Add Unifi Controller with integrated Unifi-Poller (#75)

* Add Unifi Controller with integrated Unifi-Poller Install & Update uses 'latest' release. Persistent data using influxdb. Unifi Poller now optional * fix global dataset refs * move unifi_poller bootscript into rc folder * Apply suggestions from code review * Update jails/unifi/includes/rc/mongod Forgot to add one suggestion from review. * Added shellcheck ignores for all RC scripts Shellcheck doesn't play nice with RC scripts, those advices are often either wrong, or very hard (not worth it) to change enough to get it to pass and work. * Last rc ignores for shellcheck * Update jails/unifi/install.sh * Shellcheck to shellcheck Making shellcheck lowercase for parsing Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl>
2020-04-29 12:40:14 -04:00
parent 616eb2a432
commit 66e997069a
11 changed files with 618 additions and 0 deletions
--- a/jails/unifi/includes/mongodb.conf
+++ b/jails/unifi/includes/mongodb.conf
@@ -0,0 +1,45 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/db/mongodb/mongod.log 
+
+# Where and how to store data.
+storage:
+  dbPath: /config/mongodb 
+  journal:
+    enabled: true
+#  engine:
+#  mmapv1:
+#  wiredTiger:
+
+# how the process runs
+processManagement:
+  fork: true  # fork and run in background
+  pidFilePath: /var/db/mongodb/mongod.lock  # location of pidfile
+  timeZoneInfo: /usr/share/zoneinfo
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 127.0.0.1  # Listen to local interface only, comment to listen on all interfaces.
+
+
+#security:
+
+#operationProfiling:
+
+#replication:
+
+#sharding:
+
+## Enterprise-Only Options
+
+#auditLog:
+
+#snmp:
--- a/jails/unifi/includes/rc/mongod
+++ b/jails/unifi/includes/rc/mongod
@@ -0,0 +1,64 @@
+#!/bin/sh
+# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2181,SC2006
+
+# PROVIDE: mongod
+# REQUIRE: NETWORK ldconfig
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# mongod_enable (bool):  Set to "NO" by default.
+#                        Set it to "YES" to enable mongod.
+# mongod_limits (bool):  Set to "NO" by default.
+#                        Set it to yes to run `limits -e -U mongodb`
+#                        just before mongod starts.
+# mongod_dbpath (str):   Default to "/var/db/mongodb"
+#                        Base database directory.
+# mongod_flags (str):    Custom additional arguments to be passed to mongod.
+#                        Default to "--logpath ${mongod_dbpath}/mongod.log --logappend".
+# mongod_config (str):	 Default to "/usr/local/etc/mongodb.conf"
+#                        Path to config file
+#
+
+. /etc/rc.subr
+
+name="mongod"
+rcvar=mongod_enable
+
+load_rc_config $name
+
+: ${mongod_enable="NO"}
+: ${mongod_limits="NO"}
+: ${mongod_dbpath="/config/mongodb"}
+: ${mongod_flags="--logpath ${mongod_dbpath}/mongod.log --logappend --setParameter=disabledSecureAllocatorDomains=\*"}
+: ${mongod_user="mongodb"}
+: ${mongod_group="mongodb"}
+: ${mongod_config="/usr/local/etc/mongodb.conf"}
+
+pidfile="${mongod_dbpath}/mongod.lock"
+command=/usr/local/bin/${name}
+command_args="--config $mongod_config --dbpath $mongod_dbpath --fork >/dev/null 2>/dev/null"
+start_precmd="${name}_prestart"
+
+mongod_create_dbpath()
+{
+        mkdir "${mongod_dbpath}" >/dev/null 2>/dev/null
+        [ $? -eq 0 ] && chown -R "${mongod_user}":"${mongod_group}" "${mongod_dbpath}"
+}
+
+mongod_prestart()
+{
+        if [ ! -d "${mongod_dbpath}" ]; then
+                mongod_create_dbpath || return 1
+        fi
+        if checkyesno mongod_limits; then
+                # TODO check this and clean this up
+                # Shellcheck disable=SC2046,SC2006
+                eval `/usr/bin/limits -e -U ${mongod_user}` 2>/dev/null
+        else
+                return 0
+        fi
+}
+
+run_rc_command "$1"
--- a/jails/unifi/includes/rc/unifi
+++ b/jails/unifi/includes/rc/unifi
@@ -0,0 +1,87 @@
+#!/bin/sh
+# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2237
+#
+# Created by: Mark Felder <feld@FreeBSD.org>
+# $FreeBSD: branches/2020Q2/net-mgmt/unifi5/files/unifi.in 512281 2019-09-18 17:37:59Z feld $
+#
+
+# PROVIDE: unifi
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+#
+# Add the following line to /etc/rc.conf to enable `unifi':
+#
+# unifi_enable="YES"
+#
+# Other configuration settings for unifi that can be set in /etc/rc.conf:
+#
+# unifi_user (str)
+#   This is the user that unifi runs as
+#   Set to unifi by default
+#
+# unifi_group (str)
+#   This is the group that unifi runs as
+#   Set to unifi by default
+#
+# unifi_chdir (str)
+#   This is the directory that unifi chdirs into before starting
+#   Set to /usr/local/share/java/unifi by default
+#
+# unifi_java_home (str)
+#   The path to the base directory for the Java to use to run unifi
+#   Defaults to /usr/local/openjdk8
+#
+# unifi_javaflags (str)
+#   Flags passed to Java to run unifi
+#   Set to "-Djava.awt.headless=true -Xmx1024M" by default
+#
+
+. /etc/rc.subr
+name=unifi
+
+rcvar=unifi_enable
+load_rc_config ${name}
+
+: ${unifi_enable:=NO}
+: ${unifi_user:=unifi}
+: ${unifi_group:=unifi}
+: ${unifi_chdir=/config/controller/unifi}
+: ${unifi_java_home=/usr/local/openjdk8}
+: ${unifi_javaflags="-Djava.awt.headless=true -Xmx1024M"}
+
+pidfile="/var/run/unifi/${name}.pid"
+procname=${unifi_java_home}/bin/java
+command=/usr/sbin/daemon
+command_args="-f -p ${pidfile} ${unifi_java_home}/bin/java ${unifi_javaflags} com.ubnt.ace.Launcher start"
+start_precmd=start_precmd
+stop_precmd=stop_precmd
+stop_postcmd=stop_postcmd
+
+export CLASSPATH=$(echo ${unifi_chdir}/lib/*.jar | tr ' ' ':')
+
+start_precmd()
+{
+	if [ ! -e /var/run/unifi ] ; then
+		install -d -o unifi -g unifi /var/run/unifi;
+	fi
+}
+
+stop_precmd()
+{
+	if [ -r ${pidfile} ]; then
+		_UNIFIPID=$(check_pidfile ${pidfile} ${procname})
+		export _UNIFI_CHILDREN=$(pgrep -P ${_UNIFIPID})
+	fi
+}
+
+stop_postcmd()
+{
+	if ! [ -z ${_UNIFI_CHILDREN} ]; then
+		echo "Cleaning up leftover child processes."
+		kill $sig_stop ${_UNIFI_CHILDREN}
+		wait_for_pids ${_UNIFI_CHILDREN}
+	fi
+}
+
+run_rc_command "$1"
--- a/jails/unifi/includes/rc/unifi_poller
+++ b/jails/unifi/includes/rc/unifi_poller
@@ -0,0 +1,36 @@
+#!/bin/sh
+# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046
+#
+# FreeBSD rc.d startup script for unifi-poller.
+#
+# PROVIDE: unifi-poller
+# REQUIRE: networking syslog
+# KEYWORD:
+
+. /etc/rc.subr
+
+name="unifi_poller"
+real_name="unifi-poller"
+rcvar="unifi_poller_enable"
+unifi_poller_command="/usr/local/bin/${real_name}"
+unifi_poller_user="nobody"
+unifi_poller_config="/config/up.conf"
+pidfile="/var/run/${real_name}/pid"
+
+# This runs `daemon` as the `unifi_poller_user` user.
+command="/usr/sbin/daemon"
+command_args="-P ${pidfile} -r -t ${real_name} -T ${real_name} -l daemon ${unifi_poller_command} -c ${unifi_poller_config}"
+
+load_rc_config ${name}
+: ${unifi_poller_enable:=no}
+
+# Make a place for the pid file.
+mkdir -p $(dirname ${pidfile})
+chown -R $unifi_poller_user $(dirname ${pidfile})
+
+# Suck in optional exported override variables.
+# ie. add something like the following to this file: export UP_POLLER_DEBUG=true
+[ -f "/usr/local/etc/defaults/${real_name}" ] && . "/usr/local/etc/defaults/${real_name}"
+
+# Go!
+run_rc_command "$1"
--- a/jails/unifi/includes/up.conf
+++ b/jails/unifi/includes/up.conf
@@ -0,0 +1,106 @@
+# UniFi Poller v2 primary configuration file. TOML FORMAT #
+###########################################################
+
+[poller]
+  # Turns on line numbers, microsecond logging, and a per-device log.
+  # The default is false, but I personally leave this on at home (four devices).
+  # This may be noisy if you have a lot of devices. It adds one line per device.
+  debug = false
+
+  # Turns off per-interval logs. Only startup and error logs will be emitted.
+  # Recommend enabling debug with this setting for better error logging.
+  quiet = true
+
+  # Load dynamic plugins. Advanced use; only sample mysql plugin provided by default.
+  plugins = []
+
+#### OUTPUTS
+
+    # If you don't use an output, you can disable it.
+
+[prometheus]
+  disable = true
+  # This controls on which ip and port /metrics is exported when mode is "prometheus".
+  # This has no effect in other modes. Must contain a colon and port.
+  http_listen = "0.0.0.0:9130"
+  report_errors = false
+
+[influxdb]
+  disable = false
+  # InfluxDB does not require auth by default, so the user/password are probably unimportant.
+  url  = "dbip"
+  user = "influxdbuser"
+  pass = "influxdbpass"
+  # Be sure to create this database.
+  db = "unifidb"
+  # If your InfluxDB uses a valid SSL cert, set this to true.
+  verify_ssl = false
+  # The UniFi Controller only updates traffic stats about every 30 seconds.
+  # Setting this to something lower may lead to "zeros" in your data.
+  # If you're getting zeros now, set this to "1m"
+  interval = "30s"
+
+#### INPUTS
+
+[unifi]
+  # Setting this to true and providing default credentials allows you to skip
+  # configuring controllers in this config file. Instead you configure them in
+  # your prometheus.yml config. Prometheus then sends the controller URL to
+  # unifi-poller when it performs the scrape. This is useful if you have many,
+  # or changing controllers. Most people can leave this off. See wiki for more.
+  dynamic = false
+
+# The following section contains the default credentials/configuration for any
+# dynamic controller (see above section), or the primary controller if you do not
+# provide one and dynamic is disabled. In other words, you can just add your
+# controller here and delete the following section.
+[unifi.defaults]
+  #role       = "main controller"
+  url        = "https://127.0.0.1:8443"
+  user       = "unifiuser"
+  pass       = "unifipassword"
+  sites      = ["all"]
+  save_ids   = false
+  save_dpi   = false
+  save_sites = true
+  verify_ssl = false
+
+# The following is optional and used for configurations with multiple controllers.
+
+# You may repeat the following section to poll multiple controllers.
+#[[unifi.controller]]
+  # Friendly name used in dashboards. Uses URL if left empty; which is fine.
+  # Avoid changing this later because it will live forever in your database.
+  # Multiple controllers may share a role. This allows grouping during scrapes.
+  #role = ""
+  #url = "https://127.0.0.1:8443"
+
+  # Make a read-only user in the UniFi Admin Settings, allow it access to all sites.
+  #user = "unifipoller"
+  #pass = "4BB9345C-2341-48D7-99F5-E01B583FF77F"
+
+  # If the controller has more than one site, specify which sites to poll here.
+  # Set this to ["default"] to poll only the first site on the controller.
+  # A setting of ["all"] will poll all sites; this works if you only have 1 site too.
+  #sites = ["all"]
+
+  # Enable collection of Intrusion Detection System Data (InfluxDB only).
+  # Only useful if IDS or IPS are enabled on one of the sites.
+  #save_ids = false
+
+  # Enable collection of Deep Packet Inspection data. This data breaks down traffic
+  # types for each client and site, it powers a dedicated DPI dashboard.
+  # Enabling this adds roughly 150 data points per client.  That's 6000 metrics for
+  # 40 clients.  This adds a little bit of poller run time per interval and causes
+  # more API requests to your controller(s). Don't let these "cons" sway you:
+  # it's cool data. Please provide feedback on your experience with this feature.
+  #save_dpi = false
+
+  # Enable collection of site data. This data powers the Network Sites dashboard.
+  # It's not valuable to everyone and setting this to false will save resources.
+  #save_sites = true
+
+  # If your UniFi controller has a valid SSL certificate (like lets encrypt),
+  # you can enable this option to validate it. Otherwise, any SSL certificate is
+  # valid. If you don't know if you have a valid SSL cert, then you don't have one.
+  #verify_ssl = false