Difference between revisions of "MOSS/Setup"

From OpenUru
Jump to: navigation, search
(Create Accounts)
(More Hints)
Line 241: Line 241:
 
Where '11223344' is a SHA-1 password hash.
 
Where '11223344' is a SHA-1 password hash.
  
== More Hints ==
+
== See Also ==
  
 
Please see the following for more information of interest to running a server.
 
Please see the following for more information of interest to running a server.
 
 
* [[MOSS-Notes]]
 
* [[MOSS-Notes]]
 
* [http://foundry.openuru.org/fisheye/browse/MOSS/doc/running doc/running]
 
* [http://foundry.openuru.org/fisheye/browse/MOSS/doc/running doc/running]
  
 
[[Category:MOSS]]
 
[[Category:MOSS]]

Revision as of 05:27, 15 February 2012

MOSS currently only runs on UNIX and other *nix operating systems (such as GNU/Linux). Not Microsoft Windows. It ought to work on Mac OS/X (even PowerPC) but nobody has tried yet. The following document will assist in the setup of MOSS on any of the compatible afore-mentioned operating systems. For instructions pertaining to a particular OS or Linux distribution, take a look at MOSS-Distribution Specific Instructions.

Please also see the main setup instructions for an alternative set of installation instructions.

Compile

Prerequisites

Before you start, assuming you already have a compatible OS, you need to ensure you have the following:

  • pthreads (almost certainly installed already)
  • libiconv (almost certainly installed already)
  • OpenSSL (also almost certainly installed) -- you need both the libraries and the development headers if that's separate (I'm looking at you, Debian)
  • Zlib (also probably installed) -- both the library and the development stuff if separate
  • PostgreSQL -- both the sever and client, plus any development packages
  • libpqxx -- both the library and the development package
  • gcc, g++, whatever all you need for compiling C++

If you are compiling from a clone of a Mercurial respository and there is no "configure" script, you will also need the autotools:

  • autoconf
  • automake
  • libtool

If you are reading this, please go over to MOSS-Distribution Specific Instructions and fill in how to install all these programs on YOUR distribution/OS. Thank you!

configure

If you don't have a "configure" file, it must be generated. Run the "./bootstrap.sh" script to create it.

Run "./configure". The configure script takes many options. For a full listing run "./configure --help". The default options are set up in such a way as to make your server match the way Cyan's server works. Here are the options you are probably interested in:

--prefix
Specifies where "make install" places the files. If you are using a non-typical location you may need to add prefix/lib to your LDFLAGS or something.
--enable-fast-download
During auth file downloads, Cyan's server waits for the client to acknowledge every 32k of data sent. I believe this was to fix the "zero seconds remaining" bug. MOSS does not have that bug. Use --enable-fast-download to configure the server to send data as fast as it can, thereby using all the bandwidth available.
--disable-single-login
If you use this, multiple different avatars on the same account can be logged in at once. Logging into the same avatar will boot the other. Without disabling "single login", logging into the same account will boot whatever avatar is logged in from that account.

Other options:

--enable-require-secure-download
Boot users who don't download python.pak.
--enable-encryption=type
The default is "cyan_dh". MOSS allows you to disable encryption, or (legacy) use RSA.
--enable-fork
The primary use for this is if you need to debug auth or file servers. It is much easier to debug single-threaded programs.
--enable-debug
Anyone developing MOSS or willing to run some extra bug-hunting code should use this. If the bug-hunting code finds a bad thing it will make the server dump core so you can debug it.
--enable-old-protocol
This makes MOSS use older protocol versions. You probably don't need this.

If you have any trouble with configure finding the locations of various libraries, you can use these:

--with-postgres=PREFIX
--with-libpqxx=PREFIX
--with-openssl=PREFIX
--with-zlib=PREFIX
--with-iconv=PREFIX

Compile

Run "make". Assuming that succeeds, you probably should use "make install".

Now cd into the "postgresql" directory. Here you need to compile a custom PostgreSQL module that creates UUIDs. Follow the instructions in the README file there, but for most people this should just be running "make", followed by "make install".

Install the PostgreSQL module in your PostgreSQL install, if it's not there already by now. Do this by copying the moss_uuidgen.so file you just compiled. You'll need to log in as root to do this ("sudo cp moss_uuidgen.so /path/to/postgres/modules" on most systems). Please check MOSS-Distribution_Specific_Instructions and fill in where to copy it for your system. Consult PostgreSQL documentation if you're not sure. After the library is installed, restart the DB server.

Set Up the Database

The easiest way to set up the database is to create a "moss" user to be associated with the MOSS database. If you want to use a different username, you will have to edit the "postgresql/moss.sql" file to match. The moss user needs to be able to modify tables in the MOSS DB.

Most distributions create some user that has root access to the DB when connecting from the local machine. In this example this user is "pgsql" but yours may be different. Please check MOSS-Distribution_Specific_Instructions for hints or to fill in the user for your distribution.

Start by creating the database. The default database name is "moss"; if you use any other you'll have to set it in the MOSS configuration file. Make sure to use the "UTF8" encoding. Then create the "moss" user in the new database. Then load "postgresql/moss.sql" into the new database.

I did the following:

su pgsql -c "psql postgres"
create database moss with encoding='UTF8';
\c moss
create role moss with login;
\q
su pgsql -c "psql moss -f moss.sql"

After this, you can connect to the database as the "moss" user:

psql -U moss

If all that works, you are done setting up the database!

Set Up Files

There are quite a few files that the server needs to use. All these files are located by default in locations relative to where you will *start* the server. The location of all the files can be configured in the configuration files; you may find it easiest to specify absolute paths (starting with "/") there.

File Server Data

You need to start with your current Uru install (MOULagain, presumably). This procedure assumes you can run a Windows application to create the file server manifest MOSS needs. This seems a reasonable assumption when the client itself is a Windows app. So temporarily leave your *nix server alone and switch to a Windows installation with Uru installed.

Copy "support/ManifestCreator.exe" and "support/Mainfests.zip" to your Windows box. Unzip Manifests.zip. This will make a "CyanStructure" folder. The .txt files in this folder are input. They describe the files which need to be in the final manifests. It is important to use \ as the directory separator.

Start up ManifestCreator. To generate a manifest, click "Make Manifest"; it will bring up a dialog box. Navigate to the CyanStructure folder, and select all the .txt files in there. Then click OK and when it pops up with another dialog asking for the location of your Uru install, navigate to that directory, click OK and wait for a bit.

When it is done stop and consider which files you need the file server to actually give to clients. If you are making this shard for yourself it could be basically nothing, or everything. Note that we do not have a license to redistribute Cyan's data files. So it is recommended not to copy any files you should not distribute to your file server.

Back on the machine which will run MOSS, create a file server directory. The default is "./file" (relative to where you will start up your MOSS server). I recommend you make it "prefix/file", where prefix is the installed location of your MOSS server. Copy all the ".mbm" files created in the "CyanStructure" folder on your Windows box to this directory. If you are serving up a CWE client (built from open source) you will want to copy the gzipped executable and libraries. They are located in "CyanStructure\Client\External" and need to be in "file dir/Client/External" on your server to match. Anything you can distribute and that clients will need to download, like a new Age, should also be copied. Make sure to match the directory structures when copying them over.

For Mac clients: Mac clients request the "macExternal" manifest instead of "External". There are added files in the Mac manifest, but if you don't have them to generate a proper manifest from, just copy or symlink "External.mbm" to "macExternal.mbm". If you do have the files, you can generate the proper manifest using ManifestCreator and the "support/macExternal.txt" file.

Auth Server Data

A script automating all the following steps in this section (except for any user-created ages) is in the works.

Like for the file server data, the default auth directory is "./auth" (relative to where you start it up). I recommend using "prefix/auth".

This directory is required to have another subdirectory named "default". You must keep a copy here of the encrypted Python and SDL files for clients to download. The easiest way to get a set of these files is from the Cyan-provided AuthFiles.zip. Download this file, and unzip it. Copy the entire contents of the resulting AuthFiles/893 directory to "auth dir/default/". The resulting directory structure will be:

auth
  default
    Python
      python.pak
    SDL
      various .sdl files
    encryption.key

Now you have to make manifest files here as well. Make a Python.txt file which contains one line: "Python\python.pak". Make an SDL.txt file which contains one line per file in the SDL directory, as in:

SDL\BaronCityOffice.sdl
SDL\Kveer.sdl
...

I just toss these manifest files in the "auth dir/default" directory but you don't have to. The server does not look at them.

If you have user-created ages with SDL files, be sure to add them to the SDL directory here. Encrypt them with the encryption.key (a tool to do this does exist in the CWE source). Similarly, if you want to add Python, you can rebuild the "python.pak" file, but if you are adding a new age, you may find it easier to add a new ".pak" file. If you do that, encrypt it and then add a new line to the Python.txt file for your new ".pak". The client will download them all.

Once you have listed each SDL and Python file, you can use the Perl script "support/make-mbam.pl" to create the ".mbam" files. If you don't have Perl, ManifestCreator.exe will also create the files: simply select "Auth Server" in the "Manifest type" dropdown. If you use ManifestCreator, make sure it has the Python and SDL directories and their contents. Make sure to copy the resulting two ".mbam" files to your "auth-dir/default" directory.

Game Server Data

A script automating all the following steps in this section (except for any user-created ages) is in the works.

Just like for the file and auth server data, the default game directory is "./game" (relative to where you start it up). I recommend using "prefix/game".

The game servers need unencrypted .sdl and .age files. The easiest way to get a set of these files is from the Cyan-provided Scripts.zip. Download this file and unzip it. Copy/move the Scripts/SDL directory to "game-dir". Then create "game-dir/age" and copy "Scripts/dat/*.age" to it (MOSS does not use the .fni files).

Do not forget to copy any user-created ages' SDL and ".age" files here. This copy needs to be unencrypted.

Now there is one more step. The SDL files the game server uses need to be moved around, some into subdirectories, and some renamed because UNIX treats file names case-sensitively. Please read the details in the "doc/setup" file (linked at the top of this page).

You should have three subdirectories when you're done. User-created ages may need subdirectories too, if they have multiple .sdl files. If you find this way too complex, just move all the .sdl files into the common subdirectory. You lose some small optimizations this way and you will need to restart the server if any SDL files change.

At the end the directory structure should be:

game
  age
    various .age files
  SDL
    common
      some .sdl files
    Garrison
      a couple of .sdl files
    Teledahn
      other .sdl files
    more .sdl files

Key Files

The modified Diffie-Hellman algorithm used in the client and MOSS by default requires the server to have private keys. Do not share them with anyone. They should not be world-readable.

You can generate keys using the "make_cyan_dh" program which will be installed in "prefix/bin". Or, there might be a program to generate keys in the CWE source, but the chance of it outputting the private keys in the format MOSS wants is basically zero. Generate a key for each of auth, game, and gatekeeper. Run "make_cyan_dh -h" to see what generators to use if you want to match those MOULagain is using. If you're building your own client you can use whatever generator you want.

Note: I see no reason not to use OpenSSL default generators such as 2, 3, or 5. In fact, unless you are a cryptographer, I do not recommend departing from these. If you are a cryptographer, you probably did not need to hear that from me!

The -s and -c/-C options direct the program to write the data for the server and client to files, respectively, e.g.:

make_cyan_dh -g 2 -s auth_key.der -C pnNbAuthKey.hpp

or

make_cyan_dh -g 2 -s auth_key.der -c auth_key.bin

If you're compiling a CWE client, you can use the -C option to output a C++ file that should be a drop-in replacement for the current key files (under CWE/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/NucleusLib/pnNetBase). Make sure you have at least revision 2 of the MOSS source to use -C (you may need to do a clean and a rebuild if you have previously compiled CWE with a different key; the dependencies in the projects are not set up perfectly). If you're not compiling a client, you probably want the -c option, and it's up to you what to do with the .bin file.

Take the .der file (contains the PRIVATE key) and move it to prefix. I suggest using prefix/etc/auth_key.der. Make it readable only by the user which will be running the server:

chmod 400 prefix/etc/auth_key.der
chown mossuser prefix/etc/auth_key.der

Repeat this process for the game and gatekeeper keys: "prefix/etc/game_key.der" and "prefix/etc/gatekeeper_key.der".

Configuration Files

Now that you have all the other files set up, it's time to configure MOSS itself. There is a configuration file for each server process. The default location for "moss_backend" is "./etc/moss_backend.cfg" and the default location for moss is "./etc/moss.cfg". I recommend copying "main.cfg" to "prefix/etc/moss.cfg" and "backend.cfg" to "prefix/etc/moss_backend.cfg".

Now open each up in your text editor. The files contain instructions on how to set the various options.

I recommend you set the following in moss.cfg to the absolute paths corresponding to where you installed these files in earlier steps: auth_download_dir, auth_key_file, file_download_dir, game_data_dir, game_key_file, gatekeeper_key_file. In addition I recommend you set log_dir to somewhere you want log files to go. Remember the log directory has to be writable by the user that will run the server. You may also need to set pid_file to a location writable by that user. If you want the ".pid" file to be created. Read through all the options to make sure your setup is as you want. The only mandatory configuration directive is external_address.

For moss_backend.cfg look especially into log_dir and pid_file. In addition, depending on how your DB is set up you likely need to specify db_user, db_password and maybe other DB parameters.

Security Considerations

Please read about them at the end of doc/setup. Short version:

  • Never run MOSS as root.
  • "moss_backend.cfg" contains your DB user's password; do not make it world-readable (or even group-readable).
  • Private key files (files finishing in ".der") should never be made public.
  • No encryption is currently available for all the backend connections.
  • Should you decide to install the front-end server and the back-end server on separate machine, make sure the connection between the two is secured. Same goes for database server.

Before You Open Your Server

If you plan to let anyone other than you connect to your server, you have certain obligations under the licenses of the software/data you will be distributing from the file and auth servers.

  • Cyan content: the MOULagain EULA still does not provide for you to modify and redistribute the files. So do not put original or modified Cyan files on your file server. You can still have them listed in the ".mbm" (manifest) files. If someone has an incomplete install they will be forced to get the files from Cyan's file server. That is as yet still the only place from which you're supposed to get those files.
  • Python code: you are supplying GPL'd Python code. You must provide a way to acquire that code. If you are using unmodified Python you can link to the original source. If you modify it for any reason, you must make your changes available and tell your users where to get it.
  • CWE clients: if you are providing client executables from a CWE build:
    • GPL license: you probably need to add the GPL license file to the client install. The license is supposed to be conveyed with the executable, and the only sure way to do that is to install it from the file server same as the executable. This means you'll have to add it to "ThinExternal.txt" and "External.txt" and generate the new .mbm files, copying the .mbm files and LICENSE.txt.gz over to the appropriate locations. You probably should also arrange for the license to be available along with UruLauncher.
    • Client source: you must provide a way to acquire the source for your client. The means is supposed to be "equivalent" to the way the executable is acquired. Links are probably sufficient. If you use an unmodified version you should be able to link to the repository (make sure you point to the actual changeset you used). If you modify files for your shard's public keys, status hostname, and/or gatekeeper/auth addresses, you have to additionally provide that source. Note: these are public keys, so don't worry, you're not giving anything away.
    • Library credits: Unless someone changes the jpeg library again, you need to credit IJG for jpeglib: "This software is based in part on the work of the Independent JPEG Group." Similarly, if the client uses OpenSSL, credit should be given: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric A. Young (eay@cryptsoft.com). This product includes software written by Tim J. Hudson (tjh@cryptsoft.com)." The easiest may be to add another file doing so to the install. Or, if you are modifying Python for some reason, you could add it to the in-game credits along with all the other licenses (files: xUruCreditsJournalEnglish.py, xUruCreditsJournalFrench.py, xUruCreditsJournalGerman.py, xUruCreditsJournalItalian.py, xUruCreditsJournalSpanish.py). The links or whatever means you use to provide access to the source of the binaries and Python don't have to go into the client install, but they must be somewhere reasonable for your users to find, "equivalent" to installing the software for your shard. I would put links to a copy of the files on your shard's home page or something.

See also the CWE FAQ.

Please do not consider this advice the final or complete word on the matter. All the licenses of all the data you use expect you to follow them. So you have to do your due diligence. If you find something obviously missing from this section, please add it!

Start It Up

Hopefully someone will contribute a nice startup script.

Now you should be set to run your server. For now, cd to the directory you planned from the start to start the server from (that's prefix in the earlier recommendations). Make sure you are su'd to the user you want to run as. NOT root! Start "moss_backend" first, then "moss". E.g., if you have put the config files in prefix/etc, you can just do:

bin/moss_backend
bin/moss

You can instead specify the location of the config file with the -c option. If you've used absolute paths in the config files, you can thus easily run the server from any directory.

After Initial Startup

To set up AllAgeGlobalSDLNodes, use global_sdl_manager (we have no VaultManager to do it). This program is installed in "prefix/bin". To aid setup, the support/set_to_moul.txt file can be used to set the global SDL state to a reasonable default (with no sparks) by running something like:

global_sdl_manager game/SDL < set_to_moul.txt

If you want sparks, you can turn them on yourself using this program.

Note: the program will NOT work unless the MOSS server has already been started at least once. You might also need to provide your database details to the program; just type "global_sdl_manager" to get a list of all the appropriate options.

Create Accounts

Hopefully someone will contribute a script to add users. A CGI script to automatically add users would be neat too.

Don't forget to create accounts for your users, or it will be difficult to log in... Please just refer directly to doc/user-management.

Really short version:

INSERT INTO accounts (name, hash, id, class, visitor)
VALUES ('foo@example.com', '11223344...', uuid(), 'default', false);

Where '11223344' is a SHA-1 password hash.

See Also

Please see the following for more information of interest to running a server.