Keep old ejabberd (#125)

* preserve old ejabberd as ejabberd-xs

* have 5-xo-services use ejabberd-xs

* install latest ejabberd on is_redhat

* move ejabberd to 6-generic-apps

* move the repo exclude

* rename directory from - to _

* make disabled work

roles/2-common/tasks/centos.yml

@@ -19,14 +19,6 @@
    - iiab-centos.repo
    - li.nux.ro.repo
 
-- name: Disable updating ejabberd on CentOS
-  shell: sed -i -e '/^enabled=/a exclude=ejabberd' {{ item }}
-  with_items:
-    - /etc/yum.repos.d/CentOS-Base.repo
-    - /etc/yum.repos.d/CentOS-CR.repo
-    - /etc/yum.repos.d/CentOS-fasttrack.repo
-    - /etc/yum.repos.d/CentOS-Vault.repo
-
 - name: Disable updating ansible on CentOS
   shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }}
   with_items:
@@ -35,4 +27,3 @@
     - /etc/yum.repos.d/CentOS-fasttrack.repo
     - /etc/yum.repos.d/CentOS-Vault.repo
   when: ansible_distribution == "CentOS"
-

roles/2-common/tasks/fedora.yml

@@ -14,13 +14,6 @@
   shell: yum --enablerepo=rpmfusion-free-updates install exfat-utils fuse-exfat
   when: exFAT_enabled == "True"
 
-- name: Disable updating ejabberd on Fedora
-  shell: sed -i -e '/^enabled=/a exclude=ejabberd' {{ item }}
-  with_items:
-    - /etc/yum.repos.d/fedora.repo
-    - /etc/yum.repos.d/fedora-updates.repo
-    - /etc/yum.repos.d/fedora-updates-testing.repo
-
 - name: Disable updating ansible on Fedora
   shell: sed -i -e '/^enabled=/a exclude=ansible' {{ item }}
   with_items:

roles/5-xo-services/meta/main.yml

@@ -1,4 +1,4 @@
 dependencies:
-   - { role: ejabberd, tags: ['olpc','ejabberd','xo-services'], when: ejabberd_install }
+   - { role: ejabberd_xs, tags: ['olpc','ejabberd-xs','xo-services'], when: ejabberd_xs_install }
    - { role: idmgr,  tags: ['olpc','idmgr','xo-services'], when: idmgr_install }
-   - { role: activity-server, tags: ['olpc','activity-server','xo-services'], when: activity_server_install  }   
+   - { role: activity-server, tags: ['olpc','activity-server','xo-services'], when: activity_server_install }

roles/6-generic-apps/meta/main.yml

@@ -6,3 +6,4 @@ dependencies:
    - { role: dokuwiki, tags: ['generic','dokuwiki'], when: dokuwiki_install }
    - { role: wordpress, tags: ['generic','wordpress'], when: wordpress_install }
    - { role: calibre, tags: ['generic','calibre'], when: calibre_install }
+   - { role: ejabberd, tags: ['generic','ejabberd'], when: ejabberd_install }

roles/ejabberd/tasks/main.yml

@@ -1,12 +1,3 @@
-- name: Install ejabberd packages
-  package: name={{ item }}
-           state=present
-  with_items:
-   - ejabberd-2.1.11
-  tags:
-    - download
-  when: not is_debuntu
-
 - name: Install ejabberd packages
   package: name={{ item }}
            state=present
@@ -14,7 +5,6 @@
    - ejabberd
   tags:
     - download
-  when: is_debuntu
 
 - name: Configure ejabberd
   template: backup=yes

roles/ejabberd_xs/tasks/main.yml

@@ -0,0 +1,88 @@
+- name: Install ejabberd packages
+  package: name={{ item }}
+           state=present
+  with_items:
+   - ejabberd-2.1.11
+  tags:
+    - download
+  when: not is_debuntu
+
+# need to use lineinfile and better regexp
+- name: Disable updating ejabberd on CentOS
+  shell: sed -i -e '/^enabled=/a exclude=ejabberd' {{ item }}
+  with_items:
+    - /etc/yum.repos.d/CentOS-Base.repo
+    - /etc/yum.repos.d/CentOS-CR.repo
+    - /etc/yum.repos.d/CentOS-fasttrack.repo
+    - /etc/yum.repos.d/CentOS-Vault.repo
+  when: ejabberd_xs_install and is_centos
+
+- name: Disable updating ejabberd on Fedora
+  shell: sed -i -e '/^enabled=/a exclude=ejabberd' {{ item }}
+  with_items:
+    - /etc/yum.repos.d/fedora.repo
+    - /etc/yum.repos.d/fedora-updates.repo
+    - /etc/yum.repos.d/fedora-updates-testing.repo
+  when: ejabberd_xs_install and ansible_distribution == "Fedora"
+
+- name: Configure ejabberd
+  template: backup=yes
+            src={{ item.src }}
+            dest={{ item.dest }}
+            owner=root
+            group=root
+            mode={{ item.mode }}
+  with_items:
+    - { src: 'ejabberd-xs.cfg.j2', dest: '/etc/ejabberd/ejabberd-xs.cfg' , mode: '0644' }
+    - { src: 'ejabberdctl.cfg.j2', dest: '/etc/ejabberd/ejabberdctl.cfg', mode: '0644' }
+    - { src: 'ejabberd-xs', dest: '/etc/sysconfig/ejabberd-xs', mode: '0755' }
+#    - { src: 'ejabberd-domain-config', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd', mode: '0755'}
+#    - { src: 'ejabberd', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/ejabberd' , mode: '0755' }
+    - { src: 'ejabberd-xs.service.j2', dest: '/etc/systemd/system/ejabberd-xs.service', mode: '0755' }
+    - { src: 'xs-ejabberd-srg', dest: '/usr/bin/xs-ejabberd-srg' , mode: '0755' }
+    - { src: '10-ejabberdmoodle', dest: '/etc/sudoers.d/10-ejabberdmoodle', mode: '0440' }
+    - { src: 'ejabberd.tmpfiles', dest: '/etc/tmpfiles.d/ejabberd.conf', mode: '0640' }
+  register: ejabberd_config
+  when: not is_debuntu
+
+- name: Put the startup script in place - non debian
+  template: src='ejabberd-xs.init'
+            dest='/usr/libexec/ejabberd-xs'
+  when: not is_debuntu
+
+- name: Remove ejabberd_domain if domain changes
+  file: path=/etc/sysconfig/ejabberd_domain_name
+        state=absent
+  when: ejabberd_config.changed and ejabberd_config is defined and not is_debuntu
+
+- name: Enable ejabberd service
+  file: src=/etc/systemd/system/ejabberd-xs.service
+        dest=/etc/systemd/system/multi-user.target.wants/ejabberd-xs.service
+        owner=root
+        group=root
+        state=link
+  when: not is_debuntu and ejabberd_xs_enabled
+
+- name: Start ejabberd service
+  service: name=ejabberd-xs
+           state=restarted
+           enabled=yes
+  when: ejabberd_config.changed and ejabberd_xs_enabled and not is_debuntu
+
+- name: Wait for ejabberd service start
+  wait_for: port=5280
+            delay=15
+            state=started
+            timeout=300
+  when: ejabberd_config.changed and ejabberd_xs_enabled
+
+- name: Create online group
+  shell: ejabberdctl srg_create Online "schoolserver" Online "Online_Users" Online
+  when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
+
+- name: Add all users to online group
+  shell: ejabberdctl srg_user_add '@online@' "schoolserver" Online "schoolserver"
+  when: ejabberd_config.changed and not is_debuntu and ejabberd_xs_enabled
+
+
+

roles/ejabberd_xs/templates/10-ejabberdmoodle

@@ -0,0 +1,12 @@
+##
+## 10-ejabberdmoodle
+## for ejabberd-moodle interaction
+##
+
+# allow the apache user to invoke ejabberdctl and start/stop/condrestart 
+Defaults:apache !requiretty
+Cmnd_Alias EJABBERDCTL = /usr/sbin/ejabberdctl 
+Cmnd_Alias EJABBERDINIT = /etc/init.d/ejabberd start , /etc/init.d/ejabberd stop , /etc/init.d/ejabberd condrestart
+
+apache ALL = (ejabberd) NOPASSWD: EJABBERDCTL
+apache ALL = (root) NOPASSWD: EJABBERDINIT

roles/ejabberd_xs/templates/ejabberd

@@ -0,0 +1,62 @@
+#!/bin/sh -e
+
+#
+# ejabberd now handles domain changes in the initrd script
+#
+SERVICE_NAME=ejabberd-xs
+
+CONFIG_LIST="/etc/ejabberd/ejabberd-xs.cfg"
+
+# taken from ejabberd spec %post
+# taken from ejabberd spec %post
+#function do-cert(){
+#    (cd /etc/ejabberd
+#    if [ ! -f ejabberd.pem ]
+#    then	
+#	echo "Generating SSL certificate /etc/ejabberd/ejabberd.pem..."
+#	HOSTNAME=$(hostname -s)
+#	DOMAINNAME=$(hostname -d)
+#	openssl req -new -x509 -days 36500 -nodes -out ejabberd.pem -keyout ejabberd.pem > /dev/null 2>&1 << +++
+#	.
+#	.
+#	.
+#	$DOMAINNAME
+#	$HOSTNAME
+#	ejabberd
+#	root@$HOSTNAME.$DOMAINNAME
+#	+++
+#	chown ejabberd:ejabberd ejabberd.pem
+#	chmod 600 ejabberd.pem
+#    fi)
+#}
+
+#  This is the suffix which original versions of modified files will have
+BACKUP_SUFFIX=old
+
+short_host=`hostname -s`
+new_name=$short_host.$1
+
+for config in $CONFIG_LIST;
+do
+    if [ -e $config.in ]; then
+	if [ -e $config ]; then
+	    mv $config $config.$BACKUP_SUFFIX
+	fi
+	sed -e s/{{ iiab_hostname }}/$new_name/ $config.in > $config ;
+    else
+	echo WARNING: Skipped $config - template file is missing!
+    fi
+done
+
+#if [ -e /etc/ejabberd/ejabberd.pem.$1 ]; then
+#    rm /etc/ejabberd/ejabberd.pem.$1	
+#fi
+#mv /etc/ejabberd/ejabberd.pem /etc/ejabberd/ejabberd.pem.$1
+#do-cert
+
+# Since for the community edition, we don't really expect all modules to be present
+#   Just exit, and expect the user to do a restart
+
+exit 0
+
+

roles/ejabberd_xs/templates/ejabberd-xs

@@ -0,0 +1,13 @@
+## Settings for ejabberd
+
+## Where should ejabberd find its configuration file?
+#
+CONFIG_FILE=/etc/ejabberd/ejabberd-xs.cfg
+
+## ULIMIT_MAX_FILES alters the number of files that ejabberd is
+## allowed to have open at once.  If it is unset the system default
+## (usually 1024) will be used.  ejabberd will want over twice as many
+## open files as it has active connections, so if you have a few
+## hundred or more users you will want to set this.
+#
+ULIMIT_MAX_FILES=40000

roles/ejabberd_xs/templates/ejabberd-xs.cfg.j2

@@ -0,0 +1,454 @@
+%%%
+%%%               ejabberd configuration file
+%%%
+
+%%% The parameters used in this configuration file are explained in more detail
+%%% in the ejabberd Installation and Operation Guide.
+%%% Please consult the Guide in case of doubts, it is included in 
+%%% your copy of ejabberd, and is also available online at
+%%% http://www.process-one.net/en/ejabberd/docs/
+
+%%% This configuration file contains Erlang terms.
+%%% In case you want to understand the syntax, here are the concepts:
+%%%
+%%%  - The character to comment a line is %
+%%%
+%%%  - Each term ends in a dot, for example:
+%%%      override_global.
+%%%
+%%%  - A tuple has a fixed definition, its elements are 
+%%%    enclosed in {}, and separated with commas:
+%%%      {loglevel, 4}.
+%%%
+%%%  - A list can have as many elements as you want, 
+%%%    and is enclosed in [], for example:
+%%%      [http_poll, web_admin, tls]
+%%%
+%%%  - A keyword of ejabberd is a word in lowercase. 
+%%%    The strings are enclosed in "" and can have spaces, dots...
+%%%      {language, "en"}.
+%%%      {ldap_rootdn, "dc=example,dc=com"}. 
+%%%
+%%%  - This term includes a tuple, a keyword, a list and two strings:
+%%%      {hosts, ["jabber.example.net", "im.example.com"]}.
+%%%
+
+
+%%%   =======================
+%%%   OVERRIDE STORED OPTIONS
+
+%%
+%% Override the old values stored in the database.
+%%
+
+%%
+%% Override global options (shared by all ejabberd nodes in a cluster).
+%%
+override_global.
+
+%%
+%% Override local options (specific for this particular ejabberd node).
+%%
+override_local.
+
+%%
+%% Remove the Access Control Lists before new ones are added.
+%%
+override_acls.
+
+
+%%%   =========
+%%%   DEBUGGING
+
+%%
+%% loglevel: Verbosity of log files generated by ejabberd.
+%% 0: No ejabberd log at all (not recommended)
+%% 1: Critical
+%% 2: Error
+%% 3: Warning
+%% 4: Info
+%% 5: Debug
+%%
+{loglevel, 4}.
+
+%%
+%% watchdog_admins: If an ejabberd process consumes too much memory, 
+%% send live notifications to those Jabber accounts.
+%%
+%%{watchdog_admins, ["bob@example.com"]}.
+
+
+%%%   ================
+%%%   SERVED HOSTNAMES
+
+%%
+%% hosts: Domains served by ejabberd.
+%% You can define one or several, for example:
+%% {hosts, ["example.net", "example.com", "example.org"]}.
+%%
+{hosts, ["{{ iiab_hostname }}.{{ iiab_domain }}"]}.
+
+%%
+%% route_subdomains: Delegate subdomains to other Jabber server.
+%% For example, if this ejabberd serves example.org and you want
+%% to allow communication with a Jabber server called im.example.org.
+%%
+%%{route_subdomains, s2s}.
+
+
+%%%   ===============
+%%%   LISTENING PORTS
+
+%%
+%% listen: Which ports will ejabberd listen, which service handles it
+%% and what options to start it with.
+%%
+{listen,
+ [
+
+  {5222, ejabberd_c2s, [
+
+			%%
+			%% If TLS is compiled and you installed a SSL
+			%% certificate, put the correct path to the 
+			%% file and uncomment this line:
+			%%
+			%%{certfile, "/path/t/etc/ejabberd/ejabberd.pem"}, starttls,
+                        inet6,
+			{access, c2s},
+			{shaper, c2s_shaper},
+			{max_stanza_size, 524288}
+		       ]}
+
+  %%
+  %% To enable the old SSL connection method in port 5223:
+  %%
+  , {5223, ejabberd_c2s, [
+                        inet6,
+  			{access, c2s},
+  			{shaper, c2s_shaper},
+  			tls, {certfile, "/etc/ejabberd/ejabberd.pem"},
+  			{max_stanza_size, 524288}
+  		       ]}
+
+  %% , {5269, ejabberd_s2s_in, [
+  %%			   {shaper, s2s_shaper},
+  %%			   {max_stanza_size, 131072}
+  %%			  ]},
+
+  %%
+  %% ejabberd_service: Interact with external components (transports...)
+  %%
+  %% , {8888, ejabberd_service, [
+  %%			    {access, all}, 
+  %%			    {shaper_rule, fast},
+  %%			    {ip, {127, 0, 0, 1}},
+  %%			    {hosts, ["icq.example.org", "sms.example.org"],
+  %%			     [{password, "secret"}]
+  %%			    }
+  %%			   ]}
+
+  , {5280, ejabberd_http, [
+                         inet6,
+  			 http_poll, 
+  			 web_admin
+  			]}
+
+ ]}.
+
+%%
+%% s2s_use_starttls: Enable STARTTLS + Dialback for S2S connections.
+%% Allowed values are: true or false.
+%% You must specify a certificate file.
+%%
+%%{s2s_use_starttls, true}.
+
+%%
+%% s2s_certfile: Specify a certificate file.
+%%
+%%{s2s_certfile, "/path/t/etc/ejabberd/ejabberd.pem"}.
+
+%%
+%% domain_certfile: Specify a different certificate for each served hostname.
+%%
+%%{domain_certfile, "example.org", "/path/to/example_org.pem"}.
+%%{domain_certfile, "example.com", "/path/to/example_com.pem"}.
+
+%%
+%% S2S whitelist or blacklist
+%%
+%% Default s2s policy for undefined hosts.
+%%
+{s2s_default_policy, deny}.
+
+%%
+%% Allow or deny communication with specific servers.
+%%
+%%{{ '{{' }}s2s_host, "goodhost.org"}, allow}.
+%%{{ '{{' }}s2s_host, "badhost.org"}, deny}.
+
+
+%%%   ==============
+%%%   AUTHENTICATION
+
+%%
+%% auth_method: Method used to authenticate the users.
+%% The default method is the internal.
+%% If you want to use a different method, 
+%% comment this line and enable the correct ones.
+%%
+{auth_method, internal}.
+
+%%
+%% Authentication using external script
+%% Make sure the script is executable by ejabberd.
+%%
+%%{auth_method, external}.
+%%{extauth_program, "/path/to/authentication/script"}.
+
+%%
+%% Authentication using ODBC
+%% Remember to setup a database in the next section.
+%%
+%%{auth_method, odbc}.
+
+%%
+%% Authentication using PAM
+%%
+%%{auth_method, pam}.
+%%{pam_service, "pamservicename"}.
+
+%%
+%% Authentication using LDAP
+%%
+%%{auth_method, ldap}.
+%%
+%% List of LDAP servers:
+%%{ldap_servers, ["localhost"]}.    
+%%
+%% LDAP attribute that holds user ID:
+%%{ldap_uids, [{"mail", "%u@mail.example.org"}]}. 
+%%
+%% Search base of LDAP directory:
+%%{ldap_base, "dc=example,dc=com"}. 
+%%
+%% LDAP manager:
+%%{ldap_rootdn, "dc=example,dc=com"}. 
+%%
+%% Password to LDAP manager:
+%%{ldap_password, "******"}. 
+
+%%
+%% Anonymous login support:
+%%   auth_method: anonymous
+%%   anonymous_protocol: sasl_anon | login_anon | both
+%%   allow_multiple_connections: true | false
+%%
+%%{host_config, "public.example.org", [{auth_method, anonymous},
+%%                                     {allow_multiple_connections, false},
+%%                                     {anonymous_protocol, sasl_anon}]}.
+%%
+%% To use both anonymous and internal authentication:
+%%
+%%{host_config, "public.example.org", [{auth_method, [internal, anonymous]}]}.
+
+
+%%%   ==============
+%%%   DATABASE SETUP
+
+%% ejabberd uses by default the internal Mnesia database,
+%% so you can avoid this section.
+%% This section provides configuration examples in case
+%% you want to use other database backends.
+%% Please consult the ejabberd Guide for details about database creation.
+
+%%
+%% MySQL server:
+%%
+%%{odbc_server, {mysql, "server", "database", "username", "password"}}.
+%%
+%% If you want to specify the port:
+%%{odbc_server, {mysql, "server", 1234, "database", "username", "password"}}.
+
+%%
+%% PostgreSQL server:
+%%
+%%{odbc_server, {pgsql, "server", "database", "username", "password"}}.
+%%
+%% If you want to specify the port:
+%%{odbc_server, {pgsql, "server", 1234, "database", "username", "password"}}.
+%%
+%% If you use PostgreSQL, have a large database, and need a
+%% faster but inexact replacement for "select count(*) from users"
+%%
+%%{pgsql_users_number_estimate, true}.
+
+%%
+%% ODBC compatible or MSSQL server:
+%%
+%%{odbc_server, "DSN=ejabberd;UID=ejabberd;PWD=ejabberd"}.
+
+
+%%%   ===============
+%%%   TRAFFIC SHAPERS
+
+%%
+%% The "normal" shaper limits traffic speed to 1.000 B/s
+%%
+{shaper, normal, {maxrate, 1000}}.
+
+%%
+%% The "fast" shaper limits traffic speed to 50.000 B/s
+%%
+{shaper, fast, {maxrate, 50000}}.
+
+
+%%%   ====================
+%%%   ACCESS CONTROL LISTS
+
+%%
+%% The 'admin' ACL grants administrative privileges to Jabber accounts.
+%% You can put as many accounts as you want.
+%%
+%%{acl, admin, {user, "aleksey", "localhost"}}.
+%%{acl, admin, {user, "ermine", "example.org"}}.
+{acl, admin, {user, "admin", "{{ iiab_hostname }}.{{ iiab_domain }}"}}.
+
+%%
+%% Blocked users
+%%
+%%{acl, blocked, {user, "baduser", "example.org"}}.
+%%{acl, blocked, {user, "test"}}.
+
+%%
+%% Local users: dont modify this line.
+%%
+{acl, local, {user_regexp, ""}}.
+
+%%
+%% More examples of ACLs
+%%
+%%{acl, jabberorg, {server, "jabber.org"}}.
+%%{acl, aleksey, {user, "aleksey", "jabber.ru"}}.
+%%{acl, test, {user_regexp, "^test"}}.
+%%{acl, test, {user_glob, "test*"}}.
+
+
+%%%   ============
+%%%   ACCESS RULES
+
+%% Define the maximum number of time a single user is allowed to connect:
+{access, max_user_sessions, [{10, all}]}.
+
+%% This rule allows access only for local users:
+{access, local, [{allow, local}]}.
+
+%% Only non-blocked users can use c2s connections:
+{access, c2s, [{deny, blocked},
+	       {allow, all}]}.
+
+%% For all users except admins used "normal" shaper
+{access, c2s_shaper, [{none, admin},
+		      {fast, all}]}.
+
+%% For all S2S connections used "fast" shaper
+{access, s2s_shaper, [{fast, all}]}.
+
+%% Only admins can send announcement messages:
+{access, announce, [{allow, admin}]}.
+
+%% Only admins can use configuration interface:
+{access, configure, [{allow, admin}]}.
+
+%% Admins of this server are also admins of MUC service:
+{access, muc_admin, [{allow, admin}]}.
+
+%% All users are allowed to use MUC service:
+{access, muc, [{allow, all}]}.
+
+%% Every username can be registered via in-band registration:
+%% To disable in-band registration, replace 'allow' with 'deny'.
+{access, register, [{allow, all}]}.
+
+%% Allow repeat registration from the same client (necessary for testing)
+%% Set to a positive integer (or comment out) to restrict with a timeout.
+%% (infinity means zero; 0 does not work)
+% {registration_timeout, infinity}.
+
+%% Everybody can create pubsub nodes
+{access, pubsub_createnode, [{allow, all}]}.
+
+
+%%%   ================
+%%%   DEFAULT LANGUAGE
+
+%%
+%% language: Default language used for server messages.
+%%
+{language, "en"}.
+
+
+%%%   =======
+%%%   MODULES
+
+%%
+%% Modules enabled in all ejabberd virtual hosts.
+%%
+{modules,
+ [
+  {mod_adhoc,    []},
+  {mod_announce, [{access, announce}]}, % requires mod_adhoc
+  {mod_caps,     []},
+  {mod_configure,[]}, % requires mod_adhoc
+  {mod_admin_extra, []},
+  {mod_disco,    []},
+  %%{mod_echo,   [{host, "echo.localhost"}]},
+  {mod_irc,      []},
+  {mod_last,     []},
+  {mod_muc,      [
+		  {host, "conference.@HOST@"},
+		  {access, muc},
+		  {access_create, muc},
+		  {access_persistent, muc},
+		  {access_admin, muc_admin}
+		 ]},
+  %%{mod_muc_log,[]},
+  {mod_offline,  []},
+  {mod_privacy,  []},
+  {mod_private,  []},
+  %%{mod_proxy65,[]},
+  {mod_pubsub,   [{access_createnode, pubsub_createnode},
+                  {plugins, ["default", "pep"]}
+                 ]},
+  {mod_register, [
+		  %%
+		  %% After successful registration, the user receives 
+		  %% a message with this subject and body.
+		  %%
+		  %%{welcome_message, {"Welcome!", 
+		  %%		     "Welcome to this Jabber server."}},
+
+		  %%
+		  %% When a user registers, send a notification to 
+		  %% these Jabber accounts.
+		  %%
+		  %%{registration_watchers, ["admin1@example.org"]},
+
+		  {access, register}
+		 ]},
+  {mod_roster,   []},
+  %%{mod_service_log,[]},
+  {mod_shared_roster,[]},
+  {mod_stats,    []},
+  {mod_time,     []},
+  {mod_vcard,    []},
+  {mod_version,  []}
+ ]}.
+
+
+%%% $Id: ejabberd.cfg.example 988 2007-11-26 21:29:14Z badlop $
+
+%%% Local Variables:
+%%% mode: erlang
+%%% End:
+%%% vim: set filetype=erlang tabstop=8:

roles/ejabberd_xs/templates/ejabberd-xs.init

@@ -0,0 +1,222 @@
+#!/bin/bash
+#
+# ejabberd    Start and stop ejabberd.
+
+# chkconfig: - 40 60
+# description: ejabberd
+# processname: ejabberd
+# pidfile: /var/run/ejabberd/ejabberd.pid
+
+### BEGIN INIT INFO
+# Provides: ejabberd
+# Required-Start: network
+# Required-Stop: network
+# Default-Start:
+# Default-Stop: 0 1 6
+# Short-Description: Start and stop ejabberd
+# Description: A distributed, fault-tolerant Jabber/XMPP server
+### END INIT INFO
+
+. /etc/rc.d/init.d/functions
+
+if [ -r /etc/sysconfig/ejabberd-xs ]; then
+	. /etc/sysconfig/ejabberd-xs
+fi
+
+if [ ! "$CONFIG_FILE" ]; then
+	CONFIG_FILE=/etc/ejabberd/ejabberd.cfg
+fi
+
+# /var/run is tmpfs in fc18, so need to create every time
+mkdir -p /var/run/ejabberd
+chown ejabberd:ejabberd /var/run/ejabberd
+
+# avoid using consolehelper, call ejabberdctl directly
+progctl=/usr/sbin/ejabberdctl
+
+SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
+OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
+
+check_domain_configured() {
+    if [ ! -e /etc/sysconfig/xs_domain_name ]; then
+	echo "Domain not configured yet" > /dev/stderr
+	exit 1;
+    fi
+
+    domain=`cat "$SYS_DOMAIN_FILE" `
+    if [ "$domain" == "random.xs.laptop.org" ]; then
+	echo "Domain not configured yet" > /dev/stderr
+	exit 1;
+    fi
+
+    #hostname=`hostname -f`
+    hostname=`hostname `
+    if [ "$hostname" == "localhost.localdomain" ]; then
+         echo "Domain not configured yet" > /dev/stderr
+    fi
+
+#    if [ "$hostname" != "schoolserver.$domain" ]; then
+#         echo "Domain changed -- restart to enable ejabberd" > /dev/stderr
+#    fi
+
+    short_host=`hostname -s`
+    node_name=`cat $OUR_DOMAIN_FILE`
+
+#    if [ ! -e "$OUR_DOMAIN_FILE" ] || ! cmp "$SYS_DOMAIN_FILE" "$OUR_DOMAIN_FILE" ; then
+    if [ ! -e "$OUR_DOMAIN_FILE" ] ; then
+	update_domain
+    fi
+}
+
+update_domain() {
+
+    BACKUP_SUFFIX=old
+
+    if [ -e $CONFIG_FILE ]; then
+	cp $CONFIG_FILE $CONFIG_FILE.$BACKUP_SUFFIX || exit 1
+    fi
+
+    new_name=$short_host.$domain
+
+    #(sed -e s/@@BASEDNSNAME2@@/$new_name/ $CONFIG_FILE.in > $CONFIG_FILE.tmp ) && mv $CONFIG_FILE.tmp $CONFIG_FILE || exit 1
+
+    # If we are changing the domain, we must clear the DB.
+    if [ -e /var/lib/ejabberd/online_src_created ] ; then
+	rm -f /var/lib/ejabberd/online_src_created
+    fi
+    if [ -d /var/lib/ejabberd/spool/ ]; then
+	rm -f /var/lib/ejabberd/spool/*
+    fi
+
+    # Mark as done -
+    # cp "$SYS_DOMAIN_FILE" "$OUR_DOMAIN_FILE"
+    echo "$domain" > "$OUR_DOMAIN_FILE"
+}
+
+setup_online_srg() {
+
+    if [ -e /var/lib/ejabberd/online_src_created ]; then
+	return 0
+    fi;
+
+    # give ejabberd a bit of time to startup on XO-1 HW :-)
+    sleep 10;
+
+    short_host=`hostname -s`
+    domain=`cat "$SYS_DOMAIN_FILE"`
+
+    # Note: grep -q exits as soon as the match is found, which ejabberdctl
+    # doesn't like. So we send the output to /dev/null instead - more
+    # portable too.
+    #
+    # ejabberdctl should handle SIGPIPE without messing up, but that's
+    # a minor problem anyway.
+    #
+    if ! ejabberdctl srg_list "$short_host.$domain" | grep '^Online$' > /dev/null ; then
+	# ejabberdctl doesn't like spaces in the description field.
+	# backslashes work - but escaping is better left alone for now :-)
+	ejabberdctl srg_create Online "$short_host.$domain" \
+	    Online "Created_by_ejabberd_init" Online
+	[ $? -eq 0 ] || return 1
+    fi
+
+    if ! ejabberdctl srg_get_info Online "$short_host.$domain" | grep '^online_users: true$' > /dev/null ; then
+	ejabberdctl srg_user_add '@online@' "$short_host.$domain" \
+	    Online "$short_host.$domain"
+	[ $? -eq 0 ] || return 1
+    fi
+
+    # mark success
+    touch /var/lib/ejabberd/online_src_created
+}
+
+is_running() {
+	/sbin/runuser -s /bin/bash - ejabberd -c "$progctl status" &>/dev/null
+}
+
+start() {
+        echo -n $"Starting ejabberd: "
+	#if [ "$ULIMIT_MAX_FILES" ]; then
+	#	ulimit -n $ULIMIT_MAX_FILES
+	#fi
+
+	check_domain_configured
+
+	# check whether ejabberd was already started
+	if is_running; then
+		echo -n "already running" && warning && echo
+		return 0
+	fi
+
+	daemon --user=ejabberd $progctl start	--config $CONFIG_FILE \
+				--ctl-config /etc/ejabberd/ejabberdctl.cfg \
+				--logs "/var/log/ejabberd" \
+				--spool "/var/lib/ejabberd/spool" \
+				2>/dev/null
+        RETVAL=$?
+        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ejabberd
+        echo
+
+	# it takes some time to actually start necessary nodes
+	sleep 5
+
+	# Ignore the return val of setup_online_srg
+	# ==> startup even if the SRG setup had errors.
+    set +e;
+    setup_online_srg
+
+        return $RETVAL
+}
+
+stop() {
+        # Stop daemons.
+        echo -n "Shutting down ejabberd: "
+
+	# check whether ejabberd was already stopped
+	if ! is_running; then
+		echo -n "already stopped" && warning && echo
+		return 0
+	fi
+
+	daemon $progctl stop 2>/dev/null
+        RETVAL=$?
+        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ejabberd
+        echo
+
+	# it takes some time to actually stop necessary nodes
+	sleep 5
+
+        return $RETVAL
+}
+
+restart() {
+        stop
+	sleep 5
+        start
+}
+
+# See how we were called.
+case "$1" in
+  start)
+        start
+        ;;
+  stop)
+        stop
+        ;;
+  restart|force-reload)
+        restart
+        ;;
+  condrestart|try-restart)
+        [ -f /var/lock/subsys/ejabberd ] && restart || :
+        ;;
+  status)
+	$progctl status
+        ;;
+  *)
+        echo "Usage: ejabberd {start|stop|restart|force-reload|condrestart|try-restart|status}"
+        exit 2
+esac
+
+exit $RETVAL
+
+

roles/ejabberd_xs/templates/ejabberd-xs.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description=A distributed, fault-tolerant Jabber/XMPP server
+After=network.target local-fs.target
+
+[Service]
+Type=oneshot
+User=root
+Group=root
+LimitNOFILE=50000
+RestartSec=5
+EnvironmentFile=/etc/sysconfig/ejabberd-xs
+ExecStart=/usr/libexec/ejabberd-xs start
+ExecStop=/usr/libexec/ejabberd-xs stop
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target

roles/ejabberd_xs/templates/ejabberd.tmpfiles

@@ -0,0 +1,2 @@
+d /run/lock/ejabberdctl 0750 ejabberd ejabberd
+d /var/run/ejabberd 0750 ejabberd ejabberd

roles/ejabberd_xs/templates/ejabberdctl.cfg.j2

@@ -0,0 +1,154 @@
+#
+# In this file you can configure options that are passed by ejabberdctl
+# to the erlang runtime system when starting ejabberd
+#
+
+#' POLL: Kernel polling ([true|false])
+#
+# The kernel polling option requires support in the kernel.
+# Additionally, you need to enable this feature while compiling Erlang.
+#
+# Default: true
+#
+#POLL=true
+
+#.
+#' SMP: SMP support ([enable|auto|disable])
+#
+# Explanation in Erlang/OTP documentation:
+# enable: starts the Erlang runtime system with SMP support enabled.
+#   This may fail if no runtime system with SMP support is available.
+# auto: starts the Erlang runtime system with SMP support enabled if it
+#   is available and more than one logical processor are detected.
+# disable: starts a runtime system without SMP support.
+#
+# Default: auto
+#
+#SMP=auto
+
+#.
+#' ERL_MAX_PORTS: Maximum number of simultaneously open Erlang ports
+#
+# ejabberd consumes two or three ports for every connection, either
+# from a client or from another Jabber server. So take this into
+# account when setting this limit.
+#
+# Default: 32000
+# Maximum: 268435456
+#
+#ERL_MAX_PORTS=32000
+
+#.
+#' FIREWALL_WINDOW: Range of allowed ports to pass through a firewall
+#
+# If Ejabberd is configured to run in cluster, and a firewall is blocking ports,
+# it's possible to make Erlang use a defined range of port (instead of dynamic
+# ports) for node communication.
+#
+# Default: not defined
+# Example: 4200-4210
+#
+#FIREWALL_WINDOW=
+
+#.
+#' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes
+#
+# This communication is used by ejabberdctl command line tool,
+# and in a cluster of several ejabberd nodes.
+# Notice that the IP address must be specified in the Erlang syntax.
+#
+# Default: {127,0,0,1}
+#
+#INET_DIST_INTERFACE={127,0,0,1}
+
+#.
+#' ERL_EPMD_ADDRESS: IP addresses where epmd listens for connections
+#
+# IMPORTANT: This option works only in Erlang/OTP R14B03 and newer.
+#
+# This environment variable may be set to a comma-separated
+# list of IP addresses, in which case the epmd daemon
+# will listen only on the specified address(es) and on the
+# loopback address (which is implicitly added to the list if it
+# has not been specified). The default behaviour is to listen on
+# all available IP addresses.
+#
+# Default: 0.0.0.0
+#
+#ERL_EPMD_ADDRESS=127.0.0.1
+
+#.
+#' ERL_PROCESSES: Maximum number of Erlang processes
+#
+# Erlang consumes a lot of lightweight processes. If there is a lot of activity
+# on ejabberd so that the maximum number of processes is reached, people will
+# experience greater latency times. As these processes are implemented in
+# Erlang, and therefore not related to the operating system processes, you do
+# not have to worry about allowing a huge number of them.
+#
+# Default: 250000
+# Maximum: 268435456
+#
+#ERL_PROCESSES=250000
+
+#.
+#' ERL_MAX_ETS_TABLES: Maximum number of ETS and Mnesia tables
+#
+# The number of concurrent ETS and Mnesia tables is limited. When the limit is
+# reached, errors will appear in the logs:
+#   ** Too many db tables **
+# You can safely increase this limit when starting ejabberd. It impacts memory
+# consumption but the difference will be quite small.
+#
+# Default: 1400
+#
+#ERL_MAX_ETS_TABLES=1400
+
+#.
+#' ERL_OPTIONS: Additional Erlang options
+#
+# The next variable allows to specify additional options passed to erlang while
+# starting ejabberd. Some useful options are -noshell, -detached, -heart. When
+# ejabberd is started from an init.d script options -noshell and -detached are
+# added implicitly. See erl(1) for more info.
+#
+# It might be useful to add "-pa /usr/local/lib/ejabberd/ebin" if you
+# want to add local modules in this path.
+#
+# Default: ""
+#
+#ERL_OPTIONS=""
+
+#.
+#' ERLANG_NODE: Erlang node name
+#
+# The next variable allows to explicitly specify erlang node for ejabberd
+# It can be given in different formats:
+# ERLANG_NODE=ejabberd
+#   Lets erlang add hostname to the node (ejabberd uses short name in this case)
+# ERLANG_NODE=ejabberd@hostname
+#   Erlang uses node name as is (so make sure that hostname is a real
+#   machine hostname or you'll not be able to control ejabberd)
+# ERLANG_NODE=ejabberd@hostname.domainname
+#   The same as previous, but erlang will use long hostname
+#   (see erl (1) manual for details)
+#
+# Default: ejabberd@localhost
+#
+#ERLANG_NODE=ejabberd@localhost
+
+#.
+#' EJABBERD_PID_PATH: ejabberd PID file
+#
+# Indicate the full path to the ejabberd Process identifier (PID) file.
+# If this variable is defined, ejabberd writes the PID file when starts,
+# and deletes it when stops.
+# Remember to create the directory and grant write permission to ejabberd.
+#
+# Default: don't write PID file
+#
+EJABBERD_PID_PATH=/var/run/ejabberd/ejabberd.pid
+
+#.
+#'
+# vim: foldmarker=#',#. foldmethod=marker:

roles/ejabberd_xs/templates/xs-ejabberd-srg

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+progctl=/usr/sbin/ejabberdctl
+
+SYS_DOMAIN_FILE=/etc/sysconfig/xs_domain_name
+OUR_DOMAIN_FILE=/etc/sysconfig/ejabberd_domain_name
+
+setup_online_srg() {
+
+    if [ -e /var/lib/ejabberd/online_src_created ]; then
+	return 0
+    fi;
+
+    # give ejabberd a bit of time to startup on XO-1 HW :-)
+    sleep 10;
+
+    short_host=`hostname -s`
+    domain=`cat "$SYS_DOMAIN_FILE"`
+
+    # Note: grep -q exits as soon as the match is found, which ejabberdctl
+    # doesn't like. So we send the output to /dev/null instead - more
+    # portable too.
+    #
+    # ejabberdctl should handle SIGPIPE without messing up, but that's
+    # a minor problem anyway.
+    #
+    if ! ejabberdctl srg_list "$short_host.$domain" | grep '^Online$' > /dev/null ; then
+	# ejabberdctl doesn't like spaces in the description field.
+	# backslashes work - but escaping is better left alone for now :-)
+	ejabberdctl srg_create Online "$short_host.$domain" \
+	    Online "Created_by_ejabberd_init" Online
+	[ $? -eq 0 ] || return 1
+    fi
+
+    if ! ejabberdctl srg_get_info Online "$short_host.$domain" | grep '^online_users: true$' > /dev/null ; then
+	ejabberdctl srg_user_add '@online@' "$short_host.$domain" \
+	    Online "$short_host.$domain"
+	[ $? -eq 0 ] || return 1
+    fi
+
+    # mark success
+    touch /var/lib/ejabberd/online_src_created
+}
+
+setup_online_srg
+

vars/default_vars.yml

@@ -173,6 +173,8 @@ ejabberd_enabled: False
 idmgr_install: True
 activity_server_install: False
 xo_services_enabled: False
+ejabberd_xs_install: False
+ejabberd_xs_enabled: False
 
 # 6-GENERIC-APPS