Search code examples
packeropenvasgvm

Packer hangs at the end of my last command


I am wondering why my code hangs at the end of my build using OpenVAS Scanner. This is what it shows at the end:

==> Ubuntu AMI Builder: Provisioning with shell script: ../../pipeline/build/start.sh
    Ubuntu AMI Builder: Creating Data folder...
    Ubuntu AMI Builder: Running first start configuration...
    Ubuntu AMI Builder: Creating Openvas NVT sync user...
    Ubuntu AMI Builder: Wait for redis socket to be created...
    Ubuntu AMI Builder: Testing redis status...
    Ubuntu AMI Builder: Redis ready.
    Ubuntu AMI Builder: Creating NVT Plugins folder...
    Ubuntu AMI Builder: Fixing NVT Plugins folder...
    Ubuntu AMI Builder: Updating NVTs...
    Ubuntu AMI Builder: Removing leftover pid files from system
    Ubuntu AMI Builder: Starting Open Scanner Protocol daemon for OpenVAS...
    Ubuntu AMI Builder: Read and write capabilities for OpenVAS...
    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder: + Your OpenVAS Scanner image is now ready to use! +
    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder:
    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder: +++++++++ Tailing Logs +++++++++
    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++
    Ubuntu AMI Builder: OSPD[22021] 2021-04-15 03:44:05,252: INFO: (ospd.main) Starting OSPd OpenVAS version 20.8.1.

It is successful but hangs at the end of my script which confuses me so much. My last piece of the script is as follows:

####### Initiate ospd daemon for OpenVAS ########
echo "Starting Open Scanner Protocol daemon for OpenVAS..."
ospd-openvas --log-file /usr/local/var/log/gvm/ospd-openvas.log --unix-socket /data/ospd.sock --log-level INFO

while  [ ! -S /data/ospd.sock ]; do
    sleep 1
done

echo "Read and write capabilities for OpenVAS..."
chmod 666 /data/ospd.sock

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++"
echo "+ Your OpenVAS Scanner image is now ready to use! +"
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++"
echo ""
echo "++++++++++++++++++++++++++++++++"
echo "+++++++++ Tailing Logs +++++++++"
echo "++++++++++++++++++++++++++++++++"
tail /usr/local/var/log/gvm/*

Would anyone know why it hangs at the end after it has finished. I would appreciate any help if possible!

UPDATE: I updated the code without having -F at the end of the provisioner and it still continues to hang. I am unsure if ospd-openvas is the culprit but it should end with a loop if it doesn't apply the code. enter image description here

UPDATE UPDATE: Here is my provisioner template I am using:

    "provisioners": [
      {
        "type": "shell",
        "execute_command": "sudo -u root /bin/bash -c '{{.Path}}'",
        "scripts": [
          "../../pipeline/build/build_ami.sh",
          "../../pipeline/build/start.sh"
        ]
      }
    ]
  }

AND here are my debug logs once it hangs:

2021/04/15 13:12:40 packer-provisioner-shell plugin: [INFO] RPC client: Communicator ended with: 0
2021/04/15 13:12:40 packer-builder-amazon-ebs plugin: [DEBUG] Opening new ssh session
2021/04/15 13:12:40 packer-builder-amazon-ebs plugin: [DEBUG] starting remote command: sudo -u root /bin/bash -c '/tmp/script_2838.sh'
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Creating Data folder...[0m
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Running first start configuration...[0m
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Creating Openvas NVT sync user...[0m
2021/04/15 13:12:40 ui: [0;32m    Ubuntu AMI Builder: Wait for redis socket to be created...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Testing redis status...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Redis ready.[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Creating NVT Plugins folder...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Fixing NVT Plugins folder...[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Removing leftover pid files from system[0m
2021/04/15 13:12:41 ui: [0;32m    Ubuntu AMI Builder: Starting Open Scanner Protocol daemon for OpenVAS...[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: Read and write capabilities for OpenVAS...[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: + Your OpenVAS Scanner image is now ready to use! +[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: +++++++++++++++++++++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder:[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: +++++++++ Tailing Logs +++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: ++++++++++++++++++++++++++++++++[0m
2021/04/15 13:12:42 ui: [0;32m    Ubuntu AMI Builder: OSPD[22185] 2021-04-15 18:12:41,530: INFO: (ospd.main) Starting OSPd OpenVAS version 20.8.1.[0m
2021/04/15 13:26:44 ui error: Cancelling build after receiving interrupt
2021/04/15 13:26:44 packer-provisioner-file plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 packer-provisioner-file plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 packer-provisioner-shell plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 packer-builder-amazon-ebs plugin: Received interrupt signal (count: 1). Ignoring.
2021/04/15 13:26:44 Cancelling builder after context cancellation context canceled
2021/04/15 13:26:44 packer-builder-amazon-ebs plugin: Cancelling provisioning due to context cancellation: context canceled
2021/04/15 13:26:44 packer-builder-amazon-ebs plugin: Cancelling hook after context cancellation context canceled
2021/04/15 13:26:44 Cancelling provisioner after context cancellation context canceled
2021/04/15 13:26:44 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepSetGeneratedData'. Press enter to continue.[0m
2021/04/15 13:26:44 packer-provisioner-shell plugin: Retryable error: context canceled
2021/04/15 13:26:44 [INFO] (telemetry) ending shell
2021/04/15 13:26:50 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepConnect'. Press enter to continue.[0m
2021/04/15 13:26:51 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepCreateSSMTunnel'. Press enter to continue.[0m
2021/04/15 13:26:52 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepGetPassword'. Press enter to continue.[0m
2021/04/15 13:26:53 ui: ask: [1;32m==> Ubuntu AMI Builder: Pausing before cleanup of step 'StepRunSourceInstance'. Press enter to continue.[0m
2021/04/15 13:26:54 ui: [1;32m==> Ubuntu AMI Builder: Terminating the source AWS instance...[0m
2021/04/15 13:26:55 packer-builder-amazon-ebs plugin: [INFO] RPC endpoint: Communicator ended with: 0
2021/04/15 13:26:55 [INFO] 716 bytes written for 'stdout'
2021/04/15 13:26:55 [INFO] 0 bytes written for 'stderr'
2021/04/15 13:26:55 [INFO] RPC client: Communicator ended with: 0
2021/04/15 13:26:55 [INFO] RPC endpoint: Communicator ended with: 0
2021/04/15 13:26:55 packer-provisioner-shell plugin: [INFO] 716 bytes written for 'stdout'
2021/04/15 13:26:55 packer-provisioner-shell plugin: [INFO] 0 bytes written for 'stderr'
2021/04/15 13:26:55 packer-provisioner-shell plugin: [INFO] RPC client: Communicator ended with: 0

Solution

  • It hangs because you're doing the wrong thing. You do not want to run the OpenVAS service when provisioning an image, you only want to install it.

    The service should only be run when a machine using the image is started. In this case, you probably want to use systemd to start the service. I haven't installed the package myself, but I've checked online and it looks like it installs the requisite systemd configuration for you automatically, but it is probably best to check further by creating an instance of your image and seeing if the server is running. Based on your configuration above, I'd guess that those flags are the defaults anyway and so are probably not necessary. If they're not and you're really attached to them, then there is probably somewhere you can put a configuration file that'll be noticed by the system at startup, and failing that your provisioning script can use sed to put them in the systemd configuration files.

    Solution: don't run OpenVAS during provisioning.