sync: auto-sync from HOWARD-HOME at 2026-07-04 11:47:14
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-07-04 11:47:14
This commit is contained in:
@@ -0,0 +1,191 @@
|
|||||||
|
# Dataforth — MYDATA TPSys SMT Controller Root Recovery + RMM Feasibility
|
||||||
|
|
||||||
|
## User
|
||||||
|
- **User:** Howard Enos (howard)
|
||||||
|
- **Machine:** Howard-Home
|
||||||
|
- **Role:** tech
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Session Summary
|
||||||
|
|
||||||
|
Session began as a DOS 6.22 -> MS-DOS 7.1 upgrade plan for Dataforth's D2 test stations
|
||||||
|
(64 QuickBASIC ATE machines), building toward a Ventoy/Clonezilla + PXE delivery scheme.
|
||||||
|
Mike redirected to a different approach and that DOS-upgrade work was explicitly dropped
|
||||||
|
(no artifacts saved for it).
|
||||||
|
|
||||||
|
The session then pivoted to a previously-undocumented Linux machine on Dataforth's VLAN 2
|
||||||
|
"mydata" SMT production network. Howard was physically at the console and had interrupted
|
||||||
|
the boot. Checked the vault/wiki for a stored credential — none existed for this box (the
|
||||||
|
only documented Linux at Dataforth is D2TESTNAS at 192.168.0.9, which is a different
|
||||||
|
machine). With no credential on file, performed an in-place root password reset via the
|
||||||
|
LILO bootloader: at the `boot:` prompt, booted `linux init=/bin/bash rw` to land in a
|
||||||
|
passwordless root shell, remounted `/` read-write, and reset the password with `passwd`.
|
||||||
|
|
||||||
|
Enumerating `/etc/passwd` identified the machine as a **MYDATA/Mycronic TPSys** SMT
|
||||||
|
pick-and-place line controller — login accounts were `root`, `tpsys` (TPSys User),
|
||||||
|
`tpspool` (TPSys Spool), and `postgres` (uid 500). OS confirmed as **Fedora Core 3
|
||||||
|
"Heidelberg" (Nov 2004), kernel 2.6.16.20** — a ~20-year-old appliance. Hostname prompt
|
||||||
|
showed `myserver`.
|
||||||
|
|
||||||
|
Mike directed adding `tpsys` to the `wheel` group and enabling it to launch the TPSys app
|
||||||
|
without a root-password prompt (passwordless sudo). Provided the safe `gpasswd -a` (append)
|
||||||
|
method plus the scoped `NOPASSWD` sudoers pattern via `visudo`. Howard then asked about
|
||||||
|
installing the GuruRMM agent on this box. Read the agent installer
|
||||||
|
(`agent/scripts/install.sh`) and confirmed the agent is a **hard no** on this OS: modern
|
||||||
|
glibc Rust binary (needs glibc ~2.17+, FC3 has ~2.3.5), kernel floor (Rust needs >=2.6.32,
|
||||||
|
box is 2.6.16), and the installer targets **systemd** (FC3 is SysV init). Recommended
|
||||||
|
agentless/external monitoring instead. Session ended at `/save` before Howard supplied the
|
||||||
|
new root password and the machine's IP for vaulting.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Key Decisions
|
||||||
|
|
||||||
|
- **Dropped the DOS 7.1 upgrade work entirely** — Mike is taking a different route. No plan
|
||||||
|
artifacts, images, or scripts were committed for it.
|
||||||
|
- **Reset root via LILO `init=/bin/bash`** rather than single-user/sulogin — on old Red Hat
|
||||||
|
family systems single-user can invoke `sulogin` which itself demands the root password;
|
||||||
|
`init=/bin/bash` bypasses init and guarantees a passwordless shell.
|
||||||
|
- **`gpasswd -a tpsys wheel` (append), never `usermod -G`** — plain `-G` replaces all
|
||||||
|
supplementary groups and would strip tpsys's existing memberships, risking the app.
|
||||||
|
- **Scoped `NOPASSWD` sudoers entry** (whitelist the single launch command) recommended over
|
||||||
|
blanket `NOPASSWD: ALL`, on a production controller.
|
||||||
|
- **GuruRMM agent ruled out for this machine** — three independent hard blockers (glibc,
|
||||||
|
kernel, no systemd). Recommended agentless monitoring (ICMP/TCP probe or SSH heartbeat
|
||||||
|
from D2TESTNAS or the RMM server, both of which can reach VLAN 2 since inter-VLAN routing
|
||||||
|
is open) and, if formalized, a `/feature-request` for legacy/appliance Linux monitoring.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Problems Encountered
|
||||||
|
|
||||||
|
- **No stored credential for the mydata controller** — not in vault, not in wiki. Resolved
|
||||||
|
by physical-console LILO root reset.
|
||||||
|
- **Context-loading miss (logged as correction)** — initially grepped only the user's
|
||||||
|
misspelling ("datforth"/"dataforth") and did not read the existing wiki articles until the
|
||||||
|
user said "use the wiki." The wiki had full Dataforth infra. Logged via
|
||||||
|
`log-skill-error.sh --correction`.
|
||||||
|
- **Minimal shell env under `init=/bin/bash`** — `/home` appeared empty (separate partition
|
||||||
|
not mounted; only `/` mounts) and PATH was stripped, so enumeration commands needed full
|
||||||
|
paths / `/etc/passwd` was read directly. `awk` one-liner was mangled by quote handling;
|
||||||
|
`grep -E 'bash|/bin/sh' /etc/passwd` worked and produced the account list.
|
||||||
|
- **X started at reboot unexpectedly** — the box had likely been up for years and Howard had
|
||||||
|
never watched it boot; TPSys's operator UI runs under X, so this was the normal graphical
|
||||||
|
boot path, not damage from the reset.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Configuration Changes
|
||||||
|
|
||||||
|
**On the mydata TPSys controller (Fedora Core 3, VLAN 2 mydata 192.168.1.x):**
|
||||||
|
- Root password **reset** to a new value (value not yet supplied to this session — pending
|
||||||
|
vaulting).
|
||||||
|
- Directed (may or may not have been completed by Howard before /save):
|
||||||
|
- `gpasswd -a tpsys wheel` — add tpsys to wheel
|
||||||
|
- `visudo` — ensure `%wheel ALL=(ALL) ALL` enabled; add scoped `tpsys ALL=(root) NOPASSWD:
|
||||||
|
<app-launch-command>` for passwordless app start
|
||||||
|
|
||||||
|
**In the repo:**
|
||||||
|
- Created this session log.
|
||||||
|
- `errorlog.md` — one `--correction` entry (context-loading/dataforth).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Credentials & Secrets
|
||||||
|
|
||||||
|
- **mydata TPSys controller root password** — RESET this session. **Value not captured in
|
||||||
|
this session** (Howard had not yet relayed it at /save). MUST be collected and vaulted at
|
||||||
|
`clients/dataforth/mydata-smt.sops.yaml`. Also capture `tpsys` password if one was set.
|
||||||
|
- Accounts present on the box: `root` (uid 0, /bin/bash), `tpsys` (TPSys app user),
|
||||||
|
`tpspool` (TPSys spool), `postgres` (uid 500, TPSys database).
|
||||||
|
- No secrets were exposed for existing infra beyond what is already vaulted.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Infrastructure & Servers
|
||||||
|
|
||||||
|
- **NEW / previously undocumented: MYDATA TPSys SMT line controller**
|
||||||
|
- Hostname: `myserver`
|
||||||
|
- Network: Dataforth VLAN 2 "mydata" (192.168.1.0/24, gateway 192.168.1.1) — SMT
|
||||||
|
production line. Exact IP not yet confirmed (candidate labels on this VLAN from the wiki:
|
||||||
|
`My9-PC`, `goldstar19`, `DESKTOP-FT0T4MK`, plus unnamed industrial MACs).
|
||||||
|
- OS: **Fedora Core 3 "Heidelberg"** (released Nov 2004), kernel **2.6.16.20**, glibc
|
||||||
|
~2.3.5, bash 3.00, **LILO** bootloader, **SysV init** (no systemd).
|
||||||
|
- Role: MYDATA/Mycronic pick-and-place SMT machine control software (TPSys). Operator UI
|
||||||
|
runs under X (runlevel 5). Local PostgreSQL (uid 500) backs TPSys.
|
||||||
|
- Related documented Dataforth infra (unchanged): D2TESTNAS 192.168.0.9 (Debian 13, the
|
||||||
|
*other* on-site Linux box), UDM 192.168.0.254, inter-VLAN routing mydata -> main LAN is
|
||||||
|
OPEN.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Commands & Outputs
|
||||||
|
|
||||||
|
**LILO root reset (at `boot:` prompt):**
|
||||||
|
```
|
||||||
|
linux init=/bin/bash rw
|
||||||
|
# -> bash-3.00# (passwordless root shell)
|
||||||
|
mount -o remount,rw /
|
||||||
|
grep -E 'bash|/bin/sh' /etc/passwd
|
||||||
|
# root:x:0:0:root:/root:/bin/bash
|
||||||
|
# ftp:x:14:50:FTP User:/var/ftp:/bin/bash
|
||||||
|
# tpsys:x:119:119:TPSys User:/home/tpsys:/bin/bash
|
||||||
|
# tpspool:x:119:119:TPSys Spool:/home/tpsys/spool:/bin/bash
|
||||||
|
# postgres:x:500:500::/home/postgres:/bin/bash
|
||||||
|
passwd root
|
||||||
|
sync
|
||||||
|
reboot -f # (echo b > /proc/sysrq-trigger as fallback)
|
||||||
|
```
|
||||||
|
|
||||||
|
**Add tpsys to wheel + passwordless app launch (directed):**
|
||||||
|
```
|
||||||
|
gpasswd -a tpsys wheel
|
||||||
|
id tpsys
|
||||||
|
grep -n wheel /etc/sudoers # ensure %wheel ALL=(ALL) ALL uncommented
|
||||||
|
visudo # add: tpsys ALL=(root) NOPASSWD: /path/to/app
|
||||||
|
su - tpsys -c 'sudo -l' # verify
|
||||||
|
```
|
||||||
|
|
||||||
|
**RMM feasibility probe (as tpsys, read-only):**
|
||||||
|
```
|
||||||
|
cat /etc/redhat-release # -> Fedora Core release 3 (Heidelberg)
|
||||||
|
uname -r # -> 2.6.16.20
|
||||||
|
```
|
||||||
|
|
||||||
|
**GuruRMM agent verdict:** cannot run. Installer
|
||||||
|
(`projects/msp-tools/guru-rmm/agent/scripts/install.sh`) downloads a modern glibc Rust
|
||||||
|
binary and installs a **systemd** service. FC3 = glibc ~2.3.5 (needs ~2.17+), kernel 2.6.16
|
||||||
|
(Rust needs >=2.6.32), no systemd (SysV init). Three independent hard blockers.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Pending / Incomplete Tasks
|
||||||
|
|
||||||
|
1. **Collect the new root password (and tpsys password if set) from Howard and vault it** at
|
||||||
|
`clients/dataforth/mydata-smt.sops.yaml` — with host, VLAN/IP, OS, accounts, and the LILO
|
||||||
|
`init=/bin/bash` recovery method documented. (Blocked on Howard relaying the value.)
|
||||||
|
2. **Confirm the machine's IP** on 192.168.1.x (and the chassis label) to finish the vault +
|
||||||
|
wiki entry.
|
||||||
|
3. **Verify the wheel/sudoers changes** actually landed (`id tpsys`, `sudo -l` as tpsys) and
|
||||||
|
that the passwordless app-launch command is correct — need the exact TPSys launch
|
||||||
|
command/path from Howard.
|
||||||
|
4. **Confirm the controller booted cleanly into TPSys** after the forced reboot (it is a live
|
||||||
|
SMT controller).
|
||||||
|
5. **Monitoring decision:** agentless (ICMP/TCP probe or SSH heartbeat from D2TESTNAS/RMM
|
||||||
|
server) since the agent is impossible here. If Mike wants it formalized, capture via
|
||||||
|
`/feature-request` (legacy/appliance Linux monitoring in GuruRMM).
|
||||||
|
6. **Add a wiki entry** for this controller under `clients/dataforth` (new VLAN 2 SMT asset).
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Reference Information
|
||||||
|
|
||||||
|
- GuruRMM Linux installer: `projects/msp-tools/guru-rmm/agent/scripts/install.sh`
|
||||||
|
- Download URL pattern: `https://rmm.azcomputerguru.com/downloads/gururmm-agent-linux-amd64`
|
||||||
|
- Server WSS: `wss://rmm-api.azcomputerguru.com/ws`, installs systemd unit `gururmm-agent`
|
||||||
|
- Dataforth wiki: `wiki/clients/dataforth.md`, `wiki/projects/dataforth-dos.md`
|
||||||
|
- VLAN 2 "mydata" detail: `wiki/clients/dataforth.md` (Network section) — 192.168.1.0/24,
|
||||||
|
gw 192.168.1.1, D2-SMT switch, inter-VLAN routing to main LAN open.
|
||||||
|
- Vault target (to create): `clients/dataforth/mydata-smt.sops.yaml`
|
||||||
|
- Fedora Core 3 "Heidelberg": released 2004-11-08, kernel 2.6.x, glibc 2.3.5.
|
||||||
Reference in New Issue
Block a user