Yet Another SolusVM Alternative: VPSM

Status
Not open for further replies.

KuJoe

Well-Known Member
Verified Provider
I know, I know. Everybody and their sister is putting out a SolusVM alternative so what make VPSM (VPS Manager) different? It's 100% FOSS (Free Open Source Software). No one-time fees. No monthly bills. No encoded files.

I've been working with a developer (John AKA DimeCadmium) and we're still working out the pricing right now but myself and a handful of providers (currently 15 interested with a few definite) are pooling our resources together to finance a completely free open source solution to free us from the monthly invoices and customization limitations.

We're still finalizing the financials and the timeline but we're confident enough to get the ball rolling with this (he's started coding and we've put together a website for easier collaboration with providers/users).

John was the only developer I contacted willing to step up and work on a solution to our problems and I'm glad he was because we run some of his code in our production environment already so I am both impress and satisfied with his coding abilities. He's setup a GitHub so others can contribute also so if you have some talent and creativity you can be a part of the solution. :)

Here is what we definitely know right now:

  1. It will have a SolusVM import script.
  2. It will work with WHMCS out of the box with basic automation.
  3. It will be compatible with OpenVZ, Xen, and KVM.
  4. It will be 100% Open Source (MIT license).
  5. It will be 100% free once it is finished.
Here is what we do not know right now:

  1. What the GUI will look like. At this time we do not have anybody to work on the graphics so it will be a very basic interface and utilizing WHMCS's plugin system to generate an interface based on the WHMCS template.
On the plus side, backend code takes precedent over pretty colors and CSS magic. Our philosophy is Core coding first, we can add a pretty bow later (it'll be open source so anybody can design their own unique interface or just drop the code right into their billing system).

Interested? I've got a forum setup here to get things rolling: http://vpsm.net

Would you be willing to spend 3 months worth of SolusVM fees to rid yourself of a monthly license? That's what we've been aiming for so if you are please contact me. We're not asking for any money right now so no commitment is required, we're just gathering names of providers who will help once the project is further along.

If you know of a reliable software auditor please contact me also. If funds permit, I would like to get an external audit of the stable release.

Any feedback is appreciated, no matter how negative it might be. This whole project was put together prior to all of the new panels popping up so if this panel ends up being redundant let me know (I didn't see any other FOSS options out there but I didn't look very hard).
 
Last edited by a moderator:

rds100

New Member
Verified Provider
Excellent news. I'm willing to contribute some personal money and maybe also time and other resources if i could be of any help.

The VPS control panel alternatives are shaping up. What we really need now is a good billing panel alternative. I don't trust WHMCS to write quality code at all. They can't even do proper version numbering...
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Sounds great!

Love seeing everyone work on some new stuff. I don't think the GUI has to be anything all that fancy, so long as everything works and works well. ;)

Keep us updated.

BTW: Should get DimeCadium over here, though I don't think he's too fond of vpsBoard. 
 
Last edited by a moderator:

acd

New Member
Lofty goals, especially with an MIT license. Unfortunately no code or architecture documents, just an expected feature list. Not sure what to think of it yet....
 

KuJoe

Well-Known Member
Verified Provider
Lofty goals, especially with an MIT license. Unfortunately no code or architecture documents, just an expected feature list. Not sure what to think of it yet....
The project is only a few hours old and we still don't have the contract signed so this is all preliminary.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
The critical thing security-wise is that your middleware running on the hypervisor nodes should have a strict API definition and that should restrict itself to execv() and such things, never anything which invokes a shell like system() or Perl's backtick operator.

Also, your middleware should not be written in PHP or anything like that.  The middleware should be extremely simple and not require any webserver etc -- it should be a simple daemon which responds to well-formed API calls.

If you can realize this design, you will have better security than all of the paid products presently out on the market.
 

peterw

New Member
Opensource and business funding it. A good combination. You should think about using a well established API as a pattern for your own API. What language should be used for the coding the middleware?
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Opensource and business funding it. A good combination. You should think about using a well established API as a pattern for your own API. What language should be used for the coding the middleware?
The main thing here is that you want something lightweight and generally already available.

This is why we implemented the node management agents in Cloudware using Python.  It's already there on most systems, and it provides a safe execv() through the subprocess library (which is part of Python 2.4 and newer).  Perl or C would also work well here, but C of course has a higher risk of memory leaks and errors if the developer does not know what they are doing.
 

KuJoe

Well-Known Member
Verified Provider
John considered coding his own daemon but it looks like he's going strictly SSH with auth-keys last I spoke with him since it gives him some flexibility and have a proven security track record. But nothing is set in stone right now so it can change anytime between now and the final release. :)
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Well, you need a daemon to track the QEMU processes on KVM.  Unless you cop out and use libvirt there instead.  But, really, that's cheating.
 

necs

New Member
Sounds great. I will keep an eye! We are looking in to migrate an alternative to SolusVM
 

KuJoe

Well-Known Member
Verified Provider
Well, you need a daemon to track the QEMU processes on KVM.  Unless you cop out and use libvirt there instead.  But, really, that's cheating.
We did talk about using libvirt for Xen/KVM and using SSH for OpenVZ.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Yeah that's probably what I would do, but on the Xen front, libvirt has problems with the XL toolstack shipped in Xen 4.2 still.  Hopefully the newest version of libvirt will get that sorted.
 

titanicsaled

New Member
You could probably make some use of some of the stuff from joepie's CVM repository. 

It would be great to see this get off the ground. If there's anyone that's can do it right it's you @KuJoe.
 

KuJoe

Well-Known Member
Verified Provider
Wow, I woke up this morning to some really nice PMs on WHT from some larger VPS providers that are interested in this project. I'm very happy with the direction this is taking and hopefully by tomorrow I can provide some updates on the site in regards to a schedule and budget. :)
 

DimeCadmium

New Member
Also, your middleware should not be written in PHP or anything like that.  The middleware should be extremely simple and not require any webserver etc -- it should be a simple daemon which responds to well-formed API calls.
John considered coding his own daemon but it looks like he's going strictly SSH with auth-keys
My current idea is, as KuJoe said, just doing SSH with a custom shell (that hands over to a setuid, sudo, whatever executable - not finalized yet etc). That way I'm using a time-tested authentication/encryption system, but if something gets hold of the private keys the worst they can do is whatever the panel can do (which is bad, but not as bad as rm -rf /*)

That said, I'd love any suggestions you have kaniini (or anyone else).

maybe should should add an option for users to sponsor the development for a smaller amount of cash as well
Like I said to KuJoe the other day when we were discussing it initially: <DimeCadmium> id like to do it just because it needs to be done, i just cant justify the time it would take for free at the moment

I'm not in this for the money, I'm in this for the product. I'm all for donations of course but the only reason I'm looking for payment at all is that I'm fat and I need to eat. :p
 

kaniini

Beware the bunny-rabbit!
Verified Provider
My current idea is, as KuJoe said, just doing SSH with a custom shell (that hands over to a setuid, sudo, whatever executable - not finalized yet etc). That way I'm using a time-tested authentication/encryption system, but if something gets hold of the private keys the worst they can do is whatever the panel can do (which is bad, but not as bad as rm -rf /*)

That said, I'd love any suggestions you have kaniini (or anyone else).
If you intend to do it this way, you can put them in a special shell to force them to use your API.  See git-shell and other such things.
 
Status
Not open for further replies.
Top