Hi,
I’ve just installed Greenbone Community Edition using docker, a technology I do not know much about (I chose it hoping that it could help me to quickly have a GCE box up and running to test it).
Apparently I am only able to scan the machine where GCE was installed on: if I try a simple scan of a different machine on the network i get the error “MQTT initialization failed” in the scan report.
The docker container for mqtt seems up and running, judging from the output of docker ps:
$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8200ff84e571 greenbone/gsa:stable "/usr/local/bin/entr…" 5 hours ago Up 3 hours 0.0.0.0:9392->80/tcp, :::9392->80/tcp greenbone-community-e
60a978da63ca greenbone/gvmd:stable "/usr/local/bin/entr…" 5 hours ago Up 3 hours greenbone-community-e
cfbe6dad2015 greenbone/ospd-openvas:stable "/usr/local/bin/entr…" 5 hours ago Up 3 hours greenbone-community-e
18b66ff9a416 greenbone/notus-scanner:stable "/usr/local/bin/entr…" 5 hours ago Restarting (1) 54 seconds ago greenbone-community-e
338801d46994 greenbone/redis-server "/bin/sh -c 'rm -f /…" 5 hours ago Up 3 hours greenbone-community-e
42a7826c853a greenbone/mqtt-broker "/bin/sh -c 'mosquit…" 5 hours ago Up 3 hours 0.0.0.0:1883->1883/tcp, :::1883->1883/tcp greenbone-community-e
ec7c7e605019 greenbone/pg-gvm:stable "/usr/local/bin/entr…" 5 hours ago Up 3 hours greenbone-community-e
Can someone please suggest how to troubleshoot this issue?
Hi, with the command docker logs I’ve found the following errors in the logs of the notus-scanner machine:
Traceback (most recent call last):
File "/usr/local/bin/notus-scanner", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.9/dist-packages/notus/scanner/daemon.py", line 154, in main
run_daemon(
File "/usr/local/lib/python3.9/dist-packages/notus/scanner/daemon.py", line 116, in run_daemon
daemon = MQTTDaemon(client)
File "/usr/local/lib/python3.9/dist-packages/notus/scanner/messaging/mqtt.py", line 160, in __init__
self._client.connect()
File "/usr/local/lib/python3.9/dist-packages/notus/scanner/messaging/mqtt.py", line 66, in connect
return super().connect(
File "/usr/local/lib/python3.9/dist-packages/paho/mqtt/client.py", line 914, in connect
return self.reconnect()
File "/usr/local/lib/python3.9/dist-packages/paho/mqtt/client.py", line 1044, in reconnect
sock = self._create_socket_connection()
File "/usr/local/lib/python3.9/dist-packages/paho/mqtt/client.py", line 3685, in _create_socket_connection
return socket.create_connection(addr, timeout=self._connect_timeout, source_address=source)
File "/usr/lib/python3.9/socket.py", line 843, in create_connection
raise err
File "/usr/lib/python3.9/socket.py", line 831, in create_connection
sock.connect(sa)
socket.timeout: timed out
My guess is that the machine is not able to connect to the mqtt-broker, as the error mentions the file mqtt/client.py.
Another info extracted from the greenbone/ospd-openvas container’s logs seems to confirm that the main issue is the connection to the MQTT broker machine:
OSPD[8] 2022-10-20 12:58:14,941: WARNING: (ospd_openvas.messaging.mqtt) Could not connect to MQTT broker, error was: timed out. Trying again in 10s.
In the mqtt-broker machine’s logs I see both connection errors and success (but mostly errors):
1666261757: New connection from 172.18.0.1:47594 on port 1883.
1666261757: Client <unknown> disconnected due to protocol error.
1666262064: New connection from 172.18.0.1:48238 on port 1883.
1666262064: Client <unknown> disconnected due to protocol error.
1666262144: New connection from 172.18.0.1:54472 on port 1883.
1666262149: Client <unknown> disconnected: Success.
1666262149: New connection from 172.18.0.1:54474 on port 1883.
1666262155: Client <unknown> disconnected: Success.
1666262196: New connection from 172.18.0.1:36020 on port 1883.
1666262196: New client connected from 172.18.0.1:36020 as OpenVASVT (p2, c1, k1).
1666262198: Client OpenVASVT closed its connection.
Hi @bricks ,
I didn’t change the compose file (I guess you mean the docker-compose-22.4.yml file downloaded by the installation script).
And yes, I did restart both docker and the server multiple times.
This is the output of sudo docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8200ff84e571 greenbone/gsa:stable "/usr/local/bin/entr…" 47 hours ago Up 23 hours 0.0.0.0:9392->80/tcp, :::9392->80/tcp greenbone-community-edition_gsa_1
60a978da63ca greenbone/gvmd:stable "/usr/local/bin/entr…" 47 hours ago Up 23 hours greenbone-community-edition_gvmd_1
cfbe6dad2015 greenbone/ospd-openvas:stable "/usr/local/bin/entr…" 47 hours ago Up 23 hours greenbone-community-edition_ospd-openvas_1
18b66ff9a416 greenbone/notus-scanner:stable "/usr/local/bin/entr…" 47 hours ago Restarting (1) 19 seconds ago greenbone-community-edition_notus-scanner_1
338801d46994 greenbone/redis-server "/bin/sh -c 'rm -f /…" 47 hours ago Up 23 hours greenbone-community-edition_redis-server_1
42a7826c853a greenbone/mqtt-broker "/bin/sh -c 'mosquit…" 47 hours ago Up 23 hours 0.0.0.0:1883->1883/tcp, :::1883->1883/tcp greenbone-community-edition_mqtt-broker_1
ec7c7e605019 greenbone/pg-gvm:stable "/usr/local/bin/entr…" 47 hours ago Up 23 hours greenbone-community-edition_pg-gvm_1
I countered the same MTQQ initialization failed error.
I am using v 22.4 community edition container.
My postgres container log says “gvmd@gvmd ERROR: relation “public.meta” does not exist at character 19”
I did more searching and found the log for container ospd-openvas to contain:
OSPD[7] 2022-11-01 18:33:19,296: ERROR: (ospd_openvas.openvas) OpenVAS Scanner failed to load VTs. Command ‘[‘openvas’, ‘–update-vt-info’]’ returned non-zero exit status 1.
OSPD[7] 2022-11-01 18:33:19,296: ERROR: (ospd_openvas.daemon) Updating VTs failed.
I think the root-cause is not able to resync VTs correctly.
Could you give me a hint to continue? thanks
did you find a solution. My notus-scanner also kept on restarting. But my log to postgres container log says - “gvmd@gvmd ERROR: relation “public.meta” does not exist at character 19”
thanks a lot!
I decided to build 22.4 on ubnutu myself but encounter an error at the end with setting up admin password. It did not say :user created" and I look at the gvmd log it says:
libgvm base:CRITICAL:2022-11-01 23h06.11 utc:1515374: pidfile_create: failed to open pidfile: Permission denied
md main:MESSAGE:2022-11-01 23h07.40 utc:1515788: Greenbone Vulnerability Manager version 21.4.4 (DB revision 242)
This installation is much more complicated than i planned…
Thank you very much for you help.
Hi @silu,
unfortunately I did not find a solution and ended up building Greenbone CE from sources: the installation went smoothly (despitre the many steps) and I’m now testing the software intalles on ubuntu server 22.04.1.
I’ve got the exact same issue. Its odd because I have 3 identical boxes and only one has the issue. The only difference is the network they’re connected to. Did you ever get to the bottom of it ?
I have a similar issue here with MQTT failing to initialise and suddenly its no longer an error when I flush iptables. iptables seems to be blocking by default 127.0.0.1:1883 regardless of the fact that there isn’t any rules for 127.X.X.X.