blob: 7b1e7b148f3afd53a4fe95a24a84736940172348 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
#!/bin/sh
set -e
USERNAME="unifi-video"
BASEDIR="/usr/lib/unifi-video"
DATA_DIR="${BASEDIR}/data"
# Default UID/GID to owner of the data directory
UNIFI_UID=${UNIFI_UID:-$(stat -L -c "%u" $DATA_DIR)}
UNIFI_GID=${UNIFI_GID:-$(stat -L -c "%u" $DATA_DIR)}
if [ "$UNIFI_UID" = 0 -o "$UNIFI_GID" = 0 ]; then
echo "Set UNIFI_UID and UNIFI_GID in environment"
exit 1
else
echo "Unifi UID/GID: $UNIFI_UID $UNIFI_GID"
fi
cd ${BASEDIR}
# Create the user and group if they don't exist
if ! grep "^${USERNAME}:" /etc/group &>/dev/null; then
addgroup -g ${UNIFI_GID} -S ${USERNAME}
fi
if ! grep "^${USERNAME}:" /etc/passwd &>/dev/null; then
adduser -u ${UNIFI_UID} -S -h /var/lib/${USERNAME} -H -D -G ${USERNAME} ${USERNAME}
fi
mkdir -p /var/log/mongodb/logs
# Update permissions on the root directories
chown -R ${USERNAME}:${USERNAME} \
/var/run/unifi-video \
/var/log/unifi-video \
/var/lib/unifi-video \
/var/log/mongodb/logs
chown -R ${USERNAME}:${USERNAME} \
/usr/lib/unifi-video/conf/evostream \
/usr/lib/unifi-video/webapps \
/usr/lib/unifi-video/conf/Catalina \
/usr/lib/unifi-video/work
# But do not let the unifi user write the ROOT WAR
chown root:root /usr/lib/unifi-video/webapps/ROOT.war
# Setup tmpfs if the user mounted it
TMPFS_ARG=
TMPFS_DIR="/var/cache/unifi-video"
if [ -d $TMPFS_DIR ]; then
TMPFS_ARG="-Dav.tempdir=${TMPFS_DIR}"
chown ${USERNAME} ${TMPFS_DIR}
chmod -R 0700 ${TMPFS_DIR}
fi
# Do the base setup and migrate files
if [ ! -f "${DATA_DIR}/system.properties" ]; then
cp -f "${BASEDIR}/etc/system.properties" "${DATA_DIR}/system.properties"
fi
if [ -f "${DATA_DIR}/truststore" ]; then
rm -f "${DATA_DIR}/truststore"
fi
if [ ! -f "${DATA_DIR}/ufv-truststore" ]; then
cp -f "${BASEDIR}/etc/ufv-truststore" "${DATA_DIR}/ufv-truststore"
fi
chown -h ${USERNAME}:${USERNAME} \
"${DATA_DIR}" \
"${DATA_DIR}/system.properties" \
"${DATA_DIR}/ufv-truststore"
# Cleanup mongodb lock file if it exists otherwise the controller will freeze
# forever trying to start Mongo
[ -f data/db/mongod.lock ] && rm data/db/mongod.lock
# Allow running a shell in the container
if [ ! -z "$@" ]; then
/sbin/su-exec ${USERNAME} "$@"
else
# Replace the current process with a scoped-down controller. The java app
# is designed to do its own job control but it has to run with an init
# system or it doesn't get the signals from docker.
exec /usr/bin/dumb-init -c /sbin/su-exec ${USERNAME} /usr/lib/jvm/default-jvm/jre/bin/java \
-cp ${BASEDIR}/lib/airvision.jar \
-Dlog4j.configurationFile=${BASEDIR}/log4j2.json \
${TMPFS_ARG} \
-Djava.library.path=${BASEDIR}/lib \
-Djavax.net.ssl.trustStore=${DATA_DIR}/ufv-truststore \
-Djava.security.egd=file:/dev/urandom \
-Xmx$(free -m | awk 'NR==2{printf "%dM\n", $2*0.26 }') \
-Djava.awt.headless=true \
-Dfile.encoding=UTF-8 \
com.ubnt.airvision.Main start
fi
|
