The situation :
I use the default docker compose to test installation, i just add nfs mount to volumes in order to store them on my nas and be able to restart passbolt on other host or after cleaning volumes and copy them for backup.
here is my docker-compose.yml :
version: "3.9"
services:
db:
image: mariadb:10.11
restart: unless-stopped
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "true"
MYSQL_DATABASE: "passbolt"
MYSQL_USER: "passbolt"
MYSQL_PASSWORD: "-----"
volumes:
- database_volume:/var/lib/mysql
ports:
- 3306:3306
passbolt:
image: passbolt/passbolt:4.1.1-1-ce
restart: unless-stopped
depends_on:
- db
environment:
APP_FULL_BASE_URL: http://*serverip*:802
DATASOURCES_DEFAULT_HOST: "db"
DATASOURCES_DEFAULT_USERNAME: "passbolt"
DATASOURCES_DEFAULT_PASSWORD: "-----"
DATASOURCES_DEFAULT_DATABASE: "passbolt"
volumes:
- gpg_volume:/etc/passbolt/gpg
- jwt_volume:/etc/passbolt/jwt
ports:
- 802:80
volumes:
database_volume:
driver_opts:
type: "nfs"
o: "addr=*ip*,rw,nfsvers=3"
device: ":*path*/db"
gpg_volume:
driver_opts:
type: "nfs"
o: "addr=*ip*,rw,nfsvers=3"
device: ":*path*/gpg"
jwt_volume:
driver_opts:
type: "nfs"
o: "addr=*ip*,rw,nfsvers=3"
device: ":*path*/jwt"
The Problem :
When i don’t set nfs mount like this :
volumes:
database_volume:
gpg_volume:
jwt_volume:
everything is fine.
But when i set nfs like i shown above in my compse file, the installation fail.
I get a nice passbolt-db-1 | 2023-11-23 17:31:55 3 [Warning] Aborted connection 3 to db: 'unconnected' user: 'unauthenticated' host: '172.27.0.3' (This connection closed normally without authentication)
For info :
The passbolt install is able to write files and own them in the target nfs folder.
i use the same nfs conf (same host and same path exept last folder) in other docker-compose.yml and they work great.
However, when i try to use mount on local files like this :
volumes:
- ./data/gpg:/etc/passbolt/gpg
- ./data/jwt:/etc/passbolt/jwt
But i got the same result.
I am using docker compose v2.21.0, a VM debian 11 (2vCPU, 4Go RAM)
Important : the only difference between a working install and failed install is the nfs conf at the end of the compose file
LOGS :
Here is the full logs output (minus some keygen and cut at the 11th " Aborted connection"
but it go over and over) :
Note : i’m well aware the the logs says “SET A PASSWORD FOR THE MariaDB root USER” but it doesn’t do that without nfs and “MYSQL_RANDOM_ROOT_PASSWORD: “true”” is set.
I try to set it up manually but it didn’t work neither.
passbolt-db-1 | 2023-11-23 16:05:33+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.6+maria~ubu2204 started.
passbolt-passbolt-1 | wait-for.sh: waiting for db:3306 without a timeout
passbolt-db-1 | 2023-11-23 16:05:35+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
passbolt-db-1 | 2023-11-23 16:05:35+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.6+maria~ubu2204 started.
passbolt-db-1 | 2023-11-23 16:05:36+00:00 [Note] [Entrypoint]: Initializing database files
passbolt-db-1 |
passbolt-db-1 |
passbolt-db-1 | PLEASE REMEMBER TO SET A PASSWORD FOR THE MariaDB root USER !
passbolt-db-1 | To do so, start the server, then issue the following command:
passbolt-db-1 |
passbolt-db-1 | '/usr/bin/mariadb-secure-installation'
passbolt-db-1 |
passbolt-db-1 | which will also give you the option of removing the test
passbolt-db-1 | databases and anonymous user created by default. This is
passbolt-db-1 | strongly recommended for production servers.
passbolt-db-1 |
passbolt-db-1 | See the MariaDB Knowledgebase at https://mariadb.com/kb
passbolt-db-1 |
passbolt-db-1 | Please report any problems at https://mariadb.org/jira
passbolt-db-1 |
passbolt-db-1 | The latest information about MariaDB is available at https://mariadb.org/.
passbolt-db-1 |
passbolt-db-1 | Consider joining MariaDB's strong and vibrant community:
passbolt-db-1 | https://mariadb.org/get-involved/
passbolt-db-1 |
passbolt-db-1 | 2023-11-23 16:07:51+00:00 [Note] [Entrypoint]: Database files initialized
passbolt-db-1 | 2023-11-23 16:07:51+00:00 [Note] [Entrypoint]: Starting temporary server
passbolt-db-1 | 2023-11-23 16:07:51+00:00 [Note] [Entrypoint]: Waiting for server startup
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] Starting MariaDB 10.11.6-MariaDB-1:10.11.6+maria~ubu2204 source revision fecd78b83785d5ae96f2c6ff340375be803cd299 as process 96
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Number of transaction pools: 1
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Using generic crc32 instructions
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Using liburing
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Completed initialization of buffer pool
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Buffered log writes (block size=512 bytes)
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: End of log at LSN=46846
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: 128 rollback segments are active.
passbolt-db-1 | 2023-11-23 16:07:51 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
passbolt-db-1 | 2023-11-23 16:08:22+00:00 [ERROR] [Entrypoint]: Unable to start server.
passbolt-db-1 exited with code 0
passbolt-db-1 | 2023-11-23 16:08:24+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
passbolt-db-1 | 2023-11-23 16:08:24+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.6+maria~ubu2204 started.
passbolt-db-1 | 2023-11-23 16:08:24+00:00 [Note] [Entrypoint]: MariaDB upgrade not required
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] Starting MariaDB 10.11.6-MariaDB-1:10.11.6+maria~ubu2204 source revision fecd78b83785d5ae96f2c6ff340375be803cd299 as process 1
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Number of transaction pools: 1
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Using generic crc32 instructions
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Using liburing
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Completed initialization of buffer pool
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Buffered log writes (block size=512 bytes)
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: End of log at LSN=46846
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: 128 rollback segments are active.
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
passbolt-db-1 | 2023-11-23 16:08:24 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] InnoDB: log sequence number 46846; transaction id 14
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] Plugin 'FEEDBACK' is disabled.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] InnoDB: Cannot open '/var/lib/mysql/ib_buffer_pool' for reading: No such file or directory
passbolt-db-1 | 2023-11-23 16:09:15 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] Server socket created on IP: '0.0.0.0'.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] Server socket created on IP: '::'.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Warning] 'user' entry 'root@969313079cd0' ignored in --skip-name-resolve mode.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Warning] 'proxies_priv' entry '@% root@969313079cd0' ignored in --skip-name-resolve mode.
passbolt-db-1 | 2023-11-23 16:09:15 0 [Note] mariadbd: ready for connections.
passbolt-db-1 | Version: '10.11.6-MariaDB-1:10.11.6+maria~ubu2204' socket: '/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
passbolt-db-1 | 2023-11-23 16:09:16 3 [Warning] Aborted connection 3 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-passbolt-1 | wait-for.sh: db:3306 is available after 222 seconds
passbolt-passbolt-1 | ==================================================================================
passbolt-passbolt-1 | Your entropy pool is low. This situation could lead GnuPG to not
passbolt-passbolt-1 | be able to create the gpg serverkey so the container start process will hang
passbolt-passbolt-1 | until enough entropy is obtained.
passbolt-passbolt-1 | Please consider installing rng-tools and/or virtio-rng on your host as the
passbolt-passbolt-1 | preferred method to generate random numbers using a TRNG.
passbolt-passbolt-1 | If rngd (rng-tools) does not provide enough or fast enough randomness you could
passbolt-passbolt-1 | consider installing haveged as a helper to speed up this process.
passbolt-passbolt-1 | Using haveged as a replacement for rngd is not recommended. You can read more
passbolt-passbolt-1 | about this topic here: https://lwn.net/Articles/525459/
passbolt-passbolt-1 | ==================================================================================
passbolt-passbolt-1 | gpg: keybox '/var/lib/passbolt/.gnupg/pubring.kbx' created
passbolt-passbolt-1 | gpg: /var/lib/passbolt/.gnupg/trustdb.gpg: trustdb created
passbolt-passbolt-1 | gpg: directory '/var/lib/passbolt/.gnupg/openpgp-revocs.d' created
passbolt-passbolt-1 | gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/54AA93345342D0017F9E3F0F139C18EFD4B63BDD.rev'
passbolt-passbolt-1 | gpg: key 139C18EFD4B63BDD: "Passbolt default user <passbolt@yourdomain.com>" not changed
passbolt-passbolt-1 | gpg: Total number processed: 1
passbolt-passbolt-1 | gpg: unchanged: 1
passbolt-passbolt-1 | gpg: key 139C18EFD4B63BDD: "Passbolt default user <passbolt@yourdomain.com>" not changed
passbolt-passbolt-1 | gpg: key 139C18EFD4B63BDD: secret key imported
passbolt-passbolt-1 | gpg: Total number processed: 1
passbolt-passbolt-1 | gpg: unchanged: 1
passbolt-passbolt-1 | gpg: secret keys read: 1
passbolt-passbolt-1 | gpg: secret keys unchanged: 1
passbolt-passbolt-1 | gpg: checking the trustdb
passbolt-passbolt-1 | gpg: marginals needed: 3 completes needed: 1 trust model: pgp
passbolt-passbolt-1 | gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
passbolt-passbolt-1 | Installing passbolt
passbolt-db-1 | 2023-11-23 16:09:24 4 [Warning] Aborted connection 4 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-passbolt-1 |
passbolt-passbolt-1 | ____ __ ____
passbolt-passbolt-1 | / __ \____ _____ ____/ /_ ____ / / /_
passbolt-passbolt-1 | / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
passbolt-passbolt-1 | / ____/ /_/ (__ |__ ) /_/ / /_/ / / /
passbolt-passbolt-1 | /_/ \__,_/____/____/_.___/\____/_/\__/
passbolt-passbolt-1 |
passbolt-passbolt-1 | Open source password manager for teams
passbolt-passbolt-1 | -------------------------------------------------------------------------------
passbolt-passbolt-1 | Running baseline checks, please wait...
passbolt-db-1 | 2023-11-23 16:09:32 5 [Warning] Aborted connection 5 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-db-1 | 2023-11-23 16:09:32 6 [Warning] Aborted connection 6 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-db-1 | 2023-11-23 16:09:32 7 [Warning] Aborted connection 7 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-passbolt-1 | There are some issues with the database configuration.
passbolt-passbolt-1 | Please run ./bin/cake passbolt healthcheck for more information and help.
passbolt-passbolt-1 | Running migrations
passbolt-db-1 | 2023-11-23 16:09:32 8 [Warning] Aborted connection 8 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-passbolt-1 |
passbolt-passbolt-1 | ____ __ ____
passbolt-passbolt-1 | / __ \____ _____ ____/ /_ ____ / / /_
passbolt-passbolt-1 | / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
passbolt-passbolt-1 | / ____/ /_/ (__ |__ ) /_/ / /_/ / / /
passbolt-passbolt-1 | /_/ \__,_/____/____/_.___/\____/_/\__/
passbolt-passbolt-1 |
passbolt-passbolt-1 | Open source password manager for teams
passbolt-passbolt-1 | -------------------------------------------------------------------------------
passbolt-passbolt-1 | -------------------------------------------------------------------------------
passbolt-passbolt-1 | Running migration scripts.
passbolt-passbolt-1 | -------------------------------------------------------------------------------
passbolt-passbolt-1 | using migration paths
passbolt-passbolt-1 | - /etc/passbolt/Migrations
passbolt-passbolt-1 | using seed paths
passbolt-db-1 | 2023-11-23 16:09:32 9 [Warning] Aborted connection 9 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-passbolt-1 | 2023-11-23 16:09:32 error: [InvalidArgumentException] There was a problem connecting to the database: SQLSTATE[HY000] [1130] Host '172.19.0.3' is not allowed to connect to this MariaDB server in /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php on line 98
passbolt-passbolt-1 | Caused by: [PDOException] SQLSTATE[HY000] [1130] Host '172.19.0.3' is not allowed to connect to this MariaDB server in /usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php on line 86
passbolt-db-1 | 2023-11-23 16:09:32 10 [Warning] Aborted connection 10 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
passbolt-passbolt-1 | 2023-11-23 16:09:32 error: Could not connect to Database.
passbolt-db-1 | 2023-11-23 16:09:32 11 [Warning] Aborted connection 11 to db: 'unconnected' user: 'unauthenticated' host: '172.19.0.3' (This connection closed normally without authentication)
Troubleshooting :
I try :
- to open a port for get an access to the db and set the environement variables to the db ip and port
- to run the compose file with “user : 0:0”
- to use nfs on each volume separatly, but it give the same result all the time
So here it is, i don’t know what to do, i try everything that came up to my mind, i don’t have the knowledge to find by my self. And also I don’t know wath to search anymore, looks like nobody try to mount volume, each tuorial that i found give a empty :
volumes:
database_volume:
gpg_volume:
jwt_volume:
Checklist
[ x] I have read intro post: About the Installation Issues category
[ x] I have read the tutorials, help and searched for similar issues
[ x] I provide relevant information about my server (component names and versions, etc.)
[ x] I provide a copy of my logs and healthcheck
[ x] I describe the steps I have taken to trouble shoot the problem
[ x] I describe the steps on how to reproduce the issue
Thank you for taking the time to reading that.