Is it possible to build to run in balena.io?
There was an attempt to run on raspberry pi zero w using GitHub - passbolt/passbolt_docker: Get started with Passbolt CE using docker! but without success.
Is it possible to build to run in balena.io?
Hi @eleimt and welcome to passbolt community forum
Can you tell me more about balena.io ? If I understand well, it is a cloud where you can deploy docker images on small machines such as raspberry, and arm-based ?
The official passbolt docker image is currently amd64-only. We already had this request here and if needed, you can try this community passbolt docker image, I created it based on our passbolt docker repository.
In a few lines, I built it like this:
# Clone of the passbolt_docker repository git clone email@example.com:passbolt/passbolt_docker.git # Go to the passbolt_docker repository cd passbolt_docker # Build time ! # 3.5.0-ce-multiarch docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile . # latest-ce-multiarch docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile . # 3.5.0-ce-non-root-multiarch docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless . # latest-ce-non-root-multiarch docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .
Yes, you understood the idea of the service correctly balena.io. The main problem is that balena expects one Dockerfile or docker-compose file to run.
I created a test account on Balena but I don’t have any free Raspberry to test. You can pick-up our docker-compose.yaml example file, customize environment variables, replace the
passbolt/passbolt:latest-ce image with the
anatomicjc/passbolt:latest-ce-multiarch one and give it a try
Feedbacks are welcome
Ok, i will try.
In case I fail.
If you have a desire, you can provide the URL in a pre-configured way for me to prepare a Raspberry Pi Zero 1 W for you. What do you think?
Hi again @eleimt
Thank you for letting me play with your Raspberry Pi Zero through balena.io cloud service. It was fun !
As a follow-up for the ones interested:
- I read the getting started page
- I sent a registering url to @eleimt who has setup his raspberry following the getting started page instructions
- I downloaded the Balena CLI
The raspberry pi was registered to my testing account:
From there, I created a new project folder and created a docker-compose.yml for the raspberry pi. I encountered 2 issues:
- balena.io doesn’t support docker-compose v3, so I set our docker-compose to v2 (not the difficult part)
- mariadb and mysql teams don’t provide any arm docker image, I first used https://docs.linuxserver.io/images/docker-mariadb but I got network connectivity issues. I finally found yobasystems/alpine-mariadb docker image who is working well.
Here is the docker-compose.yml file I used:
version: '2' services: db: image: yobasystems/alpine-mariadb restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: "rootpassword" MYSQL_DATABASE: "passbolt" MYSQL_USER: "passbolt" MYSQL_PASSWORD: "P4ssb0lt" volumes: - database_volume:/var/lib/mysql expose: - "3306" passbolt: image: anatomicjc/passbolt:latest-ce-multiarch #Alternatively you can use rootless: #image: passbolt/passbolt:latest-ce-non-root restart: unless-stopped links: - "db" environment: APP_FULL_BASE_URL: https://a-very-long-generated-id.balena-devices.com/ DATASOURCES_DEFAULT_HOST: "db" DATASOURCES_DEFAULT_USERNAME: "passbolt" DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt" DATASOURCES_DEFAULT_DATABASE: "passbolt" volumes: - gpg_volume:/etc/passbolt/gpg - jwt_volume:/etc/passbolt/jwt command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] ports: - 80:80 #ports: # - 80:80 # - 443:443 #Alternatively for non-root images: # - 80:8080 # - 443:4433 volumes: database_volume: gpg_volume: jwt_volume:
As you can notice, I used the default balena domain name provided with the instance, and set it as APP_FULL_BASE_URL environment variable.
I just exposed 80/TCP port as the balena default load balancer is searching for a service exposed on port 80.
As it was just a proof-of-concept, I didn’t configured any SMTP server but the doc is there: Passbolt Help | Configure email providers
I finally pushed the docker-compose.yml file with the Balena CLI:
$ balena push project-namespace [Info] Starting build for project-namespace, user g_xxxx [Info] Dashboard link: https://dashboard.balena-cloud.com/apps/1930442/devices [Info] Building on arm03 [Info] Pulling previous images for caching purposes... [Success] Successfully pulled cache images [Info] Generating image deltas from release 0a0d244aa7854c840a451977901aa5aa (id: 2156617) [Warning] Failed to generate deltas due to an internal error; will be generated on-demand [Info] Uploading images [Success] Successfully uploaded images [Info] Built on arm03 [Success] Release successfully created! [Info] Release: d1db90ed40fd3ab0e17971711c7a6168 (id: 2156622) [Info] ┌──────────┬────────────┬────────────┐ [Info] │ Service │ Image Size │ Build Time │ [Info] ├──────────┼────────────┼────────────┤ [Info] │ db │ 192.74 MB │ 21 seconds │ [Info] ├──────────┼────────────┼────────────┤ [Info] │ passbolt │ 258.17 MB │ 15 seconds │ [Info] └──────────┴────────────┴────────────┘ [Info] Build finished in 1 minute, 9 seconds \ \ \\ \\ >\/7 _.-(6' \ (=___._/` \ ) \ | / / | / > / j < _\ _.-' : ``. \ r=._\ `. <`\\_ \ .`-. \ r-7 `-. ._ ' . `\ \`, `-.`7 7) ) \/ \| \' / `-._ || .' \\ ( >\ > ,.-' >.' <.'_.'' <'
After that, I was able to monitor the deployment through the Balena dashboard:
And voilà :
passbolt and balena.io on Raspberry PI Zero FTW
I followed these instructions and everything worked. But there was an error when I created the administrator:
General error: 1364 Field 'id' doesn't have a default value
The solution I found here helped: Login failed · Issue #285 · passbolt/passbolt_api · GitHub.
this is Marc developer advocate from balena.io
Would you like to submit this application to the balenaHub? The hub is a marketplace for IoT applications. I think a lot of people might want to use it on their devices.
Let me know if i can help more
Welcome to passbolt community forum @mpous I discovered Balena with this post and it looks so cool I didn’t think we can manage fleet of IoT object like this.
I have some internal stuff to do first but I will have a quicker look about how it works and will let you know.
See you soon
Keep me updated @_jc
I pushed a first version on balena hub and you should be able to deploy by clicking on this button:
That’s awesome, thank you.
I just pushed another update. I added a redis container to handle php sessions and a backup container to handle backups.
I created a base
backup.sh script with backups made locally once a day but you can override this setting with the
BACKUP_INTERVAL variable. You can also restart the backup container to trigger a backup
Feel free to edit it and add the correct rclone command to export them on the external storage of your choice. Have a look to the documentation to configure your own: list of rclone providers
FYI, I just pushed an updated version of balena passbolt following last passbolt 3.7.3 release: Passbolt Help | Release notes