cPanel Virtualization Templates’ Best Practices

1
cPanel Virtualization Templates Best Practices
2
Table of Contents

• Introduction
• cPanel Partner
• Getting a Development License
• Creating a Minimal Installation for Templating
• Configuration Files Pre-Installation
• Update Configuration Settings
• Update Download Location Settings
• Basic Server Settings
• cPanel WHM Configuration Settings

• cPanel WHM Installation, Post-Installation
  Tasks
• Prevent Locked Licenses
• Avoiding Security Vulnerabilities
• Finalizing Template
• Finalizing Tasks
• Deployment Tasks
• Updating Templates over Time
• Common Issues in OpenVZ and Virtuozzo

3
Introduction

• It needs to be mentioned that although the use of
  the usual cPanel WHM installation process is
  recommended and supported, it might take some
  time than that which is necessary for VPS
  (Virtual Private Server) and VM (Virtual Machine)
  hosts. The alternative is to provision VPS or VM
  systems with a templated cPanel WHM
  environment.
• cPanel is a popular web hosting control panel
  that is used in web hosting. Web hosting is a
  service provided by web hosting companies that
  makes websites accessible over the Internet. The
  Best Website Hosting Company, the Best Cloud
  Hosting Company, the Best Windows Hosting
  Company are the terms that are used to refer to
  the best hosting service providers.

4
cPanel Partner

• Those that offer template installations of cPanel
  WHM, are recommended to become a cPanel
  Partner. cPanel Partners have the opportunity to
  use the cPanels API for automatically
  provisioning their very own licenses for cPanel
  WHM, KernelCare, and Cloud Linux through their
  billing system. It is also possible for cPanel
  Partners to enable or disable certain specific
  options within WHM.

5
Getting a Development License

• Prior to beginning, apply for a development
  license that is free, via the Developer License
  Application. In this context, these are the
  following points to mention
• Application can be initiated for one license per
  template.
• Each template has a specific IP address.

6
Creating a Minimal Installation for Templating

• The following points are recommended while
  creating templates
• Creating templates that are only 64-bit. 32-bit
  systems are not supported by cPanel WHM.
• Templates should be kept small. Post converting
  the template for the VPS of a customer, you need
  to use your virtualization software for
  automatically expanding the virtual disk capacity
  to a minimum of 20 GB.Each template has a
  specific IP address.

7
Configuration Files Pre-Installation

• Extensive documentation is available on how to
  preconfigure cPanel WHM. The need to log in to
  the VPS or VM, prior to granting access to your
  customer, is usually done away with when the
  files are preconfigured.
• As per recommendation, the following files need
  to be customized
• Update Configuration Settings
• Update Download Location Settings
• Basic Server Settings
• cPanel WHM Configuration Settings
• Each of these is discussed next.

8
Update Configuration Settings -
/etc/cpupdate.conf

• Through this file you can configure cPanel
  WHMs release tier and other update settings.
  These settings can be changed by the user at any
  time, within WHM. Most of these settings can be
  found in the Update Preferences interface in WHM.
• WHM gtgt Home gtgt Server Configuration gtgt
  Update Preferences
• It needs to be mentioned that you cant downgrade
  major versions. Moreover, you cant change the
  release tier of a server to circumvent this
  restriction.

9
Update Download Location Settings -
/etc/cpsources.conf

• With the aid of this file those locations can be
  determined from where your server downloads
  updates. As per the default setting, updates are
  retrieved directly by cPanel WHM servers from
  cPanel L.L.C. This happens through the
  httpupdate.cpanel.net pool of update servers.
• If you are an existing cPanel Partner and have
  your own FastUpdate server, then it is possible
  for you to edit the HTTPDUPDATE setting in order
  to update only from that FastUpdate server.
• HTTPUPDATEfastupdate.example.com

10
1-800-123 -8156

• Whoa! Thats a big number, arent you
  proud?

11
Basic Server Settings - /etc/wwwacct.conf

• Basic information related to server for cPanel
  WHM is contained in this file. This information
  includes the IP address, home directory and
  nameservers. Most of the settings which appear in
  the Basic WebHost Manager Setup interface in WHM
  are included in it.
• WHM gtgt Home gtgt Server Configuration gtgt
  Basic WebHost Manager Setup

12
cPanel WHM Configuration Settings -
/var/cpanel/cpanel.config

• cPanel WHMs extensive configuration options
  are contained in this file. Most of the settings
  that are present in the Tweak Settings interface
  in WHM are included in it. Additionally, it
  includes other settings throughout cPanel WHM.
• WHM gtgt Home gtgt Server Configuration gtgt
  Tweak Settings

13
cPanel WHM Installation, Post-Installation
Tasks

• cPanel WHM Installation cPanel WHM can be
  installed post the completion of preconfiguring
  your installation.
• Post-Installation Tasks New defaults could be
  set, once cPanel WHM has been installed
  successfully. Additionally, SSH could be secured
  and the security configuration could be updated.
• However, it is recommended that while making the
  template, you dont log in to WHM. If you log in,
  then you need to remove the /etc/.whostmgrft 
  file, prior to publishing the template. You
  should not shut down the VM for creating the
  template, until after you have carried out
  certain steps.

14
Prevent Locked Licenses

• It is highly recommended that one VM be created
  per template and maintained to ascertain that
  your development license doesnt get locked by
  cPanel L.L.C. This will result in the following
• The need for a single license and one IP address
  for each templating VM.
• Confirm that your license or licenses do not get
  locked by cPanel L.L.C.
• Lets you restart the VM for performing updates.
• You need to run the below-mentioned commands in
  order to ensure that your license doesnt get
  locked by cPanel.
• /scripts/restartsrv_chkservd --stop
• /scripts/restartsrv_cpsrvd --stop
• rm -f /usr/local/cpanel/cpanel.lisc
• There is a certain BASH script that runs the
  above-mentioned commands.

15
Avoiding Security Vulnerabilities

• You need to ensure the following, prior to
  finalizing your template, in order to avoid
  security issues
• Removal of the generated SSH host keys and
  temporary files.
• Clearing the hostname from within the operating
  system and the file, /etc/wwwacct.conf

16
Finalizing Template

• All the system requirements need to be met by
  your template. Rather, it is recommended that the
  templates exceed meeting the system requirements.
  Certain different templates are offered by most
  providers.
• It needs to be mentioned that each VPS or VM
  requires a SWAP file or partition. The partitions
  need to have at least 256 MB.

17
Finalizing Tasks

• You need to finalize your template, prior to
  deploying your VM or VPS, and after you have
  completed the post-installation tasks. Each of
  the below-mentioned actions needs to be
  performed
• The ADDR value needs to be updated in the file,
  /etc/wwwacct.conf , with the VPS or VMs main IP
  address.
• The script, /usr/local/cpanel/bin/set_hostname,
  needs to be run automatically, on the images 1st
  boot, prior to any cPanel WHM services
  starting. The hostname can be randomized or it
  can be set as per the choice of your customer.
• If a 11 NAT environment is being run, then the
  script, /scripts/build_cpnat needs to be run to
  build the NAT file.
• The script, /scripts/rebuildhttpdconf needs to be
  run for rebuilding your Apache configuration with
  the right address.
• A BASH script carries out all these tasks, except
  updating the ADDR value.

18
Deployment Tasks

• Some files need to be automatically updated when
  the VPS of the customer is deployed. If the
  command, libguestfs virt-sysprep is being used,
  then it can be done via the following options
• firstboot
• Or
• -firstboot-command
• It needs to be ensured that if a tool, such as
  libguestfs virt-sysprep is being used for
  finalizing the template, then no user accounts or
  cron jobs get removed accidentally. If the
  libguestfs command isnt being used then you need
  to consult the documentation of your hypervisor
  to look for an alternative option for running
  scripts or commands upon 1st boot.

19
Updating Templates over Time

• Templates need to be updated as and when updates
  are released by cPanel L.L.C. Regular updates
  need to be planned for all the templates in order
  to avoid this situation.
• The below-mentioned commands need to be run in
  order to run a cPanel WHM update for the
  template.
• yum update -y
• /scripts/upcp
• It needs to be mentioned that prior to shutting
  down the VPS or VM in order to recreate the
  template, the same commands that are from the
  section, Prevent Locked Licenses, need to be run.
  If that isnt ensured then your license might
  become locked.

20
Common Issues in OpenVZ and Virtuozzo

• The common issues that are encountered while
  using OpenVZ or Virtuozzo are mentioned below
• Hostnames The requirement for a FQDN (Fully
  Qualified Domain Name) might not be met by your
  hostname on CloudLinux 7 or 8, AlmaLinux 8,
  CentOS 7 or 8, or on Red Hat Enterprise Linux 7.
  The hostname is controlled by Virtuozzo via the
  VPS configuration. When hostname is set manually,
  it will be reset by Virtuozzo on the next reboot.
  It needs to be ensured that the full hostname is
  set up correctly post the VMs provisioning. An
  FQDN is required by cPanel WHM.
• Quotas Second-level quotas need to be enabled
  for OpenVZ and Virtuozzo. This can result in
  issues that have to do with quota-initiation.
• Jailshell Specific steps are required for
  enabling a full proc mount in Jailshell.

21
Thanks!

• ANY QUESTIONS?

• www.htshosting.org