Differences

This shows you the differences between two versions of the page.

Link to this comparison view

dcss:server:setting_up_dgamelaunch_and_webtiles [2018-06-14 22:15]
floraline add table of contents
dcss:server:setting_up_dgamelaunch_and_webtiles [2018-10-26 22:15] (current)
espais [2. Install prerequisites] - added apt update/upgrade
Line 29: Line 29:
   ~$ sudo usermod -G crawl-dev -a root   ~$ sudo usermod -G crawl-dev -a root
   ~$ sudo usermod -G crawl-dev -a www-data   ~$ sudo usermod -G crawl-dev -a www-data
-   
-Add entries to sudoers file: 
- 
-  ~$ sudo visudo 
-  crawl      ALL=(ALL:ALL) ALL 
-  crawl-dev  ALL=(ALL:ALL) ALL 
  
 ====1. Set up chroot==== ====1. Set up chroot====
Line 43: Line 37:
 Ubuntu users should change 'stable' to match their build env (e.g. 'precise' for 12.04; 'trusty' for 14.04) Ubuntu users should change 'stable' to match their build env (e.g. 'precise' for 12.04; 'trusty' for 14.04)
  
 +//note from espais//
 +
 +If you are using Ubuntu 18, the default repositories list within chroot does not contain the appropriate sources.  This will cause liblua5.1 to not be found.  An easy fix is to copy the /etc/apt/sources.list from the server to within the chroot.  For instance:
 +
 +  ~$ sudo mv /home/crawl/DGL/etc/apt/source.list /home/crawl/DGL/etc/apt/source.list.bak
 +  ~$ sudo cp /etc/apt/sources.list /home/crawl/DGL/etc/apt/.
 ====2. Install prerequisites==== ====2. Install prerequisites====
 Install some prerequisites into the chroot.  Besides the base system that debootstrap installed, you need the libraries for running crawl, bzip2 for compressing save backups, the sqlite3 binary for interfacing with the user and version databases, locales, terminal definitions, and a minimal install of python (because character codecs are loaded at runtime). For Debian* systems: Install some prerequisites into the chroot.  Besides the base system that debootstrap installed, you need the libraries for running crawl, bzip2 for compressing save backups, the sqlite3 binary for interfacing with the user and version databases, locales, terminal definitions, and a minimal install of python (because character codecs are loaded at runtime). For Debian* systems:
Line 51: Line 51:
 After running this then install packages as root of the chroot: After running this then install packages as root of the chroot:
  
 +  ~# apt update && apt upgrade
   ~# apt install bzip2 python-minimal ncurses-term locales-all sqlite3 libpcre3 liblua5.1-0 locales autoconf build-essential lsof bison libncursesw5-dev libsqlite3-dev flex sudo libbot-basicbot-perl   ~# apt install bzip2 python-minimal ncurses-term locales-all sqlite3 libpcre3 liblua5.1-0 locales autoconf build-essential lsof bison libncursesw5-dev libsqlite3-dev flex sudo libbot-basicbot-perl
  
Line 135: Line 136:
 copy the binary into /usr/local/sbin/ on your main system, and the ee and virus binaries into /bin on the chroot. copy the binary into /usr/local/sbin/ on your main system, and the ee and virus binaries into /bin on the chroot.
  
-====7. Give crawl-dev passwordless sudo==== +====7. Configure sudo access==== 
-(As root) Give crawl-dev permissions to run ''dgl'' binary with sudo without a password.  We'll also need permissions for a few additional scripts, as well as webtiles.+  ~$ sudo visudo
  
-  ~$ su +Give user ''crawl-dev'' permission to run ''dgl'' binary with sudo. We'll also need permissions for a few additional scripts, as well as webtiles. 
-  ~# visudo + 
-  crawl-dev ALL=(root) NOPASSWD: /home/crawl-dev/dgamelaunch-config/bin/dgl, /home/crawl/DGL/sbin/install-trunk.sh, /home/crawl/DGL/sbin/install-stable.sh, /etc/init.d/webtiles, /home/crawl/DGL/sbin/remove-trunks.sh +  crawl-dev ALL=(root) 
-   +    /home/crawl-dev/dgamelaunch-config/bin/dgl, 
-  ~# exit+    /home/crawl/DGL/sbin/install-trunk.sh, 
 +    /home/crawl/DGL/sbin/install-stable.sh, 
 +    /etc/init.d/webtiles, 
 +    /home/crawl/DGL/sbin/remove-trunks.sh 
 + 
 +If you want to use certain automated scripts, you will need to change the first line to allow this without a password: 
 + 
 +  crawl-dev ALL=(root) NOPASSWD: \ 
 + 
 +**Security Note:** 
 + 
 +  *If crawl-dev has sudo privileges on a script that they have permission to edit, then they can edit the script to run any command as root. 
 + 
 +You may also add permissions for your apache user (''www-data'' on Debian) to execute the build scripts without a password. This is necessary for the /rebuild/ cgi script. 
 + 
 +  www-data  ALL=(crawl-dev) NOPASSWD: \ 
 +    /home/crawl-dev/dgamelaunch-config/bin/dgl update-trunk, \ 
 +    /home/crawl-dev/dgamelaunch-config/bin/dgl update-stable *
  
 ====8. Configure dgamelaunch-config==== ====8. Configure dgamelaunch-config====
Line 432: Line 450:
     exit 0 # normally already in /etc/rc.local     exit 0 # normally already in /etc/rc.local
  
 +NOTE from floraline:
 +
 +>I had an issue where I had enabled the built-in SSL options in WebTiles, and server.py would start to consume 100% CPU time for several hours at a time. This was caused by clients, usually botnets doing port scans and other things, disconnecting in the middle of the SSL handshake. Tornado 2.4.1 does not handle broken SSL handshakes and will enter into a state where it uses 100% CPU and won't stop on its own. I fixed this by making the following change in ''tornado/iostream.py'', routine ''_do_ssl_handshake'':
 +
 +  except socket.error, err:
 +  -   err.args[0] in (errno.ECONNABORTED, errno.ECONNRESET):
 +  +   if err.args[0] in (errno.ECONNABORTED, errno.ECONNRESET) or err.args[0] == errno.EBADF:
 +          return self.close()
 ====13. Other notes==== ====13. Other notes====
 I'm sure there's more...  launching the inotify watcher, crontabs for compressing ttyrecs, cleaning out old trunks, making logfiles and milestones available over the web, setting up an ssh user, set up a dgl-status script in cgi-bin, forwarding port 80 requests to 8080 for webtiles, etc. I'm sure there's more...  launching the inotify watcher, crontabs for compressing ttyrecs, cleaning out old trunks, making logfiles and milestones available over the web, setting up an ssh user, set up a dgl-status script in cgi-bin, forwarding port 80 requests to 8080 for webtiles, etc.
Logged in as: Anonymous (VIEWER)
dcss/server/setting_up_dgamelaunch_and_webtiles.1529007338.txt.gz · Last modified: 2018-06-14 22:15 by floraline
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki