ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
45ff163eea6675a82a85dd6401f5cb1783b9727d
pxe-server/playbook/shopfloor-setup/Run-ShopfloorSetup.ps1
cproudlock 45ff163eea Fix reboot race + dispatcher owns all reboots 
Two related fixes from the pipeline audit:

1. Stage-Dispatcher race condition (critical):
   Run-ShopfloorSetup.ps1 called shutdown /r /t 10 and the dispatcher
   had to write the next stage + register RunOnce within that 10-second
   window. If disk I/O was slow, the reboot fired before RunOnce was
   registered, and the chain broke.

   Fix: dispatcher now cancels Run-ShopfloorSetup's pending reboot
   (shutdown /a) immediately after it returns, then advances the stage
   and registers RunOnce with no time pressure, then initiates its own
   shutdown /r /t 5.

2. Dispatcher owns all reboots:
   Run-ShopfloorSetup.ps1 now checks the -FromDispatcher flag at the
   end. When called by the dispatcher, it schedules shutdown /r /t 30
   as a safety net (the dispatcher cancels it immediately). When called
   standalone (manual run or legacy FirstLogonCommands), it reboots
   directly with /t 10 as before.

   This means the dispatcher has full control over the reboot lifecycle:
   cancel -> advance stage -> register RunOnce -> reboot. No racing.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 10:58:57 -04:00

222 lines
9.2 KiB
PowerShell
Raw Blame History

# Run-ShopfloorSetup.ps1 - Dispatcher for shopfloor PC type setup
# Runs Shopfloor baseline scripts first, then type-specific scripts on top.
param(
# Stage-Dispatcher.ps1 passes -FromDispatcher to bypass the stage-file
# gate below. When called by the unattend's FirstLogonCommands (no flag),
# the gate defers to the dispatcher if a stage file exists.
[switch]$FromDispatcher
)
# --- Stage-file gate ---
# If run-enrollment.ps1 wrote a stage file, the imaging chain is managed by
# Stage-Dispatcher.ps1 via RunOnce. Exit immediately so the FirstLogonCommands
# chain finishes, the PPKG reboot fires, and the dispatcher takes over on
# the next boot. Without this gate, the unattend's FirstLogonCommands runs
# this script right after run-enrollment in the same session (before the
# PPKG reboot), bypassing the entire staged chain.
if (-not $FromDispatcher) {
$stageFile = 'C:\Enrollment\setup-stage.txt'
if (Test-Path -LiteralPath $stageFile) {
$stage = (Get-Content -LiteralPath $stageFile -First 1 -ErrorAction SilentlyContinue)
Write-Host "Stage file found ($stage) - deferring to Stage-Dispatcher.ps1 on next logon."
exit 0
}
}
# --- Transcript logging ---
# Captures everything the dispatcher and all child scripts write to host so
# we can diagnose setup failures after the fact. -Append + -Force so repeat
# invocations (e.g. after a reboot mid-setup) accumulate instead of clobbering.
$logDir = 'C:\Logs\SFLD'
if (-not (Test-Path $logDir)) {
try { New-Item -ItemType Directory -Path $logDir -Force | Out-Null } catch { $logDir = $env:TEMP }
}
$transcriptPath = Join-Path $logDir 'shopfloor-setup.log'
try { Start-Transcript -Path $transcriptPath -Append -Force | Out-Null } catch {}
Write-Host ""
Write-Host "================================================================"
Write-Host "=== Run-ShopfloorSetup.ps1 starting $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') ==="
Write-Host " Transcript: $transcriptPath"
Write-Host "================================================================"
Write-Host ""
# Bump AutoLogonCount HIGH at the start so reboots during setup (e.g. VC++ 2008
# triggering an immediate ExitWindowsEx) don't exhaust autologin attempts before
# the dispatcher can complete. The end-of-script reset puts it back to 2 once
# everything succeeds.
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 99 /f | Out-Null
# Cancel any pending reboot so it doesn't interrupt setup
cmd /c "shutdown /a 2>nul" *>$null
# Prompt user to unplug from PXE switch before re-enabling wired adapters
Write-Host ""
Write-Host "========================================" -ForegroundColor Yellow
Write-Host " UNPLUG the ethernet cable from the" -ForegroundColor Yellow
Write-Host " PXE imaging switch NOW." -ForegroundColor Yellow
Write-Host "========================================" -ForegroundColor Yellow
Write-Host ""
Write-Host "Press any key to continue..." -ForegroundColor Yellow
$null = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
# Re-enable wired adapters
Get-NetAdapter -Physical | Where-Object { $_.InterfaceDescription -notmatch 'Wi-Fi|Wireless' } | Enable-NetAdapter -Confirm:$false -ErrorAction SilentlyContinue
$enrollDir = "C:\Enrollment"
$typeFile = Join-Path $enrollDir "pc-type.txt"
$setupDir = Join-Path $enrollDir "shopfloor-setup"
if (-not (Test-Path $typeFile)) {
Write-Host "No pc-type.txt found - skipping shopfloor setup."
exit 0
}
$pcType = (Get-Content $typeFile -First 1).Trim()
if (-not $pcType) {
Write-Host "pc-type.txt is empty - skipping shopfloor setup."
exit 0
}
Write-Host "Shopfloor PC Type: $pcType"
# Scripts to skip in the alphabetical baseline loop. Each is either run
# explicitly in the finalization phase below, or invoked internally by
# another script:
#
# 05 - Office shortcuts. Invoked by 06 as Phase 0. Office isn't installed
# until after the first reboot, so 05 no-ops on the imaging run.
# 06's SYSTEM logon task re-runs it on the second boot.
# 06 - Desktop org. Phase 2 needs eDNC/NTLARS on disk (installed by
# type-specific 01-eDNC.ps1). Run in finalization phase.
# 07 - Taskbar pin layout. Reads 06's output. Run in finalization phase.
# 08 - Edge default browser + startup tabs. Invoked by 06 as Phase 4.
# Reads .url files delivered by DSC (after setup reboots). 06's
# SYSTEM logon task re-runs it to pick them up.
$skipInBaseline = @(
'05-OfficeShortcuts.ps1',
'06-OrganizeDesktop.ps1',
'07-TaskbarLayout.ps1',
'08-EdgeDefaultBrowser.ps1',
'Check-MachineNumber.ps1',
'Configure-PC.ps1'
)
# Scripts run AFTER type-specific scripts complete. 05 and 08 are NOT
# here because 06 calls them internally as sub-phases.
$runAfterTypeSpecific = @(
'06-OrganizeDesktop.ps1',
'07-TaskbarLayout.ps1'
)
# --- Run Shopfloor baseline scripts first (skipping deferred ones) ---
$baselineDir = Join-Path $setupDir "Shopfloor"
if (Test-Path $baselineDir) {
$scripts = Get-ChildItem -Path $baselineDir -Filter "*.ps1" -File | Sort-Object Name
foreach ($script in $scripts) {
if ($skipInBaseline -contains $script.Name) {
Write-Host "Skipping baseline: $($script.Name) (runs in finalization phase)"
continue
}
cmd /c "shutdown /a 2>nul" *>$null
Write-Host "Running baseline: $($script.Name)"
try {
& $script.FullName
} catch {
Write-Warning "Baseline script $($script.Name) failed: $_"
}
}
}
# --- Run type-specific scripts (if not just baseline Shopfloor) ---
if ($pcType -ne "Shopfloor") {
$typeDir = Join-Path $setupDir $pcType
if (Test-Path $typeDir) {
# Only run numbered scripts (01-eDNC.ps1, 02-MachineNumberACLs.ps1).
# Unnumbered .ps1 files (Set-MachineNumber.ps1) are desktop tools,
# not installer scripts, and must not auto-run during setup.
$scripts = Get-ChildItem -Path $typeDir -Filter "*.ps1" -File |
Where-Object { $_.Name -match '^\d' } |
Sort-Object Name
foreach ($script in $scripts) {
cmd /c "shutdown /a 2>nul" *>$null
Write-Host "Running $pcType setup: $($script.Name)"
try {
& $script.FullName
} catch {
Write-Warning "Script $($script.Name) failed: $_"
}
}
} else {
Write-Host "No type-specific scripts found for $pcType."
}
}
# --- Finalization: run deferred baseline scripts (desktop org, taskbar pins)
# ---
# These needed to wait until all apps (eDNC, NTLARS, UDC, OpenText) were
# installed by the baseline + type-specific phases above. 06 internally
# calls 05 (Office shortcuts) and 08 (Edge config) as sub-phases, so we
# only need to invoke 06 and 07 explicitly here.
foreach ($name in $runAfterTypeSpecific) {
$script = Join-Path $baselineDir $name
if (-not (Test-Path $script)) {
Write-Warning "Deferred script not found: $script"
continue
}
cmd /c "shutdown /a 2>nul" *>$null
Write-Host "Running deferred baseline: $name"
try {
& $script
} catch {
Write-Warning "Deferred script $name failed: $_"
}
}
Write-Host "Shopfloor setup complete for $pcType."
# Copy utility scripts to SupportUser desktop
foreach ($tool in @('sync_intune.bat', 'Configure-PC.bat')) {
$src = Join-Path $setupDir "Shopfloor\$tool"
if (Test-Path $src) {
Copy-Item -Path $src -Destination "C:\Users\SupportUser\Desktop\$tool" -Force
Write-Host "$tool copied to desktop."
}
}
# Standard PCs get the UDC/eDNC machine number helper
if ($pcType -eq "Standard") {
foreach ($helper in @("Set-MachineNumber.bat", "Set-MachineNumber.ps1")) {
$src = Join-Path $setupDir "Standard\$helper"
if (Test-Path $src) {
Copy-Item -Path $src -Destination "C:\Users\SupportUser\Desktop\$helper" -Force
Write-Host "$helper copied to SupportUser desktop."
}
}
}
# Set auto-logon to expire after 2 more logins
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoLogonCount /t REG_DWORD /d 2 /f | Out-Null
Write-Host "Auto-logon set to 2 remaining logins."
Write-Host ""
Write-Host "================================================================"
Write-Host "=== Run-ShopfloorSetup.ps1 complete $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') ==="
Write-Host "================================================================"
# Flush transcript before shutdown so the log file is complete on next boot
try { Stop-Transcript | Out-Null } catch {}
if ($FromDispatcher) {
# Dispatcher owns the reboot — it cancels ours and reboots on its own
# terms after advancing the stage and re-registering RunOnce. We still
# schedule one as a safety net (dispatcher cancels it immediately).
Write-Host "Returning to Stage-Dispatcher for reboot."
shutdown /r /t 30
} else {
# Standalone run (manual or legacy FirstLogonCommands) — reboot directly.
Write-Host "Rebooting in 10 seconds..."
shutdown /r /t 10
}
Reference in New Issue View Git Blame Copy Permalink