A preview of the Reseller will launch by the end of this year. As it’s starting to come together in development, it’s easier to design for features now rather than design in features at a later date. I’d like to leave this post open for folks to solicit their ideas going forward.
First, a quick overview of how it works:
API
- Introducing
AddReseller
,DeleteReseller
,EditReseller
,SuspendReseller
,ActivateReseller
commands that complement the existing *Domain commands. - API commands namespaced in admin module, (
admin:add-reseller
,admin:edit-reseller
, etc). - New API module, reseller will mirror
admin
module; these are the API signatures for resellers to add sites (reseller:add-site
,reseller:edit-site
, etc).- Following mirror logic,
reseller:add-reseller
would be possible for nested resellers to be implemented at a later time.
- Following mirror logic,
- New
$rgroup
property is set for user contexts. This designates a Site/User Administrator under a reseller group or a reseller itself if$site
property is null. Everything else is transparent internally.
Layout
- Sites remain familiar siteXX naming and will be virtually indistinguishable on the surface. Reseller groups follow the form groupXX. Sites are physically located within /home/virtual/groupXX with symlinks for siteXX to /home/virtual. This is structured for backup flexibility. For example:
drwxr-xr-x 28 root root 4096 Nov 25 00:54 group1 lrwxrwxrwx 1 root root 31 Nov 25 00:54 site52 -> /home/virtual/group1/site52 lrwxrwxrwx 1 root root 31 Nov 25 00:54 testast123.tast -> /home/virtual/group1/site52/fst lrwxrwxrwx 1 root root 31 Nov 25 00:54 admin52 -> /home/virtual/group1/site52/fst
UI
- Reseller logins will be similar to admin, i.e. without domain. No reseller login may duplicate an admin username.
- Rough release will be a watered down admin interface with Nexus as the main entry page.
- All domains have SSO.
- Likewise, admin may SSO into a reseller or site directly.
Resources
- Both storage and cgroup operate in real-time and may be overcommitted or reserved. These are implemented as project quotas and hierarchies respectively.
- Total resource utilization may never exceed reseller limits. Additional resource consumption is rejected automatically by the kernel.
- Bug exists in 4.x and 5.x kernels with overlay descendent buildups when project quotas are enabled. Waiting on Red Hat to backport it (RHEL-68854). I have workarounds in place as I’m building this out.
Consider 10 GB storage, 512 MB memory. Reseller “A” (group1) consists of sites: site1, site2, site3.
Overcommit mode
group1 assigns 8 GB to site1, 2 GB to site2, and 5 GB to site3. Memory is assigned as 256 MB, 256 MB, 256 MB. Both storage and memory are reported as “dynamic”, which indicates the limit may fluctuate based upon neighboring usage.
Reserved mode
Follows conventional allocation with cPanel and company. Resources may not be allocated beyond what’s assigned to reseller.
group1 assigns 8 GB to site1, 2 GB to site2, and 5 GB to site3.
this is a violation. 10 GB has already been allocated. Likewise “dynamic” flag is not set.
Memory is assigned as 256 MB, 256 MB~~, 256 MB~~.
this is a violation. 512 MB has already been assigned. Likewise “dynamic” flag is not set.
Ergonomics
admin:bless
,reseller:bless
mode allows splitting an addon domain/subdomain to its own account.- Blessing a domain temporarily defers mail delivery for the source account through a new Postfix transport called
maintenance
. This is a temporary, non-permanent 4xx status. - Site traffic for migrating domains/subdomains is temporarily rejected (503 status). Any Web Apps installed within these locations will also be migrated/reconfigured on the new account.
- In overcommit mode, resource allocations is a straight copy otherwise the resource chunks will need to be defined in reserved mode for resellers. For admin blessing a site, it’s a straight resource copy.
- Blessing a domain temporarily defers mail delivery for the source account through a new Postfix transport called
- Notifications are stored in sqlite databases for each user under info/users/.db/. This is still fluid - but looks like we’ll be using this for storage. Reseller can dispatch notifications to its users as can admin system-wide.
Anything else I’m missing thus far?