Mike Swanson
6c316aa701
Created comprehensive VPN setup tooling for Peaceful Spirit L2TP/IPsec connection and enhanced agent documentation framework. VPN Configuration (PST-NW-VPN): - Setup-PST-L2TP-VPN.ps1: Automated L2TP/IPsec setup with split-tunnel and DNS - Connect-PST-VPN.ps1: Connection helper with PPP adapter detection, DNS (192.168.0.2), and route config (192.168.0.0/24) - Connect-PST-VPN-Standalone.ps1: Self-contained connection script for remote deployment - Fix-PST-VPN-Auth.ps1: Authentication troubleshooting for CHAP/MSChapv2 - Diagnose-VPN-Interface.ps1: Comprehensive VPN interface and routing diagnostic - Quick-Test-VPN.ps1: Fast connectivity verification (DNS/router/routes) - Add-PST-VPN-Route-Manual.ps1: Manual route configuration helper - vpn-connect.bat, vpn-disconnect.bat: Simple batch file shortcuts - OpenVPN config files (Windows-compatible, abandoned for L2TP) Key VPN Implementation Details: - L2TP creates PPP adapter with connection name as interface description - UniFi auto-configures DNS (192.168.0.2) but requires manual route to 192.168.0.0/24 - Split-tunnel enabled (only remote traffic through VPN) - All-user connection for pre-login auto-connect via scheduled task - Authentication: CHAP + MSChapv2 for UniFi compatibility Agent Documentation: - AGENT_QUICK_REFERENCE.md: Quick reference for all specialized agents - documentation-squire.md: Documentation and task management specialist agent - Updated all agent markdown files with standardized formatting Project Organization: - Moved conversation logs to dedicated directories (guru-connect-conversation-logs, guru-rmm-conversation-logs) - Cleaned up old session JSONL files from projects/msp-tools/ - Added guru-connect infrastructure (agent, dashboard, proto, scripts, .gitea workflows) - Added guru-rmm server components and deployment configs Technical Notes: - VPN IP pool: 192.168.4.x (client gets 192.168.4.6) - Remote network: 192.168.0.0/24 (router at 192.168.0.10) - PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7 - Credentials: pst-admin / 24Hearts$ Files: 15 VPN scripts, 2 agent docs, conversation log reorganization, guru-connect/guru-rmm infrastructure additions Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
7.7 KiB
7.7 KiB
GuruConnect Production Infrastructure Status
Date: 2026-01-18 15:36 UTC Server: 172.16.3.30 (gururmm) Installation Status: IN PROGRESS
Completed Components
1. Systemd Service - ACTIVE ✓
Status: Running PID: 3944724 Service: guruconnect.service Auto-start: Enabled
sudo systemctl status guruconnect
sudo journalctl -u guruconnect -f
Features:
- Auto-restart on failure (10s delay, max 3 in 5 min)
- Resource limits: 65536 FDs, 4096 processes
- Security hardening enabled
- Journald logging integration
- Watchdog support (30s keepalive)
2. Automated Backups - CONFIGURED ✓
Status: Active (waiting) Timer: guruconnect-backup.timer Next Run: Mon 2026-01-19 00:00:00 UTC (8h remaining)
sudo systemctl status guruconnect-backup.timer
Configuration:
- Schedule: Daily at 2:00 AM UTC
- Location:
/home/guru/backups/guruconnect/ - Format:
guruconnect-YYYY-MM-DD-HHMMSS.sql.gz - Retention: 30 daily, 4 weekly, 6 monthly
- Compression: Gzip
Manual Backup:
cd ~/guru-connect/server
./backup-postgres.sh
3. Log Rotation - CONFIGURED ✓
Status: Configured
File: /etc/logrotate.d/guruconnect
Configuration:
- Rotation: Daily
- Retention: 30 days
- Compression: Yes (delayed 1 day)
- Post-rotate: Reload guruconnect service
4. Passwordless Sudo - CONFIGURED ✓
Status: Active
File: /etc/sudoers.d/guru
The guru user can now run all commands with sudo without password prompts.
In Progress
5. Prometheus & Grafana - INSTALLING ⏳
Status: Installing (in progress) Progress:
- ✓ Prometheus packages downloaded and installed
- ✓ Prometheus Node Exporter installed
- ⏳ Grafana being installed (194 MB download complete, unpacking)
Expected Installation Time: ~5-10 minutes remaining
Will be available at:
- Prometheus: http://172.16.3.30:9090
- Grafana: http://172.16.3.30:3000 (admin/admin)
- Node Exporter: http://172.16.3.30:9100/metrics
Server Status
GuruConnect Server
Health: OK Metrics: Operational Uptime: 20 seconds (via systemd)
# Health check
curl http://172.16.3.30:3002/health
# Metrics
curl http://172.16.3.30:3002/metrics
Database
Status: Connected Users: 2 Machines: 15 (restored from database) Credentials: Fixed (gc_a7f82d1e4b9c3f60)
Authentication
Admin User: howard Password: AdminGuruConnect2026 Dashboard: https://connect.azcomputerguru.com/dashboard
JWT Token Example:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIwOThhNmEyNC05YmNiLTRmOWItODUyMS04ZmJiOTU5YzlmM2YiLCJ1c2VybmFtZSI6Imhvd2FyZCIsInJvbGUiOiJhZG1pbiIsInBlcm1pc3Npb25zIjpbInZpZXciLCJjb250cm9sIiwidHJhbnNmZXIiLCJtYW5hZ2VfY2xpZW50cyJdLCJleHAiOjE3Njg3OTUxNDYsImlhdCI6MTc2ODcwODc0Nn0.q2SFMDOWDH09kLj3y1MiVXFhIqunbHHp_-kjJP6othA
Verification Commands
# Run comprehensive verification
bash ~/guru-connect/verify-installation.sh
# Check individual components
sudo systemctl status guruconnect
sudo systemctl status guruconnect-backup.timer
sudo systemctl status prometheus
sudo systemctl status grafana-server
# Test endpoints
curl http://172.16.3.30:3002/health
curl http://172.16.3.30:3002/metrics
curl http://172.16.3.30:9090 # Prometheus (after install)
curl http://172.16.3.30:3000 # Grafana (after install)
Next Steps
After Prometheus/Grafana Installation Completes
-
Access Grafana:
- URL: http://172.16.3.30:3000
- Login: admin/admin
- Change default password
-
Import Dashboard:
Grafana > Dashboards > Import Upload: ~/guru-connect/infrastructure/grafana-dashboard.json -
Verify Prometheus Scraping:
- URL: http://172.16.3.30:9090/targets
- Check GuruConnect target is UP
- Verify metrics being collected
-
Test Alerts:
- URL: http://172.16.3.30:9090/alerts
- Review configured alert rules
- Consider configuring Alertmanager for notifications
Production Readiness Checklist
- Server running via systemd
- Database connected and operational
- Admin credentials configured
- Automated backups configured
- Log rotation configured
- Passwordless sudo enabled
- Prometheus/Grafana installed (in progress)
- Grafana dashboard imported
- Grafana default password changed
- Firewall rules reviewed
- SSL/TLS certificates valid
- Monitoring alerts tested
- Backup restore tested
- Health monitoring cron configured (optional)
Infrastructure Files
On Server:
/home/guru/guru-connect/
├── server/
│ ├── guruconnect.service # Systemd service unit
│ ├── setup-systemd.sh # Service installer
│ ├── backup-postgres.sh # Backup script
│ ├── restore-postgres.sh # Restore script
│ ├── health-monitor.sh # Health checks
│ ├── guruconnect-backup.service # Backup service unit
│ ├── guruconnect-backup.timer # Backup timer
│ ├── guruconnect.logrotate # Log rotation config
│ └── start-secure.sh # Manual start script
├── infrastructure/
│ ├── prometheus.yml # Prometheus config
│ ├── alerts.yml # Alert rules
│ ├── grafana-dashboard.json # Pre-built dashboard
│ └── setup-monitoring.sh # Monitoring installer
├── install-production-infrastructure.sh # Master installer
└── verify-installation.sh # Verification script
Systemd Files:
/etc/systemd/system/
├── guruconnect.service
├── guruconnect-backup.service
└── guruconnect-backup.timer
Configuration Files:
/etc/prometheus/
├── prometheus.yml
└── alerts.yml
/etc/logrotate.d/
└── guruconnect
/etc/sudoers.d/
└── guru
Troubleshooting
Server Not Starting
# Check logs
sudo journalctl -u guruconnect -n 50
# Check for port conflicts
sudo netstat -tulpn | grep 3002
# Verify binary
ls -la ~/guru-connect/target/x86_64-unknown-linux-gnu/release/guruconnect-server
# Check environment
cat ~/guru-connect/server/.env
Database Connection Issues
# Test connection
PGPASSWORD=gc_a7f82d1e4b9c3f60 psql -h localhost -U guruconnect -d guruconnect -c 'SELECT 1'
# Check PostgreSQL
sudo systemctl status postgresql
# Verify credentials
cat ~/guru-connect/server/.env | grep DATABASE_URL
Backup Issues
# Test backup manually
cd ~/guru-connect/server
./backup-postgres.sh
# Check backup directory
ls -lh /home/guru/backups/guruconnect/
# View timer logs
sudo journalctl -u guruconnect-backup -n 50
Performance Metrics
Current Metrics (Prometheus):
- Active Sessions: 0
- Server Uptime: 20 seconds
- Database Connected: Yes
- Request Latency: <1ms
- Memory Usage: 1.6M
- CPU Usage: Minimal
10 Prometheus Metrics Collected:
- guruconnect_requests_total
- guruconnect_request_duration_seconds
- guruconnect_sessions_total
- guruconnect_active_sessions
- guruconnect_session_duration_seconds
- guruconnect_connections_total
- guruconnect_active_connections
- guruconnect_errors_total
- guruconnect_db_operations_total
- guruconnect_db_query_duration_seconds
Security Status
Week 1 Security Fixes: 10/13 (77%) Week 2 Infrastructure: 100% Complete
Active Security Features:
- JWT authentication with 24h expiration
- Argon2id password hashing
- Security headers (CSP, X-Frame-Options, etc.)
- Token blacklist for logout
- Database credentials encrypted in .env
- API key validation for agents
- IP logging for connections
Last Updated: 2026-01-18 15:36 UTC Next Update: After Prometheus/Grafana installation completes