#3606 NORM Opportu: Jabber: jabber.laptop.org -> laptop.org JIDs etc

Zarro Boogs per Child bugtracker at laptop.org
Wed Sep 19 16:58:48 EDT 2007


#3606: Jabber: jabber.laptop.org -> laptop.org JIDs etc
-----------------------+----------------------------------------------------
  Reporter:  danjared  |       Owner:  djbclark   
      Type:  task      |      Status:  assigned   
  Priority:  normal    |   Milestone:  Opportunity
 Component:  distro    |     Version:             
Resolution:            |    Keywords:  jabber     
  Verified:  1         |  
-----------------------+----------------------------------------------------
Changes (by djbclark):

  * status:  new => assigned


Comment:

 Need to doc this to internalwiki:

  * danjared | djbclark: jabber.laptop.org is in the office server room on
 the floor next to xs-dev. it should be labeled. just watch out for the
 machines in the rack, especially grinch. it's... rather grinchful

  * danjared: I'm also told by jg that it has some special-cow-powers and
 isn't really the f7           package... he said something about
 collabora.net... do you have a URL with more info about what exactly is
 running?
  * djbclark: you mean ejabberd?
  * djbclark | danjared: yes
  * daf | it used to run on olpc.collabora.co.uk (with some magic patches)
  * danjared | I think the SRPM is still in
 http://dev.laptop.org/~danjared/
  * danjared :: djbclark: various people. I can find Robot101's original
 email if you like. I just frobbed an RPM spec file

 And Robot101 is:
 {{{
 (~robot101 at light.bluelinux.co.uk): Robert McQueen
 Channels: #bluelinux #debian-uk #acetarium #debian-lists #blackcat
 neutron.oftc.net (Vienna, Austria)
 }}}

 And a useful email:

 From: Robert McQueen <robert.mcqueen at collabora.co.uk>
 To: Dan Williams <dcbw at redhat.com>, John Watlington <wad at laptop.org>,
 danjared at laptop.org
 Date: Sat, 21 Jul 2007 10:13:03 +0100
 Subject: XMPP server(s) for Trial 2 XOs

 Hi guys,

 As you know we've been running an XMPP server on olpc.collabora.co.uk
 for the development of the server-based collaborative stuff. We're now
 facing the prospect of having thousands of users on one server, who can
 all see each other - this is clearly not very scalable, our poor little
 VM isn't exactly the most powerful server we could apply to the problem
 anyway, and we don't have any dedicated sysadmin staff to keep
 everything fed and watered.

 So, for Trial 2 production images, I'd basically like to take our server
 out of the loop, and have you guys provide either some central or
 locally provisioned servers. We will retain olpc.ccu for development
 purposes, as I expect Trial 3 will see us developing a server component
 to further address scalability of how server-based buddies and
 activities are discovered.

 For the server software, as far as I'm currently aware ejabberd is the
 only choice because it has (experimental) support for PEP (Personal
 Eventing Protocol) which we rely on for XOs publishing details about
 their available and current activities, colour, nickname, etc, and we
 also make use of its in-built MUC conferencing for the activities. If
 you are aware of another XMPP server package with PEP, MUC and shared
 roster support that you prefer, it should also work fine.

 Our box is running ejabberd as provided in Debian sarge, which is 1.1.2,
 with a few extra modules and patches. Our configuration file is
 included. I've enabled the conference server, which is mod_muc. Due to
 some detail of how XMPP components work, this requires that (at least
 from the perspective of the server - the client doesn't need this as all
 of it's traffic goes via the server) conference.serverdomain also points
 to the IP address of the server.

 The PEP support comes from an external project, which enhances the
 existing mod_pubsub:
  http://www.dtek.chalmers.se/~henoch/text/ejabberd-pep.html
 This is stored in the ejabberd-mods SVN at:
  https://svn.process-one.net/ejabberd-modules/

 There is a backport of the work to 1.1.2 in pep/branches/1.1.2. The
 build system for this seemed pretty weird, it seems to involve lightly
 modified copies of files copied from the ejabberd source tree, so I
 turned it into a patch against the ejabberd source itself, which I've
 attached. One poorly documented caveat with the PEP support is that this
 enhanced mod_pubsub module depends on mod_caps also being loaded in the
 ejabberd, otherwise you get cryptic failures at runtime.

 I also enabled mod_shared_roster, and via the web interface I configured
 it so that everyone has a group called "Everybody" which contains all
 other users on the server. It's documented in Example 1 on:
  http://ejabberd.jabber.ru/shared-roster-all

 Thanks to help from the upstream maintainer, I also have a patch to
 address a very bad interaction between account registration and shared
 roster support, which fixes the problem that newly-created accounts will
 not get sent presence by any of the already-connected users. This is
 attached.

 Finally, I also added mod_ctlextra (also from ejabberd-modules, ejabberd
 patch attached) which adds some extra commands to the ejabberdctl
 command, particularly "delete-older-users" which can delete users who
 havn't logged in for a certain number of days. It has the annoying
 side-effect of deleting the admin user because he never logs in via
 XMPP, only via the web interface, but it can be re-added by calling
 "ejabberdctl register ...". Although I never got round to it, the idea
 was to put this on cron.daily and make it throw dead accounts away after
 7-14 days of non-use - this is intentionally aggressive for the
 development server which will get one account created every time someone
 flashes a new image, so the production one might not need this.

 Of late, the ejabberd has on two or three occasions rendered itself into
 a state where it is running but unable to accept any incoming
 connections. Unfortunately I have no idea why, but if it happens for
 you, or keeps happening, the upstream author (JID is aleksey at jabber.ru,
 or aleksey on ejabberd at conference.jabber.ru) was very helpful in the
 past - ejabberd has a mechanism to obtain an erlang console from a
 running server, so I gave him a shell and he was able to debug remotely.

 Let me know if you have any other queries.

 Regards,
 Rob
 {{{
 % Default Debian ejabberd.cfg

 %override_acls.

 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% ucf section

 %% Admin user
 {acl, admin, {user, "admin", "olpc.collabora.co.uk"}}.

 %% Hostname
 {hosts, ["olpc.collabora.co.uk"]}.

 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

 % Users that have admin access.  Add line like one of the following after
 you
 % will be successfully registered on server to get admin access:
 %{acl, admin, {user, "aleksey"}}.

 % Blocked users:
 %{acl, blocked, {user, "test"}}.

 % Local users:
 {acl, local, {user_regexp, ""}}.

 % Another examples of ACLs:
 %{acl, jabberorg, {server, "jabber.org"}}.
 %{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
 %{acl, test, {user_regexp, "^test"}}.
 %{acl, test, {user_glob, "test*"}}.

 % Everybody can create pubsub nodes
 {access, pubsub_createnode, [{allow, all}]}.

 % Only admins can use configuration interface:
 {access, configure, [{allow, admin}]}.

 % Every username can be registered via in-band registration:
 {access, register, [{allow, all}]}.

 % None username can be registered via in-band registration:
 %{access, register, [{deny, all}]}.

 % After successful registration user will get message with following
 subject
 % and body:
 {welcome_message,
  {"Welcome!",
  "Welcome to Debian Jabber Service.  "
  "For information about Jabber visit http://jabber.org"}}.
 % Replace them with 'none' if you don't want to send such message:
 %{welcome_message, none}.

 % List of people who will get notifications about registered users
 %{registration_watchers, ["admin1 at localhost",
 %                         "admin2 at localhost"]}.

 % Only admins can send announcement messages:
 {access, announce, [{allow, admin}]}.


 % Only non-blocked users can use c2s connections:
 {access, c2s, [{deny, blocked},
               {allow, all}]}.

 % Set shaper with name "normal" to limit traffic speed to 1000B/s
 {shaper, normal, {maxrate, 1000}}.

 % Set shaper with name "fast" to limit traffic speed to 50000B/s
 {shaper, fast, {maxrate, 50000}}.

 % For all users except admins used "normal" shaper
 {access, c2s_shaper, [{none, admin},
                      {fast, all}]}.

 % For all S2S connections used "fast" shaper
 {access, s2s_shaper, [{fast, all}]}.

 % Admins of this server are also admins of MUC service:
 {access, muc_admin, [{allow, admin}]}.

 % All users are allowed to use MUC service:
 {access, muc, [{allow, all}]}.

 % This rule allows access only for local users:
 {access, local, [{allow, local}]}.


 % Authentication method.  If you want to use internal user base, then use
 % this line:
 {auth_method, internal}.

 % For LDAP authentication use these lines instead of above one:
 %{auth_method, ldap}.
 %{ldap_servers, ["localhost"]}.    % List of LDAP servers
 %{ldap_uidattr, "uid"}.            % LDAP attribute that holds user ID
 %{ldap_base, "dc=example,dc=com"}. % Search base of LDAP directory
 %{ldap_rootdn, "dc=example,dc=com"}. % LDAP manager
 %{ldap_password, "******"}. % Password to LDAP manager

 % For authentication via external script use the following:
 %{auth_method, external}.
 %{extauth_program, "/path/to/authentication/script"}.

 % For authentication via ODBC use the following:
 %{auth_method, odbc}.
 %{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.

 %% Anonymous login support:
 %%  auth_method: anonymous
 %%  anonymous_protocol: sasl_anon|login_anon|both
 %%  allow_multiple_connections: true|false
 %%{host_config, "public.example.org", [{auth_method, anonymous},
 %%                                     {allow_multiple_connections,
 false},
 %%                                     {anonymous_protocol, sasl_anon}]}.
 %% To use both anonymous and internal authentication:
 %%{host_config, "public.example.org", [{auth_method, [anonymous,
 internal]}]}.


 % Host(s) name: (replace for your hostname(s))
 % Old {host, "localhost"}. option is equivalent to {hosts, ["localhost"]}.
 %{hosts, ["localhost"]}.

 %% Define the maximum number of time a single user is allowed to connect:
 {max_user_sessions, 10}.

 % Default language for server messages
 {language, "en"}.

 % Listened ports:
 {listen,
 % Ordinary client-2-server service
  [{5222, ejabberd_c2s,     [{access, c2s},
                            {max_stanza_size, 65536},
                            starttls, {certfile,
 "/etc/ejabberd/ejabberd.pem"},
                            {shaper, c2s_shaper}]},

 % SSL-enabled client-2-server service
  {5223, ejabberd_c2s,     [{access, c2s},
                            {max_stanza_size, 65536},
                            tls, {certfile, "/etc/ejabberd/ejabberd.pem"},
                            {shaper, c2s_shaper}]},

 % Server-2-server service
  {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},
                            {max_stanza_size, 131072}]},

 % External MUC jabber-muc (but internal mod_muc is better :))
 % {5554, ejabberd_service, [{ip, {127, 0, 0, 1}},
 %                           {access, all},
 %                           {host, "muc.localhost", [{password,
 "secret"}]}]},

 % Jabber ICQ Transport
 % {5555, ejabberd_service, [{ip, {127, 0, 0, 1}},
 %                           {access, all},
 %                           {hosts, ["icq.localhost", "sms.localhost"],
 [{password, "secret"}]}]},

 % AIM Transport
 % {5556, ejabberd_service, [{ip, {127, 0, 0, 1}},
 %                           {access, all},
 %                           {host, "aim.localhost", [{password,
 "secret"}]}]},

 % MSN Transport
 % {5557, ejabberd_service, [{ip, {127, 0, 0, 1}},
 %                           {access, all},
 %                           {host, "msn.localhost", [{password,
 "secret"}]}]},

 % Yahoo! Transport
 % {5558, ejabberd_service, [{ip, {127, 0, 0, 1}},
 %                           {access, all},
 %                           {host, "yahoo.localhost", [{password,
 "secret"}]}]},

 % External JUD (internal is more powerful,
 % but doesn't allow to register users from other servers)
 % {5559, ejabberd_service, [{ip, {127, 0, 0, 1}},
 %                           {access, all},
 %                           {host, "jud.localhost", [{password,
 "secret"}]}]},

 % HTTP service (You may choose options HTTP-polling and Web-administering)
 % When commenting out, be careful with commas
  {5280, ejabberd_http,    [http_poll, web_admin]}
  ]}.

 % Use STARTTLS+Dialback for S2S connections
 {s2s_use_starttls, true}.
 {s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
 %{domain_certfile, "example.org", "/etc/ejabberd/example_org.pem"}.
 %{domain_certfile, "example.com", "/etc/ejabberd/example_com.pem"}.

 % If SRV lookup fails, then port 5269 is used to communicate with remote
 server
 {outgoing_s2s_port, 5269}.

 % Used modules:
 {modules,
  [
  {mod_adhoc,      []},
  {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc
  {mod_register,   [{access, register}]},
  {mod_roster,     []},
  {mod_privacy,    []},
  {mod_configure,  []}, % Depends on mod_adhoc
  {mod_configure2, []},
  {mod_disco,      [{extra_domains, ["users.jabber.org"]}]},
  {mod_stats,      []},
  {mod_vcard,      []},
  {mod_offline,    []},
  {mod_echo,       []},
  {mod_private,    []},
  {mod_irc,        []},
 % Default options for mod_muc:
 %   host: "conference." ++ ?MYNAME
 %   access: all
 %   access_create: all
 %   access_admin: none (only room creator has owner privileges)
  {mod_muc,        [{access, muc},
                    {access_create, muc},
                    {access_admin, muc_admin}]},
 %  {mod_muc_log,   []},
  {mod_shared_roster, []},
  {mod_pubsub,     [{access_createnode, pubsub_createnode}]},
  {mod_time,       []},
  {mod_last,       []},
  {mod_version,    []},
  {mod_caps,       []},
  {mod_ctlextra,   []}
  ]}.

 % vim:set ft=erlang:
 % Local Variables:
 % mode: erlang
 % End:
 }}}

-- 
Ticket URL: <https://dev.laptop.org/ticket/3606#comment:1>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system



More information about the Bugs mailing list