ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SCOPE.md for shopfloor test harness

Browse Source 
Two test paths: (A) imaging-time install via PXE preinstall +
Run-ShopfloorSetup.ps1 per PC type, (B) manifest-engine ongoing
enforcement via GE-Enforce + Install-FromManifest against the v2 share.

Locks the matrix before harness code lands: 9 PC-type rows, expected
install state per type, drift scenarios per app for Path B's
tamper+heal cycle. Decisions: skip JSON CI report (air-gapped solo
workflow), interactive stdout + exit 0/1 only.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-05-02 16:57:59 -04:00
parent df443d5d28
commit 26bc1720af
1 changed files with 127 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

127
playbook/shopfloor-setup/common/test/SCOPE.md Normal file
View File

@@ -0,0 +1,127 @@
# Shopfloor test scope
Two test paths against the win11 analyzer VM as a synthetic shopfloor PC.
## Path A: Imaging-time install (one-shot)
Simulates full PXE-deployed-and-first-booted PC. Verifies the imaging chain
(preinstall.json + Run-ShopfloorSetup.ps1 + per-PC-type stage scripts) lands
the expected end state for each PC type.
**Per-round flow:**
1. Revert VM to `blank-slate` snapshot (clean Win11 baseline + qemu-ga + WinRM).
2. Stage `C:\PreInstall\` from `playbook/preinstall/` (preinstall.json + payloads).
3. Run preinstall runner with `PCType`/`PCSubType` arguments.
4. Stage `C:\Enrollment\shopfloor-setup\` from `playbook/shopfloor-setup/`.
5. Drop `C:\Enrollment\pc-type.txt` + `pc-subtype.txt` + `site-config.json`.
6. Run `Run-ShopfloorSetup.ps1`.
7. Verify expected install state per PC type (table below).
8. Capture verification report.
## Path B: Manifest-engine ongoing enforcement
Simulates a steady-state PC discovering drift. Verifies GE-Enforce idempotence,
drift heal, InUseCheck behavior.
**Per-round flow:**
1. Start from a post-imaging state (either via Path A first, or revert to a
pre-installed snapshot we'll capture once).
2. Stage GE-Enforce.ps1 + Install-FromManifest.ps1 to `C:\Program Files\GE\Shopfloor\`.
3. Inject SFLD creds in HKLM pointing at the v2 share via samba.
4. Phase 1 (clean cycle): run GE-Enforce. Verify "all skipped" (no-op).
5. Phase 2 (drift): tamper specific entries (delete file, reset reg value, kill marker).
6. Phase 3 (heal): re-run GE-Enforce. Verify each tampered entry re-fires and end state matches.
7. Phase 4 (idempotent): re-run GE-Enforce. Verify back to "all skipped".
## PC-type matrix
| PCType | PCSubType | A applies | B applies | Manifest scopes (B) |
|--------|-----------|-----------|-----------|---------------------|
| Standard | Machine | yes | yes | common, standard, standard-machine |
| Standard | Timeclock | yes | yes | common, standard, standard-timeclock |
| CMM | - | yes | yes | common, cmm |
| Keyence | - | yes | yes | common, keyence |
| Lab | - | yes | yes | common, lab |
| WaxAndTrace | - | yes | yes | common, waxandtrace |
| Genspect | - | yes | yes | common, genspect |
| Display | - | yes | yes | common, display |
| Shopfloor | - | yes (baseline only) | yes | common only (PCTypes filter excludes most apps) |
## Expected install state per PC type (post-A)
Sourced from preinstall.json's PCTypes filter + per-PC-type Stage-Dispatcher
flow. Detection methods match what GE-Enforce uses for re-enforcement, so
verification logic is shared between A and B.
### Common (all PC types)
| App | Detection | Detection value |
|-----|-----------|-----------------|
| VC++ 2008 x86 | Reg | `HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{...}` |
| VC++ 2010 x86 / x64 | Reg | (vendor-version) |
| VC++ 2012 x86 (Min+Add) / x64 | Reg | |
| VC++ 2013 x86 (Min+Add) / x64 (Min+Add) | Reg | |
| VC++ 2022 x86 (Min+Add) | Reg | |
| Adobe Acrobat Reader DC | Reg | DisplayVersion = 25.001.20531 |
| WJF Defect Tracker | File | C:\Program Files (x86)\WJF_Defect_Tracker\Defect_Tracker.exe |
### + Standard / Standard-Machine
| App | Detection |
|-----|-----------|
| Oracle Client 11.2 | Reg ORACLE_HOME_NAME |
| OpenText HostExplorer | Reg HKLM\SOFTWARE\GE\OpenText\Installed = 15.0.SP1.2 |
| Shopfloor Serial Drivers | Driver pnputil enum |
| eDNC + NTLARS (bundled) | FileVersion DncMain.exe = 6.4.5.0 |
| eMxInfo.txt | Hash content match |
| UDC (Standard-Machine only) | Reg DisplayVersion = 1.0.34 |
| FMSHostPrimary reg | ValueMatches = wjfms3.ae.ge.com |
| FMSHostSecondary reg | ValueMatches = 10.233.112.158 |
| Hosts pin | grep file for `10.233.112.158\twjfms3.ae.ge.com` |
### CMM/Keyence/Genspect/WaxAndTrace/Lab/Display
(Each adds its own per-type apps - see playbook/shopfloor-setup/<type>/
stage scripts and v2 share `<type>/manifest.json`.)
## Drift scenarios for Path B (per app)
| App | Drift action | Heal expected |
|-----|--------------|---------------|
| OpenText | `Remove-ItemProperty HKLM:\SOFTWARE\GE\OpenText -Name Installed` | Re-fires Setup-OpenText.cmd, marker re-written |
| eMxInfo.txt | Truncate/overwrite the txt file | Hash mismatch -> Install-eMxInfo.cmd re-runs |
| FMSHostPrimary | `reg add ... /d "WJFMS3" /f` | ValueMatches -> Type=Registry re-asserts wjfms3.ae.ge.com |
| FMSHostSecondary | `reg add ... /d "WJFMS4" /f` | ValueMatches -> re-asserts 10.233.112.158 |
| Hosts pin | Remove the FMS line from hosts | Always -> Set-FmsHostsEntry.ps1 re-adds |
| Edge IE-Mode site list | Overwrite XML with junk | Hash -> file re-copied from share |
| 3OF9 font reg | Delete reg value | ValueMatches -> Type=Registry re-asserts |
| eDNC | `msiexec /x` to uninstall | FileVersion miss -> MSI re-installs |
| InUseCheck (eDNC) | Spawn placeholder DncMain process before run | CloseAndReopen -> graceful close / kill / install / restart |
## Out of scope (initial)
- Display Kiosk App content matrix (per-site config).
- Display lobby vs dashboard variants.
- Per-bay machine-number-driven ACL setup (requires real bay number + AD context).
- Intune device QR / DSC handoff (Azure-side, can't simulate locally).
## Deliverables
```
playbook/shopfloor-setup/common/test/
SCOPE.md (this file)
README.md (operator how-to)
lib/
vm-base.sh (host: revert, qga, share mount)
verify-state.ps1 (VM: detection per app, returns JSON report)
A-imaging/
run.sh (host orchestrator, takes -PCType/-PCSubType)
stage-image.ps1 (VM: copy preinstall + shopfloor-setup, run them)
B-enforce/
run.sh (host orchestrator, drives 4-phase cycle)
tamper.ps1 (VM: drift injection per app, JSON-driven)
matrix.json (PC-type list + expected apps + drift scenarios)
```
Each `run.sh` returns 0 on full pass, non-zero on any failure; emits per-app
pass/fail to stdout + a JSON report to stderr for CI.