Installing 3rd Party Software
Every so often we get asked how to install 3rd party software on a LiquidFiles system, if it's supported and what's the implications and so on.
Is it Supported to install 3rd Party Software?
No, it's not supported to install 3rd party software in LiquidFiles.
We do try to be a bit pragmatic about this. Every licensed LiquidFiles system has root access and it is technically possible to install and change anything. Our pragmatic stance is this:
If the LiquidFiles default installation changes and impacts anything you've changed or added, it is your responsibility to either change whatever you've changed or added, remove or reverse the changes so that the default LiquidFiles installation works as expected.
If you are unable to remove or reverse any changes you've made, you may end up having to re-install LiquidFiles in order to get back to a non-tampered/supported system.
With the base installation, we try to keep things as close to the CentOS default way of doing things as practical, and as long as you do the same you should be fine. And, LiquidFiles doesn't look for, or take any precautions of any sort of anything that's been added. The LiquidFiles system assumes it has full control over the system so if you for instance make any changes to the FTP configuration and then save any setting in the web interface, it's highly likely that your changes are going to be overwritten.
The absolutely best and safest way is either to install packages from either the standard CentOS repositories or EPEL, that's also included in the base installation. If you add packages from there, you should most likely be fine. Alterntively, if your specific software package comes as a RedHat/CentOS installation package, it's probably going to be fine as well.
Can I upgrade to later versions of included packages?
Every so often we get asked questions along the lines of "I see that the version of OpenSSL is pretty old, can I just compile and change to a newer version?". If you attempt to compile or install newer versions of any package and replace yourself you will break LiquidFiles beyond repair and you will have to reinstall the system.
There's no choices that has been made by accident. OpenSSL for instance is continously patched by the RedHat/CentOS team instead of updating to the latest version so even if the version number indicates that it could be vulnerable to some recent security issues, you would have to look in the RedHat vulnerability database to conclude if that's indeed the case.
LiquidFiles uses Ruby on Rails as its web application framework and we typically never run the latest feature release so if the current release would be version 99.0, we would run 98.4 or 97.8, whatever the latest version would be in the 98 or 97 feature branch. But if your vulnerability scanner picks up that there's a later version and recommend that it should be updated, that's almost never the correct assessment and any attempt do update Ruby on Rails or any other package would break LiquidFiles beyond repair and you would have to reinstall the system. The same version argument goes for PostgreSQL, Postfix, ProFTPd any pretty much anything included in LiquidFiles. If it's distributed by RedHat/CentOS or EPEL, it's whatever version that's the latest from them. If it's something that's distributed as part of LiquidFiles, it's typically the latest fix release of whatever feature releases we've built and tested that major release of LiquidFiles with. For LiquidFiles distributed packages, new feature releases will be changed as required as part of major new LiquidFiles releases.
Can I add my own Backup Agent?
Yes, but it's pretty much guarateed to be a bad idea.
LiquidFiles is database driven meaning that when you access LiquidFiles and look at a message that has some files attached to it, you're looking at the result of a database query. There's nothing at that point that access the file system. That means if a message gets deleted and with the message the files attached also gets deleted. If you attempt to restore the files using your backup software, it's not going to work because restoring any files will not change the database to list those files or the message as available so you would still not be able to access the files. Also, files are not stored in a human readable format.
A much better idea would be to use the builtin LiquidFiles backup (that backs up both the database and the filesystem) to somewhere in your network. You can then use your own backup software to back up the LiquidFiles backups. If you need to restore, you'd first restore the relevant LiquidFiles backup to the network location and then use the builtin LiquidFiles backup/restore method to restore the backup.
Can I add my own system monitoring agent?
Yes, this is probably one of the safest and least invasive packages you can add so with the caveats listed above that you're responsible for any changes now or in the future, this should generall be fine.
Can I add my own tools to include in Actionscripts?
Yes, as long as you don't change anything included with LiquidFiles and install from the included CentOS or Epel libraries, you should generall be fine to add additional packages.