From 48b6c94b4a44330b079c5dd8b76f882aa39e2e2b Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Mon, 22 Jun 2026 19:16:22 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-22 19:15:51 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-22 19:15:51 --- .../2026-06-23-planned-power-outage.md | 41 ++++++++------- errorlog.md | 2 + ...06-22-howard-gururmm-software-uninstall.md | 50 +++++++++++++++++++ 3 files changed, 76 insertions(+), 17 deletions(-) diff --git a/clients/cascades-tucson/docs/runbooks/2026-06-23-planned-power-outage.md b/clients/cascades-tucson/docs/runbooks/2026-06-23-planned-power-outage.md index d6f617d2..f6b5a07e 100644 --- a/clients/cascades-tucson/docs/runbooks/2026-06-23-planned-power-outage.md +++ b/clients/cascades-tucson/docs/runbooks/2026-06-23-planned-power-outage.md @@ -35,24 +35,31 @@ --- -## SHUTDOWN SEQUENCE (start 05:28) — dependents first, gateway last -> Start at **05:28**. All three target devices are on the UPS, so the battery carries them through the -> 05:30 cut — the graceful shutdowns complete on UPS power even if they run slightly past 5:30. Kick off -> CS-SERVER FIRST (slowest to come down); pfSense last. +## SHUTDOWN SEQUENCE — AUTOMATED + ARMED 2026-06-22 ~19:06 +> **All three devices are armed to shut THEMSELVES down — no live action needed at fire time.** +> Each schedule is self-contained on its own box, so it fires even with the Howard-Home session idle +> and the OpenVPN tunnel dropped. All three are on the UPS, so the battery carries them cleanly through +> the 05:30 building cut. CS-SERVER + Synology at 05:28, pfSense (gateway) last at 05:30. -1. **CS-SERVER** (192.168.2.254) — graceful Windows shutdown via `rmm` (backup already verified). - DC/DNS/DHCP-role/Hyper-V/file+print server — the fragile box (degraded RAID). Best-effort stop - Hyper-V VMs first, then shut down: - ```powershell - Get-VM | Where-Object State -eq 'Running' | Stop-VM -Force -ErrorAction SilentlyContinue - Stop-Computer -Force - ``` - (Dispatch via RMM `command_type: powershell`. Confirm the agent goes offline = down.) -2. **Synology cascadesDS** (192.168.0.120) — graceful DSM shutdown via API (auth verified tonight): - `SYNO.API.Auth login` → `SYNO.Core.System method=shutdown` (over the OpenVPN tunnel). -3. **UniFi switches/APs** — drop with building power (resilient; no special action). Note UPS-backed ones. -4. **pfSense** (192.168.0.1) — clean shutdown **last**, so DHCP/routing stays up while the rest drain: - `bash .claude/skills/unifi-wifi/scripts/pfsense-ssh.sh cascades-tucson run "shutdown -p now"` +| Device | Fires (MST) | Mechanism | Armed/verified | +|---|---|---|---| +| **CS-SERVER** (192.168.2.254) | **05:28:00** | Windows one-time task `ACG-PlannedOutage-Shutdown` (runs as SYSTEM) → `C:\Windows\Temp\acg-outage-shutdown.ps1`: stop running Hyper-V VMs (only CS-QB) → wait 25s → `Stop-Computer -Force`. Run log: `C:\Windows\Temp\acg-outage-shutdown.run.log`. | Task "Ready", Next Run 6/23 5:28 AM; script syntax OK | +| **Synology** (192.168.0.120) | **05:28:00** | root detached `sleep → /sbin/poweroff` (systemd = clean DSM shutdown). Log: `/var/log/acg-sched-poweroff.log` | process live (pid 16009) | +| **pfSense** (192.168.0.1) | **05:30:00** | detached `sleep → /sbin/shutdown -p now`. Log: `/var/log/acg-sched-poweroff.log` | process live (pid 8793) | + +- **UniFi switches/APs** — no action; they drop with building power at 05:30 (resilient). +- **Caveat:** the Synology + pfSense sleepers are in-memory — if either box reboots before 05:28 the arm + is lost (CS-SERVER's task is persistent and survives reboot). Re-verify at ~05:25 (see below). + +### Re-verify the arms (anytime before 05:28) +- CS-SERVER: RMM → `schtasks /query /tn "ACG-PlannedOutage-Shutdown" /v /fo LIST` +- pfSense: `pfsense-ssh.sh cascades-tucson run 'ps -axww | grep "shutdown -p now" | grep -v grep'` +- Synology: SSH (admin) → `sudo ps -ef | grep /sbin/poweroff | grep -v grep` + +### CANCEL the shutdowns (if the outage is called off) +- CS-SERVER: RMM → `schtasks /delete /tn "ACG-PlannedOutage-Shutdown" /f` +- pfSense: `pfsense-ssh.sh cascades-tucson run 'pkill -f "shutdown -p now"; pkill -f "sleep 374"'` +- Synology: SSH (admin) → `echo "" | sudo -S sh -c 'pkill -f "/sbin/poweroff"; pkill -f "sleep 372"'` --- diff --git a/errorlog.md b/errorlog.md index 618f33d2..bedaf82f 100644 --- a/errorlog.md +++ b/errorlog.md @@ -17,6 +17,8 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure · +2026-06-23 | Howard-Home | gururmm/uninstall-engine | [friction] live-tested with -List-shaped targets (which include install_location) -> masked a StrictMode crash that only occurs with the server's UninstallTarget shape (no install_location); always re-test the destructive path with the ACTUAL caller/serialized shape + 2026-06-22 | Howard-Home | gururmm/uninstall-engine | [correction] assumed AnyDesk needs remote removal; it has UninstallString '...AnyDesk.exe --uninstall' and supports --silent, so it is silently removable -- added vendor rule 2026-06-22 | Howard-Home | bash/json | [friction] hand-built JSON literal with C: backslashes collapsed to single backslash in Git-Bash (invalid JSON, ConvertFrom-Json failed); fix: build JSON with jq --arg / extract from existing valid json diff --git a/session-logs/2026-06/2026-06-22-howard-gururmm-software-uninstall.md b/session-logs/2026-06/2026-06-22-howard-gururmm-software-uninstall.md index 6b0d8793..d56dfd37 100644 --- a/session-logs/2026-06/2026-06-22-howard-gururmm-software-uninstall.md +++ b/session-logs/2026-06/2026-06-22-howard-gururmm-software-uninstall.md @@ -173,3 +173,53 @@ Parent claudetools (pushed to main): `.claude/scripts/sync.sh` (submodule_update - Audit report: `projects/msp-tools/guru-rmm/reports/2026-06-22-spec030-software-uninstall-audit.md`. - BCUninstaller (Apache-2.0): https://github.com/BCUninstaller/Bulk-Crap-Uninstaller - Engine embed path: server `include_str!("../../../agent/scripts/uninstall-engine.ps1")`. + +## Update: 19:15 PT — standards audit, fixes, and re-check + +Ran a scoped `/rmm-audit` (3 parallel Opus passes: Rust/API/migrations, TypeScript, +engine/platform/security) against the actual GuruRMM standards. Core was compliant +(runtime sqlx, idempotent migrations, no unwrap/panic, injection-safe base64 dispatch, +audit logging, confirm-gated UI, ASCII engine markers). Fixed all HIGH + MEDIUM: +platform-parity (server gates on `os_type` → 501 non-Windows; dashboard shows live +uninstall only on Windows, read-only inventory list elsewhere — per Howard's +Windows-only-for-now call); admin-gated the fleet knowledge endpoints; stopped +agent-stderr error leakage; paginated the catalog; hardened the self-uninstall guard; +surfaced the dashboard knowledge-query error. Then fixed all LOW: `warn!` on audit-write +failure (via an `audit()` helper), randomized temp filenames, complete TS interfaces, +stable list keys + empty-states, ASCII-only strings. + +Per Howard's request, ran a fresh Opus re-check of the post-fix branch. It caught a +**CRITICAL regression introduced by my own round-1 fix**: the hardened self-uninstall +guard read `$Target.install_location`, a field the server's `UninstallTarget` never +sends → under `Set-StrictMode` that throws → engine exit 3 → every bulk uninstall +failed, while `-List`/inventory kept working and masked it. Round-1 live tests passed +only because they used `-List`-shaped targets (which include `install_location`). Fixed +with a StrictMode-safe `Get-Prop` accessor routed through all `$Target.*` reads; +verified live with a **server-shaped target** (no `install_location`): 7-Zip removed, +exit 0; GuruRMM self still refused. Re-check also found + fixed a MEDIUM (knowledge +classified on attempted tier not outcome → a failed silent attempt mislabeled `silent` +and its log discarded; now classifies on outcome) and a LOW (`observe()` could null an +existing unknown's log → `COALESCE`). Logged the testing-shape lesson to errorlog +(friction): always re-test the destructive path with the actual serialized caller shape. + +### Update — Configuration Changes (additional, all on `feat/engine-bcu-improvements`) +- `server/src/api/software.rs` — os_type gate, admin-gating, error-leak fixes, + pagination, `audit()` helper, random temp filenames, knowledge-class-by-outcome +- `server/src/db/software_knowledge.rs` — `list()` limit param, `observe()` log COALESCE +- `agent/scripts/uninstall-engine.ps1` — `Get-Prop` StrictMode-safe accessor + guard fix +- `dashboard/src/components/InventoryTab.tsx` — Windows-only gating (read-only list on + other OSs), `isWindows` prop +- `dashboard/src/components/SoftwareManager.tsx`, `dashboard/src/api/client.ts` — KB error + surfacing, ASCII, empty-states, interface completeness +- `dashboard/src/pages/AgentDetail.tsx` — pass `isWindows` to InventoryTab +- `reports/2026-06-22-spec030-software-uninstall-audit.md` — audit report + round-2 re-check + +### Update — Pending / Incomplete Tasks (current) +- Still NOT merged (prod untouched). Branch `feat/engine-bcu-improvements` head `0e8323b`. +- Merge + deploy when ready; post-deploy verify the catalog populates + promote an unknown. +- Follow-ons unchanged: GuruConnect SPEC-019, rip-and-replace Tier 1.4, Tier 1.5, Linux/macOS. + +### Update — Reference (current) +- Branch head: `0e8323b` (guru-rmm `feat/engine-bcu-improvements`). +- Key commits this update: `584c3bc` (HIGH/MED), `c3e6259` (LOW), `6c8cbb1` (re-audit + CRITICAL/MED/LOW), `0e8323b` (report round-2). Earlier parent sync log `86c789a`.