All articles

Disaster Recovery For Passbolt

9 min. read

Clayton Stevenson

Clayton Stevenson

12 October, 2023

Disaster Recovery For Passbolt

Requirements For The Quest

  • A well-maintained passbolt instance, updated to the latest version.
  • A spare server where you can install passbolt.

The Grand Plan

  1. Enable the database on the Alpha server to operate as the primary.
  2. Install passbolt on the Beta server. 
  3. Migrate data, configuration, and GPG keys from Alpha to Beta. 
  4. Enable the database on Beta.
  5. Connect Beta to Alpha’s database as a replica.
⚠️
For this demonstration, Debian 11 will be used and it will run locally using Vagrant. That means that the database will be MariaDB, so the steps will essentially follow their replication setup guide.

Step 1: Enable the database on the Alpha server to operate as the primary.

[mariadb]
log-bin
server_id=1
log-basename=master1
binlog-format=mixed
mysql configuration showing server_id=1
mysql config showing bind address
sudo systemctl restart mysql
sudo mysql -u root -p
CREATE USER 'replication_user'@'%' IDENTIFIED BY 'bigs3cret';
GRANT REPLICATION SLAVE ON *.* TO 'replication_user'@'%';

Step 2: Install passbolt on the Beta server

  • Package repository setup
  • Install passbolt official linux package
  • Use the same as your Alpha server
  • Choose a different domain name
Output showing successful installation

Step 3: Migrate data, configuration, and GPG keys from Alpha to Beta

sudo mysql -u root -p
FLUSH TABLES WITH READ LOCK;
SHOW MASTER STATUS;
Output showing mysql master status
UNLOCK TABLES;

Step 4: Enable the database on Beta to be a Replica

mysql configuration showing server_id=2
sudo systemctl restart mysql

5. Connect Beta as a Replica of Alpha

sudo mysql -u root -p
CHANGE MASTER TO
  MASTER_HOST='10.103.209.56',
  MASTER_USER='replication_user',
  MASTER_PASSWORD='bigs3cret',
  MASTER_PORT=3306,
  MASTER_LOG_FILE='master1-bin.000001',
  MASTER_LOG_POS=7865,
  MASTER_CONNECT_RETRY=10;
  • MASTER_HOST - This is the IP of your Alpha server.
  • MASTER_PASSWORD - You should have already updates this from “bigs3cret.”
  • MASTER_LOG_FILE - This will be the File value retrieved from step 3.
  • MASTER_LOG_POS - Update this to the Position value from step 3.
START SLAVE;
SHOW SLAVE STATUS \G
Slave status showing successful connection
Slave_IO_Running: Yes
Slave_SQL_Running: Yes

6: Bonus

Resource count in both databases
Resource count in both databases
Side by side of web interfaces from both instances
sudo systemctl stop nginx

Limitation And Considerations

Only For Database Replication

Cost Of Resources

Not A Substitute For Backups

Many Assumptions Were Made In This Example

Domain Name Decision

Prior Knowledge Of Databases

What comes next?

Test It All Out

Include In Monitoring

Use GTIDs instead

Configure High Availability

Continue reading

Celebrating 4,000 Stars: A Look At Passbolt’s Open Source Security Odyssey

5 min. read

Celebrating 4,000 Stars: A Look At Passbolt’s Open Source Security Odyssey

Passbolt is celebrating reaching 4,000 stars on the API repository and it’s all thanks to contributors like you! Take a look at the statistics behind this achievement.

Shelby Lee Neubeck

Shelby Lee Neubeck

20 October, 2023

Create A Backup of Passbolt Data With A Bash Script

4 min. read

Create A Backup of Passbolt Data With A Bash Script

Passbolt has created a bash script that you can use to perform regular backups of your data in Passbolt. Get started with this easy-to-follow guide.

Clayton Stevenson

Clayton Stevenson

6 October, 2023

Flag of European UnionMade in Europe. Privacy by default.