Help Search

Migrate an existing Passbolt PRO to Virtual Machine

This document describes how to migrate an existing passbolt to a new Virtual Machine Appliance.

Pre-requisites

For this tutorial, you will need:

  • Passbolt installed on an old server

Backup the existing data

Prior to the migration you will need to backup the existing passbolt instance data. Please refer to the official backup documentations.

Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server.

Don’t delete the existing instance yet!

Prepare the Virtual Machine Appliance for migration

While configuring the database ensure you are configuring the database as it was on your previous server, check the backup of the file passbolt.php for the configuration details.

Passbolt Pro provides a virtual appliance in OVA format. Users can import this appliance on their private virtualization platform and start enjoying Passbolt Pro. The VM includes the following software:

  • Debian 10
  • Nginx
  • Php-fpm
  • Mariadb
  • Passbolt Pro preinstalled
  • certbot
  • haveged to fill the entropy pool faster

1. Getting started with Passbolt Pro VM

1.1 Download

Download the ova and the SHA512SUM.txt:

Import the ova file using virtualbox, vmware (ESXi >= 6.0) or any other platform that supports import OVA files.

Once imported into users should be able to boot the VM and just point to the VM ip address with their web browser to initiate the passbolt install process.

1.2 Credentials

The appliance performs some actions on the first boot:

  • Creates ssh host keys
  • Enables ssh
  • Creates a set of random mariadb credentials for the mariadb server installed on the appliance
  • Creates an empty database where passbolt can be installed.

For the first login the appliance comes with the following ssh default credentials:

VM login credentials:
username: passbolt
password: admin

The passbolt user is part of sudo group. There is no root password, so you cannot login in as root. You can however create a shell as root with the default user:

sudo -s

Configure the OVA Services

Reconfigure the Passbolt package:

sudo dpkg-reconfigure passbolt-pro-server

Configure mariadb

If not instructed otherwise passbolt debian package will install mariadb-server locally. This step will help you create an empty mariadb database for passbolt to use.

Configure mariadb dialog fig. Configure mariadb dialog

The configuration process will ask you for the credentials of the mariadb admin user to create a new database. You will find the root password on the server in the file /root/.mysql_credentials.

Mariadb admin user dialog fig. Mariadb admin user dialog
Mariadb admin user pass dialog fig. Mariadb admin user pass dialog

Now we need to create a mariadb user with reduced permissions for passbolt to connect. For the passbolt database user and password, reuse the ones you have in your backup of passbolt.php.

Mariadb passbolt user dialog fig. Mariadb passbolt user dialog
Mariadb passbolt user pass dialog fig. Mariadb passbolt user pass dialog

Lastly we need to create a database for passbolt to use, for that we need to name it:

Mariadb database name dialog fig. Mariadb database name dialog

Depending on your needs there are two different options to setup nginx and SSL using the debian package:

Once you’re done, restart the nginx server:

sudo systemctl restart nginx

Migrate the data

Load the backup files into the new Debian server, for the following tasks we will consider that the backup files are in your user home directory ~/backup

You should have:

  • Your subscription key

  • the private and public GPG key
  • Your database dump
  • The avatar archive file passbolt-avatars.tar.gz if you are coming from Passbolt prior to 3.2

Step 1. Create the subscription key file

You received your subscription key by email, copy it as /etc/passbolt/subscription_key.txt on your server.

Step 2. Restore Passbolt configuration file and ensure rights and ownership are correct:

sudo mv ~/backup/passbolt.php /etc/passbolt
sudo chown www-data:www-data /etc/passbolt/passbolt.php
sudo chmod 440 /etc/passbolt/passbolt.php

Step 3. Restore GPG public and private keys and ensure rights and ownership are correct:

sudo mv ~/backup/serverkey.asc /etc/passbolt/gpg
sudo mv ~/backup/serverkey_private.asc /etc/passbolt/gpg
sudo chown www-data: /etc/passbolt/gpg/serverkey_private.asc
sudo chown www-data: /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey.asc
sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc

Step 4. Extract the passbolt-avatars.tar.gz archive and set correct rights (if coming from Passbolt version prior to 3.2)

sudo tar xzf passbolt-avatars.tar.gz -C /usr/share/php/passbolt/
sudo chown -R www-data:www-data /usr/share/php/passbolt/webroot/img/public

Step 5. Load the database

mysql -u PASSBOLT_DATABASE_USER -p PASSBOLT_DATABASE < passbolt-backup.sql

Step 6. Migrate the Passbolt data to the latest version

sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"

Step 7. Test passbolt

Try to access your passbolt application with your browser.

If you are encountering any issues, you can run the following command to assess the status of your instance:

sudo -H -u www-data /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck"

Last updated

This article was last updated on September 16th, 2021.

Are you experiencing issues when updating passbolt?

Ask the community!

Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

View on github
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!