# Session Log: Build Server Setup & Linux Agent Installer **Date:** 2025-12-15/16 **Focus:** Native Windows/Linux service installers, Build server VM setup --- ## Summary Major session focused on creating production-ready agent installers and setting up a dedicated GuruRMM server VM. ### Completed 1. **Native Windows Service** (from previous context) - Created `agent/src/service.rs` with Windows SCM integration - Uses `windows-service` crate for native service control - Legacy NSSM service detection and cleanup - Install/uninstall/start/stop/status commands 2. **Linux Agent Installer Improvements** - Added `--server-url`, `--api-key`, `--skip-legacy-check` flags to install command - Legacy systemd service detection and cleanup - Auto-starts service when config is complete - **FIXED:** Switched from glibc to musl static linking for universal compatibility 3. **Site Code Authentication** - Added `is_site_code_format()` to detect WORD-WORD-NUMBER patterns - Server now accepts site codes (e.g., `SWIFT-CLOUD-6910`) instead of long API keys - Auto-registers agents under the matching site 4. **Build Server VM (172.16.3.30)** - Ubuntu 22.04 VM created - Installed: nginx, Rust, PostgreSQL, build-essential - GuruRMM server binary deployed and running as systemd service - Database migrated from Jupiter Docker to local PostgreSQL - Nginx configured for downloads and API proxy - Agent binary available at `/downloads/gururmm-agent-linux-amd64` ### Issues Found (To Fix in Installer v2) 1. **glibc version mismatch** - FIXED with musl static linking 2. **systemd ProtectSystem=strict** blocks remote command execution - Need targeted `ReadWritePaths=/root/.ssh` instead of disabling protection - Or installer flag for "managed" vs "locked down" mode --- ## Credentials & Configuration ### Build Server (172.16.3.30) - **Hostname:** gururmm - **SSH:** root with WSL key - **Services:** - GuruRMM Server: systemd `gururmm-server`, port 3001 - PostgreSQL: local, port 5432 - Nginx: port 80 (proxy to API + downloads) - GuruRMM Agent: systemd `gururmm-agent` ### Database (now on 172.16.3.30) - **Host:** localhost - **Database:** gururmm - **User:** gururmm - **Password:** 43617ebf7eb242e814ca9988cc4df5ad ### Site Codes - **Main Office:** `SWIFT-CLOUD-6910` ### Agent Downloads - **URL:** http://172.16.3.30/downloads/gururmm-agent-linux-amd64 - **Or via NPM:** https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-linux-amd64 --- ## Key Files Modified ### Agent - `agent/Cargo.toml` - Switched to rustls for static linking - `agent/src/main.rs` - Added install flags, legacy detection, site code support - `agent/src/service.rs` - Windows native service implementation - `agent/scripts/install.sh` - Bootstrap installer script ### Server - `server/src/ws/mod.rs` - Added `is_site_code_format()`, site code auth support --- ## Install Commands ### Linux (Site Code) ```bash curl -fsSL http://172.16.3.30/downloads/gururmm-agent-linux-amd64 -o /tmp/gururmm-agent && \ chmod +x /tmp/gururmm-agent && \ sudo /tmp/gururmm-agent install \ --server-url wss://rmm-api.azcomputerguru.com/ws \ --api-key SWIFT-CLOUD-6910 ``` ### Windows ```powershell # Download and install (from elevated prompt) .\gururmm-agent.exe install --server-url wss://rmm-api.azcomputerguru.com/ws --api-key SWIFT-CLOUD-6910 ``` --- ## Pending Tasks 1. **Update NPM proxy** - Change rmm-api.azcomputerguru.com to forward to 172.16.3.30:3001 2. **Stop old Docker containers** on Jupiter (gururmm-server, gururmm-db) 3. **Fix systemd security** for agent command execution (ReadWritePaths) 4. **Add Windows binary** to downloads on build server 5. **Set up dashboard** hosting on build server --- ## Architecture (New) ``` ┌─────────────────────────────────────┐ │ 172.16.3.30 (gururmm VM) │ │ │ Internet ──────────┼──► nginx (:80) │ (via NPM) │ ├──► /api/* → localhost:3001 │ │ ├──► /ws → localhost:3001 │ │ ├──► /downloads/* → static │ │ └──► /* → dashboard │ │ │ │ GuruRMM Server (:3001) │ │ PostgreSQL (:5432) │ │ Rust build toolchain │ └─────────────────────────────────────┘ ``` --- ## Commands Reference ### Remote Command via RMM API ```bash curl -X POST "http://172.16.3.30:3001/api/agents/{AGENT_ID}/command" \ -H "Content-Type: application/json" \ -d '{"command_type": "shell", "command": "whoami"}' ``` ### Check Command Result ```bash curl "http://172.16.3.30:3001/api/commands/{COMMAND_ID}" ``` ### Server Logs ```bash ssh root@172.16.3.30 "journalctl -u gururmm-server -f" ``` --- ## Session Update (End of Session) ### Completed This Session - All Docker containers removed from Jupiter (gururmm-server, gururmm-db, gururmm-dashboard, gururmm-downloads) - Dashboard deployed to build server at `/var/www/gururmm/dashboard/` - Nginx configured to serve dashboard + API + downloads - Node.js 20.x installed on build server for future dashboard builds - All agents reconnected to new server successfully ### Current State - **Build Server (172.16.3.30)** is now the sole GuruRMM server - Dashboard: https://rmm-api.azcomputerguru.com/ - API: https://rmm-api.azcomputerguru.com/api/ - Downloads: https://rmm-api.azcomputerguru.com/downloads/ - WebSocket: wss://rmm-api.azcomputerguru.com/ws ### Pending Tasks (Next Session) 1. Install certbot and get Let's Encrypt SSL certificate 2. Configure firewall (ufw) 3. Install and configure fail2ban 4. Harden SSH configuration 5. Enable automatic security updates 6. Optimize PostgreSQL and nginx 7. Fix systemd ReadWritePaths for agent command execution ### Services Running on 172.16.3.30 ``` systemctl status gururmm-server # API server systemctl status gururmm-agent # Local agent systemctl status postgresql # Database systemctl status nginx # Web server ```