InterWorx 2.1.0 Released

We’re happy to announce the release of InterWorx-CP version 2.1.0.

This update will be applied automatically within 24 hours if your server has auto-updates enabled (the default). If you choose to perform the update manually, we recommend logging into your server as root, and running the command:

yum update

If you receive an error like this:

rpmdb: Program version 4.2 doesn't match environment version
....

see this thread: http://interworx.info/forums/showthread.php?t=731

If you have any problems with this update please open a Support Ticket.

Here’s a list of the new features.

* Load Balanced Clustering
InterWorx-CP is the first and only control panel to fully support load balanced clustering of multiple InterWorx-CP (2.1.0+) boxes. A Load balanced cluster allows you to spread your traffic over many servers and build in redundancy by having multiple servers serve your websites.

The InterWorx-CP clustering system allows you to easily create a 2+ node cluster that InterWorx-CP itself will load balance using LVS (linuxvirtualserver.org).

All clustering operations, including node management are handled by InterWorx-CP itself. The InterWorx-CP clustering solution needs no special hardware and is an out-of-the-box solution for clustering multiple InterWorx-CP servers.

* Firewall Configuration
InterWorx-CP now allows you to manage and configure your server’s firewall settings easily with a firewall interface build over the Advanced Packet Firewall (APF) from rfxnetworks.com

* Service Monitor
InterWorx-CP has integrated rfxnetworks System Integrity Monitor (SIM) that allows you to monitor your HTTP, FTP, and MySQL services. The monitoring will trigger a restart automatically if any monitored service goes down unexpectedly.

* Mass Account Import
Easily transfer multiple accounts from one InterWorx-CP server to another, or from a cpanel server to an InterWorx-CP server.

* Maintenance Script Speed Boost
InterWorx-CP’s maintenance scripts now run faster and more efficiently.

* MySQL configuration file editing
Easily make changes to common MySQL configuration options from within the InterWorx-CP interface.

* ‘Start On Boot’ functionality
Choose whether a particular service starts automatically when server reboots.

* VPS Support
A few changes to make InterWorx-CP more functionally complete in VPS installs including virtual network device detection.

* Bandwidth Usage History
Under the Stats Menu in SiteWorx, the user can see their Bandwidth Usage History

* Configurable “Billing Day” for each account
Each SiteWorx account can now have a different “billing day.” This corresponds to the day of the month that the bandwidth usage for the account is reset to 0 and corresponds to those folks using the “Anniversary” billing method.

There are many other small improvements and bug fixes, some of which include:

• PHP XMLRPC (API) Security Issue resolved
• Many improvements and fixes for the account import feature.
• SOA record and Serial are now included in the dns export feature.
• Added more variables to the /home/interworx/etc/vhost-base.conf template file - <<UNIQNAME>> and <<PACKROOT>>
• Changed login page to use the default system language rather than always English
• Update Script versions available in ScriptWorx
• API core completely rewritten for easier expansion

Paul

* Firewall Configuration
InterWorx-CP now allows you to manage and configure your server's firewall settings easily with a firewall interface build over the Advanced Packet Firewall (APF) from rfxnetworks.com

It’s nice having a GUI with the APF. I assume that any port not listed is blocked by the default drop policy?

* Maintenance Script Speed Boost
InterWorx-CP's maintenance scripts now run faster and more efficiently.

I’ve noticed about a 50% drop in average CPU usage since the update!
Cleaning up code isn’t as much fun as writing new stuff, but you sure put some time into the optimize effort. Great Job

* Service Monitor
InterWorx-CP has integrated rfxnetworks System Integrity Monitor (SIM) that allows you to monitor your HTTP, FTP, and MySQL services. The monitoring will trigger a restart automatically if any monitored service goes down unexpectedly.

I’ve had a problem with HTTP not wanting to start back up after the nightly (daily - the stats, etc. script) script runs. So I created a cron job to check this for me. Now I will have to give this SIM a try. Is there anything that needs to be configured through NodeWorx for this or is it just like a background service that is already running? (nevermind, I see how it is now, very intuitive)

Correct. Any ports not listed will be filtered out (unless your IP is in the Trusted IP’s list). We set the default policy for TCP to ‘drop’, but you can change it ‘reset’ or ‘reject’ if you prefer.

Im having problems connecting with FTP after the udpate. I’m sure its the firewall and before I had setup a range of ports to allow that were commonly used for PASV connections. Im trying to add a range via the NodeWorx interface but doens’t seem to like it. Is there a certain syntax or are only individual ports allowed? I tried x_x and x-x.

I SSH’d and added the ports manually using the x_x format and its working now, but in NodeWorx is just show the first X. Also, would be nice if we could name the service too, like the default ones.

Wow this is great. I can’t wait to break Rollie’s box playing with this new stuff Be ready to get some support tickets and calls Although normally I find it pretty hard to break IWorx…

Excellent, always a great day when Interworx gets an update. I have two Interworx servers so I may have to try the load balancing out.

Kudos on the upgrade … as always, nearly transparent. 3 comments:

1. I forced a (software) reboot (for the heck of it … not because it was needed), after which the server required a manual fsck of its / partition. I’m sure that’s not a normal circumstance, but thought I’d say it out loud in case anyone else with a (legacy) Redhat 9 install gets ‘stuck.’

2. Love the integration of APF (which is working more successfully than my manual install of it - no surprise here … ). I’ve scrapped my custom firewall to use the GUI. Are there any plans to allow (Nodeworx) users to add ‘Service Names’ to the ports we manually add to APF?

3. Any plans to add BFD to IWorx?

Again, congrats and cheers to a great team.

JB

Mucho problems with the SIM - I get emails every 5 minutes as of 12am stating:

System integrity monitor on tsh.com has taken action in responce to an event. Recent event logs are enclosed below for your inspection. There has been 1 events today, if an average of 8 events is reached, e-mail alerts will be terminated for the duration of the day.

• Events Summary:
  Total event count: 1
  Average event count: 0

• Service Summary:
  HTTP [online - 0 events]
  SSH [restarted - 1 events]
  MYSQL [online - 0 events]

• System Summary:
  LOAD [0.02 - status good - 0 events]
  NETWORK [eth0 - online - 0 events]

• SIM Log:
  [09/08/05 23:50:00]: MYSQL service is online.
  [09/08/05 23:55:00]: LOAD 0.01 (status good)
  [09/08/05 23:55:00]: NETWORK is online.
  [09/08/05 23:55:00]: HTTP service is online.
  [09/08/05 23:55:00]: SSH service is offline.
  [09/08/05 23:55:00]: SSH offline, restart limit exceeded.
  [09/08/05 23:55:00]: MYSQL service is online.
  [09/09/05 00:00:01]: .dat files expired, removing.
  [09/09/05 00:00:01]: sim.dat not found, created.
  [09/09/05 00:00:01]: LOAD 0.02 (status good)
  [09/09/05 00:00:01]: NETWORK is online.
  [09/09/05 00:00:01]: HTTP service is online.
  [09/09/05 00:00:01]: SSH service is offline.
  [09/09/05 00:00:01]: Restarted SSH service (1 SSH events today).
  [09/09/05 00:00:01]: MYSQL service is online.

• System Log:
  Sep 8 16:28:49 tsh proftpd[14155]: tsh.com (xx.xx.xxx.xxx[xx.xx.xxx.xxx]) - no such user ‘anonymous’

Not quite sure what it’s doing - but 100% sure it’s related to the upgrade. It seems to keep starting the same service (SSH) and I don’t know why…

What can i do to fix it?

edit /usr/local/sim/conf.sim and search for:

SERV_SSH=“true”

and change to:

SERV_SSH=“false”

Chris

2. Love the integration of APF (which is working more successfully than my manual install of it - no surprise here … ). I’ve scrapped my custom firewall to use the GUI. Are there any plans to allow (Nodeworx) users to add ‘Service Names’ to the ports we manually add to APF?

It should lookup any ports you add manually in /etc/services I believe so if you need a name=>port mapping done that’d be the file to put the name mapping in.

3. Any plans to add BFD to IWorx?

bfd? i’m not familiar.

Again, congrats and cheers to a great team.

Thanks!

Brute Force Detector.

Te detect and prevent illegal break ins, usually portscans and such. We also have it installed on most servers.

ahh, haha, I should have known, another rfxnetwork’s product. They have some good stuff :).

I’ll check it out and if it’s helpful and works we’ll obviously considering putting it in.

Chris

Hey Guys

Great work! Just have to dropped in after seeing the release email.

One of the features that I have been pushing for had appeared… the load balancing feature.

Will definitely take it for some spins.

About the clustering, is it ‘only’ load balancing, or also high-availability/failover?

Thus for instance, if you have a 2 or 3 node cluster, and one node fails, the services from the failed node are automaticly switched to one (or more) of the remaining cluster members.

About the clustering, is it ‘only’ load balancing, or also high-availability/failover?

At this point it’s only a load balanced cluster mechanism or I’d have dubbed it a full HA solution. An full HA solution will be in a future release.

Chris

I’m just wondering with the firewalls trusted list if you can specify whole ip ranges? eg: .../24

Phobia.

Yes, you can specify ranges such as:

192.168.1.0/24

Since this is just a front-end into the allow_hosts.rules and deny_host.rules, you can even use APF’s more complicated advanced format if you like.

# The trust rules can be made in advanced format with 4 options
# (proto:flow:port:ip);
# 1) protocol: [packet protocol tcp/udp]
# 2) flow in/out: [packet direction, inbound or outbound]
# 3) s/d=port: [packet source or destination port]
# 4) s/d=ip(/xx) [packet source or destination address, masking supported]
#
# Syntax:
# proto:flow:[s/d]=port:[s/d]=ip(/mask)
# s - source , d - destination , flow - packet flow in/out
#
# Examples:
# inbound to destination port 22 from 24.202.16.11
# tcp:in:d=22:s=24.202.16.11
#
# outbound to destination port 23 to destination host 24.2.11.9
# out:d=23:d=24.2.11.9
#
# inbound to destination port 3306 from 24.202.11.0/24
# d=3306:s=24.202.11.0/24

See the rfxnetworx/APF website for more details.
http://rfxnetworks.com/apf.php

Socheat

What about my earlier question for ranges of ports. The way it says to do it is with a ’ _ '. This does not seem to work in the front end through NodeWorx.

Also, I believe (I’m not 100%) that my services were set to auto restart with the new SIM. But today when I looked I had to change the drop down back to yes (from no) for auto-restart. I did get a updated version -45 of the 2.1.0 Iworx from -44 and also and update for the SIM program, not sure if this could cause it to change to no.

Also, what services can be auto restarted? I found it only for HTTP, FTP, MySQL. What about DNS, SSH, etc.? If yes can this be done from NodeWorx or does it have to be done through shell?

Thanks,

Thanks for the info.

Currently, ranges aren’t supported, but will probably be added in a future release.

This may or may not be your problem, but one thing to note is that if you change a service to NOT start-on-boot, NodeWorx will automatically turn off SIM for that service as well. This is because SIM can’t tell the difference between a downed service and a service that has been intentionally shut off. For example, if you tell Apache to not start-on-boot but have SIM on for Apache, then reboot, Apache would stay off for about 5 minutes and then SIM would turn it back on. :rolleyes:

Currently in NodeWorx only HTTP, FTP, and MySQL have SIM controls. You can edit /usr/local/sim/conf.sim to enable SIM for other services.