sync: auto-sync from GURU-5070 at 2026-06-26 06:29:48

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-26 06:29:48
This commit is contained in:
2026-06-26 06:30:46 -07:00
parent a0b2cfbee1
commit 6d65bff791
4 changed files with 241 additions and 5 deletions

View File

@@ -2,10 +2,11 @@
type: system
name: uos-server
display_name: UOS Server (UniFi OS Server)
last_compiled: 2026-06-21
compiled_by: HOWARD-HOME/claude-main
last_compiled: 2026-06-26
compiled_by: GURU-5070/claude-main
sources:
- session-logs/2026-06/2026-06-21-howard-unifi-pfsense-control-verbs.md
- 2026-06-26 Rocky 9.1->9.8 host OS patch (mike)
backlinks:
- systems/jupiter
- systems/pfsense
@@ -23,7 +24,7 @@ backlinks:
## What / where it is
- **Guest:** Rocky Linux 9.1, hostname-internal "UOS Server". Guest IP **`172.16.3.29`** (ACG internal LAN).
- **Guest:** Rocky Linux **9.8** (kernel `5.14.0-687.17.1.el9_8`; last patched 2026-06-26), hostname-internal "UOS Server". Guest IP **`172.16.3.29`** (ACG internal LAN).
- **Hypervisor:** Jupiter (`172.16.3.20`, Unraid) — virsh domain **`Unifi`** (id 1). `virsh list` to confirm running.
- **App stack (inside guest):** UniFi Network = `ace.jar` (Java) + classic **MongoDB `ace`** on `127.0.0.1:27117`, plus `unifi-core` (Postgres) for UniFi-OS identity/integration. All of it runs **inside a rootless podman container `uosserver`** (host user `uosserver`, uid 1000) — so the app files and mongo are NOT on the guest rootfs.
- **ui.com cloud:** host id `2d6b654d-9b79-4eaa-b2e1-52062a5690ef` in the Site Manager account.
@@ -85,6 +86,30 @@ There is **no mongo client on the guest host**; the shell is `/usr/bin/mongo` *i
- **`rogue`** — neighbor/over-the-air BSSIDs seen by APs. **Not ACG gear** — a MAC hit here is someone else's WiFi, ignore it for device hunts.
- **Pending/unadopted devices:** the controller only persists a discovered device into `device` with `adopted:false`. If `db.device.count({adopted:false})` is `0`, there are **no** pending devices controller-wide — an "unadopted" device that returns nothing here simply has not reached this controller (not on a network it can discover, or managed by a different console). The cloud API and integration API show adopted gear only, so they cannot find it either; locating it then needs L2/DHCP/ARP on the gateway of the site it is physically cabled to.
## Host OS maintenance (Rocky)
The UniFi app self-updates (the `uosserver-updater.service` rebuilds the rootless podman
container; UOS Server **5.1.19** / Network **10.4.57** as of 2026-06-26). The **host OS is
NOT auto-patched** — it must be updated manually over SSH. The two layers are independent:
patching the host does not touch the container/UniFi data (named podman volumes persist).
**Procedure** (root via the fleet SSH key):
```bash
ssh -i <key> root@172.16.3.29 'dnf -y update' # ~few min; kernel updates need a reboot
ssh -i <key> root@172.16.3.29 'systemctl reboot' # controller drops briefly; APs keep serving WiFi
# verify after ~3-4 min:
ssh -i <key> root@172.16.3.29 'uosserver status' # container Up (healthy)
ssh -i <key> root@172.16.3.29 'curl -sk -o /dev/null -w "%{http_code}\n" https://127.0.0.1:11443/' # 200
```
- **Safety net:** daily UniFi auto-backups live at
`~uosserver/.local/share/containers/storage/volumes/uosserver_var_lib_unifi/_data/backup/autobackup/`
(newest `autobackup_<ver>_<date>.unf`) — survives the OS update. For the OS layer itself,
a virsh snapshot of the **"Unifi"** VM on [[jupiter]] is the rollback point (optional).
- **Reboot impact:** only central management/stats drop while the VM reboots (~30-60s back to
SSH, ~3-4 min to container healthy); APs/switches keep forwarding traffic the whole time.
- **History:** 2026-06-26 — Rocky **9.1 -> 9.8** (362 pkgs, kernel `162.6.1.el9_1` ->
`687.17.1.el9_8`, full security backlog cleared); clean reboot, controller back healthy.
## Related tooling — pfSense gateway layer (works together)
This UOS controller and the **pfSense gateway tooling** are the two halves of the **`unifi-wifi`