I startes docker-compose up and get error

I couldn’t get where is the problem from log:
maybe this one: if yes, how can solve that:
passbolt_1 | /usr/local/bin/docker-php-entrypoint: 9: exec: /usr/bin/wait-for.sh: Permission denied

error log:
Attaching to passbolt_docker_db_1, passbolt_docker_passbolt_1
db_1 | 2020-06-18 14:04:58+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.3.23+maria~focal started.
passbolt_1 | /usr/local/bin/docker-php-entrypoint: 9: exec: /usr/bin/wait-for.sh: Permission denied
db_1 | 2020-06-18 14:04:58+00:00 [Note] [Entrypoint]: Switching to dedicated user ‘mysql’
db_1 | 2020-06-18 14:04:58+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.3.23+maria~focal started.
db_1 | 2020-06-18 14:04:58 0 [Note] mysqld (mysqld 10.3.23-MariaDB-1:10.3.23+maria~focal) starting as process 1 …
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Using Linux native AIO
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Uses event mutexes
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Number of pools: 1
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Using SSE2 crc32 instructions
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Completed initialization of buffer pool
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: Creating shared tablespace for temporary tables
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: Setting file ‘./ibtmp1’ size to 12 MB. Physically writing the file full; Please wait …
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: File ‘./ibtmp1’ size is now 12 MB.
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: 10.3.23 started; log sequence number 1625565; transaction id 21
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
db_1 | 2020-06-18 14:04:59 0 [Note] Plugin ‘FEEDBACK’ is disabled.
db_1 | 2020-06-18 14:05:00 0 [Note] Server socket created on IP: ‘::’.
db_1 | 2020-06-18 14:05:00 0 [Warning] ‘proxies_priv’ entry ‘@% root@1f47ec546785’ ignored in --skip-name-resolve mode.
passbolt_docker_passbolt_1 exited with code 126
db_1 | 2020-06-18 14:05:00 0 [Note] InnoDB: Buffer pool(s) load completed at 200618 14:05:00
db_1 | 2020-06-18 14:05:00 0 [Note] Reading of all Master_info entries succeeded
db_1 | 2020-06-18 14:05:00 0 [Note] Added new Master_info ‘’ to hash table
db_1 | 2020-06-18 14:05:00 0 [Note] mysqld: ready for connections.
db_1 | Version: ‘10.3.23-MariaDB-1:10.3.23+maria~focal’ socket: ‘/var/run/mysqld/mysqld.sock’ port: 3306 mariadb.org binary distribution

Hi @Ahmad,

Have you build the docker image yourself or are you using the official docker image from passbolt?

I have the official image! I am using docker-compose.yml

Yeah the permission error on the script is not expected, I have tested it locally and I can’t reproduce with the official image, that is why I was wondering if maybe you have built it yourself.

Could you post the docker-compose you are using? Also are you running your stack on which operating system?

docker-compose-pro.yml

version: ‘3.4’
services:
db:
image: mariadb:10.3
env_file:
- env/mysql.env
volumes:
- database_volume:/var/lib/mysql
ports:
- “127.0.0.1:3306:3306”

passbolt:
image: passbolt/passbolt:latest-pro
#image: passboltlocal
tty: true
depends_on:
- db
env_file:
- env/passbolt.env
volumes:
- gpg_volume:/var/www/passbolt/config/gpg
- images_volume:/var/www/passbolt/webroot/img/public
- ./license:/var/www/passbolt/config/license
- ./scripts/wait-for.sh:/usr/bin/wait-for.sh
- /home/certs:/etc/ssl/certs/
tmpfs:
- /run
command: ["/usr/bin/wait-for.sh", “db:3306”, “–”, “/docker-entrypoint.sh”]
ports:
- 172.16.20.12:80:80
- 172.16.20.12:443:443

volumes:
database_volume:
gpg_volume:
images_volume:
certs:

on CentOS.el7

docker-compose-pro.yml

version: ‘3.4’
services:
db:
image: mariadb:10.3
env_file:

  • env/mysql.env
    volumes:
  • database_volume:/var/lib/mysql
    ports:
  • “127.0.0.1:3306:3306”

passbolt:
image: passbolt/passbolt:latest-pro
#image: passboltlocal
tty: true
depends_on:

  • db
    env_file:
  • env/passbolt.env
    volumes:
  • gpg_volume:/var/www/passbolt/config/gpg
  • images_volume:/var/www/passbolt/webroot/img/public
  • ./license:/var/www/passbolt/config/license
  • ./scripts/wait-for.sh:/usr/bin/wait-for.sh
  • /home/certs:/etc/ssl/certs/
    tmpfs:
  • /run
    command: ["/usr/bin/wait-for.sh", “db:3306”, “–”, “/docker-entrypoint.sh”]
    ports:
  • 172.16.20.12:80:80
  • 172.16.20.12:443:443

volumes:
database_volume:
gpg_volume:
images_volume:
certs:

on CentOS.el7

Looks like you are using a volume for the wait-for script. The wait-for script has been included on the image 16 months ago. Check https://github.com/passbolt/passbolt_docker/pull/123
Remove this line:

Great!It passes this one. now I have this

…++++
passbolt_1 | …++++
passbolt_1 | writing new private key to ‘/etc/ssl/certs/certificate.key’
passbolt_1 | req: Can’t open “/etc/ssl/certs/certificate.key” for writing, Permission denied
passbolt_docker_passbolt_1 exited with code 1

Nice,

Looks like the /home/certs directory on the host doesn’t have enough permissions for the container to write the certificate.key

I give full root permission and still the same
drwxrwxrwx. 2 root root 4096 18 jun 15.02 certs

Do you have any certificate.key file inside the certs directory that might have some restrictive permissions?

-rw-r–r--. 1 root root 3562 18 jun 18.30 certificate.crt
-rw-------. 1 root root 1704 18 jun 18.31 certificate.key

I see you have selinux enabled:

Could it be related with that?

I changed to:
drwsrwsrwt. 2 root root 4096 18 jun 18.40 certs
in certs:
-rwxrwxrwx. 1 root root 3562 18 jun 18.30 certificate.crt
-rwxrwxrwx. 1 root root 1704 18 jun 18.31 certificate.key
and still the same:
passbolt_1 | wait-for.sh: db:3306 is available after 1 seconds
passbolt_1 | gpg: key 99E745355330008C: “Passbolt default user ahmad.hashem@netset.com” not changed
passbolt_1 | gpg: Total number processed: 1
passbolt_1 | gpg: unchanged: 1
passbolt_1 | gpg: key 99E745355330008C: “Passbolt default user ahmad.hashem@netset.com” not changed
passbolt_1 | gpg: key 99E745355330008C: secret key imported
passbolt_1 | gpg: Total number processed: 1
passbolt_1 | gpg: unchanged: 1
passbolt_1 | gpg: secret keys read: 1
passbolt_1 | gpg: secret keys unchanged: 1
passbolt_1 | Generating a RSA private key
passbolt_1 | …++++
passbolt_1 | …++++
passbolt_1 | writing new private key to ‘/etc/ssl/certs/certificate.key’
passbolt_1 | req: Can’t open “/etc/ssl/certs/certificate.key” for writing, Permission denied
passbolt_docker_passbolt_1 exited with code 1

Yeah I meant disabling selinux.

You can try with setenforce 0 on the host

woow… You are genius! that was great! it works now
I can now open https://pass.work.com
But i cann’t log in. it doesn’t find me although I have restored the database that have 30 users!

I created a new acoount but all passwords are lost now and all other accounts

@Ahmad it’s unclear, do you still require any help? If yes can you provide more information. Maybe you are not pointing at the right database, etc.

Yes I still need help!

I have restored the database again. when I check that all users are in the database I found them.
then I start docker-compse start
i get this error:
tarting db …
Starting db … error
Starting passbolt … error

ERROR: for db Cannot start service db: driver failed programming external connectivity on endpoint passbolt_docker_db_1 (f834523f9e2c52764efe65c0a3e98b79376d75f5edb6758159eab754d28a6c44): Error starting userland proxy: listen tcp 127.0.0.1:3306: bind: address already in use

systemctl stop mariadb
then start again. it starts but now the database have only one user that I created now.

I need to have the database that i restored!

It seems to me that you have multiple containers with the DB running, e.g. the container you are using in your docker compose cannot bind because there is another one running.

Unfortunately this is not a passbolt issue, but it’s something specific to your configuration / setup, it’s hard to help you as is, but maybe @diego can pitch in.