Wheezy, ejabberd, Pidgin and SRV records

TL;DR: {fqdn, "jabber.die-welt.net"}.

So, how many servers do you have, that are still running Squeeze? I count one, mostly because I did not figure out a proper upgrade path from OpenVZ to something else yet, but this is a different story.

This post is about the upgrade of my "communication" machine, dengon.die-welt.net. It runs my private XMPP and IRC servers. I upgraded it to Wheezy, checked that my irssi and my BitlBee still could connect and left for work. There I noticed, that Pidgin could only connect to one of the two XMPP accounts I have on that server. sargentd@jabber.die-welt.net worked just fine, while evgeni@golov.de failed to connect.

ejabberd was logging a failed authentication:

I(<0.1604.0>:ejabberd_c2s:802) : ({socket_state,tls,{tlssock,#Port<0.5130>,#Port<0.5132>},<0.1603.0>}) Failed authentication for evgeni@golov.de

While Pidgin was just throwing "Not authorized" errors.

I checked the password in Pidgin (even if it did not change). I tried different (new) accounts: anything@jabber.die-welt.net worked, nothing@golov.de did not and somethingdifferent@jabber.<censored>.de worked too. So where was the difference between the three vhosts? jabber.die-welt.net and jabber.<censored>.de point directly (A/CNAME) to dengon.die-welt.net. golov.de has SRV records for XMPP pointing to jabber.die-welt.net.

Let's ask Google about "ejabberd pidgin srv". There indeed are some bugs. But they are marked as fixed in Wheezy.

Mhh... Let's read again... Okay, I have to set {fqdn, "<my_srv_record_name>"}. when this does not match my hostname. Edit /etc/ejabberd/ejabberd.cfg, add {fqdn, "jabber.die-welt.net"}. (do not forget the dot at the end) and restart the ejabberd. Pidgin can connect again. Yeah.

Comments

Sune Beck wrote on 2013-05-07 21:47:

What do you think you’ll be doing with your OpenVZ host? What is the preferred alternative?

It seems people say that LXC is not totally ready, for instance guests can reboot the host machine, etc.

evgeni wrote on 2013-05-08 04:42:

LXC was the planed way, yes, but the journey is far from ready yet. If you mean the sysfs hack to reboot (http://blog.bofh.it/debian/id_413), this does not work anymore. At least not if you drop enough capabilities :)

Konstantin Khomoutov wrote on 2013-05-08 10:54:

Unfortunately, when I asked [1] the folks who were affected by the issue being discussed to test the fix and report back, no one replied. And then exactly one user reported his difficulty with the fix for #654853 (the necessity to use that “fqdn” option in some setups) some five days before the Wheezy release. So we had no time to do a documentation patch. May be it will be prepared and included in the nearest point release (if RMs will allow us to do so) — we now have a bug [2] for that.

1. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654853#71

2. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706590

Leo Antunes wrote on 2013-05-08 14:19:

Have you checked out prosody? I’ve chucked my old ejabberd instance out the window ~1 year ago and haven’t looked back. I’m not sure if it’s a complete replacement feature-wise, but it has all the basics and has a much smaller footprint and a helpful migration script. Maybe worth a look.

evgeni wrote on 2013-05-08 14:25:

Nah, ejabberd runs fine otherwise, never bothered to look for alternatives. Also: exchange Erlang for LUA?

Konstantin Khomoutov wrote on 2013-05-11 10:45:

(Speaking with my ejabberd-in-Debian-maintainer’s hat on.)

While I personally despise Lua as a programming language, you seem to be too biased for no real reason. This approach might have sense when you’re pondering participation in a (F/OSS) project, but when you’re just want to *use* something this is far less justified IMO. For instance, I also despise C++, so should I quit using APT suite? In fact, I just do not care until it works (well, idiotic configuration file format aside…)

I’m going to present several assorted facts in no particular order about Prosody and Ejabberd (I simply have no time to neatly arrange them and create some sort of proper narrative, sorry).

* Lua has a very fast VM. I’m not sure how Prosody scales for thousands of concurrent users per server though but clearly that’s not your use case (and not mine, either, FWIW).

* Erlang is over-hyped at the moment. It’s a great language/runtime (I enjoy it) but not without its severe shortcomings. Absence of a fast standard regexp and unicode/utf-8 libraries has been remedied only quite recently. Lack of support for proper (“packed”) strings is still there, I beleive, and this does affect ejabberd: ProcessOne announce of 13.03b1 mentions huge rewrite of most of internals to port them from using Erlang strings to the so-called “binaries” to reduce memory consumption which might be quite high with ejabberd under heavy load.

* Ejabberd got real traction at the moment where it just had no real alternatives: jabberd2 was abandoned (or at least stagnated) and clearly lacked in features (no MUC for instance), and OpenFire was buggy and it was Java. Since then jabberd2 was revived and appears to be live enough, Prosody has been created and supposedly OpenFire wasn’t standing still as well. So there’s more than one option now.

* Prosody supports certain “enterprisey” features like LDAP auth. I did not check but at least they exist.

* Ejabberd *might* get complicated for some people for no apparent reason (for them). For instance, its built-in support for clustering (which 0.1% of users need) which is done using Erlang machinery is the source for recurrent problems for users. Its idea that the config file is using for bootstrapping a configuration database (unless told to overwrite bits of it by means of using three different knobs) is as well bizzare for mere mortals. I might go on but let’s stop here; it would be cool if certain things were simpler.

* I, for one, do not like the direction to where ejabberd is being led by its current owner. [1] clearly hints at that there are two ejabberds, and it’s not hard to read through the standard marketing gobbledygook to understand which one is going to receive more love. I do have doubts that ejabberd might eventually be let go as it happened to Thunderbird. Currently the upstream is still supportive and communicative (but I’m aware this might be due to the fact I’ve got direct contacts there) but if this will change, I’m sure I’ll jump the ship as the package maintainer.

TL;DR

Considering the state of affairs with a cold head, I think Prosody looks like a viable alternative to ejabberd.

1. http://lists.jabber.ru/pipermail/ejabberd/2013-March/007974.html

Le Bouquetin wrote on 2013-11-25 08:20:

Hello, I had exactly the same problem since I upgraded my server to wheezy. Jwchat.org web client was working, but pidgin failed. Adding the fqdn node to the config file fixed this issue. Thank’s