Latest GVM 22.8 by docker ospd-openvas keep restarting

volts · April 22, 2024, 9:20am

Hi gurus:
Please take a look and help out with some probe directions, thanks a lot!
as titled. i keep encountering this issue and get tracelog as this one:

greenbone-community-edition-ospd-openvas-1         |
greenbone-community-edition-ospd-openvas-1         | (openvas:16): sd   main-WARNING **: 09:16:20.976: init_logging: Can not open or create log file or directory. Please check permissions of log files listed in /etc/openvas/openvas_log.conf.
greenbone-community-edition-ospd-openvas-1         | OSPD[8] 2024-04-22 09:16:20,978: WARNING: (ospd_openvas.openvas) Could not gather openvas settings. Reason Command '['openvas', '-s']' returned non-zero exit status 1.
greenbone-community-edition-ospd-openvas-1         | Traceback (most recent call last):
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/bin/ospd-openvas", line 8, in <module>
greenbone-community-edition-ospd-openvas-1         |     sys.exit(main())
greenbone-community-edition-ospd-openvas-1         |              ^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/ospd_openvas/daemon.py", line 1264, in main
greenbone-community-edition-ospd-openvas-1         |     daemon_main('OSPD - openvas', OSPDopenvas, NotusParser())
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/ospd/main.py", line 114, in main
greenbone-community-edition-ospd-openvas-1         |     daemon = daemon_class(**vars(args))
greenbone-community-edition-ospd-openvas-1         |              ^^^^^^^^^^^^^^^^^^^^^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/ospd_openvas/daemon.py", line 452, in __init__
greenbone-community-edition-ospd-openvas-1         |     self.main_db = MainDB()
greenbone-community-edition-ospd-openvas-1         |                    ^^^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/ospd_openvas/db.py", line 609, in __init__
greenbone-community-edition-ospd-openvas-1         |     super().__init__(self.DEFAULT_INDEX, ctx)
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/ospd_openvas/db.py", line 431, in __init__
greenbone-community-edition-ospd-openvas-1         |     self.ctx = OpenvasDB.create_context(kbindex)
greenbone-community-edition-ospd-openvas-1         |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/ospd_openvas/db.py", line 102, in create_context
greenbone-community-edition-ospd-openvas-1         |     ctx = redis.Redis.from_url(
greenbone-community-edition-ospd-openvas-1         |           ^^^^^^^^^^^^^^^^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/redis/client.py", line 144, in from_url
greenbone-community-edition-ospd-openvas-1         |     connection_pool = ConnectionPool.from_url(url, **kwargs)
greenbone-community-edition-ospd-openvas-1         |                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/redis/connection.py", line 989, in from_url
greenbone-community-edition-ospd-openvas-1         |     url_options = parse_url(url)
greenbone-community-edition-ospd-openvas-1         |                   ^^^^^^^^^^^^^^
greenbone-community-edition-ospd-openvas-1         |   File "/usr/local/lib/python3.11/dist-packages/redis/connection.py", line 879, in parse_url
greenbone-community-edition-ospd-openvas-1         |     url.startswith("redis://")
greenbone-community-edition-ospd-openvas-1         |     ^^^^^^^^^^^^^^
greenbone-community-edition-ospd-openvas-1         | AttributeError: 'NoneType' object has no attribute 'startswith'
greenbone-community-edition-ospd-openvas-1 exited with code 1
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h16.21 UTC:163: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h16.31 UTC:164: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h16.41 UTC:165: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h16.51 UTC:166: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
greenbone-community-edition-openvas-1 exited with code 1
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h17.01 UTC:167: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h17.11 UTC:168: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
greenbone-community-edition-gvmd-1                 | md manage:WARNING:2024-04-22 09h17.21 UTC:169: osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock

My docker ps information:

CONTAINER ID   IMAGE                              COMMAND                  CREATED          STATUS                          PORTS                               NAMES
f0a011047c94   greenbone/gsa:stable               "/usr/local/bin/entr…"   19 minutes ago   Up 18 minutes                   0.0.0.0:80->80/tcp, :::80->80/tcp   greenbone-community-edition-gsa-1
ce18434d6449   greenbone/gvm-tools                "/usr/local/bin/entr…"   19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-gvm-tools-1
ec62d33bc5f9   greenbone/gvmd:stable              "/usr/local/bin/entr…"   19 minutes ago   Up 18 minutes                                                       greenbone-community-edition-gvmd-1
c849e018043d   greenbone/report-formats           "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-report-formats-1
601707c9d273   greenbone/dfn-cert-data            "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-dfn-cert-data-1
80c35f8a21c7   greenbone/ospd-openvas:stable      "/usr/bin/tini -- /u…"   19 minutes ago   Up Less than a second                                               greenbone-community-edition-ospd-openvas-1
5459899e2c50   greenbone/openvas-scanner:stable   "/bin/sh -c /usr/loc…"   19 minutes ago   Up 18 minutes                                                       greenbone-community-edition-openvasd-1
ff1629d30c98   greenbone/data-objects             "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-data-objects-1
e0160b6994c7   greenbone/vulnerability-tests      "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-vulnerability-tests-1
3216070519da   greenbone/notus-data               "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-notus-data-1
d50b300e816e   greenbone/cert-bund-data           "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-cert-bund-data-1
db2bf3dc0f15   greenbone/scap-data                "/bin/init.sh"           19 minutes ago   Exited (0) 18 minutes ago                                           greenbone-community-edition-scap-data-1
08301b580ac2   greenbone/openvas-scanner:stable   "/bin/sh -c 'cat /et…"   2 hours ago      Restarting (1) 20 seconds ago                                       greenbone-community-edition-openvas-1
c98c021c7fd4   greenbone/pg-gvm:stable            "/usr/local/bin/entr…"   2 hours ago      Up 2 hours                                                          greenbone-community-edition-pg-gvm-1
50f954afeb08   greenbone/redis-server             "/bin/sh -c 'rm -f /…"   2 hours ago      Up 2 hours                                                          greenbone-community-edition-redis-server-1
5d74f071edf3   greenbone/openvas-scanner:stable   "/bin/sh -c 'printf …"   2 hours ago      Exited (0) 19 minutes ago                                           greenbone-community-edition-configure-openvas-1
8a810b3d973c   greenbone/gpg-data                 "/bin/init.sh"           2 hours ago      Exited (0) 19 minutes ago                                           greenbone-community-edition-gpg-data-1

i am using this docker compose file

services:
  vulnerability-tests:
    image: greenbone/vulnerability-tests
    environment:
      STORAGE_PATH: /var/lib/openvas/22.04/vt-data/nasl
    volumes:
      - vt_data_vol:/mnt

  notus-data:
    image: greenbone/notus-data
    volumes:
      - notus_data_vol:/mnt

  scap-data:
    image: greenbone/scap-data
    volumes:
      - scap_data_vol:/mnt

  cert-bund-data:
    image: greenbone/cert-bund-data
    volumes:
      - cert_data_vol:/mnt

  dfn-cert-data:
    image: greenbone/dfn-cert-data
    volumes:
      - cert_data_vol:/mnt
    depends_on:
      - cert-bund-data

  data-objects:
    image: greenbone/data-objects
    volumes:
      - data_objects_vol:/mnt

  report-formats:
    image: greenbone/report-formats
    volumes:
      - data_objects_vol:/mnt
    depends_on:
      - data-objects

  gpg-data:
    image: greenbone/gpg-data
    volumes:
      - gpg_data_vol:/mnt

  redis-server:
    image: greenbone/redis-server
    restart: on-failure
    volumes:
      - redis_socket_vol:/run/redis/

  pg-gvm:
    image: greenbone/pg-gvm:stable
    restart: on-failure
    volumes:
      - psql_data_vol:/var/lib/postgresql
      - psql_socket_vol:/var/run/postgresql

  gvmd:
    image: greenbone/gvmd:stable
    restart: on-failure
    volumes:
      - gvmd_data_vol:/var/lib/gvm
      - scap_data_vol:/var/lib/gvm/scap-data/
      - cert_data_vol:/var/lib/gvm/cert-data
      - data_objects_vol:/var/lib/gvm/data-objects/gvmd
      - vt_data_vol:/var/lib/openvas/plugins
      - psql_data_vol:/var/lib/postgresql
      - /tmp/gvm/gvmd:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
      - psql_socket_vol:/var/run/postgresql
    depends_on:
      pg-gvm:
        condition: service_started
      scap-data:
        condition: service_completed_successfully
      cert-bund-data:
        condition: service_completed_successfully
      dfn-cert-data:
        condition: service_completed_successfully
      data-objects:
        condition: service_completed_successfully
      report-formats:
        condition: service_completed_successfully

  gsa:
    image: greenbone/gsa:stable
    restart: on-failure
    ports:
      - 80:80
    volumes:
      - /tmp/gvm/gvmd:/run/gvmd
    depends_on:
      - gvmd
  # Sets log level of openvas to the set LOG_LEVEL within the env
  # and changes log output to /var/log/openvas instead /var/log/gvm
  # to reduce likelyhood of unwanted log interferences
  configure-openvas:
    image: greenbone/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command: 
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 644 /mnt/openvas.conf
        chmod 644 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log
  # shows logs of openvas
  openvas:
    image: greenbone/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully

  openvasd:
    image: greenbone/openvas-scanner:stable
    restart: on-failure
    environment:
      # `service_notus` is set to disable everything but notus,
      # if you want to utilize openvasd directly removed `OPENVAS_MOD`
      OPENVASD_MOD: service_notus
      GNUPGHOME: /etc/openvas/gnupg
      LISTENING: 0.0.0.0:80
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
      - gpg_data_vol:/etc/openvas/gnupg
      - notus_data_vol:/var/lib/notus
    # enable port forwarding when you want to use the http api from your host machine
    # ports:
    #   - 127.0.0.1:3000:80
    depends_on:
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully
      gpg-data:
        condition: service_completed_successfully
    networks:
      default:
        aliases:
          - openvasd

  ospd-openvas:
    image: greenbone/ospd-openvas:stable
    restart: on-failure
    hostname: ospd-openvas.local
    cap_add:
      - NET_ADMIN # for capturing packages in promiscuous mode
      - NET_RAW # for raw sockets e.g. used for the boreas alive detection
    security_opt:
      - seccomp=unconfined
      - apparmor=unconfined
    command:
      [
        "ospd-openvas",
        "-f",
        "--config",
        "/etc/gvm/ospd-openvas.conf",
        "--notus-feed-dir",
        "/var/lib/notus/advisories",
        "-m",
        "666"
      ]
    volumes:
      - gpg_data_vol:/etc/openvas/gnupg
      - vt_data_vol:/var/lib/openvas/plugins
      - notus_data_vol:/var/lib/notus
      - ospd_openvas_socket_vol:/run/ospd
      - redis_socket_vol:/run/redis/
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    depends_on:
      redis-server:
        condition: service_started
      gpg-data:
        condition: service_completed_successfully
      vulnerability-tests:
        condition: service_completed_successfully
      configure-openvas:
        condition: service_completed_successfully

  gvm-tools:
    image: greenbone/gvm-tools
    volumes:
      - gvmd_socket_vol:/run/gvmd
      - ospd_openvas_socket_vol:/run/ospd
    depends_on:
      - gvmd
      - ospd-openvas

volumes:
  gpg_data_vol:
  scap_data_vol:
  cert_data_vol:
  data_objects_vol:
  gvmd_data_vol:
  psql_data_vol:
  vt_data_vol:
  notus_data_vol:
  psql_socket_vol:
  gvmd_socket_vol:
  ospd_openvas_socket_vol:
  redis_socket_vol:
  openvas_data_vol:
  openvas_log_data_vol:

volts · April 22, 2024, 10:35am

An update as solution.

starting from scratch:
ref this link

docker compose -f $DOWNLOAD_DIR/docker-compose.yml -p greenbone-community-edition down -v

performing a feed sync.
ref this link:Workflows - Greenbone Community Documentation
not know if it take effect or not, i change the docker compose file:

  configure-openvas:
    image: greenbone/openvas-scanner:stable
    volumes:
      - openvas_data_vol:/mnt
      - openvas_log_data_vol:/var/log/openvas
    command: 
      - /bin/sh
      - -c
      - |
        printf "table_driven_lsc = yes\nopenvasd_server = http://openvasd:80\n" > /mnt/openvas.conf
        sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
        chmod 666 /mnt/openvas.conf
        chmod 666 /mnt/openvas_log.conf
        touch /var/log/openvas/openvas.log
        chmod 666 /var/log/openvas/openvas.log

then start with the docker project again. no errors in logs anymore.

greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h16.58 UTC:67: Updating placeholder CPEs
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h17.15 UTC:67: Updating Max CVSS for DFN-CERT
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h17.18 UTC:67: Updating DFN-CERT CVSS max succeeded.
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h17.18 UTC:67: Updating Max CVSS for CERT-Bund
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h17.21 UTC:67: Updating CERT-Bund CVSS max succeeded.
greenbone-community-edition-pg-gvm-1               | 2024-04-22 10:17:23.818 UTC [285] ERROR:  canceling autovacuum task
greenbone-community-edition-pg-gvm-1               | 2024-04-22 10:17:23.818 UTC [285] CONTEXT:  while scanning block 54962 of relation "scap2.cpes"
greenbone-community-edition-pg-gvm-1               | 	automatic vacuum of table "gvmd.scap2.cpes"
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h17.24 UTC:67: update_scap_end: Updating SCAP info succeeded
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h17.31 UTC:160: OSP service has different VT status (version 202404220604) from database (version (null), 0 VTs). Starting update ...
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h22.48 UTC:160: Updating VTs in database ... 138583 new VTs, 0 changed VTs
greenbone-community-edition-gvmd-1                 | md manage:   INFO:2024-04-22 10h22.51 UTC:160: Updating VTs in database ... done (138583 VTs).
greenbone-community-edition-gvmd-1                 | event config:MESSAGE:2024-04-22 10h23.02 UTC:193: Scan config Base (d21f6c81-2b88-4ac1-b7b4-a2a9f2ad4663) has been created by admin
greenbone-community-edition-gvmd-1                 | event config:MESSAGE:2024-04-22 10h23.03 UTC:193: Scan config Discovery (8715c877-47a0-438d-98a3-27c7a6ab2196) has been created by admin
greenbone-community-edition-gvmd-1                 | event config:MESSAGE:2024-04-22 10h23.03 UTC:193: Scan config empty (085569ce-73ed-11df-83c3-002264764cea) has been created by admin
greenbone-community-edition-gvmd-1                 | event config:MESSAGE:2024-04-22 10h23.04 UTC:193: Scan config Full and fast (daba56c8-73ec-11df-a475-002264764cea) has been created by admin
greenbone-community-edition-gvmd-1                 | event config:MESSAGE:2024-04-22 10h23.04 UTC:193: Scan config Host Discovery (2d3f051c-55ba-11e3-bf43-406186ea4fc5) has been created by admin
greenbone-community-edition-gvmd-1                 | md manage:MESSAGE:2024-04-22 10h23.04 UTC:193: get_nvt_preference_by_id: name of preference 1.3.6.1.4.1.25623.1.0.100509:6 has changed from 'Report vulnerabilities of inactive Linux Kernel(s) separately' to 'Report vulnerabilities of inactive Linux Kernel(s) separately (only for GOS 21.04 and older)'.
greenbone-community-edition-gvmd-1                 | md manage:MESSAGE:2024-04-22 10h23.04 UTC:193: get_nvt_preference_by_id: name of preference 1.3.6.1.4.1.25623.1.0.111091:1 has changed from 'Report NVT debug logs' to 'Report VT debug logs'.
greenbone-community-edition-gvmd-1                 | event config:MESSAGE:2024-04-22 10h23.05 UTC:193: Scan config Log4Shell (e3efebc5-fc0d-4cb6-b1b4-55309d0a89f6) has been created by admin
greenbone-community-edition-gvmd-1                 | md manage:MESSAGE:2024-04-22 10h23.05 UTC:193: get_nvt_preference_by_id: name of preference 1.3.6.1.4.1.25623.1.0.100509:6 has changed from 'Report vulnerabilities of inactive Linux Kernel(s) separately' to 'Report vulnerabilities of inactive Linux Kernel(s) separately (only for GOS 21.04 and older)'.