Need help to install passbolt with podman

Hello,

i tried to install passbolt on RHEL 8 with podman: i pull the container from docker Hub and i have mariadb installed on the server RHEL 8 it self.

can you help me find the correct parameter to put

podman run -d --name passbolt -v /www-data/:/data/:Z -e DATASOURCES_DEFAULT_HOST=127.0.0.1 -e DATASOURCES_DEFAULT_USERNAME=root -e DATASOURCES_DEFAULT_PASSWORD=MYPASSWORD -e DATASOURCES_DEFAULT_DATABASE=passbolt -p 8000:80 MYURL/passbolt_container-passbolt_container:latest-ce

the container log are here and tell that it can’t access to database.

-----
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
Installing passbolt

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
Running baseline checks, please wait...
Notice Error: Undefined index: message
In [/usr/share/php/passbolt/src/Utility/Healthchecks/DatabaseHealthchecks.php, line 72]

2022-04-11 15:57:13 Notice: Notice (8): Undefined index: message in [/usr/share/php/passbolt/src/Utility/Healthchecks/DatabaseHealthchecks.php, line 72]
Exception: Connection to Mysql could not be established: SQLSTATE[HY000] [2002] Connection refused
In [/usr/share/php/passbolt/vendor/cakephp/cakephp/src/Database/Driver.php, line 140]

Running migrations

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
   / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
  / ____/ /_/ (__  |__  ) /_/ / /_/ / / /
 /_/    \__,_/____/____/_.___/\____/_/\__/

 Open source password manager for teams
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
 Running migration scripts.
-------------------------------------------------------------------------------
using migration paths
 - /etc/passbolt/Migrations
using seed paths
 - /etc/passbolt/Seeds
Exception: There was a problem connecting to the database: SQLSTATE[HY000] [2002] Connection refused
In [/usr/share/php/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php, line 95]

Hi @tux-vador Welcome to the forum! Do you need a DATASOURCES_DEFAULT_PORT parameter as well?

Hello

Thanks for your response.

I will add it. Is it 3306 or any other

Also my question : as passbolt is on the container and Mariadb on the host should I use localhost or the public ip of my server ?

@tux-vador default is 3306 unless you have changed it. Normally one would not use public ip address because the db should only be listening locally for security reasons.

I’m not familiar with podman to answer definitively regarding the setup, but typically a network including the host needs to be created first in order for that network to be used internally by the container so it can reach back out. Someone else may want to add to this.

I have the rootless Passbolt Pro container running as as a non-root user on podman. Passbolt works extremely well (and fast). This is on RHEL 8.5.

MariaDB is running as a container in the same pod. Which is a slightly different setup to yours. You get connection refused, so it could be a FirewallD rule blocking the connection.

Mine is done with Ansible, but you can see the variables I’m using and match that up with your setup.

#
#Ansible excerpt from my Rootless Podman configuration
#
  - name: Allow rootless containers to run after userlogout and/or on boot
    ansible.builtin.shell:
      cmd: loginctl enable-linger "PassboltSystemAccount"
    become: yes

  - name: Allow rootless container to access mariadb folders
    ansible.builtin.shell:
     cmd: podman unshare chown -R 999:999 /ssd_data/mariadb/passbolt_server
    remote_user: "PassboltSystemAccount"

  - name: Allow rootless container to access passbolt folders
    ansible.builtin.shell:
     cmd: podman unshare chown -R 33:33 /ssd_data/passbolt
    remote_user: "PassboltSystemAccount"

  - name: Allow rootless container to access passbolt Swag folders
    ansible.builtin.shell:
     cmd: podman unshare chown -R 1015:1015 /ssd_data/swag/passbolt
    remote_user: "PassboltSystemAccount"

  - name: Create podman pod for passbolt 
    containers.podman.podman_pod:
     name: pod_passbolt
     state: created
     ports: 
      - 4433:443/tcp
    remote_user: PassboltSystemAccount

  - name: Running mariadb image passbolt-server
    containers.podman.podman_container:
     name: mariadb-passbolt-server
     image: docker.io/library/mariadb:latest
     state: created
     volume:
      - /ssd_data/mariadb/passbolt_server:/var/lib/mysql:Z
     pod: pod_passbolt
     label: io.containers.autoupdate=image
     env: 
      MARIADB_USER: passbolt
      MARIADB_PASSWORD: "TheUserPassword"
      MARIADB_DATABASE: db_passbolt
      MARIADB_ROOT_PASSWORD: "TheRootPassword"
    remote_user: PassboltSystemAccount

  - name: Running passbolt image passbolt-server
    containers.podman.podman_container:
     name: passbolt-server
     image: docker.io/passbolt/passbolt:latest-pro-non-root
     state: created
     volume:
      - /ssd_data/passbolt/gpg:/etc/passbolt/gpg:Z
      - /ssd_data/passbolt/jwt:/etc/passbolt/jwt:Z
      - /ssd_data/passbolt/license/subscription_key.txt:/etc/passbolt/subscription_key.txt:Z
     pod: pod_passbolt
     label: io.containers.autoupdate=image
     env: 
      APP_FULL_BASE_URL: https://url.domain.com
      DATASOURCES_DEFAULT_HOST: "127.0.0.1"
      DATASOURCES_DEFAULT_USERNAME: "sa_passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "TheUserPassword"
      DATASOURCES_DEFAULT_DATABASE: "db_passbolt"
      PASSBOLT_KEY_LENGTH: "4096"
      PASSBOLT_SUBKEY_LENGTH: "4096"
      EMAIL_TRANSPORT_DEFAULT_HOST: fqdn.emailserver.com
      EMAIL_TRANSPORT_DEFAULT_PORT: "587"
      EMAIL_TRANSPORT_DEFAULT_USERNAME: Email_Username
      EMAIL_TRANSPORT_DEFAULT_PASSWORD: Email_Password
      EMAIL_TRANSPORT_DEFAULT_TLS: true
      EMAIL_DEFAULT_FROM_NAME: Passbolt
      EMAIL_DEFAULT_FROM: passbolt@url.domain.com
      PASSBOLT_META_TITLE: "My Password Manager"
      PASSBOLT_META_DESCRIPTION: "Password management based on Passbolt"
      SECURITY_SALT: "Not_Used_But_Set_Anyway"
      TZ: Europe/Oslo
    remote_user: PassboltSystemAccount

 - name: Running swag for passbolt.home.sourcenix.com
    containers.podman.podman_container:
     name: passbolt_swag
     image: docker.io/linuxserver/swag:latest
     state: created
     volume:
      - /ssd_data/swag/passbolt:/config:Z
     pod: pod_passbolt
     label: io.containers.autoupdate=image
     env:
      TZ: Europe/Oslo
      PUID: 'PassboltSystemAccount'
      PGID: 'PassboltSystemAccount'
      URL: url.domain.com
      VALIDATION: DNS
      DNSPLUGIN: cloudflare
      EMAIL: "email@address.com"
      STAGING: false
      MAXMINDDB_LICENSE_KEY: MyMaxmindKey
    remote_user: PassboltSystemAccount
1 Like