Delta, the first experimental platform built on apnscp

Delta has been launched! Delta is the first platform receiving a 7.5 designation and with all fractional platform releases is focused on experimental functionality. Delta’s primary goal is test apnscp 3.0, which is the first release of apnscp to be completely standalone without external dependencies, something that has become unmaintainable as platform complexity increases (for example, SSL configuration changes failing to reflect in HTTP configuration). Moreover all platform customizations are provided in RPM form (yum.apnscp.com) or through Ansible playbooks facilitating an easy process to produce the platform consistently.

apnscp is still on track for a July pre-alpha release!

Major notes

  • Based off CentOS/RHEL 7.5
  • Software updates: PHP 7.2, MariaDB 10.3, PostgreSQL 10
  • Account creation/deletion/removal driven 100% by Launchpad. Account creation 16x faster, edits 8x faster.
  • xfs filesystem is now supported and in use on Delta. Some non-fatal crashes were noted during local VM testing and will be monitored for consistency during Delta’s testing window.
  • Server provisioning driven 100% through automation (apisnetworks/apnscp-playbooks)
  • NSS, PAM authentication modules use Tokyo Cabinet for faster domain lookups over BDB
  • NSS caching on by default via nscd: hosts, group, services, netgroup lookups are now cached to reduce overhead. In previous iterations this feature was briefly introduced, but resulted in problems for getpwnam() lookups. passwd caching, which also performs jailing, is suspected to be the cause. Consequently, caching for passwd lookups is disabled.
  • Firewall restrictions on by default. All ports except account ports (40000-49999) are filtered unless where necessary for service accessibility. Invariably these ports too will be locked down and become a tuneable or require administrator approval for accounts to open on an account-by-account basis.
  • Upstream content caching now available. HTTP responses must provide necessary cache-control headers to utilize. WordPress, for example, when cached upstream increases its throughput from 153 req/second to 3765 req/second an improvement of 24x.

Software changes

  • Passenger upgraded to 5.1.12
  • Any-version Go supported through goenv
  • rbenv replaces rvm for Ruby management
  • Ruby interpreters may now be installed by site admin
  • Python interpreters may now be installed by site admin
  • Python libraries will prefer /usr/local/lib/python, unless user is not in wheel (secondary users), in which case ~/.pyenv/python is preferred
  • phpMyAdmin location renamed from /MyAdmin to /phpMyAdmin

Panel changes

  • Diskquota service now supports “fquota”, an inode quota
  • Bandwidth quota supports “units” which specifies the target units for “threshold”
  • apnscp will attempt to rollback an in-place edit if any component in the chain fails. Some exceptions exist, such as with passwords, that once in the system can never be recovered.

Testing

  • rspamd as a replacement for SpamAssassin. rspamd is presently acting as the first filter for mail with SpamAssassin filtering whatever passes through. rspamd is able to filter at a much higher rate with a goal to use it for outbound mail filtering based upon testing