Hello,
i tried to install passbolt on RHEL 8 with podman: i pull the container from docker Hub and i have mariadb installed on the server RHEL 8 it self.
can you help me find the correct parameter to put
podman run -d --name passbolt -v /www-data/:/data/:Z -e DATASOURCES_DEFAULT_HOST=127.0.0.1 -e DATASOURCES_DEFAULT_USERNAME=root -e DATASOURCES_DEFAULT_PASSWORD=MYPASSWORD -e DATASOURCES_DEFAULT_DATABASE=passbolt -p 8000:80 MYURL/passbolt_container-passbolt_container:latest-ce
the container log are here and tell that it can’t access to database.
-----
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
Installing passbolt
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Running baseline checks, please wait...
Notice Error: Undefined index: message
In [/usr/share/php/passbolt/src/Utility/Healthchecks/DatabaseHealthchecks.php, line 72]
2022-04-11 15:57:13 Notice: Notice (8): Undefined index: message in [/usr/share/php/passbolt/src/Utility/Healthchecks/DatabaseHealthchecks.php, line 72]
Exception: Connection to Mysql could not be established: SQLSTATE[HY000] [2002] Connection refused
In [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php, line 140]
Running migrations
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Running migration scripts.
-------------------------------------------------------------------------------
using migration paths
- /etc/passbolt/Migrations
using seed paths
- /etc/passbolt/Seeds
Exception: There was a problem connecting to the database: SQLSTATE[HY000] [2002] Connection refused
In [/usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php, line 95]
Hi @tux-vador Welcome to the forum! Do you need a DATASOURCES_DEFAULT_PORT parameter as well?
Hello
Thanks for your response.
I will add it. Is it 3306 or any other
Also my question : as passbolt is on the container and Mariadb on the host should I use localhost or the public ip of my server ?
@tux-vador default is 3306 unless you have changed it. Normally one would not use public ip address because the db should only be listening locally for security reasons.
I’m not familiar with podman to answer definitively regarding the setup, but typically a network including the host needs to be created first in order for that network to be used internally by the container so it can reach back out. Someone else may want to add to this.
I have the rootless Passbolt Pro container running as as a non-root user on podman. Passbolt works extremely well (and fast). This is on RHEL 8.5.
MariaDB is running as a container in the same pod. Which is a slightly different setup to yours. You get connection refused, so it could be a FirewallD rule blocking the connection.
Mine is done with Ansible, but you can see the variables I’m using and match that up with your setup.
#
#Ansible excerpt from my Rootless Podman configuration
#
- name: Allow rootless containers to run after userlogout and/or on boot
ansible.builtin.shell:
cmd: loginctl enable-linger "PassboltSystemAccount"
become: yes
- name: Allow rootless container to access mariadb folders
ansible.builtin.shell:
cmd: podman unshare chown -R 999:999 /ssd_data/mariadb/passbolt_server
remote_user: "PassboltSystemAccount"
- name: Allow rootless container to access passbolt folders
ansible.builtin.shell:
cmd: podman unshare chown -R 33:33 /ssd_data/passbolt
remote_user: "PassboltSystemAccount"
- name: Allow rootless container to access passbolt Swag folders
ansible.builtin.shell:
cmd: podman unshare chown -R 1015:1015 /ssd_data/swag/passbolt
remote_user: "PassboltSystemAccount"
- name: Create podman pod for passbolt
containers.podman.podman_pod:
name: pod_passbolt
state: created
ports:
- 4433:443/tcp
remote_user: PassboltSystemAccount
- name: Running mariadb image passbolt-server
containers.podman.podman_container:
name: mariadb-passbolt-server
image: docker.io/library/mariadb:latest
state: created
volume:
- /ssd_data/mariadb/passbolt_server:/var/lib/mysql:Z
pod: pod_passbolt
label: io.containers.autoupdate=image
env:
MARIADB_USER: passbolt
MARIADB_PASSWORD: "TheUserPassword"
MARIADB_DATABASE: db_passbolt
MARIADB_ROOT_PASSWORD: "TheRootPassword"
remote_user: PassboltSystemAccount
- name: Running passbolt image passbolt-server
containers.podman.podman_container:
name: passbolt-server
image: docker.io/passbolt/passbolt:latest-pro-non-root
state: created
volume:
- /ssd_data/passbolt/gpg:/etc/passbolt/gpg:Z
- /ssd_data/passbolt/jwt:/etc/passbolt/jwt:Z
- /ssd_data/passbolt/license/subscription_key.txt:/etc/passbolt/subscription_key.txt:Z
pod: pod_passbolt
label: io.containers.autoupdate=image
env:
APP_FULL_BASE_URL: https://url.domain.com
DATASOURCES_DEFAULT_HOST: "127.0.0.1"
DATASOURCES_DEFAULT_USERNAME: "sa_passbolt"
DATASOURCES_DEFAULT_PASSWORD: "TheUserPassword"
DATASOURCES_DEFAULT_DATABASE: "db_passbolt"
PASSBOLT_KEY_LENGTH: "4096"
PASSBOLT_SUBKEY_LENGTH: "4096"
EMAIL_TRANSPORT_DEFAULT_HOST: fqdn.emailserver.com
EMAIL_TRANSPORT_DEFAULT_PORT: "587"
EMAIL_TRANSPORT_DEFAULT_USERNAME: Email_Username
EMAIL_TRANSPORT_DEFAULT_PASSWORD: Email_Password
EMAIL_TRANSPORT_DEFAULT_TLS: true
EMAIL_DEFAULT_FROM_NAME: Passbolt
EMAIL_DEFAULT_FROM: passbolt@url.domain.com
PASSBOLT_META_TITLE: "My Password Manager"
PASSBOLT_META_DESCRIPTION: "Password management based on Passbolt"
SECURITY_SALT: "Not_Used_But_Set_Anyway"
TZ: Europe/Oslo
remote_user: PassboltSystemAccount
- name: Running swag for passbolt.home.sourcenix.com
containers.podman.podman_container:
name: passbolt_swag
image: docker.io/linuxserver/swag:latest
state: created
volume:
- /ssd_data/swag/passbolt:/config:Z
pod: pod_passbolt
label: io.containers.autoupdate=image
env:
TZ: Europe/Oslo
PUID: 'PassboltSystemAccount'
PGID: 'PassboltSystemAccount'
URL: url.domain.com
VALIDATION: DNS
DNSPLUGIN: cloudflare
EMAIL: "email@address.com"
STAGING: false
MAXMINDDB_LICENSE_KEY: MyMaxmindKey
remote_user: PassboltSystemAccount
1 Like