Skip to content
Cyril Peponnet edited this page Apr 4, 2015 · 5 revisions

Using external jabber server to manage VM

Usage

Thanks to its design, Archipel can use external JID to acces the GUI (ArchipelClient):

  • You log in with your entreprise JID, your password, and you put the WS service URL from your external server (propbably wss://external.jabber.im:5280/xmpp)

Problems

Using an external xmpp server like ejabberd or Openfire have been tested (For Openfire, the ArchipelClient must have been build after the 25/02) If you cannot log in,

  • Verify that no firewall blocks access to port 4080 (or wathever port used in the BOSH URL) and your browser
  • Verify that you can access the BOSH url from your web browser: going with a browser on the BOSH URL should give you some text, probably an Jetty: HTTP ERROR 400, bad request for openfire, or ejabberd mod_http_bind for ejabberd server

Rights Access

All the security is based on the ejabberd server where your register all hypervisors and VMs. the connection with an external jabber server is made through S2S

Adding hypervisor

You should restrict the registration to known hosts (for example the hypervisors, so only these computers can create account (of course, no users can access these servers)

Connection

When using external jid, S2S is used between jabber servers. If you want to restrict the list of servers which can connect, change the access rules section for S2S to specify the servers: In ejabberd.yml

    port: 5269
    module: ejabberd_s2s_in
    shaper: s2s_shaper
    max_stanza_size: 131072

s2s_policy: s2s_access
s2s_use_starttls: optional
s2s_certfile: "/etc/ejabberd/server.pem"

###     ============
###     ACCESS RULES

access:
    s2s_access:
        "your.allowed.server.im": allow
        all: deny

Clone this wiki locally