Set up CloudLinux on Centos with 2 Steps: Secure OS

By Posted on

Set up CloudLinux on Centos with 2 Steps: Secure OS

In this article, we want to teach you How To Set up CloudLinux on Centos. CloudLinux is a Linux-based operating system designed to give shared hosting providers a more stable and secure OS.

Essentially a set of kernel modifications to the Linux distribution, CloudLinux implements features to enable system administrators to take fine-grained control of their server’s resource usage. By isolating users, CloudLinux helps ensure that problems with one account don’t degrade the service for others.

Now follow the guide steps below on the Orcacore website to switch to CloudLinux from Centos.

You can easily switch to CloudLinux from Centos or AlmaLinux. Before you start to convert your Centos server to CloudLinux, you need to have an activation key. You can get the activation key by trial subscription or by purchasing a subscription.

Now follow the steps below to get your activation key by trial subscription.

Step 1. Get the CloudLinux Activation key

First, you need to go to the CloudLinux Register page and register with CloudLinux Network. Then, you will receive an email with an activation link.

register with CloudLinux Network

Next, you need to log in at https://cln.cloudlinux.com/clweb/login.html. Then, you must click on the Get Trial Activation Key.

Now you will get a key that looks like: 17514-d34463a172feio4f4e7b191a1841bcf2.

After you have gotten your CloudLinux activation key, follow the steps below to set up CloudLinux on Centos.

Step 2. Download CloudLinux Installer on Centos

First, you need to log into your Centos server via SSH as a root user. Then, you can use the wget command to download CloudLinux installer script on your Centos server:

 wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy

Run CloudLinux Installer Script

When your download is completed, run the script with the following command:

$ sh cldeploy -k <activation_key> # if you have activation key
or
$ sh cldeploy -i # if you have IP based license

You need to reboot the server:

reboot

At this point, you can verify that you have successfully converted Centos to CloudLinux with the following command:

cat /etc/redhat-release

You will get a similar output:

**Output**
CloudLinux release 7.3

Your server is now running CloudLinux Kernel with LVE enabled.

Conclusion

At this point, you have learned to get your trial activation key and set up CloudLinux on your Centos server.

I hope you enjoy using it. Also, you may like to read the following articles:

Access aaPanel Web hosting Panel on Centos 7

Installing Python 3.12 for Centos 7

Set up PHP 8.3 for Centos 7

PowerDNS Setup Guide for Centos 7

Alternative Solutions for Resource Management on Centos

While CloudLinux provides a robust solution for isolating and managing resources on a shared hosting environment, it’s not the only option. Depending on your specific needs and technical expertise, other approaches can provide similar benefits. Here are two alternative methods for achieving resource management on Centos:

1. Docker Containerization

Explanation:

Docker containerization involves encapsulating each user’s application and its dependencies within a separate container. These containers are isolated from each other and the host operating system, providing a level of resource control and security similar to CloudLinux. Docker allows you to define resource limits (CPU, memory, I/O) for each container, ensuring that one container cannot monopolize system resources and negatively impact others.

Advantages:

  • Isolation: Containers provide strong isolation, preventing applications from interfering with each other.
  • Resource Limiting: Docker allows precise control over resource allocation for each container.
  • Portability: Containers can be easily moved between different environments (development, testing, production).
  • Reproducibility: Docker images ensure consistent environments across different deployments.
  • Scalability: Containers can be easily scaled up or down based on demand.

Disadvantages:

  • Overhead: Docker introduces some overhead compared to running applications directly on the host OS, although this overhead is generally minimal.
  • Complexity: Managing Docker containers requires some technical expertise.
  • Security: While Docker provides isolation, security vulnerabilities within the container image can still pose a risk.

Implementation Example:

Let’s say you have two users, user1 and user2, each running a web application. You can create separate Docker containers for each user and limit their resource usage.

First, create a Dockerfile for each application (example for user1):

# Dockerfile for user1's application
FROM centos:7

# Install necessary packages
RUN yum update -y && yum install -y httpd

# Copy application files
COPY . /var/www/html

# Expose port 80
EXPOSE 80

# Start the web server
CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

Build the Docker image:

docker build -t user1-app .

Then, run the container with resource limits:

docker run -d --name user1-container -m 512m --cpus=0.5 -p 8080:80 user1-app
  • -m 512m: Limits memory usage to 512MB.
  • --cpus=0.5: Limits CPU usage to 50% of one CPU core.
  • -p 8080:80: Maps port 80 inside the container to port 8080 on the host.

Repeat the process for user2, creating a separate Dockerfile, building a Docker image, and running the container with its own resource limits. You’ll need to choose different host ports for each container to avoid conflicts (e.g., 8081 for user2).

This setup ensures that each user’s application runs in an isolated environment with controlled resource usage, preventing one user from impacting the performance of the other.

2. cgroups (Control Groups)

Explanation:

cgroups (Control Groups) are a Linux kernel feature that allows you to limit, account for, and isolate the resource usage (CPU, memory, I/O, etc.) of processes. Unlike Docker, cgroups operate directly on processes running on the host OS without the need for containerization. You can create cgroups for each user or group of users and apply resource limits to those groups.

Advantages:

  • Low Overhead: cgroups have minimal overhead compared to containerization.
  • Fine-Grained Control: cgroups provide very precise control over resource allocation.
  • Integration: cgroups are a native Linux feature and integrate well with other system tools.

Disadvantages:

  • Complexity: Configuring cgroups can be complex, requiring a good understanding of the underlying system.
  • Manual Management: Managing cgroups often involves manual configuration and scripting.
  • Less Isolation: cgroups provide process-level isolation, which is less robust than container-level isolation.

Implementation Example:

Here’s an example of how to create a cgroup for a specific user and limit their CPU usage:

  1. Create the cgroup:

    sudo mkdir /sys/fs/cgroup/cpu/user1

  2. Set CPU limits:

    Let’s limit CPU usage to 50% of one core. The cpu.cfs_period_us file specifies the scheduling period (in microseconds), and cpu.cfs_quota_us specifies the amount of CPU time that the cgroup is allowed to consume during that period. A value of -1 means no limit. To limit to 50%, we set the quota to half the period. A common period is 100000 (100ms).

    sudo sh -c "echo 100000 > /sys/fs/cgroup/cpu/user1/cpu.cfs_period_us"
sudo sh -c "echo 50000 > /sys/fs/cgroup/cpu/user1/cpu.cfs_quota_us"

  3. Assign the user’s processes to the cgroup:

    First, find the process ID (PID) of the user’s processes. You can use the ps command:

    ps -u user1

    Then, echo the PID to the tasks file in the cgroup directory:

    sudo sh -c "echo <PID> > /sys/fs/cgroup/cpu/user1/tasks"

    Replace <PID> with the actual process ID. You’ll need to repeat this for each process belonging to user1 that you want to limit.

Important Considerations:

  • These cgroup settings are not persistent across reboots. You’ll need to create scripts or use systemd to automatically configure cgroups on startup.
  • Managing cgroups directly can be cumbersome. Tools like systemd provide a more structured way to manage cgroups.

Choosing the Right Solution:

  • CloudLinux: Best suited for shared hosting environments where strong isolation and ease of management are critical. It provides a comprehensive solution with features tailored for web hosting.
  • Docker: A good choice for applications that require a high degree of isolation, portability, and reproducibility. It’s well-suited for modern application development and deployment workflows.
  • cgroups: Suitable for situations where you need fine-grained control over resource allocation with minimal overhead, and you’re comfortable with manual configuration and scripting.

Ultimately, the best solution depends on your specific requirements, technical expertise, and the resources you’re managing. Carefully evaluate the advantages and disadvantages of each approach before making a decision.

Related posts: