Difference between revisions of "Connecting to the Server Vault"
Foambats4all (talk | contribs) |
(More links.) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | '''Note! This page is ''obsolete'', and only maintained for historical reference purposes. The vault has been moved to Azure storage, see [[Server Vault]] for current documentation.''' | ||
| + | |||
| + | See [[Basic Host Requirements#Configuration|Basic Host Requirements: Configuration]] for details on how to set up DatabaseConnector.ini to manage the SSH tunnel used to connect to MySQL. | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
[[Category:Technical Manuals]] | [[Category:Technical Manuals]] | ||
These commands run inside the Linux VM. | These commands run inside the Linux VM. | ||
Latest revision as of 05:33, 10 August 2014
Note! This page is obsolete, and only maintained for historical reference purposes. The vault has been moved to Azure storage, see Server Vault for current documentation.
See Basic Host Requirements: Configuration for details on how to set up DatabaseConnector.ini to manage the SSH tunnel used to connect to MySQL.
These commands run inside the Linux VM.
Contents
SSHFS Installation
We first need to install sshfs:
apt-get install sshfs
Then we need to create the local alfa user. Create a file with the following in it (replace XXXXX with a password for the alfa user):
cat > alfa.cred alfa:XXXXX:1001:1001::/home/alfa:/bin/bash
Hit Ctrl-d. Then run:
newusers -r alfa.cred
First try to ssh to the central vault host:
ssh alfa@alandfaraway.org
Type in the alfa user password for the central vault (ask IA or TA if you don't know it).
Switch to user alfa (local user) and create a vault directory:
su - alfa mkdir vault
Switch back to root with a logout or ctrl-d.
Next, mount the vault (note you should do that only for testing as we have a better solution below that will automatically mount the vault when Linux starts): sshfs alfa@alandfaraway.org:/home/alfa/vault /home/alfa/vault -o allow_other,reconnect Type the alfa user password for the central vault.
Switch again to user alfa and try to create a file:
su - alfa cd vault cd test touch test ls -l test
If everything is okay the output of ls should look like this:
-rw-r--r-- 1 alfa alfa 0 Jun 27 21:24 test
Authentication
In order to allow reconnecting you must allow public key ssh connections (ie allow to connect without typing the password). On the game server linux box as the user called alfa type in:
ssh-keygen -t dsa
(then type three times on return (ie default name for the file, no password, no password)
Next, copy the public file over to the alandfaraway.org machine (here replace <gameserver> with the acronym of your game server - e.g. whl):
scp ~/.ssh/id_dsa.pub alandfaraway.org:<gameserver>.pub
Then connect to the alfa host:
ssh alandfaraway.org
Type in your password.
cat gameserver.pub >> .ssh/authorized_keys exit ssh alandfaraway.org
This time you'll connect without needing to type the password.
In order for this to apply to the root user as well do the following: Login as root using either:
sudo su -
or
su -
Create a .ssh directory if it doesn't exist, copy over the private key file, and try to connect to the alfa vault. You should be able to connect without typing the password.
mkdir ~/.ssh cp /home/alfa/.ssh/id_dsa ~/.ssh/ ssh alfa@alandfaraway.org
Automatic Connection Script
### BEGIN INIT INFO
# Provides: sshfs
# Required-Start: $remote_fs $syslog $network
# Required-Stop: $remote_fs $syslog $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: sshfs alfa
# Description: Automatically mounts the alfa vault using sshfs
### END INIT INFO
# Author: Patrice Torguet/Hialmar <torguet@gmail.com>
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Automatically mounts the alfa vault using sshfs"
NAME=sshfs
DAEMON=/usr/bin/$NAME
DAEMON_ARGS="alfa@alandfaraway.org:/home/alfa/vault /home/alfa/vault -o allow_other,reconnect,ssh_command=/usr/local/bin/alfa-sshfs-ssh"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
date >> /var/log/sshfs.log
echo 'trying to umount' | tee -a /var/log/sshfs.log
umount -l /home/alfa/vault || echo "umount failed with error code $?" | tee -a /var/log/sshfs.log
echo 'cleaning mount point' | tee -a /var/log/sshfs.log
[ -x "/home/alfa/vault_pbs" ] || mkdir /home/alfa/vault_pbs
rmdir /home/alfa/vault || mv /home/alfa/vault "/home/alfa/vault_pbs/vault`date +-%Y-%m-%d-%Hh%Mm%Ss`"
mkdir /home/alfa/vault && chmod a+rwx /home/alfa/vault
echo 'calling sshfs' | tee -a /var/log/sshfs.log
$DAEMON $DAEMON_ARGS || return 2
date >> /var/log/sshfs.log
echo 'sshfs done' | tee -a /var/log/sshfs.log
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
echo 'umount' | tee -a /var/log/sshfs.log
umount -l /home/alfa/vault || return 1
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
:
You have to put it in /etc/init.d (I have named it sshfs) and chmod it (chmod a+x sshfs). Then type in:
update-rc.d -f sshfs defaults
This will add links in the rc.d directories.
Keeping Connection Alive
This is a config file for ssh that will let ssh and sshfs send keep alive messages every 15 seconds. This file should be called "config" and be in root's .ssh directory.
Host * ServerAliveInterval 15 Host alandfaraway.info User alfa IdentityFile ~/.ssh/id_dsa Host alandfaraway.org User alfa IdentityFile ~/.ssh/id_dsa
SSH Script for MySQL
The SSHFS connection is also used for connecting to MySQL securely. You must place the following contents in a file at /usr/local/bin/alfa-sshfs-ssh . That file will be referenced by the sshfs init script.
#!/bin/bash
a=$@
shopt -s extglob
ssh -g -L 3306:127.0.0.1:3306 ${a//-oClearAllForward*([^ ])?( )}
Make the script executable after you have pasted it in:
chmod +x /usr/local/bin/alfa-sshfs-ssh
If the Linux machine is directly connected to the Internet, specify the right interface for the port forward. Make sure to set up firewall rules for allowing port 3306 inbound, too. This should NOT be allowed inbound from the internet, just the local LAN (or Windows gameserver instance).
Sambia Install
If you need samba to access the vault continue, if you don't (Windows VM hosted on a Linux OS) you can stop here. Install Sambia:
apt-get install samba
Modify samba configuration file so that in the authentication part (it starts with ####### Authentication #######) you have the following uncommented:
security = user
And in the Home directory related part (it starts with [homes] you should have:
read only = no
After this you must do:
/etc/init.d/samba restart
On the windows machine you should now be able to type this in a cmd.exe:
net use z \\WindowsIP\alfa
