[Opensim-users] How to move the gatekeeper service to it's own port?
Jeroen van Veen
j.veenvan at gmail.com
Thu Dec 16 21:26:36 UTC 2010
Hi Diva,
Thanks for the explanation. I'll study it tomorrow. I kinda got it working now
with the following configuration and a simple iptables script like:
[Startup]
8004/OpenSim.Server.Handlers.dll:GatekeeperServiceInConnector
[GridInfoService]
HomeURI = "http://my-grid.org:8004"
GatekeeperURI = "my-grid.org:8004"
[GatekeeperService]
ExternalName = "http://my-grid.org:8004"
hg_wall.sh
[[File:Firewall_menu.jpeg|thumb|right|300px|U kunt het toegangsbeheer via het
script-menu instellen...]]
#!/bin/bash
#
DEELNEMERS=( 1.2.3.4 5.6.7.8 9.10.11.12.13 )
DIALOG=dialog
VERSION=0.6
function mainmenu {
unset m; i=0
options=("1. Niemand" "2. deelnemers" "3. Iedereen")
for o in "${options[@]}"; do
m[i++]=$o; m[i++]=""
done
mainmenu=$($DIALOG --title "Main menu" --backtitle "$backtitle" --keep-window
--ok-label "Select" --cancel-label "Quit" \
--aspect 70 --menu "Sta hypergrid teleports toe van..." 0 0 0 "${m[@]}" 2>&1
>/dev/tty)
case $mainmenu in
"")
clear
exit 0
;;
${options[0]})
clean
allow_none
dialog --infobox "Gatekeeper service is nu afgesloten voor externe
toegang..." 4 45 ; sleep 1
;;
${options[1]})
clean
allow_deelnemers
dialog --infobox "deelnemers hebben nu toegang tot de gatekeeper
service..." 4 45 ; sleep 1
;;
${options[2]})
clean
dialog --infobox "De gatekeeper service is nu zonder restricties
toegankelijk..." 4 45 ; sleep 1
;;
esac
}
function allow_deelnemers
{
for deelnemer in ${DEELNEMERS[@]}
do
iptables -A INPUT -p tcp -s $deelnemer --dport 8004 -j ACCEPT
done
iptables -A INPUT -p tcp --dport 8004 -j DROP
}
function allow_none
{
iptables -A INPUT -p tcp --dport 8004 -j DROP
}
function clean
{
iptables -X
iptables -F
}
# No parameters were given. Use menu-driven options
while [ "$#" -eq "0" ]
do
backtitle=$"Hypergrid-blocker versie $VERSION"
mainmenu
done
kind regards,
Jeroen
On Thursday, December 16, 2010 08:10:22 pm Diva Canto wrote:
> In my dreams, I get to have one week to document this whole
> configuration mechanism... In reality, I don't have that time, so let me
> briefly explain the main idea.
>
> We have split the resources that OpenSim uses into a bunch of little
> services that, in turn, access the persistent storage backend. Because
> people have all kinds of scalability requirements for their virtual
> worlds, these little services can either run in the same process as the
> simulator itself (the smallest possible configuration, aka standalone)
> or they can run in other processes on the same machine or even on other
> machines. They're all splittable and "aggregable" with configuration
> switches.
>
> Some services "talk" to others. For example, the Login service doesn't
> even have any storage associated with it, it's simply an aggregation of
> other services; the UserAccount service needs to access Auth, Presence,
> Grid and Inventory in order to create new accounts; the Gatekeeper and
> the UserAgents talk to each other; etc.
>
> So in the configuration sections we need to specify how a given service
> accesses the other services. If they are in the same process, we simply
> instantiate the service objects directly, so things in
> OpenSim.Services.<some service>.dll; if, however, the services a
> specific service needs run on a separate process/machine, then we need
> to specify a network connector for them, so stuff in
> OpenSim.Connectors.dll, and then we need to provide an ServerURI that
> each of those connectors will use to find the right process.
>
> I know this is not the ultimate reference guide, but I hope this helps
> shed some light for the possibilities...
>
> On 12/16/2010 11:38 AM, Diva Canto wrote:
> > Sorry, and also the other way around. Gatekeeper and UserAgents talk
> > to each other at various points.
> > Unfortunately, I'm looking at the code and I see that I haven't
> > completed the init code of the Gatekeeper connector for this to work...
> > Please file a mantis so that I don't forget to finish it.
> >
> > What you can do right now is to pull out both the Gatekeeper and the
> > UserAgents to another process running on port 8004. In this case, you
> > need to change the LoginService config, since the Login service talks
> > to the UserAgents service:
> >
> > [LoginService]
> >
> > UserAgentService =
> >
> > "OpenSim.Services.Connectors.dll:UserAgentServiceConnector"
> >
> > You need to change all the ServiceURLs to use 8004, and make sure you
> > don't have the old URLs of port 8002 in the useraccounts table.
> > And then,
> >
> > [UserAgentService]
> >
> > ...
> > UserAgentServerURI = "http://mygrid.org:8004/"
> >
> > On 12/16/2010 11:24 AM, Diva Canto wrote:
> >> Separating the UserAgents service from the Gatekeeper service
> >> requires an additional change in one of the connectors of the
> >> Gatekeeper:
> >>
> >> It is:
> >> [GatekeeperService]
> >>
> >> ...
> >> UserAgentService =
> >>
> >> "OpenSim.Services.HypergridService.dll:UserAgentService"
> >>
> >> It should use the connector instead:
> >>
> >> [GatekeeperService]
> >>
> >> ...
> >>
> >> UserAgentService =
> >>
> >> "OpenSim.Services.Connectors.dll:UserAgentServiceConnector"
> >>
> >> Which in turn requires you to provide a URI for it, so that the
> >> Gatekeeper can properly talk to the UserAgents service on the other
> >> process:
> >>
> >> [UserAgentService]
> >>
> >> ...
> >> UserAgentServerURI = "http://mygrid.org:8002/"
> >>
> >> (Make sure to add the '/ at the end... buglet)
> >>
> >> I haven't tried this particular combination, but it ought to work.
> >>
> >> On 12/16/2010 10:11 AM, Jeroen van Veen wrote:
> >>> Thank you for your reply. I don't necessarily need to run it in it's
> >>> own
> >>> robust shell. Say i want to run the gatekeeper service on port 8004
> >>> within the
> >>> same robust instace. What i have tried is changing in Robust.HG.ini:
> >>> 8002/OpenSim.Server.Handlers.dll:GatekeeperServiceInConnector to
> >>> 8004/OpenSim.Server.Handlers.dll:GatekeeperServiceInConnector
> >>>
> >>> [LoginService]
> >>> GatekeeperURI = "http://mygrid.org:8004"
> >>>
> >>> [GatekeeperService]
> >>> ExternalName = "http://mygrid.org::8004"
> >>>
> >>> == Result ==
> >>> robust console => request to link to region_foo (nothing more)
> >>> client => Could not teleport. Problem at destionation
> >>>
> >>> Maybe i must run it in its own instance for some reason?
> >>>
> >>> On Thursday, December 16, 2010 04:38:08 pm Dave Coyle wrote:
> >>>> On 12/16/10 12:27 PM, Jeroen van Veen wrote:
> >>>>> I was wondering whether it's possible to seperate the gatekeeper
> >>>>> service
> >>>>> from the default port 8002 so it runs on it's own on say...port 8004.
> >>>>> The reason i want to do this, is that i'm hoping to restrict
> >>>>> hypergrid
> >>>>> access with iptables.
> >>>>
> >>>> Yes. Robust.HG.ini.example shows how to have different services
> >>>> listening on different ports (8002 vs. 8003 in the example).
> >>>>
> >>>> If you want to run only HG-related services in their own Robust
> >>>> instance, make sure you've also included the UserAgentService
> >>>> alongside
> >>>> GatekeeperService.
> >>>>
> >>>> -coyled
> >>>> _______________________________________________
> >>>> Opensim-users mailing list
> >>>> Opensim-users at lists.berlios.de
> >>>> https://lists.berlios.de/mailman/listinfo/opensim-users
> >>>
> >>> _______________________________________________
> >>> Opensim-users mailing list
> >>> Opensim-users at lists.berlios.de
> >>> https://lists.berlios.de/mailman/listinfo/opensim-users
> >>
> >> _______________________________________________
> >> Opensim-users mailing list
> >> Opensim-users at lists.berlios.de
> >> https://lists.berlios.de/mailman/listinfo/opensim-users
> >
> > _______________________________________________
> > Opensim-users mailing list
> > Opensim-users at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-users
>
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users
More information about the Opensim-users
mailing list