We’re almost at the fun part of my project, but first I’m going to take another detour to show how to install the Ubiquiti UniFi Controller software onto my main Centos file/utility server.
Update 10/14/18: Don’t do this. Bad idea. I do over why in a later post.
I’m going to explain this in a bit of detail. I remember when I started out with Linux (Solaris, actually) and it was so obscure that I found it frustrating. So I’ll try and explain each step.
How Unifi Works
While you can use the Unifi Access points and equipment by themselves, they are meant to be used in managed system, driven by central controller software. You can buy this as a little dongle, or you can install the software yourself. I am a sucker for the latter.
Where I’m Putting the Controller
I have only two servers. One is a pfSense server that is my router, firewall, and external barrier, and one all-purpose Centos server that handles all the rest. It’s just a regular bare-metal Centos 7 server that started out as a minimal install (might have been Centos 5?) and has since been upgraded and has accumulated the mess that a general purpose Linux server gets.
For those not intimately familiar with Linux, there are many different packages of the main software, called distributions. Long ago, there was just one called Red Hat Linux. Over time it split into a desktop version (Fedora) and a server version (Red Hat Enterprise Linux (RHEL)). RHEL is a paid software with support, but since it’s open-source, there is a free version, called Centos. Also, there is now a server version of Fedora called Fedora Server.
Everything in open-source is like this. It’s wonderful and vibrant, but there is no ‘elevator speech’ for explaining what you are using. With Windows, someone might say: ‘What is your server using?” and you say ‘Windows.’, or, maybe, ‘An old version of Windows that I have not upgraded.’ Every conversation about Linux starts with “Well, fifteen years ago I made a critical life choice about software, and now I am emotionally wedded to a group of strangers who put it together and disbanded leaving me alone with the consequences.”
Also, I used to have a VMWa host, but I no longer do, and I don’t feel like using docker or a new container-style solution.
Let’s Install!
This will be a dive into linux land:
First. Log in.
login as: bgh
bgh@helix's password:
Then:
sudo bash
Yes, I do this. It’s bad, but not as bad as logging in as an admin user. Seriously people, disable your root users. For laypeople, sudo is short for ‘superuser do’ which lets you elevate your rights to run a program just for that task. And it logs all you do. Bash is the ‘shell’, or the black box with typing in it. When you do ‘sudo bash’, it’s starting an admin shell. It’s convenient, but all you do is NOT logged, so it’s not appropriate for a production environment. The alternative is prefixing every command with sudo, and I’m a poor typist.
The software is available at:
Instructions are provided. There are three steps:
yum install http://dl.marmotte.net/rpms/redhat/el7/x86_64/unifi-controller-5.8.24-1.el7/unifi-controller-5.8.24-1.el7.x86_64.rpm
Yum, which I thought meant nothing, but actually means ‘Yellowdog Updater, Modified‘, and I wish I hadn’t looked that up, is a tool for getting software on some (but not all) Linux Distributions.
systemctl enable unifi.service
systemctl start unifi.service
systemctl is a new way of turning services on and off. There are several others, and if you read the internet, you will know that people really, really disagree about it.
That was surprisingly easy for Linux. Now the service is started. Let’s check:
ps -ef | grep UniFi
ps tells you what processes are running, and grep is a filter program. basically, this means: list running processes, but only find ones that have ‘UniFi’ in the name.
Nothing.
Let’s try again (you can run this over and over)
systemctl start unifi.service
Again, nothing.
Troubleshooting Ubiquiti Unifi Controller Startup
Now for the most useful Linux command ever:
tail /var/log/messages
tail will display the end of a file, and ‘/var/log/messages’ is where the system logs go (again, on some, but not all, Linux Distros). This shows:
This was my first insight into the software, and shows my problem. First, you can see it’s written in Java on line 3, and also on line 3 you can see that it cannot use port 8080 because something else is. That is news to me.
Now to find out what program is using that port:
netstat -ap | grep LISTEN
The command I ran runs netstat, which tells you about the what ports of your network are in use (and other stuff) and with the -ap arguments, it will tell you what program is using it. The ‘grep LISTEN” filters for things that are listening, like services. And lo and behold, there is already a java service using that port.
ps -ef | grep java
This command reminds me what it is. It’s a philips hue light emulator that makes my amazon echo able to see what it thinks are Phillips Hue lights but are actually connected to http calls. It’s how Alexa controls my Insteon lights.
My funny anecdote here is that my son went to visit my brother a while ago, and when he went into their house, said “Alexa, turn on the Downstairs lights”, and nothing happened. He then asked his uncle, “How do you turn your lights on?”.
Anyhow, that java service was using port 8080, and after a bit of messing around, I found that I could just add
--server.port=8081
to the end of the java startup command, so it looks like this:
java -jar -Djava.net.preferIPv4Stack=true amazon-echo-bridge-0.1.3.jar --upnp.config.address=192.168.1.233 --server.port=8081 &
Now:
systemctl start unifi.service
and the service starts.
Firewall
Now, I can’t access it yet, since I run a firewall on this server (you should too), so I have to look up what ports to allow, which is handily available via google.
I edit the firewall definition directly, but I’m pretty sure there are better commands for it. I like to browse the file and see it all at once, though:
vi /etc/sysconfig/iptables
vi is an old editor. It’s an acquired taste. Once you add in the rules (this is one where you should look up how to do it. I won’t bore you with it) you’re ready.
systemctl restart iptables
will restart your firewall, and you are in business:
navigate to your computer at: https://<your name or ip address:8443
and you will see:
There is an initial setup step to set up the controller that I glossed over, when you set up your username and password, etc, but once it’s up, it works.
What I’m listening to as I do this:
Amon Amarth’s ‘Fate Of Norns’. AA is a viking metal band from Scandanavia, and their name is from Tolkien, so it’s ticks all the boxes. I saw them live a few times and the 930 club and it was epic. Their songs are about getting in the longboats and pillaging.