We're happy to announce the release of InterWorx-CP version 2.1.0.

This update will be applied automatically within 24 hours if your server has auto-updates enabled (the default). If you choose to perform the update manually, we recommend logging into your server as root, and running the command:

yum update
If you receive an error like this:
rpmdb: Program version 4.2 doesn't match environment version
....
see this thread: http://interworx.info/forums/showthread.php?t=731

If you have any problems with this update please open a Support Ticket (https://secure.interworx.info/support/helpdesk/?_a=tickets&_m=submit).

Here's a list of the new features.

* Load Balanced Clustering
InterWorx-CP is the first and only control panel to fully support load balanced clustering of multiple InterWorx-CP (2.1.0+) boxes. A Load balanced cluster allows you to spread your traffic over many servers and build in redundancy by having multiple servers serve your websites.

The InterWorx-CP clustering system allows you to easily create a 2+ node cluster that InterWorx-CP itself will load balance using LVS (linuxvirtualserver.org).

All clustering operations, including node management are handled by InterWorx-CP itself. The InterWorx-CP clustering solution needs no special hardware and is an out-of-the-box solution for clustering multiple InterWorx-CP servers.

* Firewall Configuration
InterWorx-CP now allows you to manage and configure your server's firewall settings easily with a firewall interface build over the Advanced Packet Firewall (APF) from rfxnetworks.com

* Service Monitor
InterWorx-CP has integrated rfxnetworks System Integrity Monitor (SIM) that allows you to monitor your HTTP, FTP, and MySQL services. The monitoring will trigger a restart automatically if any monitored service goes down unexpectedly.

* Mass Account Import
Easily transfer multiple accounts from one InterWorx-CP server to another, or from a cpanel server to an InterWorx-CP server.

* Maintenance Script Speed Boost
InterWorx-CP's maintenance scripts now run faster and more efficiently.

* MySQL configuration file editing
Easily make changes to common MySQL configuration options from within the InterWorx-CP interface.

* 'Start On Boot' functionality
Choose whether a particular service starts automatically when server reboots.

* VPS Support
A few changes to make InterWorx-CP more functionally complete in VPS installs including virtual network device detection.

* Bandwidth Usage History
Under the Stats Menu in SiteWorx, the user can see their Bandwidth Usage History

* Configurable "Billing Day" for each account
Each SiteWorx account can now have a different "billing day." This corresponds to the day of the month that the bandwidth usage for the account is reset to 0 and corresponds to those folks using the "Anniversary" billing method.

There are many other small improvements and bug fixes, some of which include:
- PHP XMLRPC (API) Security Issue resolved
- Many improvements and fixes for the account import feature.
- SOA record and Serial are now included in the dns export feature.
- Added more variables to the /home/interworx/etc/vhost-base.conf template file - <<UNIQNAME>> and <<PACKROOT>>
- Changed login page to use the default system language rather than always English
- Update Script versions available in ScriptWorx
- API core completely rewritten for easier expansion

Paul

* Firewall Configuration
InterWorx-CP now allows you to manage and configure your server's firewall settings easily with a firewall interface build over the Advanced Packet Firewall (APF) from rfxnetworks.comIt's nice having a GUI with the APF. I assume that any port not listed is blocked by the default drop policy?

* Maintenance Script Speed Boost
InterWorx-CP's maintenance scripts now run faster and more efficiently.I've noticed about a 50% drop in average CPU usage since the update!
Cleaning up code isn't as much fun as writing new stuff, but you sure put some time into the optimize effort. Great Job :D

* Service Monitor
InterWorx-CP has integrated rfxnetworks System Integrity Monitor (SIM) that allows you to monitor your HTTP, FTP, and MySQL services. The monitoring will trigger a restart automatically if any monitored service goes down unexpectedly.I've had a problem with HTTP not wanting to start back up after the nightly (*daily - the stats, etc. script*) script runs. So I created a cron job to check this for me. Now I will have to give this SIM a try. Is there anything that needs to be configured through NodeWorx for this or is it just like a background service that is already running? (nevermind, I see how it is now, very intuitive)

It's nice having a GUI with the APF. I assume that any port not listed is blocked by the default drop policy?

Correct. Any ports not listed will be filtered out (unless your IP is in the Trusted IP's list). We set the default policy for TCP to 'drop', but you can change it 'reset' or 'reject' if you prefer.

Im having problems connecting with FTP after the udpate. I'm sure its the firewall and before I had setup a range of ports to allow that were commonly used for PASV connections. Im trying to add a range via the NodeWorx interface but doens't seem to like it. Is there a certain syntax or are only individual ports allowed? I tried x_x and x-x.

I SSH'd and added the ports manually using the x_x format and its working now, but in NodeWorx is just show the *first* X. Also, would be nice if we could name the service too, like the default ones.

Wow this is great. I can't wait to break Rollie's box playing with this new stuff :) Be ready to get some support tickets and calls :) Although normally I find it pretty hard to break IWorx...

Excellent, always a great day when Interworx gets an update. I have two Interworx servers so I may have to try the load balancing out. :cool:

Kudos on the upgrade .. as always, nearly transparent. 3 comments:

1) I forced a (software) reboot (for the heck of it ... not because it was needed), after which the server required a manual fsck of its / partition. I'm sure that's not a normal circumstance, but thought I'd say it out loud in case anyone else with a (legacy) Redhat 9 install gets 'stuck.'

2) Love the integration of APF (which is working more successfully than my manual install of it - no surprise here .. :) ). I've scrapped my custom firewall to use the GUI. Are there any plans to allow (Nodeworx) users to add 'Service Names' to the ports we manually add to APF?

3) Any plans to add BFD to IWorx?

Again, congrats and cheers to a great team.

JB

* Service Monitor
InterWorx-CP has integrated rfxnetworks System Integrity Monitor (SIM) that allows you to monitor your HTTP, FTP, and MySQL services. The monitoring will trigger a restart automatically if any monitored service goes down unexpectedly.


Mucho problems with the SIM - I get emails every 5 minutes as of 12am stating:


System integrity monitor on tsh.com has taken action in responce to an event. Recent event logs are enclosed below for your inspection. There has been 1 events today, if an average of 8 events is reached, e-mail alerts will be terminated for the duration of the day.

- Events Summary:
Total event count: 1
Average event count: 0

- Service Summary:
HTTP [online - 0 events]
SSH [restarted - 1 events]
MYSQL [online - 0 events]

- System Summary:
LOAD [0.02 - status good - 0 events]
NETWORK [eth0 - online - 0 events]

- SIM Log:
[09/08/05 23:50:00]: MYSQL service is online.
[09/08/05 23:55:00]: LOAD 0.01 (status good)
[09/08/05 23:55:00]: NETWORK is online.
[09/08/05 23:55:00]: HTTP service is online.
[09/08/05 23:55:00]: SSH service is offline.
[09/08/05 23:55:00]: SSH offline, restart limit exceeded.
[09/08/05 23:55:00]: MYSQL service is online.
[09/09/05 00:00:01]: .dat files expired, removing.
[09/09/05 00:00:01]: sim.dat not found, created.
[09/09/05 00:00:01]: LOAD 0.02 (status good)
[09/09/05 00:00:01]: NETWORK is online.
[09/09/05 00:00:01]: HTTP service is online.
[09/09/05 00:00:01]: SSH service is offline.
[09/09/05 00:00:01]: Restarted SSH service (1 SSH events today).
[09/09/05 00:00:01]: MYSQL service is online.

- System Log:
Sep 8 16:28:49 tsh proftpd[14155]: tsh.com (xx.xx.xxx.xxx[xx.xx.xxx.xxx]) - no such user 'anonymous'


Not quite sure what it's doing - but 100% sure it's related to the upgrade. It seems to keep starting the same service (SSH) and I don't know why...

What can i do to fix it?

edit /usr/local/sim/conf.sim and search for:

SERV_SSH="true"

and change to:

SERV_SSH="false"

Chris

2) Love the integration of APF (which is working more successfully than my manual install of it - no surprise here .. ). I've scrapped my custom firewall to use the GUI. Are there any plans to allow (Nodeworx) users to add 'Service Names' to the ports we manually add to APF?


It should lookup any ports you add manually in /etc/services I believe so if you need a name=>port mapping done that'd be the file to put the name mapping in.


3) Any plans to add BFD to IWorx?


bfd? i'm not familiar.


Again, congrats and cheers to a great team.


Thanks! :)

bfd? i'm not familiar.


Brute Force Detector.

Te detect and prevent illegal break ins, usually portscans and such. We also have it installed on most servers.

ahh, haha, I should have known, another rfxnetwork's product. They have some good stuff :).

I'll check it out and if it's helpful and works we'll obviously considering putting it in.

Chris

Hey Guys

Great work! Just have to dropped in after seeing the release email.

One of the features that I have been pushing for had appeared... the load balancing feature.

Will definitely take it for some spins.

About the clustering, is it 'only' load balancing, or also high-availability/failover?

Thus for instance, if you have a 2 or 3 node cluster, and one node fails, the services from the failed node are automaticly switched to one (or more) of the remaining cluster members.

About the clustering, is it 'only' load balancing, or also high-availability/failover?


At this point it's *only* a load balanced cluster mechanism or I'd have dubbed it a full HA solution. An full HA solution will be in a future release.

Chris

I'm just wondering with the firewalls trusted list if you can specify whole ip ranges? eg: *.*.*.*/24

Phobia.

Yes, you can specify ranges such as:

192.168.1.0/24

Since this is just a front-end into the allow_hosts.rules and deny_host.rules, you can even use APF's more complicated advanced format if you like.


# The trust rules can be made in advanced format with 4 options
# (proto:flow:port:ip);
# 1) protocol: [packet protocol tcp/udp]
# 2) flow in/out: [packet direction, inbound or outbound]
# 3) s/d=port: [packet source or destination port]
# 4) s/d=ip(/xx) [packet source or destination address, masking supported]
#
# Syntax:
# proto:flow:[s/d]=port:[s/d]=ip(/mask)
# s - source , d - destination , flow - packet flow in/out
#
# Examples:
# inbound to destination port 22 from 24.202.16.11
# tcp:in:d=22:s=24.202.16.11
#
# outbound to destination port 23 to destination host 24.2.11.9
# out:d=23:d=24.2.11.9
#
# inbound to destination port 3306 from 24.202.11.0/24
# d=3306:s=24.202.11.0/24


See the rfxnetworx/APF website for more details.
http://rfxnetworks.com/apf.php

Socheat

What about my earlier question for ranges of ports. The way it says to do it is with a ' _ '. This does not seem to work in the front end through NodeWorx.

Also, I believe (I'm not 100%) that my services were set to auto restart with the new SIM. But today when I looked I had to change the drop down back to yes (from no) for auto-restart. I did get a updated version -45 of the 2.1.0 Iworx from -44 and also and update for the SIM program, not sure if this could cause it to change to no.

Also, what services can be auto restarted? I found it only for HTTP, FTP, MySQL. What about DNS, SSH, etc.? If yes can this be done from NodeWorx or does it have to be done through shell?

Thanks,

Thanks for the info.

What about my earlier question for ranges of ports. The way it says to do it is with a ' _ '. This does not seem to work in the front end through NodeWorx.

Currently, ranges aren't supported, but will probably be added in a future release.

Also, I believe (I'm not 100%) that my services were set to auto restart with the new SIM. But today when I looked I had to change the drop down back to yes (from no) for auto-restart. I did get a updated version -45 of the 2.1.0 Iworx from -44 and also and update for the SIM program, not sure if this could cause it to change to no.

This may or may not be your problem, but one thing to note is that if you change a service to NOT start-on-boot, NodeWorx will automatically turn off SIM for that service as well. This is because SIM can't tell the difference between a downed service and a service that has been intentionally shut off. For example, if you tell Apache to not start-on-boot but have SIM on for Apache, then reboot, Apache would stay off for about 5 minutes and then SIM would turn it back on. :rolleyes:

Also, what services can be auto restarted? I found it only for HTTP, FTP, MySQL. What about DNS, SSH, etc.? If yes can this be done from NodeWorx or does it have to be done through shell?

Thanks,

Currently in NodeWorx only HTTP, FTP, and MySQL have SIM controls. You can edit /usr/local/sim/conf.sim to enable SIM for other services.

While I understand how handy it is to have a GUI to handle the firewall, does APF have any significant advantages over a well-built iptables implementation?

While I understand how handy it is to have a GUI to handle the firewall, does APF have any significant advantages over a well-built iptables implementation?


Since APF is just an iptables front-end there is nothing special about it Martin. Currently IWorx-CP only parses the APF config file to see what ports are open/closed etc but eventually we'll parse the 'iptables --list' output to get teh same data which will buffer us from APF and allow you to use the graphical firewall page to view real-time what rules you have applied.

So the short answer is "no", no significant advantage :).

Chris

* Configurable "Billing Day" for each account
Each SiteWorx account can now have a different "billing day." This corresponds to the day of the month that the bandwidth usage for the account is reset to 0 and corresponds to those folks using the "Anniversary" billing method.


Haha I'm so happy now :)

Big thanks

Just one pbm :
The french Translation has been upgraded too, to a less version (I sent you 2 or 3 times the last one, but ... maybe lost ...)

I Have to translate one more time the language file. I remember that Socheat I think gave me a command to translate only the missing sentences/word. Could you please give me again the command for this.


But one more time, you did a really great job !!!

More information about the clustering solution would be very interesting

Well done

Thanks

Pascal

I Have to translate one more time the language file. I remember that
Socheat I think gave me a command to translate only the missing
sentences/word. Could you please give me again the command for this.
Here's the command for the French language file:
/home/interworx/bin/langmerge.pex --target=fr


More information about the clustering solution would be very
interesting
Chris explains it in a little more detail in this thread:
http://interworx.info/forums/showthread.php?t=741

Thanks Socheat.

Here's the command for the French language file:
/home/interworx/bin/langmerge.pex --target=fr


there was an other one. One run from the website directly

The problem with this command on the box directly is that you have to do ALL the translation ine ONE shot.

Paul gave me an other link, but impossible to find it in the forum, do you have it ?

Thanks

We disabled the feature for now, Pascal. We weren't happy with the interface (wasn't as seamless/easy as we wanted). It hasn't been tested since we disabled the feature in 2.0, so I'm not sure if the code changes in 2.1 has affected it or not. If you want, I can email you the list of newly added translations.

Socheat

We disabled the feature for now, Pascal. We weren't happy with the interface (wasn't as seamless/easy as we wanted). It hasn't been tested since we disabled the feature in 2.0, so I'm not sure if the code changes in 2.1 has affected it or not. If you want, I can email you the list of newly added translations.

Socheat

Yes please :)

I'll send you the new translated file, if you may integer the latest FR translated file in every releases it would help me a lot to maintain the FR up to date.

Also I have few questions about LB/Clusters what do you use exactly ?
the IPVS functionality of kernel ?
LVS ?

How do you share the storage space ?
nfs ?
...

etc ....

Since the first interworx day I'd like to try to implement interworx in a LB/Clusters/HA solution (LVS, Heartbeat, ldirectord... like ultramonkey or http://www.ultramonkey.org/3/topologies/) I know and understand that you LB/Cluster solution is a first step and IS NOT a HA solution, but I'd really like go to this first step and so like to know a little more about your configuration

Thanks

Pascal

Yes please :)

I'll send you the new translated file, if you may integer the latest FR translated file in every releases it would help me a lot to maintain the FR up to date.


Sure, send me your language file and I'll diff it against ours and send it to you.

I'll let Chris answer the other questions about load balancing.

Also I have few questions about LB/Clusters what do you use exactly ?
the IPVS functionality of kernel ?
LVS ?

How do you share the storage space ?
nfs ?


I'm still working on the docs Pascal but I say a few words here:

You can only add nodes aftering following a short setup process: http://www.interworx.com/support/docs/iworx-cp/sysadmin/clustering/setup/howto-cluster

We use LVS as the load balancer (controlled by InterWorx-CP)

You can only add nodes that are empty (i.e. if you have 1 server and want to add a 2nd, the 2nd must be 2.1.0 or above, centos 4, have no domains and be on the same network segment.

We use an NFS shared storage mechanism for sharing of data. The "cluster manager" (read load balancer) is used as the mysql server.


Since the first interworx day I'd like to try to implement interworx in a LB/Clusters/HA solution (LVS, Heartbeat, ldirectord... like ultramonkey or http://www.ultramonkey.org/3/topologies/) I know and understand that you LB/Cluster solution is a first step and IS NOT a HA solution, but I'd really like go to this first step and so like to know a little more about your configuration


We're using the LVS-DR LVS setup (http://www.linuxvirtualserver.org/VS-DRouting.html) and you can cluster as few as 2 servers on the same segment with iworx-cp doing all the management.

As I said, I'll have more docs soon (this week I'd like) that will lay out all the tech details of the system.

Chris

Brute Force Detector.

Te detect and prevent illegal break ins, usually portscans and such. We also have it installed on most servers.
a APF sister too from RFXNetworks http://www.rfxnetworks.com/bfd.php

would be nice to see it in future builds, although it can be installed manually for time being.