GVM 11 from the Source with ansible

For which OS did you make it?

I would definitely be interested in this :slight_smile:

Sounds interesting!
Do you mind to share the link?

Would be nice to see how others did this. I tried to do it with some bash script to have it compile from source automated by jenkins. Might be fine to have an idea what I could do better …!

Yes I’m interested on it. Please could you send the link? Thank you

yes, please do. I’m interested to see it.

Also I’m very interested… Please, post it on github!!

Here is the playbook. It works for me but i can’t guarantee for everyone. It based on the howto

https://sadsloth.net/post/install-gvm11-src-on-debian/

feedbacks are welcome

1 Like

I’ll be taking a look at that. Thanks for your contribution!

1 Like

Just started looking at this, and it’s really gonna be a time saver for me, so thank you very much.
I do have one question. In tasks/main.yml, you have a couple of spots where you are checking if a file exists, and only running a task if it doesn’t. Was there a reason you chose to do it that way, instead of achieving idempotency using the “creates” keyword? Was this a style choice? My bias is usually to make playbooks as short and sweet as possible, which is the only reason I ask.

For example, instead of doing this:

- name: check if /opt/gvm/lib/libgvm_base.so  exist
  stat:
    path: /opt/gvm/lib/libgvm_base.so 
  register: libgvm

- name: make gvm-libs 
  command: /opt/gvm/install-stuff/build.sh
  become: yes
  become_user: gvm
  args:
    chdir:  /opt/gvm/src/gvm-libs
  when: libgvm.stat.exists == False

Do this:

- name: make gvm-libs 
  command: /opt/gvm/install-stuff/build.sh
  become: yes
  become_user: gvm
  args:
    chdir:  /opt/gvm/src/gvm-libs
    creates: /opt/gvm/lib/libgvm_base.so
2 Likes

Thanks for the hint. I am working with ansible only a couple of days … so there is a lot of room to make it better … I will change this

I borrowed your playbook and I’m adapting it to Centos 8.1. I’ll share it when I’ve got it working, and perhaps someone can make it ansible_os_family aware.

1 Like

For some reasons I cannot get it work… Service gvmd.service doesn’t start…
(I’m on Centos 8.2.2004)

Job for gvmd.service failed because a timeout was exceeded.
See “systemctl status gvmd.service” and “journalctl -xe” for details.

(no details useful in journalctl…)

What do you see in the gvmd log? (/opt/gvm/var/log/gvm/gvmd.log)

md main:MESSAGE:2020-06-26 14h23.31 utc:178301: Greenbone Vulnerability Manager version 9.0.1~git-f17f9a71-gvmd-9.0 (GIT revision f17f9a71-gvmd-9.0) (DB revision 221)
md manage:WARNING:2020-06-26 14h23.31 utc:178302: sql_exec_internal: PQexec failed: ERROR: permission denied to set role “dba”
(7)
md manage:WARNING:2020-06-26 14h23.31 utc:178302: sql_exec_internal: SQL: SET role dba;
md manage:WARNING:2020-06-26 14h23.31 utc:178302: sqlv: sql_exec_internal failed

Assuming you are doing this on a test system, do you have /etc/ld.so.conf.d/gvm.conf configured? It should have /opt/gvm/lib in it, and you should run ldconfig to make the system aware of it.

Also, you might check that the database is configured correctly for the gvm user.

how can I check the database?
ld.so.conf is as you say: /opt/gvm/lib is in gvm.conf

You might check this post.

Install postgres database server

AS ROOT:
yum install -y postgresql-server postgresql-contrib postgresql-server-devel
/usr/bin/postgresql-setup --initdb
systemctl enable postgresql
systemctl start postgresql

Configure postgres database

(not secure, on to-do list is to configure this with a password…)

AS ROOT:
sudo -Hiu postgres
createuser gvm
createdb -O gvm gvmd
psql gvmd
create role dba with superuser noinherit;
grant dba to gvm;
create extension “uuid-ossp”;
create extension “pgcrypto”;
\q
exit

systemctl restart postgresql

I think for some reason was missing “grant dba to gvm”…
I will investigate it, for now thank you for your help!

1 Like

peektwice repo on Github disappeared?

https://github.com/peektwice/gvm-ansible indeed throws a 404… :frowning: