Run passbolt in balena.io

Is it possible to build to run in balena.io?
There was an attempt to run on raspberry pi zero w using GitHub - passbolt/passbolt_docker: Get started with Passbolt CE using docker! but without success.

Hi @eleimt :wave: and welcome to passbolt community forum :people_holding_hands:

Can you tell me more about balena.io ? If I understand well, it is a cloud where you can deploy docker images on small machines such as raspberry, and arm-based ?

The official passbolt docker image is currently amd64-only. We already had this request here and if needed, you can try this community passbolt docker image, I created it based on our passbolt docker repository.

In a few lines, I built it like this:

# Clone of the passbolt_docker repository
git clone git@github.com:passbolt/passbolt_docker.git
# Go to the passbolt_docker repository
cd passbolt_docker

# Build time !

# 3.5.0-ce-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile .

# latest-ce-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile .

# 3.5.0-ce-non-root-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .

# latest-ce-non-root-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .

Cheers,

Yes, you understood the idea of the service correctly balena.io. The main problem is that balena expects one Dockerfile or docker-compose file to run.

I created a test account on Balena but I don’t have any free Raspberry to test. You can pick-up our docker-compose.yaml example file, customize environment variables, replace the passbolt/passbolt:latest-ce image with the anatomicjc/passbolt:latest-ce-multiarch one and give it a try :slight_smile:

Feedbacks are welcome :slight_smile:

Ok, i will try.
In case I fail.
If you have a desire, you can provide the URL in a pre-configured way for me to prepare a Raspberry Pi Zero 1 W for you. What do you think?

Hi again @eleimt :slight_smile:

Thank you for letting me play with your Raspberry Pi Zero through balena.io cloud service. It was fun !

As a follow-up for the ones interested:

The raspberry pi was registered to my testing account:

From there, I created a new project folder and created a docker-compose.yml for the raspberry pi. I encountered 2 issues:

  • balena.io doesn’t support docker-compose v3, so I set our docker-compose to v2 (not the difficult part)
  • mariadb and mysql teams don’t provide any arm docker image, I first used https://docs.linuxserver.io/images/docker-mariadb but I got network connectivity issues. I finally found yobasystems/alpine-mariadb docker image who is working well.

Here is the docker-compose.yml file I used:

version: '2'
services:
  db:
    image: yobasystems/alpine-mariadb
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: "rootpassword"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql
    expose:
      - "3306"

  passbolt:
    image: anatomicjc/passbolt:latest-ce-multiarch
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    links:
      - "db"
    environment:
      APP_FULL_BASE_URL: https://a-very-long-generated-id.balena-devices.com/
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 80:80
    #ports:
    #  - 80:80
    #  - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

As you can notice, I used the default balena domain name provided with the instance, and set it as APP_FULL_BASE_URL environment variable.
I just exposed 80/TCP port as the balena default load balancer is searching for a service exposed on port 80.

As it was just a proof-of-concept, I didn’t configured any SMTP server :email: but the doc is there: Passbolt Help | Configure email providers

I finally pushed the docker-compose.yml file with the Balena CLI:

$ balena push project-namespace
[Info]      Starting build for project-namespace, user g_xxxx
[Info]      Dashboard link: https://dashboard.balena-cloud.com/apps/1930442/devices
[Info]      Building on arm03
[Info]      Pulling previous images for caching purposes...
[Success]   Successfully pulled cache images
[Info]      Generating image deltas from release 0a0d244aa7854c840a451977901aa5aa (id: 2156617)
[Warning]   Failed to generate deltas due to an internal error; will be generated on-demand
[Info]      Uploading images
[Success]   Successfully uploaded images
[Info]      Built on arm03
[Success]   Release successfully created!
[Info]      Release: d1db90ed40fd3ab0e17971711c7a6168 (id: 2156622)
[Info]      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
[Info]      β”‚ Service  β”‚ Image Size β”‚ Build Time β”‚
[Info]      β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
[Info]      β”‚ db       β”‚ 192.74 MB  β”‚ 21 seconds β”‚
[Info]      β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
[Info]      β”‚ passbolt β”‚ 258.17 MB  β”‚ 15 seconds β”‚
[Info]      β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
[Info]      Build finished in 1 minute, 9 seconds
                            \
                             \
                              \\
                               \\
                                >\/7
                            _.-(6'  \
                           (=___._/` \
                                )  \ |
                               /   / |
                              /    > /
                             j    < _\
                         _.-' :      ``.
                         \ r=._\        `.
                        <`\\_  \         .`-.
                         \ r-7  `-. ._  ' .  `\
                          \`,      `-.`7  7)   )
                           \/         \|  \'  / `-._
                                      ||    .'
                                       \\  (
                                        >\  >
                                    ,.-' >.'
                                   <.'_.''
                                     <'

After that, I was able to monitor the deployment through the Balena dashboard:

And voilΓ  :tada: :

passbolt and balena.io on Raspberry PI Zero FTW :stuck_out_tongue:

I followed these instructions and everything worked. But there was an error when I created the administrator:

General error: 1364 Field 'id' doesn't have a default value

The solution I found here helped: Login failed Β· Issue #285 Β· passbolt/passbolt_api Β· GitHub.

This is awesome @eleimt @AnatomicJC good job!

this is Marc developer advocate from balena.io

Would you like to submit this application to the balenaHub? The hub is a marketplace for IoT applications. I think a lot of people might want to use it on their devices.

Let me know if i can help more :slight_smile:

Welcome to passbolt community forum @mpous :slight_smile: I discovered Balena with this post and it looks so cool :+1: I didn’t think we can manage fleet of IoT object like this.
I have some internal stuff to do first but I will have a quicker look about how it works and will let you know.
See you soon :wink:

Keep me updated @AnatomicJC :slight_smile:

Hi @mpous :wave:

I pushed a first version on balena hub and you should be able to deploy by clicking on this button:

External Image

Please enjoy :slight_smile:

Hello there,

FYI, I just pushed 3.7.1-1 version of passbolt on Balena Hub and Github.

Please enjoy!

That’s awesome, thank you.

Hello there,

I just pushed another update. I added a redis container to handle php sessions and a backup container to handle backups.

The backup container is based on rclone docker image. I chose rclone because of the compatibility with so many storage backends (SFTP, FTP, S3, Uptobox, etc, it is crazy).

I created a base backup.sh script with backups made locally once a day but you can override this setting with the BACKUP_INTERVAL variable. You can also restart the backup container to trigger a backup :stuck_out_tongue:

Feel free to edit it and add the correct rclone command to export them on the external storage of your choice. Have a look to the documentation to configure your own: list of rclone providers

Cheers,

Hello guys,

I will update this message on a regulary basis :slight_smile:

FYI, I just pushed an updated version of balena passbolt following last passbolt 3.8.1 release: https://help.passbolt.com/releases/

External Image

Please enjoy!

Hello there,

passbolt 3.9.0 is now available on balena as well.

External Image

Please enjoy!

Following latest passbolt release, passbolt 4.0.0 is available as well on balena :slight_smile: using the official passbolt docker image

https://hub.balena.io/apps/2022475/balena-passbolt-app

It’s been a while since passbolt was updated on balena :slight_smile:

Please enjoy the 4.4.2 version :partying_face:

https://hub.balena.io/apps/2022475/balena-passbolt-app

This is great news. I am very glad that support continues at Balena. Thanks.

Hi everybody. I saw Russification came out, tell me, will there be an update to Balena Hub?