Run passbolt in balena.io

Is it possible to build to run in balena.io?
There was an attempt to run on raspberry pi zero w using GitHub - passbolt/passbolt_docker: Get started with Passbolt CE using docker! but without success.

Hi @eleimt and welcome to passbolt community forum

Can you tell me more about balena.io ? If I understand well, it is a cloud where you can deploy docker images on small machines such as raspberry, and arm-based ?

The official passbolt docker image is currently amd64-only. We already had this request here and if needed, you can try this community passbolt docker image, I created it based on our passbolt docker repository.

In a few lines, I built it like this:

# Clone of the passbolt_docker repository
git clone git@github.com:passbolt/passbolt_docker.git
# Go to the passbolt_docker repository
cd passbolt_docker

# Build time !

# 3.5.0-ce-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile .

# latest-ce-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile .

# 3.5.0-ce-non-root-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:3.5.0-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .

# latest-ce-non-root-multiarch
docker buildx build --build-arg PASSBOLT_REPO_URL=https://download.passbolt.com/ce/debian --build-arg PASSBOLT_PKG=passbolt-ce-server --build-arg PASSBOLT_FLAVOUR=ce --build-arg PASSBOLT_COMPONENT=stable -t anatomicjc/passbolt:latest-ce-non-root-multiarch --push --platform linux/amd64,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/386 -f debian/Dockerfile.rootless .

Cheers,

Yes, you understood the idea of the service correctly balena.io. The main problem is that balena expects one Dockerfile or docker-compose file to run.

I created a test account on Balena but I don’t have any free Raspberry to test. You can pick-up our docker-compose.yaml example file, customize environment variables, replace the passbolt/passbolt:latest-ce image with the anatomicjc/passbolt:latest-ce-multiarch one and give it a try

Feedbacks are welcome

Ok, i will try.
In case I fail.
If you have a desire, you can provide the URL in a pre-configured way for me to prepare a Raspberry Pi Zero 1 W for you. What do you think?

2022-05-04_19-41-391411×899 80.8 KB

Hi again @eleimt

Thank you for letting me play with your Raspberry Pi Zero through balena.io cloud service. It was fun !

As a follow-up for the ones interested:

• I read the getting started page
• I sent a registering url to @eleimt who has setup his raspberry following the getting started page instructions
• I downloaded the Balena CLI

The raspberry pi was registered to my testing account:

image2860×1442 326 KB

From there, I created a new project folder and created a docker-compose.yml for the raspberry pi. I encountered 2 issues:

• balena.io doesn’t support docker-compose v3, so I set our docker-compose to v2 (not the difficult part)
• mariadb and mysql teams don’t provide any arm docker image, I first used https://docs.linuxserver.io/images/docker-mariadb but I got network connectivity issues. I finally found yobasystems/alpine-mariadb docker image who is working well.

Here is the docker-compose.yml file I used:

version: '2'
services:
  db:
    image: yobasystems/alpine-mariadb
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: "rootpassword"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/mysql
    expose:
      - "3306"

  passbolt:
    image: anatomicjc/passbolt:latest-ce-multiarch
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    links:
      - "db"
    environment:
      APP_FULL_BASE_URL: https://a-very-long-generated-id.balena-devices.com/
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "P4ssb0lt"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 80:80
    #ports:
    #  - 80:80
    #  - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume:

As you can notice, I used the default balena domain name provided with the instance, and set it as APP_FULL_BASE_URL environment variable.
I just exposed 80/TCP port as the balena default load balancer is searching for a service exposed on port 80.

As it was just a proof-of-concept, I didn’t configured any SMTP server but the doc is there: Passbolt Help | Configure email providers

I finally pushed the docker-compose.yml file with the Balena CLI:

$ balena push project-namespace
[Info]      Starting build for project-namespace, user g_xxxx
[Info]      Dashboard link: https://dashboard.balena-cloud.com/apps/1930442/devices
[Info]      Building on arm03
[Info]      Pulling previous images for caching purposes...
[Success]   Successfully pulled cache images
[Info]      Generating image deltas from release 0a0d244aa7854c840a451977901aa5aa (id: 2156617)
[Warning]   Failed to generate deltas due to an internal error; will be generated on-demand
[Info]      Uploading images
[Success]   Successfully uploaded images
[Info]      Built on arm03
[Success]   Release successfully created!
[Info]      Release: d1db90ed40fd3ab0e17971711c7a6168 (id: 2156622)
[Info]      ┌──────────┬────────────┬────────────┐
[Info]      │ Service  │ Image Size │ Build Time │
[Info]      ├──────────┼────────────┼────────────┤
[Info]      │ db       │ 192.74 MB  │ 21 seconds │
[Info]      ├──────────┼────────────┼────────────┤
[Info]      │ passbolt │ 258.17 MB  │ 15 seconds │
[Info]      └──────────┴────────────┴────────────┘
[Info]      Build finished in 1 minute, 9 seconds
                            \
                             \
                              \\
                               \\
                                >\/7
                            _.-(6'  \
                           (=___._/` \
                                )  \ |
                               /   / |
                              /    > /
                             j    < _\
                         _.-' :      ``.
                         \ r=._\        `.
                        <`\\_  \         .`-.
                         \ r-7  `-. ._  ' .  `\
                          \`,      `-.`7  7)   )
                           \/         \|  \'  / `-._
                                      ||    .'
                                       \\  (
                                        >\  >
                                    ,.-' >.'
                                   <.'_.''
                                     <'

After that, I was able to monitor the deployment through the Balena dashboard:

image1920×1251 152 KB

And voilà :

image2330×1064 189 KB

passbolt and balena.io on Raspberry PI Zero FTW

I followed these instructions and everything worked. But there was an error when I created the administrator:

General error: 1364 Field 'id' doesn't have a default value

The solution I found here helped: Login failed · Issue #285 · passbolt/passbolt_api · GitHub.

This is awesome @eleimt @AnatomicJC good job!

this is Marc developer advocate from balena.io

Would you like to submit this application to the balenaHub? The hub is a marketplace for IoT applications. I think a lot of people might want to use it on their devices.

Let me know if i can help more

Welcome to passbolt community forum @mpous I discovered Balena with this post and it looks so cool I didn’t think we can manage fleet of IoT object like this.
I have some internal stuff to do first but I will have a quicker look about how it works and will let you know.
See you soon

Keep me updated @AnatomicJC

Hi @mpous

I pushed a first version on balena hub and you should be able to deploy by clicking on this button:

Please enjoy

Hello there,

FYI, I just pushed 3.7.1-1 version of passbolt on Balena Hub and Github.

Please enjoy!

That’s awesome, thank you.

Hello there,

I just pushed another update. I added a redis container to handle php sessions and a backup container to handle backups.

The backup container is based on rclone docker image. I chose rclone because of the compatibility with so many storage backends (SFTP, FTP, S3, Uptobox, etc, it is crazy).

I created a base backup.sh script with backups made locally once a day but you can override this setting with the BACKUP_INTERVAL variable. You can also restart the backup container to trigger a backup

Feel free to edit it and add the correct rclone command to export them on the external storage of your choice. Have a look to the documentation to configure your own: list of rclone providers

image691×480 38.8 KB

Cheers,

Hello guys,

I will update this message on a regulary basis

FYI, I just pushed an updated version of balena passbolt following last passbolt 3.8.1 release: Passbolt Help | Release notes

Please enjoy!

Hello there,

passbolt 3.9.0 is now available on balena as well.

Please enjoy!

Following latest passbolt release, passbolt 4.0.0 is available as well on balena using the official passbolt docker image