mimugmail repo: Upcoming Unifi Plugin Upgrade will break your config

[mimugmail]

EDIT: This only affects you if you have enabled my comunity repo: https://www.routerperformance.net/opnsense-repo/

Hi,

for a couple of months there were no updates on the community repo, cause of the fact that FreeBSD updated the unifi7 port with v7.4 that it get's bundled with mongodb4.4 instead of mongodb3.6 (which is EoL). The problem is, that there is no upgrade path between 3.6 to 4.4 and Unifi solved this in Windows/Linux a different way than the FreeBSD guys :)

So, in my tests I failed 100% of all upgrade from 7.3 to 7.4 or 7.5, which means, after upgrade you can use your wifi but can't login into the controller. To fix this, you need download a backup of Unifi and head over to CLI:



service unifi stop

pkg remove os-unifi7-maxit unifi7

rm -rf /usr/local/share/java/unifi/*

pkg install os-unifi7-maxit



Browse to your controller and restore from backup.



If you know a better way, I'm happy for any help.

Right now I need to do this cause of the openssl111 trouble beginning with 23.7.7 (where FreeBSD is responsible, not OPNsense).

[meyergru]

Is the transition already active? I am asking because I did not have the plugin installed as of yet and wanted to try as a fresh install. Neither of the two plugins os-unifi7-maxit and os-unifi-maxinit can be installed because of missing dependencies on openssl:

Code Select Expand

pkg: libevent has a missing dependency: openssl
pkg: mongodb36 has a missing dependency: openssl


Also, I was surprised to see a mongodb36 dependency on both packages, I should have expected mongodb44 in os-unifi7-maxit?

[mimugmail]

As I said, "upcoming", it's a warning everyone using it should take a backup before I push the release.

[v4npro]

Thanks mimugmail. Patiently waiting for release.

Hi,

for a couple of months there were no updates on the community repo, cause of the fact that FreeBSD updated the unifi7 port with v7.4 that it get's bundled with mongodb4.4 instead of mongodb3.6 (which is EoL). The problem is, that there is no upgrade path between 3.6 to 4.4 and Unifi solved this in Windows/Linux a different way than the FreeBSD guys :)

So, in my tests I failed 100% of all upgrade from 7.3 to 7.4 or 7.5, which means, after upgrade you can use your wifi but can't login into the controller. To fix this, you need download a backup of Unifi and head over to CLI:



service unifi stop

pkg remote os-unifi7-maxit unifi7

rm -rf /usr/local/share/java/unifi/*

pkg install os-unifi7-maxit



Browse to your controller and restore from backup.



If you know a better way, I'm happy for any help.

Right now I need to do this cause of the openssl111 trouble beginning with 23.7.7 (where FreeBSD is responsible, not OPNsense).

[mimugmail]

Just updated the repo ... be prepared:

https://www.reddit.com/r/opnsense/comments/17hl1ge/opnsense_community_repo_updated_fixes_openssl111/

[DEC670airp414user]

which unifi plugin are you talking about exactly.

I am not seeing anything in the system > firmware > plugins about unifi

I have a separate cloud key controller.     is doing an open sense update going to break my Vlans? or what exactly is this

[cookiemonster]

will only appear if you have enabled his repository.

[DEC670airp414user]

will only appear if you have enabled his repository.

I figured this was the case.  but this is a very vague post under General.

either way the heads up is appreciated.  and glad I do not have to worry about this issue..

thank you for what you do @ mimugmail

[franco]

Yeah I agree, we should clarify in the subject of the first post that this is about the mimugmail repo?


Cheers,
Franco

[mimugmail]

I edited the main post :)

As there are around 1000 activations of the repo per month I thought it might be of broader use and posting in general is fine :)

[CJ]

Perhaps there needs to be either a separate Plugin (or even mimugmail :) ) forum section like there is for Zenarmor.

This could help with people better understanding what capabilities are part of the core OPNSense and what aren't.

[v4npro]

Thank you mimugmail. I'm up and running.

Just updated the repo ... be prepared:

https://www.reddit.com/r/opnsense/comments/17hl1ge/opnsense_community_repo_updated_fixes_openssl111/

[meyergru]

For me, it does not work. It is acting strange, like for example it installs both OpenJDK8 and OpenJDK17.

When I enable the daemon, expecting to have a Web GUI on port 8080 for initial configuration, the process starts (can see it with ps) but exits after a few seconds with no log messages.

I added this to fstab and mounted like it is said in the log messages:

Code Select Expand


fdesc   /dev/fd         fdescfs         rw      0       0
proc    /proc           procfs          rw      0       0


unifi user and group has been added as well.

When I start the process as shown in ps manually, it runs and does not stop:

Code Select Expand


# cd /usr/local/share/java/unifi/
# /usr/local/openjdk17/bin/java -Djava.awt.headless=true -Xmx1024M --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.time=ALL-UNNAMED --add-opens java.base/sun.security.util=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED --add-opens java.rmi/sun.rmi.transport=ALL-UNNAMED -jar lib/ace.jar start


However, unifi controller did not listen to port 8080.

Later, I found that it collides with crowdsec already running on port 8080 (there should be a warning about that). But even after I disabled crowdsec, uninstalled unifi, deleted /usr/local/share/java/unifi, reinstalled unifi and started over, I now only get "HTTP Status 404 – Not Found" on either https://opnsense:8443 or http://opnsense:8080.

I can see no obvious errors in the unifi log files, mongodb seems to run as well.

P.S.: After just a while of waiting, it suddenly shows a Web GUI now, so what is left is:

1. Crowdsec port 8080 collides with unifi.
2. Both OpenDSK8 and OpenJDK17 are installed - as far as I can see, only OpenJDK17 is used.
3. There should be a hint to delete /usr/local/share/java/unifi and re-install unifi if something goes wrong.
4. The Help page should warn about the slow startup.

[mimugmail]

The colliding port message is already there when you enable the Service, isnt there a yellow warning Box?

[meyergru]

No, none that I was aware of. It is easy to have Crowdsec on another LAPI port, just that 8080 is the default.
I wanted to test only anyway, I usually have Unifi Controller running under Proxmox.