Run passbolt in balena.io

Is it possible to build to run in balena.io?
There was an attempt to run on raspberry pi zero w using GitHub - passbolt/passbolt_docker: Get started with Passbolt CE using docker! but without success.

Hi @eleimt :wave: and welcome to passbolt community forum :people_holding_hands:

Can you tell me more about balena.io ? If I understand well, it is a cloud where you can deploy docker images on small machines such as raspberry, and arm-based ?

The official passbolt docker image is currently amd64-only. We already had this request here and if needed, you can try this community passbolt docker image, I created it based on our passbolt docker repository.

In a few lines, I built it like this:

# Clone of the passbolt_docker repository
git clone git@github.com:passbolt/passbolt_docker.git
# Go to the passbolt_docker repository
cd passbolt_docker

# Build time !

# 3.5.0-ce-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile .

# latest-ce-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile .

# 3.5.0-ce-non-root-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .

# latest-ce-non-root-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .

Cheers,

Yes, you understood the idea of the service correctly balena.io. The main problem is that balena expects one Dockerfile or docker-compose file to run.

I created a test account on Balena but I don’t have any free Raspberry to test. You can pick-up our docker-compose.yaml example file, customize environment variables, replace the passbolt/passbolt:latest-ce image with the anatomicjc/passbolt:latest-ce-multiarch one and give it a try :slight_smile:

Feedbacks are welcome :slight_smile:

Ok, i will try.
In case I fail.
If you have a desire, you can provide the URL in a pre-configured way for me to prepare a Raspberry Pi Zero 1 W for you. What do you think?

Hi again @eleimt :slight_smile:

Thank you for letting me play with your Raspberry Pi Zero through balena.io cloud service. It was fun !

As a follow-up for the ones interested:

The raspberry pi was registered to my testing account:

From there, I created a new project folder and created a docker-compose.yml for the raspberry pi. I encountered 2 issues:

Here is the docker-compose.yml file I used:

version: '2'
services:
  db:
    image: yobasystems/alpine-mariadb
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: "rootpassword"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql
    expose:
      - "3306"

  passbolt:
    image: anatomicjc/passbolt:latest-ce-multiarch
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    links:
      - "db"
    environment:
      APP_FULL_BASE_URL: https://a-very-long-generated-id.balena-devices.com/
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 80:80
    #ports:
    #  - 80:80
    #  - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

As you can notice, I used the default balena domain name provided with the instance, and set it as APP_FULL_BASE_URL environment variable.
I just exposed 80/TCP port as the balena default load balancer is searching for a service exposed on port 80.

As it was just a proof-of-concept, I didn’t configured any SMTP server :email: but the doc is there: Passbolt Help | Configure email providers

I finally pushed the docker-compose.yml file with the Balena CLI:

$ balena push project-namespace
[Info]      Starting build for project-namespace, user g_xxxx
[Info]      Dashboard link: https://dashboard.balena-cloud.com/apps/1930442/devices
[Info]      Building on arm03
[Info]      Pulling previous images for caching purposes...
[Success]   Successfully pulled cache images
[Info]      Generating image deltas from release 0a0d244aa7854c840a451977901aa5aa (id: 2156617)
[Warning]   Failed to generate deltas due to an internal error; will be generated on-demand
[Info]      Uploading images
[Success]   Successfully uploaded images
[Info]      Built on arm03
[Success]   Release successfully created!
[Info]      Release: d1db90ed40fd3ab0e17971711c7a6168 (id: 2156622)
[Info]      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
[Info]      β”‚ Service  β”‚ Image Size β”‚ Build Time β”‚
[Info]      β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
[Info]      β”‚ db       β”‚ 192.74 MB  β”‚ 21 seconds β”‚
[Info]      β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
[Info]      β”‚ passbolt β”‚ 258.17 MB  β”‚ 15 seconds β”‚
[Info]      β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
[Info]      Build finished in 1 minute, 9 seconds
                            \
                             \
                              \\
                               \\
                                >\/7
                            _.-(6'  \
                           (=___._/` \
                                )  \ |
                               /   / |
                              /    > /
                             j    < _\
                         _.-' :      ``.
                         \ r=._\        `.
                        <`\\_  \         .`-.
                         \ r-7  `-. ._  ' .  `\
                          \`,      `-.`7  7)   )
                           \/         \|  \'  / `-._
                                      ||    .'
                                       \\  (
                                        >\  >
                                    ,.-' >.'
                                   <.'_.''
                                     <'

After that, I was able to monitor the deployment through the Balena dashboard:

And voilΓ  :tada: :

passbolt and balena.io on Raspberry PI Zero FTW :stuck_out_tongue:

3 Likes

I followed these instructions and everything worked. But there was an error when I created the administrator:

General error: 1364 Field 'id' doesn't have a default value

The solution I found here helped: Login failed Β· Issue #285 Β· passbolt/passbolt_api Β· GitHub.

This is awesome @eleimt @_jc good job!

this is Marc developer advocate from balena.io

Would you like to submit this application to the balenaHub? The hub is a marketplace for IoT applications. I think a lot of people might want to use it on their devices.

Let me know if i can help more :slight_smile:

2 Likes

Welcome to passbolt community forum @mpous :slight_smile: I discovered Balena with this post and it looks so cool :+1: I didn’t think we can manage fleet of IoT object like this.
I have some internal stuff to do first but I will have a quicker look about how it works and will let you know.
See you soon :wink:

2 Likes

Keep me updated @_jc :slight_smile:

Hi @mpous :wave:

I pushed a first version on balena hub and you should be able to deploy by clicking on this button:

deploy button

Please enjoy :slight_smile:

5 Likes

Hello there,

FYI, I just pushed 3.7.1-1 version of passbolt on Balena Hub and Github.

Please enjoy!

1 Like

That’s awesome, thank you.

1 Like

Hello there,

I just pushed another update. I added a redis container to handle php sessions and a backup container to handle backups.

The backup container is based on rclone docker image. I chose rclone because of the compatibility with so many storage backends (SFTP, FTP, S3, Uptobox, etc, it is crazy).

I created a base backup.sh script with backups made locally once a day but you can override this setting with the BACKUP_INTERVAL variable. You can also restart the backup container to trigger a backup :stuck_out_tongue:

Feel free to edit it and add the correct rclone command to export them on the external storage of your choice. Have a look to the documentation to configure your own: list of rclone providers

Cheers,

Hello guys,

FYI, I just pushed an updated version of balena passbolt following last passbolt 3.7.3 release: Passbolt Help | Release notes

deploy button

Please enjoy!