unifi: convert to simplevisor

author: Mike Crute <mike@crute.us> 2022-12-10 08:14:56 -0800
committer: Mike Crute <mike@crute.us> 2022-12-10 08:14:56 -0800
commit: 10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0 (patch)
tree: dbecb5acee08fbda4c39009be13808a2f420aa84
parent: 080b38448a441e51213983edd5c4d16d1c2858e1 (diff)
download: dockerfiles-10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0.tar.bz2
dockerfiles-10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0.tar.xz
dockerfiles-10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0.zip
6 files changed, 70 insertions, 114 deletions
diff --git a/unifi/Dockerfile b/unifi/Dockerfile
index acb471f..a04d001 100644
--- a/unifi/Dockerfile
+++ b/unifi/Dockerfile
@@ -1,6 +1,8 @@
 FROM alpine:edge
 LABEL maintainer="Mike Crute <mike@crute.us>"
+# TODO: Move all the unpacking stuff to the Makefile
 ARG deb_location
 ARG checksum_line
@@ -55,7 +57,9 @@ RUN set -euxo pipefail; \
    && apk del .build-deps \
    && rm -rf /tmp/*
-ADD entrypoint.sh /
+ADD unifi-setup.sh /
+ADD simplevisor.json /
+ADD simplevisor /
 STOPSIGNAL SIGTERM
-ENTRYPOINT [ "/entrypoint.sh" ]
+ENTRYPOINT [ "/simplevisor" ]
diff --git a/unifi/Makefile b/unifi/Makefile
index 83e2fc9..b1c9503 100644
--- a/unifi/Makefile
+++ b/unifi/Makefile
@@ -1,6 +1,7 @@
 VERSION=7.2.91-85c367a4aa
-IMAGE=docker.crute.me/unifi:$(VERSION)
+VERSION_TAG=$(VERSION)-1
-LATEST=$(subst :$(VERSION),,$(IMAGE)):latest
+IMAGE=docker.crute.me/unifi:$(VERSION_TAG)
+LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest
 DEB_LOCATION="https://dl.ui.com/unifi/$(VERSION)/unifi_sysvinit_all.deb"
 CHECKSUM_LINE="d33e7b5a838a4c301ca545910e7119ba62bda80202259655191ced1e482cecde *unifi_sysvinit_all.deb"
diff --git a/unifi/Makefile5 b/unifi/Makefile5
deleted file mode 100644
index 7c2c212..0000000
--- a/unifi/Makefile5
+++ /dev/null
@@ -1,36 +0,0 @@
-VERSION=5.14.23
-IMAGE=docker.crute.me/unifi:$(VERSION)
-LATEST=$(subst :$(VERSION),,$(IMAGE)):latest
-DEB_LOCATION="https://dl.ui.com/unifi/$(VERSION)/unifi_sysvinit_all.deb"
-CHECKSUM_LINE="fb12d448828656523978be9f594f2ce3fb35d524bc80d2c150e58f2a7d0159a9 *unifi_sysvinit_all.deb"
-all:
-        docker pull alpine:latest
-        docker build \
-                --no-cache \
-                --build-arg=deb_location=$(DEB_LOCATION) \
-                --build-arg=checksum_line=$(CHECKSUM_LINE) \
-                -t $(IMAGE) .
-all-no-cache:
-        docker build \
-                --no-cache \
-                --build-arg=deb_location=$(DEB_LOCATION) \
-                --build-arg=checksum_line=$(CHECKSUM_LINE) \
-                -t $(IMAGE) .
-run:
-        docker run -d \
-                -e UNIFI_UID=1001 \
-                -e UNIFI_GID=1001 \
-                -p 8080:8080 \
-                -p 8443:8443 \
-                $(IMAGE)
-publish:
-        docker push $(IMAGE)
-publish-prod:
-        docker tag $(IMAGE) $(LATEST)
-        docker push $(LATEST)
diff --git a/unifi/README.md b/unifi/README.md
deleted file mode 100644
index c1566b2..0000000
--- a/unifi/README.md
+++ /dev/null
@@ -1,50 +0,0 @@
-[(Dockerfile)]: https://code.crute.me/mcrute/dockerfiles/tree/unifi/Dockerfile
-[Changelog]: https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-5-6-20-Stable-has-been-released/ba-p/2119397?attachment-id=85425
-# Supported tags and respective `Dockerfile` links
-* `5.6.20`, `stable` [(Dockerfile)][] [Changelog][]
-[![unifi](https://dl.ubnt.com/press/logo-UniFi.jpg)](https://unifi-sdn.ubnt.com/)
-# Ubiquiti Unifi SDN Controller
-The UniFi Controller software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. This unofficial image is a minimalist re-packaging of the upstream binaries into an Alpine Linux based container. The image has been adapted to better fit the Docker tooling by logging everything to stdout and running with reduced privileges.
-## Usage
-At a minimum users should mount a data volume over `/var/lib/unifi` for storage of their databases and downloaded firmware.
-A minimal run command would be:
-```
-docker run \
-    -v /your-unifi-path:/var/lib/unifi \
-    -p 8080:8080 \
-    -p 8443:8443 \
-    mcrute/unifi-controller:stable
-```
-After bootstrap the controller will run as the `unifi` user within the container. It is possible to map the unifi user id and group id within the container to a custom uid/gid using the `UNIFI_UID` and `UNIFI_GID` environment variables. The default is uid 101 and gid 102.
-An example of this:
-```
-docker run \
-    -v /your-unifi-path:/var/lib/unifi \
-    -e UNIFI_UID=201 \
-    -e UNIFI_GID=302 \
-    -p 8080:8080 \
-    -p 8443:8443 \
-    mcrute/unifi-controller:stable
-```
-## License
-View [license information](https://www.ubnt.com/eula/) for the software contained in this image.
-As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
-As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
-## Used Software
-This container builds on [Alpine Linux](http://alpinelinux.org/) and uses [su-exec](https://github.com/ncopa/su-exec) for privilege separation.
diff --git a/unifi/simplevisor.json b/unifi/simplevisor.json
new file mode 100644
index 0000000..0d8ed76
--- /dev/null
+++ b/unifi/simplevisor.json
@@ -0,0 +1,52 @@
+{
+    "env": {
+        "pass": [
+            "PATH",
+            "HOSTNAME",
+            "SHLVL",
+            "HOME",
+            "PWD",
+            "UNIFI_UID",
+            "UNIFI_GID",
+            "MONGO_URL",
+            "MONGO_STATS_URL"
+        ],
+        "vault-replace": [
+            "MONGO_USER",
+            "MONGO_PASSWORD"
+        ],
+        "vault-template": [
+            "MONGO_URL",
+            "MONGO_STATS_URL"
+        ]
+    },
+    "jobs": {
+        "init": [
+            {
+                "cmd": ["/unifi-setup.sh"],
+                "run-as": "root"
+            }
+        ],
+        "main": [
+            {
+                "cmd": [
+                    "/usr/lib/jvm/default-jvm/bin/java",
+                        "-cp", "/usr/lib/unifi/lib/ace.jar",
+                        "-Dlog4j.configuration=file:/usr/lib/unifi/log4j.properties",
+                        "-Dlog4j2.formatMsgNoLookups=true",
+                        "-Dunifi.datadir=/usr/lib/unifi/data",
+                        "-Dunifi.logdir=/usr/lib/unifi/logs",
+                        "-Dunifi.rundir=/usr/lib/unifi/run",
+                        "-Xmx1024M",
+                        "-Djava.awt.headless=true",
+                        "-Dorg.xerial.snappy.use.systemlib=true",
+                        "-Dfile.encoding=UTF-8",
+                        "com.ubnt.ace.Launcher", "start"
+                ],
+                "run-as": "unifi"
+            }
+        ]
+    }
+}
diff --git a/unifi/entrypoint.sh b/unifi/unifi-setup.sh
index 506c20f..30defdc 100755
--- a/unifi/entrypoint.sh
+++ b/unifi/unifi-setup.sh
@@ -56,27 +56,12 @@ if [ -z "$START_DEFAULT" ]; then
        echo "is_default=false" >> /var/lib/unifi/system.properties
 fi
-# Allow running a shell in the container
+# Replace the current process with a scoped-down controller. The java app
-if [ ! -z "$@" ]; then
+# is designed to do its own job control but it has to run with an init
-    /sbin/su-exec ${USERNAME} "$@"
+# system or it doesn't get the signals from docker.
-else
+#
-    # Replace the current process with a scoped-down controller. The java app
+# Use the snappy native library installed with apk because the bundled on
-    # is designed to do its own job control but it has to run with an init
+# is built against libc which is not available in Alpine. Without this
-    # system or it doesn't get the signals from docker.
+# inform will fail with a decompression library error.
-    #
-    # Use the snappy native library installed with apk because the bundled on
+# NOTE: This has been migrated to simplevisor.json
-    # is built against libc which is not available in Alpine. Without this
-    # inform will fail with a decompression library error.
-    exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/bin/java \
-        -cp ${BASEDIR}/lib/ace.jar \
-        -Dlog4j.configuration=file:${BASEDIR}/log4j.properties \
-        -Dlog4j2.formatMsgNoLookups=true \
-        -Dunifi.datadir=${BASEDIR}/data \
-        -Dunifi.logdir=${BASEDIR}/logs \
-        -Dunifi.rundir=${BASEDIR}/run \
-        -Xmx1024M \
-        -Djava.awt.headless=true \
-        -Dorg.xerial.snappy.use.systemlib=true \
-        -Dfile.encoding=UTF-8 \
-        com.ubnt.ace.Launcher start
-fi
author	Mike Crute <mike@crute.us>	2022-12-10 08:14:56 -0800
committer	Mike Crute <mike@crute.us>	2022-12-10 08:14:56 -0800
commit	10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0 (patch)
tree	dbecb5acee08fbda4c39009be13808a2f420aa84
parent	080b38448a441e51213983edd5c4d16d1c2858e1 (diff)
download	dockerfiles-10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0.tar.bz2 dockerfiles-10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0.tar.xz dockerfiles-10ef51e41bfb73c5a64c79255b17c0bc98d8c8b0.zip

diff --git a/unifi/Dockerfile b/unifi/Dockerfile index acb471f..a04d001 100644 --- a/unifi/Dockerfile +++ b/unifi/Dockerfile
@@ -1,6 +1,8 @@
1	FROM alpine:edge	1	FROM alpine:edge
2	LABEL maintainer="Mike Crute <mike@crute.us>"	2	LABEL maintainer="Mike Crute <mike@crute.us>"
3		3
		4	# TODO: Move all the unpacking stuff to the Makefile
		5
4	ARG deb_location	6	ARG deb_location
5	ARG checksum_line	7	ARG checksum_line
6		8
@@ -55,7 +57,9 @@ RUN set -euxo pipefail; \
55	&& apk del .build-deps \	57	&& apk del .build-deps \
56	&& rm -rf /tmp/*	58	&& rm -rf /tmp/*
57		59
58	ADD entrypoint.sh /	60	ADD unifi-setup.sh /
		61	ADD simplevisor.json /
		62	ADD simplevisor /
59		63
60	STOPSIGNAL SIGTERM	64	STOPSIGNAL SIGTERM
61	ENTRYPOINT [ "/entrypoint.sh" ]	65	ENTRYPOINT [ "/simplevisor" ]


diff --git a/unifi/Makefile b/unifi/Makefile index 83e2fc9..b1c9503 100644 --- a/unifi/Makefile +++ b/unifi/Makefile
@@ -1,6 +1,7 @@
1	VERSION=7.2.91-85c367a4aa	1	VERSION=7.2.91-85c367a4aa
2	IMAGE=docker.crute.me/unifi:$(VERSION)	2	VERSION_TAG=$(VERSION)-1
3	LATEST=$(subst :$(VERSION),,$(IMAGE)):latest	3	IMAGE=docker.crute.me/unifi:$(VERSION_TAG)
		4	LATEST=$(subst :$(VERSION_TAG),,$(IMAGE)):latest
4		5
5	DEB_LOCATION="https://dl.ui.com/unifi/$(VERSION)/unifi_sysvinit_all.deb"	6	DEB_LOCATION="https://dl.ui.com/unifi/$(VERSION)/unifi_sysvinit_all.deb"
6	CHECKSUM_LINE="d33e7b5a838a4c301ca545910e7119ba62bda80202259655191ced1e482cecde *unifi_sysvinit_all.deb"	7	CHECKSUM_LINE="d33e7b5a838a4c301ca545910e7119ba62bda80202259655191ced1e482cecde *unifi_sysvinit_all.deb"


diff --git a/unifi/Makefile5 b/unifi/Makefile5 deleted file mode 100644 index 7c2c212..0000000 --- a/unifi/Makefile5 +++ /dev/null
@@ -1,36 +0,0 @@
1	VERSION=5.14.23
2	IMAGE=docker.crute.me/unifi:$(VERSION)
3	LATEST=$(subst :$(VERSION),,$(IMAGE)):latest
4
5	DEB_LOCATION="https://dl.ui.com/unifi/$(VERSION)/unifi_sysvinit_all.deb"
6	CHECKSUM_LINE="fb12d448828656523978be9f594f2ce3fb35d524bc80d2c150e58f2a7d0159a9 *unifi_sysvinit_all.deb"
7
8	all:
9	docker pull alpine:latest
10	docker build \
11	--no-cache \
12	--build-arg=deb_location=$(DEB_LOCATION) \
13	--build-arg=checksum_line=$(CHECKSUM_LINE) \
14	-t $(IMAGE) .
15
16	all-no-cache:
17	docker build \
18	--no-cache \
19	--build-arg=deb_location=$(DEB_LOCATION) \
20	--build-arg=checksum_line=$(CHECKSUM_LINE) \
21	-t $(IMAGE) .
22
23	run:
24	docker run -d \
25	-e UNIFI_UID=1001 \
26	-e UNIFI_GID=1001 \
27	-p 8080:8080 \
28	-p 8443:8443 \
29	$(IMAGE)
30
31	publish:
32	docker push $(IMAGE)
33
34	publish-prod:
35	docker tag $(IMAGE) $(LATEST)
36	docker push $(LATEST)


diff --git a/unifi/README.md b/unifi/README.md deleted file mode 100644 index c1566b2..0000000 --- a/unifi/README.md +++ /dev/null
@@ -1,50 +0,0 @@
1	[(Dockerfile)]: https://code.crute.me/mcrute/dockerfiles/tree/unifi/Dockerfile
2	[Changelog]: https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-5-6-20-Stable-has-been-released/ba-p/2119397?attachment-id=85425
3
4	# Supported tags and respective `Dockerfile` links
5
6	* `5.6.20`, `stable` [(Dockerfile)][] [Changelog][]
7
8
9	[![unifi](https://dl.ubnt.com/press/logo-UniFi.jpg)](https://unifi-sdn.ubnt.com/)
10
11	# Ubiquiti Unifi SDN Controller
12
13	The UniFi Controller software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. This unofficial image is a minimalist re-packaging of the upstream binaries into an Alpine Linux based container. The image has been adapted to better fit the Docker tooling by logging everything to stdout and running with reduced privileges.
14
15	## Usage
16	At a minimum users should mount a data volume over `/var/lib/unifi` for storage of their databases and downloaded firmware.
17
18	A minimal run command would be:
19
20	```
21	docker run \
22	-v /your-unifi-path:/var/lib/unifi \
23	-p 8080:8080 \
24	-p 8443:8443 \
25	mcrute/unifi-controller:stable
26	```
27
28	After bootstrap the controller will run as the `unifi` user within the container. It is possible to map the unifi user id and group id within the container to a custom uid/gid using the `UNIFI_UID` and `UNIFI_GID` environment variables. The default is uid 101 and gid 102.
29
30	An example of this:
31
32	```
33	docker run \
34	-v /your-unifi-path:/var/lib/unifi \
35	-e UNIFI_UID=201 \
36	-e UNIFI_GID=302 \
37	-p 8080:8080 \
38	-p 8443:8443 \
39	mcrute/unifi-controller:stable
40	```
41
42	## License
43	View [license information](https://www.ubnt.com/eula/) for the software contained in this image.
44
45	As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
46
47	As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
48
49	## Used Software
50	This container builds on [Alpine Linux](http://alpinelinux.org/) and uses [su-exec](https://github.com/ncopa/su-exec) for privilege separation.


diff --git a/unifi/simplevisor.json b/unifi/simplevisor.json new file mode 100644 index 0000000..0d8ed76 --- /dev/null +++ b/unifi/simplevisor.json
@@ -0,0 +1,52 @@
		1	{
		2	"env": {
		3	"pass": [
		4	"PATH",
		5	"HOSTNAME",
		6	"SHLVL",
		7	"HOME",
		8	"PWD",
		9
		10	"UNIFI_UID",
		11	"UNIFI_GID",
		12
		13	"MONGO_URL",
		14	"MONGO_STATS_URL"
		15	],
		16	"vault-replace": [
		17	"MONGO_USER",
		18	"MONGO_PASSWORD"
		19	],
		20	"vault-template": [
		21	"MONGO_URL",
		22	"MONGO_STATS_URL"
		23	]
		24	},
		25	"jobs": {
		26	"init": [
		27	{
		28	"cmd": ["/unifi-setup.sh"],
		29	"run-as": "root"
		30	}
		31	],
		32	"main": [
		33	{
		34	"cmd": [
		35	"/usr/lib/jvm/default-jvm/bin/java",
		36	"-cp", "/usr/lib/unifi/lib/ace.jar",
		37	"-Dlog4j.configuration=file:/usr/lib/unifi/log4j.properties",
		38	"-Dlog4j2.formatMsgNoLookups=true",
		39	"-Dunifi.datadir=/usr/lib/unifi/data",
		40	"-Dunifi.logdir=/usr/lib/unifi/logs",
		41	"-Dunifi.rundir=/usr/lib/unifi/run",
		42	"-Xmx1024M",
		43	"-Djava.awt.headless=true",
		44	"-Dorg.xerial.snappy.use.systemlib=true",
		45	"-Dfile.encoding=UTF-8",
		46	"com.ubnt.ace.Launcher", "start"
		47	],
		48	"run-as": "unifi"
		49	}
		50	]
		51	}
		52	}


diff --git a/unifi/entrypoint.sh b/unifi/unifi-setup.sh index 506c20f..30defdc 100755 --- a/unifi/entrypoint.sh +++ b/unifi/unifi-setup.sh
@@ -56,27 +56,12 @@ if [ -z "$START_DEFAULT" ]; then
56	echo "is_default=false" >> /var/lib/unifi/system.properties	56	echo "is_default=false" >> /var/lib/unifi/system.properties
57	fi	57	fi
58		58
59	# Allow running a shell in the container	59	# Replace the current process with a scoped-down controller. The java app
60	if [ ! -z "$@" ]; then	60	# is designed to do its own job control but it has to run with an init
61	/sbin/su-exec ${USERNAME} "$@"	61	# system or it doesn't get the signals from docker.
62	else	62	#
63	# Replace the current process with a scoped-down controller. The java app	63	# Use the snappy native library installed with apk because the bundled on
64	# is designed to do its own job control but it has to run with an init	64	# is built against libc which is not available in Alpine. Without this
65	# system or it doesn't get the signals from docker.	65	# inform will fail with a decompression library error.
66	#	66
67	# Use the snappy native library installed with apk because the bundled on	67	# NOTE: This has been migrated to simplevisor.json
68	# is built against libc which is not available in Alpine. Without this
69	# inform will fail with a decompression library error.
70	exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/bin/java \
71	-cp ${BASEDIR}/lib/ace.jar \
72	-Dlog4j.configuration=file:${BASEDIR}/log4j.properties \
73	-Dlog4j2.formatMsgNoLookups=true \
74	-Dunifi.datadir=${BASEDIR}/data \
75	-Dunifi.logdir=${BASEDIR}/logs \
76	-Dunifi.rundir=${BASEDIR}/run \
77	-Xmx1024M \
78	-Djava.awt.headless=true \
79	-Dorg.xerial.snappy.use.systemlib=true \
80	-Dfile.encoding=UTF-8 \
81	com.ubnt.ace.Launcher start
82	fi