I can tell you that I do use the Master/Slave setup and there is at least one
other person on this list who uses the same model. Its pretty simple. The
slaves just perform the actual scanning of the host and their disk usage is
constant. I have one the slaves in AWS and one in the new IBM cloud (my
company has instances in both clouds right now). Both slaves are using 20GB of
disk. The number of CPUs and RAM is totally dependent on how many hosts you
want to scan at a time.
The master I have is running on VMWare. This is where it uses the DB. Right
now I am using the sqlite DB but I am thinking of going to Postgresql for
better performance. Generally I can run about 5-10 scans (using a subset of
the full and deep profile).
I will say that even if you are using a slave the master is being hit. The
slave is the host reaching out to the end point doing the scanning. However,
the slave scanner is CONSTANTLY updating the master with results. And from
what I can get from the logs the Master is updating the slave with new marching
orders.
If you are going to go over to postgresql do not bother doing the slaves. Only
worry about the master. The same is true with Reds. Only worry about the
Master. The slaves can be swapped in and out very quickly with little effort.
I even started writing a build script that I was thinking of pumping in to AWS
cloud formation so it could build a new slave on demand. However, it just
takes too long to download the NVTs. So I have a script to stop and start the
AWS slave as needed.
As far as building OpenVAS with Postgresql from scratch I am sure there are
directions some where. But to be honest its so simple to install fully
functional base system its not even funny. Then chaining over to postgresql is
simple. Why make it harder then it needs to be.
Louis
:::::
Louis Bohm - Sr. Systems Engineer
Dell TechDirect Certified
> On Apr 23, 2018, at 8:21 AM, Frieder Schlesier <fschles...@gk-software.com>
> wrote:
>
> Hi folks,
>
> we are trying to set up an infrastructure with multiple scanner-slaves in
> different locations and one central GVM+GSA. Also we want to use Postgres as
> DB Backend.
>
> So far, a few questions came up:
>
> 1) Is it possible to run the Postgres on a different machine than GVM+GSA? If
> yes: how? I was not able to find a definite place for configuration :(
> So far I found a couple mentions of psql and sqlite calls in source code and
> some wrapper scripts. Depending on the current stance about this topic in the
> community, we are willing to share our solution with you all. If you are
> interested ;-)
>
> 2) As far as I understand, openvas-scanner needs a redis-service and access
> to (a local) NVT database. Does it also require connection to SCAP and CERT
> data or (probably in our case) the central Postgres?
>
> 3) I found a couple tutorials online, how to set up openvas9 with postgres.
> Sadly those all mention the "migrate-to-postgres" script, which (afaik)
> require a running setup with SQLite. Is it also possible to setup openvas9
> using postgres without having to build the sqlite version beforehand? Any
> vage hints?
>
> Thanks in advance :)
>
> --
>
> Mit freundlichen Grüßen / Best regards
> Frieder Schlesier
> IT-Service
> ______________________
> GK Software SE
> Waldstraße 7 | 08261 Schöneck | Germany
> www.gk-software.com
> Sitz der Gesellschaft / Registered Office of the Company: Waldstr. 7 | 08261
> Schöneck | Germany
> Aufsichtsratsvorsitzender / Chairman of the Supervisory Board: Uwe Ludwig
> Vorstand/Management Board: Rainer Gläß (CEO), Andre Hergert
> Amtsgericht Chemnitz HRB 31501 / Commercial Register Chemnitz HRB 31501
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
