openvas Runbook¶
Metadata¶
| Field | Value |
|---|---|
| Service | openvas |
| Criticality | Tier 2 |
| Owner | Platform / Security owner |
| Namespace | openvas |
| Clusters | homelab |
| Last validated | 2026-05-20 |
| Related service page | ../services/openvas.md |
Trigger Conditions¶
- Greenbone UI is unavailable.
- Feed updates fail.
- Scanner tasks fail repeatedly.
- PostgreSQL, Redis, or PVC-backed feed data is degraded.
1. Health Checks¶
kubectl -n openvas get pods,svc,pvc,ingressroute,cronjob
kubectl -n openvas logs deploy/openvas --tail=200
2. Troubleshooting Workflows¶
Inspect feeds, DB, and scanner state:
kubectl -n openvas logs <scanner-pod> --tail=200
kubectl -n openvas logs statefulset/openvas-db --tail=100
kubectl -n openvas describe cronjob
Look for stale feeds, DB auth failures, and storage exhaustion.
3. Disaster Recovery¶
- Restore DB and feed storage.
- Restore runtime and feed-related secrets.
- Reconcile
openvas/overlays/homelab. - Validate UI access and a test scan submission.
4. Scaling and Resource Management¶
Increase scanner or DB resources in Git if feed processing or scan jobs starve.
5. Maintenance Procedures¶
- Rotate DB and feed credentials.
- Schedule feed-intensive work outside peak hours.
- Validate ingress and certificates after edge changes.
6. Rollback Strategy¶
- Revert the overlay to the last working revision.
- Restore the prior DB or feed snapshot if an update corrupts runtime state.
7. Post-Incident Actions¶
- Record the manual recovery in a changelog fragment.
- Update the service page if topology or feed handling changed.
- Add the incident signature to this runbook.