Hi all, this is for the troubleshooting section. I just updated my Kali (6.6.9-1kali1) with latest “apt update” packages and there was an update to PostgreSQL 16. This seems to have messed up my installation as I can no longer login to Greenbone OpenVAS. The error is:
“An error occurred during making the request. Most likely the web server does not respond.”
I stopped the services with
sudo gvm-stop
and then ran gvm-check-setup
$ sudo gvm-check-setup
[sudo] password for xxxxxxxx:
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 22.7.9.
OK: Notus Scanner is present in version 22.6.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 88438 NVTs.
OK: The notus directory /var/lib/notus/products contains 456 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-openvas service is active.
OK: ospd-OpenVAS is present in version 22.6.2.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 23.1.0.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
/usr/bin/gvm-check-setup: line 390: [: too many arguments
/usr/bin/gvm-check-setup: line 397: [: too many arguments
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | libc | fr_FR.UTF-8 | fr_FR.UTF-8 | | |
ERROR: The new extension pgcrypto does not exist for gvmd database
FIX: Run 'sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database'
ERROR: Your GVM-23.11.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
My postgreSQL is 16+257 running on port 5432 and the service is active.
||/ Name Version Architecture Description
+++-==============-============-============-==================================================
ii postgresql 16+257 all object-relational SQL database (supported version)
I’m assuming the PostgreSQL update implemented some newer crypto which maybe openVAS can’t yet deal with. What can I do here ?
The fix to recreate from scratch a new DB won’t work for me AS I already have a database with a lot of work already in it so I can’t create a new one.
Finally, after a reboot problem is entirely solved. Apt never told me about a service that potentially needed a reboot so I didn’t assume it was necessary. It is Linux after all.
Unfortunately I’m back to square one after another restart this afternoon. Its the same error as we saw at the top. I tried running the FIX command and that doesn’t work either.
gvm-check-setup 23.11.0
Test completeness and readiness of GVM-23.11.0
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 22.7.9.
OK: Notus Scanner is present in version 22.6.2.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: the mqtt_server_uri is defined in /etc/openvas/openvas.conf
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 88442 NVTs.
OK: The notus directory /var/lib/notus/products contains 456 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-openvas service is active.
OK: ospd-OpenVAS is present in version 22.6.2.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 23.1.0.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
/usr/bin/gvm-check-setup: line 390: [: too many arguments
/usr/bin/gvm-check-setup: line 397: [: too many arguments
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | libc | fr_FR.UTF-8 | fr_FR.UTF-8 | | |
**ERROR: The new extension pgcrypto does not exist for gvmd database**
FIX: Run 'sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database'
ERROR: Your GVM-23.11.0 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
┌──(XXXXXXX㉿XXXXXXX)-[~]
└─$ sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database
[i] User _gvm already exists in PostgreSQL
[i] Database gvmd already exists in PostgreSQL
[i] Role DBA already exists in PostgreSQL
[*] Applying permissions
NOTICE: le rôle « _gvm » est déjà un membre du rôle « dba »
GRANT ROLE
[i] Extension uuid-ossp already exists for gvmd database
[i] Extension pgcrypto already exists for gvmd database
[i] Remove old parts from DB for new pg-gvm extension
NOTICE: la vue « result_new_severities_dynamic » n'existe pas, poursuite du traitement
NOTICE: la vue « result_new_severities » n'existe pas, poursuite du traitement
NOTICE: la vue « result_new_severities_static » n'existe pas, poursuite du traitement
NOTICE: la vue « result_overrides » n'existe pas, poursuite du traitement
NOTICE: la fonction hosts_contains() n'existe pas, poursuite du traitement
NOTICE: la fonction max_hosts() n'existe pas, poursuite du traitement
NOTICE: la fonction regexp() n'existe pas, poursuite du traitement
[*] Creating extension pg-gvm
**ERREUR: l'extension « pg-gvm » n'est pas disponible**
DETAIL: N'a pas pu ouvrir le fichier de contrôle d'extension « /usr/share/postgresql/15/extension/pg-gvm.control » : Aucun fichier ou dossier de ce type.
HINT: Les extensions doivent tout d'abord être installées sur le système où PostgreSQL est exécuté.
In looking at gvmd.log there are a significant amount of postgreSQL errors…
(7)
md manage:WARNING:2024-02-29 15h55.27 utc:8622: sql_exec_internal: SQL: SELECT value FROM public.meta WHERE name = 'database_version';
md manage:WARNING:2024-02-29 15h55.27 utc:8622: sql_x: sql_exec_internal failed
md manage:MESSAGE:2024-02-29 15h55.27 utc:8622: No SCAP database found
md manage:MESSAGE:2024-02-29 15h55.27 utc:8622: No CERT database found
md manage:MESSAGE:2024-02-29 15h55.27 utc:8622: db_extension_available: Extension 'pg-gvm' is not available.
md manage:WARNING:2024-02-29 15h55.27 utc:8622: check_db_extensions: A required extension is not available.
md manage:WARNING:2024-02-29 15h55.27 utc:8622: init_manage_create_functions: failed to create functions
md main:MESSAGE:2024-02-29 15h56.58 utc:9166: Greenbone Vulnerability Manager version 23.1.0 (DB revision 255)
md manage:WARNING:2024-02-29 15h56.58 utc:9167: sql_exec_internal: PQexec failed: ERREUR: la relation « public.meta » n'existe pas
LINE 1: SELECT value FROM public.meta WHERE name = 'database_version...
^
(7)
md manage:WARNING:2024-02-29 15h56.58 utc:9167: sql_exec_internal: SQL: SELECT value FROM public.meta WHERE name = 'database_version';
md manage:WARNING:2024-02-29 15h56.58 utc:9167: sql_x: sql_exec_internal failed
md manage:MESSAGE:2024-02-29 15h56.58 utc:9167: No SCAP database found
md manage:MESSAGE:2024-02-29 15h56.58 utc:9167: No CERT database found
md manage:MESSAGE:2024-02-29 15h56.58 utc:9167: db_extension_available: Extension 'pg-gvm' is not available.
md manage:WARNING:2024-02-29 15h56.58 utc:9167: check_db_extensions: A required extension is not available.
md manage:WARNING:2024-02-29 15h56.58 utc:9167: init_manage_create_functions: failed to create functions
To fix the pg-gvm extension missing error, you need to install the pg-gvm package that matches your newly updated version of PostgreSQL. See the Kali Linux troubleshooting guide for instructions on this specific topic (Item number 3 when migrating a PostgreSQL cluster) and more complete instructions for managing PostgreSQL errors with Greenbone.
Ok finally I have a solution and it was truly bizarre but its fixed consistently now.
I tried your steps to upgrade from 15 to 16 and it went without issue but I seemed to be obliged at the end to create a new gvm user (so I got the impression that the upgrade emptied the DB).
Ultimately what I found was that I had two clusters that were identical, one on pgSQL 15 and the other on pgSQL 16.
The 15 was the online functioning cluster, the 16 was offline (both used the same port number so only one could run at a time). I decided to stop version 15
sudo pg_ctlcluster 15 main stop
and start the 16
sudo pg_ctlcluster 16 main start
Thanks to your links earlier I would’ve never known these commands (I know nothing about DB’s) and voila, the gvm-check-setup ran without issue. It was a hunch that the 16 contained the same data as the 15 as I was lucky.
For the reasons as to why it worked randomly, I remember at every reboot just before login appeared, I’d see an error about postgresql-1X service failing to start (sometimes it was 15, sometimes 16). Clearly there was a fight each reboot for which one would win, if 16 would win I’d have a functioning OpenVAS, if 15 would win, I’d have nothing. Why the randomly chose each other I have no idea, I thought there’d be a logical choice each time from a conf, but anyway its fixed and I’m chuffed.