search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
360 stars 102 forks source link

Multi-container don't work #93

Closed vanpilog closed 2 years ago

vanpilog commented 2 years ago

Hello! As you requested, I report about the work of the multi-container. It was try to run it on Debian Bullseye.

  1. There was problems with run with docker-compose version 1.21.2, build a133471

Error message was:

ERROR: The Compose file './docker-compose.yml' is invalid because: Unsupported config option for services.openvas: 'init'

With docker-compose version 1.29.2 everything is ok with 'init'

  1. After start multi-container nothing works as expected. Containers ovas_gvmd and ovas_postgresql did not started correct. There is some log files for you:

docker logs ovas_gvmd

Setting up contianer filesystem
/data/database/base alredy exists ...
 NOT moving data from image to /data
cp: cannot stat '/usr/local/var/lib/*': No such file or directory
cp: cannot stat '/var/lib/gvm/*': No such file or directory
cp: cannot stat '/var/lib/openvas/*': No such file or directory
Using existing gvm logging config
Using existing password policy config
Using existing openvas logging config
Choosing container start method from:
gvmd
Starting Greenbone Vulnerability Manager daemon !!
Generating certs...
Generated private key in /tmp/tmp.ThR3WcxxZk/cakey.pem.
Generated self signed certificate in /tmp/tmp.ThR3WcxxZk/cacert.pem.
Installed private key to /var/lib/gvm/private/CA/cakey.pem.
Installed certificate to /var/lib/gvm/CA/cacert.pem.
Generated private key in /tmp/tmp.ThR3WcxxZk/serverkey.pem.
Generated certificate request in /tmp/tmp.ThR3WcxxZk/serverrequest.pem.
Signed certificate request in /tmp/tmp.ThR3WcxxZk/serverrequest.pem with CA certificate in /var/lib/gvm/CA/cacert.pem to generate certificate in /tmp/tmp.ThR3WcxxZk/servercert.pem
Installed private key to /var/lib/gvm/private/CA/serverkey.pem.
Installed certificate to /var/lib/gvm/CA/servercert.pem.
Generated private key in /tmp/tmp.ThR3WcxxZk/clientkey.pem.
Generated certificate request in /tmp/tmp.ThR3WcxxZk/clientrequest.pem.
Signed certificate request in /tmp/tmp.ThR3WcxxZk/clientrequest.pem with CA certificate in /var/lib/gvm/CA/cacert.pem to generate certificate in /tmp/tmp.ThR3WcxxZk/clientcert.pem
Installed private key to /var/lib/gvm/private/CA/clientkey.pem.
Installed certificate to /var/lib/gvm/CA/clientcert.pem.
Removing temporary directory /tmp/tmp.ThR3WcxxZk.
LOADDEFAULT is true
Checking for existing DB
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: Connection refused
    Is the server running locally and accepting connections on that socket?

docker logs ovas_postgresql

Setting up contianer filesystem
cp: cannot stat '/usr/local/var/lib/*': No such file or directory
cp: cannot stat '/var/lib/gvm/*': No such file or directory
cp: cannot stat '/var/lib/openvas/*': No such file or directory
Using default gvm logging config
Using default gvm logging config
Using default openvas logging config
Choosing container start method from:
postgresql
Starting postgresql for gvmd !!
Creating postgresql.conf and pg_hba.conf
Starting PostgreSQL...
waiting for server to start....2021-12-27 09:47:54.077 GMT [76] LOG:  starting PostgreSQL 12.9 (Debian 12.9-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
2021-12-27 09:47:54.077 GMT [76] LOG:  listening on IPv4 address "0.0.0.0", port 5432
2021-12-27 09:47:54.077 GMT [76] LOG:  listening on IPv6 address "::", port 5432
2021-12-27 09:47:54.226 GMT [76] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2021-12-27 09:47:54.310 GMT [76] LOG:  could not open usermap file "/data/database/pg_ident.conf": No such file or directory
2021-12-27 09:47:54.383 GMT [77] LOG:  database system was shut down at 2021-11-29 17:39:24 GMT
2021-12-27 09:47:54.459 GMT [76] LOG:  database system is ready to accept connections
 done
server started
Checking for existing DB
 postgres  | postgres | UTF8     | C.UTF-8 | C.UTF-8 | 
 template0 | postgres | UTF8     | C.UTF-8 | C.UTF-8 | =c/postgres          +
           |          |          |         |         | postgres=CTc/postgres
 template1 | postgres | UTF8     | C.UTF-8 | C.UTF-8 | =c/postgres          +
           |          |          |         |         | postgres=CTc/postgres

tail: cannot open '/var/log/postgresql/postgresql-12-main.log' for reading: No such file or directory
tail: no files remaining

I hope that it will help you and in future I will use multi-container. Thank you for your work!

P.S. My docker-compose.yml for your understanding that problem is not because I changed here some options:

version: "3"
services:
  postgresql:
    container_name: ovas_postgresql
    image: immauss/openvas:mc
    command: postgresql
    volumes:
      - "openvas:/data"
      - "ovasrun:/run"

  gvmd:
    container_name: ovas_gvmd
    image: immauss/openvas:mc
    command: gvmd
    depends_on: 
      - "postgresql"
    volumes:
      - "openvas:/data"
      - "ovasrun:/run"
    environment:
      - "PASSWORD=klsejrlkejlrkjerki"
      - "USERNAME=admin"
      - "RELAYHOST=10.1.111.10"
      - "SMTPPORT=25"
      - "QUIET=false"  # dump feed sync noise to /dev/null
      - "SKIPSYNC=false" # Skips the feed sync on startup.
      - "DEBUG=false"  # This will cause the container to stop and not actually start gvmd
      - "GMP=9390"    # to enable see docs
  redis:
    container_name: ovas_redis
    image: immauss/openvas:mc
    command: redis
    depends_on:
      - "gvmd"
    volumes: 
      - "ovasrun:/run"
  openvas:
    container_name: openvas
    image: immauss/openvas:mc
    init: true
    command: openvas
    depends_on: 
      - "redis"
    volumes:
      - "openvas:/data"
      - "ovasrun:/run"
  gsad:
    container_name: ovas_gsad
    image: immauss/openvas:mc
    command: gsad
    depends_on:
      - "gvmd"
    environment:
      - "HTTPS=false"  # wether to use HTTPS or not
    ports:
      - "127.0.0.1:8097:9392"
  scannable:
    image: immauss/scannable
    container_name: scannable
volumes:
  openvas: 
  ovasrun:
immauss commented 2 years ago

Yeah ... looks like the PostgreSQL container is still dying. I'll let you know here when I I figure it out.

arcreigh commented 2 years ago

Want a hand with anything immauss?

immauss commented 2 years ago

@arcreigh Thanks. At the moment, I think I have it. But I may ask for some help in the future.

@vanpilog

OK ... there is a new version in the mc tag.

Let me know if you can get it working.

Best bet to use the entire contents of the "multi-container" directory on the github repo as there are some configs needed there as well.

immauss commented 2 years ago

Please take a look at the new issue opened. https://github.com/immauss/openvas/issues/114