- Pass --io parameter to lscgctl with bytes/sec value
- Convert ioLimitMBPS from MB/s to bytes/s for lscgctl
- Update log message to include I/O limit information
- Add note about systemd io controller delegation requirement
- Add test to verify LiteSpeed Containers is actually configured
- Check for 'You must configure LiteSpeed' error in lscgctl output
- Run lssetup with proper flags when configuration is needed
- Fixes issue where lscgctl exists but LiteSpeed Containers not configured
Detect RHEL 8, AlmaLinux 8, Rocky Linux 8, and CloudLinux 8 systems and provide
clear instructions when cgroups v2 needs manual enablement.
These systems have cgroups v2 backported to kernel 4.18 but it's disabled by
default. When detected without cgroups v2 enabled, the system now:
1. Detects RHEL 8 family by checking /etc/redhat-release
2. Verifies if cgroups v2 is mounted (checks 'mount' output for 'cgroup2')
3. If not enabled, logs detailed instructions:
- grubby command to add kernel parameter
- Reboot instruction
- Verification command
- Clear step-by-step guide
Changes:
- _check_rhel8_cgroups_v2(): New method for RHEL 8 family detection
- _ensure_cgroups_enabled(): Calls RHEL 8 check before general checks
- check_cgroup_support(): Returns RHEL 8 status in support dict
- rhel8_family: bool (detected RHEL 8 family)
- rhel8_needs_enablement: bool (cgroups v2 not mounted)
- os_name: str (full OS name from release file)
OS Support Status:
✅ Ubuntu 20.04+ - Native cgroups v2 (kernel 5.4+)
✅ RHEL/Alma/Rocky 9+ - Native cgroups v2 (kernel 5.14+)
⚠️ RHEL/Alma/Rocky/CloudLinux 8 - Needs manual enable (kernel 4.18 backported)
Separate acme.sh certificate issuance and installation steps to ensure
domain configurations are properly stored. Previously, combining --issue
with --cert-file/--key-file/--fullchain-file in a single command caused
acme.sh to skip storing domain configs, breaking automatic renewals and
requiring manual certificate recreation for domain aliases.
- Ensure /home/cyberpanel directory exists with proper permissions before download
- Set directory permissions to 755 to allow application write access
- Refactor SCP/SFTP fallback logic to work regardless of debug mode
- Add better status messages during download process
- MySQL restore may return warnings that don't indicate actual failure
- Database restoration verification is handled by subsequent password operations
- Improves reliability of compressed backup restoration
- Changed from checking exit code to verifying file existence and size
- Resolves issue where successful mysqldump was incorrectly reported as failed
- Ensures backup file is created and not empty before marking as successful
- Added configurable compression for database backups using gzip streaming
- Implemented auto-detection in restore function for compressed and uncompressed formats
- Added performance optimizations including --single-transaction and --extended-insert
- Created configuration file for gradual feature rollout with safe defaults
- Added helper functions for checking system capabilities and configuration
- Included comprehensive test suite to verify backward compatibility
- Maintained 100% backward compatibility with existing backup infrastructure
- Implement timestamp-based filename verification (Method 1)
- Add file size validation with 1KB minimum requirement (Method 2)
- Filter to only check today's backup directory for accuracy (Method 3)
- Add optional SHA256 checksum verification for integrity (Method 5)
- Use find command with size filter for efficient SSH verification
- Fallback to SFTP with comprehensive file validation
- Enhanced logging for all verification steps and failures
- Remove unused 'Yesterday' variable that was never used
- Prevents false positives from old backup files
- Detects corrupted/incomplete backups via size check
- Fix inverted .find() logic that sent notifications when backups SUCCEEDED
- Add 'status': 'failed' field required by platform API
- Change HTTP to HTTPS for BackupFailedNotify endpoint
- Add comprehensive error handling and logging
- Add 30-second timeout on API requests
- Properly handle actualDomain vs site.domain.domain cases
- Implement directory integrity checks to detect missing CyberPanel components
- Add automatic recovery by cloning fresh repository when essential directories are lost
- Create database credential recovery with automatic password reset capability
- Update all service configurations (FTP, PowerDNS, Postfix, Dovecot) when password is reset
- Add service restart functionality to apply new configurations
- Preserve existing configuration files during recovery process
- Handle both Ubuntu (root password) and CentOS (separate password) database configurations
This ensures upgrades can complete successfully even when /usr/local/CyberCP is completely lost.
- Remove CSF menu item from sidebar navigation
- Disable CSF-related URL endpoints in firewall module
- Update upgrade process to automatically remove CSF and restore firewalld
- Archive CSF template and configuration files
- Clean up CSF references in settings and upgrade scripts
CSF (ConfigServer Security & Firewall) is shutting down on August 31, 2025.
This commit removes CSF integration and ensures firewalld is restored as the
default firewall solution during upgrades.
Fixes#1473
The issue was that restoreCriticalFiles was restoring the OLD settings.py from backup
which didn't have new apps like 'aiScanner' in INSTALLED_APPS.
Solution:
- Modified restoreCriticalFiles to skip settings.py restoration
- Keep the NEW settings.py from the fresh clone (which has aiScanner in INSTALLED_APPS)
- Only update the DATABASES section with saved credentials from backup
- This preserves all new app registrations while maintaining database connectivity
This properly fixes the RuntimeError about aiScanner.status_models.ScanStatusUpdate
not being in INSTALLED_APPS after upgrades.
During the upgrade process, settings.py was being overwritten with only the DATABASES
section preserved, causing loss of INSTALLED_APPS and other configurations. This resulted
in the 'aiScanner' app not being recognized after upgrade.
Fixed by:
- Improving the regex pattern to more accurately match only the DATABASES dictionary
- Adding re.DOTALL flag to handle multi-line DATABASES configuration
- Ensuring all other settings including INSTALLED_APPS are preserved during upgrade
This resolves the RuntimeError about aiScanner.status_models.ScanStatusUpdate not having
an explicit app_label.
