Created
January 16, 2019 06:23
-
-
Save luckman212/a9e21953b4fca2c5364f78fdce2b1284 to your computer and use it in GitHub Desktop.
Control script to enable/disable CDN firmware updates on Unifi controller (bash)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # must be run as root | |
| CDN_HOSTNAME=fw-update.ubnt.com | |
| FW_JSON=/var/lib/unifi/firmware.json | |
| FW_BASENAME=${FW_JSON%.json} | |
| TAB=$(printf '\t') | |
| function check_cdn() { | |
| if grep -Ec "^127.0.0.1[\ ${TAB}]+${CDN_HOSTNAME}$" /etc/hosts >/dev/null; then | |
| echo "disabled (custom mode)" | |
| echo "firmware can be manually specified in $FW_JSON" | |
| else | |
| echo "enabled (normal mode)" | |
| echo "the UBNT CDN enforces firmware versions" | |
| fi | |
| return | |
| } | |
| function disable_cdn() { | |
| echo "disabling CDN firmware updates" | |
| stop_unifi | |
| echo "blocking CDN via blackhole in /etc/hosts" | |
| add_etchosts_entry | |
| echo "restricting file permissions on $FW_JSON to prevent writes by controller" | |
| chown root:unifi $FW_JSON | |
| chmod 640 $FW_JSON | |
| echo "done!" | |
| echo | |
| echo "you can now edit ${FW_JSON}" | |
| echo "when ready, restart the controller with \`service unifi start\`" | |
| return | |
| } | |
| function enable_cdn() { | |
| echo "re-enabling CDN firmware updates" | |
| stop_unifi | |
| DTSTAMP=$(date '+%Y%m%d-%H%M') | |
| echo "saving backup copy of firmware JSON" | |
| cp "$FW_JSON" "${FW_BASENAME}.${DTSTAMP}.json" | |
| echo "removing blackhole entry in /etc/hosts" | |
| remove_etchosts_entry | |
| echo "relaxing file permissions on $FW_JSON to allow writes by controller" | |
| chown root:unifi $FW_JSON | |
| chmod 660 $FW_JSON | |
| start_unifi | |
| echo "done!" | |
| return | |
| } | |
| function add_etchosts_entry() { | |
| echo "127.0.0.1${TAB}${CDN_HOSTNAME}" >/tmp/hosts_tmp | |
| sed -re "/^127.0.0.1[\ \t]+${CDN_HOSTNAME}$/d" /etc/hosts >>/tmp/hosts_tmp | |
| mv -f /tmp/hosts_tmp /etc/hosts | |
| } | |
| function remove_etchosts_entry() { | |
| sed -re "/^127.0.0.1[\ \t]+${CDN_HOSTNAME}$/d" /etc/hosts >/tmp/hosts_tmp | |
| mv -f /tmp/hosts_tmp /etc/hosts | |
| } | |
| function start_unifi() { | |
| echo "starting Unifi service" | |
| service unifi start | |
| } | |
| function stop_unifi() { | |
| echo "stopping Unifi service" | |
| service unifi stop | |
| } | |
| case $1 in | |
| check) | |
| check_cdn | |
| exit | |
| ;; | |
| enable) | |
| enable_cdn | |
| exit | |
| ;; | |
| disable) | |
| disable_cdn | |
| exit | |
| ;; | |
| *) | |
| echo 'Usage: cdn_fw <command>' | |
| echo ' check check whether CDN is enabled or disabled' | |
| echo ' enable allow firmware updates from UBNT CDN' | |
| echo ' disable block firmware updates from CDN' | |
| exit | |
| ;; | |
| esac |
Another small trick I learned, if you aren't sure what internal "board ID" your hardware uses, SSH into the device and run
# grep board.shortname /etc/board.info
This will output something like
board.shortname=US24P250
That string is the HW ID you should use in your firmware.json file.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sample
/var/lib/unifi/firmware.jsonsnippet to illustrate how to specify the overrides