Differences

This shows you the differences between two versions of the page.

Link to this comparison view

dcss:server:setting_up_dgamelaunch_and_webtiles [2018-06-14 22:15]
floraline add table of contents
dcss:server:setting_up_dgamelaunch_and_webtiles [2018-06-23 20:59] (current)
floraline add troubleshooting note on webtiles ssl
Line 29: Line 29:
   ~$ sudo usermod -G crawl-dev -a root   ~$ sudo usermod -G crawl-dev -a root
   ~$ sudo usermod -G crawl-dev -a www-data   ~$ sudo usermod -G crawl-dev -a www-data
-   
-Add entries to sudoers file: 
- 
-  ~$ sudo visudo 
-  crawl      ALL=(ALL:ALL) ALL 
-  crawl-dev  ALL=(ALL:ALL) ALL 
  
 ====1. Set up chroot==== ====1. Set up chroot====
Line 135: Line 129:
 copy the binary into /usr/local/sbin/ on your main system, and the ee and virus binaries into /bin on the chroot. copy the binary into /usr/local/sbin/ on your main system, and the ee and virus binaries into /bin on the chroot.
  
-====7. Give crawl-dev passwordless sudo==== +====7. Configure sudo access==== 
-(As root) Give crawl-dev permissions to run ''dgl'' binary with sudo without a password.  We'll also need permissions for a few additional scripts, as well as webtiles.+  ~$ sudo visudo
  
-  ~$ su +Give user ''crawl-dev'' permission to run ''dgl'' binary with sudo. We'll also need permissions for a few additional scripts, as well as webtiles. 
-  ~# visudo + 
-  crawl-dev ALL=(root) NOPASSWD: /home/crawl-dev/dgamelaunch-config/bin/dgl, /home/crawl/DGL/sbin/install-trunk.sh, /home/crawl/DGL/sbin/install-stable.sh, /etc/init.d/webtiles, /home/crawl/DGL/sbin/remove-trunks.sh +  crawl-dev ALL=(root) 
-   +    /home/crawl-dev/dgamelaunch-config/bin/dgl, 
-  ~# exit+    /home/crawl/DGL/sbin/install-trunk.sh, 
 +    /home/crawl/DGL/sbin/install-stable.sh, 
 +    /etc/init.d/webtiles, 
 +    /home/crawl/DGL/sbin/remove-trunks.sh 
 + 
 +If you want to use certain automated scripts, you will need to change the first line to allow this without a password: 
 + 
 +  crawl-dev ALL=(root) NOPASSWD: \ 
 + 
 +**Security Note:** 
 + 
 +  *If crawl-dev has sudo privileges on a script that they have permission to edit, then they can edit the script to run any command as root. 
 + 
 +You may also add permissions for your apache user (''www-data'' on Debian) to execute the build scripts without a password. This is necessary for the /rebuild/ cgi script. 
 + 
 +  www-data  ALL=(crawl-dev) NOPASSWD: \ 
 +    /home/crawl-dev/dgamelaunch-config/bin/dgl update-trunk, \ 
 +    /home/crawl-dev/dgamelaunch-config/bin/dgl update-stable *
  
 ====8. Configure dgamelaunch-config==== ====8. Configure dgamelaunch-config====
Line 432: Line 443:
     exit 0 # normally already in /etc/rc.local     exit 0 # normally already in /etc/rc.local
  
 +NOTE from floraline:
 +
 +>I had an issue where I had enabled the built-in SSL options in WebTiles, and server.py would start to consume 100% CPU time for several hours at a time. This was caused by clients, usually botnets doing port scans and other things, disconnecting in the middle of the SSL handshake. Tornado 2.4.1 does not handle broken SSL handshakes and will enter into a state where it uses 100% CPU and won't stop on its own. I fixed this by making the following change in ''tornado/iostream.py'', routine ''_do_ssl_handshake'':
 +
 +  except socket.error, err:
 +  -   err.args[0] in (errno.ECONNABORTED, errno.ECONNRESET):
 +  +   if err.args[0] in (errno.ECONNABORTED, errno.ECONNRESET) or err.args[0] == errno.EBADF:
 +          return self.close()
 ====13. Other notes==== ====13. Other notes====
 I'm sure there's more...  launching the inotify watcher, crontabs for compressing ttyrecs, cleaning out old trunks, making logfiles and milestones available over the web, setting up an ssh user, set up a dgl-status script in cgi-bin, forwarding port 80 requests to 8080 for webtiles, etc. I'm sure there's more...  launching the inotify watcher, crontabs for compressing ttyrecs, cleaning out old trunks, making logfiles and milestones available over the web, setting up an ssh user, set up a dgl-status script in cgi-bin, forwarding port 80 requests to 8080 for webtiles, etc.
Logged in as: Anonymous (VIEWER)
dcss/server/setting_up_dgamelaunch_and_webtiles.1529007338.txt.gz · Last modified: 2018-06-14 22:15 by floraline
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki