Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Openvas distributed architecture , master slave setup with common postgress database #109

Open
harshalgithub opened this issue Apr 4, 2022 · 12 comments
Assignees
Labels
enhancement New feature or request

Comments

@harshalgithub
Copy link

==========================

@immauss Sir,

If Possible, Please check below architecture diagram, Also Request you to find below kind of setup for MultiContainer ( mc ) build so it will be kind of Master-Slave ( Master will be Administrator GUI of GVM and Slave will be remote scanner only which is reachable via SSH connections) architecture,

https://securecompliance.gitbook.io/projects/gvm_image

https://github.com/Secure-Compliance-Solutions-LLC/GVM-Docker[](https://user-images.githubusercontent.com/9278569/148571575-dcf82388-886a-467a-b4e0-cc66bda883ea.png)

image

Will it be possible to make above kind of setup for your "mc" build, single Docker file/docker compose file.

==========================

@immauss
Copy link
Owner

immauss commented Apr 13, 2022

I've looked at this before, but not gotten that far with it.
In my current implementation of the multiple container build, I'm using a shared volume for the sockets. Greenbone does not yet give an option for TCP communications from gvmd to postgres, which is why there is the ssh forwarding in the Securecompliance containers.
I've also been a bit swamped lately, so not as much time to work on this as I would like.

@harshalgithub
Copy link
Author

Hi @immauss ,

Will it be possible for exposing these available ports [ GSA Web Interface (8080:9392) , 22/tcp for SSH, 9390/tcp GVM API Client, 5432/tcp PGSQL Client ] in your multi-container build, then this multi-container build will be more portable and scalable.

image

Please check feasibility in latest migration with pg13

@immauss
Copy link
Owner

immauss commented Jul 3, 2022

So ... I was hoping that GB would get close to this with their upcoming container implementation by adding some TCP connection options for postgresl <-> gvmd ... however, they seem to have chosen the same method I'm using which is a shared volume to hold the sockets. I'm not a fan of all the extra ssh connections to get this to work. Mainly because it seems like a lot of work and I just haven't had the time to put into it. I'm also not sure there is a huge use case for it. Most everyone I know is primarily interested in the single container option.

That said ... I'm pretty sure you could still make this work using my container and some fancy docker-compose options to add anything addition and setup some things differently. I'm going to leave this open as a reminder for something I might try to do in the future, but right now, I just don't have the bandwidth.

-Scott

@immauss
Copy link
Owner

immauss commented Sep 11, 2023

So GB has recently answered this still possible, and I have the directions on.
I'll start working on it soon, but it will likely be an option available to supporters.
I'll keep you posted.

@immauss immauss self-assigned this Sep 17, 2023
@harshalgithub
Copy link
Author

Hi @immauss , Is there any update on requested architecture enhancements ?

Thanks.

@harshalgithub harshalgithub reopened this Dec 22, 2023
@immauss
Copy link
Owner

immauss commented Dec 23, 2023 via email

@harshalgithub
Copy link
Author

harshalgithub commented Jan 2, 2024 via email

@immauss
Copy link
Owner

immauss commented Jan 2, 2024

It's actually easier than that.

The container will be run as a remote.

The remote is added as a another scanner to the Master.

You can then configure scan to run from the remote scanner.

It's a documented feature .... Well, it's not documented well.

I have it working, but need to write docs and some more scripts to make setup easier.

The tricky part, which isn't that tricky ...
is getting the certs from the master to the remote.

I've also not been able to do any testing with it yet either. I got side tracked updating the base image and resolving a few bugs.

@harshalgithub
Copy link
Author

harshalgithub commented Feb 7, 2024 via email

@immauss
Copy link
Owner

immauss commented Feb 8, 2024

Unfortunately, #242 has eaten up a ton of my time.

BTW ... one of the issues with everything on tcp, is still the postgres setup. Greenbone added a TCP connection option, but does not currently have a mechanism for setting the username/password for connecting to postgres. In my mind, this is a serious security concern when gvmd and postgresql are not co-located.

-Scott

@harshalgithub
Copy link
Author

harshalgithub commented Feb 16, 2024 via email

@immauss
Copy link
Owner

immauss commented Feb 16, 2024

I don't currently have on that is purely TCP.

The multi container compose file I do have is in the repo, but still shares a volume for sockets.

-Scott

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants