Hypn.za.net
Hacking, Coding and Gaming | @[email protected]
June 25, 2017
Alpine Linux as a Docker host and portable dev VM

I'm a fan of Docker - especially for software development, allowing me to switch machines or operating systems and not have to spend hours re-configuring them to have the same services and configuration. There's a growing trend to use Alpine Linux for Docker containers, rather than something like Ubuntu, because it has a smaller footprint (making it faster to download and more convenient for smaller, such as solid state, drives).

While all the operating systems I switch between (Linux, Mac and Windows) can run Docker and thus let me easily run my code, I've found there's still a lot of config I want to keep bundled together but would prefer to keep out of "the cloud" - stuff like AWS environment variables, bash history and various utility scripts. I've settled on using a (previously Ubuntu) VM as the Docker host and file server, with Samba providing file sharing access so I can edit code in a native editor (Sublime). All I need is an operating system that can run Virtual Box and an SSH client and I'm "home", able to dev and commit code with everything where I left it. I also don't have to juggle SSH keys (either for connecting out or authorized keys for connecting in), guessing what IP my host is running on (the VM's mac address and ip config remains fixed across machines).

The downside to using Ubuntu for this is the filesize - my Ubuntu VM is currently 42gb which far exceeds what I expect (yes, yes, I know you can shrink virtual disks to reduce their disk usage). Considering most of the Docker images I use are built of Alpine, and - as mentioned above - it's small footprint, I decided to try and replace my Ubuntu VM with it... resulting in a 2.5GB VM that does everything my Ubuntu VM does (for my work purposes). Now it's small enough to keep on a flash drive, sync across multiple machines, and quickly copy across to my MacBook before heading out the door if I'm working from somewhere else. My dev stack is now fully portable (well apart from needing VirtualBox and an SSH client) - something I've come to appreciate since my desktop's main drive died recently.

Here's how I switched to Alpine Linux:

  1. Download Alpine Linux Virtual
  2. Create a new virtual machine and use the ISO to boot off (login as "root" with no password)
  3. Run "setup-alpine" (the default answers should be okay for most of the questions - apart obviously from password and timezone)
  4. Select the disk to install to (it was "sda" for me), and choose to use it for "sys" (system install), and reboot when prompted
  5. Edit "/boot/extlinux.conf" and add "** vsyscall=emulate**" to the end of the "APPEND root=..." line to prevent some issues running Docker containers (or commands in them - such as a "Killed." message in your console when running commands)
  6. Reboot for the above change to be applied
  7. Edit "/etc/apk/repositories" and uncomment the 1st commented out url (should end in "/community")
  8. Run "apk update" then "apk add docker" to install Docker
  9. Set Docker to run on startup, with "rc-update add docker boot" and start it now with "service docker start"
  10. You should now be able to download and run docker images, and your VM should be less than 1gb in size

Some other thoughts/considerations:

  1. Remove the "Alpine will be booted automatically..." startup message by editing “/boot/extlinux.conf” and changing the "TIMEOUT" value to 1 (or 0?)
  2. You may encounter some Grsecurity issues you want to bypass, most common being "sysctl -w kernel.grsecurity.chroot_deny_chmod=0" and "sysctl -w kernel.grsecurity.chroot_deny_mknod=0" but avoid running these until you have to
  3. There is no "shutdown" command, instead you need to use "poweroff" to shutdown the VM from the command line
  4. You'll be running as "root" which isn't really ideal... "apk add sudo", "adduser ", adding the user to "/etc/sudoers" (add: " ALL=(ALL) ALL") and to the "docker" group (with "sudo addgroup user docker") will fix this
  5. Modify "/etc/ssh/sshd_config" to allow/disallow "root" to login ("PermitRootLogin yes/no") and allow/disallow passwords when logging in ("PasswordAuthentication yes/no")
  6. Don't forget to "apk add wget curl git" and any other common tools you might need
  7. Update your "/etc/motd" file to include a l33t h4xx0r skull to remind you of you hardcore linux skills every time you log in
  8. To use ".deb" files (and likely make your life easier), install dpkg with "apk add dpkg", "touch /var/lib/dpkg/status" and then to stop dpkg complaining about the wrong architecture do "dpkg --add-architecture amd64"... then "dpkg -i" away to your heart's content
  9. The (near) equivalent of "build-essential" can be installed with "apk add alpine-sdk"