Finding Unifi Controller data/login in as root/wheel user

ZeroxRS

Cadet
Joined
Dec 25, 2019
Messages
2
Goodevening all,

I'm currently running Freenas FreeNAS-11.2-U7. I'm facing many hurdles since this is my first time using FreeNAS. My end goal is using my FreeNAS server as a way to merge my current QNAP and Current Microserver (which is running FreeNAS) into one at some point. Hence i'm currently testing and seeing if i can get everything to work.

My first goal is getting a Unifi Controller up and running (so far so good). Unifi Controller (5.11.35) is running in a Jail (11.3-Release-p5). I've used this guide to setup my jail combined with this forum post for getting the latest PKG. Controller works like a charm, but here's the trick. In my home situation (currently living in the Netherlands) our ISP provided hardware can be changed with full Unifi hardware. For this i'm using this guide. This guide specifies that at some point you need to ssh into a docker ( or jail in my case) and i quote: "In case the Controller has an SSH deamon running. Connect with SFTP and cd /usr/lib/unifi/data/sites/default and push config.gateway.json "

At first i was unable to ssh at all. I fixed that by using this piece of documentation chapter 14.3.2., When i login to my jail using Filezilla over SFTP i get send to the /usr/home/Unifi folder (Unifi being my user which has been added to the wheel group) and i can only change (read/write) within this folder. This makes sense since this folder belongs to the Unifi user. I then tried to look for the specified folder (/usr/lib/unifi/data/sites/default ) which is not found anywere near that spot but rather found at /usr/local/share/java/unifi/data. However with this user i am unable to read this folder. This prompted me to SFTP in my FreeNAS rather then straight to my jail and i started looking into this folder which is now located under: /mnt/TestLab_Pool/iocage/jails/Unifi Controller/root/usr/local/share/java/unifi/data (TestLab_Pool being my ZFS Pool) however this folder is empty as far as the data/site folder goes. I want to confirm that this folder is the same folder as /usr/local/share/java/unifi (when im logged in straight to my jail over STFP as my Unifi user). The fact that this data folder is not present has been noted by some other users as can be seen here but has not been picked up or properly answered by anyone as to why this folder is not present.

So to sum up some questions:
- Is /mnt/TestLab_Pool/iocage/jails/Unifi Controller/root/usr/local/share/java/unifi/data (logged into FreeNAS SFTP) the same as /usr/local/share/java/unifi (Logged into Kail SFTP) i'm assuming they are (but assumption is the mother of al ....).
- Why does my Unifi user (which has been added to the wheel group) not have the right permissions to look into these folders.
- Is running everything in a docker more suitable for my whole usecase (want to run a Teamspeak server/Unifi NVR software/Plex when my network is up and running)
- Is anyone familiar with running a Unifi controller in a Jail and are they able to find their data/site folder at all?

Thanks for you time.
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,974
The directory is there as you found and is visible if you are logged in via ssh (or sftp) with the root user.

What exactly are you trying to accomplish here? The article you linked to has you pushing (uploading) a configuration file that you created to the controller in the specified directory.

Do this the easy way. Either log in via ssh and switch to the root user and create the file in the directory specified or change your ssh settings to allow root login and upload the config file you create elsewhere with your ftp client.
 

poldi

Dabbler
Joined
Jun 7, 2019
Messages
42
hi,
I just checked on my install with a Unifi Controller running in a jail.
Let me see what I can do for your questions:
- The path /mnt/<your pool>/iocage/jails/<your jail name>/root/usr/local/share/java/unifi/data is the same path as when logged into the jail. I have a custom config.gateway.json in place for my site and I can view it (and potentially also edit it from FreeNAS, i.e. outside of the jail). I don't think though that editing it from there is a good idea as the unifi user is not known outside of the jail. Hence you might have trouble getting the permissions right for the controller to be able to read from it.
I would side with Jailer here. Copy the config.gateway.json to the directory you have access to via SFTP. Then log on to your jail, su to root, move the config file to the right location, fix permissions and done.
There is also a neat trick in case you cannot get root access when inside the jail (or maybe you just don't want to allow this kind of thing). Log on to FreeNAS (either web or shell) as root. In the shell type 'iocage console <your jail name>'. This will drop you into a root shell inside the jail.
In the WebGUI go to the Jails section. Find your jail in the list (make sure it is up) and click the vertical 3 dots at the end of the line. In the context menu select 'Shell' to also get dumped in a root shell.
- For me the unifi user (and group unifi) was created during install and is locked out, i.e. no 'dialog' user. If you created the user manually before installing the controller then this may vary of course. As to why it does not have permissions to access the unifi_base folder I cannot say as such. Can you print the permissions out and post a screenshot here, then we might be able to say. It should be easy though to correct the permissions.
- docker or jail are two different approaches to accomplish the same thing. Docker is the more 'hip' way to do things. Once you got docker running it is also quite easy to set up stuff as you can just pull pre made docker containers and spin them up.
A jail is a small, virtualized BSD instance. It comes as a clean slate and you can start to built on it whatever you like. In FreeNAS you can also get ready made template installs, called plugins, but the unifi controller is not available as plugin yet. That said, a jail is the more hands on approach. Personally I prefer this, as I want to understand, and moreover be in control, of what I deploy and run in my network.
Also setting up docker on FreeNAS is not yet straight forward.
- yes I am, see above

Hope that helps.
 

ZeroxRS

Cadet
Joined
Dec 25, 2019
Messages
2
Thank you both for your replies.

@poldi The thing is that at /mnt/<your pool>/iocage/jails/<your jail name>/root/usr/local/share/java/unifi/data i don't see my site coming up. I only see: - backup, db, firmware.json, keystore, system.properties and system.properties.bk. I'm gonna try to create a folder called sites/mysitename and put the config.gateway.json in there and see if that works.

I did indeed alter the config.gateway.json outside of the freenas and i'm overwriting it using filezilla logged in as root on my nas.

Thanks for the shell tip but i was allready using that to set everything up beforehand!

Will keep you updated.
 

poldi

Dabbler
Joined
Jun 7, 2019
Messages
42
That is odd. Did you create a new site for your set up or are you using the default site?
In case of default the config.gateway.json needs to be put in <unifi_base>/data/sites/default/ (where <unifi_base> corresponds to /use/local/share/java/unifi inside the jail).
If you are using a custom site it becomes tricky as the site has a unique id which we need for the correct folder structure.
 
Top