Unifi - switch to a maintained upstream image (#1787)

* unifi - change upstream image

* bump common

* fix strategy and remove logs dir

* update templates

* bump

* update home link

* fix paths

* add scritp

* init

* name

* fix script

* update script

* update script

* fix ci val

* skip migration on later versiosn

* account for 3.9.4 helm

library/ix-dev/community/unifi-controller/Chart.yaml

@@ -3,9 +3,9 @@ description: Unifi Controller is a network management controller for Unifi Equip
 annotations:
   title: Unifi Controller
 type: application
-version: 1.1.3
+version: 1.2.0
 apiVersion: v2
-appVersion: 7.5.176
+appVersion: 7.5.187
 kubeVersion: '>=1.16.0-0'
 maintainers:
   - name: truenas
@@ -15,12 +15,12 @@ dependencies:
   - name: common
     repository: file://../../../common
     version: 1.2.3
-home: https://github.com/jacobalberty/unifi-docker
+home: https://github.com/goofball222/unifi
 icon: https://media.sys.truenas.net/apps/unifi-controller/icons/icon.png
 sources:
-  - https://github.com/jacobalberty/unifi-docker
+  - https://github.com/goofball222/unifi
   - https://github.com/truenas/charts/tree/master/library/ix-dev/community/unifi-controller
-  - https://hub.docker.com/r/jacobalberty/unifi
+  - https://hub.docker.com/r/goofball222/unifi
 keywords:
   - network
   - controller

library/ix-dev/community/unifi-controller/README.md

@@ -1,6 +1,6 @@
 # Unifi Controller
 
-[Unifi Controller](https://github.com/jacobalberty/unifi-docker) is a network management controller for Unifi Equipment.
+[Unifi Controller](https://github.com/goofball222/unifi) is a network management controller for Unifi Equipment.
 
 > When application is installed, a container will be launched with **root** privileges.
 > This is required in order to apply the correct permissions to the `Unifi Controller` directories.

library/ix-dev/community/unifi-controller/app-readme.md

@@ -1,6 +1,6 @@
 # Unifi Controller
 
-[Unifi Controller](https://github.com/jacobalberty/unifi-docker) is a network management controller for Unifi Equipment.
+[Unifi Controller](https://github.com/goofball222/unifi) is a network management controller for Unifi Equipment.
 
 > When application is installed, a container will be launched with **root** privileges.
 > This is required in order to apply the correct permissions to the `Unifi Controller` directories.

library/ix-dev/community/unifi-controller/ci/basic-values.yaml

@@ -1,4 +1,3 @@
 unifiStorage:
   data:
-    type: hostPath
-    hostPath: /mnt/{{ .Release.Namespace }}/data
+    type: pvc

library/ix-dev/community/unifi-controller/ci/extra-values.yaml

@@ -1,11 +1,9 @@
 unifiStorage:
   data:
-    type: hostPath
-    hostPath: /mnt/{{ .Release.Namespace }}/data
+    type: pvc
   additionalStorages:
-  - type: hostPath
-    hostPath: /mnt/{{ .Release.Namespace }}/init.d
-    mountPath: /unifi/init.d
+  - type: pvc
+    mountPath: /data2
 
 unifiNetwork:
   enableWebHttp: true

library/ix-dev/community/unifi-controller/ci/hostNet-values.yaml

@@ -1,7 +1,6 @@
 unifiStorage:
   data:
-    type: hostPath
-    hostPath: /mnt/{{ .Release.Namespace }}/data
+    type: pvc
 
 unifiNetwork:
   hostNetwork: true

library/ix-dev/community/unifi-controller/ci/https-values.yaml

@@ -1,7 +1,6 @@
 unifiStorage:
   data:
-    type: hostPath
-    hostPath: /mnt/{{ .Release.Namespace }}/data
+    type: pvc
 
 unifiNetwork:
   certificateID: 1

library/ix-dev/community/unifi-controller/templates/_persistence.tpl

@@ -8,11 +8,27 @@ persistence:
     targetSelector:
       unifi:
         unifi:
-          mountPath: /unifi
+          mountPath: /usr/lib/unifi/data
         01-permissions:
           mountPath: /mnt/directories/unifi
-        02-certs:
-          mountPath: /unifi
+        02-migrate:
+          mountPath: /usr/lib/unifi/data
+  cert:
+    # Mounted secrets are combined
+    # into a java keystore at startup
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      unifi:
+        unifi:
+          mountPath: /usr/lib/unifi/cert
+  logs:
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      unifi:
+        unifi:
+          mountPath: /usr/lib/unifi/logs
   tmp:
     enabled: true
     type: emptyDir
@@ -49,22 +65,28 @@ persistence:
   {{- end -}}
 
   {{- if .Values.unifiNetwork.certificateID }}
-  cert:
+  cert-private:
     enabled: true
     type: secret
     objectName: unifi-cert
     defaultMode: "0600"
-    items:
-      - key: tls.key
-        path: private.key
-      - key: tls.crt
-        path: public.crt
     targetSelector:
       unifi:
-        02-certs:
-          mountPath: /ix/cert
+        unifi:
+          mountPath: /usr/lib/unifi/cert/privkey.pem
+          subPath: tls.key
+          readOnly: true
+  cert-public:
+    enabled: true
+    type: secret
+    objectName: unifi-cert
+    defaultMode: "0600"
+    targetSelector:
+      unifi:
+        unifi:
+          mountPath: /usr/lib/unifi/cert/cert.pem
+          subPath: tls.crt
           readOnly: true
-
 scaleCertificate:
   unifi-cert:
     enabled: true

library/ix-dev/community/unifi-controller/templates/_unifi.tpl

@@ -16,16 +16,13 @@ workload:
             runAsGroup: 999
             readOnlyRootFilesystem: false
           env:
-            UNIFI_STDOUT: true
+            DB_MONGO_LOCAL: true
+            RUN_CHOWN: false
+            RUNAS_UID0: false
             UNIFI_HTTP_PORT: {{ .Values.unifiNetwork.webHttpPort }}
             UNIFI_HTTPS_PORT: {{ .Values.unifiNetwork.webHttpsPort }}
             PORTAL_HTTP_PORT: {{ .Values.unifiNetwork.portalHttpPort }}
             PORTAL_HTTPS_PORT: {{ .Values.unifiNetwork.portalHttpsPort }}
-            {{- if .Values.unifiNetwork.certificateID }}
-            CERTNAME: cert.pem
-            CERT_PRIVATE_NAME: privkey.pem
-            CERT_IS_CHAIN: true
-            {{- end }}
           {{ with .Values.unifiConfig.additionalEnvs }}
           envList:
             {{ range $env := . }}
@@ -52,11 +49,20 @@ workload:
                                                         "GID" 999
                                                         "mode" "check"
                                                         "type" "init") | nindent 8 }}
-      {{- if .Values.unifiNetwork.certificateID }}
-        # Unifi chowns the files on startup, and if we mount them directly
-        # from the secret, it will fail to start. So we make copy.
-        02-certs:
-          enabled: true
+        {{- $migrate := false -}}
+        {{- if (hasKey .Values.global "ixChartContext") -}}
+          {{- if (hasKey .Values.global.ixChartContext "upgradeMetadata") -}}
+            {{- with .Values.global.ixChartContext.upgradeMetadata -}}
+              {{- $ver := semver (.oldChartVersion | default "0.0.0") -}}
+              {{/* Enable migrate script if old version is below 1.2.x */}}
+              {{- if and (eq $ver.Major 1) (lt $ver.Minor 2) -}}
+                {{- $migrate = true -}}
+              {{- end -}}
+            {{- end -}}
+          {{- end -}}
+        {{- end }}
+        02-migrate:
+          enabled: {{ $migrate }}
           type: init
           imageSelector: image
           securityContext:
@@ -64,15 +70,24 @@ workload:
             runAsGroup: 999
             readOnlyRootFilesystem: false
           command:
-            - /bin/sh
-            - -c
+            - /bin/bash
           args:
+            - -c
             - |
-              certdir=/unifi/cert
-              echo "Copying certificates to $certdir"
-              mkdir -p $certdir
-              cp --force --verbose /ix/cert/private.key $certdir/privkey.pem
-              cp --force --verbose /ix/cert/public.crt $certdir/cert.pem
-              cp --force --verbose /ix/cert/public.crt $certdir/chain.pem
-      {{- end -}}
+              newdatadir="/usr/lib/unifi/data"
+              olddatadir="/usr/lib/unifi/data/data"
+              # Check the dir exists
+              [ ! -d "$newdatadir" ] && echo "$newdatadir missing" && exit 1
+              # Check if there is a data/data dir to migrate
+              [ ! -d "$olddatadir" ] && echo "No $olddatadir dir found. Migration skipped" && exit 0
+
+              # Check if the new data dir is empty, ignoring the old data dir
+              dirs=$(ls -A "$newdatadir" | grep -v "data")
+              if [ -n "$dirs" ]; then
+                echo "New data dir is empty. Migrating data one level up"
+                mv $olddatadir/* $newdatadir || echo "Failed to move data" && exit 1
+                # Remove the data/data dir
+                rm -rf $olddatadir
+                echo "Data migration complete"
+              fi
 {{- end -}}

library/ix-dev/community/unifi-controller/upgrade_strategy

@@ -6,12 +6,12 @@ import sys
 from catalog_update.upgrade_strategy import semantic_versioning
 
 
-RE_STABLE_VERSION = re.compile(r'v\d+\.\d+\.\d+')
+RE_STABLE_VERSION = re.compile(r'\d+\.\d+\.\d+')
 
 
 def newer_mapping(image_tags):
     key = list(image_tags.keys())[0]
-    tags = {t.strip('v'): t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)}
+    tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)}
     version = semantic_versioning(list(tags))
     if not version:
         return {}

library/ix-dev/community/unifi-controller/values.yaml

@@ -1,7 +1,7 @@
 image:
-  repository: jacobalberty/unifi
+  repository: goofball222/unifi
   pullPolicy: IfNotPresent
-  tag: v7.5.176
+  tag: 7.5.187
 
 resources:
   limits: