Issue with Passbolt in Rancher

Thomas4 · June 14, 2023, 9:41am

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hello,
I have been trying to deploy Passbolt on a Rancher environment for a few days now, but it is not deploying correctly.

Rancher Version: v2.7.1
Kubernetes Version: v1.24.9 for my cluster
Passbolt Version: v0.3.2

Therefore, I am using the deployment method with Helm : https://help.passbolt.com/hosting/install/ce/helm.html

I have obtained the repository :

Now comes the moment of deploying Passbolt. Here is my YAML file for the deployment with modified values of CHANGEME:

affinity: {}
app:
  cache:
    redis:
      enabled: true
      sentinelProxy:
        enabled: true
        image:
          repository: haproxy
          tag: latest
  image:
    pullPolicy: IfNotPresent
    repository: passbolt/passbolt
    tag: 4.0.0-2-ce
  initImage:
    pullPolicy: IfNotPresent
    repository: mariadb
    tag: latest
  resources: {}
autoscaling:
  enabled: false
  maxReplicas: 100
  minReplicas: 1
  targetCPUUtilizationPercentage: 80
cronJobEmail:
  enabled: true
  schedule: '* * * * *'
fullnameOverride: ''
gpgPath: /etc/passbolt/gpg
gpgServerKeyPrivate: ''
gpgServerKeyPublic: ''
imagePullSecrets: []
ingress:
  annotations: {}
  enabled: false
  hosts:
    - host: passbolt.local
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - hosts:
        - passbolt.local
      secretName: tls
jwtPath: /etc/passbolt/jwt
jwtServerPrivate: null
jwtServerPublic: null
livenessProbe:
  httpGet:
    httpHeaders:
      - name: Host
        value: passbolt.local
    path: /healthcheck/status.json
    port: https
    scheme: HTTPS
  initialDelaySeconds: 20
  periodSeconds: 10
mariadb:
  architecture: replication
  auth:
    database: passbolt
    password: test1
    replicationPassword: test1
    rootPassword: root
    username: admin
  primary:
    persistence:
      accessModes:
        - ReadWriteOnce
      annotations: {}
      enabled: true
      existingClaim: ''
      labels: {}
      selector: {}
      size: 8Gi
      storageClass: ''
      subPath: ''
  secondary:
    persistence:
      accessModes:
        - ReadWriteOnce
      annotations: {}
      enabled: true
      labels: {}
      selector: {}
      size: 8Gi
      storageClass: ''
      subPath: ''
mariadbDependencyEnabled: true
nameOverride: ''
networkPolicy:
  enabled: false
  label: app.kubernetes.io/name
  namespaceLabel: ingress-nginx
  podLabel: ingress-nginx
nodeSelector: {}
passboltEnv:
  plain:
    APP_FULL_BASE_URL: https://passbolt.local
    CACHE_CAKE_DEFAULT_SERVER: 127.0.0.1
    DEBUG: false
    EMAIL_DEFAULT_FROM: no-reply@passbolt.local
    EMAIL_TRANSPORT_DEFAULT_HOST: 127.0.0.1
    EMAIL_TRANSPORT_DEFAULT_PORT: 587
    EMAIL_TRANSPORT_DEFAULT_TLS: true
    KUBECTL_DOWNLOAD_CMD: >-
      curl -LO "https://dl.k8s.io/release/$(curl -L -s
      https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
    PASSBOLT_JWT_SERVER_KEY: /var/www/passbolt/config/jwt/jwt.key
    PASSBOLT_JWT_SERVER_PEM: /var/www/passbolt/config/jwt/jwt.pem
    PASSBOLT_KEY_EMAIL: passbolt@yourdomain.com
    PASSBOLT_LEGAL_PRIVACYPOLICYURL: https://www.passbolt.com/privacy
    PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED: true
    PASSBOLT_PLUGINS_LICENSE_LICENSE: /etc/passbolt/subscription_key.txt
    PASSBOLT_REGISTRATION_PUBLIC: true
    PASSBOLT_SELENIUM_ACTIVE: false
    PASSBOLT_SSL_FORCE: true
  secret:
    CACHE_CAKE_DEFAULT_PASSWORD: test123
    DATASOURCES_DEFAULT_DATABASE: passbolt
    DATASOURCES_DEFAULT_PASSWORD: test1
    DATASOURCES_DEFAULT_USERNAME: admin
    EMAIL_TRANSPORT_DEFAULT_PASSWORD: test1
    EMAIL_TRANSPORT_DEFAULT_USERNAME: admin
podAnnotations: {}
podSecurityContext: {}
rbacEnabled: true
readinessProbe:
  httpGet:
    httpHeaders:
      - name: Host
        value: passbolt.local
    path: /healthcheck/status.json
    port: https
    scheme: HTTPS
  initialDelaySeconds: 5
  periodSeconds: 10
redis:
  auth:
    enabled: true
    password: test2
  sentinel:
    enabled: true
redisDependencyEnabled: true
replicaCount: 2
service:
  annotations: {}
  name: https
  port: 443
  targetPort: 443
  type: ClusterIP
serviceAccount:
  annotations: {}
  create: true
tolerations: []
global:
  cattle:
    systemProjectId: p-8cxg9

After a few seconds, I receive this error message repeatedly:
Creating 25 resource(s)
Beginning wait for 25 resources with a timeout of 10m0s
Deployment is not ready: default/testpassbolt-depl-srv. 0 out of 2 expected pods are ready

At the end of the 10 minutes, I check the different created pods and I can see that some are not deploying correctly:

Here are the various tutorials used to resolve this issue, but without success:
https://community.passbolt.com/t/helm-installation-issue/7721

clayton · June 15, 2023, 6:07am

Hey @Thomas4 welcome to the forum. This issue looks pretty similar to another we recently had here. Could you check that out and see if it works for you as well?

Thomas4 · June 15, 2023, 7:30am

Hey @clayton

Yes, I have already tried this solution, but it still doesn’t work.

affinity: {}
app:
  cache:
    redis:
      enabled: true
      sentinelProxy:
        enabled: true
        image:
          repository: haproxy
          tag: latest
  image:
    pullPolicy: IfNotPresent
    repository: passbolt/passbolt
    tag: 4.0.0-2-ce
  initImage:
    pullPolicy: IfNotPresent
    repository: bitnami/mariadb
    tag: latest
  resources: {}
autoscaling:
  enabled: false
  maxReplicas: 100
  minReplicas: 1
  targetCPUUtilizationPercentage: 80

Some pods fail to deploy.

diego · June 15, 2023, 8:22am

this is fixed in develop of the charts-passbolt repo, we will make the version available most likely today PB-25026: fixes #26 · passbolt/charts-passbolt@e83cfbe · GitHub

diego · June 15, 2023, 9:33am

We have just published the new helm chart version, let us know if you find any issues

Thomas4 · June 15, 2023, 11:49am

Still unable to deploy some pods

diego · June 15, 2023, 11:52am

We would need the logs on the init pod. Are you sure you updated the chart to the latest version? And do you have the latest values.yaml from the chart repo updated too?

Thomas4 · June 15, 2023, 1:00pm

Yes I have the latest chart version
Screenshot_3

Logs : passbolttest-mariadb-primary-0

root@rancher-noeud2:~# docker logs 466a947156dc
mariadb 11:37:08.36
mariadb 11:37:08.40 Welcome to the Bitnami mariadb container
mariadb 11:37:08.42 Subscribe to project updates by watching https://github.com/bitnami/containers
mariadb 11:37:08.44 Submit issues and feature requests at https://github.com/bitnami/containers/issues
mariadb 11:37:08.45
mariadb 11:37:08.46 INFO  ==> ** Starting MariaDB setup **
mariadb 11:37:08.72 INFO  ==> Validating settings in MYSQL_*/MARIADB_* env vars
mariadb 11:37:08.92 INFO  ==> Initializing mariadb database
mariadb 11:37:08.98 WARN  ==> The mariadb configuration file '/opt/bitnami/mariadb/conf/my.cnf' is not writable. Configurations based on environment variables will not be applied for this file.
mariadb 11:37:08.99 INFO  ==> Installing database
2023-06-15 11:37:12 1 [Warning] Failed to load slave replication state from table mysql.gtid_slave_pos: 1017: Can't find file: './mysql/' (errno: 2 "No such file or directory")
mariadb 11:37:23.11 INFO  ==> Starting mariadb in background
2023-06-15 11:37:23 0 [Note] Starting MariaDB 10.6.12-MariaDB-log source revision 4c79e15cc3716f69c044d4287ad2160da8101cdc as process 100
2023-06-15 11:37:23 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2023-06-15 11:37:23 0 [Note] InnoDB: Using transactional memory
2023-06-15 11:37:23 0 [Note] InnoDB: Number of pools: 1
2023-06-15 11:37:23 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2023-06-15 11:37:23 0 [Note] mysqld: O_TMPFILE is not supported on /opt/bitnami/mariadb/tmp (disabling future attempts)
2023-06-15 11:37:23 0 [Note] InnoDB: Using Linux native AIO
2023-06-15 11:37:23 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
2023-06-15 11:37:23 0 [Note] InnoDB: Completed initialization of buffer pool
2023-06-15 11:37:24 0 [Note] InnoDB: 128 rollback segments are active.
2023-06-15 11:37:24 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2023-06-15 11:37:24 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2023-06-15 11:37:24 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2023-06-15 11:37:24 0 [Note] InnoDB: 10.6.12 started; log sequence number 42132; transaction id 14
2023-06-15 11:37:24 0 [Note] Plugin 'FEEDBACK' is disabled.
2023-06-15 11:37:24 0 [Note] InnoDB: Loading buffer pool(s) from /bitnami/mariadb/data/ib_buffer_pool
2023-06-15 11:37:24 0 [Note] InnoDB: Buffer pool(s) load completed at 230615 11:37:24
2023-06-15 11:37:24 0 [Note] Server socket created on IP: '127.0.0.1'.
2023-06-15 11:37:25 0 [Warning] 'user' entry 'root@passbolttest-mariadb-primary-0' ignored in --skip-name-resolve mode.
2023-06-15 11:37:25 0 [Warning] 'user' entry '@passbolttest-mariadb-primary-0' ignored in --skip-name-resolve mode.
2023-06-15 11:37:25 0 [Warning] 'proxies_priv' entry '@% root@passbolttest-mariadb-primary-0' ignored in --skip-name-resolve mode.
2023-06-15 11:37:25 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: ready for connections.
Version: '10.6.12-MariaDB-log'  socket: '/opt/bitnami/mariadb/tmp/mysql.sock'  port: 3306  Source distribution
mariadb 11:37:25.57 INFO  ==> Configuring authentication
2023-06-15 11:37:25 7 [Warning] 'proxies_priv' entry '@% root@passbolttest-mariadb-primary-0' ignored in --skip-name-resolve mode.
mariadb 11:37:26.51 INFO  ==> Configuring replication in master node
2023-06-15 11:37:26 14 [Warning] 'proxies_priv' entry '@% root@passbolttest-mariadb-primary-0' ignored in --skip-name-resolve mode.
mariadb 11:37:26.83 INFO  ==> Running mysql_upgrade
find: '/docker-entrypoint-startdb.d/': No such file or directory
mariadb 11:37:27.89 INFO  ==> Stopping mariadb
2023-06-15 11:37:27 0 [Note] /opt/bitnami/mariadb/sbin/mysqld (initiated by: unknown): Normal shutdown
2023-06-15 11:37:27 0 [Note] InnoDB: FTS optimize thread exiting.
2023-06-15 11:37:28 0 [Note] InnoDB: Starting shutdown...
2023-06-15 11:37:28 0 [Note] InnoDB: Dumping buffer pool(s) to /bitnami/mariadb/data/ib_buffer_pool
2023-06-15 11:37:28 0 [Note] InnoDB: Buffer pool(s) dump completed at 230615 11:37:28
2023-06-15 11:37:28 0 [Note] InnoDB: Removed temporary tablespace data file: "./ibtmp1"
2023-06-15 11:37:28 0 [Note] InnoDB: Shutdown completed; log sequence number 42144; transaction id 15
2023-06-15 11:37:28 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: Shutdown complete

mariadb 11:37:29.20 INFO  ==> ** MariaDB setup finished! **

mariadb 11:37:31.00 INFO  ==> ** Starting MariaDB **
2023-06-15 11:37:31 0 [Note] Starting MariaDB 10.6.12-MariaDB-log source revision 4c79e15cc3716f69c044d4287ad2160da8101cdc as process 1
2023-06-15 11:37:31 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2023-06-15 11:37:31 0 [Note] InnoDB: Using transactional memory
2023-06-15 11:37:31 0 [Note] InnoDB: Number of pools: 1
2023-06-15 11:37:31 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
2023-06-15 11:37:31 0 [Note] mysqld: O_TMPFILE is not supported on /opt/bitnami/mariadb/tmp (disabling future attempts)
2023-06-15 11:37:31 0 [Note] InnoDB: Using Linux native AIO
2023-06-15 11:37:31 0 [Note] InnoDB: Initializing buffer pool, total size = 134217728, chunk size = 134217728
2023-06-15 11:37:31 0 [Note] InnoDB: Completed initialization of buffer pool
2023-06-15 11:37:32 0 [Note] InnoDB: 128 rollback segments are active.
2023-06-15 11:37:32 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2023-06-15 11:37:32 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2023-06-15 11:37:32 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2023-06-15 11:37:32 0 [Note] InnoDB: 10.6.12 started; log sequence number 42144; transaction id 14
2023-06-15 11:37:32 0 [Note] Plugin 'FEEDBACK' is disabled.
2023-06-15 11:37:32 0 [Note] InnoDB: Loading buffer pool(s) from /bitnami/mariadb/data/ib_buffer_pool
2023-06-15 11:37:32 0 [Note] InnoDB: Buffer pool(s) load completed at 230615 11:37:32
2023-06-15 11:37:32 0 [Note] Server socket created on IP: '0.0.0.0'.
2023-06-15 11:37:32 0 [Note] Server socket created on IP: '::'.
2023-06-15 11:37:32 0 [Warning] 'proxies_priv' entry '@% root@passbolttest-mariadb-primary-0' ignored in --skip-name-resolve mode.
2023-06-15 11:37:32 0 [Note] /opt/bitnami/mariadb/sbin/mysqld: ready for connections.
Version: '10.6.12-MariaDB-log'  socket: '/opt/bitnami/mariadb/tmp/mysql.sock'  port: 3306  Source distribution
2023-06-15 11:37:41 5 [Warning] Access denied for user 'thomas'@'10.42.1.146' (using password: YES)
2023-06-15 11:37:42 6 [Warning] Access denied for user 'thomas'@'10.42.1.149' (using password: YES)
2023-06-15 11:37:42 7 [Warning] Access denied for user 'thomas'@'10.42.1.149' (using password: YES)
2023-06-15 11:37:42 8 [Warning] Access denied for user 'thomas'@'10.42.0.151' (using password: YES)
2023-06-15 11:37:44 9 [Warning] Access denied for user 'thomas'@'10.42.1.146' (using password: YES)
2023-06-15 11:37:44 10 [Warning] Access denied for user 'thomas'@'10.42.0.151' (using password: YES)
2023-06-15 11:37:46 11 [Warning] Access denied for user 'thomas'@'10.42.1.146' (using password: YES)
2023-06-15 11:37:46 12 [Warning] Access denied for user 'thomas'@'10.42.0.151' (using password: YES)

logs : passbolttest-depl-srv-7cc86c944d-t67xs

root@rancher-noeud2:~# docker logs f8040eee6d0c
Waiting for database connection...
Waiting for database connection...
Waiting for database connection...

diego · June 15, 2023, 1:12pm

Those access denied in the mysql container are related with the initdb container using the incorrect password/username? Could you check that?

Thomas4 · June 15, 2023, 2:37pm

I tried to redeploy Passbolt with the same database credentials (username and password) for the MySQL database, but it doesn’t seem to be working.

Dani · June 15, 2023, 3:31pm

Hey! Maybe it is related to the fact that mariadb chart doesn’t kill the volumes that creates on a uninstall event. So next time you install it, it will reuse those volumes and their content (also configuration like credentials). To avoid that, uninstall the passbolt helm release, list the Persistentvolumeclaims on the cluster and clean the ones that are related to your installation. For a default installation with a release name ‘passbolt’ I have these ones:

data-passbolt-mariadb-primary-0
data-passbolt-mariadb-secondary-0
redis-data-passbolt-redis-node-0
redis-data-passbolt-redis-node-1
redis-data-passbolt-redis-node-2

After that try to install it again.

Thomas4 · June 16, 2023, 10:25am

Dani · June 16, 2023, 3:45pm

Have you managed to solve it?

Thomas4 · June 21, 2023, 7:32am

Hi, sorry for the late response,

Everything seems to be working fine, the deployment is going smoothly.

Now, I need to access Passbolt. I think I’ll have to create a user or do something else.

Thanks to the Passbolt community for helping me.

wkolmstead · October 31, 2023, 4:59pm

Thomas4,

What did you do to resolve this issue? I am seeing the same as you with “access denied for user” no matter what I do. I have uninstalled and cleaned up my namespace, and even deleted and recreated the NS in rancher, but still get the same error.

I know that this thread is old so if I need to create a new thread just let me know.