claudetools/session-logs/2025-12-15-session.md

Session Log: Build Server Setup & Linux Agent Installer

Date: 2025-12-15/16 Focus: Native Windows/Linux service installers, Build server VM setup

---

Summary

Major session focused on creating production-ready agent installers and setting up a dedicated GuruRMM server VM.

Completed

1. Native Windows Service (from previous context)

   • Created agent/src/service.rs with Windows SCM integration
   • Uses windows-service crate for native service control
   • Legacy NSSM service detection and cleanup
   • Install/uninstall/start/stop/status commands

2. Linux Agent Installer Improvements

   • Added --server-url, --api-key, --skip-legacy-check flags to install command
   • Legacy systemd service detection and cleanup
   • Auto-starts service when config is complete
   • FIXED: Switched from glibc to musl static linking for universal compatibility

3. Site Code Authentication

   • Added is_site_code_format() to detect WORD-WORD-NUMBER patterns
   • Server now accepts site codes (e.g., SWIFT-CLOUD-6910) instead of long API keys
   • Auto-registers agents under the matching site

4. Build Server VM (172.16.3.30)

   • Ubuntu 22.04 VM created
   • Installed: nginx, Rust, PostgreSQL, build-essential
   • GuruRMM server binary deployed and running as systemd service
   • Database migrated from Jupiter Docker to local PostgreSQL
   • Nginx configured for downloads and API proxy
   • Agent binary available at /downloads/gururmm-agent-linux-amd64

Issues Found (To Fix in Installer v2)

1. glibc version mismatch - FIXED with musl static linking
2. systemd ProtectSystem=strict blocks remote command execution
   • Need targeted ReadWritePaths=/root/.ssh instead of disabling protection
   • Or installer flag for "managed" vs "locked down" mode

---

Credentials & Configuration

Build Server (172.16.3.30)

• Hostname: gururmm
• SSH: root with WSL key
• Services:
  • GuruRMM Server: systemd gururmm-server, port 3001
  • PostgreSQL: local, port 5432
  • Nginx: port 80 (proxy to API + downloads)
  • GuruRMM Agent: systemd gururmm-agent

Database (now on 172.16.3.30)

• Host: localhost
• Database: gururmm
• User: gururmm
• Password: 43617ebf7eb242e814ca9988cc4df5ad

Site Codes

• Main Office: SWIFT-CLOUD-6910

Agent Downloads

• URL: http://172.16.3.30/downloads/gururmm-agent-linux-amd64
• Or via NPM: https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-linux-amd64

---

Key Files Modified

Agent

• agent/Cargo.toml - Switched to rustls for static linking
• agent/src/main.rs - Added install flags, legacy detection, site code support
• agent/src/service.rs - Windows native service implementation
• agent/scripts/install.sh - Bootstrap installer script

Server

• server/src/ws/mod.rs - Added is_site_code_format(), site code auth support

---

Install Commands

Linux (Site Code)

curl -fsSL http://172.16.3.30/downloads/gururmm-agent-linux-amd64 -o /tmp/gururmm-agent && \
chmod +x /tmp/gururmm-agent && \
sudo /tmp/gururmm-agent install \
  --server-url wss://rmm-api.azcomputerguru.com/ws \
  --api-key SWIFT-CLOUD-6910

Windows

# Download and install (from elevated prompt)
.\gururmm-agent.exe install --server-url wss://rmm-api.azcomputerguru.com/ws --api-key SWIFT-CLOUD-6910

---

Pending Tasks

1. Update NPM proxy - Change rmm-api.azcomputerguru.com to forward to 172.16.3.30:3001
2. Stop old Docker containers on Jupiter (gururmm-server, gururmm-db)
3. Fix systemd security for agent command execution (ReadWritePaths)
4. Add Windows binary to downloads on build server
5. Set up dashboard hosting on build server

---

Architecture (New)

                    ┌─────────────────────────────────────┐
                    │     172.16.3.30 (gururmm VM)        │
                    │                                     │
 Internet ──────────┼──► nginx (:80)                     │
   (via NPM)        │       ├──► /api/* → localhost:3001 │
                    │       ├──► /ws    → localhost:3001 │
                    │       ├──► /downloads/* → static   │
                    │       └──► /*     → dashboard      │
                    │                                     │
                    │    GuruRMM Server (:3001)          │
                    │    PostgreSQL (:5432)              │
                    │    Rust build toolchain            │
                    └─────────────────────────────────────┘

---

Commands Reference

Remote Command via RMM API

curl -X POST "http://172.16.3.30:3001/api/agents/{AGENT_ID}/command" \
  -H "Content-Type: application/json" \
  -d '{"command_type": "shell", "command": "whoami"}'

Check Command Result

curl "http://172.16.3.30:3001/api/commands/{COMMAND_ID}"

Server Logs

ssh root@172.16.3.30 "journalctl -u gururmm-server -f"

---

Session Update (End of Session)

Completed This Session

• All Docker containers removed from Jupiter (gururmm-server, gururmm-db, gururmm-dashboard, gururmm-downloads)
• Dashboard deployed to build server at /var/www/gururmm/dashboard/
• Nginx configured to serve dashboard + API + downloads
• Node.js 20.x installed on build server for future dashboard builds
• All agents reconnected to new server successfully

Current State

• Build Server (172.16.3.30) is now the sole GuruRMM server
• Dashboard: https://rmm-api.azcomputerguru.com/
• API: https://rmm-api.azcomputerguru.com/api/
• Downloads: https://rmm-api.azcomputerguru.com/downloads/
• WebSocket: wss://rmm-api.azcomputerguru.com/ws

Pending Tasks (Next Session)

1. Install certbot and get Let's Encrypt SSL certificate
2. Configure firewall (ufw)
3. Install and configure fail2ban
4. Harden SSH configuration
5. Enable automatic security updates
6. Optimize PostgreSQL and nginx
7. Fix systemd ReadWritePaths for agent command execution

Services Running on 172.16.3.30

systemctl status gururmm-server  # API server
systemctl status gururmm-agent   # Local agent
systemctl status postgresql      # Database
systemctl status nginx           # Web server