sam/clawjr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawjr/playbooks/prepare-racknerd3.yml

159 lines
4.2 KiB
YAML
Raw Permalink Blame History

---
# Forge — Prepare racknerd3
# Run from any host with SSH access to racknerd3:
# ansible-playbook -i "racknerd3," playbooks/prepare-racknerd3.yml
#
# Prerequisites: SSH access to racknerd3 as root
- name: Prepare racknerd3 for Forge agents
hosts: all
become: true
vars:
forge_user: root
forge_home: /root/forge
forgejo_url: "http://192.168.122.102:3000"
forgejo_token: "4ba6ae006be3c1555f7ad63d64d5ecf4703fd6a3"
aws_region: us-east-1
ssh_key_path: /root/.ssh/id_ed25519
tasks:
# ─── Stop and disable OpenClaw ───
- name: Stop OpenClaw service
systemd:
name: openclaw
state: stopped
enabled: false
ignore_errors: true
- name: Verify OpenClaw is stopped
command: systemctl is-active openclaw
register: claw_status
failed_when: false
changed_when: false
- name: Report OpenClaw status
debug:
msg: "OpenClaw is {{ claw_status.stdout }}"
# ─── Install dependencies ───
- name: Install AWS CLI and base tools
apt:
name:
- awscli
- jq
- curl
- git
- cron
state: present
update_cache: true
- name: Verify AWS CLI installed
command: aws --version
register: aws_ver
changed_when: false
- name: Report AWS CLI version
debug:
msg: "{{ aws_ver.stdout }}"
# ─── Configure Forgejo SSH access ───
- name: Add Forgejo host key to known_hosts
known_hosts:
name: 192.168.122.102
key: "{{ lookup('pipe', 'ssh-keyscan -t ed25519 192.168.122.102 2>/dev/null') }}"
path: /root/.ssh/known_hosts
state: present
- name: Register SSH key with Forgejo
uri:
url: "{{ forgejo_url }}/api/v1/user/keys"
method: POST
headers:
Authorization: "token {{ forgejo_token }}"
Content-Type: "application/json"
body_format: json
body:
title: "racknerd3-forge"
key: "{{ lookup('file', ssh_key_path + '.pub') }}"
status_code: [201, 422] # 422 = key already exists
# ─── Clone Forge repo ───
- name: Create forge directory
file:
path: "{{ forge_home }}"
state: directory
mode: "0750"
- name: Clone forge repo
git:
repo: "http://192.168.122.102:3000/sam/forge.git"
dest: "{{ forge_home }}"
version: main
force: false
environment:
GIT_TERMINAL_PROMPT: "0"
# ─── AWS credentials placeholder ───
- name: Create AWS credentials directory
file:
path: /root/.aws
state: directory
mode: "0700"
- name: Create AWS config
copy:
dest: /root/.aws/config
mode: "0600"
content: |
[default]
region = {{ aws_region }}
output = json
- name: Check if AWS credentials exist
stat:
path: /root/.aws/credentials
register: aws_creds
- name: Remind about AWS credentials
debug:
msg: >
AWS credentials file does not exist.
Create an IAM user with Bedrock-only access and add credentials:
aws configure --profile default
when: not aws_creds.stat.exists
# ─── Firewall cleanup ───
- name: Ensure UFW allows SSH
ufw:
rule: allow
name: OpenSSH
- name: Ensure UFW allows Telegram bot (port 18789 kept for transition)
ufw:
rule: allow
port: "18789"
proto: tcp
# ─── Create agent log directories ───
- name: Create log directories for each agent
file:
path: "{{ forge_home }}/agents/{{ item }}/logs"
state: directory
mode: "0750"
loop:
- scribe
- june
- nightwatch
# ─── Summary ───
- name: Preparation complete
debug:
msg: |
✅ racknerd3 prepared for Forge:
- OpenClaw: disabled
- AWS CLI: installed (credentials needed)
- Forgejo SSH: configured
- Forge repo: cloned to {{ forge_home }}
- Agent log dirs: created
NEXT: Add AWS credentials (aws configure) and test Bedrock access
Reference in a new issue View git blame Copy permalink