chore: submit remaining playbooks changes

2026-05-02 19:41:38 +08:00 · 2026-05-02 19:41:38 +08:00 · d3efb08e8d
commit d3efb08e8d
parent 54b234b2bc
5 changed files with 170 additions and 28 deletions
--- a/inventory.ini
+++ b/inventory.ini
@ -1,8 +1,16 @@
 # Vhosts
 [cn_front_host]
-# services: cn-front.svc.plus
+# services: cn-front.svc.plus, cn-homepage.svc.plus
 cn-front.svc.plus ansible_host=47.120.61.35 ansible_user=root ansible_ssh_user=root firewall_manage_ufw=false service_domains=cn-front.svc.plus

+[cn_homepage_host]
+# services: cn-homepage.svc.plus
+cn-homepage.svc.plus ansible_host=47.120.61.35 ansible_user=root ansible_ssh_user=root
+
+[global_homepage_host]
+# services: global-homepage.svc.plus
+global-homepage.svc.plus ansible_host=46.250.251.132 ansible_user=root ansible_ssh_user=root
+
 [jp_xhttp_contabo_host]
 # services: api.svc.plus, console.svc.plus, docs.svc.plus, accounts.svc.plus, xworkmate-bridge.svc.plus, xworkmate-bridge.svc.plus, vault.svc.plus, xworkmate-bridge.svc.plus/gateway/openclaw, postgresql.svc.plus
 jp-xhttp-contabo.svc.plus ansible_host=46.250.251.132 ansible_user=root ansible_ssh_user=root service_domains=api.svc.plus,console.svc.plus,docs.svc.plus,accounts.svc.plus,xworkmate-bridge.svc.plus,xworkmate-bridge.svc.plus,vault.svc.plus,xworkmate-bridge.svc.plus/gateway/openclaw,postgresql.svc.plus xray_exporter_node_id_custom=jp-xhttp-contabo.svc.plus
--- a/roles/vhosts/OpenResty/tasks/main.yml
+++ b/roles/vhosts/OpenResty/tasks/main.yml
@ -1,3 +1,10 @@
+- name: Update apt cache
+  apt:
+    update_cache: true
+    cache_valid_time: 3600
+  # 检查模式下不更新缓存，仅检查 package
+  when: not ansible_check_mode
+
 - name: Install prerequisites for OpenResty
  apt:
    name:
@ -5,7 +12,6 @@
      - gnupg
      - apt-transport-https
    state: present
-    update_cache: true

 - name: Import OpenResty GPG key
  shell: |
@ -26,7 +32,6 @@
  apt:
    name: openresty
    state: present
-    update_cache: true

 - name: Ensure sites-available directory exists
  file:
@ -70,6 +75,7 @@
    name: openresty
    enabled: true
    state: started
+  # systemd 模块在 -C 模式下安全检查，不会实际启停

 - name: Verify OpenResty core API
  shell: |
@ -80,3 +86,5 @@
  retries: 5
  delay: 3
  until: openresty_verify.rc == 0
+  # 检查模式不重启服务，跳过验证避免误报
+  when: not ansible_check_mode
--- a/roles/vhosts/gateway_openclaw/defaults/main.yml
+++ b/roles/vhosts/gateway_openclaw/defaults/main.yml
@ -46,5 +46,35 @@ gateway_openclaw_codex_app_server_url: ws://127.0.0.1:9001

 gateway_openclaw_default_primary_model: glm-5.1:cloud
 gateway_openclaw_main_agent_model: ollama/minimax-m2.7:cloud
+gateway_openclaw_main_agent_skills:
+  - acp-router
+  - bluebubbles
+  - find-skills
+  - gemini
+  - github
+  - healthcheck
+  - mcporter
+  - model-usage
+  - node-connect
+  - notebooklm
+  - Self-Improving + Proactive Agent
+  - skill-creator
+  - summarize
+  - xurl
+  - clawhub
+  - coding-agent
+  - gh-issues
+  - session-logs
+  - word-docx
+  - excel-xlsx
+  - pdf
+  - powerpoint-pptx
+  - image-resizer
+  - browser-automation
+  - image-cog
+  - wan-image-video-generation-editting
+  - video-translator
+  - web-search
+  - self-improving
 gateway_openclaw_ollama_api_key: ""
 gateway_openclaw_model_provider_base_url: https://ollama.com
--- a/roles/vhosts/gateway_openclaw/tasks/main.yml
+++ b/roles/vhosts/gateway_openclaw/tasks/main.yml
@ -119,6 +119,126 @@
  diff: false
  notify: Restart openclaw gateway

+- name: Ensure OpenClaw user systemd unit directory exists
+  ansible.builtin.file:
+    path: "{{ gateway_openclaw_user_service_unit_path | dirname }}"
+    state: directory
+    owner: "{{ gateway_openclaw_service_user }}"
+    group: "{{ gateway_openclaw_service_group }}"
+    mode: "0755"
+
+- name: Deploy OpenClaw user systemd unit
+  ansible.builtin.template:
+    src: openclaw-gateway.user.service.j2
+    dest: "{{ gateway_openclaw_user_service_unit_path }}"
+    owner: "{{ gateway_openclaw_service_user }}"
+    group: "{{ gateway_openclaw_service_group }}"
+    mode: "0644"
+  register: gateway_openclaw_user_service_unit
+
+- name: Deploy OpenClaw user systemd shell environment
+  ansible.builtin.template:
+    src: openclaw-user-systemd.sh.j2
+    dest: "{{ gateway_openclaw_profile_script_path }}"
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Enable OpenClaw service user linger
+  ansible.builtin.command:
+    cmd: "loginctl enable-linger {{ gateway_openclaw_service_user }}"
+    creates: "/var/lib/systemd/linger/{{ gateway_openclaw_service_user }}"
+  when:
+    - not ansible_check_mode
+
+- name: Ensure OpenClaw service user manager is running
+  ansible.builtin.systemd:
+    name: "user@{{ gateway_openclaw_service_uid }}.service"
+    state: started
+  when:
+    - not ansible_check_mode
+
+- name: Stop and disable stale root-managed OpenClaw gateway service
+  ansible.builtin.systemd:
+    name: "{{ gateway_openclaw_service_name }}"
+    enabled: false
+    state: stopped
+  failed_when: false
+  when:
+    - not ansible_check_mode
+
+- name: Inspect stale OpenClaw gateway root systemd unit attributes
+  ansible.builtin.command:
+    cmd: lsattr "{{ gateway_openclaw_service_unit_path }}"
+  register: gateway_openclaw_unit_attrs
+  changed_when: false
+  failed_when: false
+
+- name: Remove immutable flag from stale OpenClaw gateway root systemd unit when present
+  ansible.builtin.command:
+    cmd: chattr -i "{{ gateway_openclaw_service_unit_path }}"
+  when:
+    - "'i' in (gateway_openclaw_unit_attrs.stdout | default(''))"
+  changed_when: true
+
+- name: Remove stale root-managed OpenClaw gateway systemd unit
+  ansible.builtin.file:
+    path: "{{ gateway_openclaw_service_unit_path }}"
+    state: absent
+  register: gateway_openclaw_removed_root_service_unit
+
+- name: Reload root systemd after removing stale OpenClaw gateway unit
+  ansible.builtin.systemd:
+    daemon_reload: true
+  when:
+    - gateway_openclaw_removed_root_service_unit.changed | default(false)
+    - not ansible_check_mode
+
+- name: Reload OpenClaw user systemd manager
+  ansible.builtin.command:
+    cmd: systemctl --user daemon-reload
+  environment:
+    HOME: "{{ gateway_openclaw_home }}"
+    XDG_RUNTIME_DIR: "/run/user/{{ gateway_openclaw_service_uid }}"
+    DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ gateway_openclaw_service_uid }}/bus"
+  become: true
+  become_user: "{{ gateway_openclaw_service_user }}"
+  changed_when: false
+  when:
+    - not ansible_check_mode
+
+- name: Ensure OpenClaw user gateway service is enabled and running
+  ansible.builtin.command:
+    cmd: >-
+      systemctl --user enable
+      {{ '--now' if not (gateway_openclaw_user_service_unit.changed | default(false)) else '' }}
+      {{ gateway_openclaw_service_name }}.service
+  environment:
+    HOME: "{{ gateway_openclaw_home }}"
+    XDG_RUNTIME_DIR: "/run/user/{{ gateway_openclaw_service_uid }}"
+    DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ gateway_openclaw_service_uid }}/bus"
+  become: true
+  become_user: "{{ gateway_openclaw_service_user }}"
+  register: gateway_openclaw_user_service_enable
+  changed_when: >-
+    'Created symlink' in (gateway_openclaw_user_service_enable.stdout | default('')) or
+    'Created symlink' in (gateway_openclaw_user_service_enable.stderr | default(''))
+  when:
+    - not ansible_check_mode
+
+- name: Restart OpenClaw user gateway service after unit changes
+  ansible.builtin.command:
+    cmd: "systemctl --user restart {{ gateway_openclaw_service_name }}.service"
+  environment:
+    HOME: "{{ gateway_openclaw_home }}"
+    XDG_RUNTIME_DIR: "/run/user/{{ gateway_openclaw_service_uid }}"
+    DBUS_SESSION_BUS_ADDRESS: "unix:path=/run/user/{{ gateway_openclaw_service_uid }}/bus"
+  become: true
+  become_user: "{{ gateway_openclaw_service_user }}"
+  when:
+    - gateway_openclaw_user_service_unit.changed | default(false)
+    - not ansible_check_mode
+
 - name: Inspect OpenClaw package manifest
  ansible.builtin.stat:
    path: "{{ gateway_openclaw_install_dir }}/package.json"
--- a/roles/vhosts/gateway_openclaw/templates/openclaw.json.j2
+++ b/roles/vhosts/gateway_openclaw/templates/openclaw.json.j2
@ -38,26 +38,7 @@
      {
        "id": "main",
        "model": {{ gateway_openclaw_main_agent_model | to_json }},
-        "skills": [
-          "acp-router",
-          "bluebubbles",
-          "find-skills",
-          "gemini",
-          "github",
-          "healthcheck",
-          "mcporter",
-          "model-usage",
-          "node-connect",
-          "notebooklm",
-          "Self-Improving + Proactive Agent",
-          "skill-creator",
-          "summarize",
-          "xurl",
-          "clawhub",
-          "coding-agent",
-          "gh-issues",
-          "session-logs"
-        ]
+        "skills": {{ gateway_openclaw_main_agent_skills | unique | list | to_json }}
      }
    ]
  },
@ -190,11 +171,6 @@
      "device-pair": {"enabled": false},
      "phone-control": {"enabled": false},
      "talk-voice": {"enabled": false}
-    },
-    "load": {
-      "paths": [
-        "/usr/lib/node_modules/openclaw/dist/extensions/acpx"
-      ]
    }
  }
 }