You have two possibilities either install gvm-tools in the gvmd container and run it inside or you need to adjust the volumes where the gvmd socket is stored. For the second solution you need to use a bind mount instead of a volume mount to /run/gvmd in the gvmd container. And you need to ensure that the user with the userid 1001 can read and write to the mounted directory.
Have installed inside the container but still cannot run the binary from outside, as it claims cannot be run as root.
ran again pip3 install gvm-tools (without the --user flag)
and added as suggested on the warning:
WARNING: The scripts gvm-cli, gvm-pyshell and gvm-script are installed in ā/root/.local/binā which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
with
root@a1145910cfc0:/# export PATH=$PATH:/root/.local/bin
but neither from outside the container with
docker exec -u 0 -it a1145910cfc0 gvm-cli
OCI runtime exec failed: exec failed: unable to start container process: exec: āgvm-cliā: executable file not found in $PATH: unknown
or inside it, I cannot use the gvm-cli command:
root@a1145910cfc0:/home# gvm-cli
Traceback (most recent call last):
File ā/root/.local/bin/gvm-cliā, line 8, in
sys.exit(main())
File ā/root/.local/lib/python3.9/site-packages/gvmtools/cli.pyā, line 64, in main
do_not_run_as_root()
File ā/root/.local/lib/python3.9/site-packages/gvmtools/helper.pyā, line 164, in do_not_run_as_root
raise RuntimeError(āThis tool MUST NOT be run as root user.ā)
RuntimeError: This tool MUST NOT be run as root user.
thanks for the update, I was writing in paralel to you
but yet still cannot call the binary:
docker-compose -f /home/administrator/greenbone-community-container/docker-compose-22.4.yml -p greenbone-community-edition exec gvmd /bin/bash
root@a1145910cfc0:/# apt update
Hit:1 http://deb.debian.org/debian stable InRelease
Hit:2 http://deb.debian.org/debian-security stable-security InRelease
Hit:3 http://deb.debian.org/debian stable-updates InRelease
Reading package listsā¦ Done
Building dependency treeā¦ Done
Reading state informationā¦ Done
All packages are up to date.
root@a1145910cfc0:/# apt install python3-pip
Reading package listsā¦ Done
Building dependency treeā¦ Done
Reading state informationā¦ Done
python3-pip is already the newest version (20.3.4-4+deb11u1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@a1145910cfc0:/# python3 -m pip install gvm-tools
Requirement already satisfied: gvm-tools in /root/.local/lib/python3.9/site-packages (22.6.1)
Requirement already satisfied: python-gvm>=21.5 in /root/.local/lib/python3.9/site-packages (from gvm-tools) (22.7.0)
Requirement already satisfied: paramiko<3.0.0,>=2.7.1 in /root/.local/lib/python3.9/site-packages (from python-gvm>=21.5->gvm-tools) (2.11.0)
Requirement already satisfied: lxml<5.0.0,>=4.5.0 in /root/.local/lib/python3.9/site-packages (from python-gvm>=21.5->gvm-tools) (4.9.1)
Requirement already satisfied: defusedxml<0.8,>=0.6 in /root/.local/lib/python3.9/site-packages (from python-gvm>=21.5->gvm-tools) (0.7.1)
Requirement already satisfied: bcrypt>=3.1.3 in /root/.local/lib/python3.9/site-packages (from paramiko<3.0.0,>=2.7.1->python-gvm>=21.5->gvm-tools) (3.2.2)
Requirement already satisfied: six in /root/.local/lib/python3.9/site-packages (from paramiko<3.0.0,>=2.7.1->python-gvm>=21.5->gvm-tools) (1.16.0)
Requirement already satisfied: cryptography>=2.5 in /root/.local/lib/python3.9/site-packages (from paramiko<3.0.0,>=2.7.1->python-gvm>=21.5->gvm-tools) (37.0.4)
Requirement already satisfied: pynacl>=1.0.1 in /root/.local/lib/python3.9/site-packages (from paramiko<3.0.0,>=2.7.1->python-gvm>=21.5->gvm-tools) (1.5.0)
Requirement already satisfied: cffi>=1.1 in /root/.local/lib/python3.9/site-packages (from bcrypt>=3.1.3->paramiko<3.0.0,>=2.7.1->python-gvm>=21.5->gvm-tools) (1.15.1)
Requirement already satisfied: pycparser in /root/.local/lib/python3.9/site-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko<3.0.0,>=2.7.1->python-gvm>=21.5->gvm-tools) (2.21)
root@a1145910cfc0:/# gosu gvmd bash
gvmd@a1145910cfc0:/$ gvm-cli socket --socketpath /run/gvmd/gvmd.sock --xml ā<get_version/>ā --pretty
bash: gvm-cli: command not found
gvmd@a1145910cfc0:/$ env
HOSTNAME=a1145910cfc0
PWD=/
HOME=/home/gvmd
TERM=xterm
SHLVL=2
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
gvmd@a1145910cfc0:/$ export PATH=$PATH:/root/.local/bin
gvmd@a1145910cfc0:/$ env
HOSTNAME=a1145910cfc0
PWD=/
HOME=/home/gvmd
TERM=xterm
SHLVL=2
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/.local/bin
_=/usr/bin/env
gvmd@a1145910cfc0:/$ gvm-cli socket --socketpath /run/gvmd/gvmd.sock --xml ā<get_version/>ā --pretty
bash: gvm-cli: command not found
as well from outside the container:
docker exec -u 0 -it a1145910cfc0 gvm-cli
OCI runtime exec failed: exec failed: unable to start container process: exec: āgvm-cliā: executable file not found in $PATH: unknown
yes, restored a snapshot and installed again then could run inside the container
now trying to fix how to run gvm-cli from the host machine directly, as still not working.
running from inside the gvmd container its ok:
gvmd@2f8536d8bd8f:/$ gvm-cli socket --socketpath /run/gvmd/gvmd.sock --xml ā<get_version/>ā --pretty
Enter username: vw
Enter password for vw:
<get_version_response status=ā200ā status_text=āOKā>
22.4
</get_version_response>
from outside, the file dont exists,
$ gvm-cli socket --socketpath /run/gvmd/gvmd.sock --xml ā<get_version/>ā --pretty
ERROR:gvmtools.cli:Socket /run/gvmd/gvmd.sock does not exist
as you mentioned, if on the composer.yml I change this block:
gvmd:
image: greenbone/gvmd:stable
restart: on-failure
volumes:
- gvmd_data_vol:/var/lib/gvm
- vt_data_vol:/var/lib/openvas
- psql_data_vol:/var/lib/postgresql
- gvmd_socket_vol:/run/gvmd
- ospd_openvas_socket_vol:/run/ospd
- psql_socket_vol:/var/run/postgresql
depends_on:
- pg-gvm
would change the mount point to be the external path?
My main goal here is to be possible to call gvm-cli from the machine straight away without calling the container, or using docker exec, as it also dont work properly:
$ docker exec --user gvmd 2f8536d8bd8f gvm-cli socket --socketpath /run/gvmd/gvmd.sock --xml ā<get_version/>ā --pretty
Enter username: ERROR:gvmtools.cli:EOF when reading a line
As I wrote you need a bind mount. The short syntax is /path/to/your/dir/on/the/host:/path/in/the/container for example /tmp/greenbone/run/gvmd:/run/gvmd. Afterwards you can access the gvmd socket at /tmp/greenbone/run/gvmd/gvmd.sock on the host. And please be aware that the user 1001 need to be able to read and write to /tmp/greenbone/run/gvmd/. Also the directory must exists before starting the container.
I am having pretty much the same issue, I would like to access the socket outside the container (from my host), but am having trouble mounting the bind volume, added the following bind mount to the docker-compose file:
But am being met with an error when starting the containers:
ERROR: for greenbone-community-edition_gvmd_1 Cannot create container for service gvmd: invalid mount config for type "bind": bind source path does not exist: /run/gvmd
Now could I have got the syntax wrong in the compose file? or is this an issue with finding the socket path inside the container, as far as I can see it should be obvious enough as itās listed under volumes: like gvmd_socket_vol:/run/gvmd. Iām not too sure where this is going wrong. any help would be appreciated.
So in removing the old volume, the GSA container cannot talk to gvmd_1 as it cannot connect to the socketā¦
gsa_1 | gsad gmp:WARNING:2022-08-16 12h40.40 utc:13: Failed to connect to server at /run/gvmd/gvmd.sock: Connection refused
gsa_1 | gsad gmp:WARNING:2022-08-16 12h40.40 utc:13: Authentication failure for 'admin' from 10.1.10.164. Status was 1.
as this line - gvmd_socket_vol:/run/gvmd creates a docker socket, so would it be easier for me to create another contain which contains the external application that would interact with GVMD. My goal here is to build an API that can interact with GVMD via a ācustomer facingā web UI.
I thought that right after I made the post, however itās not worked, still get the same error:
gsa_1 | gsad gmp:WARNING:2022-08-16 13h53.13 utc:12: Failed to connect to server at /run/gvmd/gvmd.sock: No such file or directory
gsa_1 | gsad gmp:WARNING:2022-08-16 13h53.13 utc:12: Authentication failure for 'admin' from 10.1.10.164. Status was 1.
no socket file is created the /home/<user>/greenbone-community-container/socket/gvmd directory. Docker is very new to me so Iām not very well caught up on how everything fits together.