Backup docker-compose installed Passbolt when db root has random password

Depechie · March 19, 2023, 8:36pm

I followed the installation instructions provided for a docker install with docker compose. The used compose file is the one that is mentioned on the guide: Passbolt Help | Docker passbolt installation

But now I want to try to use mysqldump to do a db backup, but I’m failing because it always requests a password and I have no idea which one to provide.

I notice that the yaml file has following env setting: MYSQL_RANDOM_ROOT_PASSWORD=true
Does this mean, I can’t know the password now, because it was auto generated at creation?

How can I perform a backup?

garrett · March 20, 2023, 1:29am

Hi @Depechie Welcome to the forum! A recent related thread about resetting root passwords included a mention of the root user password outputted on install Update DB Password on Docker Installation - #7 by AnatomicJC

max · March 20, 2023, 10:28am

@Depechie,

Did you try to do a:

docker compose exec --user www-data passbolt /usr/share/php/passbolt/bin/cake passbolt mysql_export

And once the backup generated:

docker compose cp passbolt:<backup_path> <local_path>

Best,
Max

garrett · March 20, 2023, 1:18pm

@max Would you mind explaining from a security standpoint how the passbolt mysql_export command works in this scenario? How does it source a password, or why is one not needed? I don’t believe this info is found elsewhere in the forum. Thanks

Depechie · March 20, 2023, 9:44pm

Thx for the links! I will try the reset option later when I have some time.

AnatomicJC · March 21, 2023, 6:03am

As explained in the doc mysql root account is not needed to backup passbolt database.
The passbolt mysql_export command uses the dedicated mysql passbolt user.

Depechie · March 21, 2023, 8:16am

@AnatomicJC I followed the doc… the first statement:

docker exec -i database-container bash -c \
  'mysqldump -u${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE}' \
  > /path/to/backup.sql

Will prompt for a password! What would be the root one and I do no longer have the logs from the initialisation so I do not have the random generated one at hand.

AnatomicJC · March 21, 2023, 8:49am

Again, root password is not needed.

Inside your container:

MYSQL_USER is the user you can use (=! root)
MYSQL_PASSWORD is the password
MYSQL_DATABASE is the database

You can perform backups with these informations. You can also use Max command above.

Best,

Depechie · March 21, 2023, 10:29am

I really appreciate you trying to help here.
But your sample is what I have in my windows…. So as username I indeed do NOT use root but the one defined in my docker compose. But still the prompt will give access denied and prompt for a password.

AnatomicJC · March 21, 2023, 11:51am

Are you running the mysqldump command from passbolt container or database container ?

From passbolt container, the command provided by @max should work.
From database container, mine should work, if not, you can try to add the -h db parameter to mysqldump command, where db is the database container hostname (the default in docker-compose file).

garrett · March 21, 2023, 12:09pm

I can’t even find where in the help site this command is referenced. But what you are saying makes sense, thanks.