Problem deploying on UDM SE about ubios-cert HOT 10 CLOSED

Hi @llaforest

disclaimer first: I do not have a UDM SE so cannot verify anything, and you seem to well understand the differences between the UDM (Basic and Pro) and the UDM SE firmware differences, with the UDM SE running UniFiOS on the "bare metal", not via podman.

On boostchicken's repository I find this explanation on how to get Podman going on a UDM-SE.

Does that maybe help?

And yes, running acme.sh directly from filesystem could be a feasible way, too. I have not tried it. There may be some commands / components not available on a bare-bone UDM (Pro or SE), which are part of the acme.sh container.

Latest when Ubiquiti switches to V2.x for the UDM(P), this will have to be investigated more deeply, so looking forward to your experience with that.

Regards Alex

from ubios-cert.

Hello @alxwolf, thanks for the reply. I continued to investigate and created my own fork (https://github.com/llaforest/ubios-cert). It's not yet complete but almost working on UDM SE. I will test it right after on a UDM Pro. Then we can discuss, review and maybe we merge if you feel it goes your way.
From what I understand, it would not be easy to persist a firmware update with podman as it gets removed. So this is why I moved away from it instead of fighting to get it installed.

from ubios-cert.

Just had a quick glimpse at it and it already looks pretty good @llaforest!

Would be a huge step forward anticipating the move from 1.x to 2.x for the "older" units, Thank You!

from ubios-cert.

You can look at my repo, I would suggest you also try it if you have some time.
I ran it on my UDM SE and on a UDM Pro using the README and both passed.

from ubios-cert.

You can look at my repo, I would suggest you also try it if you have some time.

Doing that right now, pulled your fork in the baremetal branch here.

Love this part: sed -i 's#/mnt/data#/data#g' "${SCRIPT_DIR}/ubios-cert/ubios-cert.env" "${SCRIPT_DIR}/ubios-cert/ubios-cert.sh" "${SCRIPT_DIR}/ubios-cert/on_boot.d/99-ubios-cert.sh"

from ubios-cert.

Great! It looks good. I saw you even merged baremetal at his time! I will give it a try on my UDM-SE and UDM-Pro of my niece. Will let you know.

from ubios-cert.

OK, next step then is to get of podman completely as acme.sh seems to run also fine on V1.x.

Created a branch native_acmefor that.

from ubios-cert.

I don't get it, podman is out completely, no? The only place it's found is when updating guest portal as it needs to be done inside a container running on UDM-Pro...

from ubios-cert.

Of course, you're right. Disregard... and there we need to call podman as the certs are stored under /data/unifi-core/config (with /data being a symbolic link to /mnt/data/unifi-os on the UDM/P), but the key store is part of the container's volume...

Removed the branch, seems like we're done! The acme.sh podman container is gone... Thanks.

from ubios-cert.

Yeah we're good! Issue can be closed.

from ubios-cert.