# Capisso VMPanel



## clone1018 (Jun 19, 2013)

Capisso VMPanel

Capisso VMPanel is an VPS control panel from Capisso which focuses on security, speed and usability. We'll be supporting OpenVZ, KVM and Xen from day one, and others will follow shortly after.

Our core goal with Capisso VMPanel is security, so we've designed many systems to keep your business safe, secure and updated. Here's a couple of things we've done with VMPanel to help you out.


PHPIDS - An intrusion detection system for PHP which logs every questionable request. Our panel safeguards you from almost all XSS and SQL injection exploits, but if you see something out of the ordinary, you can check it out or report it to Capisso for a more thorough look.
SaltStack - We're embedding the fantastic Salt Stack into our panel and it'll manage our clients on your server. Salt is fast, easy to use, extendable and fully secure.
Un-encoded Source - All of our panel and software is completely open to customers. Which allows you to quickly modify, edit or review any piece of code.
No IonCube - Since all of our software is open to customers, there's no reason to IonCube Encode a single line of code deployed on your server. Security through obscurity just doesn't work.
Secure RESTful JSON API - Our entire panel is built on the idea that the API is the panel, everything you can do with the panel you can do with the api, and providing your have HTTPS enabled on your panel domain/subdomain all contents of the requests you send will be encrypted. We've made it so even if you don't trust us for front end security, you can easily write a front end for yourself or your customers.
Freedom of SQL - With Capisso VMPanel you can use any of the SQL servers you'd like, that includes MySQL, MariaDB, Percona, SQL Server, PostgreSQL or even SQLite!
Client Screenshots

Admin Screenshots





Capisso VMPanel isn't quite ready, but it will be soon, but I want to get some initial feedback/feature requests from everyone. So if you have any questions/comments or concerns please do express them below or join us on IRC at irc.freenode.net #capisso but seriously, join IRC, I get lonely...

-- Edit: --

Forgot to plug the website, check it out: http://capisso.org/


----------



## Damian (Jun 19, 2013)

I like it.

What will be the mechanism for control between master/slave nodes?


----------



## BK_ (Jun 19, 2013)

Sleek. I look forward to following this project, as it seems like it's got a lot of potential.


----------



## clone1018 (Jun 19, 2013)

Damian said:


> I like it.
> 
> What will be the mechanism for control between master/slave nodes?


SaltStack: http://docs.saltstack.com/


----------



## Daniel (Jun 19, 2013)

This is awesome.


----------



## Otakumatic (Jun 19, 2013)

Looks nice!

If I put my hands back in the LEB game (probably 1 or 2 years from now since I'll be 18 this year), I may use this if it continues.


----------



## drmike (Jun 19, 2013)

Welcome to the panel party 

How far along is this panel in development?


----------



## clone1018 (Jun 19, 2013)

I'd say about 20-30% at this point.


----------



## EarthVPN (Jun 19, 2013)

buffalooed said:


> Welcome to the panel party


Imo It is the best time for developers to make exhibitions on online fair


----------



## shovenose (Jun 19, 2013)

Intriguing.


----------



## AnthonySmith (Jun 19, 2013)

Like the look and ideas going in to this, few questions:

1) Will you be facilitating migration from other panels?

2) Any ideas on pricing yet?

If you need any input from a Xen perspective feel free to get in touch, sadly so many panels seriously fail to implement any of the great features of Xen and focus on boot/reboot/suspend/create only.

Ant.


----------



## AnthonySmith (Jun 19, 2013)

And 2 more questions:

3) IPv6 support and to what degree?

4) WHMCS module or built in billing?


----------



## clone1018 (Jun 19, 2013)

AnthonySmith said:


> Like the look and ideas going in to this, few questions:
> 
> 
> 1) Will you be facilitating migration from other panels?
> ...


I'd love to have your input, contact me on IRC or just hit me up in an email or on here and we can talk about it.


As for migrations, I'll attempt to create a SolusVM one, that's pretty important to me, anything else and I'll have to take a look at it.


Pricing is still a big variable but we have a draft up at http://capisso.org/vmpanel/licensing/

IPv6 is going to be added but I'm still researching it and we'll be integrating with a couple billing panels, although Capisso might have something in store for billing, we'll see.


----------



## notFound (Jun 19, 2013)

If you hit everything Anthony has just mentioned then this is really promising, personally I like this one over a lot of other new projects we have seen popping up. Price seems very fair too, infact a little too fair to be honest, but whatever you're comfertable with and can maintain development with. ;-)


----------



## clone1018 (Jun 19, 2013)

EarthVPN said:


> Imo It is the best time for developers to make exhibitions on online fair


Control Panel World Fair ?( ???)?



notFound said:


> If you hit everything Anthony has just mentioned then this is really promising, personally I like this one over a lot of other new projects we have seen popping up. Price seems very fair too, infact a little too fair to be honest, but whatever you're comfertable with and can maintain development with. ;-)


Thanks! I hope to do everything in my power to help you guys run your business. Can you comment more on the pricing? Is the per node low?


----------



## shovenose (Jun 19, 2013)

clone1018 said:


> Control Panel World Fair ?( ???)?
> 
> Thanks! I hope to do everything in my power to help you guys run your business. Can you comment more on the pricing? Is the per node low?


I think you should charge more up front or monthly, but not on a per node basis.


----------



## clone1018 (Jun 19, 2013)

shovenose said:


> I think you should charge more up front or monthly, but not on a per node basis.


The thing about charging per node is it allows us to continue to grow with your business, if you have 20,000 servers but one panel you're only paying a minimal price per month. Which really doesn't allow us to provide solutions specifically for you. I dunno, there's pros and cons for both.

What do you think should be charged up front if we didn't have per node and how much if we did charge per node?


----------



## shovenose (Jun 19, 2013)

clone1018 said:


> The thing about charging per node is it allows us to continue to grow with your business, if you have 20,000 servers but one panel you're only paying a minimal price per month. Which really doesn't allow us to provide solutions specifically for you. I dunno, there's pros and cons for both.
> 
> What do you think should be charged up front if we didn't have per node and how much if we did charge per node?


Make an owned license of sorts, perhaps? You could always charge up front by how many nodes they have and charge an upgrade fee, just not monthly.

Like, $100 up front, $50 per year after that for updates and support. Maybe include 2 nodes with that. They can add more nodes for a one-time fee of $20 perhaps?


----------



## Tactical (Jun 19, 2013)

Isn't open source free software?


----------



## shovenose (Jun 19, 2013)

SgtZinn said:


> Isn't open source free software?


Not neccessarily.


----------



## clone1018 (Jun 19, 2013)

No, while our source will be completely public, you'll need a license to install and use the software in production.


----------



## Zen (Jun 19, 2013)

Per node. $3/mo is fine. $5/mo with added support SLA? Up front fee is fine but I don't recommend it - I would say change it to a master fee (the panel being the master and the nodes being the slaves) of $10/mo. So like Solus you pay $10/mo base and add on with nodes as you go.

Add a bunch of support options while retaining decent support offerings on the base fee and you'll make just as much money.


----------



## Tactical (Jun 19, 2013)

Money money money


----------



## Zen (Jun 19, 2013)

SgtZinn said:


> Money money money


That's the aim of the game. Why do you think Phil from SolusVM doesn't give a shit? He pays a bunch of Indians $1/ticket to say "This will be forwarded to someone who knows something" and then he does 1 hour of development per week and tells people "soon"..and everyone falls for it. Why do you think it's so easy to knock SolusVM off their horse? One competent development team needs to come together, pay a design team, and spend 2 weeks pumping out miracles..and tada, provided they aren't morons - SolusVM dies in an instant. Literally.

Curse the guy. When you make that much money, you stop developing, and you hire developers, and then more, and then more, and then more. With the client base he has, the monopoly he has, and the money he has, the panel should be competing with high end cloud services.. not stuck in the dark ages using mysql_.


----------



## Chronic (Jun 19, 2013)

The more the merrier. I think having providers pay per node is pretty fair, or at least it seems to be.


----------



## mikho (Jun 19, 2013)

SgtZinn said:


> Isn't open source free software?


Not always


Free to read but not free to use.


----------



## jarland (Jun 19, 2013)

I like what you appear to be doing, but would you mind if I asked for you to introduce yourself here for everyone? Personally, I'm a little turned off by people being anonymous right now in light of recent events. I think that it's fairly justified.


----------



## vanarp (Jun 20, 2013)

clone1018 said:


> No, while our source will be completely public, you'll need a license to install and use the software in production.


 

Pardon my ignorance, but I never heard of Open Source software that needs to be paid for using it on own. I can understand if the payment is for the support and quick fixes.


----------



## XFS_Duke (Jun 20, 2013)

jarland said:


> I like what you appear to be doing, but would you mind if I asked for you to introduce yourself here for everyone? Personally, I'm a little turned off by people being anonymous right now in light of recent events. I think that it's fairly justified.


I like the project, but I second this... Please let people know who you are...


----------



## Mon5t3r (Jun 20, 2013)

clone1018 said:


> SaltStack: http://docs.saltstack.com/


thanks for that, was looking this for my own panel.


----------



## kaniini (Jun 20, 2013)

clone1018 said:


> No, while our source will be completely public, you'll need a license to install and use the software in production.


LOL.

Yeah, because the fact that your source being completely public won't make it completely trivial to null the license checking, right?  Right?  Oh, wait, *yes it will*.


----------



## rds100 (Jun 20, 2013)

It's not a problem that people would null the license. People do this even for encoded software.

But if you null the license you will look like an ass in the eyes of your customers, which you probably don't know.


----------



## kaniini (Jun 20, 2013)

rds100 said:


> It's not a problem that people would null the license. People do this even for encoded software.
> 
> But if you null the license you will look like an ass in the eyes of your customers, which you probably don't know.


Uhh, LOL.  I do not think anyone would care about someone removing a pointless license check from a piece of open source software.  See also: the giant X-Chat Win32 debacle of last decade.


----------



## kaniini (Jun 20, 2013)

Not to talk smack but 100% of the people I have mentioned this to believe it's going to either:


be a disaster.
not be completed.


----------



## necs (Jun 20, 2013)

Module for WHMCS?


----------



## Francisco (Jun 20, 2013)

vanarp said:


> Pardon my ignorance, but I never heard of Open Source software that needs to be paid for using it on own. I can understand if the payment is for the support and quick fixes.


vBulletin < 3 (and possibly 4?) were like this? Jelsoft used to spend a *fortune* on their legal team to DMCA all the people running nulled copies.

Francisco


----------



## vanarp (Jun 20, 2013)

Francisco said:


> vBulletin < 3 (and possibly 4?) were like this? Jelsoft used to spend a *fortune* on their legal team to DMCA all the people running nulled copies.
> 
> 
> Francisco


And then they called it Open Source software??


----------



## Francisco (Jun 20, 2013)

vanarp said:


> And then they called it Open Source software??


Good point  I think they went with "The source isn't compiled but you require a license to use it".

Francisco


----------



## clone1018 (Jun 20, 2013)

jarland said:


> I like what you appear to be doing, but would you mind if I asked for you to introduce yourself here for everyone? Personally, I'm a little turned off by people being anonymous right now in light of recent events. I think that it's fairly justified.



Hey there, I'm Luke Strickland, clone1018 is my online alias. I'm a software developer and hosting fanatic, but it's understandable you've never heard of me, I don't generally make new products like this. In case you're curious these are some of my other projects that I've created. If you'd like to know anything elase please just ask away and I'll do my best to help you.



vanarp said:


> Pardon my ignorance, but I never heard of Open Source software that needs to be paid for using it on own. I can understand if the payment is for the support and quick fixes.



It's understandable really, there aren't many companies even dealing money that are open source. But there are companies doing it, and we're one of them! Also about your "quick fixes", those would be committed for everyone to use, free of charge .

There are some really great companies that are following this movement, here are some of my favorites.



kaniini said:


> LOL.
> 
> 
> Yeah, because the fact that your source being completely public won't make it completely trivial to null the license checking, right?  Right?  Oh, wait, *yes it will*.



Sure! And I fully expect 80% of our "customers" to be people who have nulled the software, piracy happens no matter what you do. And I don't plan on hurting my product by trying to protect against it. Hell, all you have to do is remove the license modules (I'll post source when it's done) and then remove the requirement from the validator of the form. 

Profits of a company are needed for security audits, advertising, support and development. My hope is that by licensing out the software, I can continue to devote time to fixing and improving it. If the software was open source and free there would be no possible way to support/develop the project after it's "complete", it would just fall off and become "that free panel". 



kaniini said:


> Not to talk smack but 100% of the people I have mentioned this to believe it's going to either:
> 
> 
> be a disaster.
> not be completed.



I sure hope not .



necs said:


> Module for WHMCS?



Of course!


----------



## Coastercraze (Jun 20, 2013)

Francisco said:


> Good point  I think they went with "The source isn't compiled but you require a license to use it".
> 
> 
> Francisco




```
|| # ---------------------------------------------------------------- # ||
|| # Copyright
```


----------



## joepie91 (Jun 20, 2013)

clone1018 said:


> No, while our source will be completely public, you'll need a license to install and use the software in production.


Then it's not open-source, but just readable source, a very different concept. One lets you freely reuse and redistribute the software, the other doesn't.

EDIT: Huh? How are you going to 'require a license to install and use in production' when the source is licensed under a BSD license? That contradicts the license.


----------



## perennate (Jun 20, 2013)

So... I guess it's only licensed under BSD-3 to customers (which means any customer can then redistribute the panel themselves!)


----------



## joepie91 (Jun 20, 2013)

perennate said:


> So... I guess it's only licensed under BSD-3 to customers (which means any customer can then redistribute the panel themselves!)


Well, that's the only explanation I can think of... but that would mean that it technically _doesn't_ require a license to install and use.


----------



## David (Jun 20, 2013)

Maybe add a licence checker? like whmcs? http://www.whmcs.com/members/verifydomain.php discredits the host instantly really..


----------



## concerto49 (Jun 20, 2013)

joepie91 said:


> Well, that's the only explanation I can think of... but that would mean that it technically _doesn't_ require a license to install and use.


It means it can literally be packaged and resold by anyone as well. If it's open source, you can really only sell support and services over it.


----------



## joepie91 (Jun 20, 2013)

concerto49 said:


> It means it can literally be packaged and resold by anyone as well. If it's open source, you can really only sell support and services over it.


Depends. It's fairly common to offer both a GPL-licensed version (that requires redistribution of changes) and a (paid) version under a proprietary license that allows to modify it without having to redistribute the changes. That wouldn't work for BSD-licensed software, though.


----------



## concerto49 (Jun 20, 2013)

joepie91 said:


> Depends. It's fairly common to offer both a GPL-licensed version (that requires redistribution of changes) and a (paid) version under a proprietary license that allows to modify it without having to redistribute the changes. That wouldn't work for BSD-licensed software, though.


Exactly. It did say BSD. I'm aware of the GPL situations, yes. db4o was something we also looked at for databases and has been successful with this license model you describe. Many other examples - but not BSD.


----------



## perennate (Jun 20, 2013)

Would have to be AGPL though?


----------



## clone1018 (Jun 21, 2013)

Hrm, I've taken a more in depth look into our license and licensing situation and I'll be trying to figure it out as development goes along, for now the software is still BSD-3 licensed (at least until we start charging or figure out what we need to do instead). If any of you guys have a better idea, my goal is to provide the source, open and free for people to modify and learn from. But I want to charge for the software so I can maintain it, fix it and support it like you'd expect from any other software. Our options at this point are to do it like Cartalyst and hide the source until you subscribe, then you'll have full access. OR we can have different licenses, the default license being "free to develop and modify, not to resell or use, a developers license", then we could also have a company license which would allow the software to be used. 

Just let me know what you guys think, I don't want it to be too complicated but I want our license to encapsulate all of our needs.

Thanks!


----------



## vanarp (Jun 21, 2013)

Simple. Just stop calling it Open Source software as the source is not really _Open _enough.


----------



## clone1018 (Jun 21, 2013)

vanarp said:


> Simple. Just stop calling it Open Source software as the source is not really _Open _enough.


What's not open about it?

We're not calling it Free Open Source Software (FOSS), we're calling it Open Source software, because our entire source code is visible by everyone.


----------



## joepie91 (Jun 21, 2013)

clone1018 said:


> What's not open about it?
> 
> We're not calling it Free Open Source Software (FOSS), we're calling it Open Source software, because our entire source code is visible by everyone.


https://en.wikipedia.org/wiki/Open-source

Open-source doesn't mean that the source code is _visible_, it entails _free distribution_ as well. The whole internal flamewar in the open-source community about how 'open' would not be clear enough so a new term ('free' and then 'libre') had to be invented, doesn't change that.

Calling software open-source when it's not freely distributable is simply misleading. At best, you can call it visible-source. We've had this entire discussion with someone (jhadley I believe?) on LowEndTalk about 'OpenBill', which was eventually renamed to Billr for this exact reason... I'm sure that you can find that thread with Google and read it back.


----------



## clone1018 (Jun 21, 2013)

Thanks for your insight joepie (and everyone else), I'll be taking your advice and changing our strategy on this. I'll let you guys know when I have an update from the licensing end.


----------



## clone1018 (Jun 21, 2013)

We


----------



## jhadley (Jun 21, 2013)

You have a nice product, and if it helps, I think you're probably doing the right thing. I debated with myself and others on the same subject and came to a similar conclusion for Billr - as much as you want to keep things open for your customers, it's more important to guarantee yourself a decent revenue stream so the software can continue.


----------



## clone1018 (Jun 21, 2013)

jhadley said:


> You have a nice product, and if it helps, I think you're probably doing the right thing. I debated with myself and others on the same subject and came to a similar conclusion for Billr - as much as you want to keep things open for your customers, it's more important to guarantee yourself a decent revenue stream so the software can continue.


Thanks, that's exactly what the problem was. It was quite difficult coming to that solution though but I believe it's for the best.


----------



## concerto49 (Jun 21, 2013)

clone1018 said:


> Thanks, that's exactly what the problem was. It was quite difficult coming to that solution though but I believe it's for the best.


That's great and support you on that part, but as joepie has said, please drop the open source usage. It's not. You're providing source code on purchase, which is not open source. Open source is when it is freely available without the need to purchase.


----------



## kaniini (Jun 22, 2013)

clone1018 said:


> And after quite a bit of thought and input from others, we


----------



## joepie91 (Jun 22, 2013)

concerto49 said:


> That's great and support you on that part, but as joepie has said, please drop the open source usage. It's not. You're providing source code on purchase, which is not open source. Open source is when it is freely available without the need to purchase.


Close, but not entirely. Open-source isn't about free _availability_, it's about free _redistribution_. While free availability _can_ technically happen with paid/private open-source software (because whoever bought the software decided to put it online for free, legally), it's not a given. It's very well possible that all those that purchase the commercial open-source code, just don't bother putting it online... with as a result that, while there's free redistribution, there's no free availability.


----------



## clone1018 (Jun 22, 2013)

concerto49 said:


> That's great and support you on that part, but as joepie has said, please drop the open source usage. It's not. You're providing source code on purchase, which is not open source. Open source is when it is freely available without the need to purchase.


 Yeah, I'll be changing the wording of our topics from "Open Source" to "the source is open for customers to checkout" or something like that, haven't quite figured it out.



kaniini said:


> *golfclap*
> 
> How about instead of holding your source hostage, consider this:
> 
> ...


 I really don't see how making the source only available to customers is holding it hostage, especially when most of the libraries we'll be using to power the software are a ) either already foss or b ) will be foss when when the panel is released. For example, our salt communication library, our main website and our licensing software are already planned to be 100% FOSS. I still believe in open source, but I don't believe the company could support itself off of outrageous support fees . I really don't like how expensive hostbill is for things, and I think if you have a problem and you've already bought the software, support should come with it, free. 

As far as planning for the future, this is the best path. If we fail, we can go open source and convert the company, but converting the company from FOSS to paid would never stand up. More then anything I want this company and it's panels to survive. This is the way.

Thanks,

Luke


----------



## clone1018 (Jun 23, 2013)

Hey guys! I've got an update for you! I just completed the initial work on slave/master/panel communications and it looks like we're almost at 40% of the way to alpha!

The screenshot below is basically showing the panel talking to the master (hosted externally, this manages your slaves, can be hosted locally), the master talking to the slave (the thing that hosts your vms), and then the response of a command 'xm/xl list' going all the way back up, for both servers. Another great thing it's showing, is since we communicate with all of your slaves on a master, the communications are sent asynchronously. Meaning you don't need to wait for the response of 1 to start 2, making having 100+ slaves just as fast as 1.


----------



## H4G (Jun 23, 2013)

Why not SaaS? Obviously you can't do the open source thing but easier to push updates through. Somewhat secure, less chances of the code being tampered with.

The question would be, how many providers would use a hosted platform.

I personally would. As a matter of fact, I really would use VirtPanel if they had a better UI and maybe a few features here and there.


----------



## clone1018 (Jun 23, 2013)

Sure, we plan on offering a hosted panel service with some pretty neat features, Capisso VMPanel makes this especially easy since we support having your node communication master on another server.


----------



## kaniini (Jun 23, 2013)

clone1018 said:


> The screenshot below is basically showing the panel talking to the master (hosted externally, this manages your slaves, can be hosted locally), the master talking to the slave (the thing that hosts your vms), and *then the response of a command 'xm/xl list' *going all the way back up, for both servers.


Lets do the exact same thing SolusVM does and run arbitrary commands on the slaves to manage them... because, this totally couldn't go wrong, could it?

Oh, wait...

These hypervisors provide formal API bindings.  Why aren't you using them?


----------



## clone1018 (Jun 23, 2013)

kaniini said:


> Lets do the exact same thing SolusVM does and run arbitrary commands on the slaves to manage them... because, this totally couldn't go wrong, could it?
> 
> Oh, wait...
> 
> These hypervisors provide formal API bindings.  Why aren't you using them?


I am, don't worry! This is just an example . The point of this test was to make sure I could execute commands on the slaves and get output back. I've already started hooking up the libvirt bindings and everything appears to be working great. Now all I have to do is setup image fullsync/demand and we should be able to automatically create a VM on any of the slave servers.

I'll keep you updated!


----------



## kaniini (Jun 23, 2013)

clone1018 said:


> I am, don't worry! This is just an example . The point of this test was to make sure I could execute commands on the slaves and get output back. I've already started hooking up the libvirt bindings and everything appears to be working great. Now all I have to do is setup image fullsync/demand and we should be able to automatically create a VM on any of the slave servers.
> 
> I'll keep you updated!


Why do you need to execute arbitrary commands on the server, exactly?  Like, why are you even testing that?


----------



## Francisco (Jun 23, 2013)

kaniini said:


> Why do you need to execute arbitrary commands on the server, exactly?  Like, why are you even testing that?


In one of the earlier solus builds there used to be a 'command.php' window which you could feed it a command that would run with 'vzctl exec...' and then return you the details.

Francisco


----------



## D. Strout (Jun 23, 2013)

Francisco said:


> In one of the earlier solus builds there used to be a 'command.php' window which you could feed it a command that would run with 'vzctl exec...' and then return you the details.


Definitely no potential for a vulnerability there...

[/sarcasm] (in case it wasn't obvious)


----------



## Francisco (Jun 23, 2013)

D. Strout said:


> Definitely no potential for a vulnerability there...
> 
> [/sarcasm] (in case it wasn't obvious)


They had a security issue back then and removed it. It's possible someone was able to inject something nasty into it, who knows.

Francisco


----------



## D. Strout (Jun 23, 2013)

Francisco said:


> They had a security issue back then and removed it. It's possible someone was able to inject something nasty into it, who knows.
> 
> 
> Francisco


Yeah but I can only imagine it's easy to accidentally leave nasty little back doors in place when you have code like that in there.


----------



## Zen (Jun 23, 2013)

kaniini said:


> Why do you need to execute arbitrary commands on the server, exactly?  Like, why are you even testing that?


They were testing whether the data stream (input, receive output) was working BEFORE implementing bindings. You wouldn't implement an entire feature without testing it at its earliest working stage.


----------



## kaniini (Jun 23, 2013)

Zen said:


> They were testing whether the data stream (input, receive output) was working BEFORE implementing bindings. You wouldn't implement an entire feature without testing it at its earliest working stage.


Then you use PING/PONG API calls.  You NEVER EVER write something to expose direct command execution over an RPC layer, ever.  EVER.

Do you think this is a game?


----------



## jhadley (Jun 24, 2013)

clone1018 said:


> Sure, we plan on offering a hosted panel service with some pretty neat features, Capisso VMPanel makes this especially easy since we support having your node communication master on another server.


Talk to me if/when you start doing this - maybe we can do an integration.


----------



## clone1018 (Jun 24, 2013)

jhadley said:


> Talk to me if/when you start doing this - maybe we can do an integration.


Sure, if you're up for it, hop in our IRC channel on freenode, the channel is #capisso, or you can just PM me.


----------



## Zen (Jun 25, 2013)

kaniini said:


> Then you use PING/PONG API calls.  You NEVER EVER write something to expose direct command execution over an RPC layer, ever.  EVER.
> 
> Do you think this is a game?


I'm trying to interpret what he stated since he seems to be hesitant to defend himself or his practices. 

"The point of this test was to make sure I could execute commands on the slaves and get output back."

Whether he issues arbitrary commands or not is irrelevant, he is testing as to whether or not he will receive output from input, the easiest way to test that in this case is to issue any direct command. It's hard for me to confirm given I have no idea what he's actually written, but that's what it sounds like.

And yes, when it comes to virtualization panels being home-brewed by everyone and their mother - I think it's quite the game. Especially when the market leader is still using mysql_. As far as I can tell, every panel out there other than pumped up commercial ones such as OnApp are currently using direct command execution - I never do it, you never do it, but guess what.. people do it! Don't act like it's out of this world.

I'm sure there is room in the world for one more nazi coder that can't handle anything other than his own perfect world, so by all means continue to entertain. Whether I am right or wrong in defending him or not, people have bad practices - I don't agree with that in production by any means but it makes sense to implement it for a basic PoC before working on something such as libvirt implementation.


----------



## kaniini (Jun 25, 2013)

Zen said:


> And yes, when it comes to virtualization panels being home-brewed by everyone and their mother - I think it's quite the game. Especially when the market leader is still using mysql_. As far as I can tell, every panel out there other than pumped up commercial ones such as OnApp are currently using direct command execution - I never do it, you never do it, but guess what.. people do it! Don't act like it's out of this world.


On the contrary.  I am acting as if it is the default approach, and taking action to ensure that any proposed replacement does not do these things.

You know, because, I might buy a VPS managed by one of these panels, and I'd rather not have my VPS get owned because the panel was written to the same spec as the panel it intends to replace.  I am not sure what the problem with that is, really.

What I _will_ say is this: clone1018 showed some of his prototype code with me earlier today, and despite the fact that it is written in PHP (and thusly, not something I really personally would like to be coding on), _so far_ at least in his actual prototype he is trying to do things the right way.

So, I will give him credit for that.


----------



## Aldryic C'boas (Jun 25, 2013)

I miss the old bbs days where one's handle and posting source were often enough to judge competency. Too many unknown high-and-mightys coming out of the woodwork now - and while constructive criticism is all fine and dandy, the 'holier than thou' shit without any actual evidence or qualifiers justifying the 'guruship' is getting a bit old.


----------



## kaniini (Jun 25, 2013)

Aldryic C said:


> I miss the old bbs days where one's handle and posting source were often enough to judge competency. Too many unknown high-and-mightys coming out of the woodwork now - and while constructive criticism is all fine and dandy, the 'holier than thou' shit without any actual evidence or qualifiers justifying the 'guruship' is getting a bit old.


Yes, I agree wholeheartedly with the sentiment, but, I can understand why people looking to make a commercial product might want to keep their source closed.  At least he is willing to share it for auditing on request.


----------



## clone1018 (Jun 25, 2013)

Luke has made tons of progress on the Salty library, which has allowed me to build most of the node management functions. Here's a good example of what node setup will be like:



I am in the process of adding a token so that not just everyone can download your install script, but it wont contain anything that could hurt you. Besides that, let me know what you think!


----------



## kaniini (Jun 25, 2013)

Looks reasonable enough, as mentioned on IRC.  I like the self-discovery of nodes (guessing that is done via Salt itself).


----------



## clone1018 (Jul 1, 2013)

Hey guys, just wanted to shoot an update out. Progress is still going steady on the panel and I'm so excited for alpha soon! At the moment I'm working on hooking the servers/create API method up, and after that I'll work on client VM functions. For now I wanted to go over our release schedule, it's below:

Alpha Release

Alpha will be a "VMPanel only" release, meaning it'll include the panel, the master and anything else you'll need to create and manage your virtual servers. We won't have a WHMCS module or anything out yet and we're not promising it'll work on all systems. This will be semi-closed with a couple of people invited to checkout the panel. We hope to partner with a provider who will loan us a dedi for a day, so we can run a "pretend" business with the panel for all you guys. This will hopefully test the most important functionality and will lead the way to the beta.

Beta Release

Beta will be a more complete, polished experienced. We'll have a WHMCS/other module at this point and new hosts should be good to go with running it. At that time migration scripts will not be available. At beta we'll start selling off licenses at $75.

Release

This is the point of no return, we're launching the product, announcing it, and waiting to help and support any installation/migration problems customers might have. For a couple of months after release we'll be sporting the $75 price tag, with that going up in the future to our standard cost of $100.

If you guys have any opinions or thoughts, do let me know. There's still no release date but we'll see what we can do about August


----------



## blergh (Jul 2, 2013)

Sounds a bit weird to have a pricepoint set for a product that is not even finished or released.


----------



## clone1018 (Jul 2, 2013)

Isn't that called planning?


----------



## AlexBarakov (Jul 7, 2013)

Are we talking about monthly recurring price of 100$?

About that dedi, once you hit the needed stage, shoot me an email at [email protected] and we might think out something.


----------



## clone1018 (Jul 8, 2013)

Alex_LiquidHost said:


> Are we talking about monthly recurring price of 100$?
> 
> About that dedi, once you hit the needed stage, shoot me an email at [email protected] and we might think out something.


Haha, no way. That's a one time, or maybe once a year (haven't decided) charge for the actual panel.


----------



## terafire (Jul 12, 2013)

I'm interested in this. Please update me when you have a release coming


----------



## clone1018 (Jul 12, 2013)

Thanks! Will do.


----------



## VPSCorey (Jul 13, 2013)

Just remember to support IPv6 with /64 assignments to customers rather than /128's like SolusVM did.

Not sure how feasible it is, but VNC that supports remote media mounting would rock for KVM/Xen to load custom ISO's.  Saves the host from storing a bunch of random stuff.


----------



## clone1018 (Jul 13, 2013)

The IPv6 assignment size would be entirely up to you with something like /128 being the default.

I haven't thought much about custom image mounting but it was semi planned, I'll look at including it before launch.


----------

