Home Assistant, the Python IoT hub

By John Coggeshall
June 10, 2020

The Internet of Things (IoT) push continues to expand as tens of thousands of different internet-enabled devices from light bulbs to dishwashers reach consumers' homes. Home Assistant is an open-source project to make the most of all of those devices, potentially with no data being shared with third parties.

Generally speaking, IoT devices are most useful when operating in coordination with each other. While decentralized systems are possible, keeping all of these devices coordinated in the effort to make a "smart house" generally uses a centralized server (or "smart hub") — a reality not lost on Apple, Amazon, and Google among others, who all provide various solutions to the problem.

For the privacy and security minded however, those solutions are problematic because they send private data to centralized servers for processing simply to turn on your lights. That these solutions are also closed-source black boxes does not help matters. Home Assistant is an Apache-licensed project to address this problem, started by Paulus Schoutsen, to provide a private centralized hub for automation and communication between a home's various IoT devices. Schoutsen is also founder of Nabu Casa, Inc., which provides commercial backing for the project. The platform is popular and active, approaching its 600th release from nearly 2,000 contributors to its core on GitHub. Integrations between various IoT platforms and Home Assistant are provided by its 1,600 available components written by the various contributors.

Meet Home Assistant

Home Assistant strives to be a user-friendly tool, with recent releases investing significantly in ease-of-use and front-end features. This includes technologies like auto-discovery of a wide range of IoT devices, built-in configuration editors, and an interface editing tool called Lovelace. Under the hood, Home Assistant is a Python 3 code base with configurations managed through YAML files for those who prefer to work from their own editor instead.

From a developer's perspective, Home Assistant has a well-documented API and architecture. It provides a web-based interface to manage the home, and mobile applications for both Android and iOS. Architecturally, it is an event-driven platform and state machine where various "entities" are managed by the system. Entities are arbitrary "things" and take many forms. They can be concrete devices, such as a particular light bulb, internet-based information like a weather report, or even a boolean indicating the presence of a specific phone's MAC address on the local network.

In Home Assistant, components expose entities and define services. Not to be confused with API web services, Home Assistant services enable actions related to the nature of the component, which may or may not use an underlying API. These components, also written in Python, are really the heart of the Home Assistant ecosystem. Components are responsible for integrating with third-party technologies (such as a smart bulb provider's API); executing the necessary API calls to make sure the device reflects the desired state as stored in a Home Assistant entity and vice versa. Components are also not limited to remote APIs and devices either; There are components that expose services for shell commands, standalone Python scripts, and other interactions with the local machine as well.

Components are downloaded and installed by Home Assistant on demand from the library managed by the Home Assistant project. If someone hasn't already written a component for a particular API integration or task, a custom component can be implemented in Python for your specific installation.

Tying together entities and services are automations, which are triggered based on events related to the state of one or more entities. Automations in turn perform actions by calling Home Assistant services to accomplish things such as turning on a light bulb. They also support conditional execution, one example being the creation of an automation that only executes on a weekend.

Getting started

For those who would like to try Home Assistant, the recommended hardware is a Raspberry Pi 4 Model B with one of the provided SD card images available here. For those who would like to install it on an existing, more traditional Linux host, the options available are a Docker image or installation using pip.

As previously stated, configuration values are managed in YAML. Editing the configuration can be done via the provided web interface, or directly editing of the instance's configuration.yaml. A separate secrets.yaml holds credentials and other sensitive information. Since the configuration is a collection of YAML files, it is convenient and recommended to track changes via a Git repository.

As an example of how configuration works, we are going to use the ecobee component. This component enables the integration of data, as well as API calls, from an Ecobee thermostat into Home Assistant entities and services. It starts with defining the component in configuration.yaml:

    ecobee:
        api_key !secret ecobee_api_key

Where ecobee_api_key is defined in secrets.yaml. Adding the ecobee component and restarting Home Assistant will automatically download and install the necessary packages for the component to function.

With the component enabled, entities for sensors can be created to extract specific pieces of information. For example, below is the definition of a sensor representing the HVAC fan that the Ecobee controls:

    sensor:
      - platform: template
        sensors:
          my_hvac_fan:
            value_template: "{{ states.climate.home.attributes.fan }}"

Above we define a new sensor using the template platform, indicating the value will come from a template. Platforms in Home Assistant categorize the types of configuration options and behaviors expected. For the template platform, it tells Home Assistant to extract the sensor's value from value_template.

It is worth noting that value_template uses the Jinja2 template engine under the hood, enabling sensors to normalize or implement logic for sensor values. In this example, we extract the value from an attribute of the state provided by the ecobee component. Templates can also be more complicated as needed (taken from my own setup of Home Assistant).

Once defined, this sensor's value can now be referenced by the entity identifier sensors.my_hvac_fan. Entities can be rendered to the web and mobile interface, their changes can be stored and graphed over time, and they can be used as a trigger for automations. Home Assistant provides a reasonable default rendering for an entity value in most cases and can be customized extensively as desired.

Automations provide the rules and actions to tie entities together. Each automation has three main segments: The trigger(s) for the automation, the condition(s) of the automation, and the action(s) to take if the conditions are met.

A typical automation looks like this:

    automation:
      - alias: 'Light on in the evening'
        trigger:
          - platform: sun
            event: sunset
            offset: '-01:00:00'
          - platform: state
            entity_id: person.john
            to: 'home'
        condition:
          - condition: time
            after: '16:00:00'
            before: '23:00:00'
        action:
          service: homeassistant.turn_on
          entity_id: group.living_room

In this automation we are using the built in sun entity to trigger our automation one hour before sunset (based on the time zone and location information configured in Home Assistant) along with a person entity (me). In Home Assistant a person entity is, among other things, a collection of device trackers used in presence tracking. Like some of the core entities in Home Assistant, the person entity type is an abstraction of values taken from other entity sources. For example the location of a person entity can be sourced from the devices connected to the LAN, the mobile app on a phone, or other similar sources assigned to that person.

Returning to the example, the automation is triggered by two states: At sunset minus an hour, and if the person is home. If both conditions are true, the automation is triggered and a check against the conditions is performed. If the conditions are met (in this case, the current time is within a range), then the action(s) are executed. The action for this automation is the homeassistant.turn_on service, which is given an elsewhere-defined target entity group.living_room to turn on. Note also that automations themselves are entities, and can be interacted with by other automations adding to their versatility. One common technique is to enable and disable one automation based on the actions of another automation.

Privacy and security

A key benefit to Home Assistant is not that it assures privacy for a smart home, rather that it gives the user a choice in the matter unlike commercial alternatives. That said, while Home Assistant provides the framework to implement a smart home hub completely free of the cloud, note that many IoT devices do not provide a way to control them in any other way. Some products are better than others in this regard, so it is an important consideration to keep in mind when choosing the various devices to use on the platform.

The other side of the coin is security, as one cannot have privacy unless they also have security. Various recommendations are provided by the project to ensure that an instance is secure, including keeping pace with releases and security fixes of the code base itself. Since Home Assistant is a web application (using APIs to communicate with the mobile applications over HTTP), all of the standard security practices normally encouraged apply. Accessing Home Assistant remotely requires access to the host machine remotely. In the case of the mobile applications, Home Assistant either must be exposed on a public IP or otherwise accessible by secure tunnel to function.

Home Assistant does make efforts to ensure that the platform is secure. Security fixes are common (but not too common) in releases, and the project advertises how to let it know if a new security vulnerability is discovered.

That being said, Home Assistant is typically not the only technology powering the smart home stack. Message brokers such as a MQTT server and database packages are commonly needed. Due consideration to ensure their security is important as well. Recent reporting of nearly 50,000 MQTT servers being exposed to the public indicates improper configuration of secondary services is a major concern for IoT deployments in general.

Learning more

If Home Assistant looks like a promising solution in the smart home space, then there are plenty of resources to get started with. Home Assistant has a large community of users to learn from and maintains a brisk release cycle of new features. The user documentation is generally acceptable and a great reference as well. For those with the Python skills to get involved, the developer portal has everything needed to get started writing components; and there is a popular Discord chat room if needed.

Home Assistant appears to be a lively project and worth keeping an eye on as a front-runner in the open-source IoT space. At least for the moment, it does also require a meaningful amount of technical know-how to set up. This does, however, seem likely to change considering the investments the project is making to create a more user-friendly experience. Readers who have avoided the home-automation bandwagon due to privacy concerns will find the project worth a look, as will as anyone interested in controlling the technology behind their own smart hub.

Index entries for this article
Python	Applications

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 0:22 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (4 responses)

I'm on a personal never-ending quest for perfect home automation. I've tried HA but ended up very disappointed.

My major issues were with barely functional ZWave and ZigBee support. In particular, HA uses OpenZWave library that just _loves_ to corrupt its device database (kept in a flat file). It also can't use a database for it.

I looked at its internal code structure and got scared away by its internals, the most problematic part was its use of await/async to simulate threads.

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 4:00 UTC (Thu) by pj (subscriber, #4506) [Link]

I gave up on HA for awhile, but checked it out again recently, and it's made some progress. Might be worth checking out once every year or two to see if it becomes bearable for you - it does seem to be under constant development.

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 19:19 UTC (Thu) by dw (subscriber, #12017) [Link] (1 responses)

Somewhat odd to comment on code quality while simultaneously lamenting the absence of threading. You'd prefer it randomly hang once per day, and always while you are in the bath?

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 21:28 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

I prefer my libraries, you know, NOT to hang at random moments. And OpenZWave is also not very well designed in itself. I'm now working on fixing it - removing all the !@#&*@^# singletons and adding a proper storage abstraction.

Home Assistant, the Python IoT Hub

Posted Jun 14, 2020 22:27 UTC (Sun) by djs_tx (guest, #29646) [Link]

I know it is an expensive hardware solution to a software problem but I migrated to HA starting on the Micasaverde (now EzLo) platform. And I left the Vera in charge of all of my Z-wave. And it appears to be a stable solution. I've thought about "cleaning up" my setup and moving to USB stick but the cost is sunk to me and is quite stable. I guess a little energy inefficient though.

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 13:04 UTC (Thu) by LtWorf (subscriber, #124958) [Link]

And here I am writing a C++ daemon to detect devices on the LAN, wiring relais to rpis, making my own async py daemon to drive them, making the central one to set which profile to use, using relational algebra, then making a shell client for that, then also a Qt client to show on the screen of the rpi, then adding all sort of things to that graphical client such as shutting down the screen backlight or the power to the speakers when they are not in use. :D

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 15:11 UTC (Thu) by gerdesj (subscriber, #5446) [Link] (6 responses)

The Docker install linked to in the article is a bit involved. For a quick spin try the RPi option or if you have an old laptop lying around then why not try this:

Install Ubuntu minimal: http://archive.ubuntu.com/ubuntu/dists/bionic/main/instal...

Update it to the new LTS - 20.04 with # do-release-upgrade -d

# apt install docker.io apparmor-utils apt-transport-https avahi-daemon ca-certificates curl dbus jq socat software-properties-common

# curl -sL "https://raw.githubusercontent.com/home-assistant/supervis..." | bash -s

... wait, a fair bit is happening ...

Point browser at the system on port 8123 and watch journalctl -f at the commandline

That recipe gets you a "Home Assistant Supervised" which is the full toy box but with proper hardware. Go to the Supervisor menu and get some add ons. I suggest File Editor, Lets Encrypt, Mosquitto broker, NGINX SSL proxy, Node-RED, OpenZwave and Terminal & SSH

There are currently three ways to do Zwave. The built in one will be deprecated eventually and is based on Openzwave 1.4 which is a bit sad. Zwave2MQTT is pretty decent but for my money the new OpenZwave is the best and has recently (yesterday) had more device types added.

The pace of development is amazing on this project. You get proper changelogs nowadays and it all looks a lot more grown up than it used to.

Home Assistant, the Python IoT Hub

Posted Jun 11, 2020 18:03 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (5 responses)

> the new OpenZwave is the best and has recently (yesterday) had more device types added.
Unfortunately, it's built on top of crap (OpenZWave library). And adding more abstraction layers on top of crap doesn't make it any better.

I guess it's a bit better now because crap is isolated in a separate process and won't crash/lock the main daemon.

OK, that does it. I'm going in and fixing OpenZWave the way I like it: no more singletons and an abstraction for the node cache.

Home Assistant, the Python IoT Hub

Posted Jun 12, 2020 12:05 UTC (Fri) by Fishwaldo (subscriber, #47595) [Link] (4 responses)

As the maintainer of OpenZWave It’s this type of “typical” comments from the home automation community that makes me want to delete the repo and walk away never looking back.

I’m a single developer on OZW, used in dozens of commercial and OSS home automation projects not to mention everyone’s pet Home Automation project. At last count in 2019 OZW was deployed in close to 100,000 installations. I’m spending most of my time debugging crappy $10 Chinese implementations that don’t adhere to specifications than I am working on features or refactoring legacy crap. I simply do not have the time!

And all people can do is complain. If you don’t like it, instead of being negative (is it really necessary to call it Crap?) why don’t you start putting up some PR’s and improve the situation? - in fact on second thought, dont. Not sure I want to work with someone with your kind of attitude.

And your cache corruption - that was back in OZW 1.4 - at least 4 years ago and fixed a long time ago. I can’t control if HA doesn’t have the will or manpower to stay current with OZW releases till now.

Home Assistant, the Python IoT Hub

Posted Jun 12, 2020 17:51 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

Sorry, but your library needs refactoring. This is the truth.

A well-behaved library just shouldn't do behind-the-scenes DNS lookups and unsecured HTTP downloads to update files in the filesystem. Neither should it manage its own volatile state using flat files.

I'll send patches to at least correct the config storage problems so customizable backends (like an SQLite database) could be used. I might not have enough energy to fix all other issues (like raw C++ pointers everywhere for no reason).

And if you feel that commercial products unfairly use your library then change its license to GPLv3 and offer alternative commercial licenses. It will help a lot.

Home Assistant, the Python IoT Hub

Posted Jun 14, 2020 12:14 UTC (Sun) by beagnach (guest, #32987) [Link]

Your overall intent may be good but the critical language and somewhat condescending attitude will just undermine any good you try to do. I'm not sure I'd accept patches from someone who introduced themselves in that manner.

In the end we're all human. We've all had that project where we learned some new language and made all the beginner mistakes. Some of us were lucky enough to do it in private, or with good mentors. Others had to do it in public and have their beginner mistakes visible to the world.

There's not need to be so harsh. There's probably code still living somewhere that you're probably not too proud of.

also
> I might not have enough energy to fix all other issues...

If you don't have the energy then why would you expect the maintainer to? Again, we're all only human, with limited time and energy.

So if you want to make a positive contribution, don't just snipe from the sidelines and make some drive-by pull request.
Loose the superior attitude and approach this as one fallible human being making a contribution to a project run by another fallible human being.

Home Assistant, the Python IoT Hub

Posted Jun 13, 2020 14:54 UTC (Sat) by meerdan (subscriber, #119439) [Link]

I don't use the OpenZWave library myself but I wanted to thank you for all your hard work!

There is a lot of work that goes into creating and maintaining such a library. And it must be hard to see that as long as everything works, nobody says anything, but if something doesn't work, people come at you with pitchforks.

I appreciate that you still take the time to show your viewpoint as a maintainer. This helps to remind people that maintainers are also just human and actually want the best for their projects.

Home Assistant, the Python IoT Hub

Posted Jun 14, 2020 0:51 UTC (Sun) by gerdesj (subscriber, #5446) [Link]

HA is now doing its best to get your current work into as many hands as possible. As end users we are getting daily updates now as point releases. Obviously' that is unsustainable long term but as integration bugs are squished why not release often.

I'm not qualified to comment on code quality but current end results for HA users look quite good to me and improving quite literally daily. I do know that Mr Ax can be quite forthright with his language and approach but he generally seems to know what he's on about.

To summarise: HA is making a serious attempt to do Zwave right and make the best of your work.

Please don't give up on us lot. Your work as upstream is very much appreciated.

Home Assistant, the Python IoT Hub

Posted Jun 15, 2020 15:00 UTC (Mon) by jccleaver (guest, #127418) [Link]

I really, really wanted HA to work for me, but I found the support just a little too lacking for the infrastructure I was building, but it's definitely made significant progress and I'm eager to see how it proceeds going forward. It's definitely in a better position than OpenHAB is as the go-to extensible open project, and that bodes well for it since there's always going to be a market for true local automation. (And I'm also glad I put together the small near-embedded PC to run it.)

Home Assistant, the Python IoT Hub

Posted Jun 18, 2020 0:52 UTC (Thu) by donbarry (guest, #10485) [Link] (1 responses)

This is a problematic space, with each of the "big three", Domoticz, Homeassistant, and openHAB having much to praise -- and criticize.

Of these three, the use of a scripting language immediately makes Homeassistant more modular, but there are some... peculiar.. architectural choices at work, with the oddities of the YAML configuration system and squeezing codepoints into "templates" (which are available for some entries and not for others) requiring some rather abstruse workarounds for things you wouldn't think are particularly odd corner cases. There is the Appdaemon extension that gives you real programming capabilities, but that there isn't such an interface "under the hood" and that the extension is maintained externally and independently is reason to pause.

Also, the team developing this is pushing online GUI configuration to the degree that some contributors have gotten scared away. I'm not sure I agree with their conclusion that configuration files are planned to be obsolete, but the core community can be clannish and opaque.

But what really disturbs me is the complete hypocrisy they show towards the spirit of free software. On their lead page is the motto "Open source home automation that puts local control and privacy first." Yet their extensions make no distinction or warning regarding the use of cloud-based APIs that leak private information and control, in the goal of advertising something that "just works" for whatever proprietary component you might have -- and still worse is their attitude towards community members who have tried to develop important Android clients that respect freedom and privacy.

An F-Droid client developer was intimidated into stopping development, and the Homeassistant cabal has decreed that their offering, under development, will use the Google messaging system for push notifications, and that they will not accept patches to make this optional to respect privacy and freedom, and to enable an F-Droid-hostable instance built only on free software.

So "puts local control and privacy first" is clearly just empty advertising, bereft of content.

Don't get me wrong, as a tool available under a permissive license that can be configured to be privacy respecting (minus the remote app), it's a good social contribution. But these are people very much in the "open source" camp of pragmatism, with the freedoms and virtues of free software something they seem to have never heard of.

Home Assistant, the Python IoT Hub

Posted Jul 2, 2020 19:11 UTC (Thu) by coogle (guest, #138507) [Link]

I'm not sure I agree with you portrayal of the project, at least when it comes to an F-Droid alternative client. Specifically you say the developer was intimidated, but it sounds much more like they just didn't have the time to work on it anymore when I looked briefly for information on this:

https://github.com/home-assistant/android/issues/42#issue...

I can appreciate the desire to be free of Google services, but I also don't think it's necessarily the responsibility of a project to agree. It doesn't make it less open source if the project leads aren't interested in maintaining an entirely different code branch of the mobile application (IMO). Since the Android app is open source, (https://github.com/home-assistant/android) there's little to nothing preventing someone else from maintaining a fork that doesn't require Google Play. I don't agree with the harsh criticisms of the project based on this, because I think fundamentally it boils down to an expectation they do work for free they don't want to do. That's never an obligation in an open source project and they aren't preventing others from doing it if they want to take that on (although obviously it would be an "unofficial" application).