Skip to content

Instantly share code, notes, and snippets.

@rkage

rkage/unifi-controller-azure.md

Last active September 5, 2017 21:06
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rkage/eebcd3fa70b189699f4ef0712ad2febb to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rkage/eebcd3fa70b189699f4ef0712ad2febb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
unifi-controller-azure.md

Launching an Azure VM for your Controller

Log in to your Azure Subscription using az login command. Follow the onscreen instructions

$ az login
To sign in, use a web browser to open the page https://aka.ms/devicelogin and enter the code <random code> to authenticate.

We'll need to create a resource group for the UniFi Controller which I named Unifi-Controller-RG in the canadacentral region.

$ az group create --name UniFi-Controller-RG --location canadacentral
Location       Name
-------------  -------------------
canadacentral  UniFi-Controller-RG

Create a VM using az vm create, specifying the UniFi-Controller-RG resource group. I've opted to use --generate-ssh-keys to create new keypair if an RSA key does not already exist in .ssh directory, you can specify your own keys by using --ssh-key-value

$ az vm create --resource-group UniFi-Controller-RG --name unifi-controller --image UbuntuLTS --admin-username unifiuser --storage-sku Standard_LRS --size Standard_A1_v2 --generate-ssh-keys

Note: I've opted to use HDD rather than SDD disks by specifying --storage-sku Standard_LRS if you wish to use SDD, remove the parameter from the above command.

Once the VM is created the Azure CLI will provide information similar to the following.

Location       MacAddress         PowerState    PrivateIpAddress    PublicIpAddress    ResourceGroup
-------------  -----------------  ------------  ------------------  -----------------  -------------------
CanadaCentral  00-0D-3A-F3-4F-53  VM running    <internal ip>       <public ip>        UniFi-Controller-RG

Now you can connect to the VM using ssh unifiuser@<public ip>

$ ssh unifiuser@<public ip>
The authenticity of host '<public ip> (<public ip>)' can't be established.
ED25519 key fingerprint is 9e:e8:a1:13:d3:e9:29:76:e9:89:25:d0:dd:4d:8f:38.
Are you sure you want to continue connecting (yes/no)? yes
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-66-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.


Last login: Sat Mar 11 21:01:44 2017 from XX
unifiuser@unifi-controller:~$

Updating the Linux VM and Installing UniFi Controller

Before we continue, should probably update the software packages installed on the VM by using apt

$ sudo apt update && sudo apt upgrade -y

Ubiquity has recommended using Oracle JRE 8 for the controller, by default Ubuntu installs OpenJDK, we'll need to add the appropriate APT repository to install the Oracle JRE.

$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt update
$ sudo apt install -y oracle-java8-installer

Now we can add the UniFi APT repository and the GPG key.

$ echo "deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti" | sudo tee /etc/apt/sources.list.d/ubnt.list
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50

Update the repository information and install unifi controller

$ sudo apt update
$ sudo apt install -y unifi

At this point we're nearly done, however if you check the status of the unifi controller you may find that it's in a failed state with no java processes.

$ systemctl status unifi
● unifi.service - unifi
   Loaded: loaded (/lib/systemd/system/unifi.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sat 2017-03-11 22:06:44 UTC; 21s ago

Mar 11 22:06:42 unifi-controller systemd[1]: Starting unifi...
Mar 11 22:06:43 unifi-controller unifi.init[4924]:  * Starting Ubiquiti UniFi Controller unifi
Mar 11 22:06:43 unifi-controller unifi.init[4924]: Cannot locate Java Home
Mar 11 22:06:44 unifi-controller unifi.init[4924]:    ...fail!
Mar 11 22:06:44 unifi-controller systemd[1]: Started unifi.

This is becuase the scripts have not yet been updated to detect where Oracle JRE is, we fix this by specifying JAVA_HOME.

$ echo "JAVA_HOME=/usr/lib/jvm/java-8-oracle" | sudo tee /etc/default/unifi

We can now clear the failed systemd state and start unifi once again.

$ sudo systemctl stop unifi
$ sudo systemctl reset-failed
$ sudo systemctl start unifi
$ systemctl status unifi
● unifi.service - unifi
   Loaded: loaded (/lib/systemd/system/unifi.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2017-03-11 22:11:36 UTC; 5s ago
  Process: 5138 ExecStop=/usr/lib/unifi/bin/unifi.init stop (code=exited, status=0/SUCCESS)
  Process: 5161 ExecStart=/usr/lib/unifi/bin/unifi.init start (code=exited, status=0/SUCCESS)
 Main PID: 5180 (jsvc)
    Tasks: 24
   Memory: 95.5M
      CPU: 4.002s
   CGroup: /system.slice/unifi.service
           ├─5180 unifi -home /usr/lib/jvm/java-8-oracle -cp /usr/share/java/commons-daemon.jar:/usr/lib/
           ├─5182 unifi -home /usr/lib/jvm/java-8-oracle -cp /usr/share/java/commons-daemon.jar:/usr/lib/
           ├─5183 unifi -home /usr/lib/jvm/java-8-oracle -cp /usr/share/java/commons-daemon.jar:/usr/lib/
           └─5197 /usr/lib/jvm/java-8-oracle/jre/bin/java -Xmx1024M -XX:ErrorFile=/usr/lib/unifi/data/log

Mar 11 22:11:34 unifi-controller systemd[1]: Starting unifi...
Mar 11 22:11:34 unifi-controller unifi.init[5161]:  * Starting Ubiquiti UniFi Controller unifi
Mar 11 22:11:36 unifi-controller unifi.init[5161]:    ...done.
Mar 11 22:11:36 unifi-controller systemd[1]: Started unifi.

At this point we're technically up and running, however there are still some configuration of the Azure Network Security Group to permit the necessary ports access to the VM so you can connect to and configure the UniFi Controller. You can log out of the VM for now.

$ exit
logout
Shared connection to <public ip> closed. 
$

Configuring Azure NSG for remote connectivity

Ubiquity recommends the following network ports to be opened

  • port 8080 - inform port, very important
  • port 8443 - controller GUI / API, as seen in web browser
  • port 8880 - port for HTTP portal redirect
  • port 8843 - port for HTTPS portal redirect

If you're not going to be running a Guest Portal it's not necessary to configure the last 2 ports.

From the Azure CLI issue the following commands to configure the necessary NSG rules.

$  az vm open-port --name unifi-controller --resource-group UniFi-Controller-RG --priority 100 --port 8443
$  az vm open-port --name unifi-controller --resource-group UniFi-Controller-RG --priority 101 --port 8080
$  az vm open-port --name unifi-controller --resource-group UniFi-Controller-RG --priority 102 --port 8880
$  az vm open-port --name unifi-controller --resource-group UniFi-Controller-RG --priority 103 --port 8843

Once the commands return something similar to the following

Location       MacAddress         Name                   Primary    ProvisioningState    ResourceGroup
 ResourceGuid
-------------  -----------------  ---------------------  ---------  -------------------  -------------------  ------------------------------------
canadacentral  00-0D-3A-F3-4F-53  unifi-controllerVMNic  True       Succeeded            UniFi-Controller-RG  eacfc842-c6f0-479b-8097-7b90bf16bb67

you're done and can login to the UI by opening your browser and going to http://<public:ip>:8443

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment