hello!
I am getting desperate, i am trying to make GVM work with the Official docker container of the community edition. I never had this problem before with other distros (i am using Ubuntu 22.04.1 LTS right now) i followed the step-by-step tutorial of the greenbone wiki, 3-4 times, even with clean OS instalations and nothing. Always the same error. The scan runs but in the end it gives “failed to connect to mqtt broker”. The logs says the same, i am fighting this for more than a week and it is setting me back.
I’ll try to look into it tomorrow. Maybe there is some general issue with the containers. At least I’ll give you some commands to dignose the problem.
Just started from scratch with our Greenbone Community Containers 22.4. It works on my machine as it should
> cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
> docker --version
Docker version 20.10.12, build 20.10.12-0ubuntu4
> docker-compose --version
docker-compose version 1.29.2, build unknown
First of all could you check the container state and the logs of the broker if there might be something suspicious?
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition ps mqtt-broker
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition logs mqtt-broker
Afterwards you could try if you can reach the broker from the ospd-openvas container
docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition exec ospd-openvas /bin/bash
apt-get update
apt-get install iputils-ping
ping mqtt-broker
Also your docker network should look similar to this
hello! thank you so mucj for the response. I can confirm eveything is checking right, but i can’t ping the broker.
Could you try to run dig for DNS name resolution checks?
> docker-compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition exec ospd-openvas /bin/bash
apt-get install bind9-dnsutils
it gives SERVFAIL. For some reason the mqtt-broker is not working, even though he is running. It’s really puzzling my mind
Personally I would try to re-create the network by stopping all containers and running
docker network prune greenbone-community-edition_default
and then restarting the containers.
Yep, still the same. Even flushed the DNS Cache and add a public dns. Nothing. really don’t have more ideas
is there any chance that the firewall is blocking something? the mqtt-broker from the container is remote right?
docker-compose creates an extra network namespace with an own IP address space. Also it should populate the defined aliases as DNS names docs/docker-compose-22.4.yml at main · greenbone/docs · GitHub and https://github.com/compose-spec/compose-spec/blob/master/spec.md#aliases
Maybe you could check if the mqtt broker container is listed in
docker network inspect greenbone-community-edition_default
Everything seems fine. That’s why i asked about the possibility of the firewall blocking something. The dns of the network checks and the broker is listed. I compared this machine with another one that the container works without any issue, and can’t figure out what is wrong. The only difference is this machine being a VM not owned by me or my network
Yes could be some firewall issue. Could also be an issue with the DNS on the host. AFAIK the DNS settings of the host are “copied” in some way into the containers. I am not an expert in this regard.