All articles

Automating Passbolt Maintenance

4 min. read

Antony Bartolomucci

Antony Bartolomucci

3 December, 2024

Introduction

Reduction of hard disk space

  • Decreased performance: A bloated database can slow down queries, affecting the overall responsiveness of the Passbolt server.
  • Disk space exhaustion: Excessive disk usage can lead to storage limits being reached, potentially causing service interruptions.
  • Maintenance challenges: Manually running maintenance commands regularly is not scalable and can be forgotten, leading to the issues above.

Why automating maintenance tasks?

Introducing the purge automation bash script

  • It automatically detects the environment: Automatically identifies whether it's running on Docker (root or non-root), RPM, or Debian/Ubuntu, and whether the passbolt version is CE or PRO.
  • Providing flexibility: Includes flags  for setting retention periods and specifying LDAP purging with -r and –ldap
  • Simplifies execution: Runs all necessary commands with appropriate parameters, ensuring a smooth maintenance process.
  • User-friendly outputs: Colored terminal output for better readability and status messages to inform you of progress.

Understanding the script

  • Environment detection: It detects on which environment the server is.
  • User detection: Determines the correct web server user (www-data or nginx) and sets the appropriate command execution method.
  • Argument parsing: Accepts optional arguments
    • -r: Sets the retention period for action logs (default is 90 days).
    • --ldap: Triggers the purge of LDAP-related tables (PRO only)
  • Passbolt version check: Identifies if the server is running CE or PRO to ensure compatibility with commands.
  • Maintenance commands execution:
    • Email queue purge: Clears out the email queue to free up space.
    • Action logs purge: Deletes non-essential action logs older than the specified retention period.
    • LDAP tables purge (PRO only): If the --ldap flag is set, purges old records from LDAP synchronization tables.
    • Cleanup shell: To ensure that there are no database integrity issues. It usually happens when manual iterations are made on a table.

Setting up the script

Download the script

curl -LO https://gist.githubusercontent.com/qntoni/e63467f714af03057d2ad31676ec7085/raw/90a698a5aa90ec7275f9e591633859f810f3092d/passbolt_maintenance.sh

Updating script permissions

sudo chmod 550 passbolt_maintenance.sh
sudo chown root:<WEB_SERVER> passbolt_maintenance.sh # replace <WEB_SERVER> with nginx on RPM or www-data on debian like distributions

Run the script manually (optional)

sudo ./passbolt_maintenance.sh
sudo ./passbolt_maintenance.sh -r 60
sudo ./passbolt_maintenance.sh -r 60 --ldap

Automate with cron

sudo -u <WEB_SERVER> crontab -e # replace <WEB_SERVER> with nginx on RPM or www-data on debian like distributions
0 0 * * * /path/to/passbolt_maintenance.sh --ldap

Benefits of using the maintenance script

Conclusion

What's Next?

Continue reading

The road to Passbolt v5 – Encrypted metadata and other core security changes

9 min. read

The road to Passbolt v5 – Encrypted metadata and other core security changes

Passbolt v5 introduces encrypted metadata, redefining how information is managed and shared. Secure resource names, tags, and URIs with flexible encryption options. Dive into the blog to explore the architecture, migration timeline and what this means for your organization.

RB

Remy Bertot

11 December, 2024

Simplifying Passbolt Installation with Ansible

4 min. read

Simplifying Passbolt Installation with Ansible

Automate Passbolt installation with Ansible for a consistent, secure, and efficient server setup.

Antony Bartolomucci

Antony Bartolomucci

4 November, 2024

Flag of European UnionMade in Europe. Privacy by default.