Skip to content

openvas Runbook

Metadata

Field Value
Service openvas
Criticality Tier 2
Owner Platform / Security owner
Namespace openvas
Clusters homelab
Last validated 2026-05-20
Related service page ../services/openvas.md

Trigger Conditions

  • Greenbone UI is unavailable.
  • Feed updates fail.
  • Scanner tasks fail repeatedly.
  • PostgreSQL, Redis, or PVC-backed feed data is degraded.

1. Health Checks

kubectl -n openvas get pods,svc,pvc,ingressroute,cronjob
kubectl -n openvas logs deploy/openvas --tail=200

2. Troubleshooting Workflows

Inspect feeds, DB, and scanner state:

kubectl -n openvas logs <scanner-pod> --tail=200
kubectl -n openvas logs statefulset/openvas-db --tail=100
kubectl -n openvas describe cronjob

Look for stale feeds, DB auth failures, and storage exhaustion.

3. Disaster Recovery

  1. Restore DB and feed storage.
  2. Restore runtime and feed-related secrets.
  3. Reconcile openvas/overlays/homelab.
  4. Validate UI access and a test scan submission.

4. Scaling and Resource Management

kubectl -n openvas top pod

Increase scanner or DB resources in Git if feed processing or scan jobs starve.

5. Maintenance Procedures

  • Rotate DB and feed credentials.
  • Schedule feed-intensive work outside peak hours.
  • Validate ingress and certificates after edge changes.

6. Rollback Strategy

  • Revert the overlay to the last working revision.
  • Restore the prior DB or feed snapshot if an update corrupts runtime state.

7. Post-Incident Actions

  1. Record the manual recovery in a changelog fragment.
  2. Update the service page if topology or feed handling changed.
  3. Add the incident signature to this runbook.