search

robertdebock / ansible-role-openvas

Install and configure openvas on your system.
https://robertdebock.nl/
Apache License 2.0
7 stars 2 forks source link

Fedora 29: openvas-scanner.service fails to start #2

Closed blaisep closed 4 years ago

blaisep commented 5 years ago

Describe the bug A clear and concise description of what the bug is. The openvas-scanner.service fails to start.

To Reproduce Steps to reproduce the behavior:

  1. Run this role: using commit 336339b5404e4069a5b98f0cbad4f9a6dfa7d5aa and installing the requirements.yml ansible-playbook --ask-become-pass playbook.yml

  2. See error The console displays this ansible error:

    
TASK [robertdebock.openvas : install openvas (package)] ********************************************************************************************
ok: [localhost] => {"attempts": 1, "changed": false, "msg": "Nothing to do", "rc": 0, "results": ["Installed: openvas-cli", "Installed: openvas-scanner"]}

TASK [robertdebock.openvas : enable openvas] *** failed: [localhost] (item=openvas-scanner) => {"changed": false, "item": "openvas-scanner", "msg": "Unable to start service openvas-scanner: Job for openvas-scanner.service failed because the control process exited with error code.\nSee \"systemctl status openvas-scanner.service\" and \"journalctl -xe\" for details.\n"}

and also:

$ sudo journalctl -xe Dec 29 21:30:02 192.168.254.59 systemd[1]: Starting OpenVAS Scanner... -- Subject: Unit openvas-scanner.service has begun start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit openvas-scanner.service has begun starting up. Dec 29 21:30:02 192.168.254.59 openvassd[2696]: /usr/sbin/openvassd: symbol lookup error: /usr/sbin/openvassd: undefined symbol: nvticache_free Dec 29 21:30:02 192.168.254.59 systemd[1]: openvas-scanner.service: Control process exited, code=exited status=127 Dec 29 21:30:02 192.168.254.59 systemd[1]: openvas-scanner.service: Failed with result 'exit-code'. Dec 29 21:30:02 192.168.254.59 systemd[1]: Failed to start OpenVAS Scanner. -- Subject: Unit openvas-scanner.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- Unit openvas-scanner.service has failed.

-- The result is failed.


**Expected behavior**
A clear and concise description of what you expected to happen.

**Error**
Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv`

**Environment**
- Control node OS: Fedora 29 Linux  4.19.10-300.fc29.x86_64 #1 SMP Mon Dec 17 15:34:44 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
- Control node Ansible version: 
ansible 2.7.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/bpabon/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.7.1 (default, Nov 23 2018, 10:01:49) [GCC 8.2.1 20181105 (Red Hat 8.2.1-5)]

- Managed node OS: localhost (same as the control node)

**Additional context**
Add any other context about the problem here.
@robertdebock , I will install ARA and see if that provides more information.
robertdebock commented 5 years ago

I don't think ARA will help you here, the error seems to be:

/usr/sbin/openvassd: symbol lookup error: /usr/sbin/openvassd: undefined symbol: nvticache_free

I'll dive into this, maybe some required package is missing or so.

blaisep commented 5 years ago

Okay, I understand. Fedora 29 modular is pretty bleeding edge and I bet the openvas package maintainers can't keep up.

On Sat, Dec 29, 2018, 11:46 PM Robert de Bock <notifications@github.com wrote:

I don't think ARA will help you here, the error seems to be:

/usr/sbin/openvassd: symbol lookup error: /usr/sbin/openvassd: undefined symbol: nvticache_free

I'll dive into this, maybe some required package is missing or so.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robertdebock/ansible-role-openvas/issues/2#issuecomment-450544627, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPh-EzSoSPtU9n7jpt1ARvsgZVBOLhYks5u-G9FgaJpZM4Zkz64 .

robertdebock commented 5 years ago

I'm not sure if the OpenVAS release for Fedora 29 will work, the package listed in the repository for 28 differ quite a lot.

I also see similar problems.

Hope I can fix this.

blaisep commented 5 years ago

Oh shit. Harald is pissed off and I agree with him. I think that there seem to be two orgs supporting openvas: greenbone and atomiccorp. Maybe green bone is more responsive but I think both of them are not very concerned about the "community" edition.

On Sun, Dec 30, 2018, 12:46 AM Robert de Bock <notifications@github.com wrote:

I'm not sure if the OpenVAS release for Fedora 29 http://www3.atomicorp.com/channels/atomic/fedora/29/x86_64/RPMS/ will work, the package listed in the repository for 28 http://www3.atomicorp.com/channels/atomic/fedora/28/x86_64/RPMS/ differ quite a lot.

I also see similar problems https://bugzilla.redhat.com/show_bug.cgi?id=1636022.

Hope I can fix this.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robertdebock/ansible-role-openvas/issues/2#issuecomment-450546977, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPh-GqH7kGjgVflyMlEKHZCV7-VrmxKks5u-H1JgaJpZM4Zkz64 .

robertdebock commented 5 years ago

I've updated issue 1636022, I guess the release (openvas on Fedora 29) is just broken. Weird that there are not many people hitting this bug.

You can add some detail to issue 1636022 to emphasize the importance of the issue.

This bug is not easy to test in ci/cd because I use Docker images. Docker can't start services like a normal (virtual) machine can.

blaisep commented 5 years ago

Have you looked into the container tools that come with fedora (buildah, podman, cri-o, etc) they enable unprivileged containers and I think they allow restarting of services. I am just learning about them because I was getting frustrated with the Docker ecosystem and these guys seem to have a more comprehensive view. Ok, I will comment on the ticket and go to bed. Thanks

On Sun, Dec 30, 2018, 1:09 AM Robert de Bock <notifications@github.com wrote:

I've updated issue 1636022 https://bugzilla.redhat.com/show_bug.cgi?id=1636022, I guess the release (openvas on Fedora 29) is just broken. Weird that there are not many people hitting this bug.

You can add some detail to issue 1636022 https://bugzilla.redhat.com/show_bug.cgi?id=1636022 to emphasize the importance of the issue.

This bug is not easy to test in ci/cd because I use Docker images. Docker can't start services like a normal (virtual) machine can.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/robertdebock/ansible-role-openvas/issues/2#issuecomment-450547911, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPh-N8ZXOniGs6H4GWF0fzW0b9oW0BGks5u-ILAgaJpZM4Zkz64 .

robertdebock commented 5 years ago

Thanks @blaisep I'll have a look a little later.

For now I've added goss tests that fail. Maybe more distributions will start to fail

I'll release when the build gets stable, but for now without Fedora support.

It's been great to get your feedback, much appreciated!

robertdebock commented 4 years ago

Hi, closing this issue, because I'm going to archive this repository.