Is it possible to move an existing docker based installation of the community edition to a new host?
If so how would one approach this:
Regards,
Koen
Did you take a look at the logs for possible issues or at the errors tab of the corresponding report?
For a migration you only need to copy the contents of the psql_data_vol volume which contains the postgres database. The other volumes will be re-created with the correct content automatically.
Problem is, I can’t seem to find a good reference how to get to logs (inside which container?) and where to look for them.
I tried your suggestion to just restore the psql_data_vol, but am still getting the Interrupted issue when running existing or new tasks.
I also tried this:
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition rm -s -f redis-server ospd-openvas
docker volume rm greenbone-community-edition_redis_socket_vol
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d
This can have several causes not even related to your migration. Therefore we need to take a look at the logs.
I wasn’t aware that this might be a problem as users of our containers should be familiar with docker and docker compose. Getting logs is easy and more or less standard docker procedure. Nevertheless I did take this as invitation to add some hints to our docs.
Thanks for adding those log pointers. Very helpfull.
As for the move:
After some trial and error it seems to be going OK now, except maybe for the following log entries for targets with credentials:
libgvm util:WARNING:2024-02-01 15h58.24 CET:3181: error decrypting credential: No secret key <GPGME>
libgvm util: INFO:2024-02-01 15h58.24 CET:3181: encrypted to keyid D409A503586C7384, algo=1: No secret key <GPGME>
lib nasl:MESSAGE:2024-02-01 15h00.53 utc:43571: win_cmd_exec: Invalid input arguments
This is how I managed it in the end:
# ---- old host ----
# create folder in your pwd
mkdir archive
# get volume names
docker volume ls
# Backup source volume
source_volume=greenbone-community-edition_psql_data_vol
backup_date=$(date +"%Y%m%d")
docker run --tty --rm --interactive --volume ${source_volume}:/source --volume ${PWD}/archive:/backup ubuntu:jammy tar czvf /backup/${source_volume}_${backup_date}.tar.gz -C /source .
# ---- new host ----
# create folder in your pwd
mkdir archive
# copy file from old to new host's archive folder
# replace placeholders with actual values
scp <remote_user>@<oldserver>:archive/<backup_file_name>.tar.gz archive
# Restore backup
restore_archive=<backup_file_name>.tar.gz
target_volume=greenbone-community-edition_psql_data_vol
docker run --tty --rm --interactive --volume ${target_volume}:/target --volume ${PWD}/archive:/backup ubuntu:jammy tar xzvf /backup/${restore_archive} -C /target
# install Greenbone community containers
# see GB community site for instructions
# I used the script, but restarted it using my yml file
# Start greenbone
# make sure $DOWNLOAD_DIR is part of your env
docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition up -d
I suppose this is the culprit. /var/lib/gvm/gvmd/gnupg in the gvmd container contains the gpg key for encrypting the credentials. I wasn’t aware of this directory and that encrypting the credentials is activated by default (or did you activate it by intention?). You need to copy the content of this directory to your new gvmd container.