sync: auto-sync from HOWARD-HOME at 2026-07-04 11:47:14

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-07-04 11:47:14
This commit is contained in:
2026-07-04 11:47:40 -07:00
parent ac05230cd2
commit a8ed995979

View File

@@ -0,0 +1,191 @@
# Dataforth — MYDATA TPSys SMT Controller Root Recovery + RMM Feasibility
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home
- **Role:** tech
---
## Session Summary
Session began as a DOS 6.22 -> MS-DOS 7.1 upgrade plan for Dataforth's D2 test stations
(64 QuickBASIC ATE machines), building toward a Ventoy/Clonezilla + PXE delivery scheme.
Mike redirected to a different approach and that DOS-upgrade work was explicitly dropped
(no artifacts saved for it).
The session then pivoted to a previously-undocumented Linux machine on Dataforth's VLAN 2
"mydata" SMT production network. Howard was physically at the console and had interrupted
the boot. Checked the vault/wiki for a stored credential — none existed for this box (the
only documented Linux at Dataforth is D2TESTNAS at 192.168.0.9, which is a different
machine). With no credential on file, performed an in-place root password reset via the
LILO bootloader: at the `boot:` prompt, booted `linux init=/bin/bash rw` to land in a
passwordless root shell, remounted `/` read-write, and reset the password with `passwd`.
Enumerating `/etc/passwd` identified the machine as a **MYDATA/Mycronic TPSys** SMT
pick-and-place line controller — login accounts were `root`, `tpsys` (TPSys User),
`tpspool` (TPSys Spool), and `postgres` (uid 500). OS confirmed as **Fedora Core 3
"Heidelberg" (Nov 2004), kernel 2.6.16.20** — a ~20-year-old appliance. Hostname prompt
showed `myserver`.
Mike directed adding `tpsys` to the `wheel` group and enabling it to launch the TPSys app
without a root-password prompt (passwordless sudo). Provided the safe `gpasswd -a` (append)
method plus the scoped `NOPASSWD` sudoers pattern via `visudo`. Howard then asked about
installing the GuruRMM agent on this box. Read the agent installer
(`agent/scripts/install.sh`) and confirmed the agent is a **hard no** on this OS: modern
glibc Rust binary (needs glibc ~2.17+, FC3 has ~2.3.5), kernel floor (Rust needs >=2.6.32,
box is 2.6.16), and the installer targets **systemd** (FC3 is SysV init). Recommended
agentless/external monitoring instead. Session ended at `/save` before Howard supplied the
new root password and the machine's IP for vaulting.
---
## Key Decisions
- **Dropped the DOS 7.1 upgrade work entirely** — Mike is taking a different route. No plan
artifacts, images, or scripts were committed for it.
- **Reset root via LILO `init=/bin/bash`** rather than single-user/sulogin — on old Red Hat
family systems single-user can invoke `sulogin` which itself demands the root password;
`init=/bin/bash` bypasses init and guarantees a passwordless shell.
- **`gpasswd -a tpsys wheel` (append), never `usermod -G`** — plain `-G` replaces all
supplementary groups and would strip tpsys's existing memberships, risking the app.
- **Scoped `NOPASSWD` sudoers entry** (whitelist the single launch command) recommended over
blanket `NOPASSWD: ALL`, on a production controller.
- **GuruRMM agent ruled out for this machine** — three independent hard blockers (glibc,
kernel, no systemd). Recommended agentless monitoring (ICMP/TCP probe or SSH heartbeat
from D2TESTNAS or the RMM server, both of which can reach VLAN 2 since inter-VLAN routing
is open) and, if formalized, a `/feature-request` for legacy/appliance Linux monitoring.
---
## Problems Encountered
- **No stored credential for the mydata controller** — not in vault, not in wiki. Resolved
by physical-console LILO root reset.
- **Context-loading miss (logged as correction)** — initially grepped only the user's
misspelling ("datforth"/"dataforth") and did not read the existing wiki articles until the
user said "use the wiki." The wiki had full Dataforth infra. Logged via
`log-skill-error.sh --correction`.
- **Minimal shell env under `init=/bin/bash`** — `/home` appeared empty (separate partition
not mounted; only `/` mounts) and PATH was stripped, so enumeration commands needed full
paths / `/etc/passwd` was read directly. `awk` one-liner was mangled by quote handling;
`grep -E 'bash|/bin/sh' /etc/passwd` worked and produced the account list.
- **X started at reboot unexpectedly** — the box had likely been up for years and Howard had
never watched it boot; TPSys's operator UI runs under X, so this was the normal graphical
boot path, not damage from the reset.
---
## Configuration Changes
**On the mydata TPSys controller (Fedora Core 3, VLAN 2 mydata 192.168.1.x):**
- Root password **reset** to a new value (value not yet supplied to this session — pending
vaulting).
- Directed (may or may not have been completed by Howard before /save):
- `gpasswd -a tpsys wheel` — add tpsys to wheel
- `visudo` — ensure `%wheel ALL=(ALL) ALL` enabled; add scoped `tpsys ALL=(root) NOPASSWD:
<app-launch-command>` for passwordless app start
**In the repo:**
- Created this session log.
- `errorlog.md` — one `--correction` entry (context-loading/dataforth).
---
## Credentials & Secrets
- **mydata TPSys controller root password** — RESET this session. **Value not captured in
this session** (Howard had not yet relayed it at /save). MUST be collected and vaulted at
`clients/dataforth/mydata-smt.sops.yaml`. Also capture `tpsys` password if one was set.
- Accounts present on the box: `root` (uid 0, /bin/bash), `tpsys` (TPSys app user),
`tpspool` (TPSys spool), `postgres` (uid 500, TPSys database).
- No secrets were exposed for existing infra beyond what is already vaulted.
---
## Infrastructure & Servers
- **NEW / previously undocumented: MYDATA TPSys SMT line controller**
- Hostname: `myserver`
- Network: Dataforth VLAN 2 "mydata" (192.168.1.0/24, gateway 192.168.1.1) — SMT
production line. Exact IP not yet confirmed (candidate labels on this VLAN from the wiki:
`My9-PC`, `goldstar19`, `DESKTOP-FT0T4MK`, plus unnamed industrial MACs).
- OS: **Fedora Core 3 "Heidelberg"** (released Nov 2004), kernel **2.6.16.20**, glibc
~2.3.5, bash 3.00, **LILO** bootloader, **SysV init** (no systemd).
- Role: MYDATA/Mycronic pick-and-place SMT machine control software (TPSys). Operator UI
runs under X (runlevel 5). Local PostgreSQL (uid 500) backs TPSys.
- Related documented Dataforth infra (unchanged): D2TESTNAS 192.168.0.9 (Debian 13, the
*other* on-site Linux box), UDM 192.168.0.254, inter-VLAN routing mydata -> main LAN is
OPEN.
---
## Commands & Outputs
**LILO root reset (at `boot:` prompt):**
```
linux init=/bin/bash rw
# -> bash-3.00# (passwordless root shell)
mount -o remount,rw /
grep -E 'bash|/bin/sh' /etc/passwd
# root:x:0:0:root:/root:/bin/bash
# ftp:x:14:50:FTP User:/var/ftp:/bin/bash
# tpsys:x:119:119:TPSys User:/home/tpsys:/bin/bash
# tpspool:x:119:119:TPSys Spool:/home/tpsys/spool:/bin/bash
# postgres:x:500:500::/home/postgres:/bin/bash
passwd root
sync
reboot -f # (echo b > /proc/sysrq-trigger as fallback)
```
**Add tpsys to wheel + passwordless app launch (directed):**
```
gpasswd -a tpsys wheel
id tpsys
grep -n wheel /etc/sudoers # ensure %wheel ALL=(ALL) ALL uncommented
visudo # add: tpsys ALL=(root) NOPASSWD: /path/to/app
su - tpsys -c 'sudo -l' # verify
```
**RMM feasibility probe (as tpsys, read-only):**
```
cat /etc/redhat-release # -> Fedora Core release 3 (Heidelberg)
uname -r # -> 2.6.16.20
```
**GuruRMM agent verdict:** cannot run. Installer
(`projects/msp-tools/guru-rmm/agent/scripts/install.sh`) downloads a modern glibc Rust
binary and installs a **systemd** service. FC3 = glibc ~2.3.5 (needs ~2.17+), kernel 2.6.16
(Rust needs >=2.6.32), no systemd (SysV init). Three independent hard blockers.
---
## Pending / Incomplete Tasks
1. **Collect the new root password (and tpsys password if set) from Howard and vault it** at
`clients/dataforth/mydata-smt.sops.yaml` — with host, VLAN/IP, OS, accounts, and the LILO
`init=/bin/bash` recovery method documented. (Blocked on Howard relaying the value.)
2. **Confirm the machine's IP** on 192.168.1.x (and the chassis label) to finish the vault +
wiki entry.
3. **Verify the wheel/sudoers changes** actually landed (`id tpsys`, `sudo -l` as tpsys) and
that the passwordless app-launch command is correct — need the exact TPSys launch
command/path from Howard.
4. **Confirm the controller booted cleanly into TPSys** after the forced reboot (it is a live
SMT controller).
5. **Monitoring decision:** agentless (ICMP/TCP probe or SSH heartbeat from D2TESTNAS/RMM
server) since the agent is impossible here. If Mike wants it formalized, capture via
`/feature-request` (legacy/appliance Linux monitoring in GuruRMM).
6. **Add a wiki entry** for this controller under `clients/dataforth` (new VLAN 2 SMT asset).
---
## Reference Information
- GuruRMM Linux installer: `projects/msp-tools/guru-rmm/agent/scripts/install.sh`
- Download URL pattern: `https://rmm.azcomputerguru.com/downloads/gururmm-agent-linux-amd64`
- Server WSS: `wss://rmm-api.azcomputerguru.com/ws`, installs systemd unit `gururmm-agent`
- Dataforth wiki: `wiki/clients/dataforth.md`, `wiki/projects/dataforth-dos.md`
- VLAN 2 "mydata" detail: `wiki/clients/dataforth.md` (Network section) — 192.168.1.0/24,
gw 192.168.1.1, D2-SMT switch, inter-VLAN routing to main LAN open.
- Vault target (to create): `clients/dataforth/mydata-smt.sops.yaml`
- Fedora Core 3 "Heidelberg": released 2004-11-08, kernel 2.6.x, glibc 2.3.5.