TurnKey Linux Virtual Appliance Library

building an Openfire virtual appliance on TurnKey Core

Hey there!

 At my work, my boss wanted to set up an openfire server for employees to communicate with. 

 We chose to use an openfire jabber server.

 Knowing how easy turnkey linux was to use to set up a mediawiki, we decided to give setting the openfire server up on top of turnkey core.

Opensource is all about giving back right? Well heres the script that we used to install (but not configure, as that is done though the web interface) the openfire server ontop of turnkey core. It was almost stupidly easy.

Hopefully I can download an openfire virtual appliance from turnkey in a few months the next time I need to do the setup! That would be awesome.

sudo su

#enable all of the repositories for updates and java.
echo "deb http://archive.turnkeylinux.org/ubuntu hardy main" > /etc/apt/sources.list.d/sources.list
echo "deb http://archive.turnkeylinux.org/ubuntu hardy universe" >> /etc/apt/sources.list.d/sources.list

echo "deb http://archive.ubuntu.com/ubuntu hardy main" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy universe" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy restricted" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy multiverse" >> /etc/apt/sources.list.d/sources.list

echo "deb http://archive.ubuntu.com/ubuntu hardy-updates main" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy-updates universe" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy-updates restricted" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy-updates multiverse" >> /etc/apt/sources.list.d/sources.list

echo "deb http://archive.ubuntu.com/ubuntu hardy-backports main" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy-backports universe" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy-backports restricted" >> /etc/apt/sources.list.d/sources.list
echo "deb http://archive.ubuntu.com/ubuntu hardy-backports multiverse" >> /etc/apt/sources.list.d/sources.list

apt-get update
apt-get dist-upgrade
apt-get install wget sun-java6-bin

wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire...

dpkg -i openfire_3.6.4_all.deb
 
Liraz Siri's picture

This is very useful

Thanks! Sharing your experience not only helps other users with similar needs it also helps us figure out what appliances to target for development. We've developed a chat server appliance for the next release but it's not based on OpenFire. On the other hand, adding an OpenFire based appliance doesn't really look very difficult so maybe we'll manage to squeeze that into the next release.

Alon Swartz's picture

Thanks for the info

Thanks for the info, I have registered a blueprint which you can subscribe to (and get updated on the progress).

If possible, could you provide information regarding the configuration of OpenFire, and any issues that you came across (if any)?

Additional information

Given that OpenFire is mostly configured through the application's own setup interface, I can't say that there were issues that were encountered with simply setting up the packages needed to run it. As you saw in my badly mangled script with broken english explaitions above :-P, going from not having an xmpp openfire server to having one was extremely simple.

 

    The web interface for openfire can be reachable by default through http://hostname:9090/.

    If the user chooses to use the optional LDAP integration with their local active directory, I caution them on how they go about that. We encountered problems with logging in to the server do to the server having identity issues. We were authenticating as domainname.com where the machine was in actuality on a subdomain IM.domainname.com.

    On Windows, when going from finishing the initial setup of openfire to logging into the admin console, the openfire needs to be fully restarted. On Linux, we didn't encounter this problem initially, but thats not to say that we avoided in some other manner.

    My understanding is that the default admin account is "admin" and that the email asked for is meaningless unless your machine has access to an email server. We block the email port on our filewall and access our email through a web interface. I don't know if the email option works or not, but I do know that the default admin account is "admin", unless your reading users from some other system (Such as LDAP).

    The embedded database that openfire offers the option of using worked just fine for us. But if turnkey is going to offer an openfire virtual appliance, I recommend that the liveCD have a database external to the openfire application (perhaps in a later release), as it is much more scalable.

    LDAP integration (because thats what we used it against), does NOT automatically populate users who log in with groups. The admin of the virtual appliance will need to manually configure which groups are auto added to each users contact list by using the web interface. This has its plus's and minus's, but the steps won't be immediately obvious to some folks.

    XMPP supports server to server federation. The openfire install we have does work with this. The configuration, however, requires correctly setting up the network topology. We needed to configure SRV records (because of the identity crisis i mentioned above), and DNS records. This might not be necessary for most users of a virtual appliance built on openfire.

 

    Adding new administers to the user list through the web interface was problematic for me. What I found to be ambiguous was how to seperate usernames, and which domain to claim the user is under. At various times in our tinkering, the system thought my username was jonesmz@chat.domain.com, jonesmz@domain.com, and just plain jonesmz. If the user has their topology set up from the get go, that likely won't be a problem for them.

 

    If a user locks themselves out of the admin console somehow, as I happened to go quite a bit,  adding this XML tag to their openfire.xml configuration file

 

<admin>

    <authorizedUsernames>joe, jane</authorizedUsernames>

</admin>

     

where joe, and jane, are comma seperated usernames that the openfire system already knows about.

doing that will replace the admin list with ONLY the usernames in the xml tag.

I'm not sure how extensive the openfire.xml files control over the server is.

After modding the .xml file, the server has to be restarted for the changes to take effect.

 

For the SRV stuff

The command

 

dig _xmpp-server._tcp.domain.com SRV

 

should spit out something resembeling

 

 

<<>> DiG 9.2.4 <<>> _xmpp-server._tcp.domain.com SRV

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42276

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

 

;; QUESTION SECTION:

;_xmpp-server._tcp.internaldomain.com. IN SRV

 

;; ANSWER SECTION:

_xmpp-server._tcp.internaldomain.com. 14400 IN SRV 5 0 5269 yourserver.externaldomain.org.

 

;; AUTHORITY SECTION:

internaldomain.com. 154764 IN NS dns249.d.register.com.

internaldomain.com. 154764 IN NS dns117.a.register.com.

internaldomain.com. 154764 IN NS dns123.b.register.com.

internaldomain.com. 154764 IN NS dns223.c.register.com.

 

;; ADDITIONAL SECTION:

yourserver.externaldomain.org. 13734 IN A IPAddress

dns117.a.register.com. 172764 IN A IPAddress

dns223.c.register.com. 149982 IN A IPAddress

dns249.d.register.com. 150487 IN A IPAddress

 

;; Query time: 52 msec

;; SERVER: IPAddress#53(IPAddress)

;; WHEN: Mon Jul 20 16:48:07 2009

;; MSG SIZE rcvd: 250

 

 

 

The reason for all that, is that previously we had the same domain internally and externally, but have in recent years moved our external domain to something else, and our interal stuff is still catching up.

 

 

Let me know if I can help in any way.

 

I am interested in helping to create virtual appliances. An earlier attempt of mine was to create a Trac/SVN appliance. I managed to do so by modifying an Ubuntu desktop Live CD, but I haven't had luck with the turnkey core images & UCK or remastersys.


blueprint

I've subscribed to the blueprint, and added some trivial notes to the whiteboard.


Alon Swartz's picture

Customization Mechanism (TKLPatch)

We have just released TKLPatch. If someone could create a patch for the above it would dramatically push this appliance forward.
Alon Swartz's picture

New TKLPatch section on development wiki

I have created a new section in the development wiki for TKLPatches, and have added this patch to the list. Feel free to update the patch page as you see fit.

help with script

Greetings,

I'm fairly new to the linux world which is why turnkey is my best friend right now. I've been trying for several hours and multiple scrapped VM's to get openfire on turnkey core. I copied the script above, and saved as openfire.sh. I then uploaded to the server and ran the script via: sh openfire.sh while in the cwd and as root.

Is the script working for anyone else? Is it missing anything like other dependencies or am I just doing something wrong?

Thanks,

Vash

RE: Help with script

Vashi:

 

    The script wasn't really intended to be a 1 size fits all. It was more of an example for the turnkey developers.

 

    Heres an explaination of what it does.

    Enables all of the repositories. Given its been several months since, there may have been changes. I do this for security and preformance updates.

    Installs those updates.

    Installs wget, to easily download the openfire package.

    Installs java, which is needed to run openfire.

    Uses wget to download the openfire package.

    Uses dpkg to install open fire, using the -i flag.

 

    Once the openfire package is installed, you should use your webbrowser to go to the setup website for openfire. My second post has some info on how to use that.

 

    Let me know if you have specific questions.


turnkey linux base: problems trying to install openfire

Im triying to install openfire in the new turnkey base appliance based on lucid distro. Let me say that I am frustated because I cant even update the sistem.

When I try to update I get the following:

 

root@core ~# apt-get update
Get:1 http://archive.ubuntu.com lucid-security Release.gpg [793B]
Get:2 http://archive.ubuntu.com lucid Release.gpg [793B]
Get:3 http://archive.ubuntu.com lucid-updates Release.gpg [793B]
Get:4 http://archive.ubuntu.com lucid-security Release [793B]
Get:5 http://archive.ubuntu.com lucid Release [793B]
Get:6 http://archive.ubuntu.com lucid-updates Release [793B]
Ign http://archive.ubuntu.com lucid-security Release
Ign http://archive.ubuntu.com lucid Release
Get:7 http://archive.ubuntu.com lucid-security/main Packages [793B]
Ign http://archive.ubuntu.com lucid-updates Release
Get:8 http://archive.ubuntu.com lucid-security/universe Packages [793B]
Get:9 http://archive.ubuntu.com lucid/main Packages [793B]
Get:10 http://archive.ubuntu.com lucid/universe Packages [793B]
Get:11 http://archive.ubuntu.com lucid-updates/main Packages [793B]
Get:12 http://archive.ubuntu.com lucid-updates/universe Packages [793B]
99% [7 Packages lzma 0B] [Waiting for headers]/usr/bin/lzma: Decoder error
Err http://archive.ubuntu.com lucid-security/main Packages
  Sub-process /usr/bin/lzma returned an error code (1)
99% [8 Packages lzma 0B] [Waiting for headers]/usr/bin/lzma: Decoder error
Err http://archive.ubuntu.com lucid-security/universe Packages
  Sub-process /usr/bin/lzma returned an error code (1)
99% [9 Packages lzma 0B] [Waiting for headers]/usr/bin/lzma: Decoder error
Err http://archive.ubuntu.com lucid/main Packages
  Sub-process /usr/bin/lzma returned an error code (1)
99% [10 Packages lzma 0B] [Waiting for headers]/usr/bin/lzma: Decoder error
Err http://archive.ubuntu.com lucid/universe Packages
  Sub-process /usr/bin/lzma returned an error code (1)
99% [11 Packages lzma 0B] [Waiting for headers]/usr/bin/lzma: Decoder error
Err http://archive.ubuntu.com lucid-updates/main Packages
  Sub-process /usr/bin/lzma returned an error code (1)
99% [12 Packages lzma 0B] [Waiting for headers]/usr/bin/lzma: Decoder error
Err http://archive.ubuntu.com lucid-updates/universe Packages
  Sub-process /usr/bin/lzma returned an error code (1)
Get:13 http://archive.turnkeylinux.org lucid-security Release.gpg [490B]
Get:14 http://archive.turnkeylinux.org lucid Release.gpg [490B]
Get:15 http://archive.turnkeylinux.org lucid-security Release [1918B]
Get:16 http://archive.turnkeylinux.org lucid Release [1891B]
Ign http://archive.turnkeylinux.org lucid-security/main Packages
Ign http://archive.turnkeylinux.org lucid/main Packages
Get:17 http://archive.turnkeylinux.org lucid-security/main Packages [866B]
Get:18 http://archive.turnkeylinux.org lucid/main Packages [24.8kB]
Fetched 39.9kB in 6s (6413B/s)
W: GPG error: http://archive.ubuntu.com lucid-security Release: The following signatures were invalid: NODATA 1 NODATA 2
W: GPG error: http://archive.ubuntu.com lucid Release: The following signatures were invalid: NODATA 1 NODATA 2
W: GPG error: http://archive.ubuntu.com lucid-updates Release: The following signatures were invalid: NODATA 1 NODATA 2
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-security/main/binary-i386/P...  Sub-process /usr/bin/lzma returned an error code (1)
 
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-security/universe/binary-i3...  Sub-process /usr/bin/lzma returned an error code (1)
 
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/main/binary-i386/Packages.lzma  Sub-process /usr/bin/lzma returned an error code (1)
 
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid/universe/binary-i386/Packag...  Sub-process /usr/bin/lzma returned an error code (1)
 
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/main/binary-i386/Pa...  Sub-process /usr/bin/lzma returned an error code (1)
 
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/universe/binary-i38...  Sub-process /usr/bin/lzma returned an error code (1)
 
E: Some index files failed to download, they have been ignored, or old ones used instead.
 
As you can see I obtain a lot of errors , and I just install the appliance and type  apt-get update command !!
 
Cuold you please give me a hand on this?
 
Thanyou in advance

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)