Overview
This document explains how to enable delivery from Kitely Market in grids that aren't open to the Hypergrid. The target audience is grid managers.
We will do the following:
- Enable a few Hypergrid services: only those services that Kitely Market requires
- Use the firewall to allow access only from Kitely
Since the grid is non-Hypergrid, it must be using the configuration file Robust.ini. That is the only configuration file that will be modified.
Much of this document will discuss Ports, and how to use them in conjunction with a firewall to restrict access to the Hypergrid services. If you're more casual then you can ignore all of this discussion, since using a firewall isn't actually required.
Ports
Robust uses two main ports:
- Port 8002 - for services that that are open to the world, mostly because Viewers need to access them. E.g.: the Login service. This port usually can't have firewall restrictions because it's accessed directly from users' computers. (It's possible to use access restrictions only if all of the users are expected to connect from within a certain network.)
- Port 8003 - for services that are open to the grid's simulators. E.g.: Assets, Inventory. If all of the simulators are known to run within a certain network then it's possible to create firewall rules that restrict access to this port.
Your grid might be using other ports than these. In that case, simply replace every place where we mention one of these ports with the ports that you're actually using.
When a grid uses the Hypergrid it makes the Hypergrid services available on Port 8002, since they need to be accessed by external grids. In many cases the Hypergrid services are wrappers of regular services that run on port 8003. For example, the "real" Assets and Inventory services use Port 8003, but their Hypergrid wrappers use Port 8002.
In order to enable delivery from Kitely Market, you will need to make some Hypergrid services available. But you only want to allow Kitely to access these services. This can be accomplished by running the services on a special port, and using the firewall to allow access to this port only from *.kitely.com. We suggest using the following port:
- Port 8102 - open only to Kitely (using the firewall). The number "8102" is meant as a reminder that the services that use this port usually use port 8002.
The Home and Gatekeeper Services
Although we will use Port 8102 for the most sensitive services (Assets, Inventory), there are two Hypergrid services that will still use Port 8002: Home and Gatekeeper. The reason they need to use Port 8002 (or whatever your grid's main port is) is that these two services act as identifiers for the grid. In other words, the address "yourgrid.com:8002" is a unique identifier for your grid, and is considered to be a different grid from "yourgrid.com:8102" or "yourgrid.com:1234". If you ever change the port on which these services run (Home and Gatekeeper) then this will change the very identity of your grid. The consequences in Kitely Market will be that your users won't be able to use it anymore since there will be a mismatch between the grid that they used to be in and the grid that they claim to belong to now. In order to avoid this, we recommend that you use your grid's main port (Port 8002) for the Home and Gatekeeper services.
What are these services? The Home service allows querying the grid's users, which Kitely Market does in order to convert user names to UUID's. The Gatekeeper service is used for teleporting between grids. However, the Gatekeeper service is not actually open! We need the Gatekeeper port to be correct because this address is sent to Kitely and used to identify the grid, but it isn't actually possible to use this address because the Gatekeeper service will not be enabled.
Modify Robust.ini
Copy the following sections from Robust.HG.ini to Robust.ini (at the end of the file):
[Hypergrid]
[GatekeeperService]
[UserAgentService]
[HGInventoryService]
[HGAssetService]
- [HGInstantMessageService]
Add the following lines at the end of the [ServiceList] section (they were copied from the [ServiceList] section in Robust.HG.ini):
;; Hypergrid UserAgentServerConnector = "8002/OpenSim.Server.Handlers.dll:UserAgentServerConnector" InstantMessageServerConnector = "8102/OpenSim.Server.Handlers.dll:InstantMessageServerConnector" HGInventoryServiceConnector = "HGInventoryService@8102/OpenSim.Server.Handlers.dll:XInventoryInConnector" HGAssetServiceConnector = "HGAssetService@8102/OpenSim.Server.Handlers.dll:AssetServiceConnector"
Add the following lines at the end of the [LoginService] section (they were copied from the [LoginService] section in Robust.HG.ini):
;; Hypergrid
SRV_HomeURI = "http://rohan.grid.com:8002"
SRV_InventoryServerURI = "http://rohan.grid.com:8102"
SRV_AssetServerURI = "http://rohan.grid.com:8102"
SRV_ProfileServerURI = "http://rohan.grid.com:8002"
SRV_FriendsServerURI = "http://rohan.grid.com:8102"
SRV_IMServerURI = "http://rohan.grid.com:8102"
SRV_GroupsServerURI = "http://rohan.grid.com:8102"
See how the Home service uses port 8002, and most of the other services use port 8102. (The Gatekeeper service doesn't get mentioned here.)
If you examined this list with a sharp eye then you may have noticed that the Profile service also uses port 8002, and we haven't mentioned this service before. That's because the Profile service exists in non-Hypergrid versions of OpenSim as well, and the default address uses port 8002. If you're using a different address for your Profile Service then please specify it here. The benefit of specifying the correct profile service is that Kitely Market will be able to show your users' actual pictures, which makes for a better user experience and also gives buyers confidence that their products were delivered to the correct avatar. If you're not using a Profile Service then you can leave this setting unchanged; it won't cause any harm.