Migrate passbolt CE from install scripts to CentOS 7 package
A CentOS package has been created to increase the ease of installing and upgrading passbolt.
For this tutorial, you will need:
- A minimal CentOS 7 server.
- Passbolt installed with the CentOS install script.
1. Take down your site
It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects such as active users corrupting the data in the middle of an upgrade.
sudo systemctl stop nginx
2. Backup your instance
First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process.
3. Upgrade your system
Passbolt requires PHP 7.3 and supports PHP 7.4.
A full system upgrade to CentOS 7 is necessary before installing the passbolt CentOS package.
sudo yum upgrade
4. Install the package
1. Install the server components
1.1. Package repository setup
For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt CE and install it.
These steps assume you have already installed sudo and added your user to the sudo group.
Step 1. Configure Extra Packages for Enterprise Linux (EPEL) repository
sudo yum install epel-release
While installing packages from this repository, you will be asked to accept GPG key of this repository. You nust verify if the displayed fingerprint is correct on this reference page.
Step 2. Configure Remi’s RPM repository
As CentOS 7 don’t provide the mandatory php-pecl-gnupg package for Passbolt, we rely on Remi’s RPM repository for the PHP packages.
Install Remi repository configuration package.
sudo yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
During the next package installations, if you are prompted for Remi GPG key import, you must check if the displayed fingerprint matches with the one on the bottom of this reference page.
sudo yum install yum-utils
Step 3. Enable the module stream for PHP 7.4:
sudo yum-config-manager --disable 'remi-php*' sudo yum-config-manager --enable remi-php74
Step 4. Let’s Encrypt
Install certbot if you plan to manage your SSL certificates with Let’s Encrypt:
sudo yum install certbot python3-certbot-nginx
Step 5. Setup MariaDB 10.3 repository
CentOS 7 comes with an outated MariaDB 5.x version and performance issues has been reported by using it. That’s why you should consider to upgrade MariaDB to version 10.3.
Add MariaDB 10.3 repository:
cat << EOF | sudo tee /etc/yum.repos.d/mariadb.repo [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.3/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF
Upgrade MariaDB server from 5.5.xx to 10.3 version:
sudo yum install MariaDB-server MariaDB-client
At this step, MariaDB 5.5 has been replaced with MariaDB 10.3. You can now restart the MariaDB service:
sudo systemctl restart mariadb.service
Run this command to upgrade MariaDB internal database schemas:
sudo su -s /bin/bash -c "mysql_upgrade -p" mysql
You will be prompted with root mysql password and an output like the one below will be displayed:
Phase 1/7: Checking and upgrading mysql database Processing databases mysql mysql.columns_priv OK mysql.db OK mysql.event OK (etc etc...)
At this step, MariaDB has been upgraded.
Step 6. Add passbolt repository:
cat << EOF | sudo tee /etc/yum.repos.d/passbolt.repo [passbolt-server] name=Passbolt Server baseurl=https://download.passbolt.com/ce/rpm/el7/stable enabled=1 gpgcheck=1 gpgkey=https://download.passbolt.com/pub.key EOF
Install passbolt package
Install the main passbolt server component:
sudo yum install passbolt-ce-server
During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:
Importing GPG key 0xC155581D: Userid : "Passbolt SA package signing key <[email protected]>" Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D From : https://download.passbolt.com/pub.key
5. Copy existing configuration to the new location
5.1. Copy the server keys
Copy the GPG server keys as following:
sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/ sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/ sudo chown -R root:nginx /etc/passbolt/gpg sudo chmod g-w /etc/passbolt/gpg
5.2. Copy the passbolt configuration
Copy passbolt configuration as following:
sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php sudo chown root:nginx /etc/passbolt/passbolt.php sudo chmod g-w /etc/passbolt/passbolt.php
If you are running mysql 8, please change the
quoteIdentifiers setting of the passbolt.php as follow:
'quoteIdentifiers' => true
Now you can remove all the old nginx configuration files from
sudo rm /etc/nginx/conf.d/passbolt.conf sudo rm /etc/nginx/conf.d/passbolt_ssl.conf
Then you can reconfigure the CentOS package using:
Answer the following way:
- No to mariadb configuration
- Yes to nginx configuration
You can then select the SSL method that suits best your needs.
7. Run the database migrations
Now it is time to run the migrations to upgrade the database schemas:
sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"
After you have checked you can access your new setup with the CentOS package make a backup of
/var/www/passbolt and then
you can delete it:
sudo rm -rf /var/www/passbolt
You may also want to check for the old CRON job that may need to be removed:
sudo crontab -u nginx -e
9. Take your site back up
Finally take passbolt back up:
sudo systemctl start nginx sudo systemctl restart php-fpm
This article was last updated on November 26th, 2021.