diff --git a/.claude/scripts/gps-rmm-autoenroll.sh b/.claude/scripts/gps-rmm-autoenroll.sh new file mode 100644 index 00000000..951c2c2f --- /dev/null +++ b/.claude/scripts/gps-rmm-autoenroll.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# gps-rmm-autoenroll.sh — auto-enroll loop for the GPS->RMM audit. +# Every run: push the generic Staging installer (DARK-STORM-3150) to GPS-customer +# machines that are ONLINE in ScreenConnect but missing from GuruRMM, wait for them +# to enroll, then reassign Staging agents to their real client (hostname->Syncro). +# Registered as Windows task GPS-RMM-AutoEnroll (every 30 min). Remove the task when +# targets.json is fully enrolled. Safe to re-run: server v6.77+ dedups by device_id. +set -uo pipefail +cd /c/claudetools || exit 1 +LOG="projects/gps-rmm-audit/autoenroll.log" +TS="$(date '+%Y-%m-%d %H:%M')" + +eval "$(bash .claude/scripts/rmm-auth.sh 2>/dev/null)" >/dev/null 2>&1 +if [ -z "${TOKEN:-}" ]; then echo "$TS auth FAILED" >> "$LOG"; exit 0; fi +SEC="$(bash .claude/scripts/vault.sh get-field msp-tools/screenconnect.sops.yaml credentials.api_secret 2>/dev/null | tr -d '\r\n')" +SK="Tde5174a6e9e312d14-02fd5bfe0f0ee40c87d027507c680e18" + +OUT="$(RMM="$RMM" TOK="$TOKEN" SK="$SK" SC_SECRET="$SEC" python projects/gps-rmm-audit/tools/rebuild-and-push.py 2>/dev/null | tail -2)" +PUSHED="$(echo "$OUT" | grep -oE 'pushed: [0-9]+' | grep -oE '[0-9]+' | head -1 || true)" +PUSHED="${PUSHED:-0}" +echo "$TS sweep: $(echo "$OUT" | head -1)" >> "$LOG" + +if [ "${PUSHED:-0}" -gt 0 ]; then + sleep 150 + RES="$(RMM="$RMM" TOK="$TOKEN" SK="$SK" python projects/gps-rmm-audit/tools/reassign-staging.py 2>/dev/null)" + MOVED="$(echo "$RES" | grep -cE '^ .+ -> ' || true)" + MOVED="${MOVED:-0}" + echo "$TS pushed $PUSHED, reassigned $MOVED:" >> "$LOG" + echo "$RES" | grep -E '^ ' >> "$LOG" + if [ "${MOVED:-0}" -gt 0 ]; then + NAMES="$(echo "$RES" | grep -E '^ .+ -> ' | sed 's/^ //' | tr '\n' '; ')" + bash .claude/scripts/post-bot-alert.sh "[RMM] auto-enroll: $NAMES" >/dev/null 2>&1 + fi +fi +exit 0