How to Set Up ZConf Between LiteSpeed Web ADC and cPanel

You should have already installed Web ADC and prepared cPanel and LiteSpeed Web Server .

Benefits of Setting up ZConf

We noticed it's a little complicated to setup ADC + Web Server, needing to modify Cluster and Domain every time when adding a new site or modifying any domain. ZConf enables automatic configuration updates to simplify the process of setting up the ADC and Web Server:

  1. Simplifies configuration for those with many sites and/or servers that wish to have a single front end node
  2. Simplifies configuration for those who want multiple front ends (for backup/replication or geo location)

ZConf enables automatic configuration updates to simplify the process of setting up the ADC and Web Server.

  • Before setting up ZConf → Required ADC configurations without ZConf
  • After setting up ZConf → Required ADC configurations with ZConf

ZConf by Design

WebADC

  1. No need to manage multi-clusters anymore:
    • One Cluster
    • One Mode
    • One Strategy
  2. No need to setup all the end points in Worker Group
  3. No need to setup Virtual Hosts and Cluster mapping

If you want to design a multi cluster with a different strategy, then you may want to setup manually instead of using ZConf settings.

ZConf plugin

The initial run time may be up to 5 mins. (e.g. create an account(Domain) on cPanel, then you will see it sync to ADC within 5 mins.)

ADC ZConf Setup

Listeners

  • Navigate to ADC WebAdmin Console > Configuration > Listeners
  • Setup both HTTP/HTTPS with Enable Zero Config to Yes
  • Self-signed certificate is allowed

ZConf password Setup

  • Run the following command to generate .htpasswd file from console
    htpasswd -c /PATH_YOU_WANT/.htpasswd zero 
  • Then enter password (e.g.zero) two times
  • If the command htpasswd is not found, please run the following command to install on CentOS:
    yum -y install httpd-tools
  • The zero after .htpasswd is the account name. You can change to whatever you want.
  • The ZConf password file accepts one account only

ZConf setup

Navigate to ADC WebAdmin Console > Configuration > Server > ZConf

General section

  • Set Enable Zero Config to Yes
  • Set User Password File to /PATH_YOU_WANT/.htpasswd
  • Set ZConf SHM Directory to $SERVER_ROOT/zconf

ZConf Listeners section

  • Click Add buton
  • Set Listener Name, e.g.ZConf
  • Set Address, use ADC's IP, e.g.10.10.40.150:55688
  • Setup Certificate with file PATH
    • Private Key File, e.g. $SERVER_ROOT/crm.key
    • Certificate File, e.g. $SERVER_ROOT/crm.pem

Optional Settings

ZConf Log

  • Set File Name to $SERVER_ROOT/Zconf.log
  • Set Log Level to DEBUG
  • Set Debug Level to HIGH
  • Set Rolling Size (bytes) to 10M

ZConf Access Log

  • Set File Name to $SERVER_ROOT/Zconf-Access.log
  • Set Rolling Size (bytes) to 10M

cPanel ZConf Setup

cPanel ZConf Plugin Install

ZConf password Setup

  • Run the following command to generate the .htpasswd file from console:
    echo 'zero:zero' > /PATH_YOU_WANT/.htpasswd 

The first zero is the account and the second is the password. You can change them to whatever you want.

cPanel ZConf Setup

  • Navigate to WHM > LSADC ZConf Manager from the Plugins section
  • Click Configurations
  • Setup Server Conf Name ,e.g. cpanel-153
  • Setup ADC Basic Auth ,e.g. /PATH_YOU_WANT/.htpasswd
  • Setup ADC List ,e.g. 10.10.40.150:55688
  • Setup Exclude Users(optional), e.g. testaccount

  • After configuring the settings, we can navigate back to upper level by clicking back to LSADC ZConf Manager button
    * The Server Conf Name is the conf name used by the ADC to identify this backend server. This should be unique to this server. If another backend server uses the same conf name, the old conf will be overridden.

Manually Send Server Confs

The first time we set up ZConf, we may want to try it manually to see if it works as we expect.

  • Click Generate ZConf to generate ZConf Message Files
  • Click Send Server Confs to send Server with config files

Firewall Configuration

If you set up ZConf to listen on port 55688, then you need to confirm the firewall allows TCP 55688 on both ADC and WebServer(cPanel).
For example, CentOS 7 firewall setup port 55688:

firewall-cmd --zone=public --permanent --add-port=55688/tcp
firewall-cmd --reload

How to verify ZConf is working

Experiment environment

  • ADC IP: 10.10.40.150
  • WHM IP: 10.10.40.153
  • DNS entry: 10.10.40.150c7-20.ls.com

Verification steps

  • Create a New Account with Domain from WHM, e.g. c7-20.ls.com
  • Setup WordPress site, URL: http://c7-20.ls.com/wordpress/
  • Open http://c7-20.ls.com/wordpress/
  • Check response headers IP is 10.10.40.150 by Developer Tools

We can see IP is ADC's instead of web server(cPanel)'s, it means ZConf is working normally.

What if I Have Multi Servers?

Multi-ADC

If I have two Web-ADCs, simply add multi ADC IPs 10.10.40.150:55688, 10.10.40.151:55688 into ADC List of ZConf Manager plugin

Multi-cPanel

If I have two cPanels, simply follow cPanel ZConf setup with a different Server Conf Name

How to Debug

Log check

  • From cPanel server, check error log, e.g. default path:/usr/local/cpanel/3rdparty/lsadc_zconf/error_log
  • From ADC server, check error log, e.g. default path:/usr/local/lslb/logs/error.log
  • From ADC server, enable optional settings for log then check

Warning Message

  • Required configurations are not set.
    • Configuration file not complete
  • Server conf files not generated yet.
    • ZConf file not generated yet
  • Failed to send command ZCUP to ADC_IP:PORT. This could be because the ADC is not configured to listen on that port. This could also be an issue related to iptables configurations on the server. To test, please make sure that a basic curl command from the server to the ADC works. If the curl test returns that it couldn't connect to host, there is an issue.
    • ADC ZConf listener set up incorrectly
    • Firewall issue
  • Failed to send command ZCUP to ADC_IP:PORT, auth parameters did not work.
    • Password file not match
  • Sending command ZCSSL to ADC_IP:PORT resulted in error 400
    • Password file not match
  • Sending command ZCUP to ADC_IP:PORT resulted in error 403
    • Access Control Denied

Learn More

 
litespeed_wiki/lslb/zconfsetup.txt · Last modified: 2018/05/09 20:40 by George Wang