Enable Virtualization in the BIOSThis is how to do so for the Lab computers. Start by rebooting the machine. You have to catch it before it boots the operating system. Type F12 repeatedly as we did for the installation.
- Select: Enter Setup
- Go to the Advanced tab, select CPU Setup.
- Select Intel (R) Virtualization Technology [Disabled]. Enter
- Select Enabled. Enter.
- Type F10 to save and exit.
Software InstallationInstall the necessary packages:
$ sudo apt install qemu qemu-kvm virt-manager virt-viewer \ libvirt-bin uvtool uvtool-libvirtAs installer, you are added to the libvirtd group allowing you to use the virtualization tools as you without becoming root. You must log-out/log-in in order to pick up your membership in this group. After logging in again, confirm:
$ groups ... libvirt ...Our guest machine's network will be attached to the virtual bridge interface virbr0, which has been created in the libvirt-bin installation. Check it out by:
$ ifconfig virbr0
Get Cloud ImagesWe're going to use so-called cloud images obtained and manipulated by the uvtool package.
$ uvt-simplestreams-libvirt sync release=xenial arch=amd64
Create a VM and access itIn order to be able to get into the virtual machines created from the cloud image, you need to have created your RSA key:
~/.ssh/id_rsa.pubThen create the machine and start it running:
[MACHINE]$ uvt-kvm create vm release=xenial --memory 256Within a short time, you can access it by:
[MACHINE]$ uvt-kvm ssh vm --insecureYour login is ubuntu. The VM creation aleady establishes key access to the guest using this login which you can check by:
ubuntu@vm:~$ cat .ssh/authorized_keysIn fact, by default, the only way you can externally access this VM is by public key. You can check that out by:
ubuntu@vm:~$ egrep ^.?Password /etc/ssh/sshd_config PasswordAuthentication nowhereas if you go back to the host and do the same, you'll see
[MACHINE]$ egrep ^.?Password /etc/ssh/sshd_config #PasswordAuthentication noThe significance is the password authentication is intentionally turned off in the guest machines created in this way.
RAM and Disk spaceThe "--memory 256" flag means give the VM 256M of RAM, which is subtracted from RAM available to the host when the guest is running. According to the Ubuntu docs, 192M of RAM is sufficient to run the server OS. The default disk size is 8G, but the disk space allocation is only "as needed" up to 8G. The type of files created to represent virtual disks are called sparse files, consisting mostly of zeros. The unused space can be used for other operating system purposes. If you want a potentially larger VM disk, use the option:
$ uvt-kvm create ... --disk size (size in gigabytes)You can see the actual disk image files and their "virtual" sizes by running:
$ sudo ll -h /var/lib/uvtool/libvirt/images/To see the "actual" sizes, use the du -h command:
$ sudo du -h /var/lib/uvtool/libvirt/images/*For example, the Wordpress VM we're creating in the next section occupies about 900MB when installed.
$ virsh start vmGet a list of all VM's by:
$ virsh list --allGet a list of running VM's by:
$ virsh listShut it down by:
$ virsh shutdown vmHave the virtual machine start on boot:
$ virsh autostart vmvirsh acts like a command shell in its own right if you activate it without parameters
$ virsh virsh # help
Delete a VMFor proof of concept, this is how you delete a virtual machine created in this way:
$ uvt-kvm destroy vmDoing this is WAY to easy, be careful with this command!
- Creating a VM to make one dedicated appliance whose only function is to serve a wordpress installation.
- Making wordpress use the MySQL database on the host instead of the guest
Create wpFollow the procedure we've laid out:
[MACHINE]$ uvt-kvm create wp release=xenial --memory 256 [MACHINE]$ uvt-kvm ssh wp --insecure [wp]$ sudo apt updateFor the sake of expediency, we'll omit the upgrade.
Note that user is ubuntu and that you didn't have to give the password for sudo usage, how is that? The gimmick is a special control file in the /etc/sudoers.d directory. Observe:
[wp]$ sudo su [wp]# ls /etc/sudoers.d/ [wp]# cat /etc/sudoers.d/90-cloud-init-users ... ubuntu ALL=(ALL) NOPASSWD:ALLThe uncommented line means that the ubuntu user can use sudo to run all commands without giving a password.
Change networking on wpWe want to change the networking information, setting a static IP address.
[wp]$ sudo nano /etc/network/interfacesThe current file content is:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # Source interfaces # Please check /etc/network/interfaces.d before changing this file # as interfaces may have been defined in /etc/network/interfaces.d # See LP: #1262951 source /etc/network/interfaces.d/*.cfgThe main network interface is defined in the auxiliary file:
auto lo iface lo inet loopback auto ens3 iface ens3 inet dhcp
... #source /etc/network/interfaces.d/*.cfg auto ens3 iface ens3 inet static address 192.168.122.11 gateway 192.168.122.1 netmask 255.255.255.0 dns-nameservers 192.168.122.1
[wp]$ sudo rebootTest to ensure connectivity:
[MACHINE]$ ping 192.168.122.11If OK, assign a name to this IP address on your host machine. Edit /etc/hosts, adding this line:
/etc/hosts (on MACHINE)
... 192.168.122.11 wp ...
~/.ssh/config (on MACHINE)
... host wp user ubuntu
[MACHINE]$ ssh wp [wp]$
Open MySQL on host to external network accessFirst, we have to allow MySQL on the host to be accessed externally, in particular, from the virtual machine. To do so edit the MySQL configuration file
/etc/mysql/mysql.conf.d/mysqld.cnfLook for the line:
bind-address = 127.0.0.1Comment it out:
#bind-address = 127.0.0.1Then restart MySQL:
[MACHINE]$ sudo systemctl restart mysqlWithout this step, clients can only connect to the database from localhost.
Set up the wordpress database on hostNext, we want to create a dedicated database for wordpress. Again, we need user/password credentials. After installation, you do not need to remember these credentials.
Wordpress DB Password:
CREATE DATABASE wordpress; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER ON wordpress.* TO wordpress IDENTIFIED BY 'WP_DB_PASS'; FLUSH PRIVILEGES;select
[MACHINE]$ sudo -H mysql < wordpress.sqlTest access from the host machine:
[MACHINE]$ mysql -u wordpress -pWP_DB_PASS wordpressOn the guest machine, install the MySQL client package:
[wp]$ sudo apt install mysql-clientThe test access from the guest machine:
[wp]$ mysql -h 192.168.122.1 -u wordpress -pWP_DB_PASS wordpress
Install and configure Wordpress in the guest
[wp]$ sudo apt install wordpressOnce this is done, create an Apache configuration file defining the URL "/discussion" for the site implemented by wordpress:
/etc/apache2/conf-available/wordpress.conf (on wp)
Alias /discussion /usr/share/wordpress <Directory /usr/share/wordpress> Options FollowSymLinks AllowOverride Limit Options FileInfo DirectoryIndex index.php Require all granted </Directory> <Directory /var/lib/wordpress/wp-content> Options FollowSymLinks Require all granted </Directory>select
[wp]$ sudo a2enconf wordpressCreate the following wordpress configuration file. Note the presence of the wordpress user/database password, WP_DB_PASS in clear text (common to CMS systems).
/etc/wordpress/config-wp.php (on wp)
<?php define('DB_NAME', 'wordpress'); define('DB_USER', 'wordpress'); define('DB_PASSWORD', 'WP_DB_PASS'); define('DB_HOST', '192.168.122.1'); define('WP_CONTENT_DIR', '/usr/share/wordpress/wp-content');select
[wp]$ sudo systemctl restart apache2You can now "forget" the Wordpress DB Password with respect to this document.
Wordpress DB Password:
Configure the Wordpress siteAccess and configure wordpress from the host vial the URL:
Confirm password (if necessary):
Confirm usage of weak password
Confirm password (if necessary):
Confirm usage of weak password
Click: Finally, log in to confirm. We're not going to set up anything specific.
[MACHINE]$ sudo a2enmod proxy_httpWe assume you've created a "local.conf" Apache config file and made it accessible in /etc/apache2 via a symbolic link; otherwise, set it up. Append this to the host's /etc/apache2/local.conf file:
ProxyPreserveHost On ProxyPass /discussion http://wp/discussionselect
[MACHINE]$ sudo systemctl restart apache2On the guest machine, wp, create another wordpress file specific to the new URL we want to apply. We can use config-wp.php as the basis and append to it:
[wp]$ sudo su [wp]# cd /etc/wordpress [wp]# cp config-wp.php config-MACHINE.php [wp]# cat <<END >> config-MACHINE.php define('WP_HOME','http://MACHINE/discussion'); define('WP_SITEURL','http://MACHINE/discussion'); END
[wp]# cat config-MACHINE.phpNow you should be able to access wordpress using the URL:
Tunnel AccessIf you want to access this through the taz tunnel via:
http://localhost:2003/discussionyou have to create yet another wordpress configuration file:
[wp]$ sudo su [wp]# cd /etc/wordpress [wp]# cp config-wp.php config-localhost.php [wp]# cat <<END >> config-localhost.php define('WP_HOME','http://localhost:2003/discussion'); define('WP_SITEURL','http://localhost:2003/discussion'); END
[wp]# cat config-localhost.php