azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b87e97d3ba5629c2b4660446dc94ce76db5838e7
claudetools/projects/msp-tools/guru-rmm/session-logs/2025-12-15-build-server-setup.md
Mike Swanson 6c316aa701 Add VPN configuration tools and agent documentation 
Created comprehensive VPN setup tooling for Peaceful Spirit L2TP/IPsec connection
and enhanced agent documentation framework.

VPN Configuration (PST-NW-VPN):
- Setup-PST-L2TP-VPN.ps1: Automated L2TP/IPsec setup with split-tunnel and DNS
- Connect-PST-VPN.ps1: Connection helper with PPP adapter detection, DNS (192.168.0.2), and route config (192.168.0.0/24)
- Connect-PST-VPN-Standalone.ps1: Self-contained connection script for remote deployment
- Fix-PST-VPN-Auth.ps1: Authentication troubleshooting for CHAP/MSChapv2
- Diagnose-VPN-Interface.ps1: Comprehensive VPN interface and routing diagnostic
- Quick-Test-VPN.ps1: Fast connectivity verification (DNS/router/routes)
- Add-PST-VPN-Route-Manual.ps1: Manual route configuration helper
- vpn-connect.bat, vpn-disconnect.bat: Simple batch file shortcuts
- OpenVPN config files (Windows-compatible, abandoned for L2TP)

Key VPN Implementation Details:
- L2TP creates PPP adapter with connection name as interface description
- UniFi auto-configures DNS (192.168.0.2) but requires manual route to 192.168.0.0/24
- Split-tunnel enabled (only remote traffic through VPN)
- All-user connection for pre-login auto-connect via scheduled task
- Authentication: CHAP + MSChapv2 for UniFi compatibility

Agent Documentation:
- AGENT_QUICK_REFERENCE.md: Quick reference for all specialized agents
- documentation-squire.md: Documentation and task management specialist agent
- Updated all agent markdown files with standardized formatting

Project Organization:
- Moved conversation logs to dedicated directories (guru-connect-conversation-logs, guru-rmm-conversation-logs)
- Cleaned up old session JSONL files from projects/msp-tools/
- Added guru-connect infrastructure (agent, dashboard, proto, scripts, .gitea workflows)
- Added guru-rmm server components and deployment configs

Technical Notes:
- VPN IP pool: 192.168.4.x (client gets 192.168.4.6)
- Remote network: 192.168.0.0/24 (router at 192.168.0.10)
- PSK: rrClvnmUeXEFo90Ol+z7tfsAZHeSK6w7
- Credentials: pst-admin / 24Hearts$

Files: 15 VPN scripts, 2 agent docs, conversation log reorganization,
guru-connect/guru-rmm infrastructure additions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-18 11:51:47 -07:00

188 lines
6.4 KiB
Markdown
Raw Blame History

# Session Log: Build Server Setup & Linux Agent Installer
**Date:** 2025-12-15/16
**Focus:** Native Windows/Linux service installers, Build server VM setup
---
## Summary
Major session focused on creating production-ready agent installers and setting up a dedicated GuruRMM server VM.
### Completed
1. **Native Windows Service** (from previous context)
- Created `agent/src/service.rs` with Windows SCM integration
- Uses `windows-service` crate for native service control
- Legacy NSSM service detection and cleanup
- Install/uninstall/start/stop/status commands
2. **Linux Agent Installer Improvements**
- Added `--server-url`, `--api-key`, `--skip-legacy-check` flags to install command
- Legacy systemd service detection and cleanup
- Auto-starts service when config is complete
- **FIXED:** Switched from glibc to musl static linking for universal compatibility
3. **Site Code Authentication**
- Added `is_site_code_format()` to detect WORD-WORD-NUMBER patterns
- Server now accepts site codes (e.g., `SWIFT-CLOUD-6910`) instead of long API keys
- Auto-registers agents under the matching site
4. **Build Server VM (172.16.3.30)**
- Ubuntu 22.04 VM created
- Installed: nginx, Rust, PostgreSQL, build-essential
- GuruRMM server binary deployed and running as systemd service
- Database migrated from Jupiter Docker to local PostgreSQL
- Nginx configured for downloads and API proxy
- Agent binary available at `/downloads/gururmm-agent-linux-amd64`
### Issues Found (To Fix in Installer v2)
1. **glibc version mismatch** - FIXED with musl static linking
2. **systemd ProtectSystem=strict** blocks remote command execution
- Need targeted `ReadWritePaths=/root/.ssh` instead of disabling protection
- Or installer flag for "managed" vs "locked down" mode
---
## Credentials & Configuration
### Build Server (172.16.3.30)
- **Hostname:** gururmm
- **SSH:** root with WSL key
- **Services:**
- GuruRMM Server: systemd `gururmm-server`, port 3001
- PostgreSQL: local, port 5432
- Nginx: port 80 (proxy to API + downloads)
- GuruRMM Agent: systemd `gururmm-agent`
### Database (now on 172.16.3.30)
- **Host:** localhost
- **Database:** gururmm
- **User:** gururmm
- **Password:** 43617ebf7eb242e814ca9988cc4df5ad
### Site Codes
- **Main Office:** `SWIFT-CLOUD-6910`
### Agent Downloads
- **URL:** http://172.16.3.30/downloads/gururmm-agent-linux-amd64
- **Or via NPM:** https://rmm-api.azcomputerguru.com/downloads/gururmm-agent-linux-amd64
---
## Key Files Modified
### Agent
- `agent/Cargo.toml` - Switched to rustls for static linking
- `agent/src/main.rs` - Added install flags, legacy detection, site code support
- `agent/src/service.rs` - Windows native service implementation
- `agent/scripts/install.sh` - Bootstrap installer script
### Server
- `server/src/ws/mod.rs` - Added `is_site_code_format()`, site code auth support
---
## Install Commands
### Linux (Site Code)
```bash
curl -fsSL http://172.16.3.30/downloads/gururmm-agent-linux-amd64 -o /tmp/gururmm-agent && \
chmod +x /tmp/gururmm-agent && \
sudo /tmp/gururmm-agent install \
--server-url wss://rmm-api.azcomputerguru.com/ws \
--api-key SWIFT-CLOUD-6910
```
### Windows
```powershell
# Download and install (from elevated prompt)
.\gururmm-agent.exe install --server-url wss://rmm-api.azcomputerguru.com/ws --api-key SWIFT-CLOUD-6910
```
---
## Pending Tasks
1. **Update NPM proxy** - Change rmm-api.azcomputerguru.com to forward to 172.16.3.30:3001
2. **Stop old Docker containers** on Jupiter (gururmm-server, gururmm-db)
3. **Fix systemd security** for agent command execution (ReadWritePaths)
4. **Add Windows binary** to downloads on build server
5. **Set up dashboard** hosting on build server
---
## Architecture (New)
```
┌─────────────────────────────────────┐
│ 172.16.3.30 (gururmm VM) │
│ │
Internet ──────────┼──► nginx (:80) │
(via NPM) │ ├──► /api/* → localhost:3001 │
│ ├──► /ws → localhost:3001 │
│ ├──► /downloads/* → static │
│ └──► /* → dashboard │
│ │
│ GuruRMM Server (:3001) │
│ PostgreSQL (:5432) │
│ Rust build toolchain │
└─────────────────────────────────────┘
```
---
## Commands Reference
### Remote Command via RMM API
```bash
curl -X POST "http://172.16.3.30:3001/api/agents/{AGENT_ID}/command" \
-H "Content-Type: application/json" \
-d '{"command_type": "shell", "command": "whoami"}'
```
### Check Command Result
```bash
curl "http://172.16.3.30:3001/api/commands/{COMMAND_ID}"
```
### Server Logs
```bash
ssh root@172.16.3.30 "journalctl -u gururmm-server -f"
```
---
## Session Update (End of Session)
### Completed This Session
- All Docker containers removed from Jupiter (gururmm-server, gururmm-db, gururmm-dashboard, gururmm-downloads)
- Dashboard deployed to build server at `/var/www/gururmm/dashboard/`
- Nginx configured to serve dashboard + API + downloads
- Node.js 20.x installed on build server for future dashboard builds
- All agents reconnected to new server successfully
### Current State
- **Build Server (172.16.3.30)** is now the sole GuruRMM server
- Dashboard: https://rmm-api.azcomputerguru.com/
- API: https://rmm-api.azcomputerguru.com/api/
- Downloads: https://rmm-api.azcomputerguru.com/downloads/
- WebSocket: wss://rmm-api.azcomputerguru.com/ws
### Pending Tasks (Next Session)
1. Install certbot and get Let's Encrypt SSL certificate
2. Configure firewall (ufw)
3. Install and configure fail2ban
4. Harden SSH configuration
5. Enable automatic security updates
6. Optimize PostgreSQL and nginx
7. Fix systemd ReadWritePaths for agent command execution
### Services Running on 172.16.3.30
```
systemctl status gururmm-server # API server
systemctl status gururmm-agent # Local agent
systemctl status postgresql # Database
systemctl status nginx # Web server
```
Reference in New Issue View Git Blame Copy Permalink