Is there a v1 to v2 docker upgrade howto at all please :)

I had a working v1 docker with app.php, core.php, database.php, email.php serverkey_private.asc and serverkey.asc all pointing to config files outside of the docker.

After the upgrade of the docker image today things have gone a little pear shaped (broken)

It seems a lot of docker variables have changed names, so I have updated my details with the new docker variables and added new ones incorporating as much data as I can from the php files above.

The docker starts but fails to find the serverkey_private.asc file and aborts.

The strange thing is I have checked and double checked the location the docker variable is pointing to and it is correct. The file is there and it does contain my server key.

Not sure what I am missing and if I should be running a migration script etc for the docker upgrade?

Edit: Ok changed the server and private keys from env variables to -v x:y commands I got it to find both of the files correctly and its now doing some migration scripts by the look of it …

Edit2: Ok migration seems to have finished and I now have a GPGAuth not supported error when going to the login page on firefox… some more searching I think.

Hi @mannp

Paths to serverkeys have changed a little bit due to the cake3 migration:

v1: /var/www/passbolt/app/Config/gpg/serverkey.asc
/var/www/passbolt/app/Config/gpg/serverkey_private.asc

v2: /var/www/passbolt/config/gpg/serverkey.asc
/var/www/passbolt/config/gpg/serverkey_private.asc

Passbolt v2 doesn’t use core.php, database.php and email.php anymore. Passbolt config is all bundled in the passbolt.php file or you can use env variables since Passbolt v2 has better support for them.
Plus if you were using the alpine based docker image the user which runs passbolt now is www-data

We have noticed there is a bug on passbolt-2.0.0 we are about to release 2.0.1 in a couple of hours and yeah we are also working on help.passbolt.com documentation is about to be released also!

Thanks for your patience.

Hi @diego thanks for the info.

I’d read most of it, but for me adding the asc files as env variables didn’t work, even though the file locations were correct.

They did work with -v a:b directives though.

Oh I see, yes some of the help is out of date as I was trying to find the command line healthcheck and it has moved too

I have some other issues to resolve now I have seen the healthcheck, so will resolve them now.

All the best to the team with v2 rollout.

We have also bundled a docker-compose.yml file to ease the setup of the container, check it out.

Sorry for the inconveniences!

I use unraid and it doesn’t support docker compose, so I have to configure manually. It usually works fine.

Hi @mannp

The docs have been updated please let us know if they allow you to upgrade or you find any other issue!

Hi @diego thanks for the follow up.

I still have some issues with pb picking up my previous gpg certs, as its complaining they cannot be used to sign anything, as well as the fingerprint being differant than the one in my passbolt.php.

The fact that they are copied from previously working php config files seems odd and I am not sure if they are picking up my passbolt.php correctly.

One thing I wasn’t clear on is; if I only use docker variables to setup passbolt, will the passbolt.php get created with the env variables of the docker or will I still need a valid passbolt.php as well?

Thanks

Hey there!

Regarding the gpg sign problems check the keys imported on the www-data user gpg keyring. I say this because if the paths are not correct the docker-entrypoint script will detect that no gpg keys are in place and it will create a gpg key and import it on the www-data keyring leading to passbolt using a wrong gpg key.

If you rely on env variables there is no need to create a passbolt.php. The container is designed to work without any passbolt.php and fully rely on env variables.

It works like this:
1 passbolt checks if passbolt.php exists and loads config
2 if passbolt.php does not exist or some section is missing on the file it will go to default.php where passbolt will look for the config section corresponding env variable if that variable doesnt exist it falls back to a default value defined also in default.php

Do not hesitate on asking for any other doubt or issue and thanks for your feedback!

I think this is what is happening, as when I listed the keys for that user there were two, mine and another one that pb must ghave created.

I tried deleting that one and got some sort of bash error regarding ‘env’ and deleting failed.

I deleted the docker and tried again but pb didn’t seem again to find passbolt.php.

At that point I had to get on and parked it at that moment.

Does the docker print out in the log that it found a passbolt.php in directory x and is using that config, or is it silent?

Also, does v2 support the additional email config in passbolt.php to dictate when emails are sent out to users and when they are not?

Docs look much clearer so will try again with those docs when I get a chance.

Thanks

Does the docker print out in the log that it found a passbolt.php in directory x and is using that config, or is it silent?

I’m afraid no logs on this :S

Also, does v2 support the additional email config in passbolt.php to dictate when emails are sent out to users and when they are not?

Yes, all the custom passbolt configuration options can be stored in passbolt.php

Docs look much clearer so will try again with those docs when I get a chance.

Thanks!!!

Edit: So I deleted everything and installed from scratch. Up and running in no time.

Are the account keys maxed at 2048, as I set main and sub keys to 4096 and the admin account defaulted to 2048…?

You mean the gpg serverkeys that the container creates automatically on startup? You can control the generation of those keys with the following env vars:

PASSBOLT_KEY_EMAIL
PASSBOLT_KEY_NAME
PASSBOLT_KEY_LENGTH
PASSBOLT_SUBKEY_LENGTH
PASSBOLT_KEY_EXPIRATION

By default the lenghts are 2048

Yes I have the keylengths at 4096 in my passbolt.php but again they don’t seem to have been used.

I will add them as env vars and re-look at what is happening with my passbolt.php file.

Thanks

Yeah that is correct since these env vars are proper to the container and not passbolt_api. Even if you add them to passbolt.php it won’t work as passbolt_api doesn’t support them.

Long story short gpg key generation customizations are only suppported as env variables.

Arrh ok, thanks, thats why then

Is there an alternate command for me to delete the admin user I created, so I can recreate with the new 4096 certs please?

su -m -c "/var/www/passbolt/bin/cake passbolt register_user -u <email> -f <name> -l <name> -r admin" -s /bin/sh www-data

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.