You can install CL in such a system where the below specs are met.
a. OS/Panel Version - Centos with any cPanel version
b. Symptoms - high load conditions due to high usage of accounts in a shared server
c. How to recreate - high load
d. Solution - Implement Cloud linux
1.How to convert a Centos system to a Cloudlinux.
Download the script to convert Centos to CL
# wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cpanel2cl
Run the script with the license key
# sh cpanel2cl -k <license key>
Edit the grub.conf and set the default value to the installed CL kernel and then do a reboot of the system to load the new kernel.
Rebulid the apache conf with the previous saved configuration.
# /scripts/easyapache –build
2.How to enable LVE manager in CL
LVE is a kernel level technology developed by the CloudLinux team. The technology has common roots with container based virtualization and uses cgroups in its latest incarnation. It is lightweight, and transparent. The goal of LVE is to make sure that no single web site can bring down your web server. The Module mod_hostinglimits should also be enabled for this.
mod_hostinglimits is apache module that:
• Detects VirtualHost from which the request came.
• Detects if it was meant for cgi or PHP script.
• Puts apache process used to serve that request into LVE for the user determined via SuexecUserGroup directive for that virtual host.
• Lets apache to serve the request.
• Removes apache process from user's LVE.
Install the LVE manager using yum
# yum install lvemanager
Enable the LVE manager using the command lvectl.
# lvectl ubc enable –save
If you want to set the LVE memory limit for all the LVE id's to some value, say 512 MB, use the script below.
# for i in $(cat /proc/lve/list | cut -f1 | awk 'NR>3'); do lvectl set $i --vmem=512M --save ; done
# for i in $(cat /proc/lve/list | cut -f1 | awk 'NR>3'); do lvectl set $i --pmem=512M --save ; done
3.How to install cagefs
CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc...
The benefits of CageFS are:
• Only safe binaries are available to user
• User will not see any other users, and would have no way to detect presence of other users & their user names on the server
• User will not be able to see server configuration files, such as Apache config files.
• User's will have limited view of /proc file system, and will not be able to see other' users processes
Install cagefs from yum and enable it on the system.
# yum install cagefs
# /usr/sbin/cagefsctl --init
# /usr/sbin/cagefsctl –enable-all
Edit /etc/cagefs/cagefs.mp to make sure it has all needed mount points.
# cagefsctl --update
# service cagefs restart
# cagefsctl –remount-all
4.How to enable Secure links
Starting with kernel lve22.214.171.124 and lve0.8.62 and higher, SecureLinks are implemented on the kernel level. They are set via kernel level parameters and can be overwritten using sysctl.
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = XX
When fs.enforce_symlinksifowner set to 1, processes with GID XX will not be able to follow symlinks if they are owned by user1, but point to file owned user2. You should give the GID of apache here.
edit file /etc/sysctl.conf, add line:
fs.symlinkown_gid = XX
In this forum you can read tutorials. You can also post your own tutorials to help other members.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest