Service paths wrong in docs?

Hello everyone,

I was installing OpenVAS according to this doc: Building GVM 21.04 — Greenbone Documentation documentation

After configuring services, gvmd and gsad wouldnt start because they didnt have access to /run/gvm/gsad(or gvmd).pid (sadly there werent any topics that could resolve it, they had different matters at hand or just said “fix permission”, but the permissions to the /run/gvm folders were correct and done according to the docs) I tried reinstalling another ubuntu vm, same problem, switched to debian, same problem.

For those having the same issue, here is a quick summary for my “fix”:
During the part in the docs where you create the service with “cat << EOF > $BUILD_DIR/gvmd.service”, replace “PIDFile=/run/gvm/gvmd.pid” with “PIDFILE=/run/gvmd/gvmd.pid”

create the directory: sudo mkdir /run/gvmd
apply permissions: sudo chown -R gvm:gvm /run/gvmd

Do the same for the gsad service (replacing gvmd with gsad of course)

I am pretty certain I followed the docs precisely, so my question is if there is anything wrong with the docs or are they just not updated for newer versions, or is this some other issue entirely?
I am trying to prevent some headache for others facing the same issue and I want to make sure everything in the docs and version compatablity is right.

OS: Debian 11
gsad: 21.4.4
gvmd: 21.4.5
openvas: 21.4.4
open-lib: 21.4.4
postgresql: 13 (postgresql11 is used by the docs, but apt install on debian gets me 13, so 13 it is)

DISCARD THE FIX.
It isnt a fix… The /run folders are gone after reboot, I am stupid

Yes the directories are removed and created automatically by systemd. But nevertheless you have been right about the paths. It should be /run/gvmd and /run/gsad. I’ve updated the docs accordingly just now.

4 Likes

Thank you for the quick reply and edit!
I think the gsad service in the docs still is missing something, for me it would still error because it cant access /run/gsad/gsad.pid, understandable, because the directory wasnt there, systemd probably didnt create it.

I think I “fixed” it by adding:
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775

I dont have much linux experience, so take this with many grains of salt.

Also, since I have you here, i dont know if it will help anyone, but I certainly overlooked one thing when using "gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value gvmd --get-users --verbose | grep admin | awk '{print $2}'", could you add a disclaimer that you may need to run

/usr/local/sbin/gvmd --modify-setting 78eceaec-3385-11ea-b237-28d24461215b --value /usr/local/sbin/gvmd --get-users --verbose | grep admin | awk '{print $2}'" instead in case gvmd returns an error/ isnt found? I dont want to be too pushy making suggesstions, thank you for your help and work!

I had the same problem. The reason is that, indeed, there are some miscrepancies, or inconsistencies, in the documentation at Building GVM 21.04 — Greenbone Documentation documentation.

Some points that you could consider Bricks?:

  1. In file “source/gsad-21.4.4/config/gsad.service.in”, environment variable GSAD_PID_DIR is expected in the PIDFile value, but is nowhere defined in the documentation, hence the PIDFile will end up being “/gsad.pid” with no permission, understandably.

  2. In file “source/ospd-openvas-21.4.4/config/ospd-openvas.service”, the PIDFile path is hardcoded. This works, but maybe should depend on an environment variable, for sake of consistency?

  3. In file “source/gvmd-21.4.5/config/gvmd.service.in”, variable GVM_RUN_DIR is used and is defined with value “/run/gvm” in the documentation, which is fine per se, but variable definition “GVMD_RUN_DIR=/run/gvmd” is used in section “Building gsad”, hence gsad will not find the gvmd pid file in /run/gvm/gvmd, when starting.

I’ve created Change: Set runtime directory and mode for systemd service file by bjoernricks · Pull Request #51 · greenbone/gsad · GitHub to add these settings.

1 Like

This got fixed after the 21.4.4 release.

Sadly that’s not possible because this project is a Python project and its build pipeline doesn’t support this.

Thanks for letting me know. Will be fixed with Update gvmd.service.in by bjoernricks · Pull Request #1793 · greenbone/gvmd · GitHub

2 Likes

And btw. our build from source guide docs are using different service files to be able to fix such issues as soon as possible. See Building GVM 21.04 — Greenbone Documentation documentation

1 Like

Does anyone still have that issue?

I followed the updated guide by @bricks but gsad service still won’t start. I’m trying this on ubuntu 20.04

ubuntu@server:~$ sudo systemctl start gsad
Job for gsad.service failed because a timeout was exceeded.
See "systemctl status gsad.service" and "journalctl -xe" for details.
ubuntu@server:~$ journalctl -xe
...
May 22 07:58:59 server systemd[1]: gsad.service: Can't open PID file /run/gsad/gsad.pid (yet?) after start: Operation not permitted
ubuntu@server:~$ ll /run | grep gsad
drwxrwsr-x  2 gvm      gvm        40 May 22 07:58 gsad/
ubuntu@server:~$ cat /etc/systemd/system/gsad.service
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service

[Service]
Type=forking
User=gvm
Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad --listen=192.168.0.1 --port=9392 --http-only
Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service

Service gvmd started successfully although it also had issue with pid.

ubuntu@server:~$ sudo systemctl status gvmd
● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/etc/systemd/system/gvmd.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-05-20 08:23:43 UTC; 1 day 23h ago
       Docs: man:gvmd(8)
   Main PID: 686 (gvmd)
      Tasks: 1 (limit: 4691)
     Memory: 130.1M
     CGroup: /system.slice/gvmd.service
             └─686 gvmd: Waiting for incoming connections

May 20 08:23:41 server systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
May 20 08:23:41 server systemd[1]: gvmd.service: Can't open PID file /run/gvmd/gvmd.pid (yet?) after start: Operation not permitted
May 20 08:23:43 server systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).

Hmm seems to be a bit strange. Could you please check the permissions of /run/gsad/? And also if that directory is or is not available after you stopped the service? Under normal circumstances systemd should create and remove /run/gsad with the defined permissions and ownership from the service file. One possible issue came to my mind, maybe you didn’t reload the service file after changing it. Did you run sudo systemctl daemon-reload?

2 Likes

Just checked.

  • the folder /run/gsad looks fine gvm:gvm
  • the folder is indeed deleted and recreated whenever service stops/starts with correct permissions.

Yeah, I did daemon-reload, all good.

Do you have any thoughts on where should I look further? @bricks which distro are you using?

Just saw we are mixing up gsad and gvmd. The service file was for gsad and the log output for gvmd. You need to take a look at the gvmd.service file for fixing the error.

1 Like

I wasn’t :slight_smile:
I just showed that gvmd service also had an issue with PID file but started successfully anyway.
Whilst gsad was not able to start.

What I did after syncing feeds is:

  • generate certs
  • copy systemd services
  • deamon-reload
  • start one by one: ospd-openvas, gvmd, gsad

services are exactly like in the official guide. I wonder if it have something to do with the distro.

I was able to solve the issue.

In gsad.service forgot to put the local IP address.

@BoandlKramer well. Maybe you can try my ansible script that installs openvas on debian 11? I think it’s up to date and works perfectly :slight_smile: (at least I hope so :slight_smile: )

https://github.com/EeroV/openvas-gvm

Eero

Hi together,

today I upgraded from 21.4.3 to 21.4.4 but I still have problems with starting gvmd and gsad. Both applications are missing their pidfiles or are unable to create them. Is the documention https://greenbone.github.io/docs/latest/21.04/source-build/index.html correct? I followed it very strictly to perform the update, used the unit files from there and also did systemctl daemon-reload (and even some reboots), but it still fails.

Operating system is Debian 10.

Regards, Christian

yes https://greenbone.github.io/docs/latest/21.04/source-build/index.html#starting-services-with-systemd should be correct. But I am not a systemd expert thus there may be bugs in them.

1 Like

The ospd-openvas service is okay, this one is starting with systemd. The two others not.

If I start the gvmd manually:

Version 21.4.4 creates the gvmd.pid under /run/gvm
Version 21.4.5 does not create any pid file, but it seems to need still /run/gvm to start (and not /run/gvmd)

So if the current version does not create a pid file, systemd would be unable to check for it. Is this new behavior expected? Is /run/gvm still correct or should it be /run/gvmd? Its still a bit messed up between these two pathes.

Regards, Christian

Alright, I found the problem. I updated the applications when they were running. So it happened that the binaries of gvmd and gsad were not replaced by the new versions. I overlooked that during the update yesterday.