Greenbone with Docker & Remote Postgres

ftrain · August 3, 2024, 5:30pm

I cannot get gvmd to connect to a remote postgres database. My yml works 100% until I try to do the remote postgres. Why remote, I want to use that server for multiple purposes…here is my gvmd section…seriously…help…

gvmd:
image: greenbone/gvmd:stable
restart: on-failure
environment:
db_user: gvmd1
db_password: gvmD1
db_host: lab_postgres_1 # Corrected to container name
db_port: 5432
db_name: gvmd

volumes:
  - gvmd_data_vol:/var/lib/gvm
  - scap_data_vol:/var/lib/gvm/scap-data/
  - cert_data_vol:/var/lib/gvm/cert-data
  - data_objects_vol:/var/lib/gvm/data-objects/gvmd
  - vt_data_vol:/var/lib/openvas/plugins
  - gvmd_socket_vol:/run/gvmd
  - ospd_openvas_socket_vol:/run/ospd
depends_on:
  - vulnerability-tests
  - scap-data
  - cert-bund-data
  - dfn-cert-data
  - data-objects
  - report-formats
networks:
  - lab_network_1

Note…I have also tried to replace the container name as the db host with IP address …still no good.

ftrain · August 3, 2024, 5:32pm

Note…the passwords and other info is shown as this is a test process only

cfi · August 5, 2024, 3:25pm

By quickly browsing / sifting through the following:

no indicator / evidence was found that these environmental variables are even supported. Looking further into the gvmd repository one can find the PR #1308 including:

This is currently only fully usable for local setups using UNIX domain sockets as authentication options for TCP/IP connections are still missing.

so it doesn’t look like such a remote connection is “natively” possible / supported.

ftrain · August 5, 2024, 6:37pm

So then alternate question…can I refer to an existing postgres container. Thereby it is not a remote postgres server. This allows me to uncouple the installation of postgres from the installation of greenbone.

rippledj · August 6, 2024, 3:56am

Here is my suggestion, but you will have to conduct the efforts to verify the process. I suggest downloading the gvmd repository and adjusting the docker-compose.yml file to build the gvmd container from the local repository instead of the remote one hosted by Greenbone on DockerHub. You can find some posts describing how to do this already on the forum.

Then, you can see in the the prod.Dockerfile that gvmd installs postgresql-client-13 and postgresql-client-common. From here I would modify the start-gvm.sh, which is called at the end of the prod.Dockerfile. You should configure the gvmd container’s PosgreSQL client to connect to a remote instance rather than using the psql_socket_vol and psql_data_vol volumes which are mounted to gvmd container when it starts.

ftrain · August 7, 2024, 11:42pm

Thank you greatly…I will do that (may take a week or two to get to it)…and will share that back on this feed.