Gvmd.service: Can't open PID file /opt/gvm/var/run/gvmd/gvmd.pid (yet?) after start: Operation not permitted

heewey · April 22, 2022, 10:21am

My definied GVM components on Debian 11.3 Bullseye
Linux test-openvas 5.10.0-11-amd64 #1 SMP Debian 5.10.92-1 (2022-01-18) x86_64 GNU/Linux

sudo -u gvm gvmd --version
Greenbone Vulnerability Manager 21.4.5
Manager DB revision 242
Copyright (C) 2009-2021 Greenbone Networks GmbH
License: AGPL-3.0-or-later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

sudo -u gvm gsad --version
Greenbone Security Assistant 21.4.4

sudo -u gvm openvas --version
OpenVAS 21.4.4
gvm-libs 21.4.4
Most new code since 2005: (C) 2021 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Hello all,

I´m trying to upgrade my GSE from 21.4.3 to 21.4.4 (21.4.5) to a non-default folder /opt/gvm/

where I´m not able to start GVMD unit, it always fails with error

Apr 22 11:51:56 test-openvas systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
Apr 22 11:51:56 test-openvas systemd[1]: gvmd.service: Can't open PID file /opt/gvm/var/run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
Apr 22 11:53:26 test-openvas systemd[1]: gvmd.service: start operation timed out. Terminating.
Apr 22 11:53:26 test-openvas systemd[1]: gvmd.service: Failed with result 'timeout'.
Apr 22 11:53:26 test-openvas systemd[1]: Failed to start Greenbone Vulnerability Manager daemon (gvmd).

I´m pretty sure, that is it related to the non-default folder, and ospd-openvas and gsad services can start without error.

I´m able to use commands like sudo -u gvmd --get-scanners and so on, but I´m not able to avoid this error message and force the unit to correct start.

Deployment method:

export PKG_CONFIG_PATH=/opt/gvm/lib/pkgconfig:$PKG_CONFIG_PATH
export HOMEX=/opt/gvm &&\
export PATH=$PATH:/opt/gvm/sbin && export INSTALL_PREFIX=/opt/gvm && \
export SOURCE_DIR=$HOMEX/source && mkdir -p $SOURCE_DIR && \
export BUILD_DIR=$HOMEX/build && mkdir -p $BUILD_DIR && \
export INSTALL_DIR=$HOMEX/install && mkdir -p $INSTALL_DIR
export GVM_VERSION=21.4.5 && \
export GVM_LIBS_VERSION=21.4.4

tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz && \
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd && \
cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \
  -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
  -DCMAKE_BUILD_TYPE=Release \
  -DLOCALSTATEDIR=/opt/gvm/var \
  -DSYSCONFDIR=/opt/gvm/etc \
  -DGVM_DATA_DIR=/opt/gvm/var \
  -DGVM_RUN_DIR=/opt/gvm/var/run/gvmd \
  -DOPENVAS_DEFAULT_SOCKET=/opt/gvm/var/run/ospd/ospd-openvas.sock \
  -DGVM_FEED_LOCK_PATH=/opt/gvm/var/lib/gvm/feed-update.lock \
  -DSYSTEMD_SERVICE_DIR=/opt/gvm/lib/systemd/system \
  -DDEFAULT_CONFIG_DIR=/opt/gvm/etc/ \
  -DLOGROTATE_DIR=/opt/gvm/etc/logrotate.d \
  -DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql/ && \
make -j$(nproc) && \
make DESTDIR=$INSTALL_DIR install && \
cp -rv $INSTALL_DIR/* / && \
rm -rf $INSTALL_DIR/*

Unit:

gvmd.service
[Unit]
Description=Greenbone Vulnerability Manager daemon (gvmd)
After=network.target networking.service postgresql.service ospd-openvas.service
Wants=postgresql.service ospd-openvas.service
Documentation=man:gvmd(8)
ConditionKernelCommandLine=!recovery

[Service]
Type=forking
User=gvm
Group=gvm
PIDFile=/opt/gvm/var/run/gvmd/gvmd.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gvmd --osp-vt-update=/opt/gvm/var/run/ospd/ospd-openvas.sock --listen-group=gvm
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target

The reason why is not used runtime, suggested here: https://greenbone.github.io/docs/gvm-21.04/index.html#starting-services-with-systemd
is because the non-default folder /run/

RuntimeDirectory=gsad
RuntimeDirectoryMode=277
substituted by 
PIDFile=/opt/gvm/var/run/gvmd/gvmd.pid
WorkingDirectory=/opt/gvm

On the gvmd.log is just a repeating message:

md   main:MESSAGE:2022-04-22 10h16.04 utc:23342:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:   INFO:2022-04-22 10h16.06 UTC:23367: OSP service has different VT status (version 202204211024) from database (version 202109091021, 76222 VTs). Starting update ...

What I´m missing?
Any idea?

@cfi - some clue?

Thansk in advance.

heewey · April 22, 2022, 11:59am

Hello,

it seems to be an ingnored build option to move from /run/gvmd to different folder, in my case /opt/gvm/var/run/gvmd.

gvmd still expect /run/gvmd folder with gvm:gvm owner.

I´m digging deeper.

heewey · April 22, 2022, 2:03pm

I found the clue in CHANGELOG - source/gvmd-21.4.5/changelog/v21.4.5.md

# Changelog

All notable changes to this project will be documented in this file.

## [21.4.5] - 2022-02-22

## Added
* Backtrace output when a sigsegv occurs. [31ef2dc2b](https://github.com/greenbone/gvmd/commit/31ef2dc2b)
* Improve handling osp connection errors #1758 [bc73ac9c5](https://github.com/greenbone/gvmd/commit/bc73ac9c5)

## Changed
* Use GVMD_RUN_DIR instead of GVM_RUN_DIR [4ad3fa76a](https://github.com/greenbone/gvmd/commit/4ad3fa76a)
* Use full path GVMD_PID_PATH for PID files [a9be3d718](https://github.com/greenbone/gvmd/commit/a9be3d718)
* Replace blocking table locks with a non-blocking retry loop [3dc4a94b5](https://github.com/greenbone/gvmd/commit/3dc4a94b5)

## Bug Fixes
* Test if location is null in cve_scan_host to prevent an assertion error [1a54ae4ee](https://github.com/greenbone/gvmd/commit/1a54ae4ee)
* Choose correct scan launch function for OSP scans (Fix for #1705) [3a978264d](https://github.com/greenbone/gvmd/commit/3a978264d)

Then the solution should be to set this variable to the build process. Like this:

tar -C $SOURCE_DIR -xvzf $SOURCE_DIR/gvmd-$GVMD_VERSION.tar.gz && \
mkdir -p $BUILD_DIR/gvmd && cd $BUILD_DIR/gvmd && \
cmake $SOURCE_DIR/gvmd-$GVMD_VERSION \
  -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX \
  -DEXEC_PREFIX=$INSTALL_PREFIX \
  -DCMAKE_BUILD_TYPE=Debug \
  -DLOCALSTATEDIR=/opt/gvm/var \
  -DGVM_STATE_DIR=/opt/gvm/var \
  -DSYSCONFDIR=/opt/gvm/etc  \
  -DSYSCONF_INSTALL_DIR=/opt/gvm/var/run \
  -DGVM_DATA_DIR=/opt/gvm/var \
  -DGVMD_RUN_DIR=/opt/gvm/var/run/gvmd  \
  -DGVMD_PID_PATH=/opt/gvm/var/run/gvmd/gvmd.pid \
  -DOPENVAS_DEFAULT_SOCKET=/opt/gvm/var/run/ospd/ospd-openvas.sock \
  -DGVM_FEED_LOCK_PATH=/opt/gvm/var/lib/gvm/feed-update.lock \
  -DSYSTEMD_SERVICE_DIR=/opt/gvm/lib/systemd/system \
  -DDEFAULT_CONFIG_DIR=/opt/gvm/etc/ \
  -DLOGROTATE_DIR=/opt/gvm/etc/logrotate.d \
  -DPostgreSQL_TYPE_INCLUDE_DIR=/usr/include/postgresql/ && \
make && \
make DESTDIR=$INSTALL_DIRdoc && \
make DESTDIR=$INSTALL_DIR rebuild_cache && \
make DESTDIR=$INSTALL_DIR install && \
cp -rv $INSTALL_DIR/opt/gvm/* /opt/gvm && \
rm -rf $INSTALL_DIR/*

but - is not!!!

GVMD is somehow broken, I don’t know how to fix it now.

In the log is now message

md   main:MESSAGE:2022-04-22 13h56.39 utc:727:    Greenbone Vulnerability Manager version 21.4.5 (DB revision 242)
md manage:WARNING:2022-04-22 13h56.39 utc:727: Failed to open lock file '/run/gvmd/gvm-checking': No such file or directory
md   main:CRITICAL:2022-04-22 13h56.39 utc:727: gvmd: Error trying to get checking lock

heewey · April 26, 2022, 7:18am

Hello,

could please some of @DeeAnn or @bricks or @cfi confirm the behavior described in this thread?

My assumption is that is a BUG in GVMD. I would like to report it, but not until I have any confirmation.

Thansk.

bricks · April 26, 2022, 7:31am

@heewey could you double check if you really did rebuild and reinstall gvmd? The code for the lockfile path looks good to me https://github.com/greenbone/gvmd/blob/stable/src/utils.c#L571

cfi · April 26, 2022, 11:15am

While i understand that you would like to see a solution for the problem please try to avoid pinging specific users not involved in the current discussion:

I for myself have no technical knowledge on this topic and can’t contribute to it / give any hints but still received an unnecessary notification via Mail due to this tagging.

Thanks for your understanding.

simonchow · May 25, 2022, 9:56am

Hello all, I have encountered the same issue. Is there any solution yet? Thank you for the update!

bricks · May 25, 2022, 1:31pm

If you update from a previous build please ensure to do a clean build. At best delete the previous installation and build directories.

simonchow · May 25, 2022, 6:00pm

Thanks for your reply, but the issue still exists. I’ve deleted the installation and build directories already.
Fyi: I am following the guide here: https://www.libellux.com/openvas/#install-gvm-21-04-from-source

The error message is similar, but the path of the pid is a bit different:

● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/etc/systemd/system/gvmd.service; enabled; vendor preset: enabled)
     Active: activating (start) since Thu 2022-05-26 01:56:51 HKT; 11s ago
       Docs: man:gvmd(8)
    Process: 6365 ExecStart=/usr/local/sbin/gvmd --osp-vt-update=/run/ospd/ospd-openvas.sock --listen-group=gvm (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 18715)
     Memory: 316.0K
     CGroup: /system.slice/gvmd.service

May 26 01:56:51 server101 systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
May 26 01:56:51 server101 systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted

heewey · June 2, 2022, 11:58am

I gave up to run it from a separate folder - I followed the standard paths /etc/ /var/lib/ /var/run etc.

It took too much time to investigate the workaround and review the source code.