Testlink admins guide

From Blitzed

This page serves to give newly linking admins some information on what they need to do in order to (technically) link their server.

Contents 1 The ircd 1.1 Compiling 1.2 Configuring 1.3 drone.so 2 BOPM 3 Routing-client

[edit] The ircd

Get it from CVS:

 cvs -d:pserver:anon@cvs.blitzed.org:/ co bahamut

[edit] Compiling

Compile the ircd using the standard bahamut procedure. Most of the compile options have defaults specific for use on Blitzed, so you probably shouldn't alter them. Some options (notably those specific to your machine) you are allowed to change, others (related to the functioning of the IRC network) should be kept at the default. If in doubt, please ask any of the admins.

It is recommended to compile your ircd as a hub, in order to not have to restart it in case it will be used as a network hub later.

[edit] Configuring

For configuring your ircd, the same holds as for compiling it: most options have sane Blitzed defaults, and some you are not allowed to change. The comments in the default configuration file give some clues on that.

With respect to C/N/H lines, you should refer to the current routing plan, and use the exact information provided there, in addition to any instructions you may have received with your link approval e-mail. Negotiate C/N lines (i.e. the passwords) with the admins of the respective servers.

On completion, please send your ircd.conf to some other admin for review.

Often, the ircd won't start, without a hint in the form of an error message. Most often, this is due to:

• Incorrect IP or port number in M: or P: lines
• IP address not bound to the machine
• Some port number (7000) used in both the M: line and a P: line

ircd -s and/or strace/truss should give some hints if the ircd still won't start.

[edit] drone.so

The ircd includes some dynamically loadable module, drone.so, that contains code that checks connecting clients for various characteristics. This is done in order to block certain malicious clients/trojans/bots that cannot easily be banned through standard ways.

This module is updated every time such a new trojan is discovered, and may not be up to date in the latest ircd release. In the future, we may make this module available through other procedures, but currently it is only available through CVS.

You should already have the ircd from CVS, so you do not need to do anything special until the drone module is updated.

A make install will put a file drone.so in your ircd installation directory. Load it into the ircd (while it is running) by using the IRC command

/quote SET MODULE LOAD

You can check the version of the loaded drone.so module with the /VERSION command, it's the last number in the reply.

[edit] BOPM

In order to be allowed to link to Blitzed, your server must be able to run BOPM, our famous open proxy scanner. Therefore, your server is required to have unblocked outbound TCP access to the entire Internet.

Please download the latest BOPM release, and compile it using standard Unix software procedures.

The release should include a file bopm.conf.blitzed, that contains the default options for use on Blitzed. To make sure bopm.conf.blitzed is up to date, retrieve the latest version from CVS using:

$ cvs update bopm.conf.blitzed

Like the ircd.conf, please send your modified bopm.conf to another admin for review.

Register a nickname on the network for use by BOPM - the standard format for this nickname is the first part of your servername with BOPM appended (example penguinBOPM), and adapt the configuration file accordingly. Ask one of the channel admins to add the nick to the access list of our monitoring channel #wg.

Use special care when configuring the target_string option, as your BOPM won't work if it doesn't match the actual strings sent by your ircd when connecting. Also, make sure that the target_ip and vhost options match the actual IP and hostnames of your server and ircd.conf. Furthermore, your BOPM should use the services command BOPMAKILL (not KLINE!) and it needs global operator privileges for that.

Please give BOPM the oper flag F as well, because it needs this for unthrottled irc access:

# BOPM
O:<usermask>:<password>:bopm:OF:10 

When things don't work, running BOPM in debug mode (-d) usually gives some clues.

It is recommended to test BOPM actually works, you can do this either by connecting through a proxy (make sure to not identify or oper!) or with the following netcat magic:

 nc server.blitzed.org 6667 | nc -l -p 3128

Then connect to IRC from the same host that is running on. It's a good idea to do this from a different host to the one BOPM and the IRCD are running on. This should akill the host, so make sure it won't affect anyone else!

[edit] Routing-client

Finally, we need to collect some connectivity statistics for each server to ensure proper routing conditions. It is thus required to run a small C routing-client written by strtok that performs the following steps:

1. The client connects to a daemon running on port 9047 of nubian, and gives its username and password. The daemon then checks these against the values in the database.
2. If the correct user/password is given, then the daemon gives a list of all the other hosts and a port on each host that should be open for a connection. Typically this is port 22 or 80, any will do as long as it isn't going to spam someone's logfiles (so port 25 is not a good idea).
3. The client then does 20 TCP connections to each host/port. It times how long it takes for the connect() to return. No data is transferred, all it does is set up TCP connections. If there is no response at all, it waits a reasonable amount of time before regarding it a timeout.
4. Finally the client tells all these figures back to the daemon which records them in the database. This way, we can always tell the approximate RTT from every server to every other server, without needing to ask admins to keep doing mtr.

So, grab the routing-client from CVS:

 $ cvs -d:pserver:anon@cvs.blitzed.org:/ co routing-client

Then compile it (make). Ask the Systems team to add your username/password to the routing database. Make sure the routing-client actually works if you run it manually:

 $ ./routing-client -u yourircdname -p password

After that, arrange for the client to be run every hour, with a crontab entry like this:

 19 * * * *      $HOME/routing-client/routing-client -u yourircdname -p password > /dev/null

Choose a random minute to run it on, don't just copy 19!

You can check whether it actually (still) works on the staff pages, section Last pings.