ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
64169819b387d5ff686e31b04bcf7c0072c11497
pxe-server/playbook/shopfloor-setup/gea-shopfloor-cmm/09-Setup-CMM.ps1
cproudlock 6dcf96e40a Phase 3+4 rename reorg: repo dir renames + startnet.cmd menu 
Pairs with Phase 1+2 from earlier (alias maps in Install-FromManifest,
GE-Enforce, Get-PCProfile, verify-state). See project-shopfloor-rename-reorg
memory for the plan.

Phase 3 (repo + paths):
- git mv per-PC-type dirs to gea-shopfloor-* names:
    Standard      -> gea-shopfloor-collections
    CMM           -> gea-shopfloor-cmm
    Keyence       -> gea-shopfloor-keyence
    Genspect      -> gea-shopfloor-genspect
    WaxAndTrace   -> gea-shopfloor-waxtrace
    Display       -> gea-shopfloor-display
    Lab           -> gea-shopfloor-common (folded; Timeclock+Lab merge)
- New gea-shopfloor-nocollections/ (clone of collections sans UDC scripts).
- New gea-shopfloor-heattreat/ (placeholder, README only).
- Move Standard/ntlars-backups/ -> _ntlars-backups/ (per-MN, not per-type).
- Run-ShopfloorSetup.ps1: Resolve-PCTypeDir helper walks alias group when
  the on-disk dir for the current pcType is missing. Set-MachineNumber
  helper-copy gated on collections|nocollections|legacy Standard-Machine.
- Update-MachineNumber.ps1: pcProfiles lookups try gea-shopfloor-collections
  first, fall back to legacy Standard-Machine. PowerShell 5.1 compatible
  (no null-coalesce).

Phase 4 (startnet.cmd menu):
- Choice 3 "GEA Shopfloor" now drills into a 9-item sub-menu instead of
  going straight to enrollment. Sub-cats:
    1. Machine with Collections        -> gea-shopfloor-collections
    2. Machine without Collections     -> gea-shopfloor-nocollections
    3. Common (Timeclock, Lab)         -> gea-shopfloor-common
    4. Keyence                         -> gea-shopfloor-keyence
    5. CMM                             -> gea-shopfloor-cmm
    6. Genspect                        -> gea-shopfloor-genspect
    7. Heattreat                       -> gea-shopfloor-heattreat
    8. Wax and Trace                   -> gea-shopfloor-waxtrace
    9. Display                         -> gea-shopfloor-display
- Office menu (existing 6-option) follows for every sub-cat.
- Machine number prompt only for collections + nocollections.
- pc-subtype.txt + display-type.txt no longer written. PCTYPE is a
  single full string (gea-shopfloor-*); subtype-aware code paths fall
  back to empty and resolve via the alias map.
- CMM bootstrap stage gate switched from "%PCTYPE%"=="CMM" to
  "%PCTYPE%"=="gea-shopfloor-cmm".

Test harness:
- B-enforce/run.sh PCSUBTYPE default changed from "Machine" to "" so
  single-arg invocation matches the new single-string scheme. Two-arg
  legacy form ("Standard Machine") still works via aliasing.
- B-enforce/tamper.ps1 alias-aware Test-MatrixEntryMatches mirroring
  verify-state.ps1.

Smoke-tested on win11 VM as SYSTEM via qga: B-enforce harness 5-phase
cycle (stage / baseline / tamper / heal / idempotent) passes 10/10
with PCType=gea-shopfloor-collections AND with legacy "Standard Machine"
two-arg form.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 08:09:16 -04:00

177 lines
8.0 KiB
PowerShell
Raw Blame History

# 09-Setup-CMM.ps1 - CMM type setup (runs during shopfloor-setup phase).
#
# At imaging time the tsgwp00525 SFLD share is NOT yet reachable - Azure DSC
# has not provisioned the share credentials that early. So we install from a
# WinPE-staged local copy at C:\CMM-Install (put there by startnet.cmd when
# the tech picks pc-type=CMM). Ongoing enforcement is handled by GE-Enforce
# (registered separately in Run-ShopfloorSetup.ps1) reading cmm/manifest.json
# from the tsgwp00525 share.
#
# Sequence:
# 1. Enable .NET Framework 3.5 (PC-DMIS 2016 prereq on Win10/11 where 3.5
# is an off-by-default optional feature).
# 2. Run Install-FromManifest against C:\CMM-Install\cmm-manifest.json.
# 2.5. Grant BUILTIN\Users Modify on PC-DMIS install dirs (Hexagon-documented
# approach for non-admin runtime).
# 3. Delete C:\CMM-Install to reclaim the ~2 GB of bootstrap installers.
#
# Library lookup: the imaging-time install uses the common Install-FromManifest
# library at ..\common\lib\Install-FromManifest.ps1 (relative to $PSScriptRoot).
#
# Log: C:\Logs\CMM\09-Setup-CMM.log (stdout from this script) plus the
# install-time log at C:\Logs\CMM\install.log written by Install-FromManifest.
$ErrorActionPreference = 'Continue'
$stagingRoot = 'C:\CMM-Install'
$stagingMani = Join-Path $stagingRoot 'cmm-manifest.json'
$libSource = Join-Path $PSScriptRoot '..\common\lib\Install-FromManifest.ps1'
$logDir = 'C:\Logs\CMM'
$logFile = Join-Path $logDir 'install.log'
$transcriptLog = Join-Path $logDir '09-Setup-CMM.log'
if (-not (Test-Path $logDir)) {
New-Item -Path $logDir -ItemType Directory -Force | Out-Null
}
# Independent transcript in addition to whatever Run-ShopfloorSetup.ps1 is
# capturing at the top level. Lets a tech open C:\Logs\CMM\09-Setup-CMM.log
# and see the entire CMM-type setup run without scrolling through the
# monolithic shopfloor-setup.log.
try { Start-Transcript -Path $transcriptLog -Append -Force | Out-Null } catch {}
function Write-CMMLog {
param([string]$Message, [string]$Level = 'INFO')
$stamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Write-Host "[$stamp] [$Level] $Message"
}
Write-CMMLog "================================================================"
Write-CMMLog "=== CMM Setup (imaging-time) session start (PID $PID) ==="
Write-CMMLog "Running as: $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)"
Write-CMMLog "================================================================"
# Diagnostic dump - knowing WHY the script took a branch is half the battle.
Write-CMMLog "Script root: $PSScriptRoot"
foreach ($file in @('pc-type.txt','pc-subtype.txt','machine-number.txt')) {
$path = "C:\Enrollment\$file"
if (Test-Path -LiteralPath $path) {
$content = (Get-Content -LiteralPath $path -First 1 -ErrorAction SilentlyContinue).Trim()
Write-CMMLog " $file = $content"
} else {
Write-CMMLog " $file = (not present)"
}
}
if (Test-Path $stagingRoot) {
$bootstrapFiles = @(Get-ChildItem -LiteralPath $stagingRoot -File -ErrorAction SilentlyContinue)
Write-CMMLog "Bootstrap staging: $stagingRoot ($($bootstrapFiles.Count) files)"
foreach ($f in $bootstrapFiles) {
Write-CMMLog " - $($f.Name) ($([math]::Round($f.Length/1MB)) MB)"
}
} else {
Write-CMMLog "Bootstrap staging: $stagingRoot (DOES NOT EXIST - startnet.cmd did not stage it)" "ERROR"
}
# ============================================================================
# Step 1: Enable .NET Framework 3.5
# ============================================================================
# PC-DMIS 2016 lists .NET 3.5 as a prereq for some older components. On Win10/
# Win11 it's an optional Windows feature that is OFF by default. Enable-
# WindowsOptionalFeature pulls the payload from Windows Update when the PC
# has internet; sources from the installed Windows image otherwise. Idempotent
# (no-op if already enabled). We swallow failures because if internet and
# media are both unavailable this becomes a known gap rather than an imaging
# blocker - we'd still rather try to install PC-DMIS and surface the real
# failure in its log.
Write-CMMLog "Checking .NET Framework 3.5 state..."
try {
$netfx = Get-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -ErrorAction Stop
if ($netfx.State -eq 'Enabled') {
Write-CMMLog " .NET 3.5 already enabled"
} else {
Write-CMMLog " .NET 3.5 state is $($netfx.State) - enabling now (may take a minute)..."
$result = Enable-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -All -NoRestart -ErrorAction Stop
Write-CMMLog " Enable-WindowsOptionalFeature RestartNeeded=$($result.RestartNeeded)"
}
} catch {
Write-CMMLog " Failed to enable .NET 3.5: $_" "WARN"
Write-CMMLog " Continuing anyway - PC-DMIS installers will surface any hard dependency."
}
# ============================================================================
# Step 2: Install apps from the WinPE-staged bootstrap at C:\CMM-Install
# ============================================================================
if (-not (Test-Path $stagingRoot)) {
Write-CMMLog "$stagingRoot does not exist - startnet.cmd did not stage CMM installers" "ERROR"
Write-CMMLog "Skipping install. The logon enforcer will pick up from the share when SFLD creds are available."
}
elseif (-not (Test-Path $stagingMani)) {
Write-CMMLog "$stagingMani missing - staging directory is incomplete" "ERROR"
}
elseif (-not (Test-Path $libSource)) {
Write-CMMLog "Shared library not found at $libSource" "ERROR"
}
else {
Write-CMMLog "Running Install-FromManifest against $stagingRoot"
& $libSource -ManifestPath $stagingMani -InstallerRoot $stagingRoot -LogFile $logFile
$rc = $LASTEXITCODE
Write-CMMLog "Install-FromManifest returned $rc"
}
# ============================================================================
# Step 2.5: Grant Users write access to PC-DMIS install directories
# ============================================================================
# PC-DMIS writes settings, probe configs, and measurement data to its own
# install directory at runtime. Without Modify permission for BUILTIN\Users,
# non-admin accounts get a UAC elevation prompt on every launch. Granting
# the ACL here is the Hexagon-documented approach for non-admin deployment
# and avoids the need for a first-run-as-admin (which hits a license dialog
# and can't be automated silently).
$pcdmisDirs = @(
'C:\Program Files\Hexagon\PC-DMIS 2016.0 64-bit',
'C:\Program Files\Hexagon\PC-DMIS 2019 R2 64-bit',
'C:\ProgramData\Hexagon',
'C:\Program Files (x86)\General Electric\goCMM',
'C:\Program Files\DODA'
)
foreach ($dir in $pcdmisDirs) {
if (-not (Test-Path -LiteralPath $dir)) {
Write-CMMLog "PC-DMIS dir not found: $dir - skipping ACL"
continue
}
try {
$acl = Get-Acl -LiteralPath $dir
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
'BUILTIN\Users',
'Modify',
'ContainerInherit,ObjectInherit',
'None',
'Allow'
)
$acl.AddAccessRule($rule)
Set-Acl -LiteralPath $dir -AclObject $acl -ErrorAction Stop
Write-CMMLog "Granted BUILTIN\Users Modify on $dir"
} catch {
Write-CMMLog "Failed to set ACL on $dir : $_" "WARN"
}
}
# ============================================================================
# Step 3: Clean up the bootstrap staging dir
# ============================================================================
# ~2 GB reclaimed. From here on, GE-Enforce takes over from the tsgwp00525
# share for ongoing updates.
if (Test-Path $stagingRoot) {
Write-CMMLog "Deleting bootstrap staging at $stagingRoot"
try {
Remove-Item -LiteralPath $stagingRoot -Recurse -Force -ErrorAction Stop
Write-CMMLog "Bootstrap cleanup complete"
} catch {
Write-CMMLog "Failed to delete $stagingRoot : $_" "WARN"
}
}
Write-CMMLog "=== CMM Setup Complete ==="
try { Stop-Transcript | Out-Null } catch {}
Reference in New Issue View Git Blame Copy Permalink