Since this is in parallel with EucaSchool, I should say that we don't use our own IRC server for EucaSchool. We use Freenode.net. You can join us in our channels there: #eucalyptus for general support on Eucalyptus or to say hi, #eucalyptus-classroom for EucaSchool and other training sessions, and #eucalyptus-meeting where we hold our community meetings. If you're going to use a public IRC server already in existence then you can skip ahead to the section about configuring your meeting bot.
That said some people would prefer to keep their sessions on their own services for various reasons. If you would, then I'd suggest checking out what IRC daemon software is out there and which fits you. This tutorial will focus on ngIRCd. When finished, you will have an SSL-enabled IRC server that forces authentication of users against Pam on the local system and only has rooms predefined for your sessions.
Firstly, let's compile and install the daemon. If your linux distribution has a new enough version of ngIRCd in the package repositories (I'd recommend ngIRCd version 16 or greater) you can use a package install either with your package manager (apt/yum/zypper) or download the packages here. If not you can follow the ngIRCd documentation to compile and install. Since I was using Ubuntu 10.04 LTS (which has an older version of ngIRCd in the repository), I chose to compile and install.
Assuming you had the needed package dependencies (and it will tell you which ones you don't have when it errors out) it should now be installed in /usr/local/sbin/. Now let's generate and place the ssl certs we'll use. This will have you set a password for the key file. Remember that for later use in the configs.
And now let's populate our config file for ngircd itself. if you've installed via package, you'll want to edit /etc/ngircd/ngircd.conf however if you followed my instructions above, the config file will be in /usr/local/etc/. Here is an example conf file that sets paths to the SSL cert/key as well as limits the users to Pam authentication and only provides a single room:
If you compiled from source, now is a good time to write a script for /etc/init.d to start/stop this service. You should now have a functioning IRCd that only allows one room for learning, requires Pam authentication and uses SSL. Because we've set the user authentication to point to Pam, you can now use local system accounts, NIS or LDAP for your user management.
In the next post I will demonstrate how to get a working meeting bot up and running in your newly created IRC learning channel.
wget http://ngircd.barton.de/pub/ngircd/ngircd-19.1.tar.gz
tar xvzf ngircd-19.1.tar.gz
cd ngircd-19.1
CFLAGS=-static ./configure --with-pam --with-openssl
make
make install
Assuming you had the needed package dependencies (and it will tell you which ones you don't have when it errors out) it should now be installed in /usr/local/sbin/. Now let's generate and place the ssl certs we'll use. This will have you set a password for the key file. Remember that for later use in the configs.
mkdir -p /path/to/ssl
cd /path/to/ssl
openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
openssl dhparam -2 -out dhparams.pem 4096
And now let's populate our config file for ngircd itself. if you've installed via package, you'll want to edit /etc/ngircd/ngircd.conf however if you followed my instructions above, the config file will be in /usr/local/etc/. Here is an example conf file that sets paths to the SSL cert/key as well as limits the users to Pam authentication and only provides a single room:
[Global]
Name = irc.yourserver.com
AdminInfo1 = Description
AdminInfo2 = Location
AdminEMail = you@youremail.com
Info = Server Info Text
MotdPhrase = "Hello and welcome to our IRC server."
ServerGID = nogroup
ServerUID = ngircd
[Limits]
MaxConnections = 50
MaxJoins = 5
[Options]
ChrootDir = /var/empty
CloakUserToNick = yes
DNS = yes
Ident = no
MorePrivacy = yes
PAM = yes
PredefChannelsOnly = yes
RequireAuthPing = no
[Operator]
Name = root
Password = opspwd
[Channel]
Name = #lessons
Topic = Only room on this server
Modes = tnk
[SSL]
CertFile = /path/to/ssl/server-cert.pem
DHFile = /path/to/ssl/dhparams.pem
KeyFile = /path/to/ssl/server-key.pem
KeyFilePassword = secret
Ports = 6697
If you compiled from source, now is a good time to write a script for /etc/init.d to start/stop this service. You should now have a functioning IRCd that only allows one room for learning, requires Pam authentication and uses SSL. Because we've set the user authentication to point to Pam, you can now use local system accounts, NIS or LDAP for your user management.
In the next post I will demonstrate how to get a working meeting bot up and running in your newly created IRC learning channel.