[remaster/mcs] more work on the MCS spin

remaster/mcs/ejabberd.cfg

@@ -0,0 +1,469 @@
+%%%
+%%%               ejabberd configuration file
+%%%
+
+%%% The parameters used in this configuration file are explained in more detail
+%%% in the ejabberd Installation and Operation Guide.
+%%% Please consult the Guide in case of doubts, it is included in 
+%%% your copy of ejabberd, and is also available online at
+%%% http://www.process-one.net/en/ejabberd/docs/
+
+%%% This configuration file contains Erlang terms.
+%%% In case you want to understand the syntax, here are the concepts:
+%%%
+%%%  - The character to comment a line is %
+%%%
+%%%  - Each term ends in a dot, for example:
+%%%      override_global.
+%%%
+%%%  - A tuple has a fixed definition, its elements are 
+%%%    enclosed in {}, and separated with commas:
+%%%      {loglevel, 4}.
+%%%
+%%%  - A list can have as many elements as you want, 
+%%%    and is enclosed in [], for example:
+%%%      [http_poll, web_admin, tls]
+%%%
+%%%  - A keyword of ejabberd is a word in lowercase. 
+%%%    The strings are enclosed in "" and can have spaces, dots...
+%%%      {language, "en"}.
+%%%      {ldap_rootdn, "dc=example,dc=com"}. 
+%%%
+%%%  - This term includes a tuple, a keyword, a list and two strings:
+%%%      {hosts, ["jabber.example.net", "im.example.com"]}.
+%%%
+
+
+%%%   =======================
+%%%   OVERRIDE STORED OPTIONS
+
+%%
+%% Override the old values stored in the database.
+%%
+
+%%
+%% Override global options (shared by all ejabberd nodes in a cluster).
+%%
+%%override_global.
+
+%%
+%% Override local options (specific for this particular ejabberd node).
+%%
+%%override_local.
+
+%%
+%% Remove the Access Control Lists before new ones are added.
+%%
+%%override_acls.
+
+
+%%%   =========
+%%%   DEBUGGING
+
+%%
+%% loglevel: Verbosity of log files generated by ejabberd.
+%% 0: No ejabberd log at all (not recommended)
+%% 1: Critical
+%% 2: Error
+%% 3: Warning
+%% 4: Info
+%% 5: Debug
+%%
+{loglevel, 4}.
+
+%%
+%% watchdog_admins: If an ejabberd process consumes too much memory, 
+%% send live notifications to those Jabber accounts.
+%%
+%%{watchdog_admins, ["admin@localhost"]}.
+
+
+%%%   ================
+%%%   SERVED HOSTNAMES
+
+%%
+%% hosts: Domains served by ejabberd.
+%% You can define one or several, for example:
+%% {hosts, ["example.net", "example.com", "example.org"]}.
+%%
+{hosts, ["localhost","mailwaretest.com"]}.
+
+%%
+%% route_subdomains: Delegate subdomains to other Jabber server.
+%% For example, if this ejabberd serves example.org and you want
+%% to allow communication with a Jabber server called im.example.org.
+%%
+%%{route_subdomains, s2s}.
+
+
+%%%   ===============
+%%%   LISTENING PORTS
+
+%%
+%% listen: Which ports will ejabberd listen, which service handles it
+%% and what options to start it with.
+%%
+{listen,
+ [
+
+  {5222, ejabberd_c2s, [
+			{certfile, "/etc/ssl/ejabberd/server.pem"}, starttls,
+			{access, c2s},
+			{shaper, c2s_shaper},
+			{max_stanza_size, 65536}
+		       ]},
+
+  %%
+  %% To enable the old SSL connection method in port 5223:
+  %%
+  {5223, ejabberd_c2s, [
+  			{certfile, "/etc/ssl/ejabberd/server.pem"}, tls,
+  			{access, c2s},
+  			{shaper, c2s_shaper},
+  			{max_stanza_size, 65536}
+  		       ]},
+
+  {5269, ejabberd_s2s_in, [
+			   {shaper, s2s_shaper},
+			   {max_stanza_size, 131072}
+			  ]},
+
+  %%
+  %% ejabberd_service: Interact with external components (transports...)
+  %%
+  %%{8888, ejabberd_service, [
+  %%			    {access, all}, 
+  %%			    {shaper_rule, fast},
+  %%			    {ip, {127, 0, 0, 1}},
+  %%			    {hosts, ["icq.example.org", "sms.example.org"],
+  %%			     [{password, "secret"}]
+  %%			    }
+  %%			   ]},
+
+  {5280, ejabberd_http, [
+                         %%{request_handlers, [
+			 %%	{["web"], mod_http_fileserver}
+			 %%]},
+			 captcha,
+			 http_bind, 
+			 http_poll, 
+			 web_admin
+			]}
+
+ ]}.
+
+%%
+%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
+%% Allowed values are: true or false.
+%% You must specify a certificate file.
+%%
+%%{s2s_use_starttls, true}.
+
+%%
+%% s2s_certfile: Specify a certificate file.
+%%
+%%{s2s_certfile, "/etc/ssl/ejabberd/server.pem"}.
+
+%%
+%% domain_certfile: Specify a different certificate for each served hostname.
+%%
+%%{domain_certfile, "example.com", "<PATH>/example_com.pem"}.
+
+%%
+%% S2S whitelist or blacklist
+%%
+%% Default s2s policy for undefined hosts.
+%%
+%%{s2s_default_policy, allow}.
+
+%%
+%% Allow or deny communication with specific servers.
+%%
+%%{{s2s_host, "goodhost.org"}, allow}.
+%%{{s2s_host, "badhost.org"}, deny}.
+
+
+%%%   ==============
+%%%   AUTHENTICATION
+
+%%
+%% auth_method: Method used to authenticate the users.
+%% The default method is the internal.
+%% If you want to use a different method, 
+%% comment this line and enable the correct ones.
+%%
+%%{auth_method, internal}.
+
+%%
+%% Authentication using external script
+%% Make sure the script is executable by ejabberd.
+%%
+%%{auth_method, external}.
+%%{extauth_program, "/path/to/authentication/script"}.
+
+%%
+%% Authentication using ODBC
+%% Remember to setup a database in the next section.
+%%
+%%{auth_method, odbc}.
+
+%%
+%% Authentication using PAM
+%%
+%%{auth_method, pam}.
+%%{pam_service, "pamservicename"}.
+
+%%
+%% Authentication using LDAP
+%%
+{auth_method, ldap}.
+%%
+%% List of LDAP servers:
+{ldap_servers, ["server1" , "server2"]}.    
+%%
+%% LDAP attribute that holds user ID:
+
+%% BABEL USES $user@$domain TO AUTHENTICATE USERS WITH LDAP
+{ldap_uids, [{"mail", "%u@%d"}]}. 
+
+%%
+%% Search base of LDAP directory:
+{ldap_base, "dc=babel,dc=it"}. 
+%%
+%% LDAP manager:
+%%{ldap_rootdn, "dc=example,dc=com"}. 
+%%
+%% Password to LDAP manager:
+%%{ldap_password, "******"}. 
+
+%%
+%% Anonymous login support:
+%%   auth_method: anonymous
+%%   anonymous_protocol: sasl_anon | login_anon | both
+%%   allow_multiple_connections: true | false
+%%
+%%{host_config, "public.example.org", [{auth_method, anonymous},
+%%                                     {allow_multiple_connections, false},
+%%                                     {anonymous_protocol, sasl_anon}]}.
+%%
+%% To use both anonymous and internal authentication:
+%%
+%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
+
+
+%%%   ==============
+%%%   DATABASE SETUP
+
+%% ejabberd uses by default the internal Mnesia database,
+%% so you can avoid this section.
+%% This section provides configuration examples in case
+%% you want to use other database backends.
+%% Please consult the ejabberd Guide for details about database creation.
+
+%%
+%% MySQL server:
+%%
+%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
+%%
+%% If you want to specify the port:
+%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
+
+%%
+%% PostgreSQL server:
+%%
+%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
+%%
+%% If you want to specify the port:
+%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
+%%
+%% If you use PostgreSQL, have a large database, and need a
+%% faster but inexact replacement for "select count(*) from users"
+%%
+%%{pgsql_users_number_estimate, true}.
+
+%%
+%% ODBC compatible or MSSQL server:
+%%
+%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
+
+
+%%%   ===============
+%%%   TRAFFIC SHAPERS
+
+%%
+%% The "normal" shaper limits traffic speed to 1.000 B/s
+%%
+{shaper, normal, {maxrate, 1000}}.
+
+%%
+%% The "fast" shaper limits traffic speed to 50.000 B/s
+%%
+{shaper, fast, {maxrate, 50000}}.
+
+
+%%%   ====================
+%%%   ACCESS CONTROL LISTS
+
+%%
+%% The 'admin' ACL grants administrative privileges to Jabber accounts.
+%% You can put as many accounts as you want.
+%%
+{acl, admin, {user, "admin", "mailwaretest.com"}}.
+{acl, admin, {user, "admin", "localhost"}}.
+
+%%
+%% Blocked users
+%%
+%%{acl, blocked, {user, "baduser", "example.org"}}.
+%%{acl, blocked, {user, "test"}}.
+
+%%
+%% Local users: don't modify this line.
+%%
+{acl, local, {user_regexp, ""}}.
+
+%%
+%% More examples of ACLs
+%%
+%%{acl, jabberorg, {server, "jabber.org"}}.
+%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
+%%{acl, test, {user_regexp, "^test"}}.
+%%{acl, test, {user_glob, "test*"}}.
+
+
+%%%   ============
+%%%   ACCESS RULES
+
+%% Define the maximum number of time a single user is allowed to connect:
+{access, max_user_sessions, [{10, all}]}.
+
+%% This rule allows access only for local users:
+{access, local, [{allow, local}]}.
+
+%% Only non-blocked users can use c2s connections:
+{access, c2s, [{deny, blocked},
+	       {allow, all}]}.
+
+%% For all users except admins used "normal" shaper
+{access, c2s_shaper, [{none, admin},
+		      {normal, all}]}.
+
+%% For all S2S connections used "fast" shaper
+{access, s2s_shaper, [{fast, all}]}.
+
+%% Only admins can send announcement messages:
+{access, announce, [{allow, admin}]}.
+
+%% Only admins can use configuration interface:
+{access, configure, [{allow, admin}]}.
+
+%% Admins of this server are also admins of MUC service:
+{access, muc_admin, [{allow, admin}]}.
+
+%% All users are allowed to use MUC service:
+{access, muc, [{allow, all}]}.
+{access, muc_create, [{allow, local}]}.
+
+%% In-band registration
+{access, register, [{allow, all}]}.
+
+%% Everybody can create pubsub nodes
+{access, pubsub_createnode, [{allow, local}]}.
+
+
+%%%   ================
+%%%   DEFAULT LANGUAGE
+
+%%
+%% language: Default language used for server messages.
+%%
+{language, "en"}.
+
+%%%   =======
+%%%   CAPTCHA
+  
+%%
+%% Full path to a script that generates the image.
+%%
+%%{captcha_cmd, "/opt/ejabberd-2.1.3/priv/bin/captcha.sh"}.
+  
+%%
+%% Host part of the URL sent to the user.
+%%
+%%{captcha_host, "example.org:5280"}.
+
+
+%%%   =======
+%%%   MODULES
+
+%%
+%% Modules enabled in all ejabberd virtual hosts.
+%%
+{modules,
+ [
+  {mod_adhoc,    []},
+  {mod_announce, [{access, announce}]}, % requires mod_adhoc
+  {mod_caps,     []}, 
+  {mod_configure,[]}, % requires mod_adhoc
+  {mod_disco,    []},
+  %%{mod_echo,   [{host, "echo.localhost"}]},
+  {mod_http_bind,[]},
+  %%{mod_http_fileserver, [
+  %%  {docroot, "/opt/ejabberd-2.1.3/www"},
+  %%  {accesslog, "/opt/ejabberd-2.1.3/www/webaccess.log"},
+  %%  {content_types, [{".htm", "text/html"}]},
+  %%  {directory_indices, ["index.html", "index.htm"]}
+  %%]},
+  {mod_irc,      []},
+  {mod_last,     []},
+  {mod_muc,      [
+		  %%{host, "conference.@HOST@"},
+		  {access, muc},
+		  {access_create, muc_create},
+		  {access_persistent, muc_create},
+		  {access_admin, muc_admin}
+		 ]},
+  %%{mod_muc_log,[]},
+  {mod_offline,  []},
+  {mod_privacy,  []},
+  {mod_private,  []},
+  %%{mod_proxy65,[]},
+  {mod_pubsub,   [ % requires mod_caps
+		  {access_createnode, pubsub_createnode},
+		  {ignore_pep_from_offline, true},
+		  {last_item_cache, false},
+		  {plugins, ["flat", "hometree", "pep"]}
+		 ]},
+  {mod_register, [
+		  %%
+		  %% After successful registration, the user receives 
+		  %% a message with this subject and body.
+		  %%
+		  {welcome_message, {"Welcome!", 
+				     "Welcome to this Jabber server."}},
+
+		  %%
+		  %% When a user registers, send a notification to 
+		  %% these Jabber accounts.
+		  %%
+		  %%{registration_watchers, ["admin1@example.org"]},
+
+		  {access, register}
+		 ]},
+  {mod_roster,   []},
+  %%{mod_service_log,[]},
+  {mod_shared_roster,[]},
+  %%{mod_stats,    []},
+  {mod_time,     []},
+  {mod_vcard,    []},
+  {mod_version,  []}
+ ]}.
+
+
+%%% $Id: ejabberd.cfg.example 1073 2007-12-17 11:03:22Z badlop $
+
+%%% Local Variables:
+%%% mode: erlang
+%%% End:
+%%% vim: set filetype=erlang tabstop=8:
+

scripts/3rdparty/remaster_mcs_inner_chroot_script.sh

@@ -1,4 +1,8 @@
 #!/bin/sh
+
+env-update
+source /etc/profile
+
 export FORCE_EAPI=2
 equo update || ( sleep 1200 && equo update ) || exit 1
 
@@ -6,3 +10,8 @@ equo update || ( sleep 1200 && equo update ) || exit 1
 equo unmask www-servers/apache[threads]
 # mask regular one
 equo mask www-servers/apache[-threads]
+
+# better installing sun-jdk here, to make packages_to_install happy
+equo install sun-jdk
+java-config -S sun-jdk
+env-update

scripts/3rdparty/remaster_mcs_inner_chroot_script_after.sh

@@ -34,13 +34,9 @@ sed -i '/^#ServerName/ s/.*/ServerName localhost.localdomain/g' /etc/dirsrv/admi
 # Fixup mysqld permissions, ebuild bug?
 chown mysql:mysql /var/run/mysqld -R
 
-mysql_ebuild="$(find /var/db/pkg/dev-db -name "mysql*.ebuild" | sort | head -n 1)"
-if [ -z "${mysql_ebuild}" ]; then
-	echo "cannot find any mysql ebuild"
-	exit 1
-fi
 echo "password=mcsmanager" > /root/.my.cnf || exit 1
-HOSTNAME="somethingelse" ebuild "${mysql_ebuild}" config
+
+HOSTNAME="somethingelse" equo config dev-db/mysql || exit 1
 if [ "${?}" != "0" ]; then
 	exit 1
 fi
@@ -116,6 +112,14 @@ chmod 644 /etc/dovecot/dovecot*.conf || exit 1
 
 # Setup ejabberd, why do I need to enable shell for ejabberd-babel?
 usermod -s /bin/sh jabber || exit 1
+usermod -d /home/jabber -m jabber || exit 1
+mkdir -p /home/jabber || exit 1
+chown jabber:jabber /home/jabber -R || exit 1
+
+# Copy babel configuration file over
+cp /.mcs/ejabberd.cfg /etc/jabber/ejabberd.cfg || exit 1
+chown root:jabber /etc/jabber/ejabberd.cfg || exit 1
+chmod 640 /etc/jabber/ejabberd.cfg || exit 1
 
 # add services to init
 # autostarted by the mcs setup script