Running Unifi controller in podman container

I had the unifi controller running under debian, but finally re-softet my machine to run Centos-8 instead. Before doing that I made a backup of the Unifi controller.

After installing Centos-8 I tried setting up and running the unifi container from https://github.com/jdoss/unifi simply by running:

# dnf install podman git -y
# adduser -r -s /sbin/nologin -d /opt/unifi -u 271 -U unifi
# mkdir -p /opt/unifi/{data,logs,run}
# chown -R unifi. /opt/unifi
# chcon -Rt svirt_sandbox_file_t /opt/unifi/
# firewall-cmd --zone=$(firewall-cmd --get-default-zone) \
    --add-port=3478/udp --add-port=8080/tcp \
    --add-port=8443/tcp --add-port=8843/tcp \
    --add-port=10001/udp
# firewall-cmd --runtime-to-permanent
# podman run -d --cap-drop ALL \
  -e UNIFI_UID=$(id -u unifi) \
  -e JVM_MAX_HEAP_SIZE=1024m \
  -e TZ='America/Chicago' \
  -p 3478:3478/udp -p 8080:8080/tcp \
  -p 8443:8443/tcp -p 8843:8843/tcp -p 10001:10001/udp \
  -v /opt/unifi/data:/opt/unifi/data:Z \
  -v /opt/unifi/logs:/opt/unifi/logs:Z \
  -v /opt/unifi/run:/opt/unifi/run:Z \
  --name unifi quay.io/jdoss/unifi:5.11.31-ad89aa3621
  

But then failed to load my backup, since the backup was from a newer version than what the container had. So I needed to find the new version number from Ubiquity and then do a sha256sum of the UniFi.unix.zip file, and rebuild the container:

# podman build --build-arg UNIFI_VERSION=5.12.22 \
    --build-arg UNIFI_SHA256=1014760e0b79e434be668ca83becc0d40b531a12da6769811e5818338ecab2aa \
    --build-arg UNIFI_UID=$(id -u unifi) \
    -t unifi:5.12.22 .

Then I could successfully start it:

# podman run -d --cap-drop ALL \
  -e UNIFI_UID=$(id -u unifi) \
  -e JVM_MAX_HEAP_SIZE=1024m \
  -e TZ='Europe/Oslo' \
  -p 3478:3478/udp -p 8080:8080/tcp \
  -p 8443:8443/tcp -p 8843:8843/tcp \
  -p 10001:10001/udp \
  -v /opt/unifi/data:/opt/unifi/data:Z \
  -v /opt/unifi/logs:/opt/unifi/logs:Z \
  -v /opt/unifi/run:/opt/unifi/run:Z \
  --name unifi unifi:5.12.22

And to make it start at boot, I created the following systemd service for it:

# cat <<'EOF' > /etc/systemd/system/unifi-container.service
[Unit]
Description=Unifi container

[Service]
Restart=always
ExecStart=/usr/bin/podman start -a unifi
ExecStop=/usr/bin/podman stop -t 2 unifi

[Install]
WantedBy=local.target
EOF

and verified it worked with:

# podman kill unifi
# systemctl enable unifi-container.service
# systemctl start unifi-container.service