Skip to content

Instantly share code, notes, and snippets.

@erikankrom

erikankrom/README.md

Forked from 0x1b-xyz/eap_proxy-udmpro-health.sh
Last active June 1, 2020 13:09
Show Gist options
  • Save erikankrom/c63f537a4f6492fac3871691240d957f to your computer and use it in GitHub Desktop.
Save erikankrom/c63f537a4f6492fac3871691240d957f to your computer and use it in GitHub Desktop.
Download ZIP
A script that manages the lifecycle of the eap_proxy-udmpro container on a UDM PRO between reboots or firmware updates. See https://github.com/pbrah/eap_proxy-udmpro for the upstream image.
Raw
README.md

This script is meant to be run from a secure host where you don't mind having your UDM root ssh password stored as cleartext. The script will build an image (lazily) on this secure host that contains an expect script that logs in to your UDM Pro and start (as needed) the pbrah/eap_proxy-udmpro:v1.1 image.

Env Default Desc
TARGET_HOST unifi UDM Pro IP or hostname
PASSWORD_FILE Required Clear text UDM Pro root password file
LOCAL_IMAGE_NAME eap_proxy-healthcheck Name of the image that is built on your secure host and executes the container with expect script against the UDM
UDM_CONTAINER_NAME eap_proxy-udmpro Name of the eap_proxy container that should be running on the UDM
EAP_PROXY_IMAGE pbrah/eap_proxy-udmpro:v1.1 Desired eap_proxy-udmpro Image

I've got this running as a scheduled task on my Synology NAS (with docker installed):

$ PASSWORD_FILE=/root/.udm_password /var/services/homes/admin/eap_proxy-udmpro-health.sh
Raw
eap_proxy-udmpro-health.sh
#!/bin/bash
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
TARGET_HOST="${TARGET_HOST:-"unifi"}"
PASSWORD_FILE="${PASSWORD_FILE:?"You must define PASSWORD_FILE"}"
EAP_PROXY_IMAGE="${EAP_PROXY_IMAGE:-"pbrah/eap_proxy-udmpro:v1.1"}"
LOCAL_IMAGE_NAME="${LOCAL_CONTAINER_NAME:-"eap_proxy-healthcheck"}"
UDM_CONTAINER_NAME="${UDM_CONTAINER_NAME:-"eap_proxy-udmpro"}"
if ! docker image inspect ${LOCAL_IMAGE_NAME} &>/dev/null; then
docker build -t ${LOCAL_IMAGE_NAME} - <<EOF
FROM alpine
RUN apk add --update expect \
&& apk add --update openssh \
&& apk add --update sshpass
RUN { \
echo "#!/usr/bin/expect -f"; \
echo "set timeout 120"; \
echo "spawn sshpass -f /password ssh -o StrictHostKeyChecking=no root@${TARGET_HOST}"; \
echo "expect \"# \""; \
echo "send -- \"podman container inspect ${UDM_CONTAINER_NAME} &>/dev/null && echo 0 || echo 1\r\""; \
echo "sleep 1"; \
echo "expect {"; \
echo " \"0\r\" { send \"podman start ${UDM_CONTAINER_NAME}\r\" }"; \
echo " \"1\r\" { send \"podman run --privileged --network=host --name=${UDM_CONTAINER_NAME} --log-driver=k8s-file --restart always -d -ti ${EAP_PROXY_IMAGE} --update-mongodb --ping-gateway --ignore-when-wan-up --ignore-start --ignore-logoff --set-mac eth8 eth9 &>/dev/null && echo 0 || echo 1\r\" }"; \
echo "}"; \
echo "sleep 1"; \
echo "expect -re \".*\r\""; \
echo "send -- \"exit\r\""; \
echo "expect eof"; \
} > /check.exp \
&& chmod 700 /check.exp
CMD /check.exp
EOF
fi
docker run --rm -v ${PASSWORD_FILE}:/password ${LOCAL_IMAGE_NAME}
@0x1b-xyz
Copy link

0x1b-xyz commented Jun 1, 2020

Thanks for your comment - I've updated to use HC_CONTAINER_NAME and UDM_CONTAINER_NAME in the source script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment