-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathunifi-installer.sh
1699 lines (1638 loc) · 72.4 KB
/
unifi-installer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/usr/bin/env bash
# shellcheck disable=SC2001,SC2034,SC2143,SC2155
### Easy UBNT: UniFi SDN Installer
##############################################################################
# A guided script to install/upgrade the UniFi SDN Controller, and secure
# your server according to best practices.
# https://github.com/sprockteam/easy-ubnt
# MIT License
# Copyright (c) 2018-2019 SprockTech, LLC and contributors
__script_version="v0.5.9"
__script_contributors="Contributors (UBNT Community Username):
Klint Van Tassel (SprockTech), Glenn Rietveld (AmazedMender16),
Frank Gabriel (Frankedinven), Sam Sawyer (ssawyer), Adrian
Miller (adrianmmiller)"
### Copyrights and Mentions
##############################################################################
# BASH3 Boilerplate
# https://github.com/kvz/bash3boilerplate
# MIT License
# Copyright (c) 2013 Kevin van Zonneveld and contributors
###
# ShellCheck
# https://github.com/koalaman/shellcheck
# GNU General Public License v3.0
# Copyright (c) 2012-2018 Vidar 'koala_man' Holen and contributors
### Initial startup checks
##############################################################################
# Only run this script with bash
if [ ! "$BASH_VERSION" ]; then
if command -v bash &>/dev/null; then
exec bash "$0" "$@"
else
echo -e "\\nUnable to find Bash. Is it installed?\\n"
fi
fi
# This script has not been tested when called by another program
if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
echo -e "\\nPlease run this script directly\\n"
exit
fi
# This script requires root or sudo privilege to run properly
if [[ $(id --user) -ne 0 ]]; then
echo -e "\\nPlease run this script as root or use sudo\\n"
echo -e "For example in Debian:"
echo -e "su root\\nbash unifi-installer.sh\\n"
echo -e "\\nFor example in Ubuntu (or Debian with sudo installed):"
echo -e "sudo bash unifi-installer.sh\\n"
exit
fi
### Setup options and initialize variables
##############################################################################
# Exit on error, append "|| true" if an error is expected
set -o errexit
# Exit on error inside any functions or subshells
set -o errtrace
# Do not allow use of undefined vars, use ${var:-} if a variable might be undefined
set -o nounset
# Set magic variables for script and environment
__script_time=$(date +%s)
__script_name=$(basename "${0}" .sh)
__dir=$(cd "$(dirname "${0}")" && pwd)
__file="${__dir}/${__script_name}"
__base=$(basename "${__file}" .sh)
__eubnt_dir=$(mkdir --parents /usr/lib/easy-ubnt && echo "/usr/lib/easy-ubnt")
__script_log_dir=$(mkdir --parents /var/log/easy-ubnt && echo "/var/log/easy-ubnt")
__script_log=$(touch "${__script_log_dir}/${__script_name}-${__script_time}.log" && echo "${__script_log_dir}/${__script_name}-${__script_time}.log")
# Set script time, get system information
__architecture=$(uname --machine)
__os_all_info=$(uname --all)
__os_kernel=$(uname --release)
__os_kernel_version=$(uname --release | sed 's/[-][a-z].*//g')
__os_version=$(lsb_release --release --short)
__os_version_name=$(lsb_release --codename --short)
__os_name=$(lsb_release --id --short)
__is_user_sudo=$([[ -n "${SUDO_USER:-}" ]] && echo "true")
__disk_total_space="$(df . | awk '/\//{printf "%.0fGB", $2/1024/1024}')"
__disk_free_space="$(df . | awk '/\//{printf "%.0fGB", $4/1024/1024}')"
__disk_free_space_mb="$(df . | awk '/\//{printf "%.0fMB", $4/1024}')"
__memory_total="$(grep "MemTotal" /proc/meminfo | awk '{printf "%.0fMB", $2/1024}')"
__swap_total="$(grep "SwapTotal" /proc/meminfo | awk '{printf "%.0fMB", $2/1024}')"
__nameservers=$(awk '/nameserver/{print $2}' /etc/resolv.conf | xargs)
# Initialize miscellaneous variables
__machine_ip_address=
__os_version_name_ubuntu_equivalent=
__unifi_version_installed=
__unifi_update_available=
__unifi_domain_name=
__unifi_tcp_port_admin=
# Set various base folders and files
# TODO: Make these dynamic
__apt_sources_dir=$(find /etc -type d -name "sources.list.d")
__unifi_base_dir="/usr/lib/unifi"
__unifi_data_dir="${__unifi_base_dir}/data"
__unifi_system_properties="${__unifi_data_dir}/system.properties"
__letsencrypt_dir="/etc/letsencrypt"
__sshd_config="/etc/ssh/sshd_config"
# Recommendations and minimum requirements and misc variables
__recommended_disk_free_space="10GB"
__recommended_memory_total="2048MB"
__recommended_memory_total_gb="2GB"
__recommended_swap_total="2048MB"
__recommended_swap_total_gb="2GB"
__os_bit_recommended="64-bit"
__java_version_recommended="8"
__mongo_version_recommended="3.4.x"
__unifi_version_stable="5.9"
__recommended_nameserver="9.9.9.9"
__ubnt_dns="dl.ubnt.com"
# Initialize "boolean" variables as "false"
__is_32=
__is_64=
__is_ubuntu=
__is_debian=
__is_experimental=
__is_unifi_installed=
__setup_source_java=
__setup_source_mongo=
__setup_source_certbot=
__purge_mongo=
__hold_java=
__hold_mongo=
__hold_unifi=
__install_mongo=
__install_java=
__install_webupd8_java=
__accept_license=
__quick_mode=
__verbose_output=
__script_debug=
__restart_ssh_server=
__run_autoremove=
__reboot_system=
# Setup script colors and special text to use
__colors_bold_text="$(tput bold)"
__colors_warning_text="${__colors_bold_text}$(tput setaf 1)"
__colors_error_text="${__colors_bold_text}$(tput setaf 1)"
__colors_notice_text="${__colors_bold_text}$(tput setaf 6)"
__colors_success_text="${__colors_bold_text}$(tput setaf 2)"
__colors_default="$(tput sgr0)"
__spinner="-\\|/"
### Error/cleanup handling
##############################################################################
# Run miscellaneous tasks before exiting
###
# Restart services if needed
# Fix UniFi source list if needed
# Auto clean and remove un-needed apt-get info/packages
# Show UniFi SDN Controller information post-setup
# Unset script variables
# Reboot system if needed
function __eubnt_cleanup_before_exit() {
local log_files_to_delete=
echo -e "${__colors_default}\\nCleaning up script, please wait...\\n"
if [[ -n "${__restart_ssh_server:-}" ]]; then
__eubnt_run_command "service ssh restart"
fi
if [[ -n "${__unifi_version_installed:-}" ]]; then
__unifi_update_available=$(apt-cache policy "unifi" | grep "Candidate" | awk '{print $2}' | sed 's/-.*//g')
if [[ "${__unifi_update_available:0:3}" != "${__unifi_version_installed:0:3}" ]]; then
if __eubnt_add_source "http://www.ubnt.com/downloads/unifi/debian unifi-${__unifi_version_installed:0:3} ubiquiti" "100-ubnt-unifi.list"; then
__eubnt_run_command "apt-get update"
fi
fi
fi
__eubnt_run_command "apt-get autoclean --yes"
if [[ -n "${__run_autoremove:-}" ]]; then
__eubnt_run_command "apt-get autoremove --yes"
fi
if [[ -f "/lib/systemd/system/unifi.service" && -z "${__reboot_system:-}" ]]; then
__eubnt_show_header "Collecting UniFi SDN Controller info..."
local controller_status=
if [[ $(service unifi status | wc --lines) -gt 1 ]]; then
controller_status=$(service unifi status | grep --only-matching "Active: .*" | sed 's/Active:/Service status:/')
else
controller_status="Service status: $(service unifi status)"
fi
__eubnt_show_notice "\\n${controller_status}"
if [[ -n "${__unifi_tcp_port_admin:-}" ]]; then
local controller_address
if [[ -n "${__unifi_domain_name:-}" ]]; then
controller_address="${__unifi_domain_name}"
else
controller_address="${__machine_ip_address}"
fi
__eubnt_show_notice "\\nWeb address: https://${controller_address}:${__unifi_tcp_port_admin}/manage/"
fi
echo
fi
if [[ -d "${__script_log_dir:-}" ]]; then
log_files_to_delete=$(find "${__script_log_dir}" -maxdepth 1 -type f -print0 | xargs -0 --exit ls -t | awk 'NR>5')
if [[ -n "${log_files_to_delete:-}" ]]; then
echo "${log_files_to_delete}" | xargs --max-lines=1 rm
fi
fi
if [[ "${__script_debug:-}" != "true" ]]; then
for var_name in ${!__*}; do
if [[ "${var_name}" != "__reboot_system" ]]; then
unset -v "${var_name}"
fi
done
fi
if [[ -n "${__reboot_system:-}" ]]; then
shutdown -r now
fi
}
trap __eubnt_cleanup_before_exit EXIT
trap '__script_debug=true' ERR
### Screen display functions
##############################################################################
# Set script colors
function __eubnt_script_colors() {
echo "${__colors_default}"
}
# Print an error to the screen
# $1: The error text to display
function __eubnt_show_error() {
echo -e "${__colors_error_text}##############################################################################\\n"
__eubnt_echo_and_log "ERROR! ${1:-}${__colors_default}\\n"
}
# Print a header that informs the user what task is running
# $1: Can be set with a string to display additional details about the current task
###
# If the script is not in debug mode, then the screen will be cleared first
# The script header will then be displayed
# If $1 is set then it will be displayed under the header
function __eubnt_show_header() {
if [[ -z "${__script_debug:-}" ]]; then
clear
fi
echo -e "${__colors_notice_text}### Easy UBNT: UniFi SDN Installer ${__script_version}"
echo -e "##############################################################################${__colors_default}\\n"
__eubnt_show_notice "${1:-}"
}
# Print text to the screen
# $1: The text to display
function __eubnt_show_text() {
if [[ -n "${1:-}" ]]; then
__eubnt_echo_and_log "${__colors_default}${1}${__colors_default}\\n"
fi
}
# Print a notice to the screen
# $1: The notice to display
function __eubnt_show_notice() {
if [[ -n "${1:-}" ]]; then
__eubnt_echo_and_log "${__colors_notice_text}${1}${__colors_default}\\n"
fi
}
# Print a success message to the screen
# $1: The message to display
function __eubnt_show_success() {
if [[ -n "${1:-}" ]]; then
__eubnt_echo_and_log "${__colors_success_text}${1}${__colors_default}\\n"
fi
}
# Print a warning to the screen
# $1: The warning to display
# $2: Can be set to "none" to not show the "WARNING:" prefix
function __eubnt_show_warning() {
if [[ -n "${1:-}" ]]; then
local warning_prefix=
if [[ "${2:-}" != "none" ]]; then
warning_prefix="WARNING: "
fi
__eubnt_echo_and_log "${__colors_warning_text}${warning_prefix}${1}${__colors_default}\\n"
fi
}
# Print the license and disclaimer for this script to the screen
function __eubnt_show_license() {
__eubnt_show_text "MIT License\\nCopyright (c) 2018 SprockTech, LLC and contributors\\n"
__eubnt_show_notice "${__script_contributors:-}\\n"
__eubnt_show_warning "This script will guide you through installing and upgrading
the UniFi SDN Controller from UBNT, and securing this system
according to best practices. It is intended to work on systems that
will be dedicated to running the UniFi SDN Controller.\\n
THIS SCRIPT IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND!\\n"
__eubnt_show_text "Read the full MIT License for this script here:
https://github.com/sprockteam/easy-ubnt/raw/master/LICENSE\\n"
}
### User input functions
##############################################################################
# Display a yes or know question and proceed accordingly based on the answer
# $1: The question to use instead of the default question
# $2: Can be set to "return" if an error should be returned instead of exiting
# $3: Can be set to "n" if the default answer should be no instead of yes
###
# If no answer is given, the default answer is used
# If the script it running in "quiet mode" then the default answer is used without prompting
function __eubnt_question_prompt() {
local yes_no=
local default_question="Do you want to proceed?"
local default_answer="y"
if [[ "${3:-}" = "n" ]]; then
default_answer="n"
fi
if [[ -n "${__quick_mode:-}" ]]; then
yes_no="${default_answer}"
fi
while [[ ! "${yes_no}" =~ (^[Yy]([Ee]?|[Ee][Ss])?$)|(^[Nn][Oo]?$) ]]; do
echo -e -n "${__colors_notice_text}${1:-$default_question} (y/n, default ${default_answer})${__colors_default} "
read -r yes_no
echo -e -n "\\r"
if [[ "${yes_no}" = "" ]]; then
yes_no="${default_answer}"
fi
done
__eubnt_add_to_log "${1:-$default_question} ${yes_no}"
case "${yes_no}" in
[Nn]*)
echo
if [[ "${2:-}" = "return" ]]; then
return 1
else
exit
fi;;
[Yy]*)
echo
return 0;;
esac
}
# Display a question and return full user input
# $1: The question to ask, there is no default question so one must be set
# $2: The variable to assign the answer to, this must also be set
# $3: Can be set to "optional" to allow for an empty response to bypass the question
###
# No validation is done on use the input within this function, must be done after the answer has been returned
function __eubnt_get_user_input() {
local user_input=
if [[ -n "${1:-}" && -n "${2:-}" ]]; then
while [[ -z "${user_input}" ]]; do
echo -e -n "${__colors_notice_text}${1}${__colors_default} "
read -r user_input
echo -e -n "\\r"
if [[ "${3:-}" = "optional" ]]; then
break
fi
done
__eubnt_add_to_log "${1} ${user_input}"
eval "${2}=\"${user_input}\""
fi
}
### Logging and task functions
##############################################################################
# Add to the log file
# $1: The message to log
function __eubnt_add_to_log() {
if [[ -n "${1:-}" ]]; then
echo "${1}" | sed -r 's/\^\[.*m//g' >>"${__script_log}"
fi
}
# Echo to the screen and log file
# $1: The message to echo
# $2: Optional file to pipe echo output to
# $3: If set to "append" then the message is appended to file specified in $2
function __eubnt_echo_and_log() {
if [[ -n "${1:-}" ]]; then
if [[ -n "${2:-}" ]]; then
if [[ "${3:-}" = "append" ]]; then
echo "${1}" | tee -a "${2}"
else
echo "${1}" | tee "${2}"
fi
else
echo -e -n "${1}"
fi
__eubnt_add_to_log "${1}"
fi
}
# Get the latest UniFi SDN controller minor version for the major version given
# $1: The major version number to check (i.e. "5.9")
# $2: The variable to assign the returned minor version to
# $3: If set to "url" then return the full URL to the download file instead of just the version number
function __eubnt_get_latest_unifi_version() {
if [[ -n "${1:-}" && -n "${2:-}" ]]; then
local ubnt_download="http://dl.ubnt.com/unifi/debian/dists"
local unifi_version_full=$(wget --quiet --output-document - "${ubnt_download}/unifi-${1}/ubiquiti/binary-amd64/Packages" | grep "Version" | sed 's/Version: //')
if [[ "${3:-}" = "url" ]]; then
local deb_url="${ubnt_download}/pool/ubiquiti/u/unifi/unifi_${unifi_version_full}_all.deb"
eval "${2}=\"${deb_url}\""
else
local unifi_version_short=$(echo "${unifi_version_full}" | sed 's/-.*//')
eval "${2}=\"${unifi_version_short}\""
fi
fi
}
# Try to get the release notes for the given UniFi SDN version
# $1: The full version number to check (i.e. "5.9.29")
# $2: The variable to assign the filename with the release notes
function __eubnt_get_unifi_release_notes() {
if [[ -z "${1:-}" && -z "${2:-}" ]]; then
__eubnt_show_warning "Invalid check for release notes at $(caller)"
return 1
fi
local download_url=""
local found_version=""
local version_major="&filter=eq~~version_major~~$(echo "${1}" | cut --fields 1 --delimiter '.')"
local version_minor="&filter=eq~~version_minor~~$(echo "${1}" | cut --fields 2 --delimiter '.')"
local version_patch="&filter=eq~~version_patch~~$(echo "${1}" | cut --fields 3 --delimiter '.')"
local ubnt_update_api="https://fw-update.ubnt.com/api/firmware"
local update_url="${ubnt_update_api:-}?filter=eq~~product~~unifi-controller&filter=eq~~platform~~document${version_major}${version_minor}${version_patch}&limit=1"
local release_notes_url="$(wget --quiet --output-document - "${update_url:-}" | grep --max-count=1 "changelog/unifi-controller" | sed 's|.*"href": "||' | sed 's|"||')"
local release_notes_file="$(mktemp)"
__eubnt_add_to_log "Trying to get release notes from: ${release_notes_url:-}"
if wget --quiet --output-document - "${release_notes_url:-}" | sed '/#### Recommended Firmware:/,$d' 1>"${release_notes_file:-}"; then
if [[ -f "${release_notes_file:-}" && -s "${release_notes_file:-}" ]]; then
eval "${2}=\"${release_notes_file}\""
return 0
fi
fi
return 1
}
# A wrapper to run commands, display a nice message and handle errors gracefully
# $1: The full command to run as a string
# $2: If set to "foreground" then the command will run in the foreground, if set to "quiet" the output will be directed to the log file, if set to "return" then output will be assigned to variable named in $3
# $3: Name of variable to assign output value of the command if $2 is set to "return"
###
# Make sure the command seems valid
# Run the command in the background and show a spinner (https://unix.stackexchange.com/a/225183)
# Run the command in the foreground when in verbose mode
# Wait for the command to finish and get the exit code (https://stackoverflow.com/a/1570356)
function __eubnt_run_command() {
if [[ -n "${1:-}" ]]; then
local background_pid=
local command_output=
local command_return=
declare -a full_command=()
IFS=' ' read -r -a full_command <<< "${1}"
if [[ ! $(command -v "${full_command[0]}") ]]; then
local found_package=
local unknown_command="${full_command[0]}"
__eubnt_install_package "apt-file"
if [[ "${unknown_command}" != "apt-file" ]]; then
__eubnt_run_command "apt-file update"
__eubnt_run_command "apt-file --package-only --regexp search .*bin\\/${unknown_command}$" "return" "found_package"
if [[ -n "${found_package:-}" ]]; then
__eubnt_install_package "${found_package}"
else
__eubnt_show_error "Unknown command ${unknown_command} at $(caller)"
return 1
fi
fi
fi
if [[ "${full_command[0]}" != "echo" ]]; then
__eubnt_add_to_log "${1}"
fi
if [[ ( -n "${__verbose_output:-}" && "${2:-}" != "quiet" ) || "${2:-}" = "foreground" || "${full_command[1]}" = "echo" || ( "${2:-}" != "return" && -n "${__is_experimental:-}" ) ]]; then
if [[ -n "${__is_experimental:-}" ]]; then
echo "${1}"
fi
"${full_command[@]}" | tee -a "${__script_log}"
command_return=$?
elif [[ "${2:-}" = "quiet" ]]; then
"${full_command[@]}" &>>"${__script_log}" || __eubnt_show_warning "Unable to run ${1} at $(caller)\\n"
command_return=$?
elif [[ "${2:-}" = "return" ]]; then
command_output=$(mktemp)
if [[ -n "${__is_experimental:-}" ]]; then
echo "${1}"
"${full_command[@]}" &>>"${command_output}"
command_return=$?
else
"${full_command[@]}" &>>"${command_output}" &
background_pid=$!
fi
else
"${full_command[@]}" &>>"${__script_log}" &
background_pid=$!
fi
if [[ -n "${background_pid:-}" ]]; then
local i=0
while [[ -d /proc/$background_pid ]]; do
echo -e -n "\\rRunning ${1} [${__spinner:i++%${#__spinner}:1}]"
sleep 0.5
if [[ $i -gt 360 ]]; then
break
fi
done
wait $background_pid
command_return=$?
if [[ ${command_return} -gt 0 ]]; then
__eubnt_echo_and_log "\\rRunning ${1} [x]\\n"
else
__eubnt_echo_and_log "\\rRunning ${1} [\\xE2\\x9C\\x93]\\n"
fi
fi
if [[ "${2:-}" = "return" && -n "${3:-}" && -e "${command_output:-}" && -s "${command_output:-}" && ${command_return} -eq 0 ]]; then
# shellcheck disable=SC2086
eval "${3}=$(cat ${command_output})"
rm "${command_output}"
fi
if [[ ${command_return} -gt 0 ]]; then
return 1
else
return 0
fi
fi
__eubnt_show_warning "No command given at $(caller)\\n"
return 1
}
# Add a source list to the system
# $1: The source information to use
# $2: The name of the source list file to make on the local machine
# $3: A search term to use when checking if the source list should be added
function __eubnt_add_source() {
if [[ "${1:-}" && "${2:-}" && "${3:-}" ]]; then
if [[ ! $(find /etc/apt -name "*.list" -exec grep "${3}" {} \;) ]]; then
__eubnt_echo_and_log "deb ${1}" "${__apt_sources_dir}/${2}"
return 0
else
__eubnt_add_to_log "Skipping add source for ${1}"
return 1
fi
fi
}
# Add a package signing key to the system if needed
# $1: The 32-bit hex fingerprint of the key to add
function __eubnt_add_key() {
if [[ "${1:-}" ]]; then
if ! apt-key list 2>/dev/null | grep --quiet "${1:0:4}.*${1:4:4}"; then
__eubnt_run_command "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key ${1}"
fi
fi
}
# Check if is package is installed
# $1: The name of the package to check
function __eubnt_is_package_installed() {
if [[ -z "${1:-}" ]]; then
return 1
fi
local package_name=$(echo "${1}" | sed 's/=.*//')
if dpkg --list "${package_name}" 2>/dev/null | grep --quiet "^i"; then
return 0
else
return 1
fi
}
# Install package if needed and handle errors gracefully
# $1: The name of the package to install
# $2: An optional target release to use
# $3: If set to "return" then return a status
function __eubnt_install_package() {
if [[ "${1:-}" ]]; then
local target_release
if ! apt-get install --simulate "${1}" &>/dev/null; then
__eubnt_setup_sources "os"
__eubnt_run_command "apt-get update"
__eubnt_run_command "apt-get install --fix-broken --yes"
__eubnt_run_command "apt-get autoremove --yes"
fi
if apt-get install --simulate "${1}" &>/dev/null; then
if ! __eubnt_is_package_installed "${1}"; then
local i=0
while lsof /var/lib/dpkg/lock &>/dev/null; do
echo -e -n "\\rWaiting for package manager to become available... [${__spinner:i++%${#__spinner}:1}]"
sleep 0.5
done
__eubnt_echo_and_log "\\rWaiting for package manager to become available... [\\xE2\\x9C\\x93]\\n"
export DEBIAN_FRONTEND=noninteractive
if [[ -n "${2:-}" ]]; then
__eubnt_run_command "apt-get install --quiet --no-install-recommends --yes --target-release ${2} ${1}" "${3:-}"
else
__eubnt_run_command "apt-get install --quiet --no-install-recommends --yes ${1}" "${3:-}"
fi
else
__eubnt_echo_and_log "Package ${1} already installed [\\xE2\\x9C\\x93]\\n"
if [[ "${3:-}" = "return" ]]; then
return 0
fi
fi
else
__eubnt_show_error "Unable to install package ${1} at $(caller)"
if [[ "${3:-}" = "return" ]]; then
return 1
fi
fi
fi
}
### Parse commandline options
##############################################################################
# Basic way to get command line options
# TODO: Incorporate B3BP methods here
while getopts ":aqvx" options; do
case "${options}" in
a)
__eubnt_add_to_log "Accepted license via command line option"
__accept_license=true;;
q)
__eubnt_add_to_log "Running script in quick mode"
__quick_mode=true;;
v)
__eubnt_add_to_log "Running script with verbose screen output"
__verbose_output=true;;
x)
__eubnt_add_to_log "Running script with tracing turned on for debugging"
set -o xtrace
__script_debug=true;;
*)
break;;
esac
done
### Main script functions
##############################################################################
# Setup source lists for later use in the script
# $1: If set to "os" then only setup core repos for the OS
###
# Ubuntu: Setup alternative source lists to get certain packages
# Debian: Make sure the dirmngr package is installed so keys can be validated
# Certbot: Debian distribution sources include it, add sources for Ubuntu except Precise
# Java: Use WebUpd8 repository for Precise and Trust era OSes (https://gist.github.com/pyk/19a619b0763d6de06786 | https://askubuntu.com/a/190674)
# Java: Use the core distribution sources to get Java for all others
# Mongo: Official repository only distributes 64-bit packages, not compatible with Wheezy
# Mongo: UniFi will install it from distribution sources if needed
# UniFi: Add UBNT package signing key here, add source list later depending on the chosen version
# shellcheck disable=SC2120
function __eubnt_setup_sources() {
local do_apt_update=
if [[ -n "${__is_ubuntu:-}" ]]; then
__eubnt_add_source "http://archive.ubuntu.com/ubuntu ${__os_version_name} main universe" "${__os_version_name}-archive.list" "archive\\.ubuntu\\.com.*${__os_version_name}.*main" && do_apt_update=true
__eubnt_add_source "http://security.ubuntu.com/ubuntu ${__os_version_name}-security main universe" "${__os_version_name}-security.list" "security\\.ubuntu\\.com.*${__os_version_name}-security main" && do_apt_update=true
__eubnt_add_source "http://mirrors.kernel.org/ubuntu ${__os_version_name} main universe" "${__os_version_name}-mirror.list" "mirrors\\.kernel\\.org.*${__os_version_name}.*main" && do_apt_update=true
elif [[ -n "${__is_debian:-}" ]]; then
__eubnt_install_package "dirmngr"
__eubnt_add_source "http://ftp.debian.org/debian ${__os_version_name}-backports main" "${__os_version_name}-backports.list" "ftp\\.debian\\.org.*${__os_version_name}-backports.*main" && do_apt_update=true
fi
if [[ "${1:-}" != "os" ]]; then
if [[ -n "${__setup_source_java:-}" ]]; then
if [[ "${__os_version_name_ubuntu_equivalent:-}" = "precise" || "${__os_version_name:-}" = "trusty" ]]; then
__install_webupd8_java=true
echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | debconf-set-selections
__eubnt_add_source "http://ppa.launchpad.net/webupd8team/java/ubuntu ${__os_version_name_ubuntu_equivalent} main" "webupd8team-java.list" "ppa\\.launchpad\\.net.*${__os_version_name_ubuntu_equivalent}.*main" && do_apt_update=true
__eubnt_add_key "EEA14886" # WebUpd8 package signing key
else
__install_java=true
fi
fi
if [[ -n "${__setup_source_mongo:-}" ]]; then
local mongo_repo_distro=
local mongo_repo_url=
if [[ -n "${__is_64:-}" && -n "${__is_ubuntu:-}" ]]; then
if [[ "${__os_version_name}" = "precise" ]]; then
mongo_repo_distro="trusty"
elif [[ "${__os_version_name}" = "bionic" ]]; then
mongo_repo_distro="xenial"
else
mongo_repo_distro="${__os_version_name}"
fi
mongo_repo_url="http://repo.mongodb.org/apt/ubuntu ${mongo_repo_distro}/mongodb-org/3.4 multiverse"
elif [[ -n "${__is_64:-}" && -n "${__is_debian:-}" ]]; then
if [[ "${__os_version_name:-}" != "wheezy" ]]; then
mongo_repo_url="http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main"
__eubnt_add_source "http://ftp.debian.org/debian jessie-backports main" "jessie-backports.list" "ftp\\.debian\\.org.*jessie-backports.*main" && do_apt_update=true
fi
fi
if [[ -n "${mongo_repo_url:-}" ]]; then
if __eubnt_add_source "${mongo_repo_url}" "mongodb-org-3.4.list" "repo\\.mongodb\\.org.*3\\.4"; then
do_apt_update=true
fi
__eubnt_add_key "A15703C6" # Mongo package signing key
__install_mongo=true
fi
fi
if [[ -n "${__setup_source_certbot:-}" && -n "${__is_ubuntu:-}" ]]; then
if [[ "${__os_version_name:-}" != "precise" ]]; then
__eubnt_add_source "http://ppa.launchpad.net/certbot/certbot/ubuntu ${__os_version_name} main" "certbot-ubuntu-certbot-${__os_version_name}.list" "ppa\\.laundpad\\.net.*${__os_version_name}.*main" && do_apt_update=true
__eubnt_add_key "75BCA694" # Certbot package signing key
fi
fi
__eubnt_add_key "C0A52C50" # UBNT package signing key
fi
if [[ -n "${do_apt_update:-}" ]]; then
__eubnt_run_command "apt-get update"
fi
}
# Collection of different fixes to do pre/post apt install/upgrade
###
# Try to fix broken installs
# Remove un-needed packages
# Remove cached source list information
# Fix for kernel files filling /boot in Ubuntu (https://askubuntu.com/a/90219)
# Update apt-get and apt-file
function __eubnt_install_fixes {
__eubnt_show_header "Running common pre-install fixes...\\n"
__eubnt_run_command "apt-get install --fix-broken --yes"
__eubnt_run_command "apt-get autoremove --yes"
__eubnt_run_command "apt-get clean --yes"
__eubnt_run_command "rm -rf /var/lib/apt/lists/*"
if [[ -n "${__is_ubuntu:-}" && -d /boot ]]; then
local configured_localhost=
if __eubnt_run_command "hostname --short" "return" "configured_localhost"; then
if ! grep --quiet "127\.0\.1\.1.*{configured_localhost}" /etc/hosts; then
sed -i "1s/^/127.0.1.1\t${configured_localhost}\n/" /etc/hosts
fi
fi
if [[ $(df /boot | awk '/\/boot/{gsub("%", ""); print $5}') -gt 50 ]]; then
declare -a files_in_boot=()
declare -a kernel_packages=()
__eubnt_show_text "Removing old kernel files from /boot"
while IFS=$'\n' read -r found_file; do files_in_boot+=("$found_file"); done < <(find /boot -maxdepth 1 -type f)
for boot_file in "${!files_in_boot[@]}"; do
kernel_version=$(echo "${files_in_boot[$boot_file]}" | grep --extended-regexp --only-matching "[0-9]+\\.[0-9]+(\\.[0-9]+)?(\\-{1}[0-9]+)?")
if [[ "${kernel_version}" = *"-"* && "${__os_kernel_version}" = *"-"* && "${kernel_version//-*/}" = "${__os_kernel_version//-*/}" && "${kernel_version//*-/}" -lt "${__os_kernel_version//*-/}" ]]; then
# shellcheck disable=SC2227
find /boot -maxdepth 1 -type f -name "*${kernel_version}*" -exec rm {} \; -exec echo Removing {} >>"${__script_log}" \;
fi
done
__eubnt_run_command "apt-get install --fix-broken --yes"
__eubnt_run_command "apt-get autoremove --yes"
while IFS=$'\n' read -r found_package; do kernel_packages+=("$found_package"); done < <(dpkg --list linux-{image,headers}-"[0-9]*" | awk '/linux/{print $2}')
for kernel in "${!kernel_packages[@]}"; do
kernel_version=$(echo "${kernel_packages[$kernel]}" | sed --regexp-extended 's/linux-(image|headers)-//g' | sed 's/[-][a-z].*//g')
if [[ "${kernel_version}" = *"-"* && "${__os_kernel_version}" = *"-"* && "${kernel_version//-*/}" = "${__os_kernel_version//-*/}" && "${kernel_version//*-/}" -lt "${__os_kernel_version//*-/}" ]]; then
__eubnt_run_command "apt-get purge --yes ${kernel_packages[$kernel]}"
fi
done
fi
fi
__eubnt_run_command "apt-get update"
__eubnt_run_command "apt-file update"
}
# Install basic system utilities and dependencies needed for successful script run
function __eubnt_install_updates_utils() {
__eubnt_show_header "Installing utilities and updates...\\n"
__eubnt_install_package "software-properties-common"
__eubnt_install_package "apt-transport-https"
__eubnt_install_package "unattended-upgrades"
__eubnt_install_package "sudo"
__eubnt_install_package "curl"
__eubnt_install_package "net-tools"
__eubnt_install_package "dnsutils"
__eubnt_install_package "psmisc"
__eubnt_install_package "binutils"
if [[ -n "${__hold_java:-}" ]]; then
__eubnt_run_command "apt-mark hold ${__hold_java}"
fi
if [[ -n "${__hold_mongo:-}" ]]; then
__eubnt_run_command "apt-mark hold ${__hold_mongo}"
fi
if [[ -n "${__hold_unifi:-}" ]]; then
__eubnt_run_command "apt-mark hold ${__hold_unifi}"
fi
echo
if apt-get dist-upgrade --simulate | grep --quiet "^Inst"; then
if __eubnt_question_prompt "Do you want to upgrade all currently installed packages?" "return"; then
__eubnt_run_command "apt-get dist-upgrade --yes"
fi
fi
if [[ -n "${__hold_java:-}" ]]; then
__eubnt_run_command "apt-mark unhold ${__hold_java}"
fi
if [[ -n "${__hold_mongo:-}" ]]; then
__eubnt_run_command "apt-mark unhold ${__hold_mongo}"
fi
if [[ -n "${__hold_unifi:-}" ]]; then
__eubnt_run_command "apt-mark unhold ${__hold_unifi}"
fi
__run_autoremove=true
}
# Use haveged for better entropy generation from @ssawyer (https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Controller-Linux-Install-Issues/m-p/1324455/highlight/true#M116452)
# Virtual memory tweaks from @adrianmmiller
function __eubnt_system_tweaks() {
__eubnt_show_header "Tweaking system for performance and security...\\n"
if ! __eubnt_is_package_installed "haveged"; then
if __eubnt_question_prompt "Do you want to install a better entropy generator?" "return"; then
__eubnt_install_package "haveged"
fi
fi
echo
if [[ $(cat /proc/sys/vm/swappiness) -ne 10 || $(cat /proc/sys/vm/vfs_cache_pressure) -ne 50 ]]; then
if __eubnt_question_prompt "Do you want adjust the system to prefer RAM over virtual memory?" "return"; then
__eubnt_run_command "sysctl vm.swappiness=10"
__eubnt_run_command "sysctl vm.vfs_cache_pressure=50"
fi
fi
}
# Install OpenJDK Java 8 if available from distribution sources
# Install WebUpd8 Java if OpenJDK is not available from the distribution
function __eubnt_install_java() {
if [[ -n "${__install_webupd8_java:-}" || -n "${__install_java:-}" ]]; then
__eubnt_show_header "Installing Java...\\n"
if [[ -n "${__install_webupd8_java:-}" ]]; then
__eubnt_install_package "oracle-java8-installer"
__eubnt_install_package "oracle-java8-set-default"
else
local target_release=
if [[ "${__os_version_name:-}" = "jessie" ]]; then
target_release="${__os_version_name}-backports"
fi
__eubnt_install_package "ca-certificates-java" "${target_release:-}"
__eubnt_install_package "openjdk-8-jre-headless" "${target_release:-}"
fi
__eubnt_install_package "jsvc"
__eubnt_install_package "libcommons-daemon-java"
fi
}
# Purge MongoDB if desired and UniFi SDN is not installed
function __eubnt_purge_mongo() {
if [[ -n "${__purge_mongo:-}" && -z "${__is_unifi_installed:-}" ]]; then
__eubnt_show_header "Purging MongoDB...\\n"
apt-get purge --yes "mongodb*"
rm "${__apt_sources_dir}/mongodb"*
__eubnt_run_command "apt-get update"
fi
}
# Install MongoDB 3.4 from the official MongoDB repo
# Only available for 64-bit
function __eubnt_install_mongo()
{
if [[ -n "${__is_64:-}" && -n "${__install_mongo:-}" ]]; then
__eubnt_show_header "Installing MongoDB...\\n"
__eubnt_install_package "mongodb-org=3.4.*"
fi
}
# Show install/reinstall/update options for UniFi SDN
function __eubnt_install_unifi()
{
__eubnt_show_header "Installing UniFi SDN Controller...\\n"
local selected_unifi_version=
local latest_unifi_version=
declare -a unifi_supported_versions=(5.6 5.8 5.9)
declare -a unifi_historical_versions=(5.4 5.5 5.6 5.8 5.9)
declare -a unifi_versions_to_install=()
declare -a unifi_versions_to_select=()
if [[ -n "${__unifi_version_installed:-}" ]]; then
__eubnt_show_notice "Version ${__unifi_version_installed} is currently installed\\n"
fi
if [[ -n "${__quick_mode:-}" ]]; then
if [[ -n "${__unifi_version_installed:-}" ]]; then
selected_unifi_version="${__unifi_version_installed:0:3}"
else
selected_unifi_version="${__unifi_version_stable}"
fi
else
for version in "${!unifi_supported_versions[@]}"; do
if [[ -n "${__unifi_version_installed:-}" ]]; then
if [[ "${unifi_supported_versions[$version]:0:3}" = "${__unifi_version_installed:0:3}" ]]; then
if [[ -n "${__unifi_update_available:-}" ]]; then
unifi_versions_to_select+=("${__unifi_update_available}")
else
unifi_versions_to_select+=("${__unifi_version_installed}")
fi
elif [[ "${unifi_supported_versions[$version]:2:1}" -gt "${__unifi_version_installed:2:1}" ]]; then
__eubnt_get_latest_unifi_version "${unifi_supported_versions[$version]}" "latest_unifi_version"
unifi_versions_to_select+=("${latest_unifi_version}")
fi
else
__eubnt_get_latest_unifi_version "${unifi_supported_versions[$version]}" "latest_unifi_version"
unifi_versions_to_select+=("${latest_unifi_version}")
fi
done
unifi_versions_to_select+=("Skip")
__eubnt_show_notice "Which controller do you want to (re)install or upgrade to?\\n"
select version in "${unifi_versions_to_select[@]}"; do
case "${version}" in
"")
selected_unifi_version="${__unifi_version_stable}"
break;;
*)
if [[ "${version}" = "Skip" ]]; then
return 0
fi
selected_unifi_version="${version:0:3}"
break;;
esac
done
fi
if [[ -n "${__unifi_version_installed:-}" ]]; then
for step in "${!unifi_historical_versions[@]}"; do
__eubnt_get_latest_unifi_version "${unifi_historical_versions[$step]}" "latest_unifi_version"
if [[ (("${unifi_historical_versions[$step]:2:1}" -eq "${__unifi_version_installed:2:1}" && "${latest_unifi_version}" != "${__unifi_version_installed}") || "${unifi_historical_versions[$step]:2:1}" -gt "${__unifi_version_installed:2:1}") && "${unifi_historical_versions[$step]:2:1}" -le "${selected_unifi_version:2:1}" ]]; then
unifi_versions_to_install+=("${unifi_historical_versions[$step]}")
fi
done
if [[ "${#unifi_versions_to_install[@]}" -eq 0 ]]; then
unifi_versions_to_install=("${__unifi_version_installed:0:3}")
fi
else
unifi_versions_to_install=("${selected_unifi_version}")
fi
for version in "${!unifi_versions_to_install[@]}"; do
__eubnt_install_unifi_version "${unifi_versions_to_install[$version]}"
done
__eubnt_run_command "service unifi start"
}
# Installs the latest minor version for the given major UniFi SDN version
# $1: The major version number to install
# TODO: Try to recover if install fails
function __eubnt_install_unifi_version()
{
if [[ "${1:-}" ]]; then
unifi_install_this_version="${1}"
else
__eubnt_show_error "No UniFi SDN version specified to install"
fi
if __eubnt_add_source "http://www.ubnt.com/downloads/unifi/debian unifi-${unifi_install_this_version} ubiquiti" "100-ubnt-unifi.list" "www\\.ubnt\\.com.*unifi-${unifi_install_this_version}"; then
__eubnt_run_command "apt-get update" "quiet"
fi
unifi_updated_version=$(apt-cache policy unifi | grep "Candidate" | awk '{print $2}' | sed 's/-.*//g')
if [[ "${__unifi_version_installed}" = "${unifi_updated_version}" ]]; then
__eubnt_show_notice "\\nUniFi SDN version ${__unifi_version_installed} is already installed\\n"
if __eubnt_question_prompt "Do you want to reinstall?" "return" "n"; then
echo "unifi unifi/has_backup boolean true" | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install --reinstall --yes unifi
fi
return 0
fi
__eubnt_show_header "Installing UniFi SDN version ${unifi_updated_version}...\\n"
if [[ -n "${__unifi_version_installed:-}" ]]; then
__eubnt_show_warning "Make sure you have a backup!\\n"
__eubnt_question_prompt
fi
local release_notes=
if __eubnt_get_unifi_release_notes "${unifi_updated_version}" "release_notes"; then
if __eubnt_question_prompt "Do you want to view the release notes?" "return" "n"; then
more "${release_notes}"
__eubnt_question_prompt
fi
fi
if [[ -f "/lib/systemd/system/unifi.service" ]]; then
__eubnt_run_command "service unifi restart"
fi
echo "unifi unifi/has_backup boolean true" | debconf-set-selections
if DEBIAN_FRONTEND=noninteractive apt-get install --yes unifi; then
__unifi_version_installed="${unifi_updated_version}"
tail --follow /var/log/unifi/server.log --lines=50 | while read -r log_line
do
if [[ "${log_line}" = *"${unifi_updated_version}"* ]]
then
__eubnt_show_success "\\n${log_line}\\n"
pkill --full tail
fi
done
sleep 1
else
if [[ -n "${__unifi_version_installed:-}" ]]; then
if __eubnt_add_source "http://www.ubnt.com/downloads/unifi/debian unifi-${__unifi_version_installed:0:3} ubiquiti" "100-ubnt-unifi.list" "www\\.ubnt\\.com.*unifi-${__unifi_version_installed:0:3}"; then
__eubnt_run_command "apt-get update" "quiet"
fi
fi
fi
}
# Based on solution by @Frankedinven (https://community.ubnt.com/t5/UniFi-Wireless/Lets-Encrypt-on-Hosted-Controller/m-p/2463220/highlight/true#M318272)
function __eubnt_setup_certbot() {
if [[ "${__os_version_name}" = "precise" || "${__os_version_name}" = "wheezy" ]]; then
return 0
fi
local source_backports=
local skip_certbot_questions=
local domain_name=