26bc1720af
Two test paths: (A) imaging-time install via PXE preinstall + Run-ShopfloorSetup.ps1 per PC type, (B) manifest-engine ongoing enforcement via GE-Enforce + Install-FromManifest against the v2 share. Locks the matrix before harness code lands: 9 PC-type rows, expected install state per type, drift scenarios per app for Path B's tamper+heal cycle. Decisions: skip JSON CI report (air-gapped solo workflow), interactive stdout + exit 0/1 only. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.8 KiB
5.8 KiB
Shopfloor test scope
Two test paths against the win11 analyzer VM as a synthetic shopfloor PC.
Path A: Imaging-time install (one-shot)
Simulates full PXE-deployed-and-first-booted PC. Verifies the imaging chain (preinstall.json + Run-ShopfloorSetup.ps1 + per-PC-type stage scripts) lands the expected end state for each PC type.
Per-round flow:
- Revert VM to
blank-slatesnapshot (clean Win11 baseline + qemu-ga + WinRM). - Stage
C:\PreInstall\fromplaybook/preinstall/(preinstall.json + payloads). - Run preinstall runner with
PCType/PCSubTypearguments. - Stage
C:\Enrollment\shopfloor-setup\fromplaybook/shopfloor-setup/. - Drop
C:\Enrollment\pc-type.txt+pc-subtype.txt+site-config.json. - Run
Run-ShopfloorSetup.ps1. - Verify expected install state per PC type (table below).
- Capture verification report.
Path B: Manifest-engine ongoing enforcement
Simulates a steady-state PC discovering drift. Verifies GE-Enforce idempotence, drift heal, InUseCheck behavior.
Per-round flow:
- Start from a post-imaging state (either via Path A first, or revert to a pre-installed snapshot we'll capture once).
- Stage GE-Enforce.ps1 + Install-FromManifest.ps1 to
C:\Program Files\GE\Shopfloor\. - Inject SFLD creds in HKLM pointing at the v2 share via samba.
- Phase 1 (clean cycle): run GE-Enforce. Verify "all skipped" (no-op).
- Phase 2 (drift): tamper specific entries (delete file, reset reg value, kill marker).
- Phase 3 (heal): re-run GE-Enforce. Verify each tampered entry re-fires and end state matches.
- Phase 4 (idempotent): re-run GE-Enforce. Verify back to "all skipped".
PC-type matrix
| PCType | PCSubType | A applies | B applies | Manifest scopes (B) |
|---|---|---|---|---|
| Standard | Machine | yes | yes | common, standard, standard-machine |
| Standard | Timeclock | yes | yes | common, standard, standard-timeclock |
| CMM | - | yes | yes | common, cmm |
| Keyence | - | yes | yes | common, keyence |
| Lab | - | yes | yes | common, lab |
| WaxAndTrace | - | yes | yes | common, waxandtrace |
| Genspect | - | yes | yes | common, genspect |
| Display | - | yes | yes | common, display |
| Shopfloor | - | yes (baseline only) | yes | common only (PCTypes filter excludes most apps) |
Expected install state per PC type (post-A)
Sourced from preinstall.json's PCTypes filter + per-PC-type Stage-Dispatcher flow. Detection methods match what GE-Enforce uses for re-enforcement, so verification logic is shared between A and B.
Common (all PC types)
| App | Detection | Detection value |
|---|---|---|
| VC++ 2008 x86 | Reg | HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{...} |
| VC++ 2010 x86 / x64 | Reg | (vendor-version) |
| VC++ 2012 x86 (Min+Add) / x64 | Reg | |
| VC++ 2013 x86 (Min+Add) / x64 (Min+Add) | Reg | |
| VC++ 2022 x86 (Min+Add) | Reg | |
| Adobe Acrobat Reader DC | Reg | DisplayVersion = 25.001.20531 |
| WJF Defect Tracker | File | C:\Program Files (x86)\WJF_Defect_Tracker\Defect_Tracker.exe |
+ Standard / Standard-Machine
| App | Detection |
|---|---|
| Oracle Client 11.2 | Reg ORACLE_HOME_NAME |
| OpenText HostExplorer | Reg HKLM\SOFTWARE\GE\OpenText\Installed = 15.0.SP1.2 |
| Shopfloor Serial Drivers | Driver pnputil enum |
| eDNC + NTLARS (bundled) | FileVersion DncMain.exe = 6.4.5.0 |
| eMxInfo.txt | Hash content match |
| UDC (Standard-Machine only) | Reg DisplayVersion = 1.0.34 |
| FMSHostPrimary reg | ValueMatches = wjfms3.ae.ge.com |
| FMSHostSecondary reg | ValueMatches = 10.233.112.158 |
| Hosts pin | grep file for 10.233.112.158\twjfms3.ae.ge.com |
CMM/Keyence/Genspect/WaxAndTrace/Lab/Display
(Each adds its own per-type apps - see playbook/shopfloor-setup//
stage scripts and v2 share <type>/manifest.json.)
Drift scenarios for Path B (per app)
| App | Drift action | Heal expected |
|---|---|---|
| OpenText | Remove-ItemProperty HKLM:\SOFTWARE\GE\OpenText -Name Installed |
Re-fires Setup-OpenText.cmd, marker re-written |
| eMxInfo.txt | Truncate/overwrite the txt file | Hash mismatch -> Install-eMxInfo.cmd re-runs |
| FMSHostPrimary | reg add ... /d "WJFMS3" /f |
ValueMatches -> Type=Registry re-asserts wjfms3.ae.ge.com |
| FMSHostSecondary | reg add ... /d "WJFMS4" /f |
ValueMatches -> re-asserts 10.233.112.158 |
| Hosts pin | Remove the FMS line from hosts | Always -> Set-FmsHostsEntry.ps1 re-adds |
| Edge IE-Mode site list | Overwrite XML with junk | Hash -> file re-copied from share |
| 3OF9 font reg | Delete reg value | ValueMatches -> Type=Registry re-asserts |
| eDNC | msiexec /x to uninstall |
FileVersion miss -> MSI re-installs |
| InUseCheck (eDNC) | Spawn placeholder DncMain process before run | CloseAndReopen -> graceful close / kill / install / restart |
Out of scope (initial)
- Display Kiosk App content matrix (per-site config).
- Display lobby vs dashboard variants.
- Per-bay machine-number-driven ACL setup (requires real bay number + AD context).
- Intune device QR / DSC handoff (Azure-side, can't simulate locally).
Deliverables
playbook/shopfloor-setup/common/test/
SCOPE.md (this file)
README.md (operator how-to)
lib/
vm-base.sh (host: revert, qga, share mount)
verify-state.ps1 (VM: detection per app, returns JSON report)
A-imaging/
run.sh (host orchestrator, takes -PCType/-PCSubType)
stage-image.ps1 (VM: copy preinstall + shopfloor-setup, run them)
B-enforce/
run.sh (host orchestrator, drives 4-phase cycle)
tamper.ps1 (VM: drift injection per app, JSON-driven)
matrix.json (PC-type list + expected apps + drift scenarios)
Each run.sh returns 0 on full pass, non-zero on any failure; emits per-app
pass/fail to stdout + a JSON report to stderr for CI.