Adding haproxy support to openvas

modules/Puppetfile

@@ -192,7 +192,7 @@ mod 'maestrodev/wget',
 
 mod 'biemond/wildfly',
     :git => 'https://github.com/biemond/biemond-wildfly.git',
-    :ref => 'v.2.0.0'
+    :ref => 'v4.0.0'
 
 mod 'hunner/wordpress',
     :git => 'https://github.com/hunner/puppet-wordpress.git',
@@ -310,6 +310,8 @@ mod 'bodgit/zfs',
     :git => 'https://github.com/bodgit/puppet-zfs.git',
     :ref => 'v3.0.0'
 
+mod 'cirrax-borgbackup', '1.8.1'
+
 mod 'deric/beegfs',
     :git => 'https://github.com/deric/puppet-beegfs.git',
     :ref => 'v1.0.0'

modules/enableit/borgbackup/metadata.json

@@ -33,7 +33,7 @@
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 3.2.0 < 5.0.0"
+      "version_requirement": ">= 3.2.0 < 10.0.0"
     },
     {
       "name": "puppetlabs/concat",

modules/enableit/common/data/subscriptions/bronze.yaml

@@ -11,6 +11,6 @@ common::system::updates::noop_value: false
 
 common::setup::obmondo_admin::manage: true
 common::setup::obmondo_admin::enable: true
-common::setup::obmondo_admin::noop_value: false
-common::monitor::noop_value: false
+common::setup::obmondo_admin::noop_value: true
+common::monitor:noop_value: false
 common::openvox::noop_value: false

modules/enableit/eit_haproxy/manifests/init.pp

@@ -38,19 +38,20 @@
   }
 
   if $configure == 'auto' {
-    # NOTE: Needed this, we install our own haproxy 2.9 on centos7
-    if versioncmp($facts.dig('haproxy_version'), '2.5.0') >= 0 {
-      $_service = @(EOT)
-        [Service]
-        ExecStartPre=
-        ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q
-        | EOT
+    if $facts['packages']['haproxy'] {
+      if versioncmp($facts['packages']['haproxy']['version'], '2.5.0') >= 0 {
+        $_service = @(EOT)
+          [Service]
+          ExecStartPre=
+          ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q
+          | EOT
 
-      systemd::dropin_file { 'haproxy_dropin':
-        filename => 'haproxy-override.conf',
-        unit     => 'haproxy.service',
-        content  => $_service,
-        notify   => Service['haproxy'],
+        systemd::dropin_file { 'haproxy_dropin':
+          filename => 'haproxy-override.conf',
+          unit     => 'haproxy.service',
+          content  => $_service,
+          require  => Package['haproxy'],
+        }
       }
     }
 

modules/enableit/functions/metadata.json

@@ -36,7 +36,8 @@
       "operatingsystemrelease": [
         "12.04",
         "14.04",
-        "16.04"
+        "16.04",
+        "24.04"
       ]
     }
   ]

modules/enableit/netbackup/metadata.json

@@ -9,7 +9,7 @@
   "issues_url": "https://github.com/andskli/puppet-netbackup/issues",
   "tags": ["netbackup", "backup"],
   "dependencies": [
-    {"name":"puppetlabs-stdlib","version_requirement":">= 4.7.0 < 6.0.0"},
+    {"name":"puppetlabs-stdlib","version_requirement":">= 4.7.0 < 10.0.0"},
     {"name":"saz/limits","version_requirement":">= 2.1.0 < 4.0.0"},
     {"name":"thias/sysctl","version_requirement":">= 1.0.0 < 3.0.0"},
     {"name":"spiette/selinux","version_requirement":">= 0.5.4 < 2.0.0"}

modules/enableit/nfs/metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "enableit-nfs",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "author": "EnableIT",
   "summary": "NFS Client and Server",
   "license": "Apache-2.0",
@@ -48,7 +48,7 @@
     },
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": "4.x.x"
+      "version_requirement": "10.x.x"
     },
     {
       "name": "enableit/eit_types"

modules/enableit/profile/manifests/openvox.pp

@@ -215,7 +215,6 @@
   }
 
   $facts_blocklist = [
-    'packages',
     'kmods',
     'network_ports',
     'login_defs',

modules/enableit/profile/manifests/scanner/openvas.pp

@@ -1,102 +1,70 @@
+# @summary Profile for managing the OpenVAS scanner
+#
+# @param install Whether to install the scanner. Inherited from the role role::scanner::openvas.
+#
 class profile::scanner::openvas (
-  Stdlib::Absolutepath   $install_dir                  = $role::scanner::openvas::install_dir,
   Boolean                $install                      = $role::scanner::openvas::install,
-  Stdlib::Host           $web_bind_address             = $role::scanner::openvas::web_bind_address,
-  Stdlib::Port           $web_port                     = $role::scanner::openvas::web_port,
-  Enum['service_notus']  $openvasd_mode                = $role::scanner::openvas::openvasd_mode,
-  Eit_types::Addressport $openvasd_addressport         = $role::scanner::openvas::openvasd_addressport,
-  Stdlib::Absolutepath   $storage_path                 = $role::scanner::openvas::storage_path,
-  String                 $registry                     = $role::scanner::openvas::registry,
-  Eit_types::Version     $vulnerability_tests_version  = $role::scanner::openvas::vulnerability_tests_version,
-  Eit_types::Version     $notus_data_version           = $role::scanner::openvas::notus_data_version,
-  Eit_types::Version     $scap_data_version            = $role::scanner::openvas::scap_data_version,
-  Eit_types::Version     $cert_bund_data_version       = $role::scanner::openvas::cert_bund_data_version,
-  Eit_types::Version     $dfn_cert_data_version        = $role::scanner::openvas::dfn_cert_data_version,
-  Eit_types::Version     $data_objects_version         = $role::scanner::openvas::data_objects_version,
-  Eit_types::Version     $report_formats_version       = $role::scanner::openvas::report_formats_version,
-  Eit_types::Version     $gpg_data_version             = $role::scanner::openvas::gpg_data_version,
-  Eit_types::Version     $redis_server_version         = $role::scanner::openvas::redis_server_version,
-  Eit_types::Version     $pg_gvm_version               = $role::scanner::openvas::pg_gvm_version,
-  Eit_types::Version     $gsa_version                  = $role::scanner::openvas::gsa_version,
-  Eit_types::Version     $gvmd_version                 = $role::scanner::openvas::gvmd_version,
-  Eit_types::Version     $openvas_scanner_version      = $role::scanner::openvas::openvas_scanner_version,
-  Eit_types::Version     $ospd_openvas_version         = $role::scanner::openvas::ospd_openvas_version,
-  Eit_types::Version     $gvm_tools_version            = $role::scanner::openvas::gvm_tools_version,
-  Eit_types::Version     $feed_release_version         = $role::scanner::openvas::feed_release_version,
-  Stdlib::Absolutepath   $data_mount_path              = $role::scanner::openvas::data_mount_path,
-  Stdlib::Absolutepath   $gvm_data_path                = $role::scanner::openvas::gvm_data_path,
-  Stdlib::Absolutepath   $openvas_plugins_path         = $role::scanner::openvas::openvas_plugins_path,
-  Stdlib::Absolutepath   $redis_socket_path            = $role::scanner::openvas::redis_socket_path,
-  Stdlib::Absolutepath   $gvmd_socket_path             = $role::scanner::openvas::gvmd_socket_path,
-  Stdlib::Absolutepath   $ospd_socket_path             = $role::scanner::openvas::ospd_socket_path,
-  Stdlib::Absolutepath   $psql_data_path               = $role::scanner::openvas::psql_data_path,
-  Stdlib::Absolutepath   $psql_socket_path             = $role::scanner::openvas::psql_socket_path,
-  Stdlib::Absolutepath   $openvas_config_path          = $role::scanner::openvas::openvas_config_path,
-  Stdlib::Absolutepath   $openvas_log_path             = $role::scanner::openvas::openvas_log_path,
-  Stdlib::Absolutepath   $notus_path                   = $role::scanner::openvas::notus_path,
 ) {
-  file { $install_dir:
+  file { '/opt/obmondo/docker-compose/openvas':
     ensure => ensure_dir($install),
     owner  => 'root',
     group  => 'root',
     mode   => '0755',
   }
 
-  file { "${install_dir}/docker-compose.yml":
+  file { '/opt/obmondo/docker-compose/openvas/docker-compose.yml':
     ensure  => ensure_present($install),
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
     content => epp('profile/scanner/openvas/docker-compose.yaml.epp', {
-      web_bind_address            => $web_bind_address,
-      web_port                    => $web_port,
-      openvasd_mode               => $openvasd_mode,
-      openvasd_addressport        => $openvasd_addressport,
-      storage_path                => $storage_path,
-      registry                    => $registry,
-      vulnerability_tests_version => $vulnerability_tests_version,
-      notus_data_version          => $notus_data_version,
-      scap_data_version           => $scap_data_version,
-      cert_bund_data_version      => $cert_bund_data_version,
-      dfn_cert_data_version       => $dfn_cert_data_version,
-      data_objects_version        => $data_objects_version,
-      report_formats_version      => $report_formats_version,
-      gpg_data_version            => $gpg_data_version,
-      redis_server_version        => $redis_server_version,
-      pg_gvm_version              => $pg_gvm_version,
-      gsa_version                 => $gsa_version,
-      gvmd_version                => $gvmd_version,
-      openvas_scanner_version     => $openvas_scanner_version,
-      ospd_openvas_version        => $ospd_openvas_version,
-      gvm_tools_version           => $gvm_tools_version,
-      feed_release_version        => $feed_release_version,
-      data_mount_path             => $data_mount_path,
-      gvm_data_path               => $gvm_data_path,
-      openvas_plugins_path        => $openvas_plugins_path,
-      redis_socket_path           => $redis_socket_path,
-      gvmd_socket_path            => $gvmd_socket_path,
-      ospd_socket_path            => $ospd_socket_path,
-      psql_data_path              => $psql_data_path,
-      psql_socket_path            => $psql_socket_path,
-      openvas_config_path         => $openvas_config_path,
-      openvas_log_path            => $openvas_log_path,
-      notus_path                  => $notus_path,
+      web_addressport             => '0.0.0.0:9392',
+      openvasd_mode               => 'service_notus',
+      storage_path                => '/var/lib/openvas/22.04/vt-data/nasl',
+      registry                    => 'registry.community.greenbone.net/community',
+      vulnerability_tests_version => '202502250742',
+      notus_data_version          => '202502250410',
+      scap_data_version           => '202502240506',
+      cert_bund_data_version      => '202502250409',
+      dfn_cert_data_version       => '202502250401',
+      data_objects_version        => '202502250505',
+      report_formats_version      => '202502250500',
+      gpg_data_version            => '1.1.0',
+      redis_server_version        => '1.1.0',
+      pg_gvm_version              => '22.6.7',
+      gsa_version                 => '24.3.0',
+      gvmd_version                => '25',
+      openvas_scanner_version     => '23.15.4',
+      ospd_openvas_version        => '22.8.0',
+      gvm_tools_version           => '25',
+      feed_release_version        => '24.10',
+      data_mount_path             => '/mnt',
+      gvm_data_path               => '/var/lib/gvm',
+      openvas_plugins_path        => '/var/lib/openvas/plugins',
+      redis_socket_path           => '/run/redis',
+      gvmd_socket_path            => '/run/gvmd',
+      ospd_socket_path            => '/run/ospd',
+      psql_data_path              => '/var/lib/postgresql',
+      psql_socket_path            => '/var/run/postgresql',
+      openvas_config_path         => '/etc/openvas',
+      openvas_log_path            => '/var/log/openvas',
+      notus_path                  => '/var/lib/notus',
     }),
-    require => File[$install_dir],
+    require => File['/opt/obmondo/docker-compose/openvas'],
   }
 
   firewall_multi { '000 allow openvas web interface':
     ensure => ensure_present($install),
-    dport  => [$web_port],
+    dport  => 443,
     proto  => 'tcp',
     jump   => 'accept',
   }
 
   docker_compose { 'openvas':
     ensure        => ensure_present($install),
     compose_files => [
-      "${install_dir}/docker-compose.yml",
+      '/opt/obmondo/docker-compose/openvas/docker-compose.yml',
     ],
-    require       => File["${install_dir}/docker-compose.yml"],
+    require       => File['/opt/obmondo/docker-compose/openvas/docker-compose.yml'],
   }
 }

modules/enableit/profile/manifests/virtualization/docker/cadvisor.pp

@@ -4,7 +4,7 @@
   Eit_types::Noop_Value $noop_value     = undef,
   Stdlib::Port          $listen_port    = 63392,
   String                $cadvisor_image = $role::virtualization::docker::cadvisor_image,
-) inherits profile::virtualization::docker {
+) {
 
   Exec {
     noop => $noop_value,

modules/enableit/profile/metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "enableit-profile",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "author": "EnableIT ApS",
   "summary": "Obmondo profiles",
   "license": "Proprietary",
@@ -16,7 +16,7 @@
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 4.1.0"
+      "version_requirement": ">= 9.x.x"
     },
     {
       "name": "enableit/eit_types"

modules/enableit/profile/templates/scanner/openvas/docker-compose.yaml.epp

@@ -95,7 +95,7 @@ services:
     image: <%= $registry %>/gsa:<%= $gsa_version %>
     restart: on-failure
     ports:
-      - <%= $web_bind_address %>:<%= $web_port %>:80
+      - <%= $web_addressport %>:80
     volumes:
       - gvmd_socket_vol:<%= $gvmd_socket_path %>
     depends_on:
@@ -144,7 +144,7 @@ services:
       # if you want to utilize openvasd directly removed `OPENVASD_MODE`
       OPENVASD_MODE: <%= $openvasd_mode %>
       GNUPGHOME: <%= $openvas_config_path %>/gnupg
-      LISTENING: <%= $openvasd_addressport %>
+      LISTENING: 0.0.0.0:80
     volumes:
       - openvas_data_vol:<%= $openvas_config_path %>
       - openvas_log_data_vol:<%= $openvas_log_path %>