I believe you can configure the system so that the only command that a user (the node red user in this case) can use sudo for is sudo systemctl restart nodered, and allow that command to be used without a password. Then you can do it via an exec node. You could also include sudo reboot if necessary.
I have 2 system, both are isolated to each other. One system provide user configuration (flow, file, node etc) and other system having the node-red runtime running.
So we are using API exposed by the runtime node-red and performing all the operation.
yes that what I thought to do...so as mentioned by @ [GogoVega] if I need to update the "node-red-dashboard", then I need to restart node-red.
As I mentioned earlier, IIn my usecase I do not have a direct control of the node-red (which is running in the runtime system), so I am using the node-red API to perform all the operation, something as below:
User want to upgrade "node-red-node-email" from "2.0.1" to "2.1.0".
User uses post /nodes API to update the node.
The version is not updated on the running instance of node-red unless it is restarted.
I need to use either:
docker restart container-id (or name)
or
systemctl restart nodered
etc...
But If there are any API like admin API it will help to do the things dynamically.
Just to answer this, as it was your original question and I don't think anyone has responded directly - there is no admin api for doing a full restart of the runtime. This is why the suggestions above involve tricks like using the exec node to create a flow to do it.
Restart implies a complete reload of all modules which is not currently possible - perhaps in the future; I saw the same question was asked for FlowFuse (same issue)
If this ever does get added to Node-RED, I really hope that it is behind a property flag in settings.js because I can think of a lot of ways this could be badly abused.
Which reminds me of something I meant to do. I'll add a comment to the security FAQ entry to remind people to protect settings.js from Node-RED itself.
Did you realise that the specific suggestion was to allow the node-red user to use sudo with only the node red restart and reboot commands and nothing else? That does not sound particularly dangerous, or am I missing something?
The only practical way to implement this would be to modify the node-red command to be a shell script that then invokes the node process to run Node-RED. The API would then request the node process to exit with a well-define exit code that the shell script would check for and restart the node process.
This would mean the API would not work for cases where Node-RED is embedded in another node app, or someone has created a custom launcher that invokes node.js directly.
But it would remove any requirement to need any extra permissions such as sudo.