0

I am wondering why my code hangs at the end of my build using OpenVAS Scanner. This is what it shows at the end:

==> Ubuntu AMI Builder: Provisioning with shell script: ../../pipeline/build/start.sh
    Ubuntu AMI Builder: Creating Data folder...
    Ubuntu AMI Builder: Running first start configuration...
    Ubuntu AMI Builder: Creating Openvas NVT sync user...
    Ubuntu AMI Builder: Wait for redis socket to be created...
    Ubuntu AMI Builder: Testing redis status...
    Ubuntu AMI Builder: Redis ready.
    Ubuntu AMI Builder: Creating NVT Plugins folder...
    Ubuntu AMI Builder: Fixing NVT Plugins folder...
    Ubuntu AMI Builder: Updating NVTs...
    Ubuntu AMI Builder: Removing leftover pid files from system
    Ubuntu AMI Builder: Starting Open Scanner Protocol daemon for OpenVAS...
    Ubuntu AMI Builder: Read and write capabilities for OpenVAS...
    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder: + Your OpenVAS Scanner image is now ready to use! +
    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder:
    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder: +++++++++ Tailing Logs +++++++++
    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder: OSPD[22021] 2021-04-15 03:44:05,252: INFO: (ospd.main) Starting OSPd OpenVAS version 20.8.1.

It is successful but hangs at the end of my script which confuses me so much. My last piece of the script is as follows:

####### Initiate ospd daemon for OpenVAS ########
echo "Starting Open Scanner Protocol daemon for OpenVAS..."
ospd-openvas --log-file /usr/local/var/log/gvm/ospd-openvas.log --unix-socket /data/ospd.sock --log-level INFO

while  [ ! -S /data/ospd.sock ]; do
    sleep 1
done

echo "Read and write capabilities for OpenVAS..."
chmod 666 /data/ospd.sock

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++"
echo "+ Your OpenVAS Scanner image is now ready to use! +"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++"
echo ""
echo "++++++++++++++++++++++++++++++++"
echo "+++++++++ Tailing Logs +++++++++"
echo "++++++++++++++++++++++++++++++++"
tail /usr/local/var/log/gvm/*

Would anyone know why it hangs at the end after it has finished. I would appreciate any help if possible!

UPDATE: I updated the code without having -F at the end of the provisioner and it still continues to hang. I am unsure if ospd-openvas is the culprit but it should end with a loop if it doesn't apply the code. enter image description here

UPDATE UPDATE: Here is my provisioner template I am using:

    "provisioners": [
      {
        "type": "shell",
        "execute_command": "sudo -u root /bin/bash -c '{{.Path}}'",
        "scripts": [
          "../../pipeline/build/build_ami.sh",
          "../../pipeline/build/start.sh"
        ]
      }
    ]
  }

AND here are my debug logs once it hangs:

2021/04/15 13:12:40 packer-provisioner-shell plugin: [INFO] RPC client: Communicator ended with: 0
2021/04/15 13:12:40 packer-builder-amazon-ebs plugin: [DEBUG] Opening new ssh session
2021/04/15 13:12:40 packer-builder-amazon-ebs plugin: [DEBUG] starting remote command: sudo -u root /bin/bash -c '/tmp/script_2838.sh'
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Creating Data folder...[0m
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Running first start configuration...[0m
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Creating Openvas NVT sync user...[0m
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Wait for redis socket to be created...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Testing redis status...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Redis ready.[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Creating NVT Plugins folder...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Fixing NVT Plugins folder...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Removing leftover pid files from system[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Starting Open Scanner Protocol daemon for OpenVAS...[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: Read and write capabilities for OpenVAS...[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: + Your OpenVAS Scanner image is now ready to use! +[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder:[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: +++++++++ Tailing Logs +++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: OSPD[22185] 2021-04-15 18:12:41,530: INFO: (ospd.main) Starting OSPd OpenVAS version 20.8.1.[0m
2021/04/15 13:26:44 ui error: Cancelling build after receiving interrupt
2021/04/15 13:26:44 packer-provisioner-file plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 packer-provisioner-file plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 packer-provisioner-shell plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 packer-builder-amazon-ebs plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 Cancelling builder after context cancellation context canceled
2021/04/15 13:26:44 packer-builder-amazon-ebs plugin: Cancelling provisioning due to context cancellation: context canceled
2021/04/15 13:26:44 packer-builder-amazon-ebs plugin: Cancelling hook after context cancellation context canceled
2021/04/15 13:26:44 Cancelling provisioner after context cancellation context canceled
2021/04/15 13:26:44 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepSetGeneratedData'. Press enter to continue.[0m
2021/04/15 13:26:44 packer-provisioner-shell plugin: Retryable error: context canceled
2021/04/15 13:26:44 [INFO] (telemetry) ending shell
2021/04/15 13:26:50 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepConnect'. Press enter to continue.[0m
2021/04/15 13:26:51 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepCreateSSMTunnel'. Press enter to continue.[0m
2021/04/15 13:26:52 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepGetPassword'. Press enter to continue.[0m
2021/04/15 13:26:53 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepRunSourceInstance'. Press enter to continue.[0m
2021/04/15 13:26:54 ui: [1;32m==> Ubuntu AMI Builder: Terminating the source AWS instance...[0m
2021/04/15 13:26:55 packer-builder-amazon-ebs plugin: [INFO] RPC endpoint: Communicator ended with: 0
2021/04/15 13:26:55 [INFO] 716 bytes written for 'stdout'
2021/04/15 13:26:55 [INFO] 0 bytes written for 'stderr'
2021/04/15 13:26:55 [INFO] RPC client: Communicator ended with: 0
2021/04/15 13:26:55 [INFO] RPC endpoint: Communicator ended with: 0
2021/04/15 13:26:55 packer-provisioner-shell plugin: [INFO] 716 bytes written for 'stdout'
2021/04/15 13:26:55 packer-provisioner-shell plugin: [INFO] 0 bytes written for 'stderr'
2021/04/15 13:26:55 packer-provisioner-shell plugin: [INFO] RPC client: Communicator ended with: 0
Roma
  • 535
  • 6
  • 18
  • what does the while loop do, what condition is `while [ ! -S /data/ospd.sock ];` checking? I dont recognize what `! -S` is supposed to be doing, so a guess is that it is looping forever, that would cause it to hang – chiliNUT Apr 15 '21 at 04:11
  • 1
    @chiliNUT The `! - S` is suppose to be if it cannot find `/data/ospd.sock` (the socket), then it will not process through. It will loop continuously. (I should give an error instead of looping actually.) Documentation can be found here for sockets: https://linuxize.com/post/bash-check-if-file-exists/. Thank you though for your response! – Roma Apr 15 '21 at 14:26

1 Answers1

1

It hangs because you're doing the wrong thing. You do not want to run the OpenVAS service when provisioning an image, you only want to install it.

The service should only be run when a machine using the image is started. In this case, you probably want to use systemd to start the service. I haven't installed the package myself, but I've checked online and it looks like it installs the requisite systemd configuration for you automatically, but it is probably best to check further by creating an instance of your image and seeing if the server is running. Based on your configuration above, I'd guess that those flags are the defaults anyway and so are probably not necessary. If they're not and you're really attached to them, then there is probably somewhere you can put a configuration file that'll be noticed by the system at startup, and failing that your provisioning script can use sed to put them in the systemd configuration files.

Solution: don't run OpenVAS during provisioning.

Software Engineer
  • 15,457
  • 7
  • 74
  • 102
  • that is correct. I pretty much just want to install OpenVAS on an image and then do runs. I'll have to look at OpenVAS's documentation to get a better understanding. – Roma Apr 15 '21 at 19:02