Problem deploying on UDM SE

[llaforest]

Sorry if it's obvious for some by I can't nail this deployment on my UDM SE. I see the /mnt/data changed to /data, this is fine. I see it needs docker, I tried installing it following instructions from https://github.com/unifi-utilities/unifios-utilities. Both from the README and some Issues I found. All the zip archives are expired so I don't know where I can get this.

It's not straight forward or maybe it's just me. If anyone can tell me if they succeed how they did deploy podman with a little bit of details. It doesn't exist on the UDM SE and all the procedure I see seem to talk about updating it.

Or maybe there is a simple way of not using podman for acme I don't know. I have read podman will not persist a firmware update so I would be tempted to run acmesh directly from a folder in /data... Does this make sense

Let me know! Thanks.

[alxwolf]

Hi @llaforest

disclaimer first: I do not have a UDM SE so cannot verify anything, and you seem to well understand the differences between the UDM (Basic and Pro) and the UDM SE firmware differences, with the UDM SE running UniFiOS on the "bare metal", not via podman.

On boostchicken's repository I find this explanation on how to get Podman going on a UDM-SE.

Does that maybe help?

And yes, running acme.sh directly from filesystem could be a feasible way, too. I have not tried it. There may be some commands / components not available on a bare-bone UDM (Pro or SE), which are part of the acme.sh container.

Latest when Ubiquiti switches to V2.x for the UDM(P), this will have to be investigated more deeply, so looking forward to your experience with that.

Regards Alex

[llaforest]

Hello @alxwolf, thanks for the reply. I continued to investigate and created my own fork (https://github.com/llaforest/ubios-cert). It's not yet complete but almost working on UDM SE. I will test it right after on a UDM Pro. Then we can discuss, review and maybe we merge if you feel it goes your way. From what I understand, it would not be easy to persist a firmware update with podman as it gets removed. So this is why I moved away from it instead of fighting to get it installed.

[alxwolf]

Just had a quick glimpse at it and it already looks pretty good @llaforest!

Would be a huge step forward anticipating the move from 1.x to 2.x for the "older" units, Thank You!

[llaforest]

You can look at my repo, I would suggest you also try it if you have some time. I ran it on my UDM SE and on a UDM Pro using the README and both passed.

[alxwolf]

You can look at my repo, I would suggest you also try it if you have some time.

Doing that right now, pulled your fork in the baremetal branch here.

Love this part: sed -i 's#/mnt/data#/data#g' "${SCRIPT_DIR}/ubios-cert/ubios-cert.env" "${SCRIPT_DIR}/ubios-cert/ubios-cert.sh" "${SCRIPT_DIR}/ubios-cert/on_boot.d/99-ubios-cert.sh"

[llaforest]

Great! It looks good. I saw you even merged baremetal at his time! I will give it a try on my UDM-SE and UDM-Pro of my niece. Will let you know.

[alxwolf]

OK, next step then is to get of podman completely as acme.sh seems to run also fine on V1.x.

Created a branch native_acmefor that.

[llaforest]

I don't get it, podman is out completely, no? The only place it's found is when updating guest portal as it needs to be done inside a container running on UDM-Pro...

[alxwolf]

Of course, you're right. Disregard... and there we need to call podman as the certs are stored under /data/unifi-core/config (with /data being a symbolic link to /mnt/data/unifi-os on the UDM/P), but the key store is part of the container's volume...

Removed the branch, seems like we're done! The acme.sh podman container is gone... Thanks.

[llaforest]

Yeah we're good! Issue can be closed.