Multiple questions about existing and future process to backup/redeploy/restore a passbolt server

admin

#1

Hi,

I do my backup with a cron job which backup files mentioned in https://www.passbolt.com/help/tech/backup
(with few more).

There is any plan to provide an official backup script ?
Can I made a PR for that ?

Other questions, there is a documentation for restoring backup ?
There is any plan to provide a debian/centos/etc… paquets or an ansible script to redeploy easily a passbolt server ?

I ask theses questions because of Passbolt will come a critical infrastructure for me and my company (when some features will be implemented).
So I need to have a strong process for backup/redeploy/restore passbolt server. (No passbolt server, no password for every other servers, SSL certificates, etc… )

Cordially


#2

Hi David,

  • There is any plan to provide an official backup script?
    At the moment not really, unless we manage to specify it and that enough users show interest. The reason why we didn’t do it so far is that from our experience, every organization have their own different backup processes in place with their preferred tooling. Like some orgs prefer to do virtual machine snapshots, some other prefer incrementala database dump, etc.

  • Can I made a PR for that?
    I think before making a PR it would make sense to wait until we’re done with the cakephp 3 migration. What would be nice in the meantime would be to work on a specification document. Like what should the option of such command be. Describe how we should test it, etc.

  • Other questions, there is a documentation for restoring backup?
    No but that could be a nice addition. We’re gonna launch a new help section next month, where everyone can contribute. See. As a user I can edit the online documentation

  • There is any plan to provide a debian/centos/etc… paquets or an ansible script to redeploy easily a passbolt server?
    Yes that’s something we’d like to do in middle/long term. We don’t have the resources to work on this at the moment unfortunately.

I ask theses questions because of Passbolt will come a critical infrastructure for me and my company (when some features will be implemented).

Yes it’s fair enough! It’s good you are not implementing passbolt without thinking this through first!

Have a good day,


#3

Like some orgs prefer to do virtual machine snapshots, some other prefer incrementala database dump, etc.

Of course I understand that :wink: (Personally is use VM snapshot by also complete DB backup in case of massive failure of my hypervirtuazation infrastructure).
In fact, from my personal experience, a lot of company didn’t make any backup (or never testing it, it’s the same thinks for me). So an easy backup process will help theses companies to use a tested backup process.

(For me a passbolt db cannot be big enough for incremental db dump)

I think before making a PR it would make sense to wait until we’re done with the cakephp 3 migration.

You want to implement this process inside a cakephp task ?

What would be nice in the meantime would be to work on a specification document. Like what should the option of such command be. Describe how we should test it, etc.

Where here can write that ?

We’re gonna launch a new help section next month, where everyone can contribute

I’m currently writting my backup creation/restoration process documentation. I will maybe put it in this new section :wink:

Yes that’s something we’d like to do in middle/long term. We don’t have the resources to work on this at the moment unfortunately.

That could be great for emergency redeploying process.
Our docker image it’s also a good way for that, mostly if you include a docker-compose (like the repo your link in your repo).
I have some question about that.

  • The docker image can be use in prod now ?
  • Why you didn’t include the docker-compose in your repo ?

#4

You want to implement this process inside a cakephp task ?

I’m not very opiniated about it, but I think it would make sense since we’re going to have installation and update tasks.

Where here can write that ?

Anywhere :). We generally use google docs for that, like we did for groups: https://docs.google.com/a/passbolt.com/document/d/1b7hwleV0VrU45ARErCutgNBQTD48mjoFVfD_OEE4le8/edit?usp=drive_web

I will maybe put it in this new section

If you want, in the meantime, we can add your post to the medium publication: https://medium.com/passbolt

The docker image can be use in prod now ?

We use it internally in production. Weather you should do too depends on your security requirements, like indicated in the FAQ.

Why you didn’t include the docker-compose in your repo ?

That’s also because that would “force” people to deploy passbolt in a certain way that may not be matching their requirements. For example people may not want to use redis for session, or they prefer to switch for AWS/GCE SQL solutions instead of Mysql, etc. We wanted to avoid bikeshed discussions around what should be the default environment by just providing the web head. Obviously that can change, but that was our rationale at that time.

Maybe @diego can weight in on this, he is the product owner for the docker / docker-compose things.


#5

Hey there!

The docker-compose was not initially included on our docker repository because it started more as a quick and dirty way to test passbolt internally for development purposes. This is the reason why it is under my personal github account instead. (Also to avoid spending too much time on giving support to it :innocent:)

Some other users have already requested the composer to be included on the docker repository but I’m more fan of maybe including passbolt-compose as a separate repo. I guess this could be a community driven decision as I don’t have strong arguments to go with a separate repo.


#6

I’m not very opiniated about it, but I think it would make sense since we’re going to have installation and update tasks.

I’m totally agree without you :wink:

Anywhere :). We generally use google docs for that, like we did for groups

Oh damn, your specification is sooooo complete . I would like so much to have the same in my job :smiley:

If you want, in the meantime, we can add your post to the medium publication

Sure, why not

but I’m more fan of maybe including passbolt-compose as a separate repo.

In my point of view, you can use a separate repo if you publish more than just a docker-compose.yml.
Like an AWS ECS service definition, ansible script, and all other deployment tools/script.

@diego : You are de maintainer of https://github.com/dlen/passbolt-compose/ ? If yes, you should check your pull request :innocent:


#7

Thanks for your contribution @dducatel!!