to edit YAML files. For which I need an editor; to find it: Settings - Add-ons - Add-on Store - (Official section) - File Editor.
  • Unfortunately this is going nowhere. There is nothing about Devices in the ./config directory. It's probably hiding in the SQLite database. My next try is going to be to unplug the device, remove failed, and plug it in again. But Add Device didn't find it. Wrong! It has appeared! I renamed Node 5.

• Creating automations: The ones I want are:

  • Circulating pump on at 08:00, off at 10:00, on at 18:00, off at 23:30.
  • Kitchen and laundry security lamps on 20 min after sunset, off 20 min before sunrise.
  • Living room security lamp on at 23:00, off 20 min before sunrise.

• How to create an automation: All of these are similar, and simple. You can make really complicated ones, like If jimc's cellphone is pingable (because it's at home and is on Wi-Fi, implying that jimc himself is at home), and if it's less than half an hour to sunset (or after sunset), at 18:00 turn on all the kitchen lamps. Steps to create the circulating pump turn-on automation:

  • Open Settings (in the sidebar). Click on Automations.
  • Either click on an existing automation to edit it, or pick Duplicate from its dotdotdot menu, or click Create Automation.
  • On Create, it asks if you want to copy a blueprint (which you will alter for your use case), or a blank form. Only a few blueprints are preinstalled, but there's a link to the Blueprint Exchange. My automations are so simple that I just used a blank form.
  • Click on Add Trigger. Pick the type from the list. I used two Time triggers, though now I've found the docs for Time Pattern, and that would have been smarter. For times relative to sunrise or sunset, use the Sun trigger type.
  • In the resulting form, pick fixed time mode. Change the time to 8:00:00 AM (no leading 0's, 12 hour time in USA, not ISO 8601 compliant :-)). Closing the edit form is optional (up-wedge in upper left corner).
  • Use the first trigger's dotdotdot menu to duplicate it. Open the copy and edit the time to 6:00:00 PM.
  • If we had set up presence indicators, like pingers or location reporting, we could put in a condition to only turn on the pump if either of us were home, but at present we have no conditions on this automation.
  • Click on Add Action. Pick an action from the list. The most common is Call Service.
  • Pick which service to call, from the provided list. In this case we're trying to turn on a smart switch. There are four kinds of service that we could turn on: an automation, Home Assistant Core Integration Generic Turn-on, a script, or a switch. Of these, the generic turn-on and the switch worked.
  • Generally, and for a turn-on, you will need to pick one or more objects to affect. You can add to the list an area (meaning all devices assigned to that area, e.g. the kitchen), a specific device, or an entity within a device (for this automation it needs to have a switch entity).
  • You can add multiple objects to the target list, and it will create by itself a script to turn on all of them, but I found that they did not actually turn on, so I created separate automations with identical triggers for each of the similarly scheduled lamps. I'll have to ask on the forum what's going on here and how I could have made it work.

Retrying Home Assistant Supervised

It's stupid to try to jailbreak H-A OS; I really should make H-A Supervised work in my own context. I'm sure there's no actual dependency on Debian, just that the developers can't deal with a zillion idiosyncratic distros with version skew on everything.

Reviving Orion

Orion is my name, IP addresses, etc. for a machine that I'm setting up. My plan is to create a new VM on Jacinth under this name, install H-A on it, (shut down H-A OS on Dragon), restore my backup and see that it works, and then rename it to Dragon replacing the old one. The first step is to clone Dragon's VM as Orion. documented in a separate writeup,

Activating Home Assistant Supervised

Home Assistant installation on Linux. Find the Home Assistant Supervised section at the bottom. Check out the requirements, then proceed to the installer documentation. Remember that we have (or should have) SuSE's tweaked home-assistant package already installed.

Requirements checklist:

• Only supports Debian 11 Bullseye (no Ubuntu, Raspbian, etc). Bug reports are not accepted when it's installed on other OS's. Blow this one off.
• FHS == 3.0 (Filesystem Hierarchy Standard, what directories there are).
• Package minimum versions are noted later in the section on installing dependencies. All listed packages, either available or already installed, have acceptable versions.

They require these additional items:

• The OS is dedicated to running Home Assistant. (Check.)
• All dependencies are installed. (Check.)
• No non-H-A software is installed. Well… I think they're concerned about major software packages that might starve H-A for resources or that might have conflicting dependencies. For example, the SuSE H-A package has specific version requirements for some Python modules, possibly cryptically hacked, to be installed from their repo, and competing software might force these out. I don't have anything like that; I think my favorite editor and my package management scripts aren't going to disrupt H-A.
• Docker needs to use overlayfs2 storage, journald for logging (with the container name as Tag), and cgroup v1. Jimc says: the Z-Wave add-on will probably end up in a Docker container, so I'll have to make sure Docker in general is configured correctly in advance.
• NetworkManager is installed and enabled. I'll have to switch back from Wicked.
• /run/systemd-journal-gatewayd.sock — On SuSE I would expect /run/systemd/journal/gatewayd or something like that, but the socket is not there and there's no sign of the daemon either. I expect that it comes with systemd-journal-remote.

The H-A-Supervised installer. Following along in the instructions:

• Install these dependencies using apt-get. All are installed or available in the official Tumbleweed repo, and have acceptable versions (indicated in parens). '*' (including on need to install notes) means that this item is now installed.

  • apparmor (>= 2.13.x) — Need to install*. apparmor-parser and apparmor-abstractions are the actually needed packages.
  • jq — This is a JSON parser and is installed*.
  • wget — For downloading HTML; is installed*.
  • curl — For downloading HTML; is installed*.
  • udisks2 (>= 2.8) — Daemon to manage discs. Need to install*.
  • NetworkManager (>= 1.14.6) — Need to install* and switch from Wicked. They spell it network-manager.
  • dbus — Interprocess communication; is installed*.
  • lsb-release — Tool to figure out what distro you're using, i.e. whether or not it's Debian 11 Bullseye. Need to install*.
  • systemd-journal-remote — Sends the systemd journal to a remote server (probably to exfiltrate it from a Docker container). Need to install*.
  • docker (>= 20.10.17) — They want the Community Edition. They say to get it from http://get.docker.com which delivers an installation script, which does not cover OpenSuSE Tumbleweed. But SuSE has an official package of docker-20.10.21_ce-1.1 . Definitely I'll use that one. Need to install*.
  • systemd >= 239 should already be installed*.
  • The OS-Agent is a prerequisite, but it's included in the SuSE H-A package.
  • The supervisor has to be installed of course. but it's also included in the H-A package.
  • All of the listed dependencies are installed, and all of the explicit dependencies (60 specific Python module versions) of the home-assistant package are installed.

• However, overnight the OpenSuSE H-A repo got out of sync between the home-assistant's version required for python310-bcrypt and the available version of that package. I'll continue with a shotgun wedding of versions, but will sync this up as soon as the repo is straightened out.

• systemd-journal-remote is installed. It's an official part of systemd. It provides systemd-journal-gatewayd, including systemd units for its socket and its service. hassio-supervisor.service starts both when the supervisor is started up. docker.service has to be started separately, i.e. not as a dependency of hassio-supervisor. These units need to be added to /m1/custom/scripts.extra .

• Likely firewall involvement: systemd-journal-gatewayd.socket uses port 19531/tcp. There's a manpage. However, H-A wants to write journal records to the socket, not the port.

• Supported hardware is generic x86_64; qemu for arm, arm-64, x86, and x86-64; Raspberry Pi 2 to 4, and various other ARM boards including odroid, Get the image appropriate to your architecture: in my case, generic x86_64.

• Configuration data is in /usr/share/hassio . In Debian this can be tweaked, but I don't think you can do that in SuSE (RPM).

• I should be able to just start it up, but the H-A package does not provide a pre-made systemd unit. I'm pretty good at writing systemd units, but it's best to use theirs because I won't know all the run-time dependencies. I downloaded the DEB package, used alien (package alien) to convert it to a TGZ file, and discovered three systemd units: /etc/systemd/system/hassio-supervisor.service , /etc/systemd/system/hassio-apparmor.service , /usr/lib/systemd/system/systemd-journal-gatewayd.socket . Snooping further, I found /usr/lib/systemd/system/home-assistant.service (from the H-A package, with an alias of hass.service) but nothing like hassio-supervisor. After inspecting, I copied hassio-supervisor.service and hassio-apparmor.service into /etc/systemd/system/ and added them to /m1/custom/scripts.extra. I also found /usr/lib/systemd/system/systemd-journal-gatewayd.{socket,service} from package systemd-journal-remote. I didn't overwrite these with the one from the deb package. However, they do have differences: gatewayd.socket: Debian listens on 19531/tcp while SuSE opens /run/systemd-journal-gatewayd.sock; Debian doesn't have gatewayd.service while SuSE does.

• Instructions about configuring systemd-journal-gatewayd per the Requirements page: it should listen on /run/systemd-journal-gatewayd.sock which SuSE's systemd-journal-remote already does. And hassio-supervisor should have permission to write on this socket. But there's got to be some way to tell it where to send the log messages to. My preference is dom0 of Orion/Dragon, i.e. the operating system outside of Docker.

• Following instructions in the Requirements page to configure Docker. They say it should use overlayfs2 storage, journald as the logging driver with Container name as the Tag, and cgroup v1. The SuSE package puts basic setup info in /usr/share/doc/packages/docker/README_SUSE.md .

  I found these items in the docker package: /etc/docker/daemon.json

  What is a Docker Image? An Image has a name. A Container is a running Image; it has an ID. A Tag is a string associated with an image, e.g. designating a specific version of that image.

  Docker security is described here.

  libvirt includes libvirt-daemon-driver-lxc which should enable you to manage Docker containers with libvirt tools like virsh.

  To set the storage driver (they want overlayfs2), edit /etc/sysconfig/docker, value of DOCKER_OPTS, and insert -s overlayfs2 . The storage ends up in /var/lib/docker .

  The docker service (daemon) should start at boot. They provide a systemd unit for it. Root, and members of the docker group, can communicate with this daemon over a socket.

  When containers communicate on the net, this is considered to be forwarding to the host (dom0), so the host's net.ipv4.ip_forward needs to be true (in sysctl). Look on Xena for how to make this work with NetworkManager. About Docker's bridge networking. Each (net-connected) container has an IP address (which it gets from where?) There is a default bridge, but it's recommended to configure a separate bridge explicitly. A newly started container connects to the default bridge, unless suppressed or directed to a user-defined bridge.

  Docker has a lot of man pages, but e.g. man docker-config tells you to run docker config --help to see the help, which is skimpy.

  Both overlay and overlay2 are currently unsupported on btrfs or any Copy on Write filesystem and should only be used over ext4 partitions. You should use the btrfs driver instead. So what should I do? First, dig into the H-A OS image and find out what they are doing, specifically what filesystem is on the root. I'm probably going to have to revert Orion to ext4 after all that work activating btrfs. If I want to keep a demo system with btrfs, let's convert Petra to become a clone of Orion.

• And we have to switch from Wicked to NetworkManager.

• Once you have H-A running and listening to its web port, you can proceed to Onboarding (the link points to that section earlier in this document). This procedure includes a step to upload the backup of the existing H-A.

Conclusion

I made progress in the effort to get H-A Supervised running on Orion, but as they warned, that project was turning into a time sink. When I found by accident during a software update of H-A OS that it was doing a Debian update as well, that dispelled my major objection to using H-A OS, and I decided to live with that (and turn my attention to another high priority item). H-A OS is performing reliably for me, and my needs are modest, so Dragon with H-A OS now has a permanent place on my main router Jacinth.