openclaw/openclaw-ansible
openclaw/openclaw-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
104 Commits 2 Branches 1 Tag 244 KiB
main
Commit Graph

104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lars W. Andersen
53886a2935
perf: skip recursive pnpm chown without drift
Some checks failed
Lint / YAML Lint (push) Has been cancelled
Details
Lint / Ansible Lint (push) Has been cancelled
Details
Lint / Ansible Syntax Check (push) Has been cancelled
Details 
Avoids the expensive recursive pnpm ownership fix on clean deploys while still repairing subtree drift when detected.
 2026-05-06 07:43:03 +01:00
Faycal Said
0427d13fb8
fix: resolve ansible lint issues 
Fixes lint issues and expands PR CI coverage to the development branch.
 2026-05-06 07:41:25 +01:00
AndyML
fd935a8b5a
Merge pull request #40 from faycalsaid/feature/ansible-galaxy-collection-setup
Some checks failed
Lint / YAML Lint (push) Has been cancelled
Details
Lint / Ansible Lint (push) Has been cancelled
Details
Lint / Ansible Syntax Check (push) Has been cancelled
Details 
Transform openclaw into Ansible Galaxy collection
 2026-03-11 12:29:44 -04:00
Andy Lauppe
43716564f1 Merge origin/main into collection refactor 2026-03-11 12:28:47 -04:00
faycalsaid
52dd87f96b Fix template source path for collection playbook runs 2026-03-11 13:50:24 +01:00
faycalsaid
3fa9f5b8bb Reorganized the README.md 
Move Installation as Ansible Collection" after the Manual Installation section
 2026-03-11 13:41:24 +01:00
faycalsaid
8458342776 Fixed Template Paths: Resolved the pathing issue for the welcome script. It now correctly resolves the template location whether the playbook is run from the root (playbook.yml) or the subdirectory (playbooks/install.yml). 
README Updates: Added a generic example for including the openclaw.installer.openclaw role in external playbooks.
 2026-03-11 13:25:19 +01:00
AndyML
e572112398
Merge pull request #30 from sryabkov/doc-fix-260224 
Update repo references in documentation
 2026-03-11 00:55:36 -04:00
AndyML
b50842161e
Merge pull request #38 from da22le123/patch-1 
Update playbook.yml: logically swap variables
 2026-03-11 00:53:02 -04:00
Andy Lauppe
be2eaca0d6 fix(playbook): clarify OS detection and support checks 
Co-authored-by: Illia Pavelko <ilia1892006@gmail.com>
 2026-03-11 00:52:02 -04:00
AndyML
5a2e510f7a
Merge pull request #31 from sryabkov/install-fix-260224 
update `install.sh`: check for/install git, fix step numbering
 2026-03-11 00:40:43 -04:00
Andy Lauppe
a8f68978ad fix(install): install ansible and git together when needed 
Co-authored-by: Sergei Ryabkov <sergei@ryabkov.com>
 2026-03-11 00:39:28 -04:00
AndyML
e59a42acee
Merge pull request #29 from baldwinsung/sudo_ask_become 
check if user has full passwordless sudo privileges
 2026-03-11 00:35:33 -04:00
Andy Lauppe
c06b594ec3 fix(run-playbook): clarify passwordless sudo handling 
Co-authored-by: Baldwin Sung <baldwinsung@users.noreply.github.com>
 2026-03-11 00:33:32 -04:00
AndyML
f0a273500b
Merge pull request #39 from ninjaa/fix/dev-entrypoint-detection 
fix(dev-install): detect OpenClaw CLI entrypoint dynamically
 2026-03-11 00:27:25 -04:00
Andy Lauppe
4cc27b4993 fix(dev-install): resolve CLI entrypoint from metadata with fallbacks 
Co-authored-by: Aditya Advani <aditya@moltpod.com>
 2026-03-11 00:25:31 -04:00
Andy Lauppe
9e1a918d6e fix(collection): preserve standalone workflows and role boundaries 2026-03-11 00:06:01 -04:00
faycalsaid
f8e08c9c5a fix: restore CI compatibility and add ACL bootstrap to remote deployment 2026-03-10 10:51:55 +01:00
faycalsaid
722f3d74ee Transform openclaw into Ansible Galaxy collection 
- Restructure repository to follow Ansible collection standards
- Create roles directory with openclaw role and tasks
- Add galaxy.yml, requirements.yml, and collection metadata
 2026-03-09 14:28:40 +01:00
Baldwin Sung
8142c000c7 Revert "Consolidate .gitignore with unified ignore rules" 
This reverts commit 0cbe428144.
 2026-03-05 16:20:00 -05:00
Baldwin Sung
0cbe428144 Consolidate .gitignore with unified ignore rules 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-05 16:12:40 -05:00
Aditya Advani
2c6e22e746 fix(dev-install): resolve OpenClaw CLI entrypoint path dynamically 2026-03-05 20:05:11 +00:00
Illia Pavelko
21611e0379
Update playbook.yml 
is_linux true if either Debian or Ubuntu

is_debian when ansible_os_family == 'Debian'
 2026-03-05 09:43:57 +01:00
Sergei Ryabkov
6b48d85dc5 check for/install git, fix step numbering 2026-02-24 16:45:44 -05:00
Sergei Ryabkov
ffacecc7a5 update repo references in documentation 2026-02-24 12:27:49 -05:00
Baldwin Sung
0678c15b65 fixes https://github.com/openclaw/openclaw-ansible/issues/28 2026-02-23 16:28:45 -05:00
Andy Lauppe
862ab49e7f Merge PR #25: Fix critical directory bootstrap bug 2026-02-21 22:20:13 -05:00
Andy Lauppe
b99d89e034 Make DBUS_SESSION_BUS_ADDRESS deterministic in login shells 
Export DBUS_SESSION_BUS_ADDRESS from XDG_RUNTIME_DIR whenever unset so user-scope systemd/dbus clients have a predictable bus address in login shells.
 2026-02-21 16:01:30 -05:00
Andy Lauppe
65c272a5ca Parameterize active-path openclaw user/home handling 
Apply user/home parameterization in active install paths and verification:
- parameterize user creation, sudoers path/content, dbus/runtime/ssh ownership tasks
- parameterize post-task welcome file + .bashrc path
- parameterize post-install next-step message in openclaw.yml
- make run-playbook instructions honor openclaw_user via -e/--extra-vars or OPENCLAW_USER
- update tests to verify parameterized user and sudoers path

Co-authored-by: Cristian Adamo <cristian.adamo@gmail.com>
 2026-02-21 09:48:42 -05:00
Stepan Pointer
34f41003cd fix 2026-02-19 03:25:39 +05:00
AndyML
badcb65df7
Merge pull request #16 from hintjen/remove-macos-support 
Remove macos support
 2026-02-13 16:45:30 -05:00
Justin
35b1441397 fix: update remaining clawdbot references to openclaw 
- Update LICENSE copyright from Clawdbot to OpenClaw Contributors
- Change CLAWDBOT_DEV_DIR to OPENCLAW_DEV_DIR in docs and upgrade notes
- Update security.md overview text
- Update UPGRADE_NOTES.md section heading

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-13 14:15:22 -06:00
Justin
aa084466b7 fix: use canonical authorized_key FQCN and update remaining clawdbot refs 
- Add ansible.posix collection to requirements.yml (>=1.5.0)
- Change ansible.builtin.authorized_key to ansible.posix.authorized_key
- Update documentation references from clawdbot to openclaw
- Fix Jinja2 template lstrip_blocks to use boolean instead of string

Addresses PR #16 maintainer feedback for clawdbot → openclaw rename.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-13 14:11:11 -06:00
Justin
1f552e482c fix: apply all missing bug fixes and improvements from PR #16 
Complete functional parity with PR #16 while preserving openclaw naming.

Initial fixes (7):
- Add home directory ownership fix to prevent permission errors
- Move .bashrc configuration from system-tools to user.yml
- Add ci_test conditionals to all systemd-related tasks
- Fix binary path resolution (use PATH instead of hardcoded paths)
- Remove all Homebrew path references
- Update pnpm installation to use idempotent check-first approach
- Change apt upgrade to use ci_test conditional

Additional fixes from comprehensive double-check (7):
- Use ansible.builtin.authorized_key instead of ansible.posix
- Remove ansible.posix collection dependency from requirements.yml
- Remove "Connect Tailscale VPN" from completion message (now optional)
- Add comprehensive security entries to .gitignore
- Add network interface validation in firewall configuration
- Improve pnpm config idempotency with proper change detection
- Add install_mode validation with clear error messages

Files modified: 12
- .gitignore: Added security-related ignore patterns
- playbook.yml: Fixed apt upgrade conditional
- requirements.yml: Removed ansible.posix dependency
- run-playbook.sh: Removed optional Tailscale from completion
- roles/openclaw/tasks/user.yml: Multiple critical fixes
- roles/openclaw/tasks/system-tools-linux.yml: Removed .bashrc config
- roles/openclaw/tasks/firewall-linux.yml: Added validation
- roles/openclaw/tasks/nodejs.yml: Improved pnpm check
- roles/openclaw/tasks/openclaw.yml: Added validation and idempotency
- roles/openclaw/tasks/openclaw-release.yml: Fixed paths
- roles/openclaw/tasks/openclaw-development.yml: Fixed paths
- roles/openclaw/templates/openclaw-host.service.j2: Fixed PATH and ExecStart

All functional changes from PR #16 are now incorporated with correct
openclaw naming throughout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:45:41 -06:00
Justin
42a882b87b fix: create .bash_profile to source .bashrc for login shells 
Fixes environment not loading when using 'sudo su - openclaw'.
Login shells need .bash_profile to source .bashrc.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:27:38 -06:00
Justin
76fcee88c9 Revert "fix: add critical bug fixes from PR #16" 
This reverts commit 3f5d9aa753.
 2026-02-10 09:27:29 -06:00
Justin
3f5d9aa753 fix: add critical bug fixes from PR #16 
Bug fixes:
- Create .bash_profile to source .bashrc for login shells
  (fixes environment not loading for sudo su - openclaw)
- Simplify install.sh to only install dependencies
  (no longer downloads/runs playbook automatically)
- Update install.sh messaging and instructions

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:27:06 -06:00
Justin
f9a8c9eb19 feat: add Tailscale optional support and CI test harness 
Major changes:
- Make Tailscale optional (tailscale_enabled: false by default)
- Add ci_test mode to skip Docker/firewall/systemd tasks in CI
- Add Docker-based CI test harness (convergence, verification, idempotency)
- Convert show-lobster.sh to template for conditional Tailscale display
- Update firewall to conditionally open Tailscale port

CI Test Harness:
- tests/Dockerfile.ubuntu2404 - Ubuntu container with Ansible
- tests/entrypoint.sh - Test execution (convergence → verify → idempotency)
- tests/verify.yml - Post-install assertions
- tests/run-tests.sh - Local test runner
- Validates ~75% of playbook (skips Docker-in-Docker, firewall, systemd)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:25:52 -06:00
Justin
6a1e762e3c refactor: remove macOS support for security concerns 
Remove bare-metal macOS support due to system-level permission risks.
Linux-only deployment provides better security isolation.

Changes:
- Remove macOS-specific task files (firewall, docker, tailscale, system-tools)
- Remove Homebrew and zsh dependencies (Linux-only now)
- Add macOS detection with explicit failure message
- Update README with deprecation notice and rationale
- Simplify install.sh to Debian/Ubuntu only
- Remove multi-OS orchestrator files

Security rationale: System-level modifications on primary host OS
introduce significant risks. Future support may use virtualization.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-10 09:20:45 -06:00
Andy Lauppe
1f60554617 Merge main into rename PR with security improvements 
Resolves conflicts between OpenClaw rename and security hardening:
- Applied scoped sudo permissions with openclaw naming
- Added dynamic UID to service template
- Merged security features (fail2ban, unattended-upgrades)
- Added ansible.posix collection and fixed authorized_key FQCN
- Updated comments to reference OpenClaw instead of Clawdbot

Co-Authored-By: olsonale <olsonale@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-10 08:46:53 -05:00
AndyML
b75be9f745
Merge pull request #11 from alauppe/fix/security-hardening 
fix(security): harden installation with scoped sudo, fail2ban, and auto-updates
 2026-02-05 22:59:52 -05:00
Andy Lauppe
1345440066 refactor(security): improve sudoers docs and scope tailscale 
- Add documentation to sudoers explaining security rationale
- Include instructions for operators to expand permissions if needed
- Scope tailscale to: status, up, down, ip, version, ping, whois
- Add note about up/down allowing flags like --advertise-exit-node
- Document daemon-reload affecting all units
- Remove redundant fail2ban config (logpath, duplicate maxretry/bantime)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 22:59:26 -05:00
AndyML
d21ce8b859
Merge pull request #5 from jayakornk/fix-acl-error-linux 
Install ACL package for privilege escalation on Linux systems
 2026-02-05 10:58:36 -05:00
Andy Lauppe
40ebe90477 Install ACL package for privilege escalation on Linux 
Simplified condition from `is_linux and not is_macos` to `is_linux`
since these are mutually exclusive (is_linux checks for Debian family).

Co-Authored-By: Jayakorn Karikan <jayakornk@users.noreply.github.com>
Co-Authored-By: Andy Lauppe <andy@lauppe.org>
 2026-02-05 10:58:05 -05:00
AndyML
d965aa66a5
Merge pull request #4 from Xyz3R/fix-env 
Add Homebrew to path (linux) broken due to cleared env
 2026-02-05 01:40:01 -05:00
Alec Olson
5c93fa37c3 Update playbook.yml 2026-02-03 13:00:17 -07:00
Alec Olson
dd50f73d85 docs: update documentation for OpenClaw rename 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 21:33:04 -07:00
Alec Olson
af9bcd001e refactor: update user-facing text from Clawdbot to OpenClaw 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 21:29:54 -07:00
Alec Olson
8a012e7047 refactor: update GitHub and documentation URLs 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 21:26:58 -07:00
Alec Olson
1e31e95d14 refactor: update npm package from clawdbot to openclaw 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-02 21:25:23 -07:00