/root/secondary-certs.sh hardcoded in script

[rbicelli]

Hello and thanks for your work! I've just set up an environemnt in a breeze.

I noticed that if cloning the repo (which I think is the most used method here) the add-secondary-2-primary script fails, because in the script the path /root/secondary-certs.sh is hardcoded. Copying the script in /root solves the issue.

Some random questions (since i can't find your email :-):

• have you considered to move the project in ansible and use the greenbone community containers instead of building everything from source? With ansible you could automate better the secondary nodes addition
• (I'm pretty new to OpenVAS/GSE and) as can I understand the connection between primary-secondary is made directly from the primary. So, where the secondary is a remote machine, I made the connection installing an openvpn server on primary and a openvpn client on secondary. Have I understand the architecture correctly? If this is a feasible setup, the openvpn thing could be automated also (using CA certificate of gse and client cert of scanners for authentication, for example)

Thanks!

[martinboller]

There's too much hard-coded stuff based on an original Vagrant installation. Eventually I'll get to use variables correctly :)

1. Yeah, ansible or Salt Stack (i prefer the latter) and the community containers would be nice, however I like being independent of the prebuilt containers, so if I had to mess with those I'd still have to be able to build from source.
2. You're correct! It is described here [https://docs.greenbone.net/GSM-Manual/gos-21.04/en/master-sensor-setup.html] + I should change my terminology to match Greenbones. Using OpenVPN or WireGuard would be a great way to further protect the comms btw them, however the traffic is already encrypted, so I've not considered that. Thanks for your input, really appreciated (but please allow for me being very very slow in updating stuff, as this is all being done in my spare time)