INFOS TO MIGRATE FROM OPENVAS 7 TO GVM 9

There are a lot of changes between OpenVas 7 and GVM 9: names,
directories, ... Upstream does not officially support such migration.
We tried to document how to update and eventually migrate the database.

IMPORTANT INFORMATION
We highly recommends to keep a copy of your old data in case something goes
wrong during migration.

In Debian a special user is created for GVM.
The GVM user is _gvm. You will have to change permissions
to grant access to old OpenVas files to this user.

You can also keep some configuration files, certificates, database,
users...


These instructions are valid if you have a standard Debian installation
(created with the script openvas-setup). If you changed the installation,
you will need to adapt the instructions. Please also read upstream
information: https://github.com/greenbone/gvmd/blob/gvmd-9.0/INSTALL.md


## MINIMAL REQUIRED CHANGES

# CHANGE OWNER in /var/lib/openvas
All the files / directories in /var/lib/openvas/gnupg/* and
/var/lib/openvas/plugins/* must be owned by _gvm:_gvm.
$ sudo chown -R _gvm:_gvm /var/lib/openvas/gnupg
$ sudo chown -R _gvm:_gvm /var/lib/openvas/plugins

# REMOVE REDIS DATABASE
Upstream renames the hash type entry of the DB 0 in redis: from
OpenVAS.__GlobalDBIndex to GVM.__GlobalDBIndex

We have to remove the redis database:
(restart is required to give access to _gvm user)
$ systemctl restart redis-server@openvas.service
$ sudo runuser -u _gvm -- redis-cli -s /var/run/redis-openvas/redis-server.sock flushall
$ systemctl restart redis-server@openvas.service

# OTHER REQUIREMENTS / CHECKS
You need to use the same postgresql major version than we used to build gvmd
with the default port 5432.
The required version can be found here: /usr/share/gvmd/postgresql-version

Once you started the postgresql.service, you can check which version of
postgresql uses the port 5432 with:
pg_lsclusters


If you don't want to keep the data, you can now run gvm-setup
and after run gvm-start.


## TO KEEP THE DATA

# If you changed the password policy
move /etc/openvas/pwpolicy.conf to /etc/gvm/

# If you changed the default configuration of openvasmd_log
you can check configuration /etc/openvas/openvasmd_log.conf) you should
report your changes on the new file /etc/gvm/gvmd_log.conf
OR 
move /etc/openvas/openvasmd_log.conf to /etc/gvm/gvmd_log.conf
And replace the file name /var/log/openvas/openvasmd.log with
/var/log/gvm/gvmd.log

# Copy data
$ sudo cp -r /var/lib/openvas/cert-data/* /var/lib/gvm/cert-data
$ sudo cp -r /var/lib/openvas/scap-data/* /var/lib/gvm/scap-data

$ sudo chown -R _gvm:_gvm /var/lib/gvm/cert-data/*
$ sudo chown -R _gvm:_gvm /var/lib/gvm/scap-data/*

$ sudo cp -r /var/lib/openvas/openvasmd/* /var/lib/gvm/gvmd
$ sudo chown -R _gvm:_gvm /var/lib/gvm/gvmd

$ sudo cp -r /var/lib/openvas/CA /var/lib/gvm
$ sudo cp -r /var/lib/openvas/private/* /var/lib/gvm/private

$ sudo chown -R _gvm:_gvm /var/lib/gvm/CA
$ sudo chown -R _gvm:_gvm /var/lib/gvm/private/*


## DATABASE MIGRATION
We need to switch to postgresql before update the database. By default in
Openvas 9 (previous version in Debian) the installation was in sqlite 3.

# Copy database (if standard installation using sqlite 3 DB)
$ sudo cp /var/lib/openvas/mgr/tasks.db /var/lib/gvm/gvmd/gvmd.db
$ sudo chown _gvm:_gvm /var/lib/gvm/gvmd/gvmd.db

# Create the postgresql DB
$ systemctl start postgresql
$ sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database

# Migrate the gvmd.db to postgresql database (but still old revision
of openvas Database)
* if Openvas 9 was installed with sqlite 3 DB (standard installation in
  Debian/Kali)
$ sudo runuser -u _gvm -- openvas-9-migrate-to-postgres
$sudo -u postgres sh
$ psql gvmd
gvmd=# TRUNCATE nvts CASCADE;
gvmd=# TRUNCATE nvt_preferences;
gvmd=# exit
$ exit

* OR if Openvas 10 was installed, you must use the gvm-migrate-to-postgres
script as _gvm user.

* OR if you already used a postgresql db
rename database to gvmd:
$ sudo -u postgres sh
$ psql --command='ALTER DATABASE tasks RENAME TO gvmd;'
$ exit

# Migrate postgresql database to latest GVM database revision
$ sudo runuser -u _gvm -- gvmd --migrate


## UPDATE DATA
Run greenbone-sync-scapdata and cert-data + iana ports update.
$ sudo runuser -u _gvm -- greenbone-certdata-sync
$ sudo runuser -u _gvm -- greenbone-scapdata-sync
$ wget https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
$ sudo runuser -u _gvm -- gvm-portnames-update service-names-port-numbers.xml
$ rm service-names-port-numbers.xml


## Check the scanner
$ sudo runuser -u _gvm -- gvmd --get-scanners
Socket used by default should be /var/run/ospd/ospd.sock
Change it with the option modify-scanner and scanner-host
$ sudo runuser -u _gvm -- gvmd --modify-scanner=your-scanner-ID --scanner-host=/var/run/ospd/ospd.sock

You must restart redis-server@openvas.service


## START GVM
Now you can start gvm with gvm-start.

The first start is very long.
You can check the logs in /var/log/gvm/
