Delta has been launched! Delta is the first platform receiving a 7.5 designation and with all fractional platform releases is focused on experimental functionality. Delta’s primary goal is a full emancipation from Ensim for backend account edits, something that has become unmaintainable as platform complexity increases (for example, SSL configuration changes failing to reflect in HTTP configuration). Moreover all custom platform changes are provided in RPM form (yum.apnscp.com) or through Ansible providing an easier process to produce new platform clones, which as a benefit all platforms from Delta onward will be significantly smaller than Atlas as a means to reduce client density and reduce cumulative spam bot strain.
Major notes
- Based off CentOS/RHEL 7.5
- Software updates: PHP 7.2, MariaDB 10.3, PostgreSQL 10
- Account creation/deletion/removal driven 100% by Launchpad. Account creation 16x faster, edits 8x faster.
- xfs filesystem is now supported and in use on Delta. Some non-fatal crashes were noted during local VM testing and will be monitored for consistency during Delta’s testing window.
- Server provisioning driven 100% through automation (apisnetworks/apnscp-playbooks)
- NSS, PAM authentication modules use Tokyo Cabinet for faster domain lookups over BDB
- NSS caching on by default via nscd: hosts, group, services, netgroup lookups are now cached to reduce overhead. In previous iterations this feature was briefly introduced, but resulted in problems for getpwnam() lookups. passwd caching, which also performs jailing, is suspected to be the cause. Consequently, caching for passwd lookups is disabled.
- Firewall restrictions on by default. All ports except account ports (40000-49999) are filtered unless where necessary for service accessibility.
- Upstream content caching now available. HTTP responses must provide necessary cache-control headers to utilize. WordPress, for example, when cached upstream increases its throughput from 153 req/second to 3765 req/second an improvement of 24x.
Software changes
- Passenger upgraded to 5.0.30
- Any-version Go supported through goenv
- rbenv replaces rvm for Ruby management
- Ruby interpreters may now be installed by site admin
- Python interpreters may now be installed by site admin
- Python libraries will prefer /usr/local/lib/python, unless user is not in wheel (secondary users), in which case ~/.pyenv/python is preferred
- phpMyAdmin location renamed from /MyAdmin to /phpMyAdmin
- cgi-bin/ no longer redirects to /var/www/cgi-bin, but instead the domain’s document root
Panel changes
- Diskquota service now supports “fquota”, an inode quota
- Bandwidth quota supports “units” which specifies the target units for “threshold”
- Launchpad will attempt to rollback an in-place edit if any component in the chain fails. Some exceptions exist, such as with passwords, that once in the system can never be recovered.
Testing
- rspamd as a replacement for SpamAssassin. rspamd is presently acting as the first filter for mail with SpamAssassin filtering whatever passes through. rspamd is able to filter at a much higher rate with a goal to use it for outbound mail filtering based upon testing