diff options
author | Mike Crute <mike@crute.us> | 2017-11-02 17:31:16 +0000 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2017-11-05 19:39:54 +0000 |
commit | 54c56da736241a56db6a3200aea454b66ed006f1 (patch) | |
tree | f68e011be76e38898b76902b0ef46632cc39e21a /unifi | |
parent | 2867e66a0169073e8e4a604e45f3ebf465ecf2ef (diff) | |
download | dockerfiles-54c56da736241a56db6a3200aea454b66ed006f1.tar.bz2 dockerfiles-54c56da736241a56db6a3200aea454b66ed006f1.tar.xz dockerfiles-54c56da736241a56db6a3200aea454b66ed006f1.zip |
Add unifi version support
Diffstat (limited to 'unifi')
-rw-r--r-- | unifi/.dockerignore | 1 | ||||
-rw-r--r-- | unifi/Dockerfile | 83 | ||||
-rw-r--r-- | unifi/Makefile | 32 | ||||
-rw-r--r-- | unifi/README.md | 50 | ||||
-rwxr-xr-x | unifi/custom/entrypoint.sh | 30 | ||||
-rw-r--r-- | unifi/custom/log4j.properties | 25 | ||||
-rwxr-xr-x | unifi/custom/su-exec-alpine | bin | 0 -> 17096 bytes |
7 files changed, 175 insertions, 46 deletions
diff --git a/unifi/.dockerignore b/unifi/.dockerignore new file mode 100644 index 0000000..f3c7a7c --- /dev/null +++ b/unifi/.dockerignore | |||
@@ -0,0 +1 @@ | |||
Makefile | |||
diff --git a/unifi/Dockerfile b/unifi/Dockerfile index 7fe3ec9..27ef95d 100644 --- a/unifi/Dockerfile +++ b/unifi/Dockerfile | |||
@@ -1,40 +1,51 @@ | |||
1 | FROM ubuntu:16.04 | 1 | FROM alpine:latest |
2 | MAINTAINER Michael Crute <mike@crute.us> | 2 | LABEL maintainer="Mike Crute <mike@crute.us>" |
3 | 3 | ||
4 | RUN export DEBIAN_FRONTEND=noninteractive && \ | 4 | ARG version |
5 | echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' > /etc/apt/apt.conf && \ | 5 | ARG checksum_file |
6 | apt-get update && \ | ||
7 | apt-get install -y curl software-properties-common sudo psmisc mongodb-server openjdk-8-jre-headless jsvc && \ | ||
8 | apt-add-repository -y "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" && \ | ||
9 | apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50 && \ | ||
10 | apt-get update && \ | ||
11 | apt-get install -y unifi && \ | ||
12 | 6 | ||
13 | # Clean up | 7 | ADD custom/ /tmp |
14 | rm /etc/apt/apt.conf && \ | ||
15 | apt-get clean && \ | ||
16 | rm -rf /var/lib/apt/lists/* && \ | ||
17 | rm -rf /tmp/* | ||
18 | 8 | ||
19 | # Inform Port | 9 | RUN \ |
20 | # HTTPS Web UI & API | 10 | # Validate required arguments were passed |
21 | EXPOSE 8080 8443 | 11 | test -z "${version}" && { echo -e "\033[31mMissing build parameter 'version'\033[39m"; exit 1; }; \ |
22 | VOLUME ["/var/lib/unifi", "/var/log/unifi"] | 12 | test -z "${checksum_file}" && { echo -e "\033[31mMissing build parameter 'checksum_file'\033[39m"; exit 1; }; \ |
13 | \ | ||
14 | # Install build and run dependencies | ||
15 | apk add --no-cache --virtual .build-deps curl ca-certificates binutils \ | ||
16 | && apk add --no-cache openjdk8-jre-base java-snappy mongodb libcap \ | ||
17 | \ | ||
18 | # Fetch the Unifi package and validate the checksum before unpacking | ||
19 | && cd /tmp \ | ||
20 | && curl -sO "https://dl.ubnt.com/unifi/${version}/unifi_sysvinit_all.deb" \ | ||
21 | && curl -s "${checksum_file}" | sed -En 's/^SHA256\(([^\)]+)\)= (.*)/\2 *\1/gp' | grep 'unifi_sysvinit_all.deb' > checksums.txt \ | ||
22 | && sha256sum -sc checksums.txt \ | ||
23 | \ | ||
24 | # Unpack the debian package and "install" it | ||
25 | && ar x unifi_sysvinit_all.deb \ | ||
26 | && tar -xJf data.tar.xz \ | ||
27 | && rm usr/lib/unifi/bin/unifi.init \ | ||
28 | && mv usr/lib/unifi /usr/lib \ | ||
29 | \ | ||
30 | # Create directories and link everything together | ||
31 | && mkdir -p /var/lib/unifi /var/log/unifi /var/run/unifi \ | ||
32 | && ln -sf /usr/bin/mongod /usr/lib/unifi/bin/mongod \ | ||
33 | && ln -sf /var/lib/unifi /usr/lib/unifi/data \ | ||
34 | && ln -sf /var/log/unifi /usr/lib/unifi/logs \ | ||
35 | && ln -sf /var/run/unifi /usr/lib/unifi/run \ | ||
36 | \ | ||
37 | # The version vended with Unifi is built against libc but alpine uses musl | ||
38 | # so we have to use their version instead otherwise informs will fail | ||
39 | && rm /usr/lib/unifi/lib/snappy-java-1.1.2.6.jar \ | ||
40 | && ln -s /usr/share/java/snappy-java-1.1.2.6.jar /usr/lib/unifi/lib/snappy-java-1.1.2.6.jar \ | ||
41 | \ | ||
42 | # Install our customizations | ||
43 | && mv /tmp/entrypoint.sh / \ | ||
44 | && mv /tmp/log4j.properties /usr/lib/unifi \ | ||
45 | && mv /tmp/su-exec-alpine /usr/sbin/su-exec \ | ||
46 | \ | ||
47 | # Cleanup | ||
48 | && apk del .build-deps \ | ||
49 | && rm -rf /tmp/* | ||
23 | 50 | ||
24 | CMD [ \ | 51 | ENTRYPOINT "/entrypoint.sh" |
25 | "/usr/bin/jsvc", "-nodetach", \ | ||
26 | "-home", "/usr/lib/jvm/java-8-openjdk-amd64", \ | ||
27 | "-cp", "/usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar", \ | ||
28 | "-pidfile", "/var/run/unifi/unifi.pid", \ | ||
29 | "-procname", "unifi", \ | ||
30 | "-outfile", "SYSLOG", \ | ||
31 | "-errfile", "SYSLOG", \ | ||
32 | "-Djava.awt.headless=true", \ | ||
33 | "-Dunifi.datadir=/var/lib/unifi", \ | ||
34 | "-Dunifi.logdir=/var/log/unifi", \ | ||
35 | "-Dunifi.rundir=/var/run/unifi", \ | ||
36 | "-Djava.awt.headless=true", \ | ||
37 | "-Dfile.encoding=UTF-8", \ | ||
38 | "-Xmx1024M", \ | ||
39 | "com.ubnt.ace.Launcher" \ | ||
40 | ] | ||
diff --git a/unifi/Makefile b/unifi/Makefile index ef6a8d0..cae032c 100644 --- a/unifi/Makefile +++ b/unifi/Makefile | |||
@@ -1,21 +1,33 @@ | |||
1 | IMAGE=unifi:latest | ||
2 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com | 1 | REPO=575365190010.dkr.ecr.us-west-2.amazonaws.com |
2 | VERSION=5.6.20 | ||
3 | IMAGE=unifi:$(VERSION)-alpine | ||
4 | CHECKSUM_FILE="https://community.ubnt.com/ubnt/attachments/ubnt/Blog_UniFi/275/1/checksums.txt" | ||
3 | 5 | ||
4 | all: | 6 | all: |
5 | docker build -t unifi:latest . | 7 | docker build \ |
8 | --build-arg=version=$(VERSION) \ | ||
9 | --build-arg=checksum_file=$(CHECKSUM_FILE) \ | ||
10 | -t $(IMAGE) . | ||
6 | 11 | ||
7 | all-no-cache: | 12 | all-no-cache: |
8 | docker build --no-cache -t unifi . | 13 | docker build \ |
14 | --no-cache \ | ||
15 | --build-arg=version=$(VERSION) \ | ||
16 | --build-arg=checksum_file=$(CHECKSUM_FILE) \ | ||
17 | -t $(IMAGE) . | ||
9 | 18 | ||
10 | run: | 19 | run: |
11 | docker run -d --privileged \ | 20 | docker run -d -p 8080:8080 -p 8443:8443 $(IMAGE) |
12 | -p 8080:8080 \ | ||
13 | -p 8443:8443 \ | ||
14 | -v /srv/unifi:/var/lib/unifi \ | ||
15 | -v /var/log/docker/unifi:/var/log/unifi \ | ||
16 | unifi:latest | ||
17 | 21 | ||
18 | publish: | 22 | publish: |
19 | eval $$(aws ecr get-login --region us-west-2) | 23 | eval $$(aws ecr get-login --region us-west-2) |
20 | docker tag $(IMAGE) $(REPO)/$(IMAGE) | 24 | docker tag $(IMAGE) mcrute/unifi-controller:$(VERSION) |
25 | docker tag $(IMAGE) mcrute/unifi-controller:stable | ||
26 | docker tag $(IMAGE) $(REPO)/unifi:$(VERSION)-alpine | ||
27 | docker tag $(IMAGE) $(REPO)/unifi:latest-alpine | ||
28 | docker tag $(IMAGE) $(REPO)/unifi:latest | ||
21 | docker push $(REPO)/$(IMAGE) | 29 | docker push $(REPO)/$(IMAGE) |
30 | docker push mcrute/unifi-controller:$(VERSION) | ||
31 | docker push mcrute/unifi-controller:stable | ||
32 | docker push $(REPO)/unifi:latest-alpine | ||
33 | docker push $(REPO)/unifi:latest | ||
diff --git a/unifi/README.md b/unifi/README.md new file mode 100644 index 0000000..c1566b2 --- /dev/null +++ b/unifi/README.md | |||
@@ -0,0 +1,50 @@ | |||
1 | [(Dockerfile)]: https://code.crute.me/mcrute/dockerfiles/tree/unifi/Dockerfile | ||
2 | [Changelog]: https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-5-6-20-Stable-has-been-released/ba-p/2119397?attachment-id=85425 | ||
3 | |||
4 | # Supported tags and respective `Dockerfile` links | ||
5 | |||
6 | * `5.6.20`, `stable` [(Dockerfile)][] [Changelog][] | ||
7 | |||
8 | |||
9 | [![unifi](https://dl.ubnt.com/press/logo-UniFi.jpg)](https://unifi-sdn.ubnt.com/) | ||
10 | |||
11 | # Ubiquiti Unifi SDN Controller | ||
12 | |||
13 | The UniFi Controller software is a powerful, enterprise wireless software engine ideal for high-density client deployments requiring low latency and high uptime performance. This unofficial image is a minimalist re-packaging of the upstream binaries into an Alpine Linux based container. The image has been adapted to better fit the Docker tooling by logging everything to stdout and running with reduced privileges. | ||
14 | |||
15 | ## Usage | ||
16 | At a minimum users should mount a data volume over `/var/lib/unifi` for storage of their databases and downloaded firmware. | ||
17 | |||
18 | A minimal run command would be: | ||
19 | |||
20 | ``` | ||
21 | docker run \ | ||
22 | -v /your-unifi-path:/var/lib/unifi \ | ||
23 | -p 8080:8080 \ | ||
24 | -p 8443:8443 \ | ||
25 | mcrute/unifi-controller:stable | ||
26 | ``` | ||
27 | |||
28 | After bootstrap the controller will run as the `unifi` user within the container. It is possible to map the unifi user id and group id within the container to a custom uid/gid using the `UNIFI_UID` and `UNIFI_GID` environment variables. The default is uid 101 and gid 102. | ||
29 | |||
30 | An example of this: | ||
31 | |||
32 | ``` | ||
33 | docker run \ | ||
34 | -v /your-unifi-path:/var/lib/unifi \ | ||
35 | -e UNIFI_UID=201 \ | ||
36 | -e UNIFI_GID=302 \ | ||
37 | -p 8080:8080 \ | ||
38 | -p 8443:8443 \ | ||
39 | mcrute/unifi-controller:stable | ||
40 | ``` | ||
41 | |||
42 | ## License | ||
43 | View [license information](https://www.ubnt.com/eula/) for the software contained in this image. | ||
44 | |||
45 | As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained). | ||
46 | |||
47 | As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within. | ||
48 | |||
49 | ## Used Software | ||
50 | This container builds on [Alpine Linux](http://alpinelinux.org/) and uses [su-exec](https://github.com/ncopa/su-exec) for privilege separation. | ||
diff --git a/unifi/custom/entrypoint.sh b/unifi/custom/entrypoint.sh new file mode 100755 index 0000000..c95c29c --- /dev/null +++ b/unifi/custom/entrypoint.sh | |||
@@ -0,0 +1,30 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | BASEDIR=/usr/lib/unifi | ||
4 | UNIFI_UID=${UNIFI_UID:-101} | ||
5 | UNIFI_GID=${UNIFI_GID:-102} | ||
6 | |||
7 | cd ${BASEDIR} | ||
8 | |||
9 | # Create the user and group | ||
10 | addgroup -g ${UNIFI_GID} -S unifi | ||
11 | adduser -u ${UNIFI_UID} -S -h /var/lib/unifi -H -D -G unifi unifi | ||
12 | |||
13 | # Update permissions on the root directories | ||
14 | chown unifi /var/lib/unifi /var/log/unifi /var/run/unifi | ||
15 | chown unifi /usr/lib/unifi/dl | ||
16 | |||
17 | # Cleanup mongodb lock file if it exists otherwise the controller will freeze | ||
18 | # forever trying to start Mongo | ||
19 | [ -f data/db/mongod.lock ] && rm data/db/mongod.lock | ||
20 | |||
21 | /usr/sbin/su-exec unifi /usr/lib/jvm/default-jvm/bin/java \ | ||
22 | -cp `find /usr/lib/unifi/lib/ -name '*.jar' | tr '\n' ':'` \ | ||
23 | -Dlog4j.configuration=file:${BASEDIR}/log4j.properties \ | ||
24 | -Dunifi.datadir=${BASEDIR}/data \ | ||
25 | -Dunifi.logdir=${BASEDIR}/logs \ | ||
26 | -Dunifi.rundir=${BASEDIR}/run \ | ||
27 | -Xmx1024M \ | ||
28 | -Djava.awt.headless=true \ | ||
29 | -Dfile.encoding=UTF-8 \ | ||
30 | com.ubnt.ace.Launcher start | ||
diff --git a/unifi/custom/log4j.properties b/unifi/custom/log4j.properties new file mode 100644 index 0000000..643c623 --- /dev/null +++ b/unifi/custom/log4j.properties | |||
@@ -0,0 +1,25 @@ | |||
1 | log4j.rootLogger=INFO,server_log | ||
2 | |||
3 | log4j.appender.server_log=org.apache.log4j.ConsoleAppender | ||
4 | log4j.appender.server_log.layout=org.apache.log4j.PatternLayout | ||
5 | log4j.appender.server_log.layout.ConversionPattern=[%d{ISO8601}] <%t> %-5p %-6c{1} - %m%n | ||
6 | |||
7 | log4j.logger.java=INFO | ||
8 | log4j.logger.javax=INFO | ||
9 | log4j.logger.javax.jmdns=INFO | ||
10 | log4j.logger.sun=INFO | ||
11 | log4j.logger.org.apache=INFO | ||
12 | log4j.logger.httpclient.wire=INFO | ||
13 | log4j.logger.net.schmizz=INFO | ||
14 | log4j.logger.com.codahale=INFO | ||
15 | log4j.logger.org.apache.jasper=INFO | ||
16 | log4j.logger.org.apache.tomcat=INFO | ||
17 | log4j.logger.org.apache.commons=INFO | ||
18 | log4j.logger.org.apache.catalina=INFO | ||
19 | |||
20 | log4j.logger.org.springframework=INFO | ||
21 | log4j.logger.de.javawi.jstun=INFO | ||
22 | log4j.logger.com.mongodb=INFO | ||
23 | |||
24 | log4j.logger.com.ubnt=INFO | ||
25 | log4j.logger.com.ubiquiti=INFO | ||
diff --git a/unifi/custom/su-exec-alpine b/unifi/custom/su-exec-alpine new file mode 100755 index 0000000..f4905ab --- /dev/null +++ b/unifi/custom/su-exec-alpine | |||
Binary files differ | |||