Création d'un template LAMP pour Qubes OS

Pour celles et ceux qui font du dévellopement php, il peut être intéréssant de faire un template lamp spécifique au lieux de faire des VMs standalone.

La seule différence par rapport à une installation "classique" (ex: vm créée sur un serveur du type proxmox), c'est qu'ici nous allons faire des liens symbolique dans le /rw.

Comme vous le savez peut être, une apps-vm est volatile (sauf le /rw). cela veux dire que si vous crééz un fichier dans /etc par ex, au redémarrage de l'apps-vm, il sera perdu. 

 

Copie du template (à faire sur le dom0)

[ines@dom0 ~]$ sudo qvm-clone fedora-24 fedora-24-lamp

Prérequis

  • Mise à jours du système
[root@fedora-24-lamp user]# dnf update -y
  • Utilisation du proxy qubes-OS pour télécharger le dépot remi
[root@fedora-24-lamp ~]$ export https_proxy=http://10.137.255.254:8082/
  • Installation et activation du dépot rémi
[root@fedora-24-lamp user]# dnf install https://rpms.remirepo.net/fedora/remi-release-24.rpm

[root@fedora-24-lamp user]# yum-config-manager --enable remi-php70
  • Installation des packages
[root@fedora-24-lamp user]# dnf install httpd php php-mysql php-xml php-mbstring php-gd php-ldap mariadb-server mariadb
  • Donner les droits à user
[root@fedora-24-lamp user]# usermod -a -G apache user

Mise en place des liens symboliques

Configuration apache

[root@fedora-24-lamp user]# mkdir -p /rw/etc/httpd/

[root@fedora-24-lamp user]# mv /etc/httpd/conf.d/ /rw/etc/httpd/

[root@fedora-24-lamp user]# ln -s /rw/etc/httpd/conf.d/ /etc/httpd/conf.d

Dossier de Log

[root@fedora-24-lamp user]# mkdir -p /rw/var/log

[root@fedora-24-lamp user]# mkdir /rw/var/log/httpd

[root@fedora-24-lamp user]# ln -s /rw/var/log/httpd /var/log/httpd

Dossier www

[root@fedora-24-lamp user]# mv /var/www/ /rw/var/

[root@fedora-24-lamp user]# ln -s /rw/var/www/ /var/www

[root@fedora-24-lamp user]# chown user:apache /rw/var/www/ -R

Configuration php.ini

[root@fedora-24-lamp user]# mv /etc/php.ini /rw/etc/

[root@fedora-24-lamp user]# ln -s /rw/etc/php.ini /etc/php.ini

MariaDB

[root@fedora-24-lamp user]# mkdir /rw/var/lib

[root@fedora-24-lamp user]# mv /var/lib/mysql/ /rw/var/lib

[root@fedora-24-lamp user]# ln -s /rw/var/lib/mysql/ /var/lib/mysql

Démarrage automatique des services

[root@fedora-24-lamp user]# systemctl enable httpd

[root@fedora-24-lamp user]# systemctl enable mariadb

Configuration de MariaDB

[root@fedora-24-lamp user]# systemctl start  mariadb.service
[root@fedora-24-lamp user]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
 
Enter current password for root (enter for none):
OK, successfully used password, moving on...
 
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
 
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!
 
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
 
Remove anonymous users? [Y/n] y
 ... Success!
 
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
 
Disallow root login remotely? [Y/n] y
 ... Success!
 
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
 
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
 
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
 
Reload privilege tables now? [Y/n] y
 ... Success!
 
Cleaning up...
 
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
 
Thanks for using MariaDB!

 

Maintenant, il ne vous reste plus qu'à créer une apps-vm sur le template fedora-24-lamp.

 

Qubes-OS

Ajouter un commentaire