Blog

Login Register

Beta: CageFS 5.2-6

New beta of CageFS is out that fixes few more bugs and does some additional code clean up

Changelog:
  • CXS re-configuration moved to cagefsreconfigure.py
  • Plesk: do not add home directory into virt.mp
  • cPanel: Fix bugs when compiling suPHP & suexec binaries
  • cPanel: execute /usr/local/cpanel/cgi-sys/templatepreview.cgi via proxyexec
  • mount /opt/alt is needed on alt-php install
To update:
$ yum update cagefs --enablerepo=cloudlinux-updates-testing

Beta: MySQL Governor update

What was supposed to be two weeks turned into five weeks stretch. New version of MySQL governor with new repository structure created.
Under the new structure, to install beta version of MySQL, you would have to implicitly run:
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta

Production quality MySQL releases will be automatically installed with yum update. This process makes sure that will you always run latest stable version. Yet, if you would like, you can upgrade to latest beta as well.
New repo structure can be glimpsed at: http://docs.cloudlinux.com/index.html?mysql_repositories.html

Yet, all the details of managing those repositories are hidden by our scripts. So, when you select a different version of MySQL - the right repositories will be automatically installed.

Changelog:
  • New repository structure and MySQL update mechanism
  • bugfix: prevent governor from re-deleting bad user
  • bugfix: dbctl restrict should work correctly in all cases
  • added no connection limit mode(user_max_connections=0)
  • mysqlgovernor.py --install now used to to install/update MySQL software
  • cPanel bugfix: fixed path to perl in dbuser-map utility
  • bugfix: fixed interval for kill query
  • bugfix: no more garbage in dbctl list output
  • Added db_governor --version
  • Decreased dbuser-map rescan interval to 5 min
To update:
$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install

What inode limit value is reasonable?

Inode limit can be considered as a number of files and directories one customer can own. Default wordpress installation has approx 1,100 files/directories , default magento install is 10,000 , you would need to consider at least 30,000 to be an inode limit for minimal package for your customers.

You can calculate a limits basing on current usage of your customers by running the following command. It will list top 50 entries that use inodes the most:
repquota -a | grep -v root | awk '{print $6" "$1 }' | sort -g | tail -50

Do not forget - temporary files and session files are also counted toward the inode limit.

CloudLinux + NGASI

Yesterday we have released an update for CageFS that includes support for NGASI. NGASI lets you run tomcat & other java application servers for each customer, individually.

There are two steps needed to make NGASI play nice with CloudLinux & CageFS,
  1. Disable virtual memory (set it to 0)
  2. Add /usr/java & /usr/saase to /etc/cagefs/cagefs.mp
Latest beta of CageFS automatically detects presence of NGASI, and configured cagefs.mp file. Virtual memory limits should be adjusted manually. You should rely on physical memory limits for controlling overall memory usage of end user.

Beta: lve-wrappers 0.6-1 - added ability to run command inside cagefs

This beta release of lve-wrappers adds a way to execute a command as end user inside CageFS, even when shell is disabled for that user
$ /sbin/cagefs_enter_user $USERNAME "_command_"
This should be useful when script has to run as end user, but executed by root.

Changelog:
  • Added cagefs_enter_user command

To update:
$ yum update lve-wrappers --enablerepo=cloudlinux-updates-testing

Beta: CageFS 5.2-5, LVEManager 0.7-1.29, lve-utils 1.3-15

New beta update for CageFS, LVE Manager and lve-utils available. We are continuing to concentrate of fixing bugs, cleaning up the code and improving performance.

Changelog:
cagefs 5.2-5
  • added support for NGASI
  • ISPmanager: automatically switch PHP wrappers when PHP Selector is used (command line only)
  • ISPmanager: use exec php instead of php in wrappers
  • DirectAdmin: switch php.ini for DirectAdmin when PHP Selector used
  • removed /var/run/proxyexec/cagefs.sock/skdir file
  • acquire lock while executing --update-etc, --force-update-etc, --setup-cl-selector
  • do not acquire lock when executing --enter
  • synchronize error_log option in alt-php php.ini based on native php.ini setting
  • cagefsctl: performance optimization (cache excluded users list)
  • use fchown/fchmod instead of chown/chmod when creating files
  • move common code into python-cllib package
lvemanager 0.7-1.29
  • bugfix: cl-selector ignores empty lines in config files
  • DirectAdmin: support for admin users with different login names
  • DirectAdmin: security enhancements
  • common CageFS and LVEManager code moved to separate package
  • DirectAdmin: removed 'GATEWAY_INTERFACE' env. check
  • Plesk: Use ftp_user to decide which user to select for accounts with multiple sub-users
  • cPanel: Don't show inodes in end user UI in cPanel 11.40, fall back on cPanel to display the parameter
  • ISPmanager: use correct permissions when displaying charts for end user
  • cl-quota: added logging to syslog
  • piniset: added 'append' and 'delete' command line options
lve-utils 1.3-15

  • Added CloudLinux diagnostic script
  • Added option --unlimited to lvectl
  • cPanel: correctly handle packages/extensions directory
  • Default virtual memory on CL6 is set to 0


To update:
$ yum update cagefs lvemanager --enablerepo=cloudlinux-updates-testing

alt-php update moved to production

Latest versions of PHP, as well as updates to some of the modules were released.

Changelog:
  • alt-php44: added: ioncube-loader, sourceguardian
  • alt-php51:
    • added php51-5.1.6
    • added ioncube-loader, sourceguardian, PECL extensions
  • alt-php52:
    • updated LSAPI to 6.3, PECL extensions
  • alt-php53:
    • updated LSAPI to 6.3, PEAR extensions, PECL extensions
  • alt-php54:
    • upgraded version to 5.4.21
    • updated LSAPI to 6.3, PEAR extensions, PECL extensions
  • alt-php55:
    • upgraded version to 5.5.5
    • updated LSAPI to 6.3, PEAR extensions, PECL extensions
    • added xcache, sourceguardian
  • added MySQL 5.6 support for all versions of alt-php
  • updated ioncube-loader to 4.4.4
  • updated sourceguardian to 9.5
  • updated xcache to 3.1.0

To update:
$ yum groupupdate alt-php

suPHP 0.7.2 and mod_fcgid 2.3.9 released

We have released suPHP 0.7.2 an d mod_fcgid 2.3.9 to production repositories.
The updates will install automatically with the next auto-update for those who run those modules from our RPMs.
If you are using cPanel, this will have no effect on your servers - as those modules are installed by cPanel.

Beta: alt-php updated

Another minor update of alt-php is available.

Changelog:
  • Execute cagefsctl --rebuild-alt-php-ini after install & update to accommodate for changes
  • updated timezonedb to 2013.7
  • updated alt-freetds to 0.91.96
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: cagefs 5.2-1, liblve 1.2-1.4, python-cllib 1-3

This is mostly a bug fix beta release, but it adds one major change. Now .cagefs file in user directories is created under end user ownership. That should solve the issue that some customers had when moving accounts from server to server.

Changelog:
cagefs 5.2-1
  • .cagefs will be created under end-user ownership
  • detect of posgesql socket directory and create symlink if needed
  • cagefsctl: on update, don't follow sysmlinks that go to excluded path
  • cagefslib.py do not chmod symlinks, unlink file and create directory instead
  • cPanel: ensure that PHP Selector settings are not lost after transfer of account
  • bugfix: do not create .cagefs directory for disabled users
  • spec: added dependency to python-cllib package
liblve 1.2-1.4

  • Implemented secureio library to prevent possible race conditions
  • .cagefs now owned by user
  • bugfix: correct mounting for directories specified in virt.mp
  • code clean up in parse_mp function
python-cllib 1-3
  • implemented common library for secureio to be used across different CL projects
To update:

$ yum update cagefs --enablerepo=cloudlinux-updates-testing

Latest CloudLinux 6.4 templates are available from OnApp

CloudLinux 6.4 templates for OnApp.com were updated to latest verion. You can find templates with:
  • CloudLinux + cPanel
  • CloudLinux + DirectAdmin
  • CloudLinux + Plesk

Beta: alt-php update

Several updates for PHP available:

Changelog:
  • PHP 5.5.5
  • PHP 5.4.21
  • Added xcache3 for PHP 5.5
  • Updated Litespeed API to 6.3
  • Updated xcache3 to 3.1.0
  • Updated IonCube Loader to 4.4.4
  • Updated pear-phpunit packages
  • Updated pear-symfony2 to 2.3.6
  • Updated uri_template to 1.0
  • Updated timezonedb to 2013.6
  • Updated ZendOpCache to work with LiteSpeed
  • Build cUrl extension as static
To update:
$ yum groupinstall alt-php --enablerepo=cloudlinux-updates-testing

CloudLinux 5.10 released

New version of CloudLinux 5.10 had been released. The new version puts us in line with RedHat 5.10.
You can update using:

$ yum update

ISO images had been updated as well.

Beta: CL6 and Hybrid kernel 2.6.32-458.18.1.lve1.2.41

This is not our typical beta update. This is major update with lots of changes and bug fixes. We have merged some of the work we were doing for the past 6 months, so be careful running it on production servers.

Changelog:
  • new liblve ABI 1.2 was added to separate modules with lve_set_root and without it
  • Use less fine-grained locking to avoid data corruption
  • Add lustre debug log for crashdump. Add pid info into lustre debugs
  • Added lve_set_fail_val API
  • 32-bit ioctl support for 64-bit kernels
  • Init LVE on first execution in kthread instead of event
  • Add build id + git hash into modinfo
  • New vfs namespace implementation
  • rework of lve tags code
  • Enter into LVE for specific binaries on exec, managed using /proc/lve/enter (experimental)
  • Allow setting user limits by uid>0 threads which are not in LVE (experimental)
  • initial commit to support lve in different openvz containers (not working, for future implementation)
  • bugfix: prevent race condition that would allow to for thread to run indefinitely after LVE had been destroyed
  • bugfix: version tag LVE_0_8 for symbols without versions
  • bugfix: clear rh_reserved on fork()
  • bugfix: Fix panic when accessing kernel API instance before init.
  • bugfix: Fix wrong search in kapi array
  • bugfix: lve_ns_lock might not be initialized when destroing non-initialized lve
  • bugfix: change fail_value type from uint32_t to unsigned long
  • bugfix: 0 instead of NULL in lve_call(lve_init_threads_init,...
  • bugfix: Fail injection checks
  • bugfix: inc refcount for ub0
  • bugfix: change ioctl to unlocked_ioctl(to avoid lock_kernel)
  • bugfix: idle poll test race with do_softirq()

To update CL6 servers:

$ yum install kernel-2.6.32-458.18.1.lve1.2.41.el6 kmod-lve-1.2-43.el6 --enablerepo=cloudlinux-updates-testing

To update Hybrid servers:
$ yum install kernel-2.6.32-458.18.1.lve1.2.41.el5h kmod-lve-1.2-43.el5h --enablerepo=cloudlinux-hybrid-testing

Beta: PHP Selector 5.1 added, 5.5 updated

We have added PHP 5.1 to the choice of PHP versions available with PHP selector.

Changelog:
  • PHP 5.1 added
  • PHP 5.5 update fixed not to remove php55 entry from PHP Selector config file
  • Added sourceguardian extension for PHP 4.4
  • Updated sourceguardian extension to 9.5
  • Updated ioncube-loader extension to 4.4.3
To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

lve-utils 1.3-12 released

We are releasing new version of lve-utils 1.3-12 to production.
This update relates to CLN downtime last week. Previous version of lve-utils would run a license check every 12 hours on the hour. Due to differences in timezones it was spread around -- but we had big enough concentration of servers in two time zones that would sometimes cause overload of the CLN. That created cascading problem, as servers licensed by IP would try to re-license, which would significantly add to a load problem. The problem snowballed this Tuesday, causing CLN downtime.


While we are adding safety checks and optimizations into CLN, we want to fix the cron job issue in lve-utils.
Now, when cron job is installed, the time to run is randomly selected.
Additionally, we have switched to one check per day instead of two.

Changelog:
  • Randomly select the time to run cloudlinux-cron cronjob
  • Spec file clean up

To update to new version of lve-utils, please, run:
$ yum update lve-utils

beta: mod_suphp 0.7.2

We have prepared mod_suphp 0.7.2 RPM that updates suPHP to latest version.
This is not for cPanel customers (as EasyApache builds suPHP from sources).

This release fixes a security issue that was introduced with the 0.7.0 release. This issue affected the source-highlighting feature and could only be exploited, if the suPHP_PHPPath option was set. In this case local users which could create or edit .htaccess files could possibly execute arbitrary code with the privileges of the user the webserver was running as.

This RPM packages two binaries. One compiled with 'paranoid' option, and another one compiled with 'owner' option.
Paranoid version of binary installed by default (as always). That is the version that requires suPHP_ settings in apache vhost configs.

To update, run:
$ yum update mod_suphp --enablerepo=cloudlinux-updates-testing

Beta: mod_fcgid 2.3.9

This is a beta release of mod_fcgid. As we have large number of customers using this module, we wanted to update it to latest version, instead of tracking what is in RHEL repositories. If you are running mod_fcgid from our repo on multiple servers -- please, try it to make sure it doesn't break any of your settings.
While it should be backwards compatible with previous versions, there is a possibility of regression

Changelog:
  • SECURITY: Fix possible heap buffer overwrite CVE-2013-4365 (cve.mitre.org)
  • Add experimental cmake-based build system for Windows.
  • Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA Authenticator/Authorizor/Access directives' command line argument as currently documented.
  • Honor quoted FcgidCmdOptions arguments (notably for InitialEnv assignments).
  • Conform script response parsing with mod_cgid and ensure no response body is sent when ap_meets_conditions() determines that request conditions are met.
  • Improve logging in access control hook functions.
  • Avoid making internal sub-requests and processing Location headers when in FCGI_AUTHORIZER mode, as the auth hook functions already treat Location headers returned by scripts as an error sinc redirections are not meaningful in this mode.
To update:
$ yum update mod_fcgid --enablerepo=cloudlinux-updates-testing

Beta: cagefs 5.1-7

New beta version of CageFS is available. It introduces few minor fixes.

Changelog:
  • proxyexecd service: call 'killall -s 9 proxyexec' when 'killproc proxyexec' failed
  • cPanel: add logic for detect EasyApache dir
  • Plesk: exclude horde_sysuser from CageFS

To update:
$ yum update cagefs --enablerepo=cloudlinux-updates-testing

beta: lve-utils 1.3-12

One of the causes for CLN downtime this week was release of lve-utils 1.3 on October 1st. That release introduced a license check that would run via cron job every 12 hours. The way it was implemented - it would run every 12 hours on the hour. So we had significant spike on the hour, every hour. Due to differences in timezones it was spread around -- but we had big enough concentration of servers in two time zones that would sometimes cause overload of the CLN. That in case created cascading problem, as servers licensed by IP would try to re-license, which would significantly add to a load problem. The problem snowballed this Tuesday, causing CLN downtime.
While we are adding safety checks and optimizations into CLN, we want to also fix this cron job issue in lve-utils.
Now, when cron job is installed, the time to run is randomly selected. We also switched to one check per day instead of to.

Changelog:
  • Randomly select the time to run cloudlinux-cron cronjob
  • Spec file clean up
To update to new version of lve-utils, please, run:
$ yum update lve-utils --enablerepo=cloudlinux-updates-testing

We are experiencing issues with CLN

We are currently experiencing issues with our CLN network. You might not be able to register/remove servers, and have sporadic issues with yum.
We are working to fix the issue.

Update: 9:07PM EST, Oct 8, 2013

CLN functionality should be restored for wast majority of people. You should see no issues with yum or adding / removing servers.
if you continue to have issues with yum and you are licensed via IP license (no activation key), please do following:

run:
$ /usr/sbin/rhn_check
If there is no output --> that means that is unrelated issue/your system is checking in. Submit a ticket to support if you need help with it.
If you do get an error, run:
$ /usr/sbin/clnreg_ks --force

If that doesn't help, please contact our support with following information:
Server access details https://helpdesk.cloudlinux.com/index.php?/Knowledgebase/Article/View/71/0/from-which-ip-will-cloudlinux-staff-connect-to-my-server
Server IP for which license was issued
Error messages you are getting
.
You can submit tickets at https://helpdesk.cloudlinux.com

bsock update to 0.09-4

Tonight we have released update for bsock module, that is needed by CageFS to execute applications by proxy. This is used for things like sendmail, some formmail scripts, and when accessing domain.com/cpanel URL.
There was a bug in that release that caused proxyexecd not to restart.
Just now we have released a fix for that version - bsock-0.09-4.

Changelog:
  • proxyexec.c: added PWD environment variable
  • bsock.spec: update bsock in cagefs-skeleton and restart proxyexecd service in posttrans
  • bsock.spec: fix dependencies
To update to that version, please run:
$ yum clean metadata --enablerepo=cloudlinux-updates-testing --disableplugin=rhnplugin; yum update bsock bsock-libs --enablerepo=cloudlinux-updates-testing --disableplugin=rhnplugin

beta: lve-stats 0.10-12

New beta version of lve-stats is available. This version optimizes statistics collection in centralized MySQL database.

Changelog:
  • Added separate compacting for each server for the master algorithm to prevent execution of one long transaction which can be killed by the MySQL
To update:
$ yum update lve-stats --enablerepo=cloudlinux-updates-testing

Beta: CL6 and Hybrid Kernel 2.6.32-458.18.1.lve1.2.40.el6

New beta kernel is available. It is a rebase to upstream kernel 042stab082.3 that fixes several NFS, scheduler and file system related bugs.

To update CL6 servers
$ yum install kernel-2.6.32-458.18.1.lve1.2.40.el6 kmod-lve-1.2-42.el6 --enablerepo=cloudlinux-updates-testing

To update Hybrid servers
$ yum install kernel-2.6.32-458.18.1.lve1.2.40.el5h kmod-lve-1.2-42.el5h --enablerepo=cloudlinux-hybrid-testing

CloudLinux Images for AWS updated to 6.4

CloudLinux images for AWS were updated. Three images are available available at this moment:
  • CloudLinux 6.4 minimal
  • CloudLinux 6.4 with cPanel
  • CloudLinux 6.4 with Plesk
cPanel and Plesk images include CageFS, PHP Selector and MySQL Governor pre-configured.

You can find images here:
https://aws.amazon.com/marketplace/seller-profile?ie=UTF8&id=3d97f559-e78b-45de-94a3-4335c33346ad

Pages: Prev. | 1 | ... | 4 | 5 | 6 | 7 | 8 | ... | 21 | Next