In Memoriam: Tai'lahr
OpenUru.org, along with the rest of the Mystonline community, is mourning the loss of Tai'lahr on October 16th, 2019.
Rest in Peace, friend.
Difference between revisions of "MOSS/Setup"
(JW: Fixed Scripts.zip link to Scripts902.zip.) |
|||
(34 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | MOSS currently only runs on | + | '''[[MOSS]]''' currently only runs on UNIX and other *nix operating systems (such as GNU/Linux). Not Microsoft Windows. It ought to work on Mac OS/X (even PowerPC) but nobody has tried yet. The following document assists in the setup of MOSS on any of the compatible afore-mentioned operating systems. For instructions pertaining to a particular OS or Linux distribution, take a look at [[MOSS/Distribution Specific Instructions]]. |
− | (even PowerPC) but nobody has tried yet. | ||
− | |||
− | |||
− | [ | ||
+ | Please also see the [http://foundry.openuru.org/fisheye/browse/MOSS/doc/setup main setup instructions] for an alternative set of installation instructions. | ||
== Compile == | == Compile == | ||
Line 10: | Line 7: | ||
=== Prerequisites === | === Prerequisites === | ||
− | Before you start, you need to ensure you have the following: | + | Before you start, assuming you already have a compatible OS, you need to ensure you have the following: |
* pthreads (almost certainly installed already) | * pthreads (almost certainly installed already) | ||
* libiconv (almost certainly installed already) | * libiconv (almost certainly installed already) | ||
* OpenSSL (also almost certainly installed) -- you need both the libraries and the development headers if that's separate (I'm looking at you, Debian) | * OpenSSL (also almost certainly installed) -- you need both the libraries and the development headers if that's separate (I'm looking at you, Debian) | ||
+ | ** ''Versions found to work:'' 1.0.1 – ''Versions found not to work:'' 0.9.7 | ||
* Zlib (also probably installed) -- both the library and the development stuff if separate | * Zlib (also probably installed) -- both the library and the development stuff if separate | ||
* PostgreSQL -- both the sever and client, plus any development packages | * PostgreSQL -- both the sever and client, plus any development packages | ||
* libpqxx -- both the library and the development package | * libpqxx -- both the library and the development package | ||
+ | ** ''Versions found to work:'' 3.1 – ''Versions found not to work:'' 4.0 | ||
* gcc, g++, whatever all you need for compiling C++ | * gcc, g++, whatever all you need for compiling C++ | ||
− | If you are compiling from a clone of | + | If you are compiling from a clone of a Mercurial respository and there is no "configure" script, you also need the autotools: |
− | "configure" script, you also need the autotools: | ||
* autoconf | * autoconf | ||
+ | ** ''Versions found to work:'' 2.68 – ''Versions found not to work:'' 2.59 | ||
* automake | * automake | ||
+ | ** ''Versions found to work:'' 1.11.3 – ''Versions found not to work:'' 1.6.3 | ||
* libtool | * libtool | ||
+ | ** ''Versions found to work:'' 2.4.2 – ''Versions found not to work:'' 1.5 | ||
− | '''If you are reading this, please go over to''' | + | '''If you are reading this, please go over to''' [[MOSS/Distribution Specific Instructions]] '''and fill in how to install all these programs on YOUR distribution/OS. Thank you!''' |
− | [[MOSS | ||
− | |||
=== configure === | === configure === | ||
− | If you don't have a "configure" file, it must be generated. Run the | + | ''If you don't have a "configure" file, it must be generated. Run the '''<code>./bootstrap.sh</code>''' script to create it.'' |
− | |||
− | Run | + | Run '''<code>./configure</code>'''. The configure script takes many options. For a full listing run <code>./configure --help</code>. The default options are set up in such a way as to make your server match the way Cyan's server works. Here are the options you are probably interested in: |
− | run | ||
− | way Cyan's works. Here are the options you are probably interested in: | ||
; --prefix | ; --prefix | ||
− | : | + | : Specifies where <code>make install</code> places the files. If you are using a non-typical location you may need to add <code>''prefix''/lib</code> to your LDFLAGS or something. |
− | ; | + | ; --enable-fast-download |
: During auth file downloads, Cyan's server waits for the client to acknowledge every 32k of data sent. I believe this was to fix the "zero seconds remaining" bug. MOSS does not have that bug. Use --enable-fast-download to configure the server to send data as fast as it can, thereby using all the bandwidth available. | : During auth file downloads, Cyan's server waits for the client to acknowledge every 32k of data sent. I believe this was to fix the "zero seconds remaining" bug. MOSS does not have that bug. Use --enable-fast-download to configure the server to send data as fast as it can, thereby using all the bandwidth available. | ||
; --disable-single-login | ; --disable-single-login | ||
Line 45: | Line 41: | ||
Other options: | Other options: | ||
; --enable-require-secure-download | ; --enable-require-secure-download | ||
− | : Boot users who don't download | + | : Boot users who don't download <code>python.pak</code>. |
; --enable-encryption=type | ; --enable-encryption=type | ||
− | : The default is "cyan_dh". MOSS allows you to disable encryption, or (legacy) use [[MOSS | + | : The default is "cyan_dh". MOSS allows you to disable encryption, or (legacy) use [[MOSS/Notes#RSA | RSA]]. |
; --enable-fork | ; --enable-fork | ||
: The primary use for this is if you need to debug auth or file servers. It is much easier to debug single-threaded programs. | : The primary use for this is if you need to debug auth or file servers. It is much easier to debug single-threaded programs. | ||
Line 54: | Line 50: | ||
; --enable-old-protocol | ; --enable-old-protocol | ||
: This makes MOSS use older protocol versions. You probably don't need this. | : This makes MOSS use older protocol versions. You probably don't need this. | ||
− | If you have any trouble with configure finding the locations of various | + | If you have any trouble with configure finding the locations of various libraries, you can use these: |
− | libraries, you can use these: | ||
; --with-postgres=PREFIX | ; --with-postgres=PREFIX | ||
; --with-libpqxx=PREFIX | ; --with-libpqxx=PREFIX | ||
Line 64: | Line 59: | ||
=== Compile === | === Compile === | ||
− | Run | + | Run '''<code>make</code>'''. Assuming that succeeds, you probably should use '''<code>make install</code>'''. |
− | Now cd into the postgresql directory. Here you need to compile a custom | + | Now cd into the <code>postgresql</code> directory. Here you need to compile a custom PostgreSQL module that creates UUIDs. Follow the instructions in the README file there, but for most people this should just be running '''<code>make</code>''', followed by '''<code>make install</code>'''. |
− | PostgreSQL module that creates UUIDs. Follow the instructions in the README | ||
− | file there, but for most people this should just be running | ||
− | Install the | + | Install the PostgreSQL module in your PostgreSQL install, if it's not there already by now. Do this by copying the moss_uuidgen.so file you just compiled. You'll need to log in as root to do this (<code>sudo cp moss_uuidgen.so /path/to/postgres/modules</code> on most systems). Please check [[MOSS/Distribution_Specific_Instructions]] and fill in where to copy it for your system. Consult PostgreSQL documentation if you're not sure. After the library is installed, restart the DB server. |
− | moss_uuidgen.so file you just compiled. You'll need to log in as root to do | ||
− | this ( | ||
− | systems). Please check [[MOSS | ||
− | where to copy it for your system | ||
− | documentation if you're not sure. After the library is installed, restart the | ||
− | DB server. | ||
== Set Up the Database == | == Set Up the Database == | ||
− | The easiest way to set up the database is to create a "moss" user to be | + | The easiest way to set up the database is to create a "moss" user to be associated with the MOSS database. If you want to use a different username, you have to edit the <code>postgresql/moss.sql</code> file to match. The moss user needs to be able to modify tables in the MOSS DB. |
− | associated with the MOSS database. | ||
− | MOSS DB | ||
− | |||
− | |||
− | |||
− | |||
− | Start by creating the database. The default database name is "moss"; if you use | + | Most distributions create some user that has root access to the DB when connecting from the local machine. In this example this user is "pgsql" but yours may be different. Please check [[MOSS-Distribution_Specific_Instructions]] for hints or to fill in the user for your distribution. |
− | any other you'll have to set it in the MOSS | + | |
− | [[#Configuration_Files | configuration file]]. Make sure to use the | + | Start by creating the database. The default database name is "moss"; if you use any other you'll have to set it in the MOSS [[#Configuration_Files | configuration file]]. Make sure to use the "UTF8" encoding. Then create the "moss" user in the new database. Then load <code>"postgresql/moss.sql</code> into the new database. |
− | encoding. Then create the user in the new database | ||
− | |||
− | postgresql/moss.sql into the new database. | ||
I did the following: | I did the following: | ||
Line 101: | Line 79: | ||
create role moss with login; | create role moss with login; | ||
\q | \q | ||
− | su pgsql -c "psql | + | su pgsql -c "psql moss -f moss.sql" |
After this, you can connect to the database as the "moss" user: | After this, you can connect to the database as the "moss" user: | ||
− | + | psql -U moss | |
If all that works, you are done setting up the database! | If all that works, you are done setting up the database! | ||
− | + | == Set Up Files == | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | There are quite a few files that the server needs to use. All these files are located by default in locations relative to where you will *start* the server. The location of all the files can be configured in the [[#Configuration_Files | configuration files]]; you may find it easiest to specify absolute paths (starting with <code>/</code>) there. | |
− | + | File hierarchy conventions used in this setup: | |
− | + | * No prefix: references the files found in your source download, | |
− | + | * <code>./</code>: references the directory from where you will start MOSS, | |
− | + | * <code>''prefix''</code>: references the directory where MOSS is being installed. | |
− | |||
=== File Server Data === | === File Server Data === | ||
− | You need to start with your current Uru install (MOULagain, presumably). This | + | You need to start with your current Uru install (MOULagain, presumably). This procedure assumes you can run a Windows application to create the file server manifest MOSS needs. This seems a reasonable assumption when the client itself is a Windows app. So temporarily leave your *nix server alone and switch to a Windows installation with Uru installed. |
− | procedure assumes you can run a Windows application to create the file server | ||
− | |||
− | is a Windows app. | ||
− | Copy support/ManifestCreator.exe and support/ | + | Copy <code>support/ManifestCreator.exe</code> and <code>support/Manifests.zip</code> to your Windows box. Unzip <code>Manifests.zip</code>. This makes a <code>CyanStructure</code> folder. The <code>.txt</code> files in this folder are input. They describe the files which need to be in the final manifests. It is important to use <code>\</code> as the directory separator. |
− | |||
− | files in this folder are input. They describe the files which need to be in the | ||
− | final manifests. | ||
− | Start up ManifestCreator. To generate a manifest, click "Make Manifest" | + | Start up <code>ManifestCreator.exe</code>. To generate a manifest, click "Make Manifest"; it brings up a dialog box. Navigate to the <code>CyanStructure</code> folder, and select all the <code>.txt</code> files in there. Then click OK and when it pops up with another dialog asking for the location of your Uru install, navigate to that directory, click OK and wait for a bit. |
− | brings up a dialog. Navigate to the CyanStructure folder, and select all the | ||
− | .txt files there. Then click OK and when it pops up | ||
− | location of your Uru install, navigate to that directory, click OK and wait for | ||
− | a bit. | ||
− | When it is done stop and consider which files you need the file server to | + | When it is done stop and consider which files you need the file server to actually give to clients. If you are making this shard for yourself it could be basically nothing, or everything. Note that we do not have a license to redistribute Cyan's data files. So '''it is recommended not to copy any files you should not distribute to your file server'''. |
− | actually give to clients. If you are making this shard for yourself it could be | ||
− | basically nothing, or everything. Note that we do not have a license to | ||
− | redistribute Cyan's data files. So it is recommended not to copy any files you | ||
− | should not distribute to your file server. | ||
− | Back on the machine which | + | Back on the machine on which you are installing MOSS, create a file server directory. The default is <code>./file</code> (relative to where you will start up your MOSS server). I recommend you make it <code>''prefix''/file</code>. Copy all the <code>.mbm</code> files created in the <code>CyanStructure</code> folder on your Windows box to this directory. If you are serving up a CWE client (built from open source) you want to copy the gzipped executable and libraries. They are located in <code>CyanStructure\Client\External</code> and need to be in <code>''file dir''/Client/External</code> on your server to match. Anything you can distribute and that clients will need to download, like a new Age, should also be copied. Make sure to match the directory structures when copying them over. |
− | default is | ||
− | it ''prefix''/file | ||
− | .mbm files created in the CyanStructure folder to this directory. If you are | ||
− | serving up a CWE client (built from open source) you | ||
− | gzipped executable and libraries. They are located in | ||
− | CyanStructure\Client\External and need to be in ''file dir''/Client/External on | ||
− | your server to match. Anything you can distribute and that clients will need to | ||
− | download, like a new | ||
− | directory structures when copying them over. | ||
− | + | ''For Mac clients:'' Mac clients request the <code>macExternal</code> manifest instead of <code>External</code>. There are added files in the Mac manifest, but if you don't have them to generate a proper manifest from, just copy or symlink <code>External.mbm</code> to <code>macExternal.mbm</code>. If you do have the files, you can generate the proper manifest using ManifestCreator and the <code>support/macExternal.txt</code> file. | |
− | |||
− | them to generate a proper manifest from, just copy or symlink External.mbm to | ||
− | macExternal.mbm. If you do have the files, you can generate the proper manifest | ||
− | using ManifestCreator | ||
=== Auth Server Data === | === Auth Server Data === | ||
− | + | ''A script automating all the following steps in this section (except for any user-created ages) is in the works.'' | |
− | |||
− | + | Like for the file server data, the default auth directory is <code>./auth</code> (relative to where you start it up). I recommend using <code>''prefix''/auth</code>. | |
− | This directory is required to have another subdirectory named | + | This directory is required to have another subdirectory named <code>default</code>. You must keep a copy here of the encrypted Python and SDL files for clients to download. The easiest way to get a set of these files is from the Cyan-provided <code>[http://assets.openuru.org/cyan/AuthFiles.zip AuthFiles.zip]</code>. Download this file, and unzip it. Copy the entire contents of the resulting <code>AuthFiles/893</code> directory to <code>''auth dir''/default/</code>. The resulting directory structure is: |
− | must keep a copy here of the encrypted Python and SDL files for clients to | ||
− | download. The easiest way to get a set of these files is from the Cyan-provided | ||
− | [http://assets.openuru.org/cyan/AuthFiles.zip AuthFiles.zip]. Download this | ||
− | file, and unzip it. Copy the entire contents of the resulting AuthFiles/893 | ||
− | directory to ''auth dir''/default/. The resulting directory structure is: | ||
auth | auth | ||
default | default | ||
Line 184: | Line 122: | ||
various .sdl files | various .sdl files | ||
encryption.key | encryption.key | ||
+ | Now you have to make manifest files here as well. Make a <code>Python.txt</code> file which contains one line: <code>Python\python.pak</code>. Make an SDL.txt file which contains one line per file in the SDL directory, as in: | ||
+ | SDL\BaronCityOffice.sdl | ||
+ | SDL\Kveer.sdl | ||
+ | ... | ||
+ | I just toss these manifest files in the <code>''auth dir''/default</code> directory but you don't have to. The server does not look at them. | ||
− | + | If you have user-created ages with SDL files, be sure to add them to the <code>SDL</code> directory here. Encrypt them with the <code>encryption.key</code> (a tool to do this does exist in the CWE source). Similarly, if you want to add Python, you can rebuild the <code>python.pak</code> file, but if you are adding a new age, you may find it easier to add a new <code>.pak</code> file. If you do that, encrypt it and then add a new line to the <code>Python.txt</code> file for your new <code>.pak</code>. The client will download them all. | |
− | |||
− | line | ||
− | |||
− | |||
− | + | Once you have listed each SDL and Python file, you can use the Perl script <code>support/make-mbam.pl</code> to create the <code>.mbam</code> files. If you don't have Perl, <code>ManifestCreator.exe</code> can also create the files: simply select "Auth Server" in the "Manifest type" dropdown. If you use ManifestCreator, make sure it has the Python and SDL directories and their contents. Make sure to copy the resulting two <code>.mbam</code> files to your <code>''auth-dir''/default</code> directory. | |
− | |||
− | |||
− | the | ||
− | |||
− | |||
− | + | === Game Server Data === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ''A script automating all the following steps in this section (except for any user-created ages) is in the works.'' | |
− | Just like for the file and auth server data, the default game directory is | + | Just like for the file and auth server data, the default game directory is <code>./game</code> (relative to where you start it up). I recommend using <code>''prefix''/game</code>. |
− | |||
− | ''prefix''/game. | ||
− | + | The game servers need unencrypted <code>.sdl</code> and <code>.age</code> files. The easiest way to get a set of these files is from the Cyan-provided <code>[http://assets.openuru.org/cyan/Scripts902.zip Scripts.zip]</code>. Download this file and unzip it. Copy/move the <code>Scripts/SDL</code> directory to <code>''game-dir''</code>. Then create <code>''game-dir''/age</code> and copy <code>Scripts/dat/*.age</code> to it (MOSS does not use the <code>.fni</code> files). | |
− | + | Do not forget to copy any user-created ages' SDL and <code>.age</code> files here. This copy needs to be unencrypted. | |
− | |||
− | |||
− | and | ||
− | |||
− | |||
− | + | Now there is one more step. The SDL files the game server uses need to be moved around, some into subdirectories, and some renamed because UNIX treats file names case-sensitively. Please read the details in the <code>doc/setup</code> file (linked at the top of this page). | |
− | |||
− | + | You should have three subdirectories when you're done. User-created ages may need subdirectories too, if they have multiple <code>.sdl</code> files. If you find this way too complex, just move all the <code>.sdl</code> files into the common subdirectory. You lose some small optimizations this way and you will need to restart the server if any SDL files change. | |
− | |||
− | |||
− | |||
− | done. User-created ages may need subdirectories too, if they have multiple .sdl | ||
− | files. If you find this way too complex, just move all the .sdl files into | ||
− | the common subdirectory. You lose some small optimizations this way. | ||
At the end the directory structure should be: | At the end the directory structure should be: | ||
Line 246: | Line 161: | ||
== Key Files == | == Key Files == | ||
− | The modified Diffie- | + | The modified Diffie-Hellman algorithm used in the client and MOSS by default requires the server to have private keys. '''Do not share them with anyone.''' They should not be world-readable. |
− | requires the server to have private keys. '''Do not share them with anyone.''' | ||
− | They should not be world-readable. | ||
− | You can generate keys using the | + | You can generate keys using the <code>make_cyan_dh</code> program is installed in <code>''prefix''/bin</code>. Or, there might be a program to generate keys in the CWE source, but the chance of it outputting the private keys in the format MOSS wants is basically zero. Generate a key for each of auth, game, and gatekeeper. Run <code>make_cyan_dh -h</code> to see what generators to use if you want to match those MOULagain is using. If you're building your own client you can use whatever generator you want. |
− | in ''prefix''/bin. Or, there might be a program to generate keys in the CWE | ||
− | source, but the chance of it outputting the private keys in the format MOSS | ||
− | wants is basically zero. Generate a key for each of auth, game, and | ||
− | gatekeeper. Run | ||
− | match those MOULagain is using. If you're building your own client you can use | ||
− | whatever generator you want. | ||
− | |||
− | |||
− | |||
− | The -s and -c options direct the program to write the data for the server and | + | ''Note:'' I see no reason not to use OpenSSL default generators such as 2, 3, or 5. In fact, unless you are a cryptographer, I do not recommend departing from these. If you are a cryptographer, you probably did not need to hear that from me! |
− | client to files, respectively, e.g.: | + | |
+ | The <code>-s</code> and <code>-c</code>/<code>-C</code> options direct the program to write the data for the server and client to files, respectively, e.g.: | ||
+ | make_cyan_dh -g 2 -s auth_key.der -C pnNbAuthKey.hpp | ||
+ | or | ||
make_cyan_dh -g 2 -s auth_key.der -c auth_key.bin | make_cyan_dh -g 2 -s auth_key.der -c auth_key.bin | ||
+ | If you're compiling a CWE client, you can use the <code>-C</code> option to output a C++ file that should be a drop-in replacement for the current key files (under <code>CWE/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/NucleusLib/pnNetBase</code>). Make sure you have at least revision 2 of the MOSS source to use <code>-C</code> (you may need to do a clean and a rebuild if you have previously compiled CWE with a different key; the dependencies in the projects are not set up perfectly). If you're not compiling a client, you probably want the <code>-c</code> option, and it's up to you what to do with the <code>.bin</code> file. | ||
− | + | Take the <code>.der</code> file (contains the PRIVATE key) and move it to <code>''prefix''</code>. I suggest using <code>''prefix''/etc/auth_key.der</code>. Make it readable only by the user which will be running the server: | |
− | + | chmod 400 ''prefix''/etc/auth_key.der | |
− | + | chown ''mossuser'' ''prefix''/etc/auth_key.der | |
− | + | Repeat this process for the game and gatekeeper keys: <code>''prefix''/etc/game_key.der</code> and <code>''prefix''/etc/gatekeeper_key.der</code>. | |
− | |||
− | Take the .der file (contains the PRIVATE key) and move it to ''prefix''. I | ||
− | suggest using ''prefix''/etc/auth_key.der. Make it readable only by the user | ||
− | which will be running the server: | ||
− | mossuser ''prefix''/etc/auth_key.der | ||
− | |||
− | |||
− | ''prefix''/etc/gatekeeper_key.der. | ||
== Configuration Files == | == Configuration Files == | ||
− | Now that you have all the other files set up, it's time to configure MOSS | + | Now that you have all the other files set up, it's time to configure MOSS itself. There is a configuration file for each server process. The default location for <code>moss_backend</code> is <code>./etc/moss_backend.cfg</code> and the default location for <code>moss</code> is <code>./etc/moss.cfg</code>. I recommend copying <code>main.cfg</code> to <code>''prefix''/etc/moss.cfg</code> and <code>backend.cfg</code> to <code>''prefix''/etc/moss_backend.cfg</code>. |
− | itself. There is a configuration file for each server process. The default | ||
− | location for moss_backend is ./etc/moss_backend.cfg and the default | ||
− | location for moss is ./etc/moss.cfg. I recommend copying main.cfg to | ||
− | ''prefix''/etc/moss.cfg and backend.cfg to ''prefix''/etc/moss_backend.cfg. | ||
− | Now open each up in your text editor. The files contain instructions | + | Now open each up in your text editor. The files contain instructions on how to set the various options. |
− | set the various options. | ||
− | I recommend you set the following in moss.cfg to the absolute paths | + | I recommend you set the following in <code>moss.cfg</code> to the absolute paths corresponding to where you installed these files in earlier steps: <code>auth_download_dir</code>, <code>auth_key_file</code>, <code>file_download_dir</code>, <code>game_data_dir</code>, <code>game_key_file</code>, <code>gatekeeper_key_file</code>. In addition I recommend you set <code>log_dir</code> to somewhere you want log files to go. Remember the log directory has to be writable by the user that will run the server. You may also need to set <code>pid_file</code> to a location writable by that user. If you want the <code>.pid</code> file to be created. Read through all the options to make sure your setup is as you want. The only mandatory configuration directive is <code>external_address</code>. |
− | corresponding to where you installed these files in earlier steps: | ||
− | < | ||
− | < | ||
− | < | ||
− | to somewhere you want log files to go. Remember the log directory has to be | ||
− | writable by the user that will run the server. You may also need to set | ||
− | < | ||
− | file to be created. Read through all the options to make sure your setup is as | ||
− | you want. The only mandatory configuration directive is | ||
− | < | ||
− | For moss_backend.cfg look especially into < | + | For <code>moss_backend.cfg</code> look especially into <code>log_dir</code> and <code>pid_file</code>. In addition, depending on how your DB is |
− | < | + | [[#Set_Up_the_Database | set up]] you likely need to specify <code>db_user</code>, <code>db_password</code> and maybe other DB parameters. |
− | [[#Set_Up_the_Database | set up]] you likely need to specify < | ||
− | and maybe other DB parameters. | ||
== Security Considerations == | == Security Considerations == | ||
− | '''Please''' read about them at the end of | + | '''Please''' read about them at the end of [http://foundry.openuru.org/fisheye/browse/MOSS/doc/setup doc/setup]. Short version: |
− | [http://foundry.openuru.org/fisheye/browse/MOSS/doc/setup doc/setup]. | + | * '''Never''' run MOSS as root. |
− | + | * <code>moss_backend.cfg</code> contains your DB user's password; do not make it world-readable (or even group-readable). | |
− | + | * Private key files (files finishing in <code>.der</code>) should never be made public. | |
+ | * No encryption is currently available for all the backend connections. | ||
+ | * Should you decide to install the front-end server and the back-end server on separate machine, make sure the connection between the two is secured. Same goes for database server. | ||
== Before You Open Your Server == | == Before You Open Your Server == | ||
− | If you plan to let anyone other than you connect to your server, you have | + | If you plan to let anyone other than you connect to your server, you have certain obligations under the licenses of the software/data you will be distributing from the file and auth servers. |
− | certain obligations under the licenses of the software/data you will be | + | * '''Cyan content''': the MOULagain EULA still does not provide for you to modify and redistribute the files. So do not put original or modified Cyan files on your file server. You can still have them listed in the <code>.mbm</code> (manifest) files. If someone has an incomplete install they will be forced to get the files from Cyan's file server. That is as yet still the only place from which you're supposed to get those files. |
− | distributing from the file and auth servers. | + | * '''Python code''': you are supplying GPL'd Python code. You must provide a way to acquire that code. If you are using unmodified Python you can link to the [http://assets.openuru.org/cyan/Scripts.zip original source]. If you modify it for any reason, you must make your changes available and tell your users where to get it. |
+ | * '''CWE clients:''' if you are providing client executables from a CWE build: | ||
+ | ** '''GPL license:''' you probably need to add the GPL license file to the client install. The license is supposed to be conveyed with the executable, and the only sure way to do that is to install it from the file server same as the executable. This means you have to add it to <code>ThinExternal.txt</code> and <code>External.txt</code> and generate the new <code>.mbm</code> files, copying the <code>.mbm files</code> and <code>LICENSE.txt.gz</code> over to the appropriate locations. You probably should also arrange for the license to be available along with <code>UruLauncher.exe</code>. | ||
+ | ** '''Client source:''' you must provide a way to acquire the source for your client. The means is supposed to be "equivalent" to the way the executable is acquired. Links are probably sufficient. If you use an unmodified version you should be able to link to the repository (make sure you point to the actual changeset you used). If you modify files for your shard's public keys, status hostname, and/or gatekeeper/auth addresses, you have to additionally provide that source. Note: these are ''public'' keys, so don't worry, you're not giving anything away. | ||
+ | ** '''Library credits:''' Unless someone changes the jpeg library again, you need to credit IJG for jpeglib: "This software is based in part on the work of the Independent JPEG Group." Similarly, if the client uses OpenSSL, credit should be given: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric A. Young (eay@cryptsoft.com). This product includes software written by Tim J. Hudson (tjh@cryptsoft.com)." The easiest may be to add another file doing so to the install. Or, if you are modifying Python for some reason, you could add it to the in-game credits along with all the other licenses (files: <code>xUruCreditsJournalEnglish.py</code>, <code>xUruCreditsJournalFrench.py</code>, <code>xUruCreditsJournalGerman.py</code>, <code>xUruCreditsJournalItalian.py</code>, <code>xUruCreditsJournalSpanish.py</code>). The links or whatever means you use to provide access to the source of the binaries and Python don't have to go into the client install, but they must be somewhere reasonable for your users to find, "equivalent" to installing the software for your shard. I would put links to a copy of the files on your shard's home page or something. | ||
− | + | See also [[CyanWorlds.com_Engine/FAQ#What_are_my_open_source_license_.28GPLv3.29_responsibilities_as_a_user.2C_developer_or_server_operator_.28e.g._shard_owner.29.3F | the CWE FAQ]]. | |
− | + | Please do not consider this advice the final or complete word on the matter. All the licenses of all the data you use expect you to follow them. So you have to do your due diligence. If you find something obviously missing from this section, please add it! | |
− | + | == Start It Up == | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ''Hopefully someone will contribute a nice startup script.'' | |
− | |||
− | |||
− | |||
− | + | Now you should be set to run your server. For now, <code>cd</code> to the directory you planned from the start to start the server from (that's <code>''prefix''</code> in the earlier recommendations). Make sure you are su'd to the user you want to run as. '''NOT root!''' Start <code>moss_backend</code> first, then <code>moss</code>. E.g., if you have put the config files in <code>''prefix''/etc</code>, you can just do: | |
+ | ''prefix''/bin/moss_backend | ||
+ | ''prefix''/bin/moss | ||
+ | You can instead specify the location of the config file with the <code>-c</code> option. If you've used absolute paths in the config files, you can thus easily run the server from any directory. | ||
− | + | === After Initial Startup === | |
− | |||
− | |||
− | |||
− | + | To set up AllAgeGlobalSDLNodes, use global_sdl_manager (we have no VaultManager to do it). This program is installed in <code>''prefix''/bin</code>. To aid setup, the <code>support/set_to_moul.txt</code> file can be used to set the global SDL state to a reasonable default (with no sparks) by running something like: | |
+ | global_sdl_manager game/SDL < set_to_moul.txt | ||
+ | If you want sparks, you can turn them on yourself using this program. | ||
− | + | ''Note'': this program does NOT work unless the MOSS server has already been started at least once. You might also need to provide your database details to the program; just type <code>global_sdl_manager</code> to get a list of all the appropriate options. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Create Accounts == | == Create Accounts == | ||
− | Don't forget to create accounts for your users, or it will be difficult to log | + | ''Hopefully someone will contribute a script to add users. A CGI script to automatically add users would be neat too.'' |
− | in... Please just refer directly to | + | |
− | [http://foundry.openuru.org/fisheye/browse/MOSS/doc/user-management doc/user-management]. | + | Don't forget to create accounts for your users, or it will be difficult to log in... Please just refer directly to [http://foundry.openuru.org/fisheye/browse/MOSS/doc/user-management doc/user-management]. |
+ | |||
+ | Really short version: | ||
+ | INSERT INTO accounts (name, hash, id, class, visitor) | ||
+ | VALUES ('foo@example.com', '11223344...', uuid(), 'default', false); | ||
− | + | Where '11223344' is a SHA-1 password hash. | |
− | |||
− | == | + | == See Also == |
+ | {{:MOSS/See Also}} | ||
Please see the following for more information of interest to running a server. | Please see the following for more information of interest to running a server. | ||
− | + | * [[MOSS/Notes]] | |
− | * [[MOSS | ||
* [http://foundry.openuru.org/fisheye/browse/MOSS/doc/running doc/running] | * [http://foundry.openuru.org/fisheye/browse/MOSS/doc/running doc/running] | ||
[[Category:MOSS]] | [[Category:MOSS]] |
Latest revision as of 21:13, 27 March 2018
MOSS currently only runs on UNIX and other *nix operating systems (such as GNU/Linux). Not Microsoft Windows. It ought to work on Mac OS/X (even PowerPC) but nobody has tried yet. The following document assists in the setup of MOSS on any of the compatible afore-mentioned operating systems. For instructions pertaining to a particular OS or Linux distribution, take a look at MOSS/Distribution Specific Instructions.
Please also see the main setup instructions for an alternative set of installation instructions.
Compile
Prerequisites
Before you start, assuming you already have a compatible OS, you need to ensure you have the following:
- pthreads (almost certainly installed already)
- libiconv (almost certainly installed already)
- OpenSSL (also almost certainly installed) -- you need both the libraries and the development headers if that's separate (I'm looking at you, Debian)
- Versions found to work: 1.0.1 – Versions found not to work: 0.9.7
- Zlib (also probably installed) -- both the library and the development stuff if separate
- PostgreSQL -- both the sever and client, plus any development packages
- libpqxx -- both the library and the development package
- Versions found to work: 3.1 – Versions found not to work: 4.0
- gcc, g++, whatever all you need for compiling C++
If you are compiling from a clone of a Mercurial respository and there is no "configure" script, you also need the autotools:
- autoconf
- Versions found to work: 2.68 – Versions found not to work: 2.59
- automake
- Versions found to work: 1.11.3 – Versions found not to work: 1.6.3
- libtool
- Versions found to work: 2.4.2 – Versions found not to work: 1.5
If you are reading this, please go over to MOSS/Distribution Specific Instructions and fill in how to install all these programs on YOUR distribution/OS. Thank you!
configure
If you don't have a "configure" file, it must be generated. Run the ./bootstrap.sh
script to create it.
Run ./configure
. The configure script takes many options. For a full listing run ./configure --help
. The default options are set up in such a way as to make your server match the way Cyan's server works. Here are the options you are probably interested in:
- --prefix
- Specifies where
make install
places the files. If you are using a non-typical location you may need to addprefix/lib
to your LDFLAGS or something. - --enable-fast-download
- During auth file downloads, Cyan's server waits for the client to acknowledge every 32k of data sent. I believe this was to fix the "zero seconds remaining" bug. MOSS does not have that bug. Use --enable-fast-download to configure the server to send data as fast as it can, thereby using all the bandwidth available.
- --disable-single-login
- If you use this, multiple different avatars on the same account can be logged in at once. Logging into the same avatar will boot the other. Without disabling "single login", logging into the same account will boot whatever avatar is logged in from that account.
Other options:
- --enable-require-secure-download
- Boot users who don't download
python.pak
. - --enable-encryption=type
- The default is "cyan_dh". MOSS allows you to disable encryption, or (legacy) use RSA.
- --enable-fork
- The primary use for this is if you need to debug auth or file servers. It is much easier to debug single-threaded programs.
- --enable-debug
- Anyone developing MOSS or willing to run some extra bug-hunting code should use this. If the bug-hunting code finds a bad thing it will make the server dump core so you can debug it.
- --enable-old-protocol
- This makes MOSS use older protocol versions. You probably don't need this.
If you have any trouble with configure finding the locations of various libraries, you can use these:
- --with-postgres=PREFIX
- --with-libpqxx=PREFIX
- --with-openssl=PREFIX
- --with-zlib=PREFIX
- --with-iconv=PREFIX
Compile
Run make
. Assuming that succeeds, you probably should use make install
.
Now cd into the postgresql
directory. Here you need to compile a custom PostgreSQL module that creates UUIDs. Follow the instructions in the README file there, but for most people this should just be running make
, followed by make install
.
Install the PostgreSQL module in your PostgreSQL install, if it's not there already by now. Do this by copying the moss_uuidgen.so file you just compiled. You'll need to log in as root to do this (sudo cp moss_uuidgen.so /path/to/postgres/modules
on most systems). Please check MOSS/Distribution_Specific_Instructions and fill in where to copy it for your system. Consult PostgreSQL documentation if you're not sure. After the library is installed, restart the DB server.
Set Up the Database
The easiest way to set up the database is to create a "moss" user to be associated with the MOSS database. If you want to use a different username, you have to edit the postgresql/moss.sql
file to match. The moss user needs to be able to modify tables in the MOSS DB.
Most distributions create some user that has root access to the DB when connecting from the local machine. In this example this user is "pgsql" but yours may be different. Please check MOSS-Distribution_Specific_Instructions for hints or to fill in the user for your distribution.
Start by creating the database. The default database name is "moss"; if you use any other you'll have to set it in the MOSS configuration file. Make sure to use the "UTF8" encoding. Then create the "moss" user in the new database. Then load "postgresql/moss.sql
into the new database.
I did the following:
su pgsql -c "psql postgres" create database moss with encoding='UTF8'; \c moss create role moss with login; \q su pgsql -c "psql moss -f moss.sql"
After this, you can connect to the database as the "moss" user:
psql -U moss
If all that works, you are done setting up the database!
Set Up Files
There are quite a few files that the server needs to use. All these files are located by default in locations relative to where you will *start* the server. The location of all the files can be configured in the configuration files; you may find it easiest to specify absolute paths (starting with /
) there.
File hierarchy conventions used in this setup:
- No prefix: references the files found in your source download,
./
: references the directory from where you will start MOSS,prefix
: references the directory where MOSS is being installed.
File Server Data
You need to start with your current Uru install (MOULagain, presumably). This procedure assumes you can run a Windows application to create the file server manifest MOSS needs. This seems a reasonable assumption when the client itself is a Windows app. So temporarily leave your *nix server alone and switch to a Windows installation with Uru installed.
Copy support/ManifestCreator.exe
and support/Manifests.zip
to your Windows box. Unzip Manifests.zip
. This makes a CyanStructure
folder. The .txt
files in this folder are input. They describe the files which need to be in the final manifests. It is important to use \
as the directory separator.
Start up ManifestCreator.exe
. To generate a manifest, click "Make Manifest"; it brings up a dialog box. Navigate to the CyanStructure
folder, and select all the .txt
files in there. Then click OK and when it pops up with another dialog asking for the location of your Uru install, navigate to that directory, click OK and wait for a bit.
When it is done stop and consider which files you need the file server to actually give to clients. If you are making this shard for yourself it could be basically nothing, or everything. Note that we do not have a license to redistribute Cyan's data files. So it is recommended not to copy any files you should not distribute to your file server.
Back on the machine on which you are installing MOSS, create a file server directory. The default is ./file
(relative to where you will start up your MOSS server). I recommend you make it prefix/file
. Copy all the .mbm
files created in the CyanStructure
folder on your Windows box to this directory. If you are serving up a CWE client (built from open source) you want to copy the gzipped executable and libraries. They are located in CyanStructure\Client\External
and need to be in file dir/Client/External
on your server to match. Anything you can distribute and that clients will need to download, like a new Age, should also be copied. Make sure to match the directory structures when copying them over.
For Mac clients: Mac clients request the macExternal
manifest instead of External
. There are added files in the Mac manifest, but if you don't have them to generate a proper manifest from, just copy or symlink External.mbm
to macExternal.mbm
. If you do have the files, you can generate the proper manifest using ManifestCreator and the support/macExternal.txt
file.
Auth Server Data
A script automating all the following steps in this section (except for any user-created ages) is in the works.
Like for the file server data, the default auth directory is ./auth
(relative to where you start it up). I recommend using prefix/auth
.
This directory is required to have another subdirectory named default
. You must keep a copy here of the encrypted Python and SDL files for clients to download. The easiest way to get a set of these files is from the Cyan-provided AuthFiles.zip
. Download this file, and unzip it. Copy the entire contents of the resulting AuthFiles/893
directory to auth dir/default/
. The resulting directory structure is:
auth default Python python.pak SDL various .sdl files encryption.key
Now you have to make manifest files here as well. Make a Python.txt
file which contains one line: Python\python.pak
. Make an SDL.txt file which contains one line per file in the SDL directory, as in:
SDL\BaronCityOffice.sdl SDL\Kveer.sdl ...
I just toss these manifest files in the auth dir/default
directory but you don't have to. The server does not look at them.
If you have user-created ages with SDL files, be sure to add them to the SDL
directory here. Encrypt them with the encryption.key
(a tool to do this does exist in the CWE source). Similarly, if you want to add Python, you can rebuild the python.pak
file, but if you are adding a new age, you may find it easier to add a new .pak
file. If you do that, encrypt it and then add a new line to the Python.txt
file for your new .pak
. The client will download them all.
Once you have listed each SDL and Python file, you can use the Perl script support/make-mbam.pl
to create the .mbam
files. If you don't have Perl, ManifestCreator.exe
can also create the files: simply select "Auth Server" in the "Manifest type" dropdown. If you use ManifestCreator, make sure it has the Python and SDL directories and their contents. Make sure to copy the resulting two .mbam
files to your auth-dir/default
directory.
Game Server Data
A script automating all the following steps in this section (except for any user-created ages) is in the works.
Just like for the file and auth server data, the default game directory is ./game
(relative to where you start it up). I recommend using prefix/game
.
The game servers need unencrypted .sdl
and .age
files. The easiest way to get a set of these files is from the Cyan-provided Scripts.zip
. Download this file and unzip it. Copy/move the Scripts/SDL
directory to game-dir
. Then create game-dir/age
and copy Scripts/dat/*.age
to it (MOSS does not use the .fni
files).
Do not forget to copy any user-created ages' SDL and .age
files here. This copy needs to be unencrypted.
Now there is one more step. The SDL files the game server uses need to be moved around, some into subdirectories, and some renamed because UNIX treats file names case-sensitively. Please read the details in the doc/setup
file (linked at the top of this page).
You should have three subdirectories when you're done. User-created ages may need subdirectories too, if they have multiple .sdl
files. If you find this way too complex, just move all the .sdl
files into the common subdirectory. You lose some small optimizations this way and you will need to restart the server if any SDL files change.
At the end the directory structure should be:
game age various .age files SDL common some .sdl files Garrison a couple of .sdl files Teledahn other .sdl files more .sdl files
Key Files
The modified Diffie-Hellman algorithm used in the client and MOSS by default requires the server to have private keys. Do not share them with anyone. They should not be world-readable.
You can generate keys using the make_cyan_dh
program is installed in prefix/bin
. Or, there might be a program to generate keys in the CWE source, but the chance of it outputting the private keys in the format MOSS wants is basically zero. Generate a key for each of auth, game, and gatekeeper. Run make_cyan_dh -h
to see what generators to use if you want to match those MOULagain is using. If you're building your own client you can use whatever generator you want.
Note: I see no reason not to use OpenSSL default generators such as 2, 3, or 5. In fact, unless you are a cryptographer, I do not recommend departing from these. If you are a cryptographer, you probably did not need to hear that from me!
The -s
and -c
/-C
options direct the program to write the data for the server and client to files, respectively, e.g.:
make_cyan_dh -g 2 -s auth_key.der -C pnNbAuthKey.hpp
or
make_cyan_dh -g 2 -s auth_key.der -c auth_key.bin
If you're compiling a CWE client, you can use the -C
option to output a C++ file that should be a drop-in replacement for the current key files (under CWE/MOULOpenSourceClientPlugin/Plasma20/Sources/Plasma/NucleusLib/pnNetBase
). Make sure you have at least revision 2 of the MOSS source to use -C
(you may need to do a clean and a rebuild if you have previously compiled CWE with a different key; the dependencies in the projects are not set up perfectly). If you're not compiling a client, you probably want the -c
option, and it's up to you what to do with the .bin
file.
Take the .der
file (contains the PRIVATE key) and move it to prefix
. I suggest using prefix/etc/auth_key.der
. Make it readable only by the user which will be running the server:
chmod 400 prefix/etc/auth_key.der chown mossuser prefix/etc/auth_key.der
Repeat this process for the game and gatekeeper keys: prefix/etc/game_key.der
and prefix/etc/gatekeeper_key.der
.
Configuration Files
Now that you have all the other files set up, it's time to configure MOSS itself. There is a configuration file for each server process. The default location for moss_backend
is ./etc/moss_backend.cfg
and the default location for moss
is ./etc/moss.cfg
. I recommend copying main.cfg
to prefix/etc/moss.cfg
and backend.cfg
to prefix/etc/moss_backend.cfg
.
Now open each up in your text editor. The files contain instructions on how to set the various options.
I recommend you set the following in moss.cfg
to the absolute paths corresponding to where you installed these files in earlier steps: auth_download_dir
, auth_key_file
, file_download_dir
, game_data_dir
, game_key_file
, gatekeeper_key_file
. In addition I recommend you set log_dir
to somewhere you want log files to go. Remember the log directory has to be writable by the user that will run the server. You may also need to set pid_file
to a location writable by that user. If you want the .pid
file to be created. Read through all the options to make sure your setup is as you want. The only mandatory configuration directive is external_address
.
For moss_backend.cfg
look especially into log_dir
and pid_file
. In addition, depending on how your DB is
set up you likely need to specify db_user
, db_password
and maybe other DB parameters.
Security Considerations
Please read about them at the end of doc/setup. Short version:
- Never run MOSS as root.
moss_backend.cfg
contains your DB user's password; do not make it world-readable (or even group-readable).- Private key files (files finishing in
.der
) should never be made public. - No encryption is currently available for all the backend connections.
- Should you decide to install the front-end server and the back-end server on separate machine, make sure the connection between the two is secured. Same goes for database server.
Before You Open Your Server
If you plan to let anyone other than you connect to your server, you have certain obligations under the licenses of the software/data you will be distributing from the file and auth servers.
- Cyan content: the MOULagain EULA still does not provide for you to modify and redistribute the files. So do not put original or modified Cyan files on your file server. You can still have them listed in the
.mbm
(manifest) files. If someone has an incomplete install they will be forced to get the files from Cyan's file server. That is as yet still the only place from which you're supposed to get those files. - Python code: you are supplying GPL'd Python code. You must provide a way to acquire that code. If you are using unmodified Python you can link to the original source. If you modify it for any reason, you must make your changes available and tell your users where to get it.
- CWE clients: if you are providing client executables from a CWE build:
- GPL license: you probably need to add the GPL license file to the client install. The license is supposed to be conveyed with the executable, and the only sure way to do that is to install it from the file server same as the executable. This means you have to add it to
ThinExternal.txt
andExternal.txt
and generate the new.mbm
files, copying the.mbm files
andLICENSE.txt.gz
over to the appropriate locations. You probably should also arrange for the license to be available along withUruLauncher.exe
. - Client source: you must provide a way to acquire the source for your client. The means is supposed to be "equivalent" to the way the executable is acquired. Links are probably sufficient. If you use an unmodified version you should be able to link to the repository (make sure you point to the actual changeset you used). If you modify files for your shard's public keys, status hostname, and/or gatekeeper/auth addresses, you have to additionally provide that source. Note: these are public keys, so don't worry, you're not giving anything away.
- Library credits: Unless someone changes the jpeg library again, you need to credit IJG for jpeglib: "This software is based in part on the work of the Independent JPEG Group." Similarly, if the client uses OpenSSL, credit should be given: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric A. Young (eay@cryptsoft.com). This product includes software written by Tim J. Hudson (tjh@cryptsoft.com)." The easiest may be to add another file doing so to the install. Or, if you are modifying Python for some reason, you could add it to the in-game credits along with all the other licenses (files:
xUruCreditsJournalEnglish.py
,xUruCreditsJournalFrench.py
,xUruCreditsJournalGerman.py
,xUruCreditsJournalItalian.py
,xUruCreditsJournalSpanish.py
). The links or whatever means you use to provide access to the source of the binaries and Python don't have to go into the client install, but they must be somewhere reasonable for your users to find, "equivalent" to installing the software for your shard. I would put links to a copy of the files on your shard's home page or something.
- GPL license: you probably need to add the GPL license file to the client install. The license is supposed to be conveyed with the executable, and the only sure way to do that is to install it from the file server same as the executable. This means you have to add it to
See also the CWE FAQ.
Please do not consider this advice the final or complete word on the matter. All the licenses of all the data you use expect you to follow them. So you have to do your due diligence. If you find something obviously missing from this section, please add it!
Start It Up
Hopefully someone will contribute a nice startup script.
Now you should be set to run your server. For now, cd
to the directory you planned from the start to start the server from (that's prefix
in the earlier recommendations). Make sure you are su'd to the user you want to run as. NOT root! Start moss_backend
first, then moss
. E.g., if you have put the config files in prefix/etc
, you can just do:
prefix/bin/moss_backend prefix/bin/moss
You can instead specify the location of the config file with the -c
option. If you've used absolute paths in the config files, you can thus easily run the server from any directory.
After Initial Startup
To set up AllAgeGlobalSDLNodes, use global_sdl_manager (we have no VaultManager to do it). This program is installed in prefix/bin
. To aid setup, the support/set_to_moul.txt
file can be used to set the global SDL state to a reasonable default (with no sparks) by running something like:
global_sdl_manager game/SDL < set_to_moul.txt
If you want sparks, you can turn them on yourself using this program.
Note: this program does NOT work unless the MOSS server has already been started at least once. You might also need to provide your database details to the program; just type global_sdl_manager
to get a list of all the appropriate options.
Create Accounts
Hopefully someone will contribute a script to add users. A CGI script to automatically add users would be neat too.
Don't forget to create accounts for your users, or it will be difficult to log in... Please just refer directly to doc/user-management.
Really short version:
INSERT INTO accounts (name, hash, id, class, visitor) VALUES ('foo@example.com', '11223344...', uuid(), 'default', false);
Where '11223344' is a SHA-1 password hash.
See Also
Please see the following for more information of interest to running a server.