Using postgresql database in qubes(AppVM)

157 views
Skip to first unread message

redleo...@gmail.com

unread,
Mar 17, 2018, 1:24:34 AM3/17/18
to qubes-users
Hello!
As a web developer, I was using Arch linux as development os then I got to know qubes os, and really hooked it.

I almost finished setting up my qubes os as Web development os. But I finally found out 1 problem. that is database.

Postgresql database's data location is (normally) /var/lib/pgsql/10/data
As I learned, AppVM's folder will be reset every time I start. (except /home)

So I am thinking about the solution, first, I just create every database that need for my project in TemplateVM, so I can see it my Dev AppVM....

Is there anyone using qubes os as web development os?
Is there any best practice for this case?

Please help me!

awokd

unread,
Mar 17, 2018, 6:47:18 PM3/17/18
to redleo...@gmail.com, qubes-users
Not sure about best practice, but I see 3 approaches:
1. Do like you're doing and install them all in a template, but don't
forget anything written to them will be reverted on AppVM shutdown.
2. Change Postgresql to install them to /home. Then you can have a
different database in every AppVM.
3. Use a standalone template instead.


Yuraeitha

unread,
Mar 17, 2018, 7:04:23 PM3/17/18
to qubes-users

There is a 4th option to the 3 options above, which is changing the specific folder at /var/lib/pgsql/10/data and allow it to become persistent in in this location /rw. The /rw folder stays persistent, and it's also here you'll find everything else that is staying persistent in the AppVM's.

Changing what stays persistent and what doesn't is actually quite easy to do too, but be aware it adds yet another folder which can be exploited to attacks, so if you can use the option 1) awokd mention up above, then it'll be more secure.

Basically how it works, is that it'll start the full template, then it'll remove the symbolic links to the specific folders you want to be persistent (that means, the default template folders are cut-away), and then it'll change the symbolic link to the persistent folder. Generally, I believe, this is how AppVM's work in general, however, you can modify it to include or exclude specific folders, as you desire.

Use a terminal text editor, like nano, and edit this file '/rw/config/rc.local'
Instructions how to do this is included in the Qubes file, it's using Cups as an example how to do it, just do the same for your specific folder instead of Cups.

Remember the systemctl restart is only needed if you're changing a service or module driver, it might not be relevant for your needs. So you only need the "rm" template folder line, and the "ln -s" add new symbolic link line to a replacement folder.

Remember your "/var/lib/pgsql/10/data" content, now will be inside a folder you placed somewhere suitable in the /rw folder, for example /rw/var/lib/pgsql/10/data, which then will act as if it was at the real destination.

Yuraeitha

unread,
Mar 17, 2018, 7:18:31 PM3/17/18
to qubes-users
On Saturday, March 17, 2018 at 6:24:34 AM UTC+1, Taehwan Kim wrote:

or to make it even easier, by using the cups example inside the file, is to just put your data at /rw/config/data and then symbolic link it to /var/lib/pgsql/10/data

Then all your data is kept in /rw/config/data but the system believes its at /var/lib/pgsql/10/data

By using /rw/config as a place to store your folders, then it also becomes more easy to keep overview of everything, rather than clustering it all in folders in various different directions (keep it simple).

Unman

unread,
Mar 17, 2018, 8:31:43 PM3/17/18
to redleo...@gmail.com, qubes-users
Why not use bind-dirs, which is intended for exactly this sort of case.
It's documented here:
https://www.qubes-os.org/doc/bind-dirs/


Reply all
Reply to author
Forward
0 new messages