With v3.1.41 comes support for RedHat Enterprise Linux 8 and its FOSS variant, CentOS 8, released in May 2019. RHEL 8 provides several key enhancements, including support for TLS v1.3 that improves handshake overhead.

TLS v1.3 is required for QUIC protocol (HTTP/3), which is still in drafting stage but will stabilize drafts by 2021 if not later this year based upon the draft lifecycle of HTTP/2.

Long development of HTTP/3
HTTP/2 (formerly "httpbis") draft to RFC lifecycle

In addition to the exciting, there's also the mundane. cgroupsv2 is now available for resource management. v2 offer a few fascinating opportunities for development: first, a unified controller hierarchy allows for deduplication of mount points. If you're running ApisCP with 800+ accounts, you've noticed a slowdown in adding sites when resource enforcement is enabled (cgroup,enabled=1). Each site requires a minimum of 4 cgroup mounts. 800 x 4 = 3200 additional mountpoints. That's ignoring support for freezer or net_cls cgroups which allow for reliably transitioning a site to a separate storage mount or counting network traffic from an account. A unified hierarchy allows ApisCP to stack all cgroup controllers without impeding mountpoint enumeration in /proc/mounts.

Second exceptional feature is accessibility improvements to the memory controller internals. We can look at pressure stalls to bring the OOM killer out of kernel space into user space with oomd, which significantly improves reliability by avoiding stalls in kernel during OOM conditions.

Cockpit is available as an accessory management service to view system logs and manage services. To enable, run yum install -y cockpit ; systemctl enable --now cockpit.socket then visit https://<HOSTNAME>:9090, logging in with your root password. For encryption standards and better protection through Evasive, it's recommended to put this behind Apache using ProxyPass.

Cockpit management cluster

Migrating

Use the builtin migration facility in ApisCP to move your sites over from an older CentOS 7 server to a sparkling new CentOS 8. Once all your sites are migrated over, copy over your license from the old server and you're done. If both servers use the same DNS configuration, then DNS updates automatically post-migration.

You can use a combination of admin:collect() + JSON + jq to automate the entire process for active sites.

yum install -y json
cpcmd -o json admin:collect '[]' '[active:true]' | jq -r 'keys[]' | while read -r SITE ; do 
	echo "Migrating $SITE"
	apnscp_php /usr/local/apnscp/bin/scripts/transfersite.php -s new.server.name $SITE
done

Fine print

Not everything is perfect though, there are a few niggling issues that hopefully will improve as 8 matures:

  • post-transaction-actions does not exist with dnf released for RHEL8. Backporting from FC32 to RHEL8 requires some adjustments as the dnf API is slightly different. We'll work on bringing that to ApisCP. Until then, periodic dnf updates won't replicate into the filesystem template automatically like with CentOS/RHEL7. You can manually do this using scripts/yum-post.php resync --force. A migration will be shipped with a release to perform this task automatically when it's implemented.
  • TimescaleDB on PostgreSQL 12 is not available yet.
  • A handful of -devel packages are missing upstream; however, this causes no build issues and may only be encountered in exotic third-party configurations (libuv, libpsl, libdb4).

Worth noting as well, there's no discernible improvement in build times between CentOS 7 (python2) and CentOS 8 (python3) despite a few additional tasks. Both complete in ~40 minutes on a good server. In fact, in most situations, CentOS 8 took slightly longer (5 ± 3 minutes) to build over CentOS 7.

As always, if you run into any issues feel free to reach out on the forum or Discord where most development chatter occurs.