How To: Reboot the PLC from NodeRED running in a container

It might be useful to perform tasks on the PFC200 host operating system from an application running in a container. One example might be rebooting the PLC from a Node-RED flow, and this is what this How-To will show. The last line of this script can be modified to perform other shell commands on the host.

Warning: Accessing the host from inside a container is not normally possible due to the sandbox nature of docker, and allowing so can cause serious security vulnerabilities. Keep this in mind before implementing this procedure! Use at your own risk!

Prerequisites:
-PFC200 is running Docker
-Node-RED container is running and named ‘node-red’
-PFC200 has internet access (to install required software only)

  1. SSH into the PFC200 with root

  2. Shell into the container called node-red. Substitute the name of your container (or use the unique container id).
    docker exec -it --user=root node-red /bin/bash

  3. Type;

cd /home
nano myroot.sh
  1. Copy this code into the file, and save with Ctl-X
#!/bin/sh
# Contact: H. Saal
# Version 6.0.0
# Script to Manage Settings on Hostsystem via Docker Container
clear
password=$1
root="default"
echo -e "\n\n"
echo -e "\e[00;32m++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\e[00m"
echo -e "\e[07;33mStart configuration local.\e[00m"
echo "Fetching Host IP Adress....."
HOST_IP=$(ifconfig | grep inet | head -n1 | cut -d":" -f2 | cut -d" " -f1)
HOST_IP=$(echo $HOST_IP | tr "\n" " " | tr -d " ")
echo -e "Actual Host IP= \e[00;32m$HOST_IP\e[00m"
echo -e "Start Configuration remote."
echo -e "Send reboot signal to host...... good by...."
sshpass -p $password ssh -t -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" root@$HOST_IP << EOF
sudo reboot
EOF
  1. Make the script executable with the command;
    chmod 777 myroot.sh
    image

  2. Add the package sshpass
    apk add sshpass
    image

  3. Test the script with the root password (default wago used below);
    ./myroot.sh wago
    image

  4. Shell back into the PLC and then the container. Clear the shell history, otherwise the root password is saved there. This should be kept secret!

docker exec -it --user=root node-red /bin/bash
history -c

image

  1. If the PLC rebooted, then it is now possible to use the exec node in Node-RED in the same manner.
    Note: This flow is for testing only. The root password should not be saved in the flow in plain text! This should be passed to the exec node from an external source (for example: from an encrypted MQTT payload or dashboard text entry).

    image
    Note the space after the .sh, the password will be appended as shown in step 7.
    image
1 Like