Jabber Takes a Swing at RichM

| March 2, 2007

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:RichM}

boxingglovesLast month I explained that I wanted to reduce my organization's dependence on AIM due to its lack of security and the fact that we cannot control what takes places on their servers.  I also mentioned that I was fairly new to jabber, and, due to lack of experience, I was hoping for a hand or two to help sort out the install/config process.  While I did receive many alternative recommendations, sadly I didn't get a single volunteer willing to help shoulder the responsibility of bringing any easy to follow tutorial (aimed at the uninitiated) to the EH masses.  Determined to make it happen, I soldiered on. Sadly I have fallen short, I am approximately 70% done but have hit some fun snags which are listed below. Hopefully I can enlist the help of the EH-Net faithful for a little help.

Installing Jabber Part 1: Erlang

I have chosen to use the Ubuntu: Edgy (even though the latest version is due out in April), since it is stable and (at this time) current.  As stated in the initial article I am not a fan of GUIs on a linux box.  One of the greatest strengths linux has is the ability to run from a shell and use 100,000s of lines of less code than its Windows counterpart.  Obviously, this isn't an option, but ultimately this jabber server should be running on a standalone server not a desktop/workstation.  This particular installation is running on a VMware Server, which is hosted on a Windows Server 2003 SP1 WSUS server.  I chose the WSUS server since it is always up and the demand on the machine is greatest after midnight when it updates. This is the least likely time the chat server will be needed.  Even though we have users that may be using it, the traffic during the late night hours are considerably less.  This is the best of both worlds: a server that is being used but not strained to the point of denying services or slowing traffic.  It is recommended that if you cannot spare a dedicated server for jabber, that you use a similar approach on a production machine that is not heavily in demand such as a dhcp, secondary dns or a another secondary server that currently handles a minimal load.

Packages required for erlang:
  • gcc
  • libssl-dev
  • m4
  • libncurses5-dev
  • g++
  • openssl
  • gcc
  • java-gcj-compat
  • java-gcj-compat-dev
  • make
  • erlang (current version otp_src_R11B-3) http://erlang.org/download.html

1. Install ubuntu edgy minimal business card install http://www.ubuntu.com/products/GetUbuntu/download?action=show&redirect=download Choose the country that is appropriate to your location

2. Choose the server install (other installations)

3. Select the download that best matches your current architecture

4. Do the basic install

5. Feel fee to let ubuntu partition your hard drive, if you are not comfortable with creating your partitions manually

6. Finish basic install (add users, repositories, etc.)

7. Do not choose any additional packages (lamp, dns, etc.)

8. Once the machine boots into the new install, run apt-get update

9. Apt-get upgrade

10. Install all packages listed above (versions may vary) using apt-get install package name

11. cd to the otp… directory

12. ./configure

13. make

14. make install

15. erl

16. Test erlang, type 2+4 . (the answer you should get is "6")

17. Congratulations, you have just created the most complicated desktop calculator J

18. To exit hit ‘Ctrl' +C

19. Type ‘a'

20. To start erl type the following string: erl -pa /var/lib/ejabberd/ebin -name ejabberd -s ejabberd

Errors which may be encountered during erlang install:

configure: error: GNU make is required!

apt-get install make

configure: error: no acceptable cc found in $PATH

apt-get install gcc

configure: error: installation or configuration problem: C compiler cannot create executables.

Apt-get install g++

configure: error: No curses library functions found

apt-get install libncurses5-dev

crypto         : No usable OpenSSL found

ssh            : No usable OpenSSL found

ssl            : No usable OpenSSL found

apt-get install openssl

jinterface     : No Java compiler found

apt-get install java-gcj-compat java-gcj-compat-dev

Part 2: Jabber Install

1. Download the latest version of ejabberd source located here http://www.process-one.net/en/ejabberd/downloads/

2. cd to the src directory (root/ejabberd/src)

3. ./configure

4. make

5. make install

Outstanding issues:

-The webadmin is not working, after several tweaks to ejabberd.cfg (below) I no longer even receive a pop up

-I can register new users, but they cannot add buddies (definitely a permissions issue, just not sure where to change them)

-After a user is registered, they are kicked out with a ‘read error'.  Also most likely a permissions issue

Ejabberd.cfg

 

% $Id: ejabberd.cfg.example 577 2006-06-07 08:38:37Z mremond $

 

override_acls.

override_global.

override_local.

 

% Users that have admin access.  Add line like one of the following after you

% will be successfully registered on server to get admin access:

{acl, admin, {user, "uuser", "jabberserver.domain"}}.

 

% Blocked users:

%{acl, blocked, {user, "test"}}.

 

% Local users:

{acl, local, {user_regexp, ""}}.

 

% Only admins can use configuration interface:

{access, configure, [{allow, uuser}]}.

 

% Every username can be registered via in-band registration:

% You could replace {allow, all} with {deny, all} to prevent user from using

% in-band registration

{access, register, [{allow, all}]}.

 

% After successful registration user will get message with following subject

% and body:

{welcome_message,

 {"Welcome!",

  "Welcome to XYZ Jabber Service.  "

  "For information about Jabber visit http://jabber.org"}}.

% Replace them with 'none' if you don't want to send such message:

%{welcome_message, none}.

 

% List of people who will get notifications about registered users

%{registration_watchers, ["admin1@localhost",

"uuser@domain.com"]}.

 

% Only admins can send announcement messages:

{access, announce, [{allow, admin}]}.

 

 

% Only non-blocked users can use c2s connections:

{access, c2s, [{deny, blocked},

               {allow, all}]}.

 

% Set shaper with name "normal" to limit traffic speed to 1000B/s

{shaper, normal, {maxrate, 1000}}.

 

% Set shaper with name "fast" to limit traffic speed to 50000B/s

{shaper, fast, {maxrate, 50000}}.

 

% For all users except admins used "normal" shaper

{access, c2s_shaper, [{none, admin},

                      {normal, all}]}.

 

% For all S2S connections used "fast" shaper

{access, s2s_shaper, [{fast, all}]}.

 

% Admins of this server are also admins of MUC service:

{access, muc_admin, [{allow, admin}]}.

 

% All users are allowed to use MUC service:

{access, muc, [{allow, all}]}.

 

% This rule allows access only for local users:

{access, local, [{allow, local}]}.

 

 

% Authentication method.  If you want to use internal user base, then use

% this line:

{auth_method, internal}.

 

% Host name:

{hosts, ["jabberserver.domain"]}.

 

%% Define the maximum number of time a single user is allowed to connect:

{max_user_sessions, 30}.

 

% Default language for server messages

{language, "en"}.

 

% Listened ports:

{listen,

 [{5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper},

                            {max_stanza_size, 65536},

                            starttls, {certfile, "/etc/ejabberd/server.pem"}]},

  {5223, ejabberd_c2s,     [{access, c2s},

                            {max_stanza_size, 65536},

                            tls, {certfile, "/etc/ejabberd/server.pem"}]},

  % Use these two lines instead if TLS support is not compiled

  %{5222, ejabberd_c2s,     [{access, c2s}, {shaper, c2s_shaper}]},

  %{5223, ejabberd_c2s,     [{access, c2s}, ssl, {certfile, "./ssl.pem"}]},

  {5269, ejabberd_s2s_in,  [{shaper, s2s_shaper},

                            {max_stanza_size, 131072}

                           ]},

  {5280, ejabberd_http,    [web_admin, {ip, 172, 20, 16, 14}},

                                tls, {certfile, "/etc/ejabberd/server.pem"}],

  {8888, ejabberd_service, [{access, all},

                            {hosts, ["icq.localhost", "sms.localhost"],

                             [{password, "secret"}]}]}

 

]}.

 

 

% Use STARTTLS+Dialback for S2S connections

{s2s_use_starttls, true}.

{s2s_certfile, "./ssl.pem"}.

%{domain_certfile, "example.org", "./example_org.pem"}.

%{domain_certfile, "example.com", "./example_com.pem"}.

 

% If SRV lookup fails, then port 5269 is used to communicate with remote server

{outgoing_s2s_port, 5269}.

 

 

% Used modules:

{modules,

 [

  {mod_register,   [{access, register}]},

  {mod_roster,     []},

  {mod_privacy,    []},

  {mod_adhoc,      []},

  {mod_configure,  []}, % Depends on mod_adhoc

  {mod_configure2, []},

  {mod_disco,      []},

  {mod_stats,      []},

  {mod_vcard,      []},

  {mod_offline,    []},

  {mod_announce,   [{access, announce}]}, % Depends on mod_adhoc

  {mod_echo,       [{host, "echo.localhost"}]},

  {mod_private,    []},

  {mod_irc,        []},

% Default options for mod_muc:

%   host: "conference." ++ ?MYNAME

%   access: all

%   access_create: all

%   access_admin: none (only room creator has owner privileges)

  {mod_muc,        [{access, muc},

                    {access_create, muc},

                    {access_admin, muc_admin}]},

%  {mod_muc_log,    []},

%  {mod_shared_roster, []},

  {mod_pubsub,     [{access_createnode, pubsub_createnode}]},

  {mod_time,       []},

  {mod_last,       []},

  {mod_version,    []}

 ]}.

 

% Local Variables:

% mode: erlang

% End:

 

Let's Review:

These are the oustanding issues. If anyone can lend a hand, that would be great.

-The webadmin is not working, after several tweaks to ejabberd.cfg (below) I no longer even receive a pop up to log into the web admin
-I can register new users, but they cannot add buddies (definitely a permissions issue, just not sure where to change them)
-After a user is registered, they are kicked out with a 'read error'. Also most likely a permissions issue

These are the last issues that need to be resolved. So, once I can figure out these issues, then I can deploy it throughout the enterprise. In the immediate future, I will be uninstalling AIM and installing GAIM. While I work out the kinks listed above, I can get the users more comfortable with the GAIM client.

Stay tuned to the coming months when I hopefully strike back at jabber and take a stab at a C friendly Business Impact Analysis.  

Helpful links:

http://www.erlang.org/

http://ejabberd.jabber.ru/

Category: RichM

Comments are closed.