GMP Master slave don't work

I am currently testing the new version of openvas gvm-libs 10. The goal is to set up a master/slave architecture in which the master will be the central point for centralizing the configuration of all the slaves that will be placed in remote networks and will have to respond to the orders of the gvm master.

I had tried this type of architecture (OMP slave) on the old version of openvas 9 but it didn’t work I couldn’t succeed because OMP couldn’t connect to remote OMPs.

Then I tried with remote scanners this to work but when the scans were too large (subnet /16) it caused scan stops, unmanageable overconsumption of resources and blocking the database again.

Today I am trying my chance again for a new one but I am facing the same problem.

It is impossible on GSA to create a GMP scanner because it automatically switches to port 9391, but when the GMP of the slave is listened to on a GMP port is no longer reachable.

And the openvas master can’t contact the GMP slave with the following error:

on Master :

lib  serv:WARNING:2019-04-19 14h24.08 UTC:30884: Failed to connect to server
md manage:WARNING:2019-04-19 14h24.08 UTC:30884: slave_connect: failed to open connection 
to X.X.X.X on 9391

On slave :

md   main:WARNING:2019-04-19 18h10.14 utc:1469: main: Main process is already running
md   main:MESSAGE:2019-04-19 18h10.58 utc:1504:    Greenbone Vulnerability Manager version 8.0.0 (DB revision 205)
util gpgme:MESSAGE:2019-04-19 18h10.58 utc:1505: Setting GnuPG dir to '/var/lib/gvm/gvmd/gnupg'
util gpgme:MESSAGE:2019-04-19 18h10.58 utc:1505: Using OpenPGP engine version '2.0.22'
md   main:WARNING:2019-04-19 18h13.36 utc:1644: read_from_client_tls: failed to read from client: 
The TLS connection was non-properly terminated.
md   main:WARNING:2019-04-19 18h14.01 utc:1656: read_from_client_tls: failed to read from client: 
The TLS connection was non-properly terminated.

So it is really possible to have a master/slave architecture with openvas. If so, can you help me solve this issue?

1 Like

Hi @gadget,

I’m shall start work with the same thing now but in dockerized containers.
On OpenVas 9 we first copied the masters servercert.pem and upload to the slave.
Then the communication went as planned :slight_smile:

Have you gotten gvm-libs 10 to work yet in your test?

Regards Falk

Isn’t this mainly a duplicate of GMP Scanner where more info are currently collected?

Edit As the discussion in that thread is going on with all involved people in this thread i’m closing this thread as a duplicate. Please let us know if this is wrong and we can still re-open it.

1 Like