1 / 21

cPanel Virtualization Templates’ Best Practices

The best practices for cPanel virtualization templates include creating only 64-bit templates while creating templates as well as keeping templates small.

htshosting
Download Presentation

cPanel Virtualization Templates’ Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. cPanel Virtualization Templates’ Best Practices

  2. Table of Contents • cPanel & WHM Installation, Post-Installation Tasks • Prevent Locked Licenses • Avoiding Security Vulnerabilities • Finalizing Template • Finalizing Tasks • Deployment Tasks • Updating Templates over Time • Common Issues in OpenVZ and Virtuozzo • Introduction • cPanel Partner • Getting a Development License • Creating a Minimal Installation for Templating • Configuration Files’ Pre-Installation • Update Configuration Settings • Update Download Location Settings • Basic Server Settings • cPanel & WHM Configuration Settings

  3. Introduction • It needs to be mentioned that although the use of the usual cPanel & WHM installation process is recommended and supported, it might take some time than that which is necessary for VPS (Virtual Private Server) and VM (Virtual Machine) hosts. The alternative is to provision VPS or VM systems with a templated cPanel & WHM environment. • cPanel is a popular web hosting control panel that is used in web hosting. Web hosting is a service provided by web hosting companies that makes websites accessible over the Internet. The “Best Website Hosting Company”, the “Best Cloud Hosting Company”, the “Best Windows Hosting Company” are the terms that are used to refer to the best hosting service providers.

  4. cPanel Partner • Those that offer template installations of cPanel & WHM, are recommended to become a cPanel Partner. cPanel Partners have the opportunity to use the cPanel’s API for automatically provisioning their very own licenses for cPanel & WHM, KernelCare, and Cloud Linux through their billing system. It is also possible for cPanel Partners to enable or disable certain specific options within WHM.

  5. Getting a Development License Prior to beginning, apply for a development license that is free, via the Developer License Application. In this context, these are the following points to mention: • Application can be initiated for one license per template. • Each template has a specific IP address.

  6. Creating a Minimal Installation for Templating The following points are recommended while creating templates: • Creating templates that are only 64-bit. 32-bit systems are not supported by cPanel & WHM. • Templates should be kept small. Post converting the template for the VPS of a customer, you need to use your virtualization software for automatically expanding the virtual disk capacity to a minimum of 20 GB.Each template has a specific IP address.

  7. Configuration Files’ Pre-Installation Extensive documentation is available on how to preconfigure cPanel & WHM. The need to log in to the VPS or VM, prior to granting access to your customer, is usually done away with when the files are preconfigured. As per recommendation, the following files need to be customized • Update Configuration Settings • Update Download Location Settings • Basic Server Settings • cPanel & WHM Configuration Settings Each of these is discussed next.

  8. Update Configuration Settings - /etc/cpupdate.conf • Through this file you can configure cPanel & WHM’s release tier and other update settings. These settings can be changed by the user at any time, within WHM. Most of these settings can be found in the Update Preferences interface in WHM. WHM >> Home >> Server Configuration >> Update Preferences • It needs to be mentioned that you can’t downgrade major versions. Moreover, you can’t change the release tier of a server to circumvent this restriction.

  9. Update Download Location Settings - /etc/cpsources.conf • With the aid of this file those locations can be determined from where your server downloads updates. As per the default setting, updates are retrieved directly by cPanel & WHM servers from cPanel L.L.C. This happens through the httpupdate.cpanel.net pool of update servers. • If you are an existing cPanel Partner and have your own FastUpdate server, then it is possible for you to edit the HTTPDUPDATE setting in order to update only from that FastUpdate server. HTTPUPDATE=fastupdate.example.com

  10. 1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?

  11. Basic Server Settings - /etc/wwwacct.conf • Basic information related to server for cPanel & WHM is contained in this file. This information includes the IP address, home directory and nameservers. Most of the settings which appear in the Basic WebHost Manager Setup interface in WHM are included in it. WHM >> Home >> Server Configuration >> Basic WebHost Manager Setup

  12. cPanel & WHM Configuration Settings - /var/cpanel/cpanel.config • cPanel & WHM’s extensive configuration options are contained in this file. Most of the settings that are present in the Tweak Settings interface in WHM are included in it. Additionally, it includes other settings throughout cPanel & WHM. WHM >> Home >> Server Configuration >> Tweak Settings

  13. cPanel & WHM Installation, Post-Installation Tasks • cPanel & WHM Installation – cPanel & WHM can be installed post the completion of preconfiguring your installation. • Post-Installation Tasks – New defaults could be set, once cPanel & WHM has been installed successfully. Additionally, SSH could be secured and the security configuration could be updated. • However, it is recommended that while making the template, you don’t log in to WHM. If you log in, then you need to remove the /etc/.whostmgrft  file, prior to publishing the template. You should not shut down the VM for creating the template, until after you have carried out certain steps.

  14. Prevent Locked Licenses It is highly recommended that one VM be created per template and maintained to ascertain that your development license doesn’t get locked by cPanel L.L.C. This will result in the following: • The need for a single license and one IP address for each templating VM. • Confirm that your license or licenses do not get locked by cPanel L.L.C. • Lets you restart the VM for performing updates. You need to run the below-mentioned commands in order to ensure that your license doesn’t get locked by cPanel. • /scripts/restartsrv_chkservd --stop • /scripts/restartsrv_cpsrvd --stop • rm -f /usr/local/cpanel/cpanel.lisc There is a certain BASH script that runs the above-mentioned commands.

  15. Avoiding Security Vulnerabilities You need to ensure the following, prior to finalizing your template, in order to avoid security issues: • Removal of the generated SSH host keys and temporary files. • Clearing the hostname from within the operating system and the file, /etc/wwwacct.conf

  16. Finalizing Template • All the system requirements need to be met by your template. Rather, it is recommended that the templates exceed meeting the system requirements. Certain different templates are offered by most providers. • It needs to be mentioned that each VPS or VM requires a SWAP file or partition. The partitions need to have at least 256 MB.

  17. Finalizing Tasks You need to finalize your template, prior to deploying your VM or VPS, and after you have completed the post-installation tasks. Each of the below-mentioned actions needs to be performed: • The ADDR value needs to be updated in the file, /etc/wwwacct.conf , with the VPS’ or VM’s main IP address. • The script, /usr/local/cpanel/bin/set_hostname, needs to be run automatically, on the image’s 1st boot, prior to any cPanel & WHM services starting. The hostname can be randomized or it can be set as per the choice of your customer. • If a 1:1 NAT environment is being run, then the script, /scripts/build_cpnat needs to be run to build the NAT file. • The script, /scripts/rebuildhttpdconf needs to be run for rebuilding your Apache configuration with the right address. A BASH script carries out all these tasks, except updating the ADDR value.

  18. Deployment Tasks Some files need to be automatically updated when the VPS of the customer is deployed. If the command, libguestfsvirt-sysprep is being used, then it can be done via the following options: • firstboot Or • -firstboot-command It needs to be ensured that if a tool, such as libguestfsvirt-sysprep is being used for finalizing the template, then no user accounts or cron jobs get removed accidentally. If the libguestfs command isn’t being used then you need to consult the documentation of your hypervisor to look for an alternative option for running scripts or commands upon 1st boot.

  19. Updating Templates over Time Templates need to be updated as and when updates are released by cPanel L.L.C. Regular updates need to be planned for all the templates in order to avoid this situation. The below-mentioned commands need to be run in order to run a cPanel & WHM update for the template. • yum update -y • /scripts/upcp It needs to be mentioned that prior to shutting down the VPS or VM in order to recreate the template, the same commands that are from the section, Prevent Locked Licenses, need to be run. If that isn’t ensured then your license might become locked.

  20. Common Issues in OpenVZ and Virtuozzo The common issues that are encountered while using OpenVZ or Virtuozzo are mentioned below: • Hostnames – The requirement for a FQDN (Fully Qualified Domain Name) might not be met by your hostname on CloudLinux 7 or 8, AlmaLinux 8, CentOS 7 or 8, or on Red Hat Enterprise Linux 7. The hostname is controlled by Virtuozzo via the VPS configuration. When hostname is set manually, it will be reset by Virtuozzo on the next reboot. It needs to be ensured that the full hostname is set up correctly post the VM’s provisioning. An FQDN is required by cPanel & WHM. • Quotas – Second-level quotas need to be enabled for OpenVZ and Virtuozzo. This can result in issues that have to do with quota-initiation. • Jailshell– Specific steps are required for enabling a full proc mount in Jailshell.

  21. Thanks! ANY QUESTIONS? www.htshosting.org

More Related