From be98b6a2298ae87351278ae851f07fe7d9a4021d Mon Sep 17 00:00:00 2001 From: Fabio Erculiani Date: Thu, 28 Oct 2010 12:04:04 +0200 Subject: [PATCH] [remaster/mcs] more work on the MCS spin --- remaster/mcs/ejabberd.cfg | 469 ++++++++++++++++++ .../remaster_mcs_inner_chroot_script.sh | 9 + .../remaster_mcs_inner_chroot_script_after.sh | 16 +- 3 files changed, 488 insertions(+), 6 deletions(-) create mode 100644 remaster/mcs/ejabberd.cfg diff --git a/remaster/mcs/ejabberd.cfg b/remaster/mcs/ejabberd.cfg new file mode 100644 index 0000000..c98fec0 --- /dev/null +++ b/remaster/mcs/ejabberd.cfg @@ -0,0 +1,469 @@ +%%% +%%% ejabberd configuration file +%%% + +%%% The parameters used in this configuration file are explained in more detail +%%% in the ejabberd Installation and Operation Guide. +%%% Please consult the Guide in case of doubts, it is included in +%%% your copy of ejabberd, and is also available online at +%%% http://www.process-one.net/en/ejabberd/docs/ + +%%% This configuration file contains Erlang terms. +%%% In case you want to understand the syntax, here are the concepts: +%%% +%%% - The character to comment a line is % +%%% +%%% - Each term ends in a dot, for example: +%%% override_global. +%%% +%%% - A tuple has a fixed definition, its elements are +%%% enclosed in {}, and separated with commas: +%%% {loglevel, 4}. +%%% +%%% - A list can have as many elements as you want, +%%% and is enclosed in [], for example: +%%% [http_poll, web_admin, tls] +%%% +%%% - A keyword of ejabberd is a word in lowercase. +%%% The strings are enclosed in "" and can have spaces, dots... +%%% {language, "en"}. +%%% {ldap_rootdn, "dc=example,dc=com"}. +%%% +%%% - This term includes a tuple, a keyword, a list and two strings: +%%% {hosts, ["jabber.example.net", "im.example.com"]}. +%%% + + +%%% ======================= +%%% OVERRIDE STORED OPTIONS + +%% +%% Override the old values stored in the database. +%% + +%% +%% Override global options (shared by all ejabberd nodes in a cluster). +%% +%%override_global. + +%% +%% Override local options (specific for this particular ejabberd node). +%% +%%override_local. + +%% +%% Remove the Access Control Lists before new ones are added. +%% +%%override_acls. + + +%%% ========= +%%% DEBUGGING + +%% +%% loglevel: Verbosity of log files generated by ejabberd. +%% 0: No ejabberd log at all (not recommended) +%% 1: Critical +%% 2: Error +%% 3: Warning +%% 4: Info +%% 5: Debug +%% +{loglevel, 4}. + +%% +%% watchdog_admins: If an ejabberd process consumes too much memory, +%% send live notifications to those Jabber accounts. +%% +%%{watchdog_admins, ["admin@localhost"]}. + + +%%% ================ +%%% SERVED HOSTNAMES + +%% +%% hosts: Domains served by ejabberd. +%% You can define one or several, for example: +%% {hosts, ["example.net", "example.com", "example.org"]}. +%% +{hosts, ["localhost","mailwaretest.com"]}. + +%% +%% route_subdomains: Delegate subdomains to other Jabber server. +%% For example, if this ejabberd serves example.org and you want +%% to allow communication with a Jabber server called im.example.org. +%% +%%{route_subdomains, s2s}. + + +%%% =============== +%%% LISTENING PORTS + +%% +%% listen: Which ports will ejabberd listen, which service handles it +%% and what options to start it with. +%% +{listen, + [ + + {5222, ejabberd_c2s, [ + {certfile, "/etc/ssl/ejabberd/server.pem"}, starttls, + {access, c2s}, + {shaper, c2s_shaper}, + {max_stanza_size, 65536} + ]}, + + %% + %% To enable the old SSL connection method in port 5223: + %% + {5223, ejabberd_c2s, [ + {certfile, "/etc/ssl/ejabberd/server.pem"}, tls, + {access, c2s}, + {shaper, c2s_shaper}, + {max_stanza_size, 65536} + ]}, + + {5269, ejabberd_s2s_in, [ + {shaper, s2s_shaper}, + {max_stanza_size, 131072} + ]}, + + %% + %% ejabberd_service: Interact with external components (transports...) + %% + %%{8888, ejabberd_service, [ + %% {access, all}, + %% {shaper_rule, fast}, + %% {ip, {127, 0, 0, 1}}, + %% {hosts, ["icq.example.org", "sms.example.org"], + %% [{password, "secret"}] + %% } + %% ]}, + + {5280, ejabberd_http, [ + %%{request_handlers, [ + %% {["web"], mod_http_fileserver} + %%]}, + captcha, + http_bind, + http_poll, + web_admin + ]} + + ]}. + +%% +%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections. +%% Allowed values are: true or false. +%% You must specify a certificate file. +%% +%%{s2s_use_starttls, true}. + +%% +%% s2s_certfile: Specify a certificate file. +%% +%%{s2s_certfile, "/etc/ssl/ejabberd/server.pem"}. + +%% +%% domain_certfile: Specify a different certificate for each served hostname. +%% +%%{domain_certfile, "example.com", "/example_com.pem"}. + +%% +%% S2S whitelist or blacklist +%% +%% Default s2s policy for undefined hosts. +%% +%%{s2s_default_policy, allow}. + +%% +%% Allow or deny communication with specific servers. +%% +%%{{s2s_host, "goodhost.org"}, allow}. +%%{{s2s_host, "badhost.org"}, deny}. + + +%%% ============== +%%% AUTHENTICATION + +%% +%% auth_method: Method used to authenticate the users. +%% The default method is the internal. +%% If you want to use a different method, +%% comment this line and enable the correct ones. +%% +%%{auth_method, internal}. + +%% +%% Authentication using external script +%% Make sure the script is executable by ejabberd. +%% +%%{auth_method, external}. +%%{extauth_program, "/path/to/authentication/script"}. + +%% +%% Authentication using ODBC +%% Remember to setup a database in the next section. +%% +%%{auth_method, odbc}. + +%% +%% Authentication using PAM +%% +%%{auth_method, pam}. +%%{pam_service, "pamservicename"}. + +%% +%% Authentication using LDAP +%% +{auth_method, ldap}. +%% +%% List of LDAP servers: +{ldap_servers, ["server1" , "server2"]}. +%% +%% LDAP attribute that holds user ID: + +%% BABEL USES $user@$domain TO AUTHENTICATE USERS WITH LDAP +{ldap_uids, [{"mail", "%u@%d"}]}. + +%% +%% Search base of LDAP directory: +{ldap_base, "dc=babel,dc=it"}. +%% +%% LDAP manager: +%%{ldap_rootdn, "dc=example,dc=com"}. +%% +%% Password to LDAP manager: +%%{ldap_password, "******"}. + +%% +%% Anonymous login support: +%% auth_method: anonymous +%% anonymous_protocol: sasl_anon | login_anon | both +%% allow_multiple_connections: true | false +%% +%%{host_config, "public.example.org", [{auth_method, anonymous}, +%% {allow_multiple_connections, false}, +%% {anonymous_protocol, sasl_anon}]}. +%% +%% To use both anonymous and internal authentication: +%% +%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}. + + +%%% ============== +%%% DATABASE SETUP + +%% ejabberd uses by default the internal Mnesia database, +%% so you can avoid this section. +%% This section provides configuration examples in case +%% you want to use other database backends. +%% Please consult the ejabberd Guide for details about database creation. + +%% +%% MySQL server: +%% +%%{odbc_server, {mysql, "server", "database", "username", "password"}}. +%% +%% If you want to specify the port: +%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}. + +%% +%% PostgreSQL server: +%% +%%{odbc_server, {pgsql, "server", "database", "username", "password"}}. +%% +%% If you want to specify the port: +%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}. +%% +%% If you use PostgreSQL, have a large database, and need a +%% faster but inexact replacement for "select count(*) from users" +%% +%%{pgsql_users_number_estimate, true}. + +%% +%% ODBC compatible or MSSQL server: +%% +%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}. + + +%%% =============== +%%% TRAFFIC SHAPERS + +%% +%% The "normal" shaper limits traffic speed to 1.000 B/s +%% +{shaper, normal, {maxrate, 1000}}. + +%% +%% The "fast" shaper limits traffic speed to 50.000 B/s +%% +{shaper, fast, {maxrate, 50000}}. + + +%%% ==================== +%%% ACCESS CONTROL LISTS + +%% +%% The 'admin' ACL grants administrative privileges to Jabber accounts. +%% You can put as many accounts as you want. +%% +{acl, admin, {user, "admin", "mailwaretest.com"}}. +{acl, admin, {user, "admin", "localhost"}}. + +%% +%% Blocked users +%% +%%{acl, blocked, {user, "baduser", "example.org"}}. +%%{acl, blocked, {user, "test"}}. + +%% +%% Local users: don't modify this line. +%% +{acl, local, {user_regexp, ""}}. + +%% +%% More examples of ACLs +%% +%%{acl, jabberorg, {server, "jabber.org"}}. +%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}. +%%{acl, test, {user_regexp, "^test"}}. +%%{acl, test, {user_glob, "test*"}}. + + +%%% ============ +%%% ACCESS RULES + +%% Define the maximum number of time a single user is allowed to connect: +{access, max_user_sessions, [{10, all}]}. + +%% This rule allows access only for local users: +{access, local, [{allow, local}]}. + +%% Only non-blocked users can use c2s connections: +{access, c2s, [{deny, blocked}, + {allow, all}]}. + +%% For all users except admins used "normal" shaper +{access, c2s_shaper, [{none, admin}, + {normal, all}]}. + +%% For all S2S connections used "fast" shaper +{access, s2s_shaper, [{fast, all}]}. + +%% Only admins can send announcement messages: +{access, announce, [{allow, admin}]}. + +%% Only admins can use configuration interface: +{access, configure, [{allow, admin}]}. + +%% Admins of this server are also admins of MUC service: +{access, muc_admin, [{allow, admin}]}. + +%% All users are allowed to use MUC service: +{access, muc, [{allow, all}]}. +{access, muc_create, [{allow, local}]}. + +%% In-band registration +{access, register, [{allow, all}]}. + +%% Everybody can create pubsub nodes +{access, pubsub_createnode, [{allow, local}]}. + + +%%% ================ +%%% DEFAULT LANGUAGE + +%% +%% language: Default language used for server messages. +%% +{language, "en"}. + +%%% ======= +%%% CAPTCHA + +%% +%% Full path to a script that generates the image. +%% +%%{captcha_cmd, "/opt/ejabberd-2.1.3/priv/bin/captcha.sh"}. + +%% +%% Host part of the URL sent to the user. +%% +%%{captcha_host, "example.org:5280"}. + + +%%% ======= +%%% MODULES + +%% +%% Modules enabled in all ejabberd virtual hosts. +%% +{modules, + [ + {mod_adhoc, []}, + {mod_announce, [{access, announce}]}, % requires mod_adhoc + {mod_caps, []}, + {mod_configure,[]}, % requires mod_adhoc + {mod_disco, []}, + %%{mod_echo, [{host, "echo.localhost"}]}, + {mod_http_bind,[]}, + %%{mod_http_fileserver, [ + %% {docroot, "/opt/ejabberd-2.1.3/www"}, + %% {accesslog, "/opt/ejabberd-2.1.3/www/webaccess.log"}, + %% {content_types, [{".htm", "text/html"}]}, + %% {directory_indices, ["index.html", "index.htm"]} + %%]}, + {mod_irc, []}, + {mod_last, []}, + {mod_muc, [ + %%{host, "conference.@HOST@"}, + {access, muc}, + {access_create, muc_create}, + {access_persistent, muc_create}, + {access_admin, muc_admin} + ]}, + %%{mod_muc_log,[]}, + {mod_offline, []}, + {mod_privacy, []}, + {mod_private, []}, + %%{mod_proxy65,[]}, + {mod_pubsub, [ % requires mod_caps + {access_createnode, pubsub_createnode}, + {ignore_pep_from_offline, true}, + {last_item_cache, false}, + {plugins, ["flat", "hometree", "pep"]} + ]}, + {mod_register, [ + %% + %% After successful registration, the user receives + %% a message with this subject and body. + %% + {welcome_message, {"Welcome!", + "Welcome to this Jabber server."}}, + + %% + %% When a user registers, send a notification to + %% these Jabber accounts. + %% + %%{registration_watchers, ["admin1@example.org"]}, + + {access, register} + ]}, + {mod_roster, []}, + %%{mod_service_log,[]}, + {mod_shared_roster,[]}, + %%{mod_stats, []}, + {mod_time, []}, + {mod_vcard, []}, + {mod_version, []} + ]}. + + +%%% $Id: ejabberd.cfg.example 1073 2007-12-17 11:03:22Z badlop $ + +%%% Local Variables: +%%% mode: erlang +%%% End: +%%% vim: set filetype=erlang tabstop=8: + diff --git a/scripts/3rdparty/remaster_mcs_inner_chroot_script.sh b/scripts/3rdparty/remaster_mcs_inner_chroot_script.sh index 68b0e5b..f4cff1c 100755 --- a/scripts/3rdparty/remaster_mcs_inner_chroot_script.sh +++ b/scripts/3rdparty/remaster_mcs_inner_chroot_script.sh @@ -1,4 +1,8 @@ #!/bin/sh + +env-update +source /etc/profile + export FORCE_EAPI=2 equo update || ( sleep 1200 && equo update ) || exit 1 @@ -6,3 +10,8 @@ equo update || ( sleep 1200 && equo update ) || exit 1 equo unmask www-servers/apache[threads] # mask regular one equo mask www-servers/apache[-threads] + +# better installing sun-jdk here, to make packages_to_install happy +equo install sun-jdk +java-config -S sun-jdk +env-update diff --git a/scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh b/scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh index 286b7c3..d9a2522 100755 --- a/scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh +++ b/scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh @@ -34,13 +34,9 @@ sed -i '/^#ServerName/ s/.*/ServerName localhost.localdomain/g' /etc/dirsrv/admi # Fixup mysqld permissions, ebuild bug? chown mysql:mysql /var/run/mysqld -R -mysql_ebuild="$(find /var/db/pkg/dev-db -name "mysql*.ebuild" | sort | head -n 1)" -if [ -z "${mysql_ebuild}" ]; then - echo "cannot find any mysql ebuild" - exit 1 -fi echo "password=mcsmanager" > /root/.my.cnf || exit 1 -HOSTNAME="somethingelse" ebuild "${mysql_ebuild}" config + +HOSTNAME="somethingelse" equo config dev-db/mysql || exit 1 if [ "${?}" != "0" ]; then exit 1 fi @@ -116,6 +112,14 @@ chmod 644 /etc/dovecot/dovecot*.conf || exit 1 # Setup ejabberd, why do I need to enable shell for ejabberd-babel? usermod -s /bin/sh jabber || exit 1 +usermod -d /home/jabber -m jabber || exit 1 +mkdir -p /home/jabber || exit 1 +chown jabber:jabber /home/jabber -R || exit 1 + +# Copy babel configuration file over +cp /.mcs/ejabberd.cfg /etc/jabber/ejabberd.cfg || exit 1 +chown root:jabber /etc/jabber/ejabberd.cfg || exit 1 +chmod 640 /etc/jabber/ejabberd.cfg || exit 1 # add services to init # autostarted by the mcs setup script