CloudLinux Subsystem for Ubuntu® (Beta release)
* All mentioned in this article trademarks, logos, and copyrights are property of their respective owners and are only mentioned for informative purposes.
** Ubuntu is a registered trademark of Canonical Ltd.
CloudLinux OS is releasing a Stable version of a free extension designed exclusively for Ubuntu® 20.04 LTS users.
Read more: https://blog.cloudlinux.com/cloudlinux-subsystem-for-ubuntu-20.04-stable-release
Table of content
- cPanel for Ubuntu® 20.04, plus CloudLinux Subsystem - easy then conversion route
- Solving the gaps in Ubuntu® hosting
- What is the role of the CloudLinux Subsystem for Ubuntu®?
- Overcoming problems with server limitations through LVE
- What kind of limits are available for Ubuntu® right now?
- What other features will be available for the CloudLinux Subsystem for Ubuntu®?
- Switching quickly and safely
Ubuntu® remains a very popular OS. Sure, measuring the relative market share of Linux distributions is incredibly difficult because there are many sources of data, and every source measures something else.
But let’s face it – Ubuntu® is hugely popular, despite the fact that like every other Linux distribution, it has its pros and cons. It’s worth noting as well that the popularity of Ubuntu® has been given a boost due to the demise of the CentOS stable release. It’s no surprise Ubuntu® has swooped in and claimed the title of “most popular Linux distribution”.
That’s of course why CloudLinux OS released an easy migration route for Ubuntu® servers. In this article we’ll explain why you may want to consider CloudLinux Subsystem for your Ubuntu® fleets – including outlining all the benefits of CloudLinux OS, and how easy it is to switch.
cPanel for Ubuntu® 20.04, plus CloudLinux Subsystem - easy then conversion route
cPanel announced their support for Ubuntu® in 2022 and now, we are happy to announce that CloudLinux OS also released a free extension for Ubuntu® 20.04 LTS - CloudLinux Subsystem for Ubuntu®. That means Ubuntu® users can add CloudLinux OS features to their servers without any need to convert the server or re-install the OS, or to migrate away from Ubuntu®.
With just a few simple steps you can gain all the stability, security, and performance features in an easy way through a simple out-of-the box experience.
Both CloudLinux and cPanel are adding support for Ubuntu® as a response to CentOS reaching its end of life. It gives cPanel and WHM users more open-source Linux distribution architecture options within their current infrastructure while providing a more robust business suite of solutions to help customers scale and expand their business hosting operations.
Because CloudLinux Subsystem is now compatible with Ubuntu® 20.04, hosting on Ubuntu® 20.04 is now expanded by the advanced security features and a range of server resource limitation features that’s been at the core of CloudLinux OS.
Together these two news items uplift Ubuntu® hosting to the next level, where users can manage their hosting plans easily, and where end-users can choose from different hosting plans and not worry about the instability of free software. After all, CloudLinux Inc. is enterprise-grade, offering 24/7 support.
Solving the gaps in Ubuntu® hosting
Resource distribution on a shared server is a major challenge, and there is a real question about how hosting companies using Ubuntu® are currently dealing with these limits. It’s worth considering the profit and operational cost difference between simple Ubuntu® shared server hosting and the more advanced ability to manage users on a server, for example, a cPanel and CloudLinux Subsystem configuration.
Ubuntu® as it stands has many advantages. It has frequent updates, it is feature-rich and cutting-edge, and it is developer-friendly. The OS is also very stable with support for five years for major releases.
There are a couple of issues though including higher resource consumption, and Ubuntu® is comparatively less secure out of the box, requiring more support to stay up to date. Outdated PHP versions are another issue. For a quick comparison, reference this side-by-side look from our friends at best-web-hosting.org.
What is the role of the CloudLinux Subsystem for Ubuntu®?
CloudLinux Subsystem enhances the Ubuntu® experience by providing security, stability, and profitability for hosting providers. Meaning that those hosts who chose Ubuntu® can enjoy a more stable, updated, and reliable OS. What’s more, with CloudLinux Subsystem, all the issues regarding resource consumption can be solved with seller limits, and security – including the CageFS feature.
The CloudLinux Subsystem also offers peripheral solutions like HardenedPHP which secures old and unsupported versions of PHP. In those old versions, including the widely used 7.2, 7.1, 7.0, and 5.6, vulnerabilities, even if discovered, are not patched by the PHP.net community. HardenedPHP takes care of all this.
It’s accomplished through deb-packages which enable CloudLinux features on Ubuntu® OS. So, the main goal of this subsystem is to allow the already existing functionality to work on another OS. Key features that will be useful center around setting user limitations in shared Linux hosting environments.
Linux is a good operating system for Web hosting. It’s free, stable, and provides solid performance, which is why over half of the world’s web servers run a Linux distribution as their OS. Linux is not, however, optimized for web hosting, because it wasn’t designed specifically for that purpose.
For example, how can web hosting providers identify a particular site that’s using an inordinate amount of server resources? It matters for a hosting firm’s profitability. Putting more sites on a server saves money, but doing it in a way that may crash the server, or enable sites to drain resources, can raise its costs or even cause customers to find another web host.
Overcoming problems with server limitations through LVE
The solution is to enable web hosts to control CPU and IO resource needs at an individual user level. This helps contain resource-draining sites, and prevents a single customer from overloading and bringing down the server.
Now, with the CloudLinux Subsystem for Ubuntu® being released, web hosting providers using Ubuntu® can do that. By adding CloudLinux Subsystem to their OS, they can effectively manage their servers at a per-user level.
CloudLinux Subsystem provides this capability through its Lightweight Virtual Environment (LVE). Its LVE, unlike a hypervisor or virtualized container that creates a full virtual server, isolates hardware resources such as the CPU, I/O, and memory in a lightweight container. It's LVE then limits these resources to a specific process or customer.
With its LVE, CloudLinux Subsystem achieves better separation between sites and prevents one from affecting others, even when one site generates a sudden peak load. Sysadmins can manage this using LVE Manager, a plugin for cPanel, that allows them to monitor and set resource limits on a per-site basis. With its LVE and LVE Manager plugin, CloudLinux Subsystem enables web hosting providers to lower their costs:
- More customers can be serviced efficiently on existing infrastructure
- Better-optimized servers reduce hardware footprint and thus real estate costs
- More efficient servers mean fewer server upgrades and less maintenance
- More stable servers reduce expenses needed to support customers
- Fewer support staff are needed to manage more customers
- Less staff time is spent on fielding customer issues resulting from server outages
It enables hosts to increase revenue because more customers can be serviced more efficiently, increasing customer loyalty and lifetime value. More efficient operations can free staff to focus on the introduction of more and better revenue-generating opportunities
What kind of limits are available for Ubuntu® right now?
There is a broad range of different restrictions that CloudLinux Subsystem users can implement on their Ubuntu® workloads:
- SPEED - CPU speed limit, relative to a single core, or specified in HZ (portable across CPUs)
- CPU - CPU Limit (smallest of CPU & NCPU is used)
- NCPU - max number of cores (smallest of CPU & NCPU used)
- PMEM - physical memory limit (RSS field in ps/RES in top). Also includes shared memory and disk cache
- VMEM - virtual memory limit (VSZ field in ps/VIRT in top)
- IO - IO throughput - combines both read & write operations
- IOPS - restricts total number of read/write operations per second.
- NPROC - number of processes within LVE
- EP - limit on entry processes, i.e. max number of concurrent connections to Apache dynamic scripts as well as SSH and cron jobs running simultaneously.
Furthermore, you can also enable inode limits. VE Manager inodes limits extension allows setting inode limits for the customers. An inode is a data structure on a file system used to keep information about a file or a folder. The number of inodes indicates the number of files and folders an account has. Inodes limits work on the level of disk quota and will be enabled on /home partition only.
LVE Manager also allows you to set a soft and hard IO limit, where a hard limit prevents a user from writing data to disk and where a soft limit can be exceeded for a period of time. You can set inodes limits using LVE Manager, the same way you would set any other LVE Limits:
Finally, reseller limits – is a feature that allows hosters to limit the resources each reseller can operate. Reseller limits put a restriction on the cumulative resources this reseller and his end-users can use at any given moment in time.
Reseller limits feature also enables hosters to give their resellers control over the end-user’s resources. Resellers can assign limits to their end-users as they want, even if they are higher than the limits assigned to the reseller. The reseller’s end-users will not be limited by the reseller limits unless their cumulative usage goes above the limits the hoster assigned to their reseller.
What other features will be available for the CloudLinux Subsystem for Ubuntu®?
Apart from Limitation features, Ubuntu® users will also get some additional features such as:
- LVE Wrappers - LVE wrappers are the set of tools that allow system administrators to run various users, programs & daemons within Lightweight Virtual Environment, and allows system administrators to have control over system resources such programs can have.
- CageFS - CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. It prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
- Hardened PHP - HardenedPHP secures old and unsupported versions of PHP. increase customer retention by not forcing upgrades to a newer PHP version.
- Mod_hostinglimits - Apache module that detects VirtualHost from which the request came; detects if it was meant for CGI or PHP script; puts Apache process used to serve that request into LVE for the user determined via SuexecUserGroup directive for that virtual host; lets Apache to serve the request; removes Apache process from user's LVE.
- Symlink owner match protection - protects against symlink attack where attacker tricks Apache web server to read some other user PHP config files, or other sensitive files.
- Link traversal protection - prevents such attacks by preventing user from creating symlinks and hardlinks to files that they don’t own.
- Tuned profiles - brings a range of kernel under-the-hood tunings to address high LA, iowait issues that were detected earlier on particular user’s deployments. The package also encloses OOM adjustments to prioritize the elimination of overrun PHP, lsphp, Phusion Passenger workers processes over other processes (e.g. ssh, a cron job).
As you can see it’s a very comprehensive range of features that truly changes Ubuntu® into a professional-grade multi-tenant website hosting OS.
Switching quickly and safely
Please note! This is the first beta release of CloudLinux Subsystem for Ubuntu®, we do not recommend installing it on a production server right away, but we would appreciate your feedback if you try it in your test environment.
As of now, only cPanel control panel is supported. You can also use CloudLinux Subsystem for Ubuntu® at the server without control panel. Plesk and DirectAdmin are not supported yet.
It’s easy to swap and expand an existing in-place OS to CloudLinux Subsystem. To install the CloudLinux subsystem, run the following commands on your Ubuntu® OS:
# apt install python3
# wget https://repo.cloudlinux.com/cloudlinux-ubuntu/sources/cln/ubuntu2cloudlinux.py
# python3 ubuntu2cloudlinux.py
# reboot
More detailed information can be found in our documentation CloudLinux Subsystem for Ubuntu® or requested directly from the product team via product@cloudlinux.com.
By now you should have a good idea of the benefits of the CloudLinux Subsystem for Ubuntu® hosting environments. Want to know more? Feel free to direct questions to our support team, and to share your feedback in comments under this article.