immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
367 stars 102 forks source link

Upgrade from mikesplain/openvas to immauss/openvas #274

Open koy1619 opened 6 months ago

koy1619 commented 6 months ago

Dear immauss team

also like this Might not be the best topic for discussion

I plan to upgrade from mikesplain/openvas to immauss/openvas, but I noticed that mikesplain/openvas uses the sqlite3 database, while immauss/openvas uses the PostgreSQL database. The architecture between the two is also different, and currently, data can only be migrated through XML import and export. Is there a better way to achieve data migration?

Thanks Regards

immauss commented 6 months ago

@koy1619 @mikesplain's openvas is woefully outdated at this point. There might be an easy way to convert the SQLite to Postgres, but the changes made to the database schema since then are extensive. Migrating from there to the current would likely be painful. Since my container has always used the PostgreSQL, I never came up with a migration path from SQLite. If you can get what you need through XML export/import, that will be the best route. You could spend weeks trying to massage the database to work, and still not get everything.

I don't recall how the credentials are managed though, you will probably need to re-enter credentials manually. If it were me, I would export all the bits needed to continue scanning with the updated versions, then keep the old container/volume around to start and access the old DB in the event you need the old reports.

That said ... if you can get the DB converted to postgres, you "might" be able to make it work with the older versions of this container (20.08). From there, if you start and run with the next consecutive versions, there is a built in path to auto upgrade the database.

.. -Scott

immauss commented 5 months ago

@koy1619 I'm really curious to know how this worked out for you. Would you be willing to share your experience?

Thanks, Scott

immauss commented 5 months ago

Thanks for the idea... I've been thinking about this, and I'm adding it to my projects. Mikesplain's is still the being used by folks, so I'm going to try to write something to do the migration. It will probably be a little while, but I'm relatively certain it can be done.

immauss commented 5 months ago

Oh ... and with that idea, I'd really appreciate any notes on how it went for you.

Thanks, Scott

mnaismith commented 4 months ago

My approach is a bit of a hack but it does the job. I export everything I need using gvmtools into SQLite and blow away the container after every scan. So my scan script creates a container, runs the scan, exports to SQLite and deletes the container.

Matt

immauss commented 4 months ago

@mnaismith, are you doing this with mikesplain's image or ours? And what is the advantage to your method?

Thanks, Scott

mnaismith commented 4 months ago

@immauss I use your image. Its rock solid so I don't want to mess with it at all. In terms of advantages i guess they are specific to my use case. I do use PostgreSQL for other things and its awesome but in this case I have a little encrypted box I keep as light as possible. I prefer to keep the data external to your container. I also have other security related containers I pull data from and write to the same SQLite DB. I just find it small, portable and tidy without the bloat. I use Report LAB to build reports so just make it easier for me. I have almost reinvented part of the wheel looking back lol.

Matt