Merge 411422cbc7 into e80cea2573

2025-03-05 20:59:58 -08:00 · 2024-08-05 15:14:13 +00:00
3 changed files with 62 additions and 54 deletions
--- a/README.md
+++ b/README.md
@ -70,45 +70,48 @@ Starting with version 8.1 of Unifi Network Application, mongodb 3.6 through 7.0
 **MongoDB >4.4 on X86_64 Hardware needs a CPU with AVX support. Some lower end Intel CPU models like Celeron and Pentium (before Tiger-Lake) more Details: [Advanced Vector Extensions - Wikipedia](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions#CPUs_with_AVX) don't support AVX, but you can still use MongoDB 4.4.**
-If you are using the [official mongodb container](https://hub.docker.com/_/mongo/), you can create your user using an `init-mongo.sh` file with the following contents (do not modify; copy/paste as is):
+If you are using the [official mongodb container](https://hub.docker.com/_/mongo/) in Version >=6, you can create your user using an `init-mongo.js` file with the following contents:
 ```js
 db.getSiblingDB("MONGO_DBNAME").createUser({user: "MONGO_USER", pwd: "MONGO_PASS", roles: [{role: "dbOwner", db: "MONGO_DBNAME"}]});
 db.getSiblingDB("MONGO_DBNAME_stat").createUser({user: "MONGO_USER", pwd: "MONGO_PASS", roles: [{role: "dbOwner", db: "MONGO_DBNAME_stat"}]});
 ```
 If you are using mongodb < 6.0, you can create a `init-mongo.sh` file with the following contents:
 ```sh
 #!/bin/bash
-if which mongosh > /dev/null 2>&1; then
+mongo <<EOF
-  mongo_init_bin='mongosh'
+use MONGO_DBNAME
 else
  mongo_init_bin='mongo'
 fi
 "${mongo_init_bin}" <<EOF
 use "{MONGO_AUTHSOURCE}"
 db.auth("${MONGO_INITDB_ROOT_USERNAME}", "${MONGO_INITDB_ROOT_PASSWORD}")
 use "${MONGO_DBNAME}"
 db.createUser({
-  user: "${MONGO_USER}",
+  user: "MONGO_USER",
-  pwd: "${MONGO_PASS}",
+  pwd: "MONGO_PASS",
  roles: [
-    { db: "${MONGO_DBNAME}", role: "dbOwner" },
+    { db: "MONGO_DBNAME", role: "dbOwner" },
-    { db: "${MONGO_DBNAME}_stat", role: "dbOwner" }
+    { db: "MONGO_DBNAME_stat", role: "dbOwner" }
  ]
 })
 EOF
 ```
-Mount the sh file into your *mongodb* container, and make sure to set the env vars below with the same values you supplied to the Unifi container.
+Being sure to replace the placeholders with the same values you supplied to the Unifi container, and mount it into your *mongodb* container.
 For example:
  MongoDB >= 6.0:
  ```yaml
    unifi-db:
      image: docker.io/mongo:<version tag>
      container_name: unifi-db
      volumes:
        - /path/to/data:/data/db
        - /path/to/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
      restart: unless-stopped
  ```
  MongoDB < 6.0:
  ```yaml
    unifi-db:
      image: docker.io/mongo:<version tag>
      container_name: unifi-db
      environment:
        - MONGO_INITDB_ROOT_USERNAME=root
        - MONGO_INITDB_ROOT_PASSWORD=
        - MONGO_USER=unifi
        - MONGO_PASS=
        - MONGO_DBNAME=unifi
        - MONGO_AUTHSOURCE=admin
      volumes:
        - /path/to/data:/data/db
        - /path/to/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
@ -118,6 +121,8 @@ For example:
 *Note that the init script method will only work on first run. If you start the Mongodb container without an init script it will generate test data automatically and you will have to manually create your databases, or restart with a clean `/data/db` volume and an init script mounted.*
 *If you are using the provided init JS or SH snippets, do not also set `MONGO_INITDB_ROOT_USERNAME`, `MONGO_INITDB_ROOT_PASSWORD`, or any other "INITDB" values as they will cause conflicts. If you wish to enable Role Based Access Control (RBAC) in mongodb, you will have to create your own init JS or SH, or create the user and databases manually.*
 You can also run the commands directly against the database using either `mongo` (< 6.0) or `mongosh` (>= 6.0).
 ### Device Adoption
@ -175,10 +180,10 @@ services:
      - MONGO_HOST=unifi-db
      - MONGO_PORT=27017
      - MONGO_DBNAME=unifi
      - MONGO_AUTHSOURCE=admin
      - MEM_LIMIT=1024 #optional
      - MEM_STARTUP=1024 #optional
      - MONGO_TLS= #optional
      - MONGO_AUTHSOURCE= #optional
    volumes:
      - /path/to/unifi-network-application/data:/config
    ports:
@ -207,10 +212,10 @@ docker run -d \
  -e MONGO_HOST=unifi-db \
  -e MONGO_PORT=27017 \
  -e MONGO_DBNAME=unifi \
  -e MONGO_AUTHSOURCE=admin \
  -e MEM_LIMIT=1024 `#optional` \
  -e MEM_STARTUP=1024 `#optional` \
  -e MONGO_TLS= `#optional` \
  -e MONGO_AUTHSOURCE= `#optional` \
  -p 8443:8443 \
  -p 3478:3478/udp \
  -p 10001:10001/udp \
@ -248,10 +253,10 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e MONGO_HOST=unifi-db` | Mongodb Hostname. Only evaluated on first run. |
 | `-e MONGO_PORT=27017` | Mongodb Port. Only evaluated on first run. |
 | `-e MONGO_DBNAME=unifi` | Mongodb Database Name (stats DB is automatically suffixed with `_stat`). Only evaluated on first run. |
 | `-e MONGO_AUTHSOURCE=admin` | Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`. Only evaluated on first run. |
 | `-e MEM_LIMIT=1024` | Optionally change the Java memory limit (in Megabytes). Set to `default` to reset to default |
 | `-e MEM_STARTUP=1024` | Optionally change the Java initial/minimum memory (in Megabytes). Set to `default` to reset to default |
 | `-e MONGO_TLS=` | Mongodb enable [TLS](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.tls). Only evaluated on first run. |
 | `-e MONGO_AUTHSOURCE=` | Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`.Defaults to `MONGO_DBNAME`.Only evaluated on first run. |
 | `-v /config` | Persistent config files |
 ## Environment variables from files (Docker secrets)
@ -415,7 +420,6 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 ## Versions
 * **07.08.24:** - **Important**: The mongodb init instructions have been updated to enable auth ([RBAC](https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control)). We have been notified that if RBAC is not enabled, the official mongodb container allows remote access to the db contents over port 27017 without credentials. If you set up the mongodb container with the old instructions we provided, you should not map or expose port 27017. If you would like to enable auth, the easiest way is to create new instances of both unifi and mongodb with the new instructions and restore unifi from a backup.
 * **04.03.24:** - Install from zip package instead of deb.
 * **17.10.23:** - Add environment variables for TLS and authSource to support Atlas and new MongoDB versions.
 * **05.09.23:** - Initial release.
--- a/package_versions.txt
+++ b/package_versions.txt
@ -143,7 +143,7 @@ jmdns                                     3.4.1
 jna                                       5.12.1                                   java-archive                  
 joda-time                                 2.10.4                                   java-archive                  
 jq                                        1.6-2.1ubuntu3                           deb                           
-jrt-fs                                    17.0.12                                  java-archive                  
+jrt-fs                                    17.0.11                                  java-archive                  
 json                                      20231013                                 java-archive                  
 jsr305                                    3.0.1                                    java-archive                  
 jsr305                                    3.0.2                                    java-archive                  
@ -204,8 +204,8 @@ libkrb5-3                                 1.19.2-2ubuntu0.3
 libkrb5support0                           1.19.2-2ubuntu0.3                        deb                           
 libksba8                                  1.6.0-2ubuntu0.2                         deb                           
 liblcms2-2                                2.12~rc1-2build2                         deb                           
-libldap-2.5-0                             2.5.18+dfsg-0ubuntu0.22.04.2             deb                           
+libldap-2.5-0                             2.5.18+dfsg-0ubuntu0.22.04.1             deb                           
-libldap-common                            2.5.18+dfsg-0ubuntu0.22.04.2             deb                           
+libldap-common                            2.5.18+dfsg-0ubuntu0.22.04.1             deb                           
 liblz4-1                                  1.9.3-2build2                            deb                           
 liblzma5                                  5.2.5-2ubuntu1                           deb                           
 libmd0                                    1.0.4-1build1                            deb                           
@ -280,7 +280,7 @@ ncurses-base                              6.3-2ubuntu0.1
 ncurses-bin                               6.3-2ubuntu0.1                           deb                           
 netcat                                    1.218-4ubuntu1                           deb                           
 netcat-openbsd                            1.218-4ubuntu1                           deb                           
-openjdk-17-jre-headless                   17.0.12+7-1ubuntu2~22.04                 deb                           
+openjdk-17-jre-headless                   17.0.11+9-1~22.04.1                      deb                           
 openssh                                   1.0                                      java-archive                  
 openssl                                   3.0.2-0ubuntu1.16                        deb                           
 org.eclipse.paho.client.mqttv3            1.1.0                                    java-archive                  
--- a/readme-vars.yml
+++ b/readme-vars.yml
@ -35,7 +35,6 @@ param_env_vars:
  - { env_var: "MONGO_HOST", env_value: "unifi-db", desc: "Mongodb Hostname. Only evaluated on first run." }
  - { env_var: "MONGO_PORT", env_value: "27017", desc: "Mongodb Port. Only evaluated on first run." }
  - { env_var: "MONGO_DBNAME", env_value: "unifi", desc: "Mongodb Database Name (stats DB is automatically suffixed with `_stat`). Only evaluated on first run." }
  - { env_var: "MONGO_AUTHSOURCE", env_value: "admin", desc: "Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`. Only evaluated on first run." }
 # optional container parameters
 opt_param_usage_include_env: true
@ -43,6 +42,7 @@ opt_param_env_vars:
  - { env_var: "MEM_LIMIT", env_value: "1024", desc: "Optionally change the Java memory limit (in Megabytes). Set to `default` to reset to default" }
  - { env_var: "MEM_STARTUP", env_value: "1024", desc: "Optionally change the Java initial/minimum memory (in Megabytes). Set to `default` to reset to default" }
  - { env_var: "MONGO_TLS", env_value: "", desc: "Mongodb enable [TLS](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.tls). Only evaluated on first run." }
  - { env_var: "MONGO_AUTHSOURCE", env_value: "", desc: "Mongodb [authSource](https://www.mongodb.com/docs/manual/reference/connection-string/#mongodb-urioption-urioption.authSource). For Atlas set to `admin`.Defaults to `MONGO_DBNAME`.Only evaluated on first run." }
 opt_param_usage_include_ports: true
 opt_param_ports:
@ -67,45 +67,48 @@ app_setup_block: |
  **MongoDB >4.4 on X86_64 Hardware needs a CPU with AVX support. Some lower end Intel CPU models like Celeron and Pentium (before Tiger-Lake) more Details: [Advanced Vector Extensions - Wikipedia](https://en.wikipedia.org/wiki/Advanced_Vector_Extensions#CPUs_with_AVX) don't support AVX, but you can still use MongoDB 4.4.**
-  If you are using the [official mongodb container](https://hub.docker.com/_/mongo/), you can create your user using an `init-mongo.sh` file with the following contents (do not modify; copy/paste as is):
+  If you are using the [official mongodb container](https://hub.docker.com/_/mongo/) in Version >=6, you can create your user using an `init-mongo.js` file with the following contents:
  ```js
  db.getSiblingDB("MONGO_DBNAME").createUser({user: "MONGO_USER", pwd: "MONGO_PASS", roles: [{role: "dbOwner", db: "MONGO_DBNAME"}]});
  db.getSiblingDB("MONGO_DBNAME_stat").createUser({user: "MONGO_USER", pwd: "MONGO_PASS", roles: [{role: "dbOwner", db: "MONGO_DBNAME_stat"}]});
  ```
  If you are using mongodb < 6.0, you can create a `init-mongo.sh` file with the following contents:
  ```sh
  #!/bin/bash
-  if which mongosh > /dev/null 2>&1; then
+  mongo <<EOF
-    mongo_init_bin='mongosh'
+  use MONGO_DBNAME
  else
    mongo_init_bin='mongo'
  fi
  "${mongo_init_bin}" <<EOF
  use "{MONGO_AUTHSOURCE}"
  db.auth("${MONGO_INITDB_ROOT_USERNAME}", "${MONGO_INITDB_ROOT_PASSWORD}")
  use "${MONGO_DBNAME}"
  db.createUser({
-    user: "${MONGO_USER}",
+    user: "MONGO_USER",
-    pwd: "${MONGO_PASS}",
+    pwd: "MONGO_PASS",
    roles: [
-      { db: "${MONGO_DBNAME}", role: "dbOwner" },
+      { db: "MONGO_DBNAME", role: "dbOwner" },
-      { db: "${MONGO_DBNAME}_stat", role: "dbOwner" }
+      { db: "MONGO_DBNAME_stat", role: "dbOwner" }
    ]
  })
  EOF
  ```
-  Mount the sh file into your *mongodb* container, and make sure to set the env vars below with the same values you supplied to the Unifi container.
+  Being sure to replace the placeholders with the same values you supplied to the Unifi container, and mount it into your *mongodb* container.
  For example:
    MongoDB >= 6.0:
    ```yaml
      unifi-db:
        image: docker.io/mongo:<version tag>
        container_name: unifi-db
        volumes:
          - /path/to/data:/data/db
          - /path/to/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro
        restart: unless-stopped
    ```
    MongoDB < 6.0:
    ```yaml
      unifi-db:
        image: docker.io/mongo:<version tag>
        container_name: unifi-db
        environment:
          - MONGO_INITDB_ROOT_USERNAME=root
          - MONGO_INITDB_ROOT_PASSWORD=
          - MONGO_USER=unifi
          - MONGO_PASS=
          - MONGO_DBNAME=unifi
          - MONGO_AUTHSOURCE=admin
        volumes:
          - /path/to/data:/data/db
          - /path/to/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh:ro
@ -115,6 +118,8 @@ app_setup_block: |
  *Note that the init script method will only work on first run. If you start the Mongodb container without an init script it will generate test data automatically and you will have to manually create your databases, or restart with a clean `/data/db` volume and an init script mounted.*
  *If you are using the provided init JS or SH snippets, do not also set `MONGO_INITDB_ROOT_USERNAME`, `MONGO_INITDB_ROOT_PASSWORD`, or any other "INITDB" values as they will cause conflicts. If you wish to enable Role Based Access Control (RBAC) in mongodb, you will have to create your own init JS or SH, or create the user and databases manually.*
  You can also run the commands directly against the database using either `mongo` (< 6.0) or `mongosh` (>= 6.0).
  ### Device Adoption
@ -148,7 +153,6 @@ app_setup_block: |
 # changelog
 changelogs:
  - { date: "07.08.24:", desc: "**Important**: The mongodb init instructions have been updated to enable auth ([RBAC](https://www.mongodb.com/docs/manual/core/authorization/#role-based-access-control)). We have been notified that if RBAC is not enabled, the official mongodb container allows remote access to the db contents over port 27017 without credentials. If you set up the mongodb container with the old instructions we provided, you should not map or expose port 27017. If you would like to enable auth, the easiest way is to create new instances of both unifi and mongodb with the new instructions and restore unifi from a backup." }
  - { date: "04.03.24:", desc: "Install from zip package instead of deb." }
  - { date: "17.10.23:", desc: "Add environment variables for TLS and authSource to support Atlas and new MongoDB versions." }
  - { date: "05.09.23:", desc: "Initial release." }