From 981d75b9102d7dd326e99a3f33693509c91ad687 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:17:05 -0700 Subject: [PATCH 01/16] refactor: rename role directory clawdbot -> openclaw Co-Authored-By: Claude Opus 4.5 --- playbook.yml | 4 ++-- roles/{clawdbot => openclaw}/defaults/main.yml | 0 roles/{clawdbot => openclaw}/files/clawdbot-setup.sh | 0 roles/{clawdbot => openclaw}/files/show-lobster.sh | 0 roles/{clawdbot => openclaw}/handlers/main.yml | 0 roles/{clawdbot => openclaw}/tasks/clawdbot-development.yml | 0 roles/{clawdbot => openclaw}/tasks/clawdbot-release.yml | 0 roles/{clawdbot => openclaw}/tasks/clawdbot.yml | 0 roles/{clawdbot => openclaw}/tasks/docker-linux.yml | 0 roles/{clawdbot => openclaw}/tasks/docker-macos.yml | 0 roles/{clawdbot => openclaw}/tasks/docker.yml | 0 roles/{clawdbot => openclaw}/tasks/firewall-linux.yml | 0 roles/{clawdbot => openclaw}/tasks/firewall-macos.yml | 0 roles/{clawdbot => openclaw}/tasks/firewall.yml | 0 roles/{clawdbot => openclaw}/tasks/main.yml | 0 roles/{clawdbot => openclaw}/tasks/nodejs.yml | 0 roles/{clawdbot => openclaw}/tasks/system-tools-linux.yml | 0 roles/{clawdbot => openclaw}/tasks/system-tools-macos.yml | 0 roles/{clawdbot => openclaw}/tasks/system-tools.yml | 0 roles/{clawdbot => openclaw}/tasks/tailscale-linux.yml | 0 roles/{clawdbot => openclaw}/tasks/tailscale-macos.yml | 0 roles/{clawdbot => openclaw}/tasks/tailscale.yml | 0 roles/{clawdbot => openclaw}/tasks/user.yml | 0 roles/{clawdbot => openclaw}/templates/clawdbot-config.yml.j2 | 0 .../{clawdbot => openclaw}/templates/clawdbot-host.service.j2 | 0 roles/{clawdbot => openclaw}/templates/daemon.json.j2 | 0 roles/{clawdbot => openclaw}/templates/vimrc.j2 | 0 27 files changed, 2 insertions(+), 2 deletions(-) rename roles/{clawdbot => openclaw}/defaults/main.yml (100%) rename roles/{clawdbot => openclaw}/files/clawdbot-setup.sh (100%) rename roles/{clawdbot => openclaw}/files/show-lobster.sh (100%) rename roles/{clawdbot => openclaw}/handlers/main.yml (100%) rename roles/{clawdbot => openclaw}/tasks/clawdbot-development.yml (100%) rename roles/{clawdbot => openclaw}/tasks/clawdbot-release.yml (100%) rename roles/{clawdbot => openclaw}/tasks/clawdbot.yml (100%) rename roles/{clawdbot => openclaw}/tasks/docker-linux.yml (100%) rename roles/{clawdbot => openclaw}/tasks/docker-macos.yml (100%) rename roles/{clawdbot => openclaw}/tasks/docker.yml (100%) rename roles/{clawdbot => openclaw}/tasks/firewall-linux.yml (100%) rename roles/{clawdbot => openclaw}/tasks/firewall-macos.yml (100%) rename roles/{clawdbot => openclaw}/tasks/firewall.yml (100%) rename roles/{clawdbot => openclaw}/tasks/main.yml (100%) rename roles/{clawdbot => openclaw}/tasks/nodejs.yml (100%) rename roles/{clawdbot => openclaw}/tasks/system-tools-linux.yml (100%) rename roles/{clawdbot => openclaw}/tasks/system-tools-macos.yml (100%) rename roles/{clawdbot => openclaw}/tasks/system-tools.yml (100%) rename roles/{clawdbot => openclaw}/tasks/tailscale-linux.yml (100%) rename roles/{clawdbot => openclaw}/tasks/tailscale-macos.yml (100%) rename roles/{clawdbot => openclaw}/tasks/tailscale.yml (100%) rename roles/{clawdbot => openclaw}/tasks/user.yml (100%) rename roles/{clawdbot => openclaw}/templates/clawdbot-config.yml.j2 (100%) rename roles/{clawdbot => openclaw}/templates/clawdbot-host.service.j2 (100%) rename roles/{clawdbot => openclaw}/templates/daemon.json.j2 (100%) rename roles/{clawdbot => openclaw}/templates/vimrc.j2 (100%) diff --git a/playbook.yml b/playbook.yml index 4cefa42..e036a0b 100644 --- a/playbook.yml +++ b/playbook.yml @@ -95,12 +95,12 @@ when: homebrew_install is defined and homebrew_install.changed roles: - - clawdbot + - openclaw post_tasks: - name: Copy ASCII art script ansible.builtin.copy: - src: roles/clawdbot/files/show-lobster.sh + src: roles/openclaw/files/show-lobster.sh dest: /tmp/show-lobster.sh mode: '0755' diff --git a/roles/clawdbot/defaults/main.yml b/roles/openclaw/defaults/main.yml similarity index 100% rename from roles/clawdbot/defaults/main.yml rename to roles/openclaw/defaults/main.yml diff --git a/roles/clawdbot/files/clawdbot-setup.sh b/roles/openclaw/files/clawdbot-setup.sh similarity index 100% rename from roles/clawdbot/files/clawdbot-setup.sh rename to roles/openclaw/files/clawdbot-setup.sh diff --git a/roles/clawdbot/files/show-lobster.sh b/roles/openclaw/files/show-lobster.sh similarity index 100% rename from roles/clawdbot/files/show-lobster.sh rename to roles/openclaw/files/show-lobster.sh diff --git a/roles/clawdbot/handlers/main.yml b/roles/openclaw/handlers/main.yml similarity index 100% rename from roles/clawdbot/handlers/main.yml rename to roles/openclaw/handlers/main.yml diff --git a/roles/clawdbot/tasks/clawdbot-development.yml b/roles/openclaw/tasks/clawdbot-development.yml similarity index 100% rename from roles/clawdbot/tasks/clawdbot-development.yml rename to roles/openclaw/tasks/clawdbot-development.yml diff --git a/roles/clawdbot/tasks/clawdbot-release.yml b/roles/openclaw/tasks/clawdbot-release.yml similarity index 100% rename from roles/clawdbot/tasks/clawdbot-release.yml rename to roles/openclaw/tasks/clawdbot-release.yml diff --git a/roles/clawdbot/tasks/clawdbot.yml b/roles/openclaw/tasks/clawdbot.yml similarity index 100% rename from roles/clawdbot/tasks/clawdbot.yml rename to roles/openclaw/tasks/clawdbot.yml diff --git a/roles/clawdbot/tasks/docker-linux.yml b/roles/openclaw/tasks/docker-linux.yml similarity index 100% rename from roles/clawdbot/tasks/docker-linux.yml rename to roles/openclaw/tasks/docker-linux.yml diff --git a/roles/clawdbot/tasks/docker-macos.yml b/roles/openclaw/tasks/docker-macos.yml similarity index 100% rename from roles/clawdbot/tasks/docker-macos.yml rename to roles/openclaw/tasks/docker-macos.yml diff --git a/roles/clawdbot/tasks/docker.yml b/roles/openclaw/tasks/docker.yml similarity index 100% rename from roles/clawdbot/tasks/docker.yml rename to roles/openclaw/tasks/docker.yml diff --git a/roles/clawdbot/tasks/firewall-linux.yml b/roles/openclaw/tasks/firewall-linux.yml similarity index 100% rename from roles/clawdbot/tasks/firewall-linux.yml rename to roles/openclaw/tasks/firewall-linux.yml diff --git a/roles/clawdbot/tasks/firewall-macos.yml b/roles/openclaw/tasks/firewall-macos.yml similarity index 100% rename from roles/clawdbot/tasks/firewall-macos.yml rename to roles/openclaw/tasks/firewall-macos.yml diff --git a/roles/clawdbot/tasks/firewall.yml b/roles/openclaw/tasks/firewall.yml similarity index 100% rename from roles/clawdbot/tasks/firewall.yml rename to roles/openclaw/tasks/firewall.yml diff --git a/roles/clawdbot/tasks/main.yml b/roles/openclaw/tasks/main.yml similarity index 100% rename from roles/clawdbot/tasks/main.yml rename to roles/openclaw/tasks/main.yml diff --git a/roles/clawdbot/tasks/nodejs.yml b/roles/openclaw/tasks/nodejs.yml similarity index 100% rename from roles/clawdbot/tasks/nodejs.yml rename to roles/openclaw/tasks/nodejs.yml diff --git a/roles/clawdbot/tasks/system-tools-linux.yml b/roles/openclaw/tasks/system-tools-linux.yml similarity index 100% rename from roles/clawdbot/tasks/system-tools-linux.yml rename to roles/openclaw/tasks/system-tools-linux.yml diff --git a/roles/clawdbot/tasks/system-tools-macos.yml b/roles/openclaw/tasks/system-tools-macos.yml similarity index 100% rename from roles/clawdbot/tasks/system-tools-macos.yml rename to roles/openclaw/tasks/system-tools-macos.yml diff --git a/roles/clawdbot/tasks/system-tools.yml b/roles/openclaw/tasks/system-tools.yml similarity index 100% rename from roles/clawdbot/tasks/system-tools.yml rename to roles/openclaw/tasks/system-tools.yml diff --git a/roles/clawdbot/tasks/tailscale-linux.yml b/roles/openclaw/tasks/tailscale-linux.yml similarity index 100% rename from roles/clawdbot/tasks/tailscale-linux.yml rename to roles/openclaw/tasks/tailscale-linux.yml diff --git a/roles/clawdbot/tasks/tailscale-macos.yml b/roles/openclaw/tasks/tailscale-macos.yml similarity index 100% rename from roles/clawdbot/tasks/tailscale-macos.yml rename to roles/openclaw/tasks/tailscale-macos.yml diff --git a/roles/clawdbot/tasks/tailscale.yml b/roles/openclaw/tasks/tailscale.yml similarity index 100% rename from roles/clawdbot/tasks/tailscale.yml rename to roles/openclaw/tasks/tailscale.yml diff --git a/roles/clawdbot/tasks/user.yml b/roles/openclaw/tasks/user.yml similarity index 100% rename from roles/clawdbot/tasks/user.yml rename to roles/openclaw/tasks/user.yml diff --git a/roles/clawdbot/templates/clawdbot-config.yml.j2 b/roles/openclaw/templates/clawdbot-config.yml.j2 similarity index 100% rename from roles/clawdbot/templates/clawdbot-config.yml.j2 rename to roles/openclaw/templates/clawdbot-config.yml.j2 diff --git a/roles/clawdbot/templates/clawdbot-host.service.j2 b/roles/openclaw/templates/clawdbot-host.service.j2 similarity index 100% rename from roles/clawdbot/templates/clawdbot-host.service.j2 rename to roles/openclaw/templates/clawdbot-host.service.j2 diff --git a/roles/clawdbot/templates/daemon.json.j2 b/roles/openclaw/templates/daemon.json.j2 similarity index 100% rename from roles/clawdbot/templates/daemon.json.j2 rename to roles/openclaw/templates/daemon.json.j2 diff --git a/roles/clawdbot/templates/vimrc.j2 b/roles/openclaw/templates/vimrc.j2 similarity index 100% rename from roles/clawdbot/templates/vimrc.j2 rename to roles/openclaw/templates/vimrc.j2 From c0ac8ade3ef3290a31d64b7a81abca9f804d7455 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:17:58 -0700 Subject: [PATCH 02/16] refactor: rename clawdbot task and template files to openclaw Co-Authored-By: Claude Opus 4.5 --- roles/openclaw/files/{clawdbot-setup.sh => openclaw-setup.sh} | 0 roles/openclaw/tasks/main.yml | 2 +- .../{clawdbot-development.yml => openclaw-development.yml} | 0 .../tasks/{clawdbot-release.yml => openclaw-release.yml} | 0 roles/openclaw/tasks/{clawdbot.yml => openclaw.yml} | 4 ++-- .../{clawdbot-config.yml.j2 => openclaw-config.yml.j2} | 0 .../{clawdbot-host.service.j2 => openclaw-host.service.j2} | 0 7 files changed, 3 insertions(+), 3 deletions(-) rename roles/openclaw/files/{clawdbot-setup.sh => openclaw-setup.sh} (100%) rename roles/openclaw/tasks/{clawdbot-development.yml => openclaw-development.yml} (100%) rename roles/openclaw/tasks/{clawdbot-release.yml => openclaw-release.yml} (100%) rename roles/openclaw/tasks/{clawdbot.yml => openclaw.yml} (96%) rename roles/openclaw/templates/{clawdbot-config.yml.j2 => openclaw-config.yml.j2} (100%) rename roles/openclaw/templates/{clawdbot-host.service.j2 => openclaw-host.service.j2} (100%) diff --git a/roles/openclaw/files/clawdbot-setup.sh b/roles/openclaw/files/openclaw-setup.sh similarity index 100% rename from roles/openclaw/files/clawdbot-setup.sh rename to roles/openclaw/files/openclaw-setup.sh diff --git a/roles/openclaw/tasks/main.yml b/roles/openclaw/tasks/main.yml index 5e6aace..3311323 100644 --- a/roles/openclaw/tasks/main.yml +++ b/roles/openclaw/tasks/main.yml @@ -18,4 +18,4 @@ ansible.builtin.include_tasks: nodejs.yml - name: Include Clawdbot setup tasks - ansible.builtin.include_tasks: clawdbot.yml + ansible.builtin.include_tasks: openclaw.yml diff --git a/roles/openclaw/tasks/clawdbot-development.yml b/roles/openclaw/tasks/openclaw-development.yml similarity index 100% rename from roles/openclaw/tasks/clawdbot-development.yml rename to roles/openclaw/tasks/openclaw-development.yml diff --git a/roles/openclaw/tasks/clawdbot-release.yml b/roles/openclaw/tasks/openclaw-release.yml similarity index 100% rename from roles/openclaw/tasks/clawdbot-release.yml rename to roles/openclaw/tasks/openclaw-release.yml diff --git a/roles/openclaw/tasks/clawdbot.yml b/roles/openclaw/tasks/openclaw.yml similarity index 96% rename from roles/openclaw/tasks/clawdbot.yml rename to roles/openclaw/tasks/openclaw.yml index 86f73b3..d838c99 100644 --- a/roles/openclaw/tasks/clawdbot.yml +++ b/roles/openclaw/tasks/openclaw.yml @@ -50,11 +50,11 @@ # Include appropriate installation method based on mode - name: Include release installation (pnpm install -g) - ansible.builtin.include_tasks: clawdbot-release.yml + ansible.builtin.include_tasks: openclaw-release.yml when: clawdbot_install_mode == "release" - name: Include development installation (git clone + build + link) - ansible.builtin.include_tasks: clawdbot-development.yml + ansible.builtin.include_tasks: openclaw-development.yml when: clawdbot_install_mode == "development" - name: Configure .bashrc for clawdbot user (base config) diff --git a/roles/openclaw/templates/clawdbot-config.yml.j2 b/roles/openclaw/templates/openclaw-config.yml.j2 similarity index 100% rename from roles/openclaw/templates/clawdbot-config.yml.j2 rename to roles/openclaw/templates/openclaw-config.yml.j2 diff --git a/roles/openclaw/templates/clawdbot-host.service.j2 b/roles/openclaw/templates/openclaw-host.service.j2 similarity index 100% rename from roles/openclaw/templates/clawdbot-host.service.j2 rename to roles/openclaw/templates/openclaw-host.service.j2 From ff64dad9173c12493895c37613671c955debc9d9 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:21:55 -0700 Subject: [PATCH 03/16] refactor: rename clawdbot_* variables and system user to openclaw Co-Authored-By: Claude Opus 4.5 --- playbook.yml | 14 +-- roles/openclaw/defaults/main.yml | 36 +++--- roles/openclaw/tasks/docker-linux.yml | 2 +- roles/openclaw/tasks/openclaw-development.yml | 118 +++++++++--------- roles/openclaw/tasks/openclaw-release.yml | 26 ++-- roles/openclaw/tasks/openclaw.yml | 80 ++++++------ roles/openclaw/tasks/system-tools-linux.yml | 32 ++--- roles/openclaw/tasks/system-tools-macos.yml | 16 +-- roles/openclaw/tasks/system-tools.yml | 10 +- roles/openclaw/tasks/user.yml | 88 ++++++------- .../openclaw/templates/openclaw-config.yml.j2 | 26 ++-- .../templates/openclaw-host.service.j2 | 20 +-- 12 files changed, 234 insertions(+), 234 deletions(-) diff --git a/playbook.yml b/playbook.yml index e036a0b..96114b6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -108,11 +108,11 @@ ansible.builtin.command: /tmp/show-lobster.sh changed_when: false - - name: Create one-time welcome message for clawdbot user + - name: Create one-time welcome message for openclaw user ansible.builtin.copy: - dest: /home/clawdbot/.clawdbot-welcome - owner: clawdbot - group: clawdbot + dest: /home/openclaw/.openclaw-welcome + owner: openclaw + group: openclaw mode: '0644' content: | echo "" @@ -184,12 +184,12 @@ echo "" echo "Type 'exit' to return to your previous user" echo "" - rm -f ~/.clawdbot-welcome + rm -f ~/.openclaw-welcome - name: Add welcome message to .bashrc ansible.builtin.lineinfile: - path: /home/clawdbot/.bashrc - line: '[ -f ~/.clawdbot-welcome ] && source ~/.clawdbot-welcome' + path: /home/openclaw/.bashrc + line: '[ -f ~/.openclaw-welcome ] && source ~/.openclaw-welcome' state: present insertafter: EOF diff --git a/roles/openclaw/defaults/main.yml b/roles/openclaw/defaults/main.yml index a5aa8ed..3751e9a 100644 --- a/roles/openclaw/defaults/main.yml +++ b/roles/openclaw/defaults/main.yml @@ -1,5 +1,5 @@ --- -# Clawdbot default variables +# OpenClaw default variables # Tailscale settings tailscale_authkey: "" # Optional: set to auto-connect during installation @@ -7,35 +7,35 @@ tailscale_authkey: "" # Optional: set to auto-connect during installation # Node.js version nodejs_version: "22.x" -# Clawdbot settings -clawdbot_port: 3000 +# OpenClaw settings +openclaw_port: 3000 -# Clawdbot config directory -clawdbot_config_dir: "{{ clawdbot_home }}/.clawdbot" +# OpenClaw config directory +openclaw_config_dir: "{{ openclaw_home }}/.openclaw" # User settings (will be created as system user) -clawdbot_user: clawdbot -clawdbot_home: /home/clawdbot +openclaw_user: openclaw +openclaw_home: /home/openclaw # OS-specific settings (set dynamically in tasks) homebrew_prefix: "{{ '/opt/homebrew' if ansible_os_family == 'Darwin' else '/home/linuxbrew/.linuxbrew' }}" package_manager: "{{ 'brew' if ansible_os_family == 'Darwin' else 'apt' }}" # Installation mode: 'release' or 'development' -# release: Install via pnpm install -g clawdbot@latest +# release: Install via pnpm install -g openclaw@latest # development: Clone repo, build from source, link globally -clawdbot_install_mode: "release" +openclaw_install_mode: "release" -# Development mode settings (only used when clawdbot_install_mode: development) -clawdbot_repo_url: "https://github.com/clawdbot/clawdbot.git" -clawdbot_repo_branch: "main" -clawdbot_code_dir: "{{ clawdbot_home }}/code" -clawdbot_repo_dir: "{{ clawdbot_code_dir }}/clawdbot" +# Development mode settings (only used when openclaw_install_mode: development) +openclaw_repo_url: "https://github.com/openclaw/openclaw.git" +openclaw_repo_branch: "main" +openclaw_code_dir: "{{ openclaw_home }}/code" +openclaw_repo_dir: "{{ openclaw_code_dir }}/openclaw" -# SSH keys for clawdbot user -# Add your public SSH keys here to allow SSH access as clawdbot user +# SSH keys for openclaw user +# Add your public SSH keys here to allow SSH access as openclaw user # Example: -# clawdbot_ssh_keys: +# openclaw_ssh_keys: # - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx user@host" # - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxxxxxxxxxxxxxxxxxxxxxxx user@host" -clawdbot_ssh_keys: [] +openclaw_ssh_keys: [] diff --git a/roles/openclaw/tasks/docker-linux.yml b/roles/openclaw/tasks/docker-linux.yml index 9e59853..b66a7a2 100644 --- a/roles/openclaw/tasks/docker-linux.yml +++ b/roles/openclaw/tasks/docker-linux.yml @@ -61,7 +61,7 @@ - name: Add user to docker group ansible.builtin.user: - name: "{{ clawdbot_user }}" + name: "{{ openclaw_user }}" groups: docker append: true diff --git a/roles/openclaw/tasks/openclaw-development.yml b/roles/openclaw/tasks/openclaw-development.yml index 7e52b40..ac06845 100644 --- a/roles/openclaw/tasks/openclaw-development.yml +++ b/roles/openclaw/tasks/openclaw-development.yml @@ -3,68 +3,68 @@ - name: Create code directory ansible.builtin.file: - path: "{{ clawdbot_code_dir }}" + path: "{{ openclaw_code_dir }}" state: directory - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: '0755' -- name: Check if clawdbot repository already exists +- name: Check if openclaw repository already exists ansible.builtin.stat: - path: "{{ clawdbot_repo_dir }}/.git" - register: clawdbot_repo_exists + path: "{{ openclaw_repo_dir }}/.git" + register: openclaw_repo_exists -- name: Clone clawdbot repository +- name: Clone openclaw repository ansible.builtin.git: - repo: "{{ clawdbot_repo_url }}" - dest: "{{ clawdbot_repo_dir }}" - version: "{{ clawdbot_repo_branch }}" + repo: "{{ openclaw_repo_url }}" + dest: "{{ openclaw_repo_dir }}" + version: "{{ openclaw_repo_branch }}" update: true become: true - become_user: "{{ clawdbot_user }}" - when: not clawdbot_repo_exists.stat.exists + become_user: "{{ openclaw_user }}" + when: not openclaw_repo_exists.stat.exists - name: Pull latest changes if repo exists ansible.builtin.git: - repo: "{{ clawdbot_repo_url }}" - dest: "{{ clawdbot_repo_dir }}" - version: "{{ clawdbot_repo_branch }}" + repo: "{{ openclaw_repo_url }}" + dest: "{{ openclaw_repo_dir }}" + version: "{{ openclaw_repo_branch }}" update: true become: true - become_user: "{{ clawdbot_user }}" - when: clawdbot_repo_exists.stat.exists + become_user: "{{ openclaw_user }}" + when: openclaw_repo_exists.stat.exists register: git_pull_result - name: Display git pull status ansible.builtin.debug: msg: "Git repository updated: {{ git_pull_result.changed | default(false) }}" - when: clawdbot_repo_exists.stat.exists + when: openclaw_repo_exists.stat.exists - name: Install dependencies with pnpm ansible.builtin.shell: cmd: pnpm install - chdir: "{{ clawdbot_repo_dir }}" + chdir: "{{ openclaw_repo_dir }}" executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" + become_user: "{{ openclaw_user }}" environment: - PNPM_HOME: "{{ clawdbot_home }}/.local/share/pnpm" - PATH: "{{ clawdbot_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" - HOME: "{{ clawdbot_home }}" + PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" + PATH: "{{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" + HOME: "{{ openclaw_home }}" register: pnpm_install_result changed_when: "'Already up to date' not in pnpm_install_result.stdout" -- name: Build clawdbot from source +- name: Build openclaw from source ansible.builtin.shell: cmd: pnpm build - chdir: "{{ clawdbot_repo_dir }}" + chdir: "{{ openclaw_repo_dir }}" executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" + become_user: "{{ openclaw_user }}" environment: - PNPM_HOME: "{{ clawdbot_home }}/.local/share/pnpm" - PATH: "{{ clawdbot_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" - HOME: "{{ clawdbot_home }}" + PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" + PATH: "{{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" + HOME: "{{ openclaw_home }}" register: pnpm_build_result changed_when: true # Build always changes dist/ directory @@ -75,7 +75,7 @@ - name: Check if dist directory exists ansible.builtin.stat: - path: "{{ clawdbot_repo_dir }}/dist" + path: "{{ openclaw_repo_dir }}/dist" register: dist_dir - name: Fail if build didn't create dist directory @@ -83,58 +83,58 @@ msg: "Build failed - dist directory not found" when: not dist_dir.stat.exists -- name: Remove existing global clawdbot symlink (if any) +- name: Remove existing global openclaw symlink (if any) ansible.builtin.file: - path: "{{ clawdbot_home }}/.local/bin/clawdbot" + path: "{{ openclaw_home }}/.local/bin/clawdbot" state: absent -- name: Create symlink to clawdbot binary +- name: Create symlink to openclaw binary ansible.builtin.file: - src: "{{ clawdbot_repo_dir }}/bin/clawdbot.js" - dest: "{{ clawdbot_home }}/.local/bin/clawdbot" + src: "{{ openclaw_repo_dir }}/bin/clawdbot.js" + dest: "{{ openclaw_home }}/.local/bin/clawdbot" state: link - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" force: true -- name: Make clawdbot binary executable +- name: Make openclaw binary executable ansible.builtin.file: - path: "{{ clawdbot_repo_dir }}/bin/clawdbot.js" + path: "{{ openclaw_repo_dir }}/bin/clawdbot.js" mode: '0755' - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" -- name: Verify clawdbot installation from development build +- name: Verify openclaw installation from development build ansible.builtin.shell: - cmd: "{{ clawdbot_home }}/.local/bin/clawdbot --version" + cmd: "{{ openclaw_home }}/.local/bin/clawdbot --version" executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" + become_user: "{{ openclaw_user }}" environment: - PATH: "{{ clawdbot_home }}/.local/bin:/usr/local/bin:/usr/bin:/bin" - register: clawdbot_dev_version + PATH: "{{ openclaw_home }}/.local/bin:/usr/local/bin:/usr/bin:/bin" + register: openclaw_dev_version changed_when: false -- name: Display installed Clawdbot version (development build) +- name: Display installed OpenClaw version (development build) ansible.builtin.debug: msg: | - ✅ Clawdbot installed from source: {{ clawdbot_dev_version.stdout }} - 📂 Repository: {{ clawdbot_repo_dir }} - 🔗 Binary: {{ clawdbot_home }}/.local/bin/clawdbot -> {{ clawdbot_repo_dir }}/bin/clawdbot.js + OpenClaw installed from source: {{ openclaw_dev_version.stdout }} + Repository: {{ openclaw_repo_dir }} + Binary: {{ openclaw_home }}/.local/bin/clawdbot -> {{ openclaw_repo_dir }}/bin/clawdbot.js - name: Add development mode info to .bashrc ansible.builtin.blockinfile: - path: "{{ clawdbot_home }}/.bashrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - Clawdbot development" + path: "{{ openclaw_home }}/.bashrc" + marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw development" block: | - # Clawdbot development mode - export CLAWDBOT_DEV_DIR="{{ clawdbot_repo_dir }}" + # OpenClaw development mode + export CLAWDBOT_DEV_DIR="{{ openclaw_repo_dir }}" # Aliases for development - alias clawdbot-rebuild='cd {{ clawdbot_repo_dir }} && pnpm build' - alias clawdbot-dev='cd {{ clawdbot_repo_dir }}' - alias clawdbot-pull='cd {{ clawdbot_repo_dir }} && git pull && pnpm install && pnpm build' + alias clawdbot-rebuild='cd {{ openclaw_repo_dir }} && pnpm build' + alias clawdbot-dev='cd {{ openclaw_repo_dir }}' + alias clawdbot-pull='cd {{ openclaw_repo_dir }} && git pull && pnpm install && pnpm build' create: true - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: '0644' diff --git a/roles/openclaw/tasks/openclaw-release.yml b/roles/openclaw/tasks/openclaw-release.yml index 72d081c..e43f44a 100644 --- a/roles/openclaw/tasks/openclaw-release.yml +++ b/roles/openclaw/tasks/openclaw-release.yml @@ -1,28 +1,28 @@ --- # Release mode installation - Install via pnpm from npm registry -- name: Install Clawdbot globally as clawdbot user (using pnpm) +- name: Install OpenClaw globally as openclaw user (using pnpm) ansible.builtin.shell: cmd: pnpm install -g clawdbot@latest executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" + become_user: "{{ openclaw_user }}" environment: - PNPM_HOME: "{{ clawdbot_home }}/.local/share/pnpm" - PATH: "{{ clawdbot_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" - HOME: "{{ clawdbot_home }}" - register: clawdbot_install - changed_when: "'Already up to date' not in clawdbot_install.stdout" + PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" + PATH: "{{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" + HOME: "{{ openclaw_home }}" + register: openclaw_install + changed_when: "'Already up to date' not in openclaw_install.stdout" -- name: Verify clawdbot installation +- name: Verify openclaw installation ansible.builtin.shell: - cmd: "{{ clawdbot_home }}/.local/bin/clawdbot --version" + cmd: "{{ openclaw_home }}/.local/bin/clawdbot --version" executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" - register: clawdbot_version + become_user: "{{ openclaw_user }}" + register: openclaw_version changed_when: false -- name: Display installed Clawdbot version (release) +- name: Display installed OpenClaw version (release) ansible.builtin.debug: - msg: "✅ Clawdbot installed from npm: {{ clawdbot_version.stdout }}" + msg: "OpenClaw installed from npm: {{ openclaw_version.stdout }}" diff --git a/roles/openclaw/tasks/openclaw.yml b/roles/openclaw/tasks/openclaw.yml index d838c99..523feed 100644 --- a/roles/openclaw/tasks/openclaw.yml +++ b/roles/openclaw/tasks/openclaw.yml @@ -1,90 +1,90 @@ --- -- name: Create Clawdbot directories (structure only, no config files) +- name: Create OpenClaw directories (structure only, no config files) ansible.builtin.file: path: "{{ item.path }}" state: directory - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: "{{ item.mode }}" loop: - - { path: "{{ clawdbot_config_dir }}", mode: '0755' } - - { path: "{{ clawdbot_config_dir }}/sessions", mode: '0755' } - - { path: "{{ clawdbot_config_dir }}/credentials", mode: '0700' } - - { path: "{{ clawdbot_config_dir }}/data", mode: '0755' } - - { path: "{{ clawdbot_config_dir }}/logs", mode: '0755' } + - { path: "{{ openclaw_config_dir }}", mode: '0755' } + - { path: "{{ openclaw_config_dir }}/sessions", mode: '0755' } + - { path: "{{ openclaw_config_dir }}/credentials", mode: '0700' } + - { path: "{{ openclaw_config_dir }}/data", mode: '0755' } + - { path: "{{ openclaw_config_dir }}/logs", mode: '0755' } - name: Create pnpm directories ansible.builtin.file: path: "{{ item }}" state: directory - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: '0755' loop: - - "{{ clawdbot_home }}/.local/share/pnpm" - - "{{ clawdbot_home }}/.local/share/pnpm/store" - - "{{ clawdbot_home }}/.local/bin" + - "{{ openclaw_home }}/.local/share/pnpm" + - "{{ openclaw_home }}/.local/share/pnpm/store" + - "{{ openclaw_home }}/.local/bin" - name: Ensure pnpm directories have correct ownership ansible.builtin.file: - path: "{{ clawdbot_home }}/.local/share/pnpm" + path: "{{ openclaw_home }}/.local/share/pnpm" state: directory - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" recurse: true mode: '0755' -- name: Configure pnpm for clawdbot user +- name: Configure pnpm for openclaw user ansible.builtin.shell: cmd: | - pnpm config set global-dir {{ clawdbot_home }}/.local/share/pnpm - pnpm config set global-bin-dir {{ clawdbot_home }}/.local/bin + pnpm config set global-dir {{ openclaw_home }}/.local/share/pnpm + pnpm config set global-bin-dir {{ openclaw_home }}/.local/bin executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" + become_user: "{{ openclaw_user }}" changed_when: true # Always consider changed as pnpm config may update - name: Display installation mode ansible.builtin.debug: - msg: "📦 Installation mode: {{ clawdbot_install_mode }}" + msg: "Installation mode: {{ openclaw_install_mode }}" # Include appropriate installation method based on mode - name: Include release installation (pnpm install -g) ansible.builtin.include_tasks: openclaw-release.yml - when: clawdbot_install_mode == "release" + when: openclaw_install_mode == "release" - name: Include development installation (git clone + build + link) ansible.builtin.include_tasks: openclaw-development.yml - when: clawdbot_install_mode == "development" + when: openclaw_install_mode == "development" -- name: Configure .bashrc for clawdbot user (base config) +- name: Configure .bashrc for openclaw user (base config) ansible.builtin.blockinfile: - path: "{{ clawdbot_home }}/.bashrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - Clawdbot pnpm" + path: "{{ openclaw_home }}/.bashrc" + marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw pnpm" block: | # pnpm configuration - export PNPM_HOME="{{ clawdbot_home }}/.local/share/pnpm" - export PATH="{{ clawdbot_home }}/.local/bin:$PNPM_HOME:$PATH" + export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" + export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" create: true - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: '0644' insertafter: EOF -# NOTE: We do NOT create config.yml here - clawdbot onboard/configure will do that -# We also do NOT install the systemd service - clawdbot onboard --install-daemon will do that -# The .clawdbot directory structure is created above, but config and daemon are user-initiated +# NOTE: We do NOT create config.yml here - openclaw onboard/configure will do that +# We also do NOT install the systemd service - openclaw onboard --install-daemon will do that +# The .openclaw directory structure is created above, but config and daemon are user-initiated - name: Display configuration note ansible.builtin.debug: msg: | - ℹ️ Clawdbot is installed but NOT configured yet. + OpenClaw is installed but NOT configured yet. - Next steps (run as clawdbot user): - 1. Switch user: sudo su - clawdbot - 2. Run onboarding: clawdbot onboard --install-daemon + Next steps (run as openclaw user): + 1. Switch user: sudo su - openclaw + 2. Run onboarding: openclaw onboard --install-daemon This will: - • Create configuration files (~/.clawdbot/clawdbot.json) - • Guide you through provider setup - • Install and start the daemon service automatically + - Create configuration files (~/.openclaw/openclaw.json) + - Guide you through provider setup + - Install and start the daemon service automatically diff --git a/roles/openclaw/tasks/system-tools-linux.yml b/roles/openclaw/tasks/system-tools-linux.yml index a13c9ec..91d5584 100644 --- a/roles/openclaw/tasks/system-tools-linux.yml +++ b/roles/openclaw/tasks/system-tools-linux.yml @@ -46,9 +46,9 @@ state: present update_cache: true -- name: Set zsh as default shell for clawdbot user (Linux) +- name: Set zsh as default shell for openclaw user (Linux) ansible.builtin.user: - name: "{{ clawdbot_user }}" + name: "{{ openclaw_user }}" shell: /usr/bin/zsh - name: Deploy global vim configuration (Linux) @@ -59,10 +59,10 @@ group: root mode: '0644' -- name: Configure .bashrc for clawdbot user (Linux) +- name: Configure .bashrc for openclaw user (Linux) ansible.builtin.blockinfile: - path: "{{ clawdbot_home }}/.bashrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - Clawdbot config" + path: "{{ openclaw_home }}/.bashrc" + marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" block: | # Enable 256 colors export TERM=xterm-256color @@ -72,8 +72,8 @@ eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" # Add pnpm to PATH - export PNPM_HOME="{{ clawdbot_home }}/.local/share/pnpm" - export PATH="{{ clawdbot_home }}/.local/bin:$PNPM_HOME:$PATH" + export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" + export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" # Color support for common tools export CLICOLOR=1 @@ -84,14 +84,14 @@ alias grep='grep --color=auto' alias ll='ls -lah' create: true - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: '0644' -- name: Configure .zshrc for clawdbot user (Linux) +- name: Configure .zshrc for openclaw user (Linux) ansible.builtin.blockinfile: - path: "{{ clawdbot_home }}/.zshrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - Clawdbot config" + path: "{{ openclaw_home }}/.zshrc" + marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" block: | # Enable 256 colors export TERM=xterm-256color @@ -101,8 +101,8 @@ eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" # Add pnpm to PATH - export PNPM_HOME="{{ clawdbot_home }}/.local/share/pnpm" - export PATH="{{ clawdbot_home }}/.local/bin:$PNPM_HOME:$PATH" + export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" + export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" # Color support for common tools export CLICOLOR=1 @@ -113,6 +113,6 @@ alias grep='grep --color=auto' alias ll='ls -lah' create: true - owner: "{{ clawdbot_user }}" - group: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" mode: '0644' diff --git a/roles/openclaw/tasks/system-tools-macos.yml b/roles/openclaw/tasks/system-tools-macos.yml index 0cbd47d..36c23be 100644 --- a/roles/openclaw/tasks/system-tools-macos.yml +++ b/roles/openclaw/tasks/system-tools-macos.yml @@ -32,20 +32,20 @@ PATH: "/opt/homebrew/bin:{{ ansible_env.PATH }}" - name: Get current user shell (macOS) - ansible.builtin.command: dscl . -read /Users/{{ clawdbot_user }} UserShell + ansible.builtin.command: dscl . -read /Users/{{ openclaw_user }} UserShell register: current_shell changed_when: false failed_when: false -- name: Set zsh as default shell for clawdbot user (macOS) - ansible.builtin.command: chsh -s /bin/zsh {{ clawdbot_user }} +- name: Set zsh as default shell for openclaw user (macOS) + ansible.builtin.command: chsh -s /bin/zsh {{ openclaw_user }} when: "'/bin/zsh' not in current_shell.stdout" changed_when: true -- name: Configure .zshrc for clawdbot user (macOS) +- name: Configure .zshrc for openclaw user (macOS) ansible.builtin.blockinfile: - path: "{{ clawdbot_home }}/.zshrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - Clawdbot config" + path: "{{ openclaw_home }}/.zshrc" + marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" block: | # Enable 256 colors export TERM=xterm-256color @@ -55,7 +55,7 @@ eval "$(/opt/homebrew/bin/brew shellenv)" # Add pnpm to PATH - export PATH="{{ clawdbot_home }}/.local/bin:$PATH" + export PATH="{{ openclaw_home }}/.local/bin:$PATH" # Color support for common tools export CLICOLOR=1 @@ -66,5 +66,5 @@ alias grep='grep --color=auto' alias ll='ls -lah' create: true - owner: "{{ clawdbot_user }}" + owner: "{{ openclaw_user }}" mode: '0644' diff --git a/roles/openclaw/tasks/system-tools.yml b/roles/openclaw/tasks/system-tools.yml index 365cc03..11a78ed 100644 --- a/roles/openclaw/tasks/system-tools.yml +++ b/roles/openclaw/tasks/system-tools.yml @@ -16,17 +16,17 @@ # Common tasks for all operating systems -- name: Install oh-my-zsh for clawdbot user +- name: Install oh-my-zsh for openclaw user ansible.builtin.shell: cmd: | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended - creates: "{{ clawdbot_home }}/.oh-my-zsh" + creates: "{{ openclaw_home }}/.oh-my-zsh" executable: /bin/bash become: true - become_user: "{{ clawdbot_user }}" + become_user: "{{ openclaw_user }}" environment: - HOME: "{{ clawdbot_home }}" - USER: "{{ clawdbot_user }}" + HOME: "{{ openclaw_home }}" + USER: "{{ openclaw_user }}" - name: Configure git globally community.general.git_config: diff --git a/roles/openclaw/tasks/user.yml b/roles/openclaw/tasks/user.yml index f1ecf86..fc13449 100644 --- a/roles/openclaw/tasks/user.yml +++ b/roles/openclaw/tasks/user.yml @@ -1,102 +1,102 @@ --- -- name: Create clawdbot system user +- name: Create openclaw system user ansible.builtin.user: - name: clawdbot - comment: "Clawdbot Service User" + name: openclaw + comment: "OpenClaw Service User" system: true shell: /bin/bash create_home: true - home: /home/clawdbot + home: /home/openclaw state: present -- name: Add clawdbot user to sudoers with NOPASSWD +- name: Add openclaw user to sudoers with NOPASSWD ansible.builtin.copy: - dest: /etc/sudoers.d/clawdbot + dest: /etc/sudoers.d/openclaw mode: '0440' owner: root group: root content: | - # Allow clawdbot user to run sudo without password - clawdbot ALL=(ALL) NOPASSWD: ALL + # Allow openclaw user to run sudo without password + openclaw ALL=(ALL) NOPASSWD: ALL validate: /usr/sbin/visudo -cf %s -- name: Set clawdbot user as primary user for installation +- name: Set openclaw user as primary user for installation ansible.builtin.set_fact: - clawdbot_user: clawdbot - clawdbot_home: /home/clawdbot + openclaw_user: openclaw + openclaw_home: /home/openclaw # Fix DBus issues for systemd user services -- name: Get clawdbot user ID - ansible.builtin.command: id -u clawdbot - register: clawdbot_uid +- name: Get openclaw user ID + ansible.builtin.command: id -u openclaw + register: openclaw_uid changed_when: false when: ansible_os_family == 'Debian' -- name: Display clawdbot user ID +- name: Display openclaw user ID ansible.builtin.debug: - msg: "Clawdbot user ID: {{ clawdbot_uid.stdout }}" + msg: "OpenClaw user ID: {{ openclaw_uid.stdout }}" when: ansible_os_family == 'Debian' -- name: Enable lingering for clawdbot user (allows systemd user services without login) - ansible.builtin.command: loginctl enable-linger clawdbot +- name: Enable lingering for openclaw user (allows systemd user services without login) + ansible.builtin.command: loginctl enable-linger openclaw changed_when: false when: ansible_os_family == 'Debian' -- name: Create runtime directory for clawdbot user +- name: Create runtime directory for openclaw user ansible.builtin.file: - path: "/run/user/{{ clawdbot_uid.stdout }}" + path: "/run/user/{{ openclaw_uid.stdout }}" state: directory - owner: clawdbot - group: clawdbot + owner: openclaw + group: openclaw mode: '0700' when: ansible_os_family == 'Debian' -- name: Store clawdbot UID as fact for later use +- name: Store openclaw UID as fact for later use ansible.builtin.set_fact: - clawdbot_uid_value: "{{ clawdbot_uid.stdout }}" + openclaw_uid_value: "{{ openclaw_uid.stdout }}" when: ansible_os_family == 'Debian' # SSH key configuration -- name: Create .ssh directory for clawdbot user +- name: Create .ssh directory for openclaw user ansible.builtin.file: - path: "{{ clawdbot_home }}/.ssh" + path: "{{ openclaw_home }}/.ssh" state: directory - owner: clawdbot - group: clawdbot + owner: openclaw + group: openclaw mode: '0700' -- name: Add SSH authorized keys for clawdbot user +- name: Add SSH authorized keys for openclaw user ansible.builtin.authorized_key: - user: clawdbot + user: openclaw state: present key: "{{ item }}" - loop: "{{ clawdbot_ssh_keys }}" - when: clawdbot_ssh_keys | length > 0 + loop: "{{ openclaw_ssh_keys }}" + when: openclaw_ssh_keys | length > 0 - name: Display SSH key configuration status ansible.builtin.debug: - msg: "✅ {{ clawdbot_ssh_keys | length }} SSH key(s) configured for clawdbot user" - when: clawdbot_ssh_keys | length > 0 + msg: "{{ openclaw_ssh_keys | length }} SSH key(s) configured for openclaw user" + when: openclaw_ssh_keys | length > 0 - name: Display SSH key warning if none configured ansible.builtin.debug: - msg: "⚠️ No SSH keys configured. Set 'clawdbot_ssh_keys' variable to allow SSH access." - when: clawdbot_ssh_keys | length == 0 + msg: "No SSH keys configured. Set 'openclaw_ssh_keys' variable to allow SSH access." + when: openclaw_ssh_keys | length == 0 -- name: Set XDG_RUNTIME_DIR in .bashrc for clawdbot user +- name: Set XDG_RUNTIME_DIR in .bashrc for openclaw user ansible.builtin.lineinfile: - path: /home/clawdbot/.bashrc + path: /home/openclaw/.bashrc line: 'export XDG_RUNTIME_DIR=/run/user/$(id -u)' state: present create: true - owner: clawdbot - group: clawdbot + owner: openclaw + group: openclaw mode: '0644' when: ansible_os_family == 'Debian' -- name: Set DBUS_SESSION_BUS_ADDRESS in .bashrc for clawdbot user +- name: Set DBUS_SESSION_BUS_ADDRESS in .bashrc for openclaw user ansible.builtin.blockinfile: - path: /home/clawdbot/.bashrc + path: /home/openclaw/.bashrc marker: "# {mark} ANSIBLE MANAGED BLOCK - DBus config" block: | # DBus session bus configuration @@ -106,7 +106,7 @@ fi fi create: true - owner: clawdbot - group: clawdbot + owner: openclaw + group: openclaw mode: '0644' when: ansible_os_family == 'Debian' diff --git a/roles/openclaw/templates/openclaw-config.yml.j2 b/roles/openclaw/templates/openclaw-config.yml.j2 index 98cfd33..8d3f0ab 100644 --- a/roles/openclaw/templates/openclaw-config.yml.j2 +++ b/roles/openclaw/templates/openclaw-config.yml.j2 @@ -1,4 +1,4 @@ -# Clawdbot Configuration Template +# OpenClaw Configuration Template # Generated by Ansible on {{ ansible_date_time.iso8601 }} # # For full documentation, visit: https://docs.clawd.bot/configuration @@ -11,12 +11,12 @@ provider: whatsapp whatsapp: # Phone number in international format (e.g., +4366412345678) phone: "" - + # Telegram Configuration (if using telegram provider) telegram: # Telegram bot token from @BotFather token: "" - + # Signal Configuration (if using signal provider) signal: # Signal phone number @@ -26,22 +26,22 @@ signal: ai: # Model provider: anthropic, openai provider: anthropic - + # API Keys (set as environment variables or here) # anthropic_api_key: "" # openai_api_key: "" - + # Model selection model: claude-3-5-sonnet-20241022 - + # Max tokens per response max_tokens: 4096 # Gateway Settings gateway: # Port for web interface - port: {{ clawdbot_port }} - + port: {{ openclaw_port }} + # Enable web UI web_ui: true @@ -49,16 +49,16 @@ gateway: logging: # Log level: debug, info, warn, error level: info - + # Log file location - file: {{ clawdbot_config_dir }}/clawdbot.log + file: {{ openclaw_config_dir }}/openclaw.log # Security security: # Allowed phone numbers (whitelist) # Leave empty to allow all allowed_numbers: [] - + # Rate limiting rate_limit: enabled: true @@ -68,9 +68,9 @@ security: advanced: # Session timeout in minutes session_timeout: 60 - + # Auto-reconnect on disconnect auto_reconnect: true - + # Keep-alive interval in seconds keep_alive_interval: 30 diff --git a/roles/openclaw/templates/openclaw-host.service.j2 b/roles/openclaw/templates/openclaw-host.service.j2 index 850cca4..ea2700f 100644 --- a/roles/openclaw/templates/openclaw-host.service.j2 +++ b/roles/openclaw/templates/openclaw-host.service.j2 @@ -1,25 +1,25 @@ [Unit] -Description=Clawdbot WhatsApp Gateway +Description=OpenClaw WhatsApp Gateway After=network.target docker.service Requires=docker.service [Service] Type=simple -User={{ clawdbot_user }} -Group={{ clawdbot_user }} -WorkingDirectory={{ clawdbot_home }} +User={{ openclaw_user }} +Group={{ openclaw_user }} +WorkingDirectory={{ openclaw_home }} # Environment variables -Environment="PATH={{ clawdbot_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/usr/local/bin:/usr/bin:/bin" -Environment="PNPM_HOME={{ clawdbot_home }}/.local/share/pnpm" -Environment="HOME={{ clawdbot_home }}" +Environment="PATH={{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/usr/local/bin:/usr/bin:/bin" +Environment="PNPM_HOME={{ openclaw_home }}/.local/share/pnpm" +Environment="HOME={{ openclaw_home }}" Environment="XDG_RUNTIME_DIR=/run/user/1000" # DBus session bus Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus" # Start command -ExecStart={{ clawdbot_home }}/.local/bin/clawdbot gateway +ExecStart={{ openclaw_home }}/.local/bin/clawdbot gateway # Restart policy Restart=always @@ -30,12 +30,12 @@ NoNewPrivileges=true PrivateTmp=true ProtectSystem=strict ProtectHome=read-only -ReadWritePaths={{ clawdbot_home }}/.clawdbot +ReadWritePaths={{ openclaw_home }}/.openclaw # Logging StandardOutput=journal StandardError=journal -SyslogIdentifier=clawdbot +SyslogIdentifier=openclaw [Install] WantedBy=multi-user.target From 1e31e95d149873a6dc3ecd065d40125e23d2dfdf Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:25:23 -0700 Subject: [PATCH 04/16] refactor: update npm package from clawdbot to openclaw Co-Authored-By: Claude Opus 4.5 --- playbook.yml | 32 +++++++------- roles/openclaw/files/openclaw-setup.sh | 42 +++++++++---------- roles/openclaw/tasks/openclaw-development.yml | 20 ++++----- roles/openclaw/tasks/openclaw-release.yml | 4 +- .../templates/openclaw-host.service.j2 | 2 +- run-playbook.sh | 10 ++--- 6 files changed, 55 insertions(+), 55 deletions(-) diff --git a/playbook.yml b/playbook.yml index 96114b6..defe440 100644 --- a/playbook.yml +++ b/playbook.yml @@ -117,7 +117,7 @@ content: | echo "" echo "╔════════════════════════════════════════════════════════╗" - echo "║ 📋 Clawdbot Setup - Next Steps ║" + echo "║ 📋 OpenClaw Setup - Next Steps ║" echo "╚════════════════════════════════════════════════════════╝" echo "" echo "You are: $(whoami)@$(hostname)" @@ -128,13 +128,13 @@ echo " ✓ XDG_RUNTIME_DIR: ${XDG_RUNTIME_DIR:-not set}" echo " ✓ DBUS_SESSION_BUS_ADDRESS: ${DBUS_SESSION_BUS_ADDRESS:-not set}" echo " ✓ Homebrew: $(which brew 2>/dev/null || echo 'not found')" - echo " ✓ Clawdbot: $(clawdbot --version 2>/dev/null || echo 'not found')" + echo " ✓ OpenClaw: $(openclaw --version 2>/dev/null || echo 'not found')" echo "" echo "────────────────────────────────────────────────────────" echo "🚀 Quick Start - Run This Command:" echo "────────────────────────────────────────────────────────" echo "" - echo " clawdbot onboard --install-daemon" + echo " openclaw onboard --install-daemon" echo "" echo "This will:" echo " • Guide you through the setup wizard" @@ -146,32 +146,32 @@ echo "────────────────────────────────────────────────────────" echo "" echo "1️⃣ Interactive onboarding (recommended):" - echo " clawdbot onboard --install-daemon" + echo " openclaw onboard --install-daemon" echo "" echo "2️⃣ Manual configuration:" - echo " clawdbot configure" - echo " nano ~/.clawdbot/clawdbot.json" + echo " openclaw configure" + echo " nano ~/.openclaw/openclaw.json" echo "" echo "3️⃣ Login to messaging provider:" - echo " clawdbot providers login" + echo " openclaw providers login" echo "" echo "4️⃣ Test the gateway:" - echo " clawdbot gateway" + echo " openclaw gateway" echo "" echo "5️⃣ Install as daemon (if not using onboard):" - echo " clawdbot daemon install" - echo " clawdbot daemon start" + echo " openclaw daemon install" + echo " openclaw daemon start" echo "" echo "────────────────────────────────────────────────────────" echo "🔧 Useful Commands:" echo "────────────────────────────────────────────────────────" echo "" - echo " • View logs: clawdbot logs" - echo " • Check status: clawdbot status" - echo " • Stop daemon: clawdbot daemon stop" - echo " • Restart daemon: clawdbot daemon restart" - echo " • Troubleshoot: clawdbot doctor" - echo " • List agents: clawdbot agents list" + echo " • View logs: openclaw logs" + echo " • Check status: openclaw status" + echo " • Stop daemon: openclaw daemon stop" + echo " • Restart daemon: openclaw daemon restart" + echo " • Troubleshoot: openclaw doctor" + echo " • List agents: openclaw agents list" echo "" echo "────────────────────────────────────────────────────────" echo "🌐 Connect Tailscale VPN (optional):" diff --git a/roles/openclaw/files/openclaw-setup.sh b/roles/openclaw/files/openclaw-setup.sh index c2eadc2..0da2362 100644 --- a/roles/openclaw/files/openclaw-setup.sh +++ b/roles/openclaw/files/openclaw-setup.sh @@ -13,12 +13,12 @@ BLUE='\033[0;34m' CYAN='\033[0;36m' NC='\033[0m' # No Color -# Clawdbot ASCII Art Lobster +# OpenClaw ASCII Art Lobster cat << 'LOBSTER' [0;36m +====================================================+ | | - | [0;33mWelcome to Clawdbot! [0;31m🦞[0;36m | + | [0;33mWelcome to OpenClaw! [0;31m🦞[0;36m | | | |[0;31m ,.---._ [0;36m| |[0;31m ,,,, / `, [0;36m| @@ -45,19 +45,19 @@ echo " - UFW Firewall: ENABLED" echo " - Open Ports: SSH (22) + Tailscale (41641/udp)" echo " - Docker isolation: ACTIVE" echo "" -echo -e "📚 Documentation: ${GREEN}https://docs.clawd.bot${NC}" +echo -e "📚 Documentation: ${GREEN}https://docs.openclaw.ai${NC}" echo "" -# Switch to clawdbot user for setup -echo -e "${YELLOW}Switching to clawdbot user for setup...${NC}" +# Switch to openclaw user for setup +echo -e "${YELLOW}Switching to openclaw user for setup...${NC}" echo "" echo "DEBUG: About to create init script..." # Create init script that will be sourced on login -cat > /home/clawdbot/.clawdbot-init << 'INIT_EOF' +cat > /home/openclaw/.openclaw-init << 'INIT_EOF' # Display welcome message echo "============================================" -echo "📋 Clawdbot Setup - Next Steps" +echo "📋 OpenClaw Setup - Next Steps" echo "============================================" echo "" echo "You are now: $(whoami)@$(hostname)" @@ -65,19 +65,19 @@ echo "Home: $HOME" echo "" echo "🔧 Setup Commands:" echo "" -echo "1. Configure Clawdbot:" -echo " nano ~/.clawdbot/config.yml" +echo "1. Configure OpenClaw:" +echo " nano ~/.openclaw/config.yml" echo "" echo "2. Login to provider (WhatsApp/Telegram/Signal):" -echo " clawdbot login" +echo " openclaw login" echo "" echo "3. Test gateway:" -echo " clawdbot gateway" +echo " openclaw gateway" echo "" echo "4. Exit and manage as service:" echo " exit" -echo " sudo systemctl status clawdbot" -echo " sudo journalctl -u clawdbot -f" +echo " sudo systemctl status openclaw" +echo " sudo journalctl -u openclaw -f" echo "" echo "5. Connect Tailscale (as root):" echo " exit" @@ -89,18 +89,18 @@ echo "Type 'exit' to return to previous user" echo "" # Remove this init file after first login -rm -f ~/.clawdbot-init +rm -f ~/.openclaw-init INIT_EOF -chown clawdbot:clawdbot /home/clawdbot/.clawdbot-init +chown openclaw:openclaw /home/openclaw/.openclaw-init # Add one-time sourcing to .bashrc if not already there -grep -q '.clawdbot-init' /home/clawdbot/.bashrc 2>/dev/null || { - echo '' >> /home/clawdbot/.bashrc - echo '# One-time setup message' >> /home/clawdbot/.bashrc - echo '[ -f ~/.clawdbot-init ] && source ~/.clawdbot-init' >> /home/clawdbot/.bashrc +grep -q '.openclaw-init' /home/openclaw/.bashrc 2>/dev/null || { + echo '' >> /home/openclaw/.bashrc + echo '# One-time setup message' >> /home/openclaw/.bashrc + echo '[ -f ~/.openclaw-init ] && source ~/.openclaw-init' >> /home/openclaw/.bashrc } -# Switch to clawdbot user with explicit interactive shell +# Switch to openclaw user with explicit interactive shell # Using setsid to create new session + force pseudo-terminal allocation -exec sudo -i -u clawdbot /bin/bash --login +exec sudo -i -u openclaw /bin/bash --login diff --git a/roles/openclaw/tasks/openclaw-development.yml b/roles/openclaw/tasks/openclaw-development.yml index ac06845..a7b5c93 100644 --- a/roles/openclaw/tasks/openclaw-development.yml +++ b/roles/openclaw/tasks/openclaw-development.yml @@ -85,13 +85,13 @@ - name: Remove existing global openclaw symlink (if any) ansible.builtin.file: - path: "{{ openclaw_home }}/.local/bin/clawdbot" + path: "{{ openclaw_home }}/.local/bin/openclaw" state: absent - name: Create symlink to openclaw binary ansible.builtin.file: - src: "{{ openclaw_repo_dir }}/bin/clawdbot.js" - dest: "{{ openclaw_home }}/.local/bin/clawdbot" + src: "{{ openclaw_repo_dir }}/bin/openclaw.js" + dest: "{{ openclaw_home }}/.local/bin/openclaw" state: link owner: "{{ openclaw_user }}" group: "{{ openclaw_user }}" @@ -99,14 +99,14 @@ - name: Make openclaw binary executable ansible.builtin.file: - path: "{{ openclaw_repo_dir }}/bin/clawdbot.js" + path: "{{ openclaw_repo_dir }}/bin/openclaw.js" mode: '0755' owner: "{{ openclaw_user }}" group: "{{ openclaw_user }}" - name: Verify openclaw installation from development build ansible.builtin.shell: - cmd: "{{ openclaw_home }}/.local/bin/clawdbot --version" + cmd: "{{ openclaw_home }}/.local/bin/openclaw --version" executable: /bin/bash become: true become_user: "{{ openclaw_user }}" @@ -120,7 +120,7 @@ msg: | OpenClaw installed from source: {{ openclaw_dev_version.stdout }} Repository: {{ openclaw_repo_dir }} - Binary: {{ openclaw_home }}/.local/bin/clawdbot -> {{ openclaw_repo_dir }}/bin/clawdbot.js + Binary: {{ openclaw_home }}/.local/bin/openclaw -> {{ openclaw_repo_dir }}/bin/openclaw.js - name: Add development mode info to .bashrc ansible.builtin.blockinfile: @@ -128,12 +128,12 @@ marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw development" block: | # OpenClaw development mode - export CLAWDBOT_DEV_DIR="{{ openclaw_repo_dir }}" + export OPENCLAW_DEV_DIR="{{ openclaw_repo_dir }}" # Aliases for development - alias clawdbot-rebuild='cd {{ openclaw_repo_dir }} && pnpm build' - alias clawdbot-dev='cd {{ openclaw_repo_dir }}' - alias clawdbot-pull='cd {{ openclaw_repo_dir }} && git pull && pnpm install && pnpm build' + alias openclaw-rebuild='cd {{ openclaw_repo_dir }} && pnpm build' + alias openclaw-dev='cd {{ openclaw_repo_dir }}' + alias openclaw-pull='cd {{ openclaw_repo_dir }} && git pull && pnpm install && pnpm build' create: true owner: "{{ openclaw_user }}" group: "{{ openclaw_user }}" diff --git a/roles/openclaw/tasks/openclaw-release.yml b/roles/openclaw/tasks/openclaw-release.yml index e43f44a..8bdc0d7 100644 --- a/roles/openclaw/tasks/openclaw-release.yml +++ b/roles/openclaw/tasks/openclaw-release.yml @@ -3,7 +3,7 @@ - name: Install OpenClaw globally as openclaw user (using pnpm) ansible.builtin.shell: - cmd: pnpm install -g clawdbot@latest + cmd: pnpm install -g openclaw@latest executable: /bin/bash become: true become_user: "{{ openclaw_user }}" @@ -16,7 +16,7 @@ - name: Verify openclaw installation ansible.builtin.shell: - cmd: "{{ openclaw_home }}/.local/bin/clawdbot --version" + cmd: "{{ openclaw_home }}/.local/bin/openclaw --version" executable: /bin/bash become: true become_user: "{{ openclaw_user }}" diff --git a/roles/openclaw/templates/openclaw-host.service.j2 b/roles/openclaw/templates/openclaw-host.service.j2 index ea2700f..28dd513 100644 --- a/roles/openclaw/templates/openclaw-host.service.j2 +++ b/roles/openclaw/templates/openclaw-host.service.j2 @@ -19,7 +19,7 @@ Environment="XDG_RUNTIME_DIR=/run/user/1000" Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus" # Start command -ExecStart={{ openclaw_home }}/.local/bin/clawdbot gateway +ExecStart={{ openclaw_home }}/.local/bin/openclaw gateway # Restart policy Restart=always diff --git a/run-playbook.sh b/run-playbook.sh index c83b84f..b7869d4 100755 --- a/run-playbook.sh +++ b/run-playbook.sh @@ -17,19 +17,19 @@ if [ $PLAYBOOK_EXIT -eq 0 ]; then echo "✅ INSTALLATION COMPLETE!" echo "═══════════════════════════════════════════════════════════" echo "" - echo "🔄 SWITCH TO CLAWDBOT USER with:" + echo "🔄 SWITCH TO OPENCLAW USER with:" echo "" - echo " sudo su - clawdbot" + echo " sudo su - openclaw" echo "" echo " OR (alternative):" echo "" - echo " sudo -u clawdbot -i" + echo " sudo -u openclaw -i" echo "" - echo "This will switch you to the clawdbot user with a proper" + echo "This will switch you to the openclaw user with a proper" echo "login shell (loads .bashrc, sets environment correctly)." echo "" echo "After switching, you'll see the next setup steps:" - echo " • Configure Clawdbot (~/.clawdbot/config.yml)" + echo " • Configure OpenClaw (~/.openclaw/config.yml)" echo " • Login to messaging provider (WhatsApp/Telegram/Signal)" echo " • Test the gateway" echo " • Connect Tailscale VPN" From 8a012e7047de47d4a047c13cf57170ff1b6591f2 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:26:58 -0700 Subject: [PATCH 05/16] refactor: update GitHub and documentation URLs Co-Authored-By: Claude Opus 4.5 --- install.sh | 14 +++++++------- roles/openclaw/files/show-lobster.sh | 4 ++-- roles/openclaw/templates/openclaw-config.yml.j2 | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/install.sh b/install.sh index 96020d9..ee8177b 100755 --- a/install.sh +++ b/install.sh @@ -1,8 +1,8 @@ #!/bin/bash set -e -# Clawdbot Ansible Installer -# This script installs Ansible if needed and runs the Clawdbot playbook +# OpenClaw Ansible Installer +# This script installs Ansible if needed and runs the OpenClaw playbook # Enable 256 colors export TERM=xterm-256color @@ -12,7 +12,7 @@ if [ -z "$COLORTERM" ]; then export COLORTERM=truecolor fi -REPO_URL="https://raw.githubusercontent.com/pasogott/clawdbot-ansible/main" +REPO_URL="https://raw.githubusercontent.com/openclaw/openclaw-ansible/main" PLAYBOOK_URL="${REPO_URL}/playbook.yml" TEMP_DIR=$(mktemp -d) @@ -26,7 +26,7 @@ CYAN='\033[0;36m' NC='\033[0m' # No Color echo -e "${GREEN}╔════════════════════════════════════════╗${NC}" -echo -e "${GREEN}║ Clawdbot Ansible Installer ║${NC}" +echo -e "${GREEN}║ OpenClaw Ansible Installer ║${NC}" echo -e "${GREEN}╚════════════════════════════════════════╝${NC}" echo "" @@ -76,8 +76,8 @@ cd "$TEMP_DIR" # For simplicity, we'll clone the entire repo echo "Cloning repository..." -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible +git clone https://github.com/openclaw/openclaw-ansible.git +cd openclaw-ansible echo -e "${GREEN}✓ Playbook downloaded${NC}" @@ -97,4 +97,4 @@ echo "" cd / rm -rf "$TEMP_DIR" -# run-playbook.sh will display instructions to switch to clawdbot user +# run-playbook.sh will display instructions to switch to openclaw user diff --git a/roles/openclaw/files/show-lobster.sh b/roles/openclaw/files/show-lobster.sh index 7cee761..508cb3c 100755 --- a/roles/openclaw/files/show-lobster.sh +++ b/roles/openclaw/files/show-lobster.sh @@ -3,7 +3,7 @@ cat << 'LOBSTER' [0;36m +====================================================+ | | - | [0;33mWelcome to Clawdbot! [0;31m🦞[0;36m | + | [0;33mWelcome to OpenClaw! [0;31m🦞[0;36m | | | |[0;31m ,.---._ [0;36m| |[0;31m ,,,, / `, [0;36m| @@ -30,5 +30,5 @@ echo " - UFW Firewall: ENABLED" echo " - Open Ports: SSH (22) + Tailscale (41641/udp)" echo " - Docker isolation: ACTIVE" echo "" -echo "📚 Documentation: https://docs.clawd.bot" +echo "📚 Documentation: https://docs.openclaw.ai" echo "" diff --git a/roles/openclaw/templates/openclaw-config.yml.j2 b/roles/openclaw/templates/openclaw-config.yml.j2 index 8d3f0ab..aad95c4 100644 --- a/roles/openclaw/templates/openclaw-config.yml.j2 +++ b/roles/openclaw/templates/openclaw-config.yml.j2 @@ -1,7 +1,7 @@ # OpenClaw Configuration Template # Generated by Ansible on {{ ansible_date_time.iso8601 }} # -# For full documentation, visit: https://docs.clawd.bot/configuration +# For full documentation, visit: https://docs.openclaw.ai/configuration # Connection Provider # Options: whatsapp, telegram, signal From af9bcd001e9c6db8b29e78839ad82050d34975a4 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:29:54 -0700 Subject: [PATCH 06/16] refactor: update user-facing text from Clawdbot to OpenClaw Co-Authored-By: Claude Opus 4.5 --- playbook.yml | 4 ++-- roles/openclaw/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/playbook.yml b/playbook.yml index defe440..f5c7d08 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,5 @@ --- -- name: Install Clawdbot with Docker and UFW firewall +- name: Install OpenClaw with Docker and UFW firewall hosts: localhost connection: local become: true @@ -195,4 +195,4 @@ - name: Notify that playbook is complete ansible.builtin.debug: - msg: "✅ Clawdbot installation complete!" + msg: "✅ OpenClaw installation complete!" diff --git a/roles/openclaw/tasks/main.yml b/roles/openclaw/tasks/main.yml index 3311323..b16c1e3 100644 --- a/roles/openclaw/tasks/main.yml +++ b/roles/openclaw/tasks/main.yml @@ -17,5 +17,5 @@ - name: Include Node.js installation tasks ansible.builtin.include_tasks: nodejs.yml -- name: Include Clawdbot setup tasks +- name: Include OpenClaw setup tasks ansible.builtin.include_tasks: openclaw.yml From dd50f73d859897cfd1239c90769b5c333d90e137 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Mon, 2 Feb 2026 21:33:04 -0700 Subject: [PATCH 07/16] docs: update documentation for OpenClaw rename Co-Authored-By: Claude Opus 4.5 --- AGENTS.md | 20 +++--- CHANGELOG.md | 102 +++++++++++++-------------- README.md | 114 +++++++++++++++--------------- RELEASE_NOTES_v2.0.0.md | 32 ++++----- UPGRADE_NOTES.md | 100 +++++++++++++------------- docs/architecture.md | 22 +++--- docs/configuration.md | 146 +++++++++++++++++++------------------- docs/development-mode.md | 148 +++++++++++++++++++-------------------- docs/installation.md | 66 ++++++++--------- docs/security.md | 4 +- docs/troubleshooting.md | 24 +++---- 11 files changed, 389 insertions(+), 389 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index fa05908..7a7ad31 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -2,7 +2,7 @@ ## Project Overview -Ansible playbook for automated, hardened Clawdbot installation on Debian/Ubuntu systems. +Ansible playbook for automated, hardened OpenClaw installation on Debian/Ubuntu systems. ## Key Principles @@ -16,14 +16,14 @@ Ansible playbook for automated, hardened Clawdbot installation on Debian/Ubuntu ### Task Order Docker must be installed **before** firewall configuration. -Task order in `roles/clawdbot/tasks/main.yml`: +Task order in `roles/openclaw/tasks/main.yml`: ```yaml - tailscale.yml # VPN setup - user.yml # Create system user - docker.yml # Install Docker (creates /etc/docker) - firewall.yml # Configure UFW + daemon.json (needs /etc/docker to exist) - nodejs.yml # Node.js + pnpm -- clawdbot.yml # Container setup +- openclaw.yml # Container setup ``` Reason: `firewall.yml` writes `/etc/docker/daemon.json` and restarts Docker service. @@ -110,16 +110,16 @@ Keep docs concise. No progress logs, no refactoring summaries. ### Host System ``` -/opt/clawdbot/ # Installation files -/home/clawdbot/.clawdbot/ # Config and data -/etc/systemd/system/clawdbot.service +/opt/openclaw/ # Installation files +/home/openclaw/.openclaw/ # Config and data +/etc/systemd/system/openclaw.service /etc/docker/daemon.json /etc/ufw/after.rules ``` ### Repository ``` -roles/clawdbot/ +roles/openclaw/ ├── tasks/ # Ansible tasks (order matters!) ├── templates/ # Jinja2 configs ├── defaults/ # Variables @@ -146,7 +146,7 @@ Clean lifecycle, auto-start, logging integration. ## Making Changes ### Adding a New Task -1. Add to appropriate file in `roles/clawdbot/tasks/` +1. Add to appropriate file in `roles/openclaw/tasks/` 2. Update main.yml if new task file 3. Test with `--check` first 4. Verify idempotency (can run multiple times safely) @@ -171,5 +171,5 @@ Clean lifecycle, auto-start, logging integration. ## Support Channels -- Clawdbot issues: https://github.com/clawdbot/clawdbot -- This installer: https://github.com/pasogott/clawdbot-ansible +- OpenClaw issues: https://github.com/openclaw/openclaw +- This installer: https://github.com/openclaw/openclaw-ansible diff --git a/CHANGELOG.md b/CHANGELOG.md index cf2ac9b..0f4b5de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,15 +11,15 @@ - **Automatic OS detection** with proper fallback #### Installation Modes -- **Release Mode** (default): Install via `pnpm install -g clawdbot@latest` +- **Release Mode** (default): Install via `pnpm install -g openclaw@latest` - **Development Mode**: Clone repo, build from source, symlink binary -- Switch modes with `-e clawdbot_install_mode=development` -- Development aliases: `clawdbot-rebuild`, `clawdbot-dev`, `clawdbot-pull` +- Switch modes with `-e openclaw_install_mode=development` +- Development aliases: `openclaw-rebuild`, `openclaw-dev`, `openclaw-pull` #### System Improvements - **apt update & upgrade** runs automatically at start (Debian/Ubuntu) - **Homebrew integrated** in PATH for all users -- **pnpm package manager** used for Clawdbot installation +- **pnpm package manager** used for OpenClaw installation ### 🐛 Bug Fixes @@ -31,34 +31,34 @@ - **No more manual** `eval $(dbus-launch --sh-syntax)` needed! 2. **User Switching Command** ✅ - - Fixed: Changed from `sudo -i -u clawdbot` to `sudo su - clawdbot` + - Fixed: Changed from `sudo -i -u openclaw` to `sudo su - openclaw` - Ensures proper login shell with .bashrc loading - - Alternative documented: `sudo -u clawdbot -i` + - Alternative documented: `sudo -u openclaw -i` -3. **Clawdbot Installation** ✅ - - Changed: `pnpm add -g` → `pnpm install -g clawdbot@latest` +3. **OpenClaw Installation** ✅ + - Changed: `pnpm add -g` → `pnpm install -g openclaw@latest` - Added installation verification - Added version display 4. **Configuration Management** ✅ - Removed automatic config.yml creation - Removed automatic systemd service installation - - Let `clawdbot onboard --install-daemon` handle setup + - Let `openclaw onboard --install-daemon` handle setup - Only create directory structure ### 📦 New Files Created #### OS-Specific Task Files ``` -roles/clawdbot/tasks/ +roles/openclaw/tasks/ ├── system-tools-linux.yml # apt-based tool installation ├── system-tools-macos.yml # brew-based tool installation ├── docker-linux.yml # Docker CE installation ├── docker-macos.yml # Docker Desktop installation ├── firewall-linux.yml # UFW configuration ├── firewall-macos.yml # Application Firewall config -├── clawdbot-release.yml # Release mode installation -└── clawdbot-development.yml # Development mode installation +├── openclaw-release.yml # Release mode installation +└── openclaw-development.yml # Development mode installation ``` #### Documentation @@ -73,7 +73,7 @@ roles/clawdbot/tasks/ - Added OS detection (is_macos, is_debian, is_linux, is_redhat) - Added apt update/upgrade at start - Added Homebrew installation - - Enhanced welcome message with `clawdbot onboard --install-daemon` + - Enhanced welcome message with `openclaw onboard --install-daemon` - Removed automatic config.yml creation - **install.sh** @@ -89,40 +89,40 @@ roles/clawdbot/tasks/ - **README.md** - Updated for multi-OS support - Added OS-specific requirements - - Updated quick-start with `clawdbot onboard --install-daemon` + - Updated quick-start with `openclaw onboard --install-daemon` - Added Homebrew to feature list #### Role Files -- **roles/clawdbot/defaults/main.yml** +- **roles/openclaw/defaults/main.yml** - Added OS-specific variables (homebrew_prefix, package_manager) -- **roles/clawdbot/tasks/main.yml** +- **roles/openclaw/tasks/main.yml** - No changes (orchestrator) -- **roles/clawdbot/tasks/system-tools.yml** +- **roles/openclaw/tasks/system-tools.yml** - Refactored to delegate to OS-specific files - Added fail-safe for unsupported OS -- **roles/clawdbot/tasks/docker.yml** +- **roles/openclaw/tasks/docker.yml** - Refactored to delegate to OS-specific files -- **roles/clawdbot/tasks/firewall.yml** +- **roles/openclaw/tasks/firewall.yml** - Refactored to delegate to OS-specific files -- **roles/clawdbot/tasks/user.yml** +- **roles/openclaw/tasks/user.yml** - Added loginctl enable-linger - Added XDG_RUNTIME_DIR configuration - Added DBUS_SESSION_BUS_ADDRESS setup - Fixed systemd user service support -- **roles/clawdbot/tasks/clawdbot.yml** - - Changed to `pnpm install -g clawdbot@latest` +- **roles/openclaw/tasks/openclaw.yml** + - Changed to `pnpm install -g openclaw@latest` - Added installation verification - Removed config.yml template generation - Removed systemd service installation - Only creates directory structure -- **roles/clawdbot/templates/clawdbot-host.service.j2** +- **roles/openclaw/templates/openclaw-host.service.j2** - Added XDG_RUNTIME_DIR environment - Added DBUS_SESSION_BUS_ADDRESS - Added Homebrew to PATH @@ -134,9 +134,9 @@ roles/clawdbot/tasks/ ```bash # Installation curl -fsSL https://.../install.sh | bash -sudo -i -u clawdbot # ❌ Wrong command -nano ~/.clawdbot/config.yml # Manual config -clawdbot login # Manual setup +sudo -i -u openclaw # ❌ Wrong command +nano ~/.openclaw/config.yml # Manual config +openclaw login # Manual setup # Missing DBus setup # ❌ Errors ``` @@ -144,8 +144,8 @@ clawdbot login # Manual setup ```bash # Installation curl -fsSL https://.../install.sh | bash -sudo su - clawdbot # ✅ Correct command -clawdbot onboard --install-daemon # ✅ One command setup! +sudo su - openclaw # ✅ Correct command +openclaw onboard --install-daemon # ✅ One command setup! # DBus auto-configured # ✅ Works # Service auto-installed # ✅ Works ``` @@ -153,27 +153,27 @@ clawdbot onboard --install-daemon # ✅ One command setup! #### New Workflow - Development Mode ```bash # Installation with development mode -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible -./run-playbook.sh -e clawdbot_install_mode=development +git clone https://github.com/openclaw/openclaw-ansible.git +cd openclaw-ansible +./run-playbook.sh -e openclaw_install_mode=development -# Switch to clawdbot user -sudo su - clawdbot +# Switch to openclaw user +sudo su - openclaw # Make changes -clawdbot-dev # cd ~/code/clawdbot +openclaw-dev # cd ~/code/openclaw vim src/some-file.ts # Edit code -clawdbot-rebuild # pnpm build +openclaw-rebuild # pnpm build # Test immediately -clawdbot doctor # Uses new build +openclaw doctor # Uses new build ``` ### 🎯 User Experience Improvements #### Welcome Message -- Shows environment status (XDG_RUNTIME_DIR, DBUS, Homebrew, Clawdbot version) -- Recommends `clawdbot onboard --install-daemon` as primary command +- Shows environment status (XDG_RUNTIME_DIR, DBUS, Homebrew, OpenClaw version) +- Recommends `openclaw onboard --install-daemon` as primary command - Provides manual setup steps as alternative - Lists useful commands for troubleshooting @@ -186,12 +186,12 @@ clawdbot doctor # Uses new build #### Directory Structure Ansible creates only structure, no config files: ``` -~/.clawdbot/ +~/.openclaw/ ├── sessions/ # Created (empty) ├── credentials/ # Created (secure: 0700) ├── data/ # Created (empty) └── logs/ # Created (empty) -# clawdbot.json # NOT created - user's clawdbot creates it +# openclaw.json # NOT created - user's openclaw creates it # config.yml # NOT created - deprecated ``` @@ -200,11 +200,11 @@ Ansible creates only structure, no config files: #### Systemd Service Hardening - `ProtectSystem=strict` - System directories read-only - `ProtectHome=read-only` - Limited home access -- `ReadWritePaths=~/.clawdbot` - Only config writable +- `ReadWritePaths=~/.openclaw` - Only config writable - `NoNewPrivileges=true` - No privilege escalation #### User Isolation -- Dedicated clawdbot system user +- Dedicated openclaw system user - lingering enabled for systemd user services - Proper DBus session isolation - XDG_RUNTIME_DIR per-user @@ -219,23 +219,23 @@ Ansible creates only structure, no config files: | Firewall | UFW | Application FW | Working | | systemd | ✅ | ❌ | Linux only | | DBus Setup | ✅ | N/A | Linux only | -| pnpm + Clawdbot | ✅ | ✅ | Working | +| pnpm + OpenClaw | ✅ | ✅ | Working | ### ⚠️ Breaking Changes 1. **User Switch Command Changed** - - Old: `sudo -i -u clawdbot` - - New: `sudo su - clawdbot` + - Old: `sudo -i -u openclaw` + - New: `sudo su - openclaw` - Impact: Update documentation, scripts 2. **No Auto-Configuration** - Old: config.yml auto-created - - New: User runs `clawdbot onboard` + - New: User runs `openclaw onboard` - Impact: Users must run onboard command 3. **No Auto-Service Install** - Old: systemd service auto-installed - - New: `clawdbot onboard --install-daemon` + - New: `openclaw onboard --install-daemon` - Impact: Service not running after ansible ### 🔄 Migration Guide @@ -249,7 +249,7 @@ Just run the new installer - everything works out of the box! echo 'export XDG_RUNTIME_DIR=/run/user/$(id -u)' >> ~/.bashrc # 2. Enable lingering -sudo loginctl enable-linger clawdbot +sudo loginctl enable-linger openclaw # 3. Add Homebrew (Linux) echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc @@ -257,8 +257,8 @@ echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc # 4. Reload source ~/.bashrc -# 5. Reinstall clawdbot -pnpm install -g clawdbot@latest +# 5. Reinstall openclaw +pnpm install -g openclaw@latest ``` ### 📚 Documentation Updates @@ -285,7 +285,7 @@ pnpm install -g clawdbot@latest ### 🙏 Credits -Based on user feedback and real-world usage patterns from the clawdbot community. +Based on user feedback and real-world usage patterns from the openclaw community. Special thanks to early testers who identified the DBus and user switching issues! diff --git a/README.md b/README.md index 253d8f3..893689d 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ -# Clawdbot Ansible Installer +# OpenClaw Ansible Installer [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![Lint](https://github.com/pasogott/clawdbot-ansible/actions/workflows/lint.yml/badge.svg)](https://github.com/pasogott/clawdbot-ansible/actions/workflows/lint.yml) +[![Lint](https://github.com/openclaw/openclaw-ansible/actions/workflows/lint.yml/badge.svg)](https://github.com/openclaw/openclaw-ansible/actions/workflows/lint.yml) [![Ansible](https://img.shields.io/badge/Ansible-2.14+-blue.svg)](https://www.ansible.com/) [![Multi-OS](https://img.shields.io/badge/OS-Debian%20%7C%20Ubuntu%20%7C%20macOS-orange.svg)](https://www.debian.org/) -Automated, hardened installation of [Clawdbot](https://github.com/clawdbot/clawdbot) with Docker, Homebrew, and Tailscale VPN support for Linux and macOS. +Automated, hardened installation of [OpenClaw](https://github.com/openclaw/openclaw) with Docker, Homebrew, and Tailscale VPN support for Linux and macOS. ## Features @@ -16,7 +16,7 @@ Automated, hardened installation of [Clawdbot](https://github.com/clawdbot/clawd - 🛡️ **Multi-OS Support**: Debian, Ubuntu, and macOS - 🚀 **One-command install**: Complete setup in minutes - 🔧 **Auto-configuration**: DBus, systemd, environment setup -- 📦 **pnpm installation**: Uses `pnpm install -g clawdbot@latest` +- 📦 **pnpm installation**: Uses `pnpm install -g openclaw@latest` ## Quick Start @@ -25,7 +25,7 @@ Automated, hardened installation of [Clawdbot](https://github.com/clawdbot/clawd Install the latest stable version from npm: ```bash -curl -fsSL https://raw.githubusercontent.com/pasogott/clawdbot-ansible/main/install.sh | bash +curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw-ansible/main/install.sh | bash ``` ### Development Mode @@ -34,11 +34,11 @@ Install from source for development or testing: ```bash # Clone the installer -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible +git clone https://github.com/openclaw/openclaw-ansible.git +cd openclaw-ansible # Install in development mode -ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=development +ansible-playbook playbook.yml --ask-become-pass -e openclaw_install_mode=development ``` ## What Gets Installed @@ -47,21 +47,21 @@ ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=develop - UFW firewall (SSH + Tailscale ports only) - Docker CE + Compose V2 (for sandboxes) - Node.js 22.x + pnpm -- Clawdbot on host (not containerized) +- OpenClaw on host (not containerized) - Systemd service (auto-start) ## Post-Install -After installation completes, switch to the clawdbot user: +After installation completes, switch to the openclaw user: ```bash -sudo su - clawdbot +sudo su - openclaw ``` Then run the quick-start onboarding wizard: ```bash -clawdbot onboard --install-daemon +openclaw onboard --install-daemon ``` This will: @@ -73,49 +73,49 @@ This will: ```bash # Configure manually -clawdbot configure +openclaw configure # Login to provider -clawdbot providers login +openclaw providers login # Test gateway -clawdbot gateway +openclaw gateway # Install as daemon -clawdbot daemon install -clawdbot daemon start +openclaw daemon install +openclaw daemon start # Check status -clawdbot status -clawdbot logs +openclaw status +openclaw logs ``` ## Installation Modes ### Release Mode (Default) -- Installs via `pnpm install -g clawdbot@latest` +- Installs via `pnpm install -g openclaw@latest` - Gets latest stable version from npm registry -- Automatic updates via `pnpm install -g clawdbot@latest` +- Automatic updates via `pnpm install -g openclaw@latest` - **Recommended for production** ### Development Mode -- Clones from `https://github.com/clawdbot/clawdbot.git` +- Clones from `https://github.com/openclaw/openclaw.git` - Builds from source with `pnpm build` -- Symlinks binary to `~/.local/bin/clawdbot` +- Symlinks binary to `~/.local/bin/openclaw` - Adds helpful aliases: - - `clawdbot-rebuild` - Rebuild after code changes - - `clawdbot-dev` - Navigate to repo directory - - `clawdbot-pull` - Pull, install deps, and rebuild + - `openclaw-rebuild` - Rebuild after code changes + - `openclaw-dev` - Navigate to repo directory + - `openclaw-pull` - Pull, install deps, and rebuild - **Recommended for development and testing** -Enable with: `-e clawdbot_install_mode=development` +Enable with: `-e openclaw_install_mode=development` ## Security - **Public ports**: SSH (22), Tailscale (41641/udp) only -- **Docker available**: For Clawdbot sandboxes (isolated execution) +- **Docker available**: For OpenClaw sandboxes (isolated execution) - **Docker isolation**: Containers can't expose ports externally (DOCKER-USER chain) -- **Non-root**: Clawdbot runs as unprivileged user +- **Non-root**: OpenClaw runs as unprivileged user - **Systemd hardening**: NoNewPrivileges, PrivateTmp Verify: `nmap -p- YOUR_SERVER_IP` should show only port 22 open. @@ -147,7 +147,7 @@ Verify: `nmap -p- YOUR_SERVER_IP` should show only port 22 open. ### Common (All OS) - Homebrew package manager - Node.js 22.x + pnpm -- Clawdbot via `pnpm install -g clawdbot@latest` +- OpenClaw via `pnpm install -g openclaw@latest` - Essential development tools - Git, zsh, oh-my-zsh @@ -171,8 +171,8 @@ Verify: `nmap -p- YOUR_SERVER_IP` should show only port 22 open. sudo apt update && sudo apt install -y ansible git # Clone repository -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible +git clone https://github.com/openclaw/openclaw-ansible.git +cd openclaw-ansible # Install Ansible collections ansible-galaxy collection install -r requirements.yml @@ -187,21 +187,21 @@ Build from source for development: ```bash # Same as above, but with development mode flag -./run-playbook.sh -e clawdbot_install_mode=development +./run-playbook.sh -e openclaw_install_mode=development # Or directly: -ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=development +ansible-playbook playbook.yml --ask-become-pass -e openclaw_install_mode=development ``` This will: -- Clone clawdbot repo to `~/code/clawdbot` +- Clone openclaw repo to `~/code/openclaw` - Run `pnpm install` and `pnpm build` -- Symlink binary to `~/.local/bin/clawdbot` +- Symlink binary to `~/.local/bin/openclaw` - Add development aliases to `.bashrc` ## Configuration Options -All configuration variables can be found in [`roles/clawdbot/defaults/main.yml`](roles/clawdbot/defaults/main.yml). +All configuration variables can be found in [`roles/openclaw/defaults/main.yml`](roles/openclaw/defaults/main.yml). You can override them in three ways: @@ -209,8 +209,8 @@ You can override them in three ways: ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e clawdbot_install_mode=development \ - -e "clawdbot_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" + -e openclaw_install_mode=development \ + -e "openclaw_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" ``` ### 2. Via Variables File @@ -218,12 +218,12 @@ ansible-playbook playbook.yml --ask-become-pass \ ```bash # Create vars.yml cat > vars.yml << EOF -clawdbot_install_mode: development -clawdbot_ssh_keys: +openclaw_install_mode: development +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx user@host" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... user@host" -clawdbot_repo_url: "https://github.com/YOUR_USERNAME/clawdbot.git" -clawdbot_repo_branch: "feature-branch" +openclaw_repo_url: "https://github.com/YOUR_USERNAME/openclaw.git" +openclaw_repo_branch: "feature-branch" tailscale_authkey: "tskey-auth-xxxxxxxxxxxxx" EOF @@ -233,22 +233,22 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars.yml ### 3. Edit Defaults Directly -Edit `roles/clawdbot/defaults/main.yml` before running the playbook. +Edit `roles/openclaw/defaults/main.yml` before running the playbook. ### Available Variables | Variable | Default | Description | |----------|---------|-------------| -| `clawdbot_user` | `clawdbot` | System user name | -| `clawdbot_home` | `/home/clawdbot` | User home directory | -| `clawdbot_install_mode` | `release` | `release` or `development` | -| `clawdbot_ssh_keys` | `[]` | List of SSH public keys | -| `clawdbot_repo_url` | `https://github.com/clawdbot/clawdbot.git` | Git repository (dev mode) | -| `clawdbot_repo_branch` | `main` | Git branch (dev mode) | +| `openclaw_user` | `openclaw` | System user name | +| `openclaw_home` | `/home/openclaw` | User home directory | +| `openclaw_install_mode` | `release` | `release` or `development` | +| `openclaw_ssh_keys` | `[]` | List of SSH public keys | +| `openclaw_repo_url` | `https://github.com/openclaw/openclaw.git` | Git repository (dev mode) | +| `openclaw_repo_branch` | `main` | Git branch (dev mode) | | `tailscale_authkey` | `""` | Tailscale auth key for auto-connect | | `nodejs_version` | `22.x` | Node.js version to install | -See [`roles/clawdbot/defaults/main.yml`](roles/clawdbot/defaults/main.yml) for the complete list. +See [`roles/openclaw/defaults/main.yml`](roles/openclaw/defaults/main.yml) for the complete list. ### Common Configuration Examples @@ -256,16 +256,16 @@ See [`roles/clawdbot/defaults/main.yml`](roles/clawdbot/defaults/main.yml) for t ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e "clawdbot_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" + -e "openclaw_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" ``` #### Development Mode with Custom Repository ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e clawdbot_install_mode=development \ - -e clawdbot_repo_url=https://github.com/YOUR_USERNAME/clawdbot.git \ - -e clawdbot_repo_branch=feature-branch + -e openclaw_install_mode=development \ + -e openclaw_repo_url=https://github.com/YOUR_USERNAME/openclaw.git \ + -e openclaw_repo_branch=feature-branch ``` #### Tailscale Auto-Connect @@ -281,5 +281,5 @@ MIT - see [LICENSE](LICENSE) ## Support -- Clawdbot: https://github.com/clawdbot/clawdbot -- This installer: https://github.com/pasogott/clawdbot-ansible/issues +- OpenClaw: https://github.com/openclaw/openclaw +- This installer: https://github.com/openclaw/openclaw-ansible/issues diff --git a/RELEASE_NOTES_v2.0.0.md b/RELEASE_NOTES_v2.0.0.md index 7125278..1466bab 100644 --- a/RELEASE_NOTES_v2.0.0.md +++ b/RELEASE_NOTES_v2.0.0.md @@ -13,10 +13,10 @@ This release adds **multi-OS support** (macOS + Linux), **development mode**, an - ✅ Automatic OS detection with proper fallback #### Installation Modes -- ✅ **Release Mode** (default): `pnpm install -g clawdbot@latest` +- ✅ **Release Mode** (default): `pnpm install -g openclaw@latest` - ✅ **Development Mode**: Clone repo, build from source, symlink binary -- ✅ Switch with `-e clawdbot_install_mode=development` -- ✅ Development aliases: `clawdbot-rebuild`, `clawdbot-dev`, `clawdbot-pull` +- ✅ Switch with `-e openclaw_install_mode=development` +- ✅ Development aliases: `openclaw-rebuild`, `openclaw-dev`, `openclaw-pull` ### 🐛 Critical Bug Fixes @@ -29,7 +29,7 @@ All issues from user feedback resolved: - No more manual `eval $(dbus-launch --sh-syntax)` needed! 2. ✅ **User Switch Command** - - Fixed from `sudo -i -u clawdbot` to `sudo su - clawdbot` + - Fixed from `sudo -i -u openclaw` to `sudo su - openclaw` - Ensures proper login shell with environment 3. ✅ **Homebrew Integration** @@ -48,8 +48,8 @@ All issues from user feedback resolved: ### 🔧 Improvements -- ✅ **Better onboarding**: Recommends `clawdbot onboard --install-daemon` -- ✅ **No auto-config**: Config files created by clawdbot itself +- ✅ **Better onboarding**: Recommends `openclaw onboard --install-daemon` +- ✅ **No auto-config**: Config files created by openclaw itself - ✅ **Enhanced security**: systemd service hardening - ✅ **Linting**: yamllint & ansible-lint production profile passed @@ -57,14 +57,14 @@ All issues from user feedback resolved: #### Quick Start (Release Mode) ```bash -curl -fsSL https://raw.githubusercontent.com/clawdbot/clawdbot-ansible/main/install.sh | bash +curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw-ansible/main/install.sh | bash ``` #### Development Mode ```bash -git clone https://github.com/clawdbot/clawdbot-ansible.git -cd clawdbot-ansible -./run-playbook.sh -e clawdbot_install_mode=development +git clone https://github.com/openclaw/openclaw-ansible.git +cd openclaw-ansible +./run-playbook.sh -e openclaw_install_mode=development ``` ### 📚 Documentation @@ -76,8 +76,8 @@ cd clawdbot-ansible ### ⚠️ Breaking Changes -1. **User switch command changed**: Use `sudo su - clawdbot` instead of `sudo -i -u clawdbot` -2. **No auto-configuration**: Config files no longer auto-generated, use `clawdbot onboard` +1. **User switch command changed**: Use `sudo su - openclaw` instead of `sudo -i -u openclaw` +2. **No auto-configuration**: Config files no longer auto-generated, use `openclaw onboard` 3. **No auto-service**: systemd service not auto-installed, use `--install-daemon` flag ### 🔄 Migration @@ -89,7 +89,7 @@ echo 'export XDG_RUNTIME_DIR=/run/user/$(id -u)' >> ~/.bashrc echo 'export PNPM_HOME="$HOME/.local/share/pnpm"' >> ~/.bashrc # Enable lingering -sudo loginctl enable-linger clawdbot +sudo loginctl enable-linger openclaw # Add Homebrew (Linux) echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc @@ -97,8 +97,8 @@ echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc # Reload source ~/.bashrc -# Reinstall clawdbot -pnpm install -g clawdbot@latest +# Reinstall openclaw +pnpm install -g openclaw@latest ``` ### 📊 Testing @@ -115,4 +115,4 @@ Special thanks to early adopters who provided feedback on the DBus and user swit --- -**Full Changelog**: https://github.com/clawdbot/clawdbot-ansible/blob/main/CHANGELOG.md +**Full Changelog**: https://github.com/openclaw/openclaw-ansible/blob/main/CHANGELOG.md diff --git a/UPGRADE_NOTES.md b/UPGRADE_NOTES.md index d3d35e6..4625aea 100644 --- a/UPGRADE_NOTES.md +++ b/UPGRADE_NOTES.md @@ -3,22 +3,22 @@ ## ✅ Completed Changes ### 1. Installation Modes (Release vs Development) -- **File**: `roles/clawdbot/defaults/main.yml` -- Added `clawdbot_install_mode` variable (release | development) -- Release mode: Install via `pnpm install -g clawdbot@latest` (default) +- **File**: `roles/openclaw/defaults/main.yml` +- Added `openclaw_install_mode` variable (release | development) +- Release mode: Install via `pnpm install -g openclaw@latest` (default) - Development mode: Clone repo, build, symlink binary - Development settings: repo URL, branch, code directory **Files Created**: -- `roles/clawdbot/tasks/clawdbot-release.yml` - npm installation -- `roles/clawdbot/tasks/clawdbot-development.yml` - git clone + build +- `roles/openclaw/tasks/openclaw-release.yml` - npm installation +- `roles/openclaw/tasks/openclaw-development.yml` - git clone + build - `docs/development-mode.md` - comprehensive guide **Development Mode Features**: -- Clones to `~/code/clawdbot` +- Clones to `~/code/openclaw` - Runs `pnpm install` and `pnpm build` -- Symlinks `bin/clawdbot.js` to `~/.local/bin/clawdbot` -- Adds aliases: `clawdbot-rebuild`, `clawdbot-dev`, `clawdbot-pull` +- Symlinks `bin/openclaw.js` to `~/.local/bin/openclaw` +- Adds aliases: `openclaw-rebuild`, `openclaw-dev`, `openclaw-pull` - Sets `CLAWDBOT_DEV_DIR` environment variable **Usage**: @@ -27,13 +27,13 @@ ./run-playbook.sh # Development mode -./run-playbook.sh -e clawdbot_install_mode=development +./run-playbook.sh -e openclaw_install_mode=development # With custom repo ansible-playbook playbook.yml --ask-become-pass \ - -e clawdbot_install_mode=development \ - -e clawdbot_repo_url=https://github.com/YOUR_USERNAME/clawdbot.git \ - -e clawdbot_repo_branch=feature-branch + -e openclaw_install_mode=development \ + -e openclaw_repo_url=https://github.com/YOUR_USERNAME/openclaw.git \ + -e openclaw_repo_branch=feature-branch ``` ### 2. OS Detection & apt update/upgrade @@ -51,57 +51,57 @@ ansible-playbook playbook.yml --ask-become-pass \ ### 3. OS-Specific System Tools - **Files**: - - `roles/clawdbot/tasks/system-tools.yml` (orchestrator) - - `roles/clawdbot/tasks/system-tools-linux.yml` (apt-based) - - `roles/clawdbot/tasks/system-tools-macos.yml` (brew-based) + - `roles/openclaw/tasks/system-tools.yml` (orchestrator) + - `roles/openclaw/tasks/system-tools-linux.yml` (apt-based) + - `roles/openclaw/tasks/system-tools-macos.yml` (brew-based) - Tools installed via appropriate package manager per OS - Homebrew shellenv integrated into .zshrc ### 4. OS-Specific Docker Installation - **Files**: - - `roles/clawdbot/tasks/docker.yml` (orchestrator) - - `roles/clawdbot/tasks/docker-linux.yml` (Docker CE) - - `roles/clawdbot/tasks/docker-macos.yml` (Docker Desktop) + - `roles/openclaw/tasks/docker.yml` (orchestrator) + - `roles/openclaw/tasks/docker-linux.yml` (Docker CE) + - `roles/openclaw/tasks/docker-macos.yml` (Docker Desktop) - Linux: Docker CE via apt - macOS: Docker Desktop via Homebrew Cask ### 5. OS-Specific Firewall Configuration - **Files**: - - `roles/clawdbot/tasks/firewall.yml` (orchestrator) - - `roles/clawdbot/tasks/firewall-linux.yml` (UFW) - - `roles/clawdbot/tasks/firewall-macos.yml` (Application Firewall) + - `roles/openclaw/tasks/firewall.yml` (orchestrator) + - `roles/openclaw/tasks/firewall-linux.yml` (UFW) + - `roles/openclaw/tasks/firewall-macos.yml` (Application Firewall) - Linux: UFW with Docker isolation - macOS: Application Firewall configuration ### 6. DBus & systemd User Service Fixes -- **File**: `roles/clawdbot/tasks/user.yml` -- Fixed: `loginctl enable-linger` for clawdbot user +- **File**: `roles/openclaw/tasks/user.yml` +- Fixed: `loginctl enable-linger` for openclaw user - Fixed: XDG_RUNTIME_DIR set to `/run/user/$(id -u)` - Fixed: DBUS_SESSION_BUS_ADDRESS configuration in .bashrc - No more manual `eval $(dbus-launch --sh-syntax)` needed! ### 7. Systemd Service Template Enhancement -- **File**: `roles/clawdbot/templates/clawdbot-host.service.j2` +- **File**: `roles/openclaw/templates/openclaw-host.service.j2` - Added XDG_RUNTIME_DIR environment variable - Added DBUS_SESSION_BUS_ADDRESS - Added Homebrew to PATH - Enhanced security with ProtectSystem and ProtectHome ### 8. Clawdbot Installation via pnpm -- **File**: `roles/clawdbot/tasks/clawdbot.yml` -- Changed from `pnpm add -g` to `pnpm install -g clawdbot@latest` +- **File**: `roles/openclaw/tasks/openclaw.yml` +- Changed from `pnpm add -g` to `pnpm install -g openclaw@latest` - Added verification step - Added version display ### 9. Correct User Switching Command - **File**: `run-playbook.sh` -- Changed from `sudo -i -u clawdbot` to `sudo su - clawdbot` -- Alternative: `sudo -u clawdbot -i` +- Changed from `sudo -i -u openclaw` to `sudo su - openclaw` +- Alternative: `sudo -u openclaw -i` - Ensures proper login shell with .bashrc loaded ### 10. Enhanced Welcome Message - **File**: `playbook.yml` (post_tasks) -- Recommends: `clawdbot onboard --install-daemon` as first command +- Recommends: `openclaw onboard --install-daemon` as first command - Shows environment status (XDG_RUNTIME_DIR, DBUS, Homebrew) - Provides both quick-start and manual setup paths - More helpful command examples @@ -117,16 +117,16 @@ ansible-playbook playbook.yml --ask-become-pass \ - Multi-OS badge (Debian | Ubuntu | macOS) - Updated features list - Added OS-specific requirements -- Added post-install instructions with `clawdbot onboard --install-daemon` +- Added post-install instructions with `openclaw onboard --install-daemon` ## 🎯 Key Improvements ### Fixed Issues from User History 1. ✅ **DBus errors**: Automatically configured, no manual setup needed -2. ✅ **User switching**: Correct command (`sudo su - clawdbot`) +2. ✅ **User switching**: Correct command (`sudo su - openclaw`) 3. ✅ **Environment**: XDG_RUNTIME_DIR and DBUS properly set 4. ✅ **Homebrew**: Integrated and in PATH -5. ✅ **pnpm**: Uses `pnpm install -g clawdbot@latest` +5. ✅ **pnpm**: Uses `pnpm install -g openclaw@latest` ### OS Detection Framework - Clean separation between Linux and macOS tasks @@ -135,7 +135,7 @@ ansible-playbook playbook.yml --ask-become-pass \ ### Better User Experience - Clear next steps after installation -- Recommends `clawdbot onboard --install-daemon` +- Recommends `openclaw onboard --install-daemon` - Helpful welcome message with environment status - Proper shell initialization @@ -149,7 +149,7 @@ If you have an existing installation, you may need to: echo 'export XDG_RUNTIME_DIR=/run/user/$(id -u)' >> ~/.bashrc # 2. Enable lingering -sudo loginctl enable-linger clawdbot +sudo loginctl enable-linger openclaw # 3. Add Homebrew to PATH (if using Linux) echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc @@ -157,8 +157,8 @@ echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc # 4. Reload shell source ~/.bashrc -# 5. Reinstall clawdbot -pnpm install -g clawdbot@latest +# 5. Reinstall openclaw +pnpm install -g openclaw@latest ``` ## 📝 TODO - Future macOS Enhancements @@ -186,10 +186,10 @@ ansible-playbook playbook.yml --ask-become-pass --tags=never -vv # Test full installation ./run-playbook.sh -# Verify clawdbot -sudo su - clawdbot -clawdbot --version -clawdbot onboard --install-daemon +# Verify openclaw +sudo su - openclaw +openclaw --version +openclaw onboard --install-daemon ``` ### macOS (Future) @@ -203,7 +203,7 @@ clawdbot onboard --install-daemon ### Enhanced systemd Security - `ProtectSystem=strict`: Read-only system directories - `ProtectHome=read-only`: Limited home access -- `ReadWritePaths`: Only ~/.clawdbot writable +- `ReadWritePaths`: Only ~/.openclaw writable - `NoNewPrivileges`: Prevents privilege escalation ### DBus Session Security @@ -218,17 +218,17 @@ clawdbot onboard --install-daemon - `install.sh` - Multi-OS detection - `run-playbook.sh` - Correct user switch command - `README.md` - Multi-OS documentation -- `roles/clawdbot/defaults/main.yml` - OS-specific variables -- `roles/clawdbot/tasks/*.yml` - OS-aware task orchestration -- `roles/clawdbot/templates/clawdbot-host.service.j2` - Enhanced service +- `roles/openclaw/defaults/main.yml` - OS-specific variables +- `roles/openclaw/tasks/*.yml` - OS-aware task orchestration +- `roles/openclaw/templates/openclaw-host.service.j2` - Enhanced service ### New Files Created -- `roles/clawdbot/tasks/system-tools-linux.yml` -- `roles/clawdbot/tasks/system-tools-macos.yml` -- `roles/clawdbot/tasks/docker-linux.yml` -- `roles/clawdbot/tasks/docker-macos.yml` -- `roles/clawdbot/tasks/firewall-linux.yml` -- `roles/clawdbot/tasks/firewall-macos.yml` +- `roles/openclaw/tasks/system-tools-linux.yml` +- `roles/openclaw/tasks/system-tools-macos.yml` +- `roles/openclaw/tasks/docker-linux.yml` +- `roles/openclaw/tasks/docker-macos.yml` +- `roles/openclaw/tasks/firewall-linux.yml` +- `roles/openclaw/tasks/firewall-macos.yml` - `UPGRADE_NOTES.md` (this file) --- diff --git a/docs/architecture.md b/docs/architecture.md index fe87e1f..1034660 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -24,8 +24,8 @@ description: Technical implementation details └──────────────┬──────────────────────────┘ │ ┌──────────────┴──────────────────────────┐ -│ Clawdbot Container │ -│ User: clawdbot │ +│ OpenClaw Container │ +│ User: openclaw │ │ Port: 127.0.0.1:3000 │ └──────────────────────────────────────────┘ ``` @@ -33,17 +33,17 @@ description: Technical implementation details ## File Structure ``` -/opt/clawdbot/ +/opt/openclaw/ ├── Dockerfile ├── docker-compose.yml -/home/clawdbot/.clawdbot/ +/home/openclaw/.openclaw/ ├── config.yml ├── sessions/ └── credentials/ /etc/systemd/system/ -└── clawdbot.service +└── openclaw.service /etc/docker/ └── daemon.json @@ -54,11 +54,11 @@ description: Technical implementation details ## Service Management -Clawdbot runs as a systemd service that manages the Docker container: +OpenClaw runs as a systemd service that manages the Docker container: ```bash # Systemd controls Docker Compose -systemd → docker compose → clawdbot container +systemd → docker compose → openclaw container ``` ## Installation Flow @@ -69,7 +69,7 @@ systemd → docker compose → clawdbot container - Display connection instructions 2. **User Creation** (`user.yml`) - - Create `clawdbot` system user + - Create `openclaw` system user 3. **Docker Installation** (`docker.yml`) - Install Docker CE + Compose V2 @@ -87,7 +87,7 @@ systemd → docker compose → clawdbot container - Install Node.js 22.x - Install pnpm globally -6. **Clawdbot Setup** (`clawdbot.yml`) +6. **OpenClaw Setup** (`openclaw.yml`) - Create directories - Generate configs from templates - Build Docker image @@ -120,11 +120,11 @@ Principle of least privilege. If container is compromised, attacker has limited ``` main.yml ├── tailscale.yml (VPN setup) -├── user.yml (create clawdbot user) +├── user.yml (create openclaw user) ├── docker.yml (install Docker, create /etc/docker) ├── firewall.yml (configure UFW + Docker daemon) ├── nodejs.yml (Node.js + pnpm) -└── clawdbot.yml (container setup) +└── openclaw.yml (container setup) ``` Order matters: Docker must be installed before firewall configuration because: diff --git a/docs/configuration.md b/docs/configuration.md index 0fb862a..2bcdd15 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -1,11 +1,11 @@ # Configuration Guide -This guide explains all available configuration options for the Clawdbot Ansible installer. +This guide explains all available configuration options for the OpenClaw Ansible installer. ## Configuration File All default variables are defined in: -**[`roles/clawdbot/defaults/main.yml`](../roles/clawdbot/defaults/main.yml)** +**[`roles/openclaw/defaults/main.yml`](../roles/openclaw/defaults/main.yml)** ## How to Configure @@ -15,8 +15,8 @@ Pass variables directly via `-e` flag: ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e clawdbot_install_mode=development \ - -e "clawdbot_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" + -e openclaw_install_mode=development \ + -e "openclaw_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" ``` ### Method 2: Variables File @@ -25,12 +25,12 @@ Create a `vars.yml` file: ```yaml # vars.yml -clawdbot_install_mode: development -clawdbot_ssh_keys: +openclaw_install_mode: development +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx user@host" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... admin@laptop" -clawdbot_repo_url: "https://github.com/YOUR_USERNAME/clawdbot.git" -clawdbot_repo_branch: "main" +openclaw_repo_url: "https://github.com/YOUR_USERNAME/openclaw.git" +openclaw_repo_branch: "main" tailscale_authkey: "tskey-auth-xxxxxxxxxxxxx" nodejs_version: "22.x" ``` @@ -43,7 +43,7 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars.yml ### Method 3: Edit Defaults -Directly edit `roles/clawdbot/defaults/main.yml` before running the playbook. +Directly edit `roles/openclaw/defaults/main.yml` before running the playbook. **Note**: This is not recommended for version control, use variables files instead. @@ -51,109 +51,109 @@ Directly edit `roles/clawdbot/defaults/main.yml` before running the playbook. ### User Configuration -#### `clawdbot_user` +#### `openclaw_user` - **Type**: String -- **Default**: `clawdbot` -- **Description**: System user name for running Clawdbot +- **Default**: `openclaw` +- **Description**: System user name for running OpenClaw - **Example**: ```bash - -e clawdbot_user=myuser + -e openclaw_user=myuser ``` -#### `clawdbot_home` +#### `openclaw_home` - **Type**: String -- **Default**: `/home/clawdbot` -- **Description**: Home directory for the clawdbot user +- **Default**: `/home/openclaw` +- **Description**: Home directory for the openclaw user - **Example**: ```bash - -e clawdbot_home=/home/myuser + -e openclaw_home=/home/myuser ``` -#### `clawdbot_ssh_keys` +#### `openclaw_ssh_keys` - **Type**: List of strings - **Default**: `[]` (empty) -- **Description**: SSH public keys for accessing the clawdbot user account +- **Description**: SSH public keys for accessing the openclaw user account - **Example**: ```yaml - clawdbot_ssh_keys: + openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx user@host" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... admin@laptop" ``` ```bash - -e "clawdbot_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" + -e "openclaw_ssh_keys=['ssh-ed25519 AAAAC3... user@host']" ``` ### Installation Mode -#### `clawdbot_install_mode` +#### `openclaw_install_mode` - **Type**: String (`release` or `development`) - **Default**: `release` - **Description**: Installation mode - - `release`: Install via npm (`pnpm install -g clawdbot@latest`) + - `release`: Install via npm (`pnpm install -g openclaw@latest`) - `development`: Clone repo, build from source, symlink binary - **Example**: ```bash - -e clawdbot_install_mode=development + -e openclaw_install_mode=development ``` ### Development Mode Settings -These variables only apply when `clawdbot_install_mode: development` +These variables only apply when `openclaw_install_mode: development` -#### `clawdbot_repo_url` +#### `openclaw_repo_url` - **Type**: String (Git URL) -- **Default**: `https://github.com/clawdbot/clawdbot.git` +- **Default**: `https://github.com/openclaw/openclaw.git` - **Description**: Git repository URL to clone - **Example**: ```bash - -e clawdbot_repo_url=https://github.com/YOUR_USERNAME/clawdbot.git + -e openclaw_repo_url=https://github.com/YOUR_USERNAME/openclaw.git ``` -#### `clawdbot_repo_branch` +#### `openclaw_repo_branch` - **Type**: String - **Default**: `main` - **Description**: Git branch to checkout - **Example**: ```bash - -e clawdbot_repo_branch=feature-branch + -e openclaw_repo_branch=feature-branch ``` -#### `clawdbot_code_dir` +#### `openclaw_code_dir` - **Type**: String (Path) -- **Default**: `{{ clawdbot_home }}/code` +- **Default**: `{{ openclaw_home }}/code` - **Description**: Directory where code repositories are stored - **Example**: ```bash - -e clawdbot_code_dir=/home/clawdbot/projects + -e openclaw_code_dir=/home/openclaw/projects ``` -#### `clawdbot_repo_dir` +#### `openclaw_repo_dir` - **Type**: String (Path) -- **Default**: `{{ clawdbot_code_dir }}/clawdbot` -- **Description**: Full path to clawdbot repository +- **Default**: `{{ openclaw_code_dir }}/openclaw` +- **Description**: Full path to openclaw repository - **Example**: ```bash - -e clawdbot_repo_dir=/home/clawdbot/projects/clawdbot + -e openclaw_repo_dir=/home/openclaw/projects/openclaw ``` -### Clawdbot Settings +### OpenClaw Settings -#### `clawdbot_port` +#### `openclaw_port` - **Type**: Integer - **Default**: `3000` -- **Description**: Port for Clawdbot gateway (currently informational) +- **Description**: Port for OpenClaw gateway (currently informational) - **Example**: ```bash - -e clawdbot_port=8080 + -e openclaw_port=8080 ``` -#### `clawdbot_config_dir` +#### `openclaw_config_dir` - **Type**: String (Path) -- **Default**: `{{ clawdbot_home }}/.clawdbot` -- **Description**: Clawdbot configuration directory +- **Default**: `{{ openclaw_home }}/.openclaw` +- **Description**: OpenClaw configuration directory - **Example**: ```bash - -e clawdbot_config_dir=/etc/clawdbot + -e openclaw_config_dir=/etc/openclaw ``` ### Node.js Configuration @@ -201,7 +201,7 @@ These are automatically set based on the detected OS: ```yaml # vars.yml -clawdbot_ssh_keys: +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx user@desktop" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHyyyyyyyy user@laptop" ``` @@ -214,10 +214,10 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars.yml ```yaml # vars-dev.yml -clawdbot_install_mode: development -clawdbot_repo_url: "https://github.com/myorg/clawdbot.git" -clawdbot_repo_branch: "develop" -clawdbot_ssh_keys: +openclaw_install_mode: development +openclaw_repo_url: "https://github.com/myorg/openclaw.git" +openclaw_repo_branch: "develop" +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx dev@workstation" ``` @@ -229,9 +229,9 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars-dev.yml ```yaml # vars-prod.yml -clawdbot_install_mode: release +openclaw_install_mode: release tailscale_authkey: "tskey-auth-k1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6" -clawdbot_ssh_keys: +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx admin@mgmt-server" nodejs_version: "22.x" ``` @@ -244,10 +244,10 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars-prod.yml ```yaml # vars-custom.yml -clawdbot_user: mybot -clawdbot_home: /opt/mybot -clawdbot_config_dir: /etc/mybot -clawdbot_code_dir: /opt/mybot/repositories +openclaw_user: mybot +openclaw_home: /opt/mybot +openclaw_config_dir: /etc/mybot +openclaw_code_dir: /opt/mybot/repositories ``` ```bash @@ -258,9 +258,9 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars-custom.yml ```yaml # vars-testing.yml -clawdbot_install_mode: development -clawdbot_repo_branch: "experimental-feature" -clawdbot_ssh_keys: +openclaw_install_mode: development +openclaw_repo_branch: "experimental-feature" +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxxxxxxxx tester@qa" ``` @@ -274,10 +274,10 @@ ansible-playbook playbook.yml --ask-become-pass -e @vars-testing.yml ```yaml # environments/dev.yml -clawdbot_install_mode: development -clawdbot_repo_url: "https://github.com/clawdbot/clawdbot.git" -clawdbot_repo_branch: "main" -clawdbot_ssh_keys: +openclaw_install_mode: development +openclaw_repo_url: "https://github.com/openclaw/openclaw.git" +openclaw_repo_branch: "main" +openclaw_ssh_keys: - "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}" ``` @@ -285,9 +285,9 @@ clawdbot_ssh_keys: ```yaml # environments/staging.yml -clawdbot_install_mode: release +openclaw_install_mode: release tailscale_authkey: "{{ lookup('env', 'TAILSCALE_AUTHKEY_STAGING') }}" -clawdbot_ssh_keys: +openclaw_ssh_keys: - "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}" ``` @@ -295,9 +295,9 @@ clawdbot_ssh_keys: ```yaml # environments/prod.yml -clawdbot_install_mode: release +openclaw_install_mode: release tailscale_authkey: "{{ lookup('env', 'TAILSCALE_AUTHKEY_PROD') }}" -clawdbot_ssh_keys: +openclaw_ssh_keys: - "ssh-ed25519 AAAAC3... ops@prod-mgmt" - "ssh-ed25519 AAAAC3... admin@backup-server" nodejs_version: "22.x" @@ -307,9 +307,9 @@ nodejs_version: "22.x" ### SSH Keys -1. **Use dedicated keys**: Create separate SSH keys for Clawdbot access +1. **Use dedicated keys**: Create separate SSH keys for OpenClaw access ```bash - ssh-keygen -t ed25519 -f ~/.ssh/clawdbot_ed25519 -C "clawdbot-access" + ssh-keygen -t ed25519 -f ~/.ssh/openclaw_ed25519 -C "openclaw-access" ``` 2. **Limit key permissions**: Use SSH key options to restrict access @@ -320,7 +320,7 @@ nodejs_version: "22.x" 3. **Rotate keys regularly**: Update SSH keys periodically ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e "clawdbot_ssh_keys=['$(cat ~/.ssh/new_key.pub)']" + -e "openclaw_ssh_keys=['$(cat ~/.ssh/new_key.pub)']" ``` ### Tailscale Auth Keys @@ -381,8 +381,8 @@ ansible-playbook playbook.yml --ask-become-pass \ Check file ownership and permissions: ```bash -sudo ls -la /home/clawdbot/.ssh/ -sudo cat /home/clawdbot/.ssh/authorized_keys +sudo ls -la /home/openclaw/.ssh/ +sudo cat /home/openclaw/.ssh/authorized_keys ``` ### Tailscale Not Connecting @@ -405,4 +405,4 @@ ansible-playbook playbook.yml --ask-become-pass \ - [Main README](../README.md) - [Development Mode Guide](development-mode.md) - [Upgrade Notes](../UPGRADE_NOTES.md) -- [Defaults File](../roles/clawdbot/defaults/main.yml) +- [Defaults File](../roles/openclaw/defaults/main.yml) diff --git a/docs/development-mode.md b/docs/development-mode.md index c1c8ce0..aacd5a9 100644 --- a/docs/development-mode.md +++ b/docs/development-mode.md @@ -1,6 +1,6 @@ # Development Mode Installation -This guide explains how to install Clawdbot in **development mode**, where the application is built from source instead of installed from npm. +This guide explains how to install OpenClaw in **development mode**, where the application is built from source instead of installed from npm. ## Overview @@ -9,10 +9,10 @@ This guide explains how to install Clawdbot in **development mode**, where the a | Feature | Release Mode | Development Mode | |---------|-------------|------------------| | Source | npm registry | GitHub repository | -| Installation | `pnpm install -g clawdbot@latest` | `git clone` + `pnpm build` | -| Location | `~/.local/share/pnpm/global/...` | `~/code/clawdbot/` | -| Binary | Global pnpm package | Symlink to `bin/clawdbot.js` | -| Updates | `pnpm install -g clawdbot@latest` | `git pull` + `pnpm build` | +| Installation | `pnpm install -g openclaw@latest` | `git clone` + `pnpm build` | +| Location | `~/.local/share/pnpm/global/...` | `~/code/openclaw/` | +| Binary | Global pnpm package | Symlink to `bin/openclaw.js` | +| Updates | `pnpm install -g openclaw@latest` | `git pull` + `pnpm build` | | Use Case | Production, stable deployments | Development, testing, debugging | | Recommended For | End users | Developers, contributors | @@ -22,11 +22,11 @@ This guide explains how to install Clawdbot in **development mode**, where the a ```bash # Clone the ansible installer -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible +git clone https://github.com/pasogott/openclaw-ansible.git +cd openclaw-ansible # Run in development mode -./run-playbook.sh -e clawdbot_install_mode=development +./run-playbook.sh -e openclaw_install_mode=development ``` ### Manual Install @@ -36,14 +36,14 @@ cd clawdbot-ansible sudo apt update && sudo apt install -y ansible git # Clone repository -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible +git clone https://github.com/pasogott/openclaw-ansible.git +cd openclaw-ansible # Install collections ansible-galaxy collection install -r requirements.yml # Run playbook with development mode -ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=development +ansible-playbook playbook.yml --ask-become-pass -e openclaw_install_mode=development ``` ## What Gets Installed @@ -51,20 +51,20 @@ ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=develop ### Directory Structure ``` -/home/clawdbot/ -├── .clawdbot/ # Configuration directory +/home/openclaw/ +├── .openclaw/ # Configuration directory │ ├── sessions/ │ ├── credentials/ │ ├── data/ │ └── logs/ ├── .local/ │ ├── bin/ -│ │ └── clawdbot # Symlink -> ~/code/clawdbot/bin/clawdbot.js +│ │ └── openclaw # Symlink -> ~/code/openclaw/bin/openclaw.js │ └── share/pnpm/ └── code/ - └── clawdbot/ # Git repository + └── openclaw/ # Git repository ├── bin/ - │ └── clawdbot.js + │ └── openclaw.js ├── dist/ # Built files ├── src/ # Source code ├── package.json @@ -83,12 +83,12 @@ The Ansible playbook performs these steps: 2. **Clone repository** ```bash cd ~/code - git clone https://github.com/clawdbot/clawdbot.git + git clone https://github.com/openclaw/openclaw.git ``` 3. **Install dependencies** ```bash - cd clawdbot + cd openclaw pnpm install ``` @@ -99,15 +99,15 @@ The Ansible playbook performs these steps: 5. **Create symlink** ```bash - ln -sf ~/code/clawdbot/bin/clawdbot.js ~/.local/bin/clawdbot - chmod +x ~/code/clawdbot/bin/clawdbot.js + ln -sf ~/code/openclaw/bin/openclaw.js ~/.local/bin/openclaw + chmod +x ~/code/openclaw/bin/openclaw.js ``` 6. **Add development aliases** to `.bashrc`: ```bash - alias clawdbot-rebuild='cd ~/code/clawdbot && pnpm build' - alias clawdbot-dev='cd ~/code/clawdbot' - alias clawdbot-pull='cd ~/code/clawdbot && git pull && pnpm install && pnpm build' + alias openclaw-rebuild='cd ~/code/openclaw && pnpm build' + alias openclaw-dev='cd ~/code/openclaw' + alias openclaw-pull='cd ~/code/openclaw && git pull && pnpm install && pnpm build' ``` ## Development Workflow @@ -116,29 +116,29 @@ The Ansible playbook performs these steps: ```bash # 1. Navigate to repository -clawdbot-dev -# or: cd ~/code/clawdbot +openclaw-dev +# or: cd ~/code/openclaw # 2. Make your changes vim src/some-file.ts # 3. Rebuild -clawdbot-rebuild +openclaw-rebuild # or: pnpm build # 4. Test immediately -clawdbot --version -clawdbot doctor +openclaw --version +openclaw doctor ``` ### Pulling Updates ```bash # Pull latest changes and rebuild -clawdbot-pull +openclaw-pull # Or manually: -cd ~/code/clawdbot +cd ~/code/openclaw git pull pnpm install pnpm build @@ -147,18 +147,18 @@ pnpm build ### Testing Changes ```bash -# After rebuilding, the clawdbot command uses the new code immediately -clawdbot status -clawdbot gateway +# After rebuilding, the openclaw command uses the new code immediately +openclaw status +openclaw gateway # View daemon logs -clawdbot logs +openclaw logs ``` ### Switching Branches ```bash -cd ~/code/clawdbot +cd ~/code/openclaw # Switch to feature branch git checkout feature-branch @@ -177,14 +177,14 @@ The following aliases are added to `.bashrc`: | Alias | Command | Purpose | |-------|---------|---------| -| `clawdbot-dev` | `cd ~/code/clawdbot` | Navigate to repo | -| `clawdbot-rebuild` | `cd ~/code/clawdbot && pnpm build` | Rebuild after changes | -| `clawdbot-pull` | `cd ~/code/clawdbot && git pull && pnpm install && pnpm build` | Update and rebuild | +| `openclaw-dev` | `cd ~/code/openclaw` | Navigate to repo | +| `openclaw-rebuild` | `cd ~/code/openclaw && pnpm build` | Rebuild after changes | +| `openclaw-pull` | `cd ~/code/openclaw && git pull && pnpm install && pnpm build` | Update and rebuild | Plus an environment variable: ```bash -export CLAWDBOT_DEV_DIR="$HOME/code/clawdbot" +export CLAWDBOT_DEV_DIR="$HOME/code/openclaw" ``` ## Configuration Variables @@ -193,28 +193,28 @@ You can customize the development installation: ```yaml # In playbook or command line -clawdbot_install_mode: "development" -clawdbot_repo_url: "https://github.com/clawdbot/clawdbot.git" -clawdbot_repo_branch: "main" -clawdbot_code_dir: "/home/clawdbot/code" -clawdbot_repo_dir: "/home/clawdbot/code/clawdbot" +openclaw_install_mode: "development" +openclaw_repo_url: "https://github.com/openclaw/openclaw.git" +openclaw_repo_branch: "main" +openclaw_code_dir: "/home/openclaw/code" +openclaw_repo_dir: "/home/openclaw/code/openclaw" ``` ### Using a Fork ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e clawdbot_install_mode=development \ - -e clawdbot_repo_url=https://github.com/YOUR_USERNAME/clawdbot.git \ - -e clawdbot_repo_branch=your-feature-branch + -e openclaw_install_mode=development \ + -e openclaw_repo_url=https://github.com/YOUR_USERNAME/openclaw.git \ + -e openclaw_repo_branch=your-feature-branch ``` ### Custom Location ```bash ansible-playbook playbook.yml --ask-become-pass \ - -e clawdbot_install_mode=development \ - -e clawdbot_code_dir=/home/clawdbot/projects + -e openclaw_install_mode=development \ + -e openclaw_code_dir=/home/openclaw/projects ``` ## Switching Between Modes @@ -223,23 +223,23 @@ ansible-playbook playbook.yml --ask-become-pass \ ```bash # Uninstall global package -pnpm uninstall -g clawdbot +pnpm uninstall -g openclaw # Run ansible in development mode -ansible-playbook playbook.yml --ask-become-pass -e clawdbot_install_mode=development +ansible-playbook playbook.yml --ask-become-pass -e openclaw_install_mode=development ``` ### From Development to Release ```bash # Remove symlink -rm ~/.local/bin/clawdbot +rm ~/.local/bin/openclaw # Remove repository (optional) -rm -rf ~/code/clawdbot +rm -rf ~/code/openclaw # Install from npm -pnpm install -g clawdbot@latest +pnpm install -g openclaw@latest ``` ## Troubleshooting @@ -247,7 +247,7 @@ pnpm install -g clawdbot@latest ### Build Fails ```bash -cd ~/code/clawdbot +cd ~/code/openclaw # Check Node.js version (needs 22.x) node --version @@ -262,12 +262,12 @@ pnpm build ```bash # Check symlink -ls -la ~/.local/bin/clawdbot +ls -la ~/.local/bin/openclaw # Recreate symlink -rm ~/.local/bin/clawdbot -ln -sf ~/code/clawdbot/bin/clawdbot.js ~/.local/bin/clawdbot -chmod +x ~/code/clawdbot/bin/clawdbot.js +rm ~/.local/bin/openclaw +ln -sf ~/code/openclaw/bin/openclaw.js ~/.local/bin/openclaw +chmod +x ~/code/openclaw/bin/openclaw.js ``` ### Command Not Found @@ -281,7 +281,7 @@ source ~/.bashrc ### Git Issues ```bash -cd ~/code/clawdbot +cd ~/code/openclaw # Reset to clean state git reset --hard origin/main @@ -324,23 +324,23 @@ No difference in runtime memory usage between modes. ```bash # Test specific commit -cd ~/code/clawdbot +cd ~/code/openclaw git fetch origin pull/123/head:pr-123 git checkout pr-123 pnpm install pnpm build # Test it -clawdbot doctor +openclaw doctor ``` ### Automated Testing ```bash #!/bin/bash -# test-clawdbot.sh +# test-openclaw.sh -cd ~/code/clawdbot +cd ~/code/openclaw git pull pnpm install pnpm build @@ -349,7 +349,7 @@ pnpm build pnpm test # Integration test -clawdbot doctor +openclaw doctor ``` ## Best Practices @@ -358,12 +358,12 @@ clawdbot doctor 1. ✅ **Always rebuild after code changes** ```bash - clawdbot-rebuild + openclaw-rebuild ``` 2. ✅ **Test changes before committing** ```bash - pnpm build && clawdbot doctor + pnpm build && openclaw doctor ``` 3. ✅ **Keep dependencies updated** @@ -392,19 +392,19 @@ You can have multiple clones: ```bash # Main development -~/code/clawdbot/ # main branch +~/code/openclaw/ # main branch # Experimental features -~/code/clawdbot-test/ # testing branch +~/code/openclaw-test/ # testing branch # Switch binary symlink -ln -sf ~/code/clawdbot-test/bin/clawdbot.js ~/.local/bin/clawdbot +ln -sf ~/code/openclaw-test/bin/openclaw.js ~/.local/bin/openclaw ``` ### Custom Build Options ```bash -cd ~/code/clawdbot +cd ~/code/openclaw # Development build (faster, includes source maps) NODE_ENV=development pnpm build @@ -417,10 +417,10 @@ NODE_ENV=production pnpm build ```bash # Run with debug output -DEBUG=* clawdbot gateway +DEBUG=* openclaw gateway # Or specific namespaces -DEBUG=clawdbot:* clawdbot gateway +DEBUG=openclaw:* openclaw gateway ``` ## See Also @@ -428,4 +428,4 @@ DEBUG=clawdbot:* clawdbot gateway - [Main README](../README.md) - [Security Architecture](security.md) - [Troubleshooting Guide](troubleshooting.md) -- [Clawdbot Repository](https://github.com/clawdbot/clawdbot) +- [OpenClaw Repository](https://github.com/openclaw/openclaw) diff --git a/docs/installation.md b/docs/installation.md index dd2909e..1de448b 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -8,7 +8,7 @@ description: Detailed installation and configuration instructions ## Quick Install ```bash -curl -fsSL https://raw.githubusercontent.com/pasogott/clawdbot-ansible/main/install.sh | bash +curl -fsSL https://raw.githubusercontent.com/pasogott/openclaw-ansible/main/install.sh | bash ``` ## Manual Installation @@ -23,8 +23,8 @@ sudo apt install -y ansible git ### Clone and Run ```bash -git clone https://github.com/pasogott/clawdbot-ansible.git -cd clawdbot-ansible +git clone https://github.com/pasogott/openclaw-ansible.git +cd openclaw-ansible # Install Ansible collections ansible-galaxy collection install -r requirements.yml @@ -50,11 +50,11 @@ sudo tailscale status Get auth keys from: https://login.tailscale.com/admin/settings/keys -### 2. Configure Clawdbot +### 2. Configure OpenClaw ```bash # Edit config -sudo nano /home/clawdbot/.clawdbot/config.yml +sudo nano /home/openclaw/.openclaw/config.yml # Key settings to configure: # - provider: whatsapp/telegram/signal @@ -67,10 +67,10 @@ sudo nano /home/clawdbot/.clawdbot/config.yml ```bash # Login (will prompt for QR code or phone verification) -sudo docker exec -it clawdbot clawdbot login +sudo docker exec -it openclaw openclaw login # Check connection -sudo docker logs -f clawdbot +sudo docker logs -f openclaw ``` ## Service Management @@ -79,33 +79,33 @@ sudo docker logs -f clawdbot ```bash # Start/stop/restart -sudo systemctl start clawdbot -sudo systemctl stop clawdbot -sudo systemctl restart clawdbot +sudo systemctl start openclaw +sudo systemctl stop openclaw +sudo systemctl restart openclaw # View status -sudo systemctl status clawdbot +sudo systemctl status openclaw # Enable/disable auto-start -sudo systemctl enable clawdbot -sudo systemctl disable clawdbot +sudo systemctl enable openclaw +sudo systemctl disable openclaw ``` ### Docker Commands ```bash # View logs -sudo docker logs clawdbot -sudo docker logs -f clawdbot # follow +sudo docker logs openclaw +sudo docker logs -f openclaw # follow # Shell access -sudo docker exec -it clawdbot bash +sudo docker exec -it openclaw bash # Restart container -sudo docker restart clawdbot +sudo docker restart openclaw # Check status -sudo docker compose -f /opt/clawdbot/docker-compose.yml ps +sudo docker compose -f /opt/openclaw/docker-compose.yml ps ``` ### Firewall Management @@ -122,9 +122,9 @@ sudo ufw reload sudo iptables -L DOCKER-USER -n -v ``` -## Accessing Clawdbot +## Accessing OpenClaw -Clawdbot's web interface runs on port 3000 (localhost only). +OpenClaw's web interface runs on port 3000 (localhost only). ### Via Tailscale (Recommended) @@ -186,22 +186,22 @@ sudo tailscale status ```bash # Stop services -sudo systemctl stop clawdbot -sudo systemctl disable clawdbot +sudo systemctl stop openclaw +sudo systemctl disable openclaw sudo tailscale down # Remove containers and data -sudo docker compose -f /opt/clawdbot/docker-compose.yml down -sudo rm -rf /opt/clawdbot -sudo rm -rf /home/clawdbot/.clawdbot -sudo rm /etc/systemd/system/clawdbot.service +sudo docker compose -f /opt/openclaw/docker-compose.yml down +sudo rm -rf /opt/openclaw +sudo rm -rf /home/openclaw/.openclaw +sudo rm /etc/systemd/system/openclaw.service sudo systemctl daemon-reload # Remove packages (optional) sudo apt remove --purge tailscale docker-ce docker-ce-cli containerd.io docker-compose-plugin nodejs # Remove user (optional) -sudo userdel -r clawdbot +sudo userdel -r openclaw # Reset firewall (optional) sudo ufw disable @@ -212,7 +212,7 @@ sudo ufw --force reset ### Custom Port -Edit `/opt/clawdbot/docker-compose.yml`: +Edit `/opt/openclaw/docker-compose.yml`: ```yaml ports: @@ -221,18 +221,18 @@ ports: Then restart: ```bash -sudo systemctl restart clawdbot +sudo systemctl restart openclaw ``` ### Environment Variables -Add to `/opt/clawdbot/docker-compose.yml`: +Add to `/opt/openclaw/docker-compose.yml`: ```yaml environment: - NODE_ENV=production - ANTHROPIC_API_KEY=sk-ant-xxx - - DEBUG=clawdbot:* + - DEBUG=openclaw:* ``` ### Volume Mounts @@ -241,7 +241,7 @@ Add additional volumes in docker-compose.yml: ```yaml volumes: - - /home/clawdbot/.clawdbot:/home/clawdbot/.clawdbot + - /home/openclaw/.openclaw:/home/openclaw/.openclaw - /path/to/custom:/custom ``` @@ -260,7 +260,7 @@ ansible-playbook playbook.yml \ ```yaml # Example GitHub Actions -- name: Deploy Clawdbot +- name: Deploy OpenClaw run: | ansible-playbook playbook.yml \ -e "tailscale_authkey=${{ secrets.TAILSCALE_KEY }}" \ diff --git a/docs/security.md b/docs/security.md index cb60464..edad4ed 100644 --- a/docs/security.md +++ b/docs/security.md @@ -48,7 +48,7 @@ ports: ## Layer 4: Non-Root Container -Container processes run as unprivileged `clawdbot` user. +Container processes run as unprivileged `openclaw` user. ## Verification @@ -73,7 +73,7 @@ curl http://localhost:80 # Should work ## Tailscale Access -Clawdbot's web interface (port 3000) is bound to localhost. Access it via: +OpenClaw's web interface (port 3000) is bound to localhost. Access it via: 1. **SSH tunnel**: ```bash diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 824ab56..f4ee2a2 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -7,12 +7,12 @@ description: Common issues and solutions ## Container Can't Reach Internet -**Symptom**: Clawdbot can't connect to WhatsApp/Telegram +**Symptom**: OpenClaw can't connect to WhatsApp/Telegram **Check**: ```bash # Test from container -sudo docker exec clawdbot ping -c 3 8.8.8.8 +sudo docker exec openclaw ping -c 3 8.8.8.8 # Check UFW allows outbound sudo ufw status verbose | grep OUT @@ -26,7 +26,7 @@ sudo iptables -L DOCKER-USER -n -v # Restart Docker + Firewall sudo systemctl restart docker sudo ufw reload -sudo systemctl restart clawdbot +sudo systemctl restart openclaw ``` ## Port Already in Use @@ -38,11 +38,11 @@ sudo systemctl restart clawdbot # Find what's using port 3000 sudo ss -tlnp | grep 3000 -# Change Clawdbot port -sudo nano /opt/clawdbot/docker-compose.yml +# Change OpenClaw port +sudo nano /opt/openclaw/docker-compose.yml # Change: "127.0.0.1:3001:3000" -sudo systemctl restart clawdbot +sudo systemctl restart openclaw ``` ## Firewall Lockout @@ -69,24 +69,24 @@ sudo ufw enable **Check logs**: ```bash # Systemd logs -sudo journalctl -u clawdbot -n 50 +sudo journalctl -u openclaw -n 50 # Docker logs -sudo docker logs clawdbot +sudo docker logs openclaw # Compose status -sudo docker compose -f /opt/clawdbot/docker-compose.yml ps +sudo docker compose -f /opt/openclaw/docker-compose.yml ps ``` **Common fixes**: ```bash # Rebuild image -cd /opt/clawdbot +cd /opt/openclaw sudo docker compose build --no-cache -sudo systemctl restart clawdbot +sudo systemctl restart openclaw # Check permissions -sudo chown -R clawdbot:clawdbot /home/clawdbot/.clawdbot +sudo chown -R openclaw:openclaw /home/openclaw/.openclaw ``` ## Verify Docker Isolation From 5c93fa37c3d3d57adace764f5b7b4b1dc07b7c03 Mon Sep 17 00:00:00 2001 From: Alec Olson Date: Tue, 3 Feb 2026 13:00:17 -0700 Subject: [PATCH 08/16] Update playbook.yml --- playbook.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/playbook.yml b/playbook.yml index f5c7d08..6586c11 100644 --- a/playbook.yml +++ b/playbook.yml @@ -41,6 +41,7 @@ cache_valid_time: 3600 when: is_debian register: apt_upgrade_result + ignore_errors: true - name: Display apt upgrade results ansible.builtin.debug: @@ -78,15 +79,16 @@ creates: "{{ '/opt/homebrew/bin/brew' if is_macos else '/home/linuxbrew/.linuxbrew/bin/brew' }}" when: not homebrew_check.stat.exists register: homebrew_install + become: false - name: Add Homebrew to PATH for current session (Linux) ansible.builtin.set_fact: - ansible_env: "{{ ansible_env | combine({'PATH': '/home/linuxbrew/.linuxbrew/bin:' + ansible_env.PATH}) }}" + ansible_env: "{{ ansible_env | combine({'PATH': '/home/linuxbrew/.linuxbrew/bin:' + (ansible_env.PATH | default(lookup('env', 'PATH')))}) }}" when: is_linux and not is_macos - name: Add Homebrew to PATH for current session (macOS) ansible.builtin.set_fact: - ansible_env: "{{ ansible_env | combine({'PATH': '/opt/homebrew/bin:' + ansible_env.PATH}) }}" + ansible_env: "{{ ansible_env | combine({'PATH': '/opt/homebrew/bin:' + (ansible_env.PATH | default(lookup('env', 'PATH')))}) }}" when: is_macos - name: Display Homebrew installation status From 6a1e762e3c04feadc445ca54be31426c30498d39 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 10 Feb 2026 09:20:45 -0600 Subject: [PATCH 09/16] refactor: remove macOS support for security concerns Remove bare-metal macOS support due to system-level permission risks. Linux-only deployment provides better security isolation. Changes: - Remove macOS-specific task files (firewall, docker, tailscale, system-tools) - Remove Homebrew and zsh dependencies (Linux-only now) - Add macOS detection with explicit failure message - Update README with deprecation notice and rationale - Simplify install.sh to Debian/Ubuntu only - Remove multi-OS orchestrator files Security rationale: System-level modifications on primary host OS introduce significant risks. Future support may use virtualization. Co-Authored-By: Claude Sonnet 4.5 --- README.md | 50 +++++++-------- install.sh | 12 ++-- playbook.yml | 42 +++---------- roles/openclaw/tasks/docker-macos.yml | 40 ------------ roles/openclaw/tasks/docker.yml | 10 --- roles/openclaw/tasks/firewall-macos.yml | 31 --------- roles/openclaw/tasks/firewall.yml | 10 --- roles/openclaw/tasks/system-tools-linux.yml | 41 +----------- roles/openclaw/tasks/system-tools-macos.yml | 70 --------------------- roles/openclaw/tasks/system-tools.yml | 24 +------ roles/openclaw/tasks/tailscale-macos.yml | 43 ------------- roles/openclaw/tasks/tailscale.yml | 10 --- 12 files changed, 35 insertions(+), 348 deletions(-) delete mode 100644 roles/openclaw/tasks/docker-macos.yml delete mode 100644 roles/openclaw/tasks/docker.yml delete mode 100644 roles/openclaw/tasks/firewall-macos.yml delete mode 100644 roles/openclaw/tasks/firewall.yml delete mode 100644 roles/openclaw/tasks/system-tools-macos.yml delete mode 100644 roles/openclaw/tasks/tailscale-macos.yml delete mode 100644 roles/openclaw/tasks/tailscale.yml diff --git a/README.md b/README.md index b360ef1..8bf4903 100644 --- a/README.md +++ b/README.md @@ -3,19 +3,29 @@ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![Lint](https://github.com/openclaw/openclaw-ansible/actions/workflows/lint.yml/badge.svg)](https://github.com/openclaw/openclaw-ansible/actions/workflows/lint.yml) [![Ansible](https://img.shields.io/badge/Ansible-2.14+-blue.svg)](https://www.ansible.com/) -[![Multi-OS](https://img.shields.io/badge/OS-Debian%20%7C%20Ubuntu%20%7C%20macOS-orange.svg)](https://www.debian.org/) +[![Multi-OS](https://img.shields.io/badge/OS-Debian%20%7C%20Ubuntu-orange.svg)](https://www.debian.org/) -Automated, hardened installation of [OpenClaw](https://github.com/openclaw/openclaw) with Docker, Homebrew, and Tailscale VPN support for Linux and macOS. +Automated, hardened installation of [OpenClaw](https://github.com/openclaw/openclaw) with Docker and Tailscale VPN support for Debian/Ubuntu Linux. + +## ⚠️ macOS Support: Deprecated & Disabled + +**Effective 2026-02-06, support for bare-metal macOS installations has been removed from this playbook.** + +### Why? +The underlying project currently requires system-level permissions and configurations that introduce significant security risks when executed on a primary host OS. To protect user data and system integrity, we have disabled bare-metal execution. + +### What does this mean? +* The playbook will now explicitly fail if run on a `Darwin` (macOS) system. +* We strongly discourage manual workarounds to bypass this check. +* **Future Support:** We are evaluating a virtualization-first strategy (using Vagrant or Docker) to provide a sandboxed environment for this project in the future. ## Features -- 🔒 **Firewall-first**: UFW (Linux) + Application Firewall (macOS) + Docker isolation +- 🔒 **Firewall-first**: UFW firewall + Docker isolation - 🛡️ **Fail2ban**: SSH brute-force protection out of the box - 🔄 **Auto-updates**: Automatic security patches via unattended-upgrades - 🔐 **Tailscale VPN**: Secure remote access without exposing services -- 🍺 **Homebrew**: Package manager for both Linux and macOS -- 🐳 **Docker**: Docker CE (Linux) / Docker Desktop (macOS) -- 🌐 **Multi-OS Support**: Debian, Ubuntu, and macOS +- 🐳 **Docker**: Docker CE with security hardening - 🚀 **One-command install**: Complete setup in minutes - 🔧 **Auto-configuration**: DBus, systemd, environment setup - 📦 **pnpm installation**: Uses `pnpm install -g openclaw@latest` @@ -147,36 +157,18 @@ ansible-playbook playbook.yml --ask-become-pass ## Requirements -### Linux (Debian/Ubuntu) - Debian 11+ or Ubuntu 20.04+ - Root/sudo access - Internet connection -### macOS -- macOS 11 (Big Sur) or later -- Homebrew will be installed automatically -- Admin/sudo access -- Internet connection - ## What Gets Installed -### Common (All OS) -- Homebrew package manager +- Tailscale (mesh VPN) +- UFW firewall (SSH + Tailscale ports only) +- Docker CE + Compose V2 (for sandboxes) - Node.js 22.x + pnpm -- OpenClaw via `pnpm install -g openclaw@latest` -- Essential development tools -- Git, zsh, oh-my-zsh - -### Linux-Specific -- Docker CE + Compose V2 -- UFW firewall (configured) -- Tailscale VPN -- systemd service - -### macOS-Specific -- Docker Desktop (via Homebrew Cask) -- Application Firewall -- Tailscale app +- OpenClaw on host (not containerized) +- Systemd service (auto-start) ## Manual Installation diff --git a/install.sh b/install.sh index ee8177b..fa4d3ed 100755 --- a/install.sh +++ b/install.sh @@ -31,15 +31,11 @@ echo -e "${GREEN}╚════════════════════ echo "" # Detect operating system -if [[ "$OSTYPE" == "darwin"* ]]; then - OS_TYPE="macos" - echo -e "${GREEN}Detected: macOS${NC}" -elif command -v apt-get &> /dev/null; then - OS_TYPE="linux" - echo -e "${GREEN}Detected: Debian/Ubuntu Linux${NC}" +if command -v apt-get &> /dev/null; then + echo -e "${GREEN}✓ Detected: Debian/Ubuntu Linux${NC}" else - echo -e "${RED}Error: Unsupported operating system.${NC}" - echo -e "${RED}This installer supports: Debian/Ubuntu and macOS${NC}" + echo -e "${RED}✗ Error: Unsupported operating system${NC}" + echo -e "${RED} This installer supports: Debian/Ubuntu Linux only${NC}" exit 1 fi diff --git a/playbook.yml b/playbook.yml index 5e91470..0641cf6 100644 --- a/playbook.yml +++ b/playbook.yml @@ -18,19 +18,23 @@ - name: Detect operating system ansible.builtin.set_fact: - is_macos: "{{ ansible_os_family == 'Darwin' }}" is_linux: "{{ ansible_os_family == 'Debian' }}" is_debian: "{{ ansible_distribution in ['Debian', 'Ubuntu'] }}" - is_redhat: "{{ ansible_os_family == 'RedHat' }}" + + - name: Fail on unsupported macOS + ansible.builtin.fail: + msg: >- + macOS bare-metal support has been deprecated and disabled. + Please use a Linux VM or container instead. + See README.md for details. + when: ansible_os_family == 'Darwin' - name: Display detected OS ansible.builtin.debug: msg: | Detected OS: {{ ansible_distribution }} {{ ansible_distribution_version }} OS Family: {{ ansible_os_family }} - macOS: {{ is_macos }} Linux (Debian/Ubuntu): {{ is_debian }} - Linux (RedHat/CentOS): {{ is_redhat }} - name: Update apt cache and upgrade all packages (Debian/Ubuntu) ansible.builtin.apt: @@ -71,35 +75,6 @@ run_once: true changed_when: false - - name: Check if Homebrew is installed - ansible.builtin.stat: - path: "{{ '/opt/homebrew/bin/brew' if is_macos else '/home/linuxbrew/.linuxbrew/bin/brew' }}" - register: homebrew_check - - - name: Install Homebrew (macOS and Linux) - ansible.builtin.shell: | - NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - args: - creates: "{{ '/opt/homebrew/bin/brew' if is_macos else '/home/linuxbrew/.linuxbrew/bin/brew' }}" - when: not homebrew_check.stat.exists - register: homebrew_install - become: false - - - name: Add Homebrew to PATH for current session (Linux) - ansible.builtin.set_fact: - ansible_env: "{{ ansible_env | combine({'PATH': '/home/linuxbrew/.linuxbrew/bin:' + (ansible_env.PATH | default(lookup('env', 'PATH')))}) }}" - when: is_linux and not is_macos - - - name: Add Homebrew to PATH for current session (macOS) - ansible.builtin.set_fact: - ansible_env: "{{ ansible_env | combine({'PATH': '/opt/homebrew/bin:' + (ansible_env.PATH | default(lookup('env', 'PATH')))}) }}" - when: is_macos - - - name: Display Homebrew installation status - ansible.builtin.debug: - msg: "✅ Homebrew installed successfully" - when: homebrew_install is defined and homebrew_install.changed - roles: - openclaw @@ -133,7 +108,6 @@ echo "Environment is configured:" echo " ✓ XDG_RUNTIME_DIR: ${XDG_RUNTIME_DIR:-not set}" echo " ✓ DBUS_SESSION_BUS_ADDRESS: ${DBUS_SESSION_BUS_ADDRESS:-not set}" - echo " ✓ Homebrew: $(which brew 2>/dev/null || echo 'not found')" echo " ✓ OpenClaw: $(openclaw --version 2>/dev/null || echo 'not found')" echo "" echo "────────────────────────────────────────────────────────" diff --git a/roles/openclaw/tasks/docker-macos.yml b/roles/openclaw/tasks/docker-macos.yml deleted file mode 100644 index 83679b4..0000000 --- a/roles/openclaw/tasks/docker-macos.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# macOS-specific Docker installation (Docker Desktop) - -- name: Check if Docker Desktop is installed (macOS) - ansible.builtin.stat: - path: /Applications/Docker.app - register: docker_desktop - -- name: Install Docker Desktop via Homebrew Cask (macOS) - community.general.homebrew_cask: - name: docker - state: present - environment: - PATH: "/opt/homebrew/bin:{{ ansible_env.PATH }}" - when: not docker_desktop.stat.exists - -- name: Wait for Docker Desktop to be available (macOS) - ansible.builtin.wait_for: - path: /var/run/docker.sock - timeout: 120 - when: not docker_desktop.stat.exists - -- name: Display Docker Desktop installation note (macOS) - ansible.builtin.debug: - msg: | - ℹ️ Docker Desktop installed on macOS. - Please ensure Docker Desktop is running and has been configured. - You may need to start it manually from Applications. - when: not docker_desktop.stat.exists - -- name: Verify Docker is accessible - ansible.builtin.command: docker --version - register: docker_version - changed_when: false - failed_when: false - -- name: Display Docker version - ansible.builtin.debug: - msg: "Docker installed: {{ docker_version.stdout }}" - when: docker_version.rc == 0 diff --git a/roles/openclaw/tasks/docker.yml b/roles/openclaw/tasks/docker.yml deleted file mode 100644 index da00b9a..0000000 --- a/roles/openclaw/tasks/docker.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Main Docker orchestration - delegates to OS-specific tasks - -- name: Include Linux Docker installation - ansible.builtin.include_tasks: docker-linux.yml - when: ansible_os_family == 'Debian' - -- name: Include macOS Docker installation - ansible.builtin.include_tasks: docker-macos.yml - when: ansible_os_family == 'Darwin' diff --git a/roles/openclaw/tasks/firewall-macos.yml b/roles/openclaw/tasks/firewall-macos.yml deleted file mode 100644 index 08fba2b..0000000 --- a/roles/openclaw/tasks/firewall-macos.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# macOS-specific firewall configuration (pf) - -- name: Display macOS firewall information - ansible.builtin.debug: - msg: | - ℹ️ macOS uses built-in Application Firewall and pf. - Docker Desktop on macOS handles its own network isolation. - Consider configuring the Application Firewall via System Preferences. - -- name: Check macOS firewall status - ansible.builtin.command: /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate - register: macos_firewall_status - changed_when: false - become: true - -- name: Display firewall status - ansible.builtin.debug: - msg: "macOS Firewall Status: {{ macos_firewall_status.stdout }}" - -- name: Enable macOS Application Firewall (if disabled) - ansible.builtin.command: /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on - when: "'disabled' in macos_firewall_status.stdout.lower()" - become: true - changed_when: true - -- name: Allow Tailscale through firewall - ansible.builtin.command: /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Tailscale.app - failed_when: false - become: true - changed_when: false diff --git a/roles/openclaw/tasks/firewall.yml b/roles/openclaw/tasks/firewall.yml deleted file mode 100644 index d00bcf8..0000000 --- a/roles/openclaw/tasks/firewall.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Main firewall orchestration - delegates to OS-specific tasks - -- name: Include Linux firewall configuration - ansible.builtin.include_tasks: firewall-linux.yml - when: ansible_os_family == 'Debian' - -- name: Include macOS firewall configuration - ansible.builtin.include_tasks: firewall-macos.yml - when: ansible_os_family == 'Darwin' diff --git a/roles/openclaw/tasks/system-tools-linux.yml b/roles/openclaw/tasks/system-tools-linux.yml index 91d5584..6daa940 100644 --- a/roles/openclaw/tasks/system-tools-linux.yml +++ b/roles/openclaw/tasks/system-tools-linux.yml @@ -4,8 +4,6 @@ - name: Install essential system tools (Linux - apt) ansible.builtin.apt: name: - # Shells - - zsh # Editors - vim - nano @@ -40,17 +38,12 @@ - unzip - rsync - less - # Build essentials for Homebrew on Linux + # Build essentials for development - build-essential - file state: present update_cache: true -- name: Set zsh as default shell for openclaw user (Linux) - ansible.builtin.user: - name: "{{ openclaw_user }}" - shell: /usr/bin/zsh - - name: Deploy global vim configuration (Linux) ansible.builtin.template: src: vimrc.j2 @@ -68,38 +61,6 @@ export TERM=xterm-256color export COLORTERM=truecolor - # Add Homebrew to PATH (Linux) - eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" - - # Add pnpm to PATH - export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" - export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" - - # Color support for common tools - export CLICOLOR=1 - export LS_COLORS='di=34:ln=35:so=32:pi=33:ex=31:bd=34;46:cd=34;43:su=30;41:sg=30;46:tw=30;42:ow=30;43' - - # Aliases - alias ls='ls --color=auto' - alias grep='grep --color=auto' - alias ll='ls -lah' - create: true - owner: "{{ openclaw_user }}" - group: "{{ openclaw_user }}" - mode: '0644' - -- name: Configure .zshrc for openclaw user (Linux) - ansible.builtin.blockinfile: - path: "{{ openclaw_home }}/.zshrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" - block: | - # Enable 256 colors - export TERM=xterm-256color - export COLORTERM=truecolor - - # Add Homebrew to PATH (Linux) - eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" - # Add pnpm to PATH export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" diff --git a/roles/openclaw/tasks/system-tools-macos.yml b/roles/openclaw/tasks/system-tools-macos.yml deleted file mode 100644 index 36c23be..0000000 --- a/roles/openclaw/tasks/system-tools-macos.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# macOS-specific system tools installation (Homebrew-based) - -- name: Install essential system tools (macOS - Homebrew) - community.general.homebrew: - name: - # Shells - - zsh - # Editors - - vim - - nano - # Version control - - git - - git-lfs - # Network tools - - curl - - wget - - netcat - - nmap - - socat - - telnet - # Debugging tools - - htop - # System utilities - - tmux - - tree - - jq - - unzip - - rsync - state: present - environment: - PATH: "/opt/homebrew/bin:{{ ansible_env.PATH }}" - -- name: Get current user shell (macOS) - ansible.builtin.command: dscl . -read /Users/{{ openclaw_user }} UserShell - register: current_shell - changed_when: false - failed_when: false - -- name: Set zsh as default shell for openclaw user (macOS) - ansible.builtin.command: chsh -s /bin/zsh {{ openclaw_user }} - when: "'/bin/zsh' not in current_shell.stdout" - changed_when: true - -- name: Configure .zshrc for openclaw user (macOS) - ansible.builtin.blockinfile: - path: "{{ openclaw_home }}/.zshrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" - block: | - # Enable 256 colors - export TERM=xterm-256color - export COLORTERM=truecolor - - # Add Homebrew to PATH (macOS) - eval "$(/opt/homebrew/bin/brew shellenv)" - - # Add pnpm to PATH - export PATH="{{ openclaw_home }}/.local/bin:$PATH" - - # Color support for common tools - export CLICOLOR=1 - export LSCOLORS=ExFxCxDxBxegedabagacad - - # Aliases - alias ls='ls -G' - alias grep='grep --color=auto' - alias ll='ls -lah' - create: true - owner: "{{ openclaw_user }}" - mode: '0644' diff --git a/roles/openclaw/tasks/system-tools.yml b/roles/openclaw/tasks/system-tools.yml index 11a78ed..d4e0695 100644 --- a/roles/openclaw/tasks/system-tools.yml +++ b/roles/openclaw/tasks/system-tools.yml @@ -1,33 +1,11 @@ --- -# Main system tools orchestration - delegates to OS-specific tasks +# Main system tools orchestration - Linux only - name: Include Linux system tools installation ansible.builtin.include_tasks: system-tools-linux.yml - when: ansible_os_family == 'Debian' - -- name: Include macOS system tools installation - ansible.builtin.include_tasks: system-tools-macos.yml - when: ansible_os_family == 'Darwin' - -- name: Display unsupported OS warning - ansible.builtin.fail: - msg: "Unsupported OS family: {{ ansible_os_family }}. Only Debian/Ubuntu and macOS are supported." - when: ansible_os_family not in ['Debian', 'Darwin'] # Common tasks for all operating systems -- name: Install oh-my-zsh for openclaw user - ansible.builtin.shell: - cmd: | - sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended - creates: "{{ openclaw_home }}/.oh-my-zsh" - executable: /bin/bash - become: true - become_user: "{{ openclaw_user }}" - environment: - HOME: "{{ openclaw_home }}" - USER: "{{ openclaw_user }}" - - name: Configure git globally community.general.git_config: name: "{{ item.name }}" diff --git a/roles/openclaw/tasks/tailscale-macos.yml b/roles/openclaw/tasks/tailscale-macos.yml deleted file mode 100644 index 4ab0ce0..0000000 --- a/roles/openclaw/tasks/tailscale-macos.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# macOS-specific Tailscale installation (Homebrew Cask) - -- name: Check if Tailscale is already installed (macOS) - ansible.builtin.stat: - path: /Applications/Tailscale.app - register: tailscale_app_macos - -- name: Install Tailscale via Homebrew Cask (macOS) - community.general.homebrew_cask: - name: tailscale - state: present - environment: - PATH: "/opt/homebrew/bin:{{ ansible_env.PATH }}" - when: not tailscale_app_macos.stat.exists - -- name: Check if Tailscale is running (macOS) - ansible.builtin.command: /Applications/Tailscale.app/Contents/MacOS/Tailscale status --json - register: tailscale_status_macos - changed_when: false - failed_when: false - -- name: Display Tailscale setup instructions (macOS) - ansible.builtin.debug: - msg: - - "============================================" - - "Tailscale installed on macOS" - - "============================================" - - "" - - "To connect this Mac to your Tailnet:" - - "" - - "Option 1 - GUI:" - - " 1. Open Tailscale from Applications" - - " 2. Click 'Log in' and follow the web flow" - - "" - - "Option 2 - CLI:" - - " sudo /Applications/Tailscale.app/Contents/MacOS/Tailscale up" - - "" - - "With auth key:" - - " sudo /Applications/Tailscale.app/Contents/MacOS/Tailscale up --authkey tskey-auth-xxxxx" - - "" - - "Get auth key from: https://login.tailscale.com/admin/settings/keys" - when: tailscale_status_macos.rc != 0 diff --git a/roles/openclaw/tasks/tailscale.yml b/roles/openclaw/tasks/tailscale.yml deleted file mode 100644 index 6d76828..0000000 --- a/roles/openclaw/tasks/tailscale.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# Main Tailscale orchestration - delegates to OS-specific tasks - -- name: Include Linux Tailscale installation - ansible.builtin.include_tasks: tailscale-linux.yml - when: ansible_os_family == 'Debian' - -- name: Include macOS Tailscale installation - ansible.builtin.include_tasks: tailscale-macos.yml - when: ansible_os_family == 'Darwin' From f9a8c9eb19d710c0f24348ba147da256e5c07ae9 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 10 Feb 2026 09:25:52 -0600 Subject: [PATCH 10/16] feat: add Tailscale optional support and CI test harness MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Major changes: - Make Tailscale optional (tailscale_enabled: false by default) - Add ci_test mode to skip Docker/firewall/systemd tasks in CI - Add Docker-based CI test harness (convergence, verification, idempotency) - Convert show-lobster.sh to template for conditional Tailscale display - Update firewall to conditionally open Tailscale port CI Test Harness: - tests/Dockerfile.ubuntu2404 - Ubuntu container with Ansible - tests/entrypoint.sh - Test execution (convergence → verify → idempotency) - tests/verify.yml - Post-install assertions - tests/run-tests.sh - Local test runner - Validates ~75% of playbook (skips Docker-in-Docker, firewall, systemd) Co-Authored-By: Claude Sonnet 4.5 --- playbook.yml | 11 ++-- roles/openclaw/defaults/main.yml | 9 +-- roles/openclaw/tasks/firewall-linux.yml | 1 + roles/openclaw/tasks/main.yml | 9 ++- roles/openclaw/templates/show-lobster.sh.j2 | 42 +++++++++++++ tests/Dockerfile.ubuntu2404 | 29 +++++++++ tests/README.md | 68 ++++++++++++++++++++ tests/entrypoint.sh | 30 +++++++++ tests/run-tests.sh | 11 ++++ tests/verify.yml | 70 +++++++++++++++++++++ 10 files changed, 268 insertions(+), 12 deletions(-) create mode 100644 roles/openclaw/templates/show-lobster.sh.j2 create mode 100644 tests/Dockerfile.ubuntu2404 create mode 100644 tests/README.md create mode 100755 tests/entrypoint.sh create mode 100755 tests/run-tests.sh create mode 100644 tests/verify.yml diff --git a/playbook.yml b/playbook.yml index 0641cf6..ad1f408 100644 --- a/playbook.yml +++ b/playbook.yml @@ -80,8 +80,8 @@ post_tasks: - name: Copy ASCII art script - ansible.builtin.copy: - src: roles/openclaw/files/show-lobster.sh + ansible.builtin.template: + src: roles/openclaw/templates/show-lobster.sh.j2 dest: /tmp/show-lobster.sh mode: '0755' @@ -153,18 +153,19 @@ echo " • Troubleshoot: openclaw doctor" echo " • List agents: openclaw agents list" echo "" - echo "────────────────────────────────────────────────────────" + {% if tailscale_enabled | default(false) %}echo "────────────────────────────────────────────────────────" echo "🌐 Connect Tailscale VPN (optional):" echo "────────────────────────────────────────────────────────" echo "" echo " exit" echo " sudo tailscale up" echo "" - echo "────────────────────────────────────────────────────────" + {% endif %}echo "────────────────────────────────────────────────────────" echo "" echo "Type 'exit' to return to your previous user" echo "" - rm -f ~/.openclaw-welcome + # Remove welcome message (suppress errors if already deleted) + rm -f "$HOME/.openclaw-welcome" 2>/dev/null || true - name: Add welcome message to .bashrc ansible.builtin.lineinfile: diff --git a/roles/openclaw/defaults/main.yml b/roles/openclaw/defaults/main.yml index 3751e9a..243cc6d 100644 --- a/roles/openclaw/defaults/main.yml +++ b/roles/openclaw/defaults/main.yml @@ -1,7 +1,12 @@ --- # OpenClaw default variables +# CI testing mode - skips tasks that require systemd, Docker-in-Docker, or kernel access +ci_test: false + # Tailscale settings +# WARNING: Tasks using tailscale_authkey MUST set no_log: true to prevent credential exposure +tailscale_enabled: false # Set to true to install and configure Tailscale tailscale_authkey: "" # Optional: set to auto-connect during installation # Node.js version @@ -17,10 +22,6 @@ openclaw_config_dir: "{{ openclaw_home }}/.openclaw" openclaw_user: openclaw openclaw_home: /home/openclaw -# OS-specific settings (set dynamically in tasks) -homebrew_prefix: "{{ '/opt/homebrew' if ansible_os_family == 'Darwin' else '/home/linuxbrew/.linuxbrew' }}" -package_manager: "{{ 'brew' if ansible_os_family == 'Darwin' else 'apt' }}" - # Installation mode: 'release' or 'development' # release: Install via pnpm install -g openclaw@latest # development: Clone repo, build from source, link globally diff --git a/roles/openclaw/tasks/firewall-linux.yml b/roles/openclaw/tasks/firewall-linux.yml index 28789e4..7ed1570 100644 --- a/roles/openclaw/tasks/firewall-linux.yml +++ b/roles/openclaw/tasks/firewall-linux.yml @@ -103,6 +103,7 @@ port: '41641' proto: udp comment: 'Tailscale' + when: tailscale_enabled | bool - name: Get default network interface ansible.builtin.shell: diff --git a/roles/openclaw/tasks/main.yml b/roles/openclaw/tasks/main.yml index b16c1e3..81a5dd9 100644 --- a/roles/openclaw/tasks/main.yml +++ b/roles/openclaw/tasks/main.yml @@ -3,16 +3,19 @@ ansible.builtin.include_tasks: system-tools.yml - name: Include Tailscale installation tasks - ansible.builtin.include_tasks: tailscale.yml + ansible.builtin.include_tasks: tailscale-linux.yml + when: tailscale_enabled | bool - name: Include user creation tasks ansible.builtin.include_tasks: user.yml - name: Include Docker installation tasks - ansible.builtin.include_tasks: docker.yml + ansible.builtin.include_tasks: docker-linux.yml + when: not ci_test - name: Include firewall configuration tasks - ansible.builtin.include_tasks: firewall.yml + ansible.builtin.include_tasks: firewall-linux.yml + when: not ci_test - name: Include Node.js installation tasks ansible.builtin.include_tasks: nodejs.yml diff --git a/roles/openclaw/templates/show-lobster.sh.j2 b/roles/openclaw/templates/show-lobster.sh.j2 new file mode 100644 index 0000000..e821d8d --- /dev/null +++ b/roles/openclaw/templates/show-lobster.sh.j2 @@ -0,0 +1,42 @@ +#jinja2: lstrip_blocks: "True" +{% raw %}#!/bin/bash +cat << 'LOBSTER' +[0;36m + +====================================================+ + | | + | [0;33mWelcome to OpenClaw! [0;31m🦞[0;36m | + | | + |[0;31m ,.---._ [0;36m| + |[0;31m ,,,, / `, [0;36m| + |[0;31m \\\ / '\_ ; [0;36m| + |[0;31m |||| /\/``-.__\;' [0;36m| + |[0;31m ::::/\/_ [0;36m| + |[0;31m {{`-.__.-'(`(^^(^^^(^ 9 `.=========' [0;36m| + |[0;31m{{{{{{ { ( ( ( ( (-----:= [0;36m| + |[0;31m {{.-'~~'-.(,(,,(,,,(__6_.'=========. [0;36m| + |[0;31m ::::\/\ [0;36m| + |[0;31m |||| \/\ ,-'/, [0;36m| + |[0;31m //// \ `` _/ ; [0;36m| + |[0;31m '''' \ ` .' [0;36m| + |[0;31m `---' [0;36m| + | | + | [0;32m✅ Installation Successful![0;36m | + | | + +====================================================+[0m +LOBSTER + +echo "" +echo "🔒 Security Status:" +echo " - UFW Firewall: ENABLED" +{% endraw %} +{% if tailscale_enabled | default(false) %} +echo " - Open Ports: SSH (22) + Tailscale (41641/udp)" +{% else %} +echo " - Open Ports: SSH (22)" +{% endif %} +{% raw %} +echo " - Docker isolation: ACTIVE" +echo "" +echo "📚 Documentation: https://github.com/openclaw/openclaw-ansible" +echo "" +{% endraw %} diff --git a/tests/Dockerfile.ubuntu2404 b/tests/Dockerfile.ubuntu2404 new file mode 100644 index 0000000..6ce1438 --- /dev/null +++ b/tests/Dockerfile.ubuntu2404 @@ -0,0 +1,29 @@ +FROM ubuntu:24.04 + +ENV DEBIAN_FRONTEND=noninteractive + +# Install Ansible and dependencies +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ansible \ + python3 \ + python3-apt \ + sudo \ + systemd \ + git \ + curl \ + ca-certificates \ + acl \ + gpg \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Copy project into container +COPY . /opt/ansible +WORKDIR /opt/ansible + +# Install Ansible Galaxy collections +RUN ansible-galaxy collection install -r requirements.yml + +# Default: run the test entrypoint +ENTRYPOINT ["bash", "tests/entrypoint.sh"] diff --git a/tests/README.md b/tests/README.md new file mode 100644 index 0000000..6345004 --- /dev/null +++ b/tests/README.md @@ -0,0 +1,68 @@ +# Docker CI Test Harness + +This directory contains a Docker-based CI test harness for the Ansible playbook. It validates convergence, correctness, and idempotency by running the playbook inside an Ubuntu 24.04 container. + +## Quick Start + +```bash +# Run all tests +bash tests/run-tests.sh + +# Or specify a distro (currently only ubuntu2404 available) +bash tests/run-tests.sh ubuntu2404 +``` + +## Test Structure + +The test harness runs three sequential tests: + +1. **Convergence**: Runs the playbook with `ci_test=true` to verify it completes without errors +2. **Verification**: Runs `verify.yml` to assert the system is in the expected state +3. **Idempotency**: Runs the playbook a second time and verifies `changed=0` + +## Files + +- `Dockerfile.ubuntu2404` - Ubuntu 24.04 container with Ansible pre-installed +- `entrypoint.sh` - Test execution script (convergence → verification → idempotency) +- `verify.yml` - Post-convergence assertions (user exists, packages installed, directories created, etc.) +- `run-tests.sh` - Local test runner script + +## CI Test Mode + +The `ci_test` variable skips tasks that require: +- Docker-in-Docker (Docker CE installation) +- Kernel access (UFW/iptables firewall) +- systemd services (loginctl, daemon installation) +- External package installation (openclaw app install) + +Everything else runs normally: package installation, user creation, Node.js/pnpm setup, directory structure, config file rendering, etc. + +## What Gets Tested + +| Component | Tested? | Notes | +|-----------|---------|-------| +| System packages (35+) | ✅ Yes | Full apt install | +| User creation + config | ✅ Yes | User, .bashrc, sudoers, SSH dir | +| Node.js + pnpm | ✅ Yes | Full install + version check | +| Directory structure | ✅ Yes | All .openclaw/* dirs with perms | +| Git global config | ✅ Yes | Aliases, default branch | +| Vim config | ✅ Yes | Template rendering | +| Docker CE install | ❌ No | Needs Docker-in-Docker | +| UFW / iptables | ❌ No | Needs kernel access | +| fail2ban / systemd | ❌ No | Needs running systemd | +| Tailscale | ❌ No | Disabled by default already | +| OpenClaw app install | ❌ No | External package | +| Idempotency | ✅ Yes | Second run must have 0 changes | + +## Exit Codes + +- `0` - All tests passed +- `1` - Test failure (convergence failed, verification failed, or idempotency check failed) + +## Development + +To add tests for additional distributions: +1. Create `Dockerfile.` (e.g., `Dockerfile.debian12`) +2. Run: `bash tests/run-tests.sh ` + +The test harness automatically builds the image and runs the test suite. diff --git a/tests/entrypoint.sh b/tests/entrypoint.sh new file mode 100755 index 0000000..daba430 --- /dev/null +++ b/tests/entrypoint.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +set -euo pipefail + +PLAYBOOK_ARGS=(-e ci_test=true -e ansible_become=false --connection=local) + +# --- Step 1: Convergence --- +echo "===> Step 1: Convergence test" +ansible-playbook playbook.yml "${PLAYBOOK_ARGS[@]}" +echo "===> Convergence: PASSED" + +# --- Step 2: Verification --- +echo "===> Step 2: Verification" +ansible-playbook tests/verify.yml "${PLAYBOOK_ARGS[@]}" +echo "===> Verification: PASSED" + +# --- Step 3: Idempotency --- +echo "===> Step 3: Idempotency test" +IDEMPOTENCY_OUT=$(ansible-playbook playbook.yml "${PLAYBOOK_ARGS[@]}" 2>&1) +echo "$IDEMPOTENCY_OUT" + +CHANGED=$(echo "$IDEMPOTENCY_OUT" | tail -n 5 | grep -oP 'changed=\K[0-9]+' | head -1) +if [ "${CHANGED:-1}" -eq 0 ]; then + echo "===> Idempotency: PASSED (0 changed)" +else + echo "===> Idempotency: FAILED (changed=$CHANGED)" + exit 1 +fi + +echo "" +echo "===> All tests passed" diff --git a/tests/run-tests.sh b/tests/run-tests.sh new file mode 100755 index 0000000..f4eedf9 --- /dev/null +++ b/tests/run-tests.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +set -euo pipefail + +DISTRO="${1:-ubuntu2404}" +IMAGE="openclaw-ansible-test:${DISTRO}" + +echo "Building test image (${DISTRO})..." +docker build -t "$IMAGE" -f "tests/Dockerfile.${DISTRO}" . + +echo "Running tests..." +docker run --rm "$IMAGE" diff --git a/tests/verify.yml b/tests/verify.yml new file mode 100644 index 0000000..9b032bb --- /dev/null +++ b/tests/verify.yml @@ -0,0 +1,70 @@ +--- +- name: Verify playbook results + hosts: localhost + connection: local + gather_facts: true + + vars: + openclaw_user: openclaw + openclaw_home: /home/openclaw + + tasks: + - name: Verify openclaw user exists + ansible.builtin.command: id openclaw + changed_when: false + + - name: Verify critical packages installed + ansible.builtin.command: "dpkg -s {{ item }}" + loop: [git, curl, vim, jq, tmux, tree, htop] + changed_when: false + + - name: Verify Node.js installed + ansible.builtin.command: node --version + changed_when: false + + - name: Verify pnpm installed + ansible.builtin.command: pnpm --version + changed_when: false + + - name: Verify openclaw directory structure + ansible.builtin.stat: + path: "{{ item.path }}" + loop: + - { path: "{{ openclaw_home }}/.openclaw", mode: "0755" } + - { path: "{{ openclaw_home }}/.openclaw/sessions" } + - { path: "{{ openclaw_home }}/.openclaw/credentials", mode: "0700" } + - { path: "{{ openclaw_home }}/.openclaw/data" } + - { path: "{{ openclaw_home }}/.openclaw/logs" } + - { path: "{{ openclaw_home }}/.ssh", mode: "0700" } + register: dir_checks + + - name: Assert directories exist + ansible.builtin.assert: + that: item.stat.exists and item.stat.isdir + fail_msg: "Directory missing: {{ item.item.path }}" + loop: "{{ dir_checks.results }}" + loop_control: + label: "{{ item.item.path }}" + + - name: Assert credentials dir has restricted permissions + ansible.builtin.assert: + that: dir_checks.results[2].stat.mode == '0700' + fail_msg: "credentials dir should be 0700" + + - name: Verify sudoers file exists and is valid + ansible.builtin.command: visudo -cf /etc/sudoers.d/openclaw + changed_when: false + + - name: Verify global vim config exists + ansible.builtin.stat: + path: /etc/vim/vimrc.local + register: vimrc + - ansible.builtin.assert: + that: vimrc.stat.exists + + - name: Verify git global config + ansible.builtin.command: git config --global init.defaultBranch + changed_when: false + register: git_branch + - ansible.builtin.assert: + that: git_branch.stdout == 'main' From 3f5d9aa753edb2e54c917eaea29599fca97150b6 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 10 Feb 2026 09:27:06 -0600 Subject: [PATCH 11/16] fix: add critical bug fixes from PR #16 Bug fixes: - Create .bash_profile to source .bashrc for login shells (fixes environment not loading for sudo su - openclaw) - Simplify install.sh to only install dependencies (no longer downloads/runs playbook automatically) - Update install.sh messaging and instructions Co-Authored-By: Claude Sonnet 4.5 --- install.sh | 76 +++++++++++++++++------------------ roles/openclaw/tasks/user.yml | 13 ++++++ 2 files changed, 50 insertions(+), 39 deletions(-) diff --git a/install.sh b/install.sh index fa4d3ed..022e446 100755 --- a/install.sh +++ b/install.sh @@ -12,10 +12,6 @@ if [ -z "$COLORTERM" ]; then export COLORTERM=truecolor fi -REPO_URL="https://raw.githubusercontent.com/openclaw/openclaw-ansible/main" -PLAYBOOK_URL="${REPO_URL}/playbook.yml" -TEMP_DIR=$(mktemp -d) - # Colors (with 256-color support) RED='\033[0;31m' GREEN='\033[0;32m' @@ -39,58 +35,60 @@ else exit 1 fi -# Check if running as root or with sudo access +# Determine sudo usage if [ "$EUID" -eq 0 ]; then - echo -e "${GREEN}Running as root.${NC}" + echo -e "${GREEN}✓ Running as root${NC}" SUDO="" - ANSIBLE_EXTRA_VARS="-e ansible_become=false" else if ! command -v sudo &> /dev/null; then - echo -e "${RED}Error: sudo is not installed. Please install sudo or run as root.${NC}" + echo -e "${RED}✗ Error: sudo is not installed${NC}" + echo -e "${RED} Please install sudo or run as root${NC}" exit 1 fi SUDO="sudo" - ANSIBLE_EXTRA_VARS="--ask-become-pass" fi -echo -e "${GREEN}[1/4] Checking prerequisites...${NC}" +echo "" +echo -e "${BLUE}[1/3] Installing Ansible...${NC}" # Check if Ansible is installed if ! command -v ansible-playbook &> /dev/null; then - echo -e "${YELLOW}Ansible not found. Installing...${NC}" + echo -e "${YELLOW} Ansible not found, installing...${NC}" $SUDO apt-get update -qq - $SUDO apt-get install -y ansible - echo -e "${GREEN}✓ Ansible installed${NC}" + $SUDO apt-get install -y ansible git + echo -e "${GREEN} ✓ Ansible installed${NC}" else - echo -e "${GREEN}✓ Ansible already installed${NC}" + ANSIBLE_VERSION=$(ansible --version | head -n1) + echo -e "${GREEN} ✓ Ansible already installed (${ANSIBLE_VERSION})${NC}" fi -echo -e "${GREEN}[2/5] Downloading playbook...${NC}" - -# Download the playbook and role files -cd "$TEMP_DIR" - -# For simplicity, we'll clone the entire repo -echo "Cloning repository..." -git clone https://github.com/openclaw/openclaw-ansible.git -cd openclaw-ansible - -echo -e "${GREEN}✓ Playbook downloaded${NC}" - -echo -e "${GREEN}[3/5] Installing Ansible collections...${NC}" +echo "" +echo -e "${BLUE}[2/3] Installing Ansible collections...${NC}" ansible-galaxy collection install -r requirements.yml +echo -e "${GREEN} ✓ Collections installed${NC}" -echo -e "${GREEN}[4/5] Running Ansible playbook...${NC}" -if [ "$EUID" -ne 0 ]; then - echo -e "${YELLOW}You will be prompted for your sudo password.${NC}" -fi echo "" +echo -e "${BLUE}[3/3] Verifying setup...${NC}" +ansible-playbook playbook.yml --syntax-check > /dev/null 2>&1 +echo -e "${GREEN} ✓ Playbook syntax valid${NC}" -# Run the playbook -./run-playbook.sh $ANSIBLE_EXTRA_VARS - -# Cleanup -cd / -rm -rf "$TEMP_DIR" - -# run-playbook.sh will display instructions to switch to openclaw user +echo "" +echo -e "${GREEN}╔════════════════════════════════════════╗${NC}" +echo -e "${GREEN}║ Setup Complete! ║${NC}" +echo -e "${GREEN}╚════════════════════════════════════════╝${NC}" +echo "" +echo -e "${CYAN}Next steps:${NC}" +echo "" +echo -e " 1. Run the playbook:" +echo -e " ${YELLOW}./run-playbook.sh${NC}" +echo "" +echo -e " 2. (Optional) Enable Tailscale:" +echo -e " ${YELLOW}./run-playbook.sh -e tailscale_enabled=true${NC}" +echo "" +echo -e " 3. (Optional) Use custom variables:" +echo -e " ${YELLOW}./run-playbook.sh -e @vars.yml${NC}" +echo "" +echo -e "${CYAN}Documentation:${NC}" +echo -e " • Configuration: ${BLUE}docs/configuration.md${NC}" +echo -e " • Architecture: ${BLUE}docs/architecture.md${NC}" +echo "" diff --git a/roles/openclaw/tasks/user.yml b/roles/openclaw/tasks/user.yml index 0ace58b..e07ffd3 100644 --- a/roles/openclaw/tasks/user.yml +++ b/roles/openclaw/tasks/user.yml @@ -60,6 +60,19 @@ openclaw_user: openclaw openclaw_home: /home/openclaw +- name: Create .bash_profile to source .bashrc for login shells + ansible.builtin.copy: + dest: "{{ openclaw_home }}/.bash_profile" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" + mode: '0644' + content: | + # .bash_profile - Executed for login shells + # Source .bashrc to ensure environment is loaded for login shells + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi + # Fix DBus issues for systemd user services - name: Get openclaw user ID ansible.builtin.command: id -u openclaw From 76fcee88c994b12054abd3ac4ad5f90693965926 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 10 Feb 2026 09:27:29 -0600 Subject: [PATCH 12/16] Revert "fix: add critical bug fixes from PR #16" This reverts commit 3f5d9aa753edb2e54c917eaea29599fca97150b6. --- install.sh | 76 ++++++++++++++++++----------------- roles/openclaw/tasks/user.yml | 13 ------ 2 files changed, 39 insertions(+), 50 deletions(-) diff --git a/install.sh b/install.sh index 022e446..fa4d3ed 100755 --- a/install.sh +++ b/install.sh @@ -12,6 +12,10 @@ if [ -z "$COLORTERM" ]; then export COLORTERM=truecolor fi +REPO_URL="https://raw.githubusercontent.com/openclaw/openclaw-ansible/main" +PLAYBOOK_URL="${REPO_URL}/playbook.yml" +TEMP_DIR=$(mktemp -d) + # Colors (with 256-color support) RED='\033[0;31m' GREEN='\033[0;32m' @@ -35,60 +39,58 @@ else exit 1 fi -# Determine sudo usage +# Check if running as root or with sudo access if [ "$EUID" -eq 0 ]; then - echo -e "${GREEN}✓ Running as root${NC}" + echo -e "${GREEN}Running as root.${NC}" SUDO="" + ANSIBLE_EXTRA_VARS="-e ansible_become=false" else if ! command -v sudo &> /dev/null; then - echo -e "${RED}✗ Error: sudo is not installed${NC}" - echo -e "${RED} Please install sudo or run as root${NC}" + echo -e "${RED}Error: sudo is not installed. Please install sudo or run as root.${NC}" exit 1 fi SUDO="sudo" + ANSIBLE_EXTRA_VARS="--ask-become-pass" fi -echo "" -echo -e "${BLUE}[1/3] Installing Ansible...${NC}" +echo -e "${GREEN}[1/4] Checking prerequisites...${NC}" # Check if Ansible is installed if ! command -v ansible-playbook &> /dev/null; then - echo -e "${YELLOW} Ansible not found, installing...${NC}" + echo -e "${YELLOW}Ansible not found. Installing...${NC}" $SUDO apt-get update -qq - $SUDO apt-get install -y ansible git - echo -e "${GREEN} ✓ Ansible installed${NC}" + $SUDO apt-get install -y ansible + echo -e "${GREEN}✓ Ansible installed${NC}" else - ANSIBLE_VERSION=$(ansible --version | head -n1) - echo -e "${GREEN} ✓ Ansible already installed (${ANSIBLE_VERSION})${NC}" + echo -e "${GREEN}✓ Ansible already installed${NC}" fi -echo "" -echo -e "${BLUE}[2/3] Installing Ansible collections...${NC}" +echo -e "${GREEN}[2/5] Downloading playbook...${NC}" + +# Download the playbook and role files +cd "$TEMP_DIR" + +# For simplicity, we'll clone the entire repo +echo "Cloning repository..." +git clone https://github.com/openclaw/openclaw-ansible.git +cd openclaw-ansible + +echo -e "${GREEN}✓ Playbook downloaded${NC}" + +echo -e "${GREEN}[3/5] Installing Ansible collections...${NC}" ansible-galaxy collection install -r requirements.yml -echo -e "${GREEN} ✓ Collections installed${NC}" +echo -e "${GREEN}[4/5] Running Ansible playbook...${NC}" +if [ "$EUID" -ne 0 ]; then + echo -e "${YELLOW}You will be prompted for your sudo password.${NC}" +fi echo "" -echo -e "${BLUE}[3/3] Verifying setup...${NC}" -ansible-playbook playbook.yml --syntax-check > /dev/null 2>&1 -echo -e "${GREEN} ✓ Playbook syntax valid${NC}" -echo "" -echo -e "${GREEN}╔════════════════════════════════════════╗${NC}" -echo -e "${GREEN}║ Setup Complete! ║${NC}" -echo -e "${GREEN}╚════════════════════════════════════════╝${NC}" -echo "" -echo -e "${CYAN}Next steps:${NC}" -echo "" -echo -e " 1. Run the playbook:" -echo -e " ${YELLOW}./run-playbook.sh${NC}" -echo "" -echo -e " 2. (Optional) Enable Tailscale:" -echo -e " ${YELLOW}./run-playbook.sh -e tailscale_enabled=true${NC}" -echo "" -echo -e " 3. (Optional) Use custom variables:" -echo -e " ${YELLOW}./run-playbook.sh -e @vars.yml${NC}" -echo "" -echo -e "${CYAN}Documentation:${NC}" -echo -e " • Configuration: ${BLUE}docs/configuration.md${NC}" -echo -e " • Architecture: ${BLUE}docs/architecture.md${NC}" -echo "" +# Run the playbook +./run-playbook.sh $ANSIBLE_EXTRA_VARS + +# Cleanup +cd / +rm -rf "$TEMP_DIR" + +# run-playbook.sh will display instructions to switch to openclaw user diff --git a/roles/openclaw/tasks/user.yml b/roles/openclaw/tasks/user.yml index e07ffd3..0ace58b 100644 --- a/roles/openclaw/tasks/user.yml +++ b/roles/openclaw/tasks/user.yml @@ -60,19 +60,6 @@ openclaw_user: openclaw openclaw_home: /home/openclaw -- name: Create .bash_profile to source .bashrc for login shells - ansible.builtin.copy: - dest: "{{ openclaw_home }}/.bash_profile" - owner: "{{ openclaw_user }}" - group: "{{ openclaw_user }}" - mode: '0644' - content: | - # .bash_profile - Executed for login shells - # Source .bashrc to ensure environment is loaded for login shells - if [ -f ~/.bashrc ]; then - . ~/.bashrc - fi - # Fix DBus issues for systemd user services - name: Get openclaw user ID ansible.builtin.command: id -u openclaw From 42a882b87b5f62fd411f6b452541e433faec1359 Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 10 Feb 2026 09:27:38 -0600 Subject: [PATCH 13/16] fix: create .bash_profile to source .bashrc for login shells Fixes environment not loading when using 'sudo su - openclaw'. Login shells need .bash_profile to source .bashrc. Co-Authored-By: Claude Sonnet 4.5 --- roles/openclaw/tasks/user.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/roles/openclaw/tasks/user.yml b/roles/openclaw/tasks/user.yml index 0ace58b..e07ffd3 100644 --- a/roles/openclaw/tasks/user.yml +++ b/roles/openclaw/tasks/user.yml @@ -60,6 +60,19 @@ openclaw_user: openclaw openclaw_home: /home/openclaw +- name: Create .bash_profile to source .bashrc for login shells + ansible.builtin.copy: + dest: "{{ openclaw_home }}/.bash_profile" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" + mode: '0644' + content: | + # .bash_profile - Executed for login shells + # Source .bashrc to ensure environment is loaded for login shells + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi + # Fix DBus issues for systemd user services - name: Get openclaw user ID ansible.builtin.command: id -u openclaw From 1f552e482cd9155d7674cf186a5f24132fe62f0d Mon Sep 17 00:00:00 2001 From: Justin Date: Tue, 10 Feb 2026 09:45:41 -0600 Subject: [PATCH 14/16] fix: apply all missing bug fixes and improvements from PR #16 Complete functional parity with PR #16 while preserving openclaw naming. Initial fixes (7): - Add home directory ownership fix to prevent permission errors - Move .bashrc configuration from system-tools to user.yml - Add ci_test conditionals to all systemd-related tasks - Fix binary path resolution (use PATH instead of hardcoded paths) - Remove all Homebrew path references - Update pnpm installation to use idempotent check-first approach - Change apt upgrade to use ci_test conditional Additional fixes from comprehensive double-check (7): - Use ansible.builtin.authorized_key instead of ansible.posix - Remove ansible.posix collection dependency from requirements.yml - Remove "Connect Tailscale VPN" from completion message (now optional) - Add comprehensive security entries to .gitignore - Add network interface validation in firewall configuration - Improve pnpm config idempotency with proper change detection - Add install_mode validation with clear error messages Files modified: 12 - .gitignore: Added security-related ignore patterns - playbook.yml: Fixed apt upgrade conditional - requirements.yml: Removed ansible.posix dependency - run-playbook.sh: Removed optional Tailscale from completion - roles/openclaw/tasks/user.yml: Multiple critical fixes - roles/openclaw/tasks/system-tools-linux.yml: Removed .bashrc config - roles/openclaw/tasks/firewall-linux.yml: Added validation - roles/openclaw/tasks/nodejs.yml: Improved pnpm check - roles/openclaw/tasks/openclaw.yml: Added validation and idempotency - roles/openclaw/tasks/openclaw-release.yml: Fixed paths - roles/openclaw/tasks/openclaw-development.yml: Fixed paths - roles/openclaw/templates/openclaw-host.service.j2: Fixed PATH and ExecStart All functional changes from PR #16 are now incorporated with correct openclaw naming throughout. Co-Authored-By: Claude Sonnet 4.5 --- .gitignore | 11 ++++ playbook.yml | 3 +- requirements.yml | 2 - roles/openclaw/tasks/firewall-linux.yml | 8 +++ roles/openclaw/tasks/nodejs.yml | 9 +++- roles/openclaw/tasks/openclaw-development.yml | 10 ++-- roles/openclaw/tasks/openclaw-release.yml | 8 ++- roles/openclaw/tasks/openclaw.yml | 25 ++++++++-- roles/openclaw/tasks/system-tools-linux.yml | 26 ---------- roles/openclaw/tasks/user.yml | 50 ++++++++++++++++--- .../templates/openclaw-host.service.j2 | 8 +-- run-playbook.sh | 1 - 12 files changed, 107 insertions(+), 54 deletions(-) diff --git a/.gitignore b/.gitignore index 8cb8bac..de86135 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,14 @@ *.log .ansible/ .vault_pass + +# Secrets and credentials +*.env +.env* +secrets.yml +vault.yml +*.pem +*.key +id_rsa* +host_vars/ +group_vars/ diff --git a/playbook.yml b/playbook.yml index ad1f408..17d9863 100644 --- a/playbook.yml +++ b/playbook.yml @@ -41,9 +41,8 @@ update_cache: true upgrade: dist cache_valid_time: 3600 - when: is_debian + when: is_debian and not ci_test register: apt_upgrade_result - ignore_errors: true - name: Display apt upgrade results ansible.builtin.debug: diff --git a/requirements.yml b/requirements.yml index 833acf2..90621cf 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,5 +4,3 @@ collections: version: ">=3.4.0" - name: community.general version: ">=8.0.0" - - name: ansible.posix - version: ">=1.5.0" diff --git a/roles/openclaw/tasks/firewall-linux.yml b/roles/openclaw/tasks/firewall-linux.yml index 7ed1570..068b4a5 100644 --- a/roles/openclaw/tasks/firewall-linux.yml +++ b/roles/openclaw/tasks/firewall-linux.yml @@ -114,6 +114,14 @@ register: default_interface changed_when: false +- name: Validate default network interface was detected + ansible.builtin.assert: + that: + - default_interface.stdout is defined + - default_interface.stdout | length > 0 + fail_msg: "Failed to detect default network interface. Cannot configure firewall rules safely." + success_msg: "Default network interface detected: {{ default_interface.stdout }}" + - name: Create UFW after.rules for Docker isolation ansible.builtin.blockinfile: path: /etc/ufw/after.rules diff --git a/roles/openclaw/tasks/nodejs.yml b/roles/openclaw/tasks/nodejs.yml index f094d9a..8c1ecf4 100644 --- a/roles/openclaw/tasks/nodejs.yml +++ b/roles/openclaw/tasks/nodejs.yml @@ -42,10 +42,15 @@ name: nodejs state: present +- name: Check if pnpm is already installed + ansible.builtin.command: pnpm --version + register: pnpm_check + failed_when: false + changed_when: false + - name: Install pnpm globally ansible.builtin.command: npm install -g pnpm - args: - creates: /usr/local/bin/pnpm + when: pnpm_check.rc != 0 - name: Verify Node.js installation ansible.builtin.command: node --version diff --git a/roles/openclaw/tasks/openclaw-development.yml b/roles/openclaw/tasks/openclaw-development.yml index a7b5c93..653c345 100644 --- a/roles/openclaw/tasks/openclaw-development.yml +++ b/roles/openclaw/tasks/openclaw-development.yml @@ -49,7 +49,7 @@ become_user: "{{ openclaw_user }}" environment: PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" - PATH: "{{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" + PATH: "{{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin" HOME: "{{ openclaw_home }}" register: pnpm_install_result changed_when: "'Already up to date' not in pnpm_install_result.stdout" @@ -63,7 +63,7 @@ become_user: "{{ openclaw_user }}" environment: PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" - PATH: "{{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" + PATH: "{{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin" HOME: "{{ openclaw_home }}" register: pnpm_build_result changed_when: true # Build always changes dist/ directory @@ -106,12 +106,14 @@ - name: Verify openclaw installation from development build ansible.builtin.shell: - cmd: "{{ openclaw_home }}/.local/bin/openclaw --version" + cmd: openclaw --version executable: /bin/bash become: true become_user: "{{ openclaw_user }}" environment: - PATH: "{{ openclaw_home }}/.local/bin:/usr/local/bin:/usr/bin:/bin" + PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" + PATH: "{{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin" + HOME: "{{ openclaw_home }}" register: openclaw_dev_version changed_when: false diff --git a/roles/openclaw/tasks/openclaw-release.yml b/roles/openclaw/tasks/openclaw-release.yml index 8bdc0d7..76aaef8 100644 --- a/roles/openclaw/tasks/openclaw-release.yml +++ b/roles/openclaw/tasks/openclaw-release.yml @@ -9,17 +9,21 @@ become_user: "{{ openclaw_user }}" environment: PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" - PATH: "{{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin" + PATH: "{{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin" HOME: "{{ openclaw_home }}" register: openclaw_install changed_when: "'Already up to date' not in openclaw_install.stdout" - name: Verify openclaw installation ansible.builtin.shell: - cmd: "{{ openclaw_home }}/.local/bin/openclaw --version" + cmd: openclaw --version executable: /bin/bash become: true become_user: "{{ openclaw_user }}" + environment: + PNPM_HOME: "{{ openclaw_home }}/.local/share/pnpm" + PATH: "{{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin" + HOME: "{{ openclaw_home }}" register: openclaw_version changed_when: false diff --git a/roles/openclaw/tasks/openclaw.yml b/roles/openclaw/tasks/openclaw.yml index 523feed..7e51164 100644 --- a/roles/openclaw/tasks/openclaw.yml +++ b/roles/openclaw/tasks/openclaw.yml @@ -1,4 +1,11 @@ --- +- name: Validate openclaw_install_mode + ansible.builtin.assert: + that: + - openclaw_install_mode in ["release", "development"] + fail_msg: "Invalid openclaw_install_mode: '{{ openclaw_install_mode }}'. Must be 'release' or 'development'." + success_msg: "Valid install mode: {{ openclaw_install_mode }}" + - name: Create OpenClaw directories (structure only, no config files) ansible.builtin.file: path: "{{ item.path }}" @@ -37,12 +44,24 @@ - name: Configure pnpm for openclaw user ansible.builtin.shell: cmd: | - pnpm config set global-dir {{ openclaw_home }}/.local/share/pnpm - pnpm config set global-bin-dir {{ openclaw_home }}/.local/bin + CURRENT_GLOBAL_DIR=$(pnpm config get global-dir 2>/dev/null || echo "") + CURRENT_BIN_DIR=$(pnpm config get global-bin-dir 2>/dev/null || echo "") + CHANGED=0 + if [ "$CURRENT_GLOBAL_DIR" != "{{ openclaw_home }}/.local/share/pnpm" ]; then + pnpm config set global-dir {{ openclaw_home }}/.local/share/pnpm + CHANGED=1 + fi + if [ "$CURRENT_BIN_DIR" != "{{ openclaw_home }}/.local/bin" ]; then + pnpm config set global-bin-dir {{ openclaw_home }}/.local/bin + CHANGED=1 + fi + exit $CHANGED executable: /bin/bash become: true become_user: "{{ openclaw_user }}" - changed_when: true # Always consider changed as pnpm config may update + register: pnpm_config_result + changed_when: pnpm_config_result.rc == 1 + failed_when: pnpm_config_result.rc > 1 - name: Display installation mode ansible.builtin.debug: diff --git a/roles/openclaw/tasks/system-tools-linux.yml b/roles/openclaw/tasks/system-tools-linux.yml index 6daa940..712952f 100644 --- a/roles/openclaw/tasks/system-tools-linux.yml +++ b/roles/openclaw/tasks/system-tools-linux.yml @@ -51,29 +51,3 @@ owner: root group: root mode: '0644' - -- name: Configure .bashrc for openclaw user (Linux) - ansible.builtin.blockinfile: - path: "{{ openclaw_home }}/.bashrc" - marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" - block: | - # Enable 256 colors - export TERM=xterm-256color - export COLORTERM=truecolor - - # Add pnpm to PATH - export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" - export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" - - # Color support for common tools - export CLICOLOR=1 - export LS_COLORS='di=34:ln=35:so=32:pi=33:ex=31:bd=34;46:cd=34;43:su=30;41:sg=30;46:tw=30;42:ow=30;43' - - # Aliases - alias ls='ls --color=auto' - alias grep='grep --color=auto' - alias ll='ls -lah' - create: true - owner: "{{ openclaw_user }}" - group: "{{ openclaw_user }}" - mode: '0644' diff --git a/roles/openclaw/tasks/user.yml b/roles/openclaw/tasks/user.yml index e07ffd3..97d1df2 100644 --- a/roles/openclaw/tasks/user.yml +++ b/roles/openclaw/tasks/user.yml @@ -9,6 +9,40 @@ home: /home/openclaw state: present +- name: Ensure openclaw home directory has correct ownership + ansible.builtin.file: + path: "{{ openclaw_home }}" + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" + state: directory + mode: '0755' + +- name: Configure .bashrc for openclaw user + ansible.builtin.blockinfile: + path: "{{ openclaw_home }}/.bashrc" + marker: "# {mark} ANSIBLE MANAGED BLOCK - OpenClaw config" + block: | + # Enable 256 colors + export TERM=xterm-256color + export COLORTERM=truecolor + + # Add pnpm to PATH + export PNPM_HOME="{{ openclaw_home }}/.local/share/pnpm" + export PATH="{{ openclaw_home }}/.local/bin:$PNPM_HOME:$PATH" + + # Color support for common tools + export CLICOLOR=1 + export LS_COLORS='di=34:ln=35:so=32:pi=33:ex=31:bd=34;46:cd=34;43:su=30;41:sg=30;46:tw=30;42:ow=30;43' + + # Aliases + alias ls='ls --color=auto' + alias grep='grep --color=auto' + alias ll='ls -lah' + create: true + owner: "{{ openclaw_user }}" + group: "{{ openclaw_user }}" + mode: '0644' + - name: Add openclaw user to sudoers with scoped NOPASSWD ansible.builtin.copy: dest: /etc/sudoers.d/openclaw @@ -78,17 +112,17 @@ ansible.builtin.command: id -u openclaw register: openclaw_uid changed_when: false - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test - name: Display openclaw user ID ansible.builtin.debug: msg: "OpenClaw user ID: {{ openclaw_uid.stdout }}" - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test - name: Enable lingering for openclaw user (allows systemd user services without login) ansible.builtin.command: loginctl enable-linger openclaw changed_when: false - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test - name: Create runtime directory for openclaw user ansible.builtin.file: @@ -97,12 +131,12 @@ owner: openclaw group: openclaw mode: '0700' - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test - name: Store openclaw UID as fact for later use ansible.builtin.set_fact: openclaw_uid_value: "{{ openclaw_uid.stdout }}" - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test # SSH key configuration - name: Create .ssh directory for openclaw user @@ -114,7 +148,7 @@ mode: '0700' - name: Add SSH authorized keys for openclaw user - ansible.posix.authorized_key: + ansible.builtin.authorized_key: user: openclaw state: present key: "{{ item }}" @@ -140,7 +174,7 @@ owner: openclaw group: openclaw mode: '0644' - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test - name: Set DBUS_SESSION_BUS_ADDRESS in .bashrc for openclaw user ansible.builtin.blockinfile: @@ -157,4 +191,4 @@ owner: openclaw group: openclaw mode: '0644' - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and not ci_test diff --git a/roles/openclaw/templates/openclaw-host.service.j2 b/roles/openclaw/templates/openclaw-host.service.j2 index a39c182..b2226b8 100644 --- a/roles/openclaw/templates/openclaw-host.service.j2 +++ b/roles/openclaw/templates/openclaw-host.service.j2 @@ -10,16 +10,16 @@ Group={{ openclaw_user }} WorkingDirectory={{ openclaw_home }} # Environment variables -Environment="PATH={{ openclaw_home }}/.local/bin:/home/linuxbrew/.linuxbrew/bin:/usr/local/bin:/usr/bin:/bin" Environment="PNPM_HOME={{ openclaw_home }}/.local/share/pnpm" +Environment="PATH={{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin" Environment="HOME={{ openclaw_home }}" -Environment="XDG_RUNTIME_DIR=/run/user/{{ openclaw_uid_value | default('1000') }}" +Environment="XDG_RUNTIME_DIR=/run/user/{{ openclaw_uid_value }}" # DBus session bus -Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/{{ openclaw_uid_value | default('1000') }}/bus" +Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/{{ openclaw_uid_value }}/bus" # Start command -ExecStart={{ openclaw_home }}/.local/bin/openclaw gateway +ExecStart=openclaw gateway # Restart policy Restart=always diff --git a/run-playbook.sh b/run-playbook.sh index b7869d4..cafeb2f 100755 --- a/run-playbook.sh +++ b/run-playbook.sh @@ -32,7 +32,6 @@ if [ $PLAYBOOK_EXIT -eq 0 ]; then echo " • Configure OpenClaw (~/.openclaw/config.yml)" echo " • Login to messaging provider (WhatsApp/Telegram/Signal)" echo " • Test the gateway" - echo " • Connect Tailscale VPN" echo "" echo "═══════════════════════════════════════════════════════════" echo "" From aa084466b7b852b298732206bededc1ab2b4455e Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 13 Feb 2026 14:11:11 -0600 Subject: [PATCH 15/16] fix: use canonical authorized_key FQCN and update remaining clawdbot refs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add ansible.posix collection to requirements.yml (>=1.5.0) - Change ansible.builtin.authorized_key to ansible.posix.authorized_key - Update documentation references from clawdbot to openclaw - Fix Jinja2 template lstrip_blocks to use boolean instead of string Addresses PR #16 maintainer feedback for clawdbot → openclaw rename. Co-Authored-By: Claude Sonnet 4.5 --- AGENTS.md | 2 +- docs/security.md | 14 +++++++------- requirements.yml | 2 ++ roles/openclaw/tasks/user.yml | 2 +- roles/openclaw/templates/show-lobster.sh.j2 | 2 +- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index f9cebf5..d59ba2a 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -141,7 +141,7 @@ SSH is exposed to the internet. Fail2ban automatically bans IPs after 5 failed a Security patches should be applied promptly. Automatic security-only updates reduce vulnerability windows. ### Why Scoped Sudo? -The clawdbot user only needs to manage its own service and Tailscale. Full root access would be dangerous if the app is compromised. +The openclaw user only needs to manage its own service and Tailscale. Full root access would be dangerous if the app is compromised. ### Why Localhost Binding? Defense in depth. If DOCKER-USER fails, localhost binding prevents external access. diff --git a/docs/security.md b/docs/security.md index 434d2e7..80eff2d 100644 --- a/docs/security.md +++ b/docs/security.md @@ -71,24 +71,24 @@ Container processes run as unprivileged `openclaw` user. ### Layer 6: Systemd Hardening -The clawdbot service runs with security restrictions: +The openclaw service runs with security restrictions: - `NoNewPrivileges=true` - Prevents privilege escalation - `PrivateTmp=true` - Isolated /tmp directory - `ProtectSystem=strict` - Read-only system directories - `ProtectHome=read-only` - Limited home directory access -- `ReadWritePaths` - Only ~/.clawdbot is writable +- `ReadWritePaths` - Only ~/.openclaw is writable ### Layer 7: Scoped Sudo Access -The clawdbot user has limited sudo permissions (not full root): +The openclaw user has limited sudo permissions (not full root): ```bash # Allowed commands only: -- systemctl start/stop/restart/status clawdbot +- systemctl start/stop/restart/status openclaw - systemctl daemon-reload - tailscale commands -- journalctl for clawdbot logs +- journalctl for openclaw logs ``` ### Layer 8: Automatic Security Updates @@ -192,5 +192,5 @@ After installation, verify: ## Reporting Security Issues If you discover a security vulnerability, please report it privately: -- Clawdbot: https://github.com/clawdbot/clawdbot/security -- This installer: https://github.com/openclaw/clawdbot-ansible/security +- OpenClaw: https://github.com/openclaw/openclaw/security +- This installer: https://github.com/openclaw/openclaw-ansible/security diff --git a/requirements.yml b/requirements.yml index 90621cf..833acf2 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,3 +4,5 @@ collections: version: ">=3.4.0" - name: community.general version: ">=8.0.0" + - name: ansible.posix + version: ">=1.5.0" diff --git a/roles/openclaw/tasks/user.yml b/roles/openclaw/tasks/user.yml index 97d1df2..cf7135b 100644 --- a/roles/openclaw/tasks/user.yml +++ b/roles/openclaw/tasks/user.yml @@ -148,7 +148,7 @@ mode: '0700' - name: Add SSH authorized keys for openclaw user - ansible.builtin.authorized_key: + ansible.posix.authorized_key: user: openclaw state: present key: "{{ item }}" diff --git a/roles/openclaw/templates/show-lobster.sh.j2 b/roles/openclaw/templates/show-lobster.sh.j2 index e821d8d..66456be 100644 --- a/roles/openclaw/templates/show-lobster.sh.j2 +++ b/roles/openclaw/templates/show-lobster.sh.j2 @@ -1,4 +1,4 @@ -#jinja2: lstrip_blocks: "True" +#jinja2: lstrip_blocks: True {% raw %}#!/bin/bash cat << 'LOBSTER' [0;36m From 35b1441397e38650f7ebb054b5354842a74caf27 Mon Sep 17 00:00:00 2001 From: Justin Date: Fri, 13 Feb 2026 14:15:22 -0600 Subject: [PATCH 16/16] fix: update remaining clawdbot references to openclaw - Update LICENSE copyright from Clawdbot to OpenClaw Contributors - Change CLAWDBOT_DEV_DIR to OPENCLAW_DEV_DIR in docs and upgrade notes - Update security.md overview text - Update UPGRADE_NOTES.md section heading Co-Authored-By: Claude Sonnet 4.5 --- LICENSE | 2 +- UPGRADE_NOTES.md | 4 ++-- docs/development-mode.md | 2 +- docs/security.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/LICENSE b/LICENSE index 45f95f3..e160905 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2025 Clawdbot Contributors +Copyright (c) 2025 OpenClaw Contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/UPGRADE_NOTES.md b/UPGRADE_NOTES.md index 4625aea..85ac932 100644 --- a/UPGRADE_NOTES.md +++ b/UPGRADE_NOTES.md @@ -19,7 +19,7 @@ - Runs `pnpm install` and `pnpm build` - Symlinks `bin/openclaw.js` to `~/.local/bin/openclaw` - Adds aliases: `openclaw-rebuild`, `openclaw-dev`, `openclaw-pull` -- Sets `CLAWDBOT_DEV_DIR` environment variable +- Sets `OPENCLAW_DEV_DIR` environment variable **Usage**: ```bash @@ -87,7 +87,7 @@ ansible-playbook playbook.yml --ask-become-pass \ - Added Homebrew to PATH - Enhanced security with ProtectSystem and ProtectHome -### 8. Clawdbot Installation via pnpm +### 8. OpenClaw Installation via pnpm - **File**: `roles/openclaw/tasks/openclaw.yml` - Changed from `pnpm add -g` to `pnpm install -g openclaw@latest` - Added verification step diff --git a/docs/development-mode.md b/docs/development-mode.md index aacd5a9..8830172 100644 --- a/docs/development-mode.md +++ b/docs/development-mode.md @@ -184,7 +184,7 @@ The following aliases are added to `.bashrc`: Plus an environment variable: ```bash -export CLAWDBOT_DEV_DIR="$HOME/code/openclaw" +export OPENCLAW_DEV_DIR="$HOME/code/openclaw" ``` ## Configuration Variables diff --git a/docs/security.md b/docs/security.md index 80eff2d..1840b0f 100644 --- a/docs/security.md +++ b/docs/security.md @@ -7,7 +7,7 @@ description: Firewall configuration, Docker isolation, and security hardening de ## Overview -This playbook implements a multi-layer defense strategy to secure Clawdbot installations. +This playbook implements a multi-layer defense strategy to secure OpenClaw installations. ## Security Layers