#3606 NORM Opportu: Jabber: jabber.laptop.org -> laptop.org JIDs etc
Zarro Boogs per Child
bugtracker at laptop.org
Wed Sep 19 16:58:48 EDT 2007
#3606: Jabber: jabber.laptop.org -> laptop.org JIDs etc
-----------------------+----------------------------------------------------
Reporter: danjared | Owner: djbclark
Type: task | Status: assigned
Priority: normal | Milestone: Opportunity
Component: distro | Version:
Resolution: | Keywords: jabber
Verified: 1 |
-----------------------+----------------------------------------------------
Changes (by djbclark):
* status: new => assigned
Comment:
Need to doc this to internalwiki:
* danjared | djbclark: jabber.laptop.org is in the office server room on
the floor next to xs-dev. it should be labeled. just watch out for the
machines in the rack, especially grinch. it's... rather grinchful
* danjared: I'm also told by jg that it has some special-cow-powers and
isn't really the f7 package... he said something about
collabora.net... do you have a URL with more info about what exactly is
running?
* djbclark: you mean ejabberd?
* djbclark | danjared: yes
* daf | it used to run on olpc.collabora.co.uk (with some magic patches)
* danjared | I think the SRPM is still in
http://dev.laptop.org/~danjared/
* danjared :: djbclark: various people. I can find Robot101's original
email if you like. I just frobbed an RPM spec file
And Robot101 is:
{{{
(~robot101 at light.bluelinux.co.uk): Robert McQueen
Channels: #bluelinux #debian-uk #acetarium #debian-lists #blackcat
neutron.oftc.net (Vienna, Austria)
}}}
And a useful email:
From: Robert McQueen <robert.mcqueen at collabora.co.uk>
To: Dan Williams <dcbw at redhat.com>, John Watlington <wad at laptop.org>,
danjared at laptop.org
Date: Sat, 21 Jul 2007 10:13:03 +0100
Subject: XMPP server(s) for Trial 2 XOs
Hi guys,
As you know we've been running an XMPP server on olpc.collabora.co.uk
for the development of the server-based collaborative stuff. We're now
facing the prospect of having thousands of users on one server, who can
all see each other - this is clearly not very scalable, our poor little
VM isn't exactly the most powerful server we could apply to the problem
anyway, and we don't have any dedicated sysadmin staff to keep
everything fed and watered.
So, for Trial 2 production images, I'd basically like to take our server
out of the loop, and have you guys provide either some central or
locally provisioned servers. We will retain olpc.ccu for development
purposes, as I expect Trial 3 will see us developing a server component
to further address scalability of how server-based buddies and
activities are discovered.
For the server software, as far as I'm currently aware ejabberd is the
only choice because it has (experimental) support for PEP (Personal
Eventing Protocol) which we rely on for XOs publishing details about
their available and current activities, colour, nickname, etc, and we
also make use of its in-built MUC conferencing for the activities. If
you are aware of another XMPP server package with PEP, MUC and shared
roster support that you prefer, it should also work fine.
Our box is running ejabberd as provided in Debian sarge, which is 1.1.2,
with a few extra modules and patches. Our configuration file is
included. I've enabled the conference server, which is mod_muc. Due to
some detail of how XMPP components work, this requires that (at least
from the perspective of the server - the client doesn't need this as all
of it's traffic goes via the server) conference.serverdomain also points
to the IP address of the server.
The PEP support comes from an external project, which enhances the
existing mod_pubsub:
http://www.dtek.chalmers.se/~henoch/text/ejabberd-pep.html
This is stored in the ejabberd-mods SVN at:
https://svn.process-one.net/ejabberd-modules/
There is a backport of the work to 1.1.2 in pep/branches/1.1.2. The
build system for this seemed pretty weird, it seems to involve lightly
modified copies of files copied from the ejabberd source tree, so I
turned it into a patch against the ejabberd source itself, which I've
attached. One poorly documented caveat with the PEP support is that this
enhanced mod_pubsub module depends on mod_caps also being loaded in the
ejabberd, otherwise you get cryptic failures at runtime.
I also enabled mod_shared_roster, and via the web interface I configured
it so that everyone has a group called "Everybody" which contains all
other users on the server. It's documented in Example 1 on:
http://ejabberd.jabber.ru/shared-roster-all
Thanks to help from the upstream maintainer, I also have a patch to
address a very bad interaction between account registration and shared
roster support, which fixes the problem that newly-created accounts will
not get sent presence by any of the already-connected users. This is
attached.
Finally, I also added mod_ctlextra (also from ejabberd-modules, ejabberd
patch attached) which adds some extra commands to the ejabberdctl
command, particularly "delete-older-users" which can delete users who
havn't logged in for a certain number of days. It has the annoying
side-effect of deleting the admin user because he never logs in via
XMPP, only via the web interface, but it can be re-added by calling
"ejabberdctl register ...". Although I never got round to it, the idea
was to put this on cron.daily and make it throw dead accounts away after
7-14 days of non-use - this is intentionally aggressive for the
development server which will get one account created every time someone
flashes a new image, so the production one might not need this.
Of late, the ejabberd has on two or three occasions rendered itself into
a state where it is running but unable to accept any incoming
connections. Unfortunately I have no idea why, but if it happens for
you, or keeps happening, the upstream author (JID is aleksey at jabber.ru,
or aleksey on ejabberd at conference.jabber.ru) was very helpful in the
past - ejabberd has a mechanism to obtain an erlang console from a
running server, so I gave him a shell and he was able to debug remotely.
Let me know if you have any other queries.
Regards,
Rob
{{{
% Default Debian ejabberd.cfg
%override_acls.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% ucf section
%% Admin user
{acl, admin, {user, "admin", "olpc.collabora.co.uk"}}.
%% Hostname
{hosts, ["olpc.collabora.co.uk"]}.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Users that have admin access. Add line like one of the following after
you
% will be successfully registered on server to get admin access:
%{acl, admin, {user, "aleksey"}}.
% Blocked users:
%{acl, blocked, {user, "test"}}.
% Local users:
{acl, local, {user_regexp, ""}}.
% Another examples of ACLs:
%{acl, jabberorg, {server, "jabber.org"}}.
%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
%{acl, test, {user_regexp, "^test"}}.
%{acl, test, {user_glob, "test*"}}.
% Everybody can create pubsub nodes
{access, pubsub_createnode, [{allow, all}]}.
% Only admins can use configuration interface:
{access, configure, [{allow, admin}]}.
% Every username can be registered via in-band registration:
{access, register, [{allow, all}]}.
% None username can be registered via in-band registration:
%{access, register, [{deny, all}]}.
% After successful registration user will get message with following
subject
% and body:
{welcome_message,
{"Welcome!",
"Welcome to Debian Jabber Service. "
"For information about Jabber visit http://jabber.org"}}.
% Replace them with 'none' if you don't want to send such message:
%{welcome_message, none}.
% List of people who will get notifications about registered users
%{registration_watchers, ["admin1 at localhost",
% "admin2 at localhost"]}.
% Only admins can send announcement messages:
{access, announce, [{allow, admin}]}.
% Only non-blocked users can use c2s connections:
{access, c2s, [{deny, blocked},
{allow, all}]}.
% Set shaper with name "normal" to limit traffic speed to 1000B/s
{shaper, normal, {maxrate, 1000}}.
% Set shaper with name "fast" to limit traffic speed to 50000B/s
{shaper, fast, {maxrate, 50000}}.
% For all users except admins used "normal" shaper
{access, c2s_shaper, [{none, admin},
{fast, all}]}.
% For all S2S connections used "fast" shaper
{access, s2s_shaper, [{fast, all}]}.
% Admins of this server are also admins of MUC service:
{access, muc_admin, [{allow, admin}]}.
% All users are allowed to use MUC service:
{access, muc, [{allow, all}]}.
% This rule allows access only for local users:
{access, local, [{allow, local}]}.
% Authentication method. If you want to use internal user base, then use
% this line:
{auth_method, internal}.
% For LDAP authentication use these lines instead of above one:
%{auth_method, ldap}.
%{ldap_servers, ["localhost"]}. % List of LDAP servers
%{ldap_uidattr, "uid"}. % LDAP attribute that holds user ID
%{ldap_base, "dc=example,dc=com"}. % Search base of LDAP directory
%{ldap_rootdn, "dc=example,dc=com"}. % LDAP manager
%{ldap_password, "******"}. % Password to LDAP manager
% For authentication via external script use the following:
%{auth_method, external}.
%{extauth_program, "/path/to/authentication/script"}.
% For authentication via ODBC use the following:
%{auth_method, odbc}.
%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
%% Anonymous login support:
%% auth_method: anonymous
%% anonymous_protocol: sasl_anon|login_anon|both
%% allow_multiple_connections: true|false
%%{host_config, "public.example.org", [{auth_method, anonymous},
%% {allow_multiple_connections,
false},
%% {anonymous_protocol, sasl_anon}]}.
%% To use both anonymous and internal authentication:
%%{host_config, "public.example.org", [{auth_method, [anonymous,
internal]}]}.
% Host(s) name: (replace for your hostname(s))
% Old {host, "localhost"}. option is equivalent to {hosts, ["localhost"]}.
%{hosts, ["localhost"]}.
%% Define the maximum number of time a single user is allowed to connect:
{max_user_sessions, 10}.
% Default language for server messages
{language, "en"}.
% Listened ports:
{listen,
% Ordinary client-2-server service
[{5222, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
starttls, {certfile,
"/etc/ejabberd/ejabberd.pem"},
{shaper, c2s_shaper}]},
% SSL-enabled client-2-server service
{5223, ejabberd_c2s, [{access, c2s},
{max_stanza_size, 65536},
tls, {certfile, "/etc/ejabberd/ejabberd.pem"},
{shaper, c2s_shaper}]},
% Server-2-server service
{5269, ejabberd_s2s_in, [{shaper, s2s_shaper},
{max_stanza_size, 131072}]},
% External MUC jabber-muc (but internal mod_muc is better :))
% {5554, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "muc.localhost", [{password,
"secret"}]}]},
% Jabber ICQ Transport
% {5555, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {hosts, ["icq.localhost", "sms.localhost"],
[{password, "secret"}]}]},
% AIM Transport
% {5556, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "aim.localhost", [{password,
"secret"}]}]},
% MSN Transport
% {5557, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "msn.localhost", [{password,
"secret"}]}]},
% Yahoo! Transport
% {5558, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "yahoo.localhost", [{password,
"secret"}]}]},
% External JUD (internal is more powerful,
% but doesn't allow to register users from other servers)
% {5559, ejabberd_service, [{ip, {127, 0, 0, 1}},
% {access, all},
% {host, "jud.localhost", [{password,
"secret"}]}]},
% HTTP service (You may choose options HTTP-polling and Web-administering)
% When commenting out, be careful with commas
{5280, ejabberd_http, [http_poll, web_admin]}
]}.
% Use STARTTLS+Dialback for S2S connections
{s2s_use_starttls, true}.
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
%{domain_certfile, "example.org", "/etc/ejabberd/example_org.pem"}.
%{domain_certfile, "example.com", "/etc/ejabberd/example_com.pem"}.
% If SRV lookup fails, then port 5269 is used to communicate with remote
server
{outgoing_s2s_port, 5269}.
% Used modules:
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % Depends on mod_adhoc
{mod_register, [{access, register}]},
{mod_roster, []},
{mod_privacy, []},
{mod_configure, []}, % Depends on mod_adhoc
{mod_configure2, []},
{mod_disco, [{extra_domains, ["users.jabber.org"]}]},
{mod_stats, []},
{mod_vcard, []},
{mod_offline, []},
{mod_echo, []},
{mod_private, []},
{mod_irc, []},
% Default options for mod_muc:
% host: "conference." ++ ?MYNAME
% access: all
% access_create: all
% access_admin: none (only room creator has owner privileges)
{mod_muc, [{access, muc},
{access_create, muc},
{access_admin, muc_admin}]},
% {mod_muc_log, []},
{mod_shared_roster, []},
{mod_pubsub, [{access_createnode, pubsub_createnode}]},
{mod_time, []},
{mod_last, []},
{mod_version, []},
{mod_caps, []},
{mod_ctlextra, []}
]}.
% vim:set ft=erlang:
% Local Variables:
% mode: erlang
% End:
}}}
--
Ticket URL: <https://dev.laptop.org/ticket/3606#comment:1>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list