Convert unifi video to alpine

5 files changed, 340 insertions, 0 deletions

diff --git a/unifi-video/Dockerfile b/unifi-video/Dockerfile
new file mode 100644
index 0000000..2cb7b52
--- /dev/null
+++ b/unifi-video/Dockerfile
@@ -0,0 +1,61 @@
+FROM frolvlad/alpine-oraclejdk8:slim
+LABEL maintainer="Mike Crute <mike@crute.us>"
+
+ARG version
+
+ADD lsb_release /usr/bin
+ADD log4j2.json /tmp
+
+RUN \
+    # Validate required arguments were passed
+    test -z "${version}"       && { echo -e "\033[31mMissing build parameter 'version'\033[39m"; exit 1; }; \
+    \
+    # Install build and run dependencies
+    apk add --no-cache --virtual .build-deps \
+        binutils \
+        ca-certificates \
+        curl \
+    && apk add --no-cache \
+        dumb-init \
+        libcap \
+        mongodb \
+        su-exec \
+    \
+    # Fetch the Unifi package
+    && cd /tmp \
+    && curl -s -o unifi_video.deb "https://dl.ubnt.com/firmwares/ufv/v${version}/unifi-video.Ubuntu16.04_amd64.v${version}.deb" \
+    \
+    # Unpack the debian package and "install" it
+    && ar x unifi_video.deb \
+    && mkdir debian \
+    && tar -C debian -xzf control.tar.gz \
+    && tar -xzf data.tar.gz \
+    && rm -rf usr/share usr/sbin \
+    && mv usr/lib/unifi-video /usr/lib \
+    \
+    # Create directories and link everything together
+    && mkdir -p /var/lib/unifi-video /var/log/unifi-video /var/run/unifi-video \
+    && ln -sf /usr/bin/mongod /usr/lib/unifi-video/bin/mongod \
+    && ln -sf /var/lib/unifi-video /usr/lib/unifi-video/data \
+    && ln -sf /var/log/unifi-video /usr/lib/unifi-video/logs \
+    && ln -sf /var/run/unifi-video /usr/lib/unifi-video/run \
+    \
+    # Create Tomcat directories
+    && mkdir -p /usr/lib/unifi-video/conf/Catalina \
+    && mkdir -p /usr/lib/unifi-video/work \
+    \
+    # Write out version file
+    && VERSIG=$(awk '/^VERSIG/ { split($1, a, "="); print a[2]; }' debian/postinst) \
+    && echo "NVR.x86_64.${VERSIG}" > /etc/discovery.version \
+    \
+    # Install our customizations
+    && mv /tmp/log4j2.json /usr/lib/unifi-video \
+    \
+    # Cleanup
+    && apk del .build-deps \
+    && rm -rf /tmp/*
+
+ADD entrypoint.sh /
+
+STOPSIGNAL SIGTERM
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/unifi-video/Makefile b/unifi-video/Makefile
new file mode 100644
index 0000000..f277463
--- /dev/null
+++ b/unifi-video/Makefile
@@ -0,0 +1,41 @@
+REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com
+VERSION=3.8.5
+IMAGE_BASE=unifi-video
+IMAGE=$(IMAGE_BASE):$(VERSION)-alpine
+
+all:
+        docker build \
+                --build-arg=version=$(VERSION) \
+                -t $(IMAGE) .
+
+all-no-cache:
+        docker build \
+                --no-cache \
+                --build-arg=version=$(VERSION) \
+                -t $(IMAGE) .
+
+run:
+        # 6666 - Inbound Camera Streams
+        # 7080 - HTTP Web UI
+        # 7442 - Camera Management
+        # 7443 - HTTPS Web UI
+        # 7445 - Video Over HTTP
+        # 7446 - Video Over HTTPS
+        # 7447 - RTSP via Controller
+        docker run \
+                -p 6666:6666 \
+                -p 7080:7080 \
+                -p 7442:7442 \
+                -p 7443:7443 \
+                -p 7445:7445 \
+                -p 7446:7446 \
+                -p 7447:7447 \
+                -v /home/mcrute/tmp/unifi-data:/var/lib/unifi-video \
+                $(IMAGE)
+
+publish:
+        eval $$(aws ecr get-login --region us-west-2)
+        docker tag $(IMAGE) $(REPO)/$(IMAGE)
+        docker tag $(IMAGE) $(REPO)/$(IMAGE_BASE):alpine-latest
+        docker push $(REPO)/$(IMAGE)
+        docker push $(REPO)/$(IMAGE_BASE):alpine-latest
diff --git a/unifi-video/entrypoint.sh b/unifi-video/entrypoint.sh
new file mode 100755
index 0000000..e0740d1
--- /dev/null
+++ b/unifi-video/entrypoint.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+set -e
+
+USERNAME="unifi-video"
+BASEDIR="/usr/lib/unifi-video"
+DATA_DIR="${BASEDIR}/data"
+
+# Default UID/GID to owner of the data directory
+UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)}
+UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)}
+
+if [ "$UNIFI_GID" = 0 -o "$UNIFI_GID" = 0 ]; then
+    echo "Set UNIFI_GID and UNIFI_GID in environment"
+    exit 1
+else
+    echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID"
+fi
+
+cd ${BASEDIR}
+
+# Create the user and group
+addgroup -g ${UNIFI_GID} -S ${USERNAME}
+adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME}
+
+# Update permissions on the root directories
+chown ${USERNAME}:${USERNAME} \
+    /var/run/unifi-video \
+    /var/log/unifi-video \
+    /var/lib/unifi-video
+
+chown -R ${USERNAME}:${USERNAME} \
+    /usr/lib/unifi-video/conf/evostream \
+    /usr/lib/unifi-video/webapps \
+    /usr/lib/unifi-video/conf/Catalina \
+    /usr/lib/unifi-video/work
+
+# But do not let the unifi user write the ROOT WAR
+chown root:root /usr/lib/unifi-video/webapps/ROOT.war
+
+# Setup tmpfs if the user mounted it
+TMPFS_ARG=
+TMPFS_DIR="/var/cache/unifi-video"
+if [ -d $TMPFS_DIR ]; then
+    TMPFS_ARG="-Dav.tempdir=${TMPFS_DIR}"
+    chown ${USERNAME} ${TMPFS_DIR}
+    chmod -R 0700 ${TMPFS_DIR}
+fi
+
+# Do the base setup and migrate files
+if [ ! -f "${DATA_DIR}/system.properties" ]; then
+    cp -f "${BASEDIR}/etc/system.properties" "${DATA_DIR}/system.properties"
+fi
+
+if [ -f "${DATA_DIR}/truststore" ]; then
+    rm -f "${DATA_DIR}/truststore"
+fi
+
+if [ ! -f "${DATA_DIR}/ufv-truststore" ]; then
+    cp -f "${BASEDIR}/etc/ufv-truststore" "${DATA_DIR}/ufv-truststore"
+fi
+
+chown -h ${USERNAME}:${USERNAME} \
+    "${DATA_DIR}" \
+    "${DATA_DIR}/system.properties" \
+    "${DATA_DIR}/ufv-truststore"
+
+# Cleanup mongodb lock file if it exists otherwise the controller will freeze
+# forever trying to start Mongo
+[ -f data/db/mongod.lock ] && rm data/db/mongod.lock
+
+# Allow running a shell in the container
+if [ ! -z "$@" ]; then
+    /sbin/su-exec ${USERNAME} "$@"
+else
+    # Replace the current process with a scoped-down controller. The java app
+    # is designed to do its own job control but it has to run with an init
+    # system or it doesn't get the signals from docker.
+    exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/bin/java \
+        -cp ${BASEDIR}/lib/airvision.jar \
+        -Dlog4j.configurationFile=${BASEDIR}/log4j2.json \
+        ${TMPFS_ARG} \
+        -Djava.library.path=${BASEDIR}/lib \
+        -Djavax.net.ssl.trustStore=${DATA_DIR}/ufv-truststore \
+        -Djava.security.egd=file:/dev/urandom  \
+        -Xmx$(free -m | awk 'NR==2{printf "%dM\n", $2*0.26 }') \
+        -Djava.awt.headless=true \
+        -Dfile.encoding=UTF-8 \
+        com.ubnt.airvision.Main start
+fi
diff --git a/unifi-video/log4j2.json b/unifi-video/log4j2.json
new file mode 100644
index 0000000..6e0270c
--- /dev/null
+++ b/unifi-video/log4j2.json
@@ -0,0 +1,135 @@
+{
+  "configuration": {
+    "name": "Release",
+
+    "properties": {
+      "property": {
+        "name": "fileAppenderLayout",
+        "value": "%d{UNIX}.%d{SSS} %d{yyyy-MM-dd HH:mm:ss.SSS/zzz}: %-6p %m in %t%n"
+      }
+    },
+
+    "appenders": {
+      "appender": [
+        {
+          "type": "Console",
+          "name": "STDOUT",
+          "patternLayout": { "pattern": "${fileAppenderLayout}" },
+          "thresholdFilter": { "level": "trace" }
+        }
+      ]
+    },
+
+    "loggers": {
+      "root": {
+        "level": "warn",
+        "AppenderRef": [
+          { "ref": "STDOUT" }
+        ]
+      },
+      "logger": [
+        { "name": "uv", "level": "INFO" },
+        { "name": "com.ubnt", "level": "off" },
+        { "name": "org.apache.commons.httpclient", "level": "error" },
+        { "name": "com.mongodb", "level": "error" },
+        { "name": "javax.jmdns", "level": "fatal" },
+        { "name": "net.schmizz", "level": "fatal" },
+        { "name": "org.apache.catalina.startup.Catalina", "level": "error" },
+        { "name": "org.apache.catalina.startup.DigesterFactory", "level": "error" },
+        { "name": "org.apache.tomcat.util.digester.Digester", "level": "error" },
+        { "name": "org.atmosphere.cpr.SessionSupport", "level": "error" },
+        {
+          "name": "uv.service.recording",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.service.recording.sync",
+          "level": "debug", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.service.recording.segments",
+          "level": "debug", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.service.connection",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.purge",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.service.motion",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.stream",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.comm.ems",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.comm.camera",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.comm.sso",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.service.dbMigration",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.service.hls",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        },
+        {
+          "name": "uv.login",
+          "level": "info", "additivity": "false",
+          "AppenderRef": [
+            { "ref": "STDOUT" }
+          ]
+        }
+      ]
+    }
+  }
+}
diff --git a/unifi-video/lsb_release b/unifi-video/lsb_release
new file mode 100755
index 0000000..2edb739
--- /dev/null
+++ b/unifi-video/lsb_release
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Stub called by the controller to do software update checks. Absence causes
+# failure. Since we're running alpine but UBNT doesn't know what that is just
+# lie and say we're Ubuntu
+#
+
+cat <<EOF
+Distributor ID: Ubuntu
+Description:    Ubuntu 16.04.3 LTS
+Release:        16.04
+Codename:       xenial
+EOF