diff --git a/projects/msp-tools/guru-rmm b/projects/msp-tools/guru-rmm index 09530c7..4eab210 160000 --- a/projects/msp-tools/guru-rmm +++ b/projects/msp-tools/guru-rmm @@ -1 +1 @@ -Subproject commit 09530c75eb97059427b4734dc55bfef8577c5dd8 +Subproject commit 4eab2100e9c5bf312df65f1a42f2ef66db33ab1a diff --git a/session-logs/2026-05-15-session.md b/session-logs/2026-05-15-session.md index 0492ca3..68287f4 100644 --- a/session-logs/2026-05-15-session.md +++ b/session-logs/2026-05-15-session.md @@ -828,3 +828,124 @@ CmdletName: Get-DistributionGroup — confirmed smtp:developer@azcomputerguru.co - ACG Admin DL current aliases post-change: SMTP:admin@azcomputerguru.com, smtp:Sifo-Office@, smtp:sifoidak@, smtp:admin_azcomputerguru.com@azcomputerguru.onmicrosoft.com, smtp:developer@azcomputerguru.com - Apple D-U-N-S numbers: COMPUTER GURU = 005661506, ARIZONA COMPUTER GURU = 020317881 - Apple Developer enrollment ID: HH5UA87LAH + + +--- + +## Update: 01:30 PT — VM detection, Docker install path, Jupiter deployment + +## User +- **User:** Mike Swanson (mike) +- **Machine:** DESKTOP-0O8A1RL +- **Role:** admin +- **Session span:** ~23:00 PT (May 15) to 01:30 PT (May 16) + +## Session Summary + +This portion began after the Linux parity implementation. Mike asked whether VMs pass through temperature data to the guest OS. The answer is no: KVM/QEMU virtualizes the CPU and does not expose host thermal sensors to guests. This led to implementing VM detection and temperature suppression in the dashboard, plus a host-to-guest chaining feature to show which VMs belong to which hypervisor hosts. + +A Coding Agent added five new fields to HardwareInventory across all three platforms: is_virtual_machine, hypervisor_type, vm_uuid, is_hypervisor, hosted_vm_uuids. Linux detection reads /proc/cpuinfo hypervisor flag and /sys/class/dmi/id/sys_vendor. Windows uses WMI Win32_ComputerSystem. DB migration 032 added columns non-destructively. The server API was extended to resolve host-guest relationships at query time from inventory UUIDs and return them on the agent detail endpoint. The dashboard was updated: temperature widgets show explicit "N/A - Virtual Machine" instead of blank, and agent detail pages show Host and Guest VM links. All three builds passed clean: agent 1m22s, server 4m4s, dashboard 11.4s Vite. + +Mike then asked whether the Linux agent would run on Jupiter (Unraid). The answer: the binary runs, but the systemd installer fails and service-related features do not work. The correct approach for Unraid is a Docker container. A Coding Agent implemented the full Docker install path: container-mode config resolution (GURURMM_CONFIG env var, then /config/ volume, then /etc/gururmm/ fallback), Unraid and container detection in inventory, Docker socket-based container enumeration as the service list on Unraid, and an installer path that prints docker run instructions instead of attempting systemd. A Dockerfile was written using debian:bookworm-slim plus the docker CLI (125 MB compressed). build-agents.sh was updated to build and push the image to the Gitea registry at 172.16.3.20:3000 after each Linux build. + +Jupiter (172.16.3.20, Unraid 7.2.5) was then deployed manually. Direct pull from 172.16.3.20:3000 requires insecure-registry config; restarting Docker on Jupiter would briefly kill 30+ production containers. Discovery: Docker 29.3 trusts localhost registries without any config change. Since Gitea runs on Jupiter itself, pulling from localhost:3000 resolved to the same image. Jupiter was enrolled to the GuruRMM Debug site, config written to /mnt/user/appdata/gururmm/config.toml, container started with host networking plus /sys, /proc, and docker socket mounts. Agent came online immediately. Also discovered: Unraid persistent Docker daemon config is /boot/config/docker.cfg (USB boot drive), not /etc/docker/daemon.json which does not exist on Unraid. + +## Key Decisions + +- **Explicit N/A text for VM temps** - showed "N/A - Virtual Machine" rather than blank or zero so the absence of data is clearly intentional. +- **Host-guest resolution at query time** - matched VMs to hypervisor hosts by UUID at API call time rather than storing a FK. Avoids migration complexity for a low-frequency lookup. +- **Docker container for Unraid** - native binary install requires custom rc.d scripts and non-persistent /etc/; Docker is Unraid native app model. +- **localhost:3000 instead of insecure-registry config** - restarting Docker on Jupiter would disrupt Plex, Gitea, Overseerr, and ~27 other containers. Docker 29.3 trusts localhost registries without config. Pulled from localhost:3000 since Gitea runs on Jupiter itself. +- **GuruRMM Debug site for Jupiter** - Jupiter is ACG internal infrastructure; GuruRMM Debug (d6b8233a) is the appropriate ACG-internal site. +- **Unraid daemon config location** - /boot/config/docker.cfg is persistent (USB boot drive); /etc/docker/daemon.json does not exist on Unraid. + +## Problems Encountered + +- **docker save | ssh pipe timed out** - 120s Bash tool timeout hit before 120MB image transferred over the SSH pipe. Resolved by using localhost:3000 pull instead, which is a local pull on Jupiter itself. +- **Build server cannot SCP to Jupiter** - root key from build server (172.16.3.30) is not in Jupiter authorized_keys. Resolved by the localhost pull approach. +- **Gaps 3 and 4 already implemented** - earlier audit overstated the Linux gaps; inventory.rs already had dpkg/rpm and systemctl list-units. Coding Agent verified before writing anything. + +## Configuration Changes + +**Modified (GuruRMM repo, committed and pushed):** +- agent/src/inventory.rs - VM detection; Unraid/container detection; Docker container service enumeration +- agent/src/config.rs - container-mode config path resolution +- agent/src/main.rs - Unraid install path prints docker run instructions instead of systemd +- agent/Dockerfile - new: debian:bookworm-slim, /config volume, docker.io CLI +- agent/.dockerignore - new +- docs/unraid-ca-template.xml - new: Unraid Community Applications template +- server/src/ws/mod.rs - VM fields with serde(default) for backward compat +- server/migrations/032_vm_detection.sql - ADD COLUMN IF NOT EXISTS for 5 VM fields plus index +- server/src/db/inventory.rs - find_hypervisor_for_vm, find_guests_for_hypervisor +- server/src/api/inventory.rs - InventoryResponse wrapper with hypervisor_host and guest_vms +- dashboard/src/api/client.ts - VM types +- dashboard/src/pages/AgentDetail.tsx - VM temp display and Host/Guest links + +**Modified (build server only, not committed):** +- /opt/gururmm/build-agents.sh - Docker build and push block after Linux binary build +- /etc/docker/daemon.json on 172.16.3.30 - insecure-registry for 172.16.3.20:3000 + +**Created (Jupiter 172.16.3.20):** +- /mnt/user/appdata/gururmm/config.toml - Jupiter agent config +- Docker container: gururmm-agent (running, restart unless-stopped) + +## Credentials & Secrets + +- **Jupiter GuruRMM agent key:** agk_D4QuikSI-lcL2-wBP7ylOuHhHMqzqsH9 +- **Jupiter agent ID:** 443bfabb-9213-4157-8be6-2b6d5d3113b2 +- **Jupiter agent site:** GuruRMM Debug - d6b8233a-6cc1-4a44-888d-01ee49123fba +- **Jupiter SSH:** root@172.16.3.20, key-based from DESKTOP-0O8A1RL +- **Jupiter root password:** Th1nk3r^99## (vault: infrastructure/jupiter-unraid-primary.sops.yaml) + +## Infrastructure & Servers + +- Jupiter: 172.16.3.20, Unraid 7.2.5, kernel 6.12.85-Unraid, root SSH +- Gitea registry on Jupiter: localhost:3000 (= 172.16.3.20:3000 externally, HTTP only) +- Docker image: localhost:3000/azcomputerguru/gururmm-agent:latest (125MB, v0.6.21) +- Image digest: sha256:0b5bdd1d023a96fa7d383c3d364d412129ff0577013f1c5a196dc1c677b4be27 +- GuruRMM agent container: gururmm-agent, host network, /mnt/user/appdata/gururmm:/config +- Unraid Docker config location: /boot/config/docker.cfg (persistent USB boot drive) +- /etc/docker/daemon.json does NOT exist on Unraid + +## Commands & Outputs + +```bash +# Pull image on Jupiter using localhost (Docker 29.3 trusts localhost registries natively) +docker pull localhost:3000/azcomputerguru/gururmm-agent:latest + +# Run container on Jupiter +docker run -d \ + --name gururmm-agent \ + --network host \ + --restart unless-stopped \ + -v /mnt/user/appdata/gururmm:/config \ + -v /sys:/sys:ro \ + -v /proc:/proc:ro \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -e GURURMM_CONFIG=/config/config.toml \ + localhost:3000/azcomputerguru/gururmm-agent:latest + +# Agent confirmed online +# ID: 443bfabb-9213-4157-8be6-2b6d5d3113b2 | Status: online | OS: linux +``` + +## Pending / Incomplete Tasks + +- **Pluto password not in vault** - Paper123!@# in memory only; needs infrastructure/pluto-build-server.sops.yaml +- **Policy wiring plan** (ticklish-questing-stallman.md) - deferred +- **macOS agent** - no Docker or install path yet; build-agents.sh has TODO-MACOS +- **Unraid CA template** - docs/unraid-ca-template.xml written, not yet submitted to Community Applications +- **VM-host chaining activation** - GuruRMM server VM (172.16.3.30) and Pluto (172.16.3.36) will link to Jupiter automatically on next inventory checkin once vm_uuid is reported +- **Linux idle time on headless servers** - xprintidle returns None; D-Bus approach not implemented +- **lm-sensors Linux temps** - /sys/class/thermal works broadly; lm-sensors would give richer data +- **BB-SERVER enrollment loop** - pre-existing duplicate key constraint, unresolved +- **Portal changelog UI** - API exists, no dashboard page +- **seafile-elasticsearch** on Jupiter at memory limit (1.86 GB / 2 GB) - monitor + +## Reference Information + +- GuruRMM Docker image on Jupiter: localhost:3000/azcomputerguru/gururmm-agent:latest +- Unraid CA template: docs/unraid-ca-template.xml in gururmm repo +- GuruRMM Debug site ID: d6b8233a-6cc1-4a44-888d-01ee49123fba +- AZ Computer Guru client ID: 417420f4-c3f4-482a-acd4-d6f63c8cddde +- DB migration applied: server/migrations/032_vm_detection.sql