Hi Diva, Thanks for the explanation. I'll study it tomorrow. I kinda got it working now with the following configuration and a simple iptables script like:
[Startup] 8004/OpenSim.Server.Handlers.dll:GatekeeperServiceInConnector [GridInfoService] HomeURI = "http://my-grid.org:8004"; GatekeeperURI = "my-grid.org:8004" [GatekeeperService] ExternalName = "http://my-grid.org:8004"; hg_wall.sh [[File:Firewall_menu.jpeg|thumb|right|300px|U kunt het toegangsbeheer via het script-menu instellen...]] #!/bin/bash # DEELNEMERS=( 1.2.3.4 5.6.7.8 9.10.11.12.13 ) DIALOG=dialog VERSION=0.6 function mainmenu { unset m; i=0 options=("1. Niemand" "2. deelnemers" "3. Iedereen") for o in "${optio...@]}"; do m[i++]=$o; m[i++]="" done mainmenu=$($DIALOG --title "Main menu" --backtitle "$backtitle" --keep-window --ok-label "Select" --cancel-label "Quit" \ --aspect 70 --menu "Sta hypergrid teleports toe van..." 0 0 0 "$...@]}" 2>&1 >/dev/tty) case $mainmenu in "") clear exit 0 ;; ${options[0]}) clean allow_none dialog --infobox "Gatekeeper service is nu afgesloten voor externe toegang..." 4 45 ; sleep 1 ;; ${options[1]}) clean allow_deelnemers dialog --infobox "deelnemers hebben nu toegang tot de gatekeeper service..." 4 45 ; sleep 1 ;; ${options[2]}) clean dialog --infobox "De gatekeeper service is nu zonder restricties toegankelijk..." 4 45 ; sleep 1 ;; esac } function allow_deelnemers { for deelnemer in ${deelneme...@]} do iptables -A INPUT -p tcp -s $deelnemer --dport 8004 -j ACCEPT done iptables -A INPUT -p tcp --dport 8004 -j DROP } function allow_none { iptables -A INPUT -p tcp --dport 8004 -j DROP } function clean { iptables -X iptables -F } # No parameters were given. Use menu-driven options while [ "$#" -eq "0" ] do backtitle=$"Hypergrid-blocker versie $VERSION" mainmenu done kind regards, Jeroen On Thursday, December 16, 2010 08:10:22 pm Diva Canto wrote: > In my dreams, I get to have one week to document this whole > configuration mechanism... In reality, I don't have that time, so let me > briefly explain the main idea. > > We have split the resources that OpenSim uses into a bunch of little > services that, in turn, access the persistent storage backend. Because > people have all kinds of scalability requirements for their virtual > worlds, these little services can either run in the same process as the > simulator itself (the smallest possible configuration, aka standalone) > or they can run in other processes on the same machine or even on other > machines. They're all splittable and "aggregable" with configuration > switches. > > Some services "talk" to others. For example, the Login service doesn't > even have any storage associated with it, it's simply an aggregation of > other services; the UserAccount service needs to access Auth, Presence, > Grid and Inventory in order to create new accounts; the Gatekeeper and > the UserAgents talk to each other; etc. > > So in the configuration sections we need to specify how a given service > accesses the other services. If they are in the same process, we simply > instantiate the service objects directly, so things in > OpenSim.Services.<some service>.dll; if, however, the services a > specific service needs run on a separate process/machine, then we need > to specify a network connector for them, so stuff in > OpenSim.Connectors.dll, and then we need to provide an ServerURI that > each of those connectors will use to find the right process. > > I know this is not the ultimate reference guide, but I hope this helps > shed some light for the possibilities... > > On 12/16/2010 11:38 AM, Diva Canto wrote: > > Sorry, and also the other way around. Gatekeeper and UserAgents talk > > to each other at various points. > > Unfortunately, I'm looking at the code and I see that I haven't > > completed the init code of the Gatekeeper connector for this to work... > > Please file a mantis so that I don't forget to finish it. > > > > What you can do right now is to pull out both the Gatekeeper and the > > UserAgents to another process running on port 8004. In this case, you > > need to change the LoginService config, since the Login service talks > > to the UserAgents service: > > > > [LoginService] > > > > UserAgentService = > > > > "OpenSim.Services.Connectors.dll:UserAgentServiceConnector" > > > > You need to change all the ServiceURLs to use 8004, and make sure you > > don't have the old URLs of port 8002 in the useraccounts table. > > And then, > > > > [UserAgentService] > > > > ... > > UserAgentServerURI = "http://mygrid.org:8004/"; > > > > On 12/16/2010 11:24 AM, Diva Canto wrote: > >> Separating the UserAgents service from the Gatekeeper service > >> requires an additional change in one of the connectors of the > >> Gatekeeper: > >> > >> It is: > >> [GatekeeperService] > >> > >> ... > >> UserAgentService = > >> > >> "OpenSim.Services.HypergridService.dll:UserAgentService" > >> > >> It should use the connector instead: > >> > >> [GatekeeperService] > >> > >> ... > >> > >> UserAgentService = > >> > >> "OpenSim.Services.Connectors.dll:UserAgentServiceConnector" > >> > >> Which in turn requires you to provide a URI for it, so that the > >> Gatekeeper can properly talk to the UserAgents service on the other > >> process: > >> > >> [UserAgentService] > >> > >> ... > >> UserAgentServerURI = "http://mygrid.org:8002/"; > >> > >> (Make sure to add the '/ at the end... buglet) > >> > >> I haven't tried this particular combination, but it ought to work. > >> > >> On 12/16/2010 10:11 AM, Jeroen van Veen wrote: > >>> Thank you for your reply. I don't necessarily need to run it in it's > >>> own > >>> robust shell. Say i want to run the gatekeeper service on port 8004 > >>> within the > >>> same robust instace. What i have tried is changing in Robust.HG.ini: > >>> 8002/OpenSim.Server.Handlers.dll:GatekeeperServiceInConnector to > >>> 8004/OpenSim.Server.Handlers.dll:GatekeeperServiceInConnector > >>> > >>> [LoginService] > >>> GatekeeperURI = "http://mygrid.org:8004"; > >>> > >>> [GatekeeperService] > >>> ExternalName = "http://mygrid.org::8004"; > >>> > >>> == Result == > >>> robust console => request to link to region_foo (nothing more) > >>> client => Could not teleport. Problem at destionation > >>> > >>> Maybe i must run it in its own instance for some reason? > >>> > >>> On Thursday, December 16, 2010 04:38:08 pm Dave Coyle wrote: > >>>> On 12/16/10 12:27 PM, Jeroen van Veen wrote: > >>>>> I was wondering whether it's possible to seperate the gatekeeper > >>>>> service > >>>>> from the default port 8002 so it runs on it's own on say...port 8004. > >>>>> The reason i want to do this, is that i'm hoping to restrict > >>>>> hypergrid > >>>>> access with iptables. > >>>> > >>>> Yes. Robust.HG.ini.example shows how to have different services > >>>> listening on different ports (8002 vs. 8003 in the example). > >>>> > >>>> If you want to run only HG-related services in their own Robust > >>>> instance, make sure you've also included the UserAgentService > >>>> alongside > >>>> GatekeeperService. > >>>> > >>>> -coyled > >>>> _______________________________________________ > >>>> Opensim-users mailing list > >>>> [email protected] > >>>> https://lists.berlios.de/mailman/listinfo/opensim-users > >>> > >>> _______________________________________________ > >>> Opensim-users mailing list > >>> [email protected] > >>> https://lists.berlios.de/mailman/listinfo/opensim-users > >> > >> _______________________________________________ > >> Opensim-users mailing list > >> [email protected] > >> https://lists.berlios.de/mailman/listinfo/opensim-users > > > > _______________________________________________ > > Opensim-users mailing list > > [email protected] > > https://lists.berlios.de/mailman/listinfo/opensim-users > > _______________________________________________ > Opensim-users mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-users _______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
