Child pages
  • Best Practices for cPanel Virtualization Templates
Skip to end of metadata
Go to start of metadata

 

Overview

We recommend and support the use of the cPanel installer to install and provision cPanel & WHM. However, we understand that this is not the most efficient way for a VPS hosting company to provision a VPS, as this takes some extra time. This article is for hosting companies and data centers that want to be able to provision a VPS or VM with cPanel & WHM already installed for their customer. Installing cPanel in a templated environment shortens the customer's "setup" time so that they can create a VPS and start working on their website rather than their server.

Requirements

Note:

You will need to create a SWAP file or partition automatically for each new VPS, even if it is only 256 MB.

Remember:

The smaller the virtual disk of the template VM or VPS, the better. Since this virtual disk is only for a template, we recommend that you use a very small template to deploy new servers; 10 GB should be sufficient. Use your virtualization software to automatically expand the virtual disk capacity to a 20 GB minimum, once converted to a customer's VPS.

Warning:

To help prevent your development license from getting locked, we strongly recommend that you create a VM per template and keep it set up. This will allow you to have one license and IP address per templating VM and will prevent your license(s) from being locked. This will also allow you to start up the VM again when it is time to run updates.

Important:

Because we deprecated 32-bit systems in cPanel & WHM version 58, we only recommend creating 64-bit templates.

Tip:

You can apply for a free development license for your template server(s) via our Developer License Application.

We recommend that you apply for one license per template.

Example: If you create two templates, one for CentOS 7 and one for CentOS 6, you will want to apply for two licenses on two separate IP addresses. We keep the IP addresses specific to the template.

Create a Minimal VM for Templating

A minimal template VM consists of 10 GB and can be expanded later, per the customer's requirements.

This document creates a small template that will be expanded once you set it up on the customer's VPS. Create a new minimal VPS to prepare your template.

Pre-configuration

We recommend that you customize the following files:

/etc/cpupdate.conf
/etc/cpsources.conf
/etc/wwwacct.conf
/var/cpanel/cpanel.config

Select the tier you are running. The following are our 4 available tiers:

  • EDGE
  • CURRENT
  • RELEASE
  • STABLE

By default, cPanel automatically selects and installs the RELEASE tier. You can select a tier before you install cPanel on your template. Run the following commands (replacing current with your desired tier):

# touch /etc/cpupdate.conf
# echo "CPANEL=current" >/etc/cpupdate.conf

This will make cPanel install the version in the CURRENT tier and will cause future updates to pull from the CURRENT tier. Your customer can change this setting within WHM at a later time.

Notes:

  • You cannot downgrade major versions. This means that if you use CURRENT as your tier, your customer will be locked to that version or later.
  • Your customer can change this value later in WHM.

Note:

For more information on cpanel.config, visit our The cpanel.config File documentation.

Info:

If you are a cPanel Partner with your own FastUpdate server, you can edit /etc/cpsources.conf (HTTPUPDATE=fastupdate.example.com) so that all of your customers update from your FastUpdate Server. This is a good thing to template in. See Custom update mirrors for more info.

cPanel Installation

When you finish your pre-configuration, you can install cPanel & WHM. Follow the Installation Guide as you usually would to install cPanel.

Post-Installation

Once the cPanel installation is complete, you can set new defaults.

You can also modify additional configurations, such as hardening the server and locking down SSH.

Note:

We do not recommend that you complete the Initial Setup Wizard as the customer can do this. However, if you do choose to login to WHM when making the template, you will want to remove /etc/.whostmgrft prior to finalizing the template.

Remember:

Once the user spins up a VPS from your provided template, they will be able to run through the Initial Setup Wizard with your preconfigured options applied by default.

Before you shut down the VM to create the template, to prevent your license from being locked, be sure to run the following commands:

# /scripts/restartsrv_chkservd --stop
# /scripts/restartsrv_cpsrvd --stop
# rm -f /usr/local/cpanel/cpanel.lisc

The following bash script runs the commands shown above:

post-template.sh
#!/bin/bash

readonly PROGNAME=$(basename $0)
readonly PROGDIR=$(readlink -m $(dirname $0))
readonly ARGS="$@"

is_file() {
    local file=$1
    [[ -f $file  ]]
}

is_dir() {
    local dir=$1
    [[ -d $dir  ]]
}

main() {
    is_dir /usr/local/cpanel \
    && /scripts/restartsrv_cpsrvd --stop \
    && /scripts/restartsrv_chkservd --stop
    is_file /usr/local/cpanel/cpanel.lisc \
        && rm -f /usr/local/cpanel/cpanel.lisc
    is_file /etc/.whostmgrft \
        && rm -f /etc/.whostmgrft
    echo "You should now shutdown this instance and template it up"
}

main

 

 

Warning:

To avoid security issues before you finalize your template, be sure to remove generated SSH host keys and temporary files. Also, clear the hostname from any networking areas within the operating system and /etc/wwwacct.conf

 

 

Deploy your VPS

When you deploy the customer's VPS, you must automatically update some files. If you use libguestfs virt-sysprep, you can achieve this via "--firstboot" or "--firstboot-command". If you do not utilize libguestfs, consult your hypervisor's documentation for an alternative option to run scripts or commands upon first boot.

Warning:

If you use a tool such as libguestfs virt-sysprep to help finalize your template, ensure that you do not accidentally remove any user accounts or cron jobs.

Before you deploy your VPS, complete the following steps:

  • Automatically call /usr/local/cpanel/bin/set_hostname on the first boot of the image before any cPanel services start. You can either randomize the hostname or set the hostname based on your customer's choice.
  • Update ADDR within /etc/wwwacct.conf to the main IP address for the VPS.
  • If you run a 1:1 NAT environment, run /scripts/build_cpnat to build your NAT file, and configure Apache accordingly.
  • Run /scripts/rebuildhttpdconf to rebuild your Apache configuration with the correct addresses.

The following bash script executes the steps above, but does not update ADDR:

cust-deploy.sh
#!/bin/bash

readonly PROGNAME=$(basename $0)
readonly PROGDIR=$(readlink -m $(dirname $0))
readonly ARGS="$@"
readonly HOSTNAME=$(hostname --fqdn)
readonly CPHULKPASS=$(/usr/local/cpanel/3rdparty/bin/perl -MCpanel::PasswdStrength::Generate -e 'print Cpanel::PasswdStrength::Generate::generate_password(14)')
readonly MSECPASS=$(/usr/local/cpanel/3rdparty/bin/perl -MCpanel::PasswdStrength::Generate -e 'print Cpanel::PasswdStrength::Generate::generate_password(14)')
readonly ESTATSPASS=$(/usr/local/cpanel/3rdparty/bin/perl -MCpanel::PasswdStrength::Generate -e 'print Cpanel::PasswdStrength::Generate::generate_password(14)')
readonly LPROTPASS=$(/usr/local/cpanel/3rdparty/bin/perl -MCpanel::PasswdStrength::Generate -e 'print Cpanel::PasswdStrength::Generate::generate_password(14)')
readonly RCUBEPASS=$(/usr/local/cpanel/3rdparty/bin/perl -MCpanel::PasswdStrength::Generate -e 'print Cpanel::PasswdStrength::Generate::generate_password(14)')
readonly MYSQLPASS=$(/usr/local/cpanel/3rdparty/bin/perl -MCpanel::PasswdStrength::Generate -e 'print Cpanel::PasswdStrength::Generate::generate_password(14)')

is_file() {
    local file=$1
    [[ -f $file  ]]
}

is_dir() {
    local dir=$1
    [[ -d $dir  ]]
}

main() {
    is_dir /usr/local/cpanel \
        && /usr/local/cpanel/bin/set_hostname ${HOSTNAME} \
        && /usr/local/cpanel/bin/checkallsslcerts --allow-retry \
        && /scripts/build_cpnat \
        && /scripts/rebuildhttpdconf \
        && /scripts/mysqlpasswd root ${MYSQLPASS} \
    is_file /var/cpanel/hulkd/password \
        && /scripts/mysqlpasswd cphulkd ${CPHULKPASS} \
        && echo -e "user=\"cphulkd\"\npass=\"${CPHULKPASS}\"">/var/cpanel/hulkd/password \
        && /scripts/restartsrv_cphulkd
    is_file /var/cpanel/modsec_db_pass \
        && /scripts/mysqlpasswd modsec ${MSECPASS} \
        && echo ${MSECPASS} >/var/cpanel/modsec_db_pass
    is_file /var/cpanel/roundcubepass \
        && /scripts/mysqlpasswd roundcube ${RCUBEPASS} \
        && echo ${RCUBEPASS} >/var/cpanel/roundcubepass
    is_file /var/cpanel/eximstatspass \
        && /scripts/mysqlpasswd eximstats ${ESTATSPASS} \
        && echo ${ESTATSPASS} >/var/cpanel/eximstatspass \
        && /scripts/restartsrv_eximstats
    is_file /var/cpanel/leechprotectpass \
        && /scripts/mysqlpasswd leechprotect ${LPROTPASS} \
        && echo ${LPROTPASS} >/var/cpanel/leechprotectpass
}

main

Updating your Templates

As time goes by, you will find that your templates will become outdated.

To avoid this, have a set schedule to run cPanel updates on all of your templates.

When you are ready to update your template, run the following commands:

# yum update -y
# /scripts/upcp

Before you shut down the VM to create the template, to prevent your license from being locked, be sure to run the following commands:

# /scripts/restartsrv_chkservd --stop
# /scripts/restartsrv_cpsrvd --stop
# rm -f /usr/local/cpanel/cpanel.lisc

The following bash script runs the commands shown above:

post-template.sh
#!/bin/bash

readonly PROGNAME=$(basename $0)
readonly PROGDIR=$(readlink -m $(dirname $0))
readonly ARGS="$@"

is_file() {
    local file=$1
    [[ -f $file  ]]
}

is_dir() {
    local dir=$1
    [[ -d $dir  ]]
}

main() {
    is_dir /usr/local/cpanel \
    && /scripts/restartsrv_cpsrvd --stop \
    && /scripts/restartsrv_chkservd --stop
    is_file /usr/local/cpanel/cpanel.lisc \
        && rm -f /usr/local/cpanel/cpanel.lisc
    is_file /etc/.whostmgrft \
        && rm -f /etc/.whostmgrft
    echo "You should now shutdown this instance and template it up"
}

main

Final Notes

Most providers offer a few different templates.

For example:

cPanel & CentOS 6
cPanel & CentOS 7
cPanel & CloudLinux 6

cPanel & CloudLinux 7

Tip:

We recommend that, if you are considering creating templates, you become a cPanel Partner. Check out our Partner NOC Requirements. cPanel Partners can automatically provision their own cPanel, CloudLinux™, and KernelCare licenses through their billing system using our API. cPanel Partners can also enable or disable some very specific options within WHM. For more information, see our Partner NOC requirements.

Virtualization-specific Caveats

OpenVZ/Virtuozzo

Common Issues:

  • The hostname on OpenVZ/Virtuozzo may not be a Fully Qualified Domain Name (FQDN) on CentOS 7. Virtuozzo controls the hostname via VPS configuration (the --hostname parameter of the vzctl or prlctl commands). If you set Virtuozzo manually from inside the VPS, Virtuozzo will reset the hostname on the next reboot. Ensure that you set up the full hostname correctly upon provisioning, as cPanel requires an FQDN.
  • OpenVZ/Virtuozzo requires second-level quotas to be enabled which an cause quota-initiation issues. For more information read our Enable Quotas on a Virtuozzo® VPS documentation, or Virtuozzo's Documentation.
  • Jailshell requires specific steps to enable a full proc mount. For more information, read our How to Troubleshoot Jailshell Problems on a Virtuozzo or OpenVZ VPS documentation.