Ubiquiti is a company that brands itself as “Rethinking IT”. For a company that “Rethinks IT”, it released a pretty major update in version 2.4. Unfortunately this update to 2.4 completely removed podman (a RedHat branded synonym for docker) completely from the product. This doesn’t exactly sound like too much of an issue, but if you are utilizing podman to run cool features like netbox (like I did) or more import features like a WPA Supplicant container to offload AT&T 802.11x auth, you’re suddenly finding yourself without internet and your UDM doesn’t have podman installed.
I hope you are not in the same situation… Unfortunately, I had automatic updates enabled on my UniFi Dream Machine Pro and my network went down suddenly at 12:30 AM last night. I was suddenly ejected from the Internet faced with a sudden challenge of the network being completely offline. This usually isn’t a major event because automatic updates happen and the product comes back online and WPA Supplicant containers come back (like it was designed to do). I sat with a terminal open and active pings to my gateway device (the UDM) and my favorite Cloudflare nameserver,
22.214.171.124. Time went by and my UDM started pinging again. Unfortunately that was the only recovery I could muster. So now we are in a situation where we check the podman containers currently running and…wait. Why is there no Unifi branding? This is just a debian terminal with extra steps. Ok, maybe they updated the OS and this is the default entrypoint, let’s check podman…
root@gateway:~# podman ps -bash: podman: command not found
Well, this isn’t good. Let’s check my notes from 2 years ago. My notes say podman is supposed to run. I fleeted to the internet to see what was going on. Reddit for the confirmation. Podman was officially removed from the appliance…
At this point I need a solution… My previous build included an EdgeRouter X which was a fine device. I only really upgraded to the UDM because of its ability to run WPA supplicant with podman. This enabled me to remove the ERX and the ATT gateway utilizing the EAP proxy. Well I am now back to the ERX with the ATT gateway utilizing the EAP proxy… This created a double natted situation which is less than ideal. Additionally, it seems that UniFi is ignoring advanced routing users and just assuming everyone wants to use their all in one solution instead of using the UDM as a switch.
Unfortunately this leaves me with a less than ideal network. In the coming weeks I will look at offloading the UDM and aggregation switch to something else.
I am sure nobody from UniFi is reading this, but I really want to state the importance of backward compatible version numbers. If you are about to break fundamental functions that have no backward compatible functionality, you should increment to version 3. Going from 2.3 to 2.4 and removing major functionality is wrong. You should review semver.org and take notes.
Unifi: you earned a new critic today. I am make it my life’s purpose to ditch the UDM as soon as possible.