Alpine Linux

Distribution légère pouvant tourner en mémoire.

Installation d'Alpine Linux

Récupérer l'ISO sur le site d'Alpine : 

https://www.alpinelinux.org/downloads/

Je prends par habitude la version standard

Installation

localhost:~# setup-
setup-acf              setup-bootable         setup-hostname         setup-mta              setup-timezone
setup-alpine           setup-disk             setup-interfaces       setup-ntp              setup-xen-dom0
setup-apkcache         setup-dns              setup-keymap           setup-proxy            setup-xorg-base
setup-apkrepos         setup-gparted-desktop  setup-lbu              setup-sshd

L’installation ce fait via la commande setup-alpine

localhost:~# setup-alpine
Choix du clavier
Available keyboard layouts:
af     at     be     by     cn     dz     fi     ge     hu     in     it     kr     lk     md     mm     nl     pl     ru     sy     tr     uz
al     az     bg     ca     cz     ee     fo     gh     id     iq     jp     kz     lt     me     mt     no     pt     se     th     tw     vn
am     ba     br     ch     de     epo    fr     gr     ie     ir     ke     la     lv     mk     my     ph     ro     si     tj     ua
ara    bd     brai   cm     dk     es     gb     hr     il     is     kg     latam  ma     ml     ng     pk     rs     sk     tm     us
Select keyboard layout [none]: fr
Available variants: fr-afnor fr-azerty fr-bepo fr-bepo_afnor fr-bepo_latin9 fr-bre fr-dvorak fr-geo fr-latin9 fr-latin9_nodeadkeys fr-latin9_sundeadkeys fr-mac fr-nodeadkeys fr-oci fr-oss fr-oss_latin9 fr-oss_nodeadkeys fr-oss_sundeadkeys fr-sundeadkeys fr-us fr
Select variant []: fr-azerty
 * WARNING: you are stopping a boot service
 * Caching service dependencies ...                                                                                                               [ ok ]
 * Setting keymap ...                                                                                                                             [ ok ]
Configuration du hostname
Enter system hostname (short form, e.g. 'foo') [localhost]: alpine
Configuration du réseaux

Comme je suis une grosse feignasse, je laisse en dhcp

Available interfaces are: eth0.
Enter '?' for help on bridges, bonding and vlans.
Which one do you want to initialize? (or '?' or 'done') [eth0] eth0
Ip address for eth0? (or 'dhcp', 'none', '?') dhcp
Mot de passe root
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
Fuseau horaire
Which timezone are you in? ('?' for list) [UTC] Europe/Paris
Choix du client NTP

Je laisse celui par défaut : chrony

HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
Which NTP client to run? ('busybox', 'openntpd', 'chrony' or 'none') [chrony]
 * service chronyd added to runlevel default
 * Caching service dependencies ...                                                                                                     [ ok ]
 * Starting chronyd ...                                                                                                                 [ ok ]
Choix du miroir d’installation
Available mirrors:
1) dl-cdn.alpinelinux.org
2) uk.alpinelinux.org
3) dl-2.alpinelinux.org
4) dl-4.alpinelinux.org
5) dl-5.alpinelinux.org
6) dl-8.alpinelinux.org
7) mirror.yandex.ru
8) mirrors.gigenet.com
9) mirror1.hs-esslingen.de
10) mirror.leaseweb.com
11) mirror.fit.cvut.cz
12) alpine.mirror.far.fi
13) alpine.mirror.wearetriple.com
14) mirror.clarkson.edu
15) linorg.usp.br
16) ftp.yzu.edu.tw
17) mirror.aarnet.edu.au
18) speglar.siminn.is
19) mirrors.dotsrc.org
20) ftp.halifax.rwth-aachen.de
21) mirrors.tuna.tsinghua.edu.cn
22) mirrors.ustc.edu.cn
23) mirrors.xjtu.edu.cn
24) mirrors.nju.edu.cn
25) mirror.lzu.edu.cn
26) ftp.acc.umu.se
27) mirror.xtom.com.hk
28) mirror.csclub.uwaterloo.ca
29) alpinelinux.mirror.iweb.com
30) mirror.neostrada.nl
31) pkg.adfinis-sygroup.ch
32) mirror.ps.kz
33) mirror.rise.ph
34) mirror.operationtulip.com
35) mirrors.ircam.fr
36) alpine.42.fr
37) mirror.math.princeton.edu
38) mirrors.sjtug.sjtu.edu.cn
39) alpine.mirror.didstopia.com
40) ftp.icm.edu.pl
41) mirror.ungleich.ch
42) alpine.mirror.vexxhost.ca
43) sjc.edge.kernel.org
44) ewr.edge.kernel.org
45) ams.edge.kernel.org
46) download.nus.edu.sg
47) alpine.yourlabs.org
48) mirror.pit.teraswitch.com
49) mirror.reenigne.net

r) Add random from the above list
f) Detect and add fastest mirror from above list
e) Edit /etc/apk/repositories with text editor

Enter mirror number (1-49) or URL to add (or r/f/e/done) [1]: f

Je choisi le mirroir le plus rapide via la commande : f

Enter mirror number (1-49) or URL to add (or r/f/e/done) [1]: f
Finding fastest mirror...
0.11 http://dl-cdn.alpinelinux.org/alpine/
0.05 http://uk.alpinelinux.org/alpine/
0.19 http://dl-2.alpinelinux.org/alpine/
0.06 http://dl-4.alpinelinux.org/alpine/
0.05 http://dl-5.alpinelinux.org/alpine/
0.1 http://dl-8.alpinelinux.org/alpine/
0.1 http://mirror.yandex.ru/mirrors/alpine/
0.23 http://mirrors.gigenet.com/alpinelinux/
0.06 http://mirror1.hs-esslingen.de/pub/Mirrors/alpine/
0.07 http://mirror.leaseweb.com/alpine/
0.08 http://mirror.fit.cvut.cz/alpine/
0.11 http://alpine.mirror.far.fi/
0.31 http://alpine.mirror.wearetriple.com/
wget: server returned error: HTTP/1.1 404 Not Found
0.48 http://linorg.usp.br/AlpineLinux/
0.91 http://ftp.yzu.edu.tw/Linux/alpine/
0.63 http://mirror.aarnet.edu.au/pub/alpine
0.13 http://speglar.siminn.is/alpine/
0.11 http://mirrors.dotsrc.org/alpine/
0.08 http://ftp.halifax.rwth-aachen.de/alpine/
0.59 http://mirrors.tuna.tsinghua.edu.cn/alpine/
0.42 http://mirrors.ustc.edu.cn/alpine/
wget: download timed out
0.65 http://mirrors.nju.edu.cn/alpine/
0.64 http://mirror.lzu.edu.cn/alpine/
0.13 http://ftp.acc.umu.se/mirror/alpinelinux.org/
0.41 http://mirror.xtom.com.hk/alpine/
0.32 http://mirror.csclub.uwaterloo.ca/alpine/
0.2 http://alpinelinux.mirror.iweb.com/
0.06 http://mirror.neostrada.nl/alpine/
0.05 http://pkg.adfinis-sygroup.ch/alpine/
0.24 http://mirror.ps.kz/alpine/
0.46 http://mirror.rise.ph/alpine-linux/
0.11 http://mirror.operationtulip.com/alpine/
0.03 http://mirrors.ircam.fr/pub/alpine/
0.04 http://alpine.42.fr/
0.19 http://mirror.math.princeton.edu/pub/alpinelinux/
wget: download timed out
0.06 http://alpine.mirror.didstopia.com/
0.13 http://ftp.icm.edu.pl/pub/Linux/distributions/alpine/
0.46 http://mirror.ungleich.ch/mirror/packages/alpine/
0.19 http://alpine.mirror.vexxhost.ca/
0.31 http://sjc.edge.kernel.org/alpine/
0.18 http://ewr.edge.kernel.org/alpine/
0.06 http://ams.edge.kernel.org/alpine/
0.4 http://download.nus.edu.sg/mirror/alpine/
0.27 http://alpine.yourlabs.org
0.22 http://mirror.pit.teraswitch.com/alpine
0.21 http://mirror.reenigne.net/alpine/
Added mirror mirrors.ircam.fr
Updating repository indexes... done.
Choix du serveur SSH

Je laisse par défaut avec OpenSSH

Which SSH server? ('openssh', 'dropbear' or 'none') [openssh]
Choix du disque d’installation
Available disks are:
  sda   (21.5 GB VMware,  VMware Virtual S)
Which disk(s) would you like to use? (or '?' for help or 'none') [none] sda
The following disk is selected:
  sda   (21.5 GB VMware,  VMware Virtual S)
Type d’installation pour Alpine Linux

La on ce trouve avec un choix important en fonction de l'usage que l'on veut en faire.

How would you like to use it? ('sys', 'data', 'lvm' or '?' for help) [?] ?

You can select between 'sys', 'data', 'lvm', 'lvmsys' or 'lvmdata'.

sys:
  This mode is a traditional disk install. The following partitions will be
  created on the disk: /boot, / (filesystem root) and swap.

  This mode may be used for development boxes, desktops, virtual servers, etc.

data:
  This mode uses your disk(s) for data storage, not for the operating system.
  The system itself will run from tmpfs (RAM).

  Use this mode if you only want to use the disk(s) for a mailspool, databases,
  logs, etc.

lvm:
  Enable logical volume manager and ask again for 'sys' or 'data'.

lvmsys:
  Same as 'sys' but use logical volume manager for partitioning.

lvmdata:
  Same as 'data' but use logical volume manager for partitioning.

The following disk is selected:
  sda   (21.5 GB VMware,  VMware Virtual S)
How would you like to use it? ('sys', 'data', 'lvm' or '?' for help) [?] sys
WARNING: The following disk(s) will be erased:
  sda   (21.5 GB VMware,  VMware Virtual S)
WARNING: Erase the above disk(s) and continue? [y/N]: y
Creating file systems...
Installing system on /dev/sda3:
/mnt/boot is device /dev/sda1
100% #########################==> initramfs: creating /boot/initramfs-lts
/boot is device /dev/sda1
Fin de l’installation

L’installation est terminer, on reboot pour démarrer sur l'OS fraîchement installé.
Comme vous avez pu le constater, l'Alpine Linux est très léger au vu du temps d’installation.

Installation is complete. Please reboot.

 

 

Post configuration

Modification du fichier repository

Le gestionnaire de paquet est apk et sa configuration s'effectue dans le fichier : etc/apk/repositories

#/media/cdrom/apks
http://mirrors.ircam.fr/pub/alpine/v3.12/main
#http://mirrors.ircam.fr/pub/alpine/v3.12/community
#http://mirrors.ircam.fr/pub/alpine/edge/main
#http://mirrors.ircam.fr/pub/alpine/edge/community
#http://mirrors.ircam.fr/pub/alpine/edge/testing

Décommettez la ligne : http://mirrors.ircam.fr/pub/alpine/v3.12/community

La version edge est la version en cours de développement.

Mise a jour de la liste des paquets

alpine:~# apk update
fetch http://mirrors.ircam.fr/pub/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ircam.fr/pub/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
v3.12.0-45-g0e4d4e3558 [http://mirrors.ircam.fr/pub/alpine/v3.12/main]
v3.12.0-47-gda1c1b9ae4 [http://mirrors.ircam.fr/pub/alpine/v3.12/community]
OK: 12727 distinct packages available

Les paquets utiles

Certaines commande ne sont pas installées comme par exemple useradd ou usermod ou setfacl.

Commandes Paquet à installer Repository
usermod & useradd apk add shadow community
setfacl apk add acl main
     

VMware tools

Comme sur les autres distribution linux cela ce fait via le paquet : open-vm-tools. Mais il y a une subtilité chez Alpine, il faut démarrer le service manuellement et l'inscrire pour le démarrage.

Installation

alpine:~#  apk add --update open-vm-tools
fetch http://mirrors.ircam.fr/pub/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ircam.fr/pub/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/10) Installing libgcc (9.3.0-r2)
(2/10) Installing libffi (3.3-r2)
(3/10) Installing libintl (0.20.2-r0)
(4/10) Installing libmount (2.35.2-r0)
(5/10) Installing pcre (8.44-r0)
(6/10) Installing glib (2.64.3-r0)
(7/10) Installing libtirpc-conf (1.2.6-r0)
(8/10) Installing libtirpc-nokrb (1.2.6-r0)
(9/10) Installing open-vm-tools (11.1.0-r3)
Executing open-vm-tools-11.1.0-r3.pre-install
(10/10) Installing open-vm-tools-openrc (11.1.0-r3)
Executing busybox-1.31.1-r16.trigger
OK: 830 MiB in 154 packages

Lancement du service

alpine:~# rc-service open-vm-tools start
 * Starting open-vm-tools ...                                                                         [ ok ]

Démarrage automatique au boot

alpine:~# rc-update add open-vm-tools
 * service open-vm-tools added to runlevel default

 

 

MariaDB

Installation

apk add mariadb mariadb-common mariadb-client

Initialisation

Il faut lancer la commande pour initialiser le service et créer la base SQL de départ.

alpine:~# rc-service mariadb setup
 * Creating a new MySQL database ...
Installing MariaDB/MySQL system tables in '/var/lib/mysql' ...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system


Two all-privilege accounts were created.
One is root@localhost, it has no password, but you need to
be system 'root' user to connect. Use, for example, sudo mysql
The second is mysql@localhost, it has no password either, but
you need to be the system 'mysql' user to connect.
After connecting you can set the password, if you would need to be
able to connect as any of these users with a password and without sudo

See the MariaDB Knowledgebase at http://mariadb.com/kb or the
MySQL manual for more instructions.

You can start the MariaDB daemon with:
cd '/usr' ; /usr/bin/mysqld_safe --datadir='/var/lib/mysql'

You can test the MariaDB daemon with mysql-test-run.pl
cd '/usr/mysql-test' ; perl mysql-test-run.pl

Please report any problems at http://mariadb.org/jira

The latest information about MariaDB is available at http://mariadb.org/.
You can find additional information about the MySQL part at:
http://dev.mysql.com
Consider joining MariaDB's strong and vibrant community:
https://mariadb.org/get-involved/
                                                                                        [ ok ]

Inscription du service au boot

alpine:~# rc-update add mariadb default
 * service mariadb added to runlevel default

Lancement du service

alpine:~# rc-service mariadb start
 * Starting mariadb ...
200606 17:17:43 mysqld_safe Logging to syslog.
200606 17:17:43 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql                                             [ ok ]

Configuration

Il y a une petite subtilité, c'est mariadb-secure-installation même si mysql_secure_instalation est toujours présent.

alpine:~# mariadb-secure-installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] y
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!