Reply
New Member
Posts: 3
Registered: ‎02-17-2016
Kudos: 4

Re: Unifi Controller on Debian 9


@sleither wrote:

I did and now getting a UniFi Setup Wizard on my localhost:8443/.  Tried to restor from backup, but cannot find it or states I do not have permission even though I have root access......

 

Capture.PNG


Use the same user you used when you set up Unifi on the host system. To get the correct system rights you have to use 'sudo'. If you login as 'root' you will get other home directory, etc.
It looks like you have started a new instance of Unifi as 'root' and not as your normal Unifi user. So log in as 'root' to the Unifi host system and issue: systemctl stop unifi. Login to the host system as when you setup unifi and issue my above solution using 'sudo' to get the proper rights.

Hope this helps...

Ubiquiti Employee
Posts: 9,533
Registered: ‎01-28-2013
Kudos: 16731
Solutions: 608
Contributions: 20

Re: Unifi Controller on Debian 9


@dac1319 wrote:

@UBNT-MikeD

Regarding the workaround post for this issue: https://community.ubnt.com/t5/UniFi-Wireless/IMPORTANT-Debian-Ubuntu-users-MUST-READ-Updated-06-21/t...

 

Will this change need to be reverted when a kernel fix is implemented?

 

If so, can UBNT provide remediation steps as a follow up to the post linked above?

 

Thanks,

 

Andy


@dac1319 Hi Andy,

 

Yes it would be best to revert afterwards. Really it depends. If that is the only line in the default file, then you just remove the default file. If there are other lines, then you'd have to remove that line. 

 

I will update the sticky posts to mention this.

 

Cheers,

Mike

New Member
Posts: 43
Registered: ‎01-10-2017
Kudos: 13

Re: Unifi Controller on Debian 9

I was able to get mine to work, basically rebuilt Ubuntu 16 LTS from scrath, install latest unifi 5.4.16, apply workaround given here, and I'm back.

New Member
Posts: 22
Registered: ‎03-12-2017
Kudos: 7

Re: Unifi Controller on Debian 9


@FlaTech wrote:

I was able to get mine to work, basically rebuilt Ubuntu 16 LTS from scrath, install latest unifi 5.4.16, apply workaround given here, and I'm back.


I did the same.  Built an entirely fresh VM with 5.4.16 and adopted all my UniFi devices over.

 

Frustratingly, I have to leave the wounded VM running as the UniFi NVR is on there until I get time to build it on the new one.

New Member
Posts: 13
Registered: ‎08-16-2016

Re: Unifi Controller on Debian 9

I'd just like to throw in a thank you. Although this is a different product, we still have some 'customers' here using CF9 (completely unsupported and want them off, working on that) on Red Hat 6. 

 

The JRun engine behind it was hitting the same crashing senario and the -Xss1280K resolve that as well. CF11 wtih Tomcat on the backend didn't hit the issue.

New Member
Posts: 17
Registered: ‎02-16-2017
Kudos: 5

Re: Unifi Controller on Debian 9

[ Edited ]
sudo sed -i -e 's/^JSVC_EXTRA_OPTS=$/JSVC_EXTRA_OPTS="-Xss2m"/' /usr/lib/unifi/bin/unifi.init

This worked for me on Ubuntu 16.10 with latest updates as of an hour ago. Using 1280k wasn't enough memory.

New Member
Posts: 10
Registered: ‎05-20-2014

Re: Unifi Controller on Debian 9

[ Edited ]

Hey all,

  I'd like to start of saying I am an AV installer first and a hack IT installer second.  Have had my unifi server running nicely until this recent bug.  Have attempted to follow the instructions.  It appears that I forgot(didn't know) to close my putty after the code so it got some extra lines of code including my garish typos.

 

 

So I ran cat /etc/default/unifi:

 

Here is what I got:

 

catrun.png

 

Rebooted Server and still no access.

 

Ran service status check and got the following:

unifistatus.png

 

Any suggestions?  Thank you.  Running Ubuntu 16.04.1 LTS

New Member
Posts: 38
Registered: ‎06-23-2016
Kudos: 13
Solutions: 1

Re: Unifi Controller on Debian 9

@BooyahBen

 

The easiest might be for you to remove /etc/default/unifi and start again:

 

sudo rm /etc/default/unifi

Then enter the command @UBNT-MikeD recommended:

 

echo "JSVC_EXTRA_OPTS=\"\$JSVC_EXTRA_OPTS -Xss1280k\"" | sudo tee -a /etc/default/unifi

Then reboot your system.

 

Sam

Regular Member
Posts: 517
Registered: ‎03-15-2015
Kudos: 135
Solutions: 4

Re: Unifi Controller on Debian 9

Can people simply hold off from running sudo apt-get update and sudo apt-get upgrade until the kernel is updated?

 

Is it safe to say they wait a month and don't touch their Ubuntu install, things will be good again?

 

This is going to burn a lot of unknowing people and cost them time and money.

New Member
Posts: 10
Registered: ‎05-20-2014

Re: Unifi Controller on Debian 9

@Sam99  Thank you for the suggestions.

 

I performed the remove directory and then ran the hotfix suggestion.  Still no luck.

 

Here is my /cat results

unificat2.png

 

It looks like I did things correctly.

 

And below is my service unifi status results.

unifi2.png

Which appears to be working.

 

Any suggestions would be exceptionally helpful!  Thank you.

New Member
Posts: 11
Registered: ‎12-07-2016
Kudos: 7

Re: Unifi Controller on Debian 9

@BooyahBen

 

I ran into an issue like you are experiencing. The service showed as running but the controller was not accessible.  By default on Ubuntu the Unifi controller starts slowly after a reboot, but you can fix this by installing haveged.

 

sudo apt-get update

sudo apt-get install haveged

 

Reboot after installing and you should be back in business.

 

Source:

https://community.ubnt.com/t5/UniFi-Wireless/Ubuntu-14-04-x64-Unifi-4-6-6-very-slow-start-up/td-p/13...

Emerging Member
Posts: 64
Registered: ‎02-09-2015
Kudos: 12

Re: Unifi Controller on Debian 9

@Ambul yes, you can place an apt-mark hold on the packages that are to get updated (specifically kernel and headers.)

 

The general advice is though that you want to update the kernel to be on top of security updates. I think your decision should rest on where your server resides. If it is local with no outside access then you can probably afford to wait on the update.


If you are like me and the server is in the cloud, then I would advise to upgrade and then issue the prescribed fix. 

New Member
Posts: 38
Registered: ‎06-23-2016
Kudos: 13
Solutions: 1

Re: Unifi Controller on Debian 9

Hi @BooyahBen

 

Take a look at some of the comments above; other users were having trouble with the 1280K value not being high enough.  Try implementing their solutions first.

 

The suggestion by @sgtpoliteness to wait a while after a reboot to see if you can connect and/or installing haveged is good.  Haveged is useful for other reasons apart from UniFi.

 

(I compared the service status output in your comment to that from one of our UniFi servers and ours has an additional line under CGroup that yours is missing:

 

└─2008 bin/mongod --dbpath /usr/lib/unifi/data/db --port 27117 --logappend --logpath logs/mongod.log --nohttpinterface --bind_ip 127.0.0.1

 

So this could be a symptom of the 1280K issue, or the timing issue, or you might have a Mongo database problem.)

 

If none of this works, you could try deleting /etc/default/unifi and reverting to an earlier kernel.  See my comment earlier in this thread for instructions.

 

(That's just a temporary bypass to see if you can get things working again until a patched kernel is available; you don't want to remain on the older kernel forever.)

 

Emerging Member
Posts: 64
Registered: ‎02-09-2015
Kudos: 12

Re: Unifi Controller on Debian 9

I see new kernel updates today for Debian 7. Has anyone tested these out?

Emerging Member
Posts: 64
Registered: ‎02-09-2015
Kudos: 12

Re: Unifi Controller on Debian 9

[ Edited ]

I am going to answer my own question here...

 

According to https://tracker.debian.org/pkg/linux :

 

Debian 7: 

linux (3.2.89-2) wheezy-security; urgency=high
 .
   * Revert previous fixes for CVE-2017-1000364 (Closes: #865303)

 

This is the only kernel that I see (for any dist) thus far to have reverted the fix.

 

*UPDATE*

I can confirm, that for Debian 7 users, that the 3.2.89-2 kernel has fixed the issue and that the /etc/default/unifi file is no longer required.

 

New Member
Posts: 22
Registered: ‎11-02-2016
Kudos: 9

Re: Unifi Controller on Debian 9

An update from the security mailing list as well:

 

Debian Security Advisory DSA-3886-2                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 27, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
Debian Bug     : 865303

The security update announced as DSA-3886-1 caused regressions for some
applications using Java - including jsvc, LibreOffice and Scilab - due
to the fix for CVE-2017-1000364. Updated packages are now available to
correct this issue.
Emerging Member
Posts: 60
Registered: ‎01-01-2016
Kudos: 34
Solutions: 3

Re: Unifi Controller on Debian 9

[ Edited ]

Debian 9 got a deb9u2 kernel update today. This is now a non issue for stretch users.

Established Member
Posts: 2,254
Registered: ‎04-26-2014
Kudos: 1007
Solutions: 26

Re: Unifi Controller on Debian 9

I'm seeing the samething here Debian 9 is fixed. I'm still waiting for my Ubunutu to update.

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudos to the people who have helped you out!
Member
Posts: 162
Registered: ‎04-14-2016
Kudos: 118

Re: Unifi Controller on Debian 9

According to the CVE

 An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).


So install 4.11.6 from the unbuntu or debian repos... they are there...

http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.7/

For instance on an x64 system, you'd do..

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.7/linux-headers-4.11.7-041107_4.11.7-041107.201706240231_all.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.7/linux-headers-4.11.7-041107-generic_4.11.7-041107.201706240231_amd64.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.7/linux-headers-4.11.7-041107-lowlatency_4.11.7-041107.201706240231_amd64.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.7/linux-image-4.11.7-041107-generic_4.11.7-041107.201706240231_amd64.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.11.7/linux-image-4.11.7-041107-lowlatency_4.11.7-041107.201706240231_amd64.deb

sudo dpkg -i linux-headers-4.11* linux-image-4.11*
-OnTheGrind
Emerging Member
Posts: 60
Registered: ‎01-01-2016
Kudos: 34
Solutions: 3

Re: Unifi Controller on Debian 9

@OnTheGrind The kernel package they released a while back that introduced the fix addressing the CVE caused regressions in several software packages, per the bug notes a few posts up. Have you successfully run the UniFi controller on 4.11.7? I don't recall if any of the other participants in this discussion went there or not.

 

Anyhow, that might work for Ubuntu users, but Debian users at this point only need to perform a regular update (apt-get update && apt-get upgrade) to clear the issue because an appropriate fix has been loaded into the kernel package (4.9.x for Debian 9).  (You should not install Ubuntu packages on Debian. I realize you probably already know this, but I mention it for the benefit of those who find us after a panicked Google search...)

 

Here is the package info for the kernel version that fixes the issue on Stretch:

Package: linux-image-4.9.0-3-amd64
Version: 4.9.30-2+deb9u2
Priority: optional
Section: kernel
Source: linux
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Installed-Size: 190 MB
Depends: kmod, linux-base (>= 4.3~), initramfs-tools (>= 0.120+deb8u2) | linux-initramfs-tool
Recommends: firmware-linux-free, irqbalance
Suggests: linux-doc-4.9, debian-kernel-handbook, grub-pc | grub-efi-amd64 | extlinux
Breaks: initramfs-tools (<< 0.120+deb8u2), xserver-xorg-input-vmmouse (<< 1:13.0.99)
Homepage: https://www.kernel.org/
Download-Size: 38.7 MB
APT-Manual-Installed: no
APT-Sources: http://security.debian.org stretch/updates/main amd64 Packages
Description: Linux 4.9 for 64-bit PCs
 The Linux kernel 4.9 and modules for use on PCs with AMD64, Intel 64 or
 VIA Nano processors.
 .
 This kernel also runs on a Xen hypervisor.  It supports both privileged
 (dom0) and unprivileged (domU) operation.

 

Reply