From a73aefa8fda03acebba2d427d353b0aadd8b9bb3 Mon Sep 17 00:00:00 2001 From: SystemIdleProcess Date: Sat, 23 May 2026 04:13:57 -0400 Subject: [PATCH] IronClaw: Extra configuration during install to ensure Web Gateway can run (#14635) * configure gateway during install for best chance of it not getting disabled * add missing dbus-run-session on service * add back chmod to .env file * remove extra character * add back mkdir for /root/.ironclaw * remove erroneous msg blocks, service env values and tab in post completion gateway line --- ct/alpine-ironclaw.sh | 15 +++++++------ ct/ironclaw.sh | 17 ++++++++------- install/alpine-ironclaw-install.sh | 27 +++++++++++++++++++++--- install/ironclaw-install.sh | 34 +++++++++++++++++++++++------- 4 files changed, 67 insertions(+), 26 deletions(-) diff --git a/ct/alpine-ironclaw.sh b/ct/alpine-ironclaw.sh index a75943cc1..c55efe788 100644 --- a/ct/alpine-ironclaw.sh +++ b/ct/alpine-ironclaw.sh @@ -60,11 +60,12 @@ description msg_ok "Completed Successfully!\n" echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" -echo -e "${INFO}${YW} Complete setup by running:${CL}" -echo -e "${TAB}${BGN}ironclaw onboard${CL}" -echo -e "${INFO}${YW} Then start the service:${CL}" -echo -e "${TAB}${BGN}rc-service ironclaw start${CL}" -echo -e "${INFO}${YW} Access the Web UI at:${CL}" +echo -e "${INFO}${YW} Next Steps:${CL}" +echo -e "${TAB}1. Complete setup by running:${CL}" +echo -e "${TAB}${TAB}${BGN}/usr/local/bin/ironclaw onboard${CL}" +echo -e "${TAB}2. Start the service:${CL}" +echo -e "${TAB}${TAB}${BGN}rc-service ironclaw start${CL}" +echo -e "${TAB}3. Access the Web UI at:${CL}" echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}" -echo -e "${INFO}${YW} Auth token and database credentials:${CL}" -echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}" +echo -e "${INFO}${YW} Use Gateway Authentication Token to login:${CL}" +echo -e "${TAB}${TAB}${BGN}cat /root/.ironclaw/gateway.creds${CL}" diff --git a/ct/ironclaw.sh b/ct/ironclaw.sh index 82eddbac7..ff6db3334 100644 --- a/ct/ironclaw.sh +++ b/ct/ironclaw.sh @@ -40,7 +40,7 @@ function update_script() { msg_ok "Backed up Configuration" fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \ - "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz" + "ironclaw-$(uname -m)-unknown-linux-gnu.tar.gz" chmod +x /usr/local/bin/ironclaw msg_info "Restoring Configuration" @@ -62,11 +62,12 @@ description msg_ok "Completed Successfully!\n" echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" -echo -e "${INFO}${YW} Complete setup by running:${CL}" -echo -e "${TAB}${BGN}ironclaw onboard${CL}" -echo -e "${INFO}${YW} Then start the service:${CL}" -echo -e "${TAB}${BGN}systemctl start ironclaw${CL}" -echo -e "${INFO}${YW} Access the Web UI at:${CL}" +echo -e "${INFO}${YW} Next Steps:${CL}" +echo -e "${TAB}1. Configure remaining settings:${CL}" +echo -e "${TAB}${TAB}${BGN}/usr/local/bin/ironclaw onboard${CL}" +echo -e "${TAB}2. Start the service:${CL}" +echo -e "${TAB}${TAB}${BGN}systemctl start ironclaw${CL}" +echo -e "${TAB}3. Access the Web UI at:${CL}" echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}" -echo -e "${INFO}${YW} Auth token and database credentials:${CL}" -echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}" +echo -e "${INFO}${YW} Use Gateway Authentication Token to login:${CL}" +echo -e "${TAB}${TAB}${BGN}cat /root/.ironclaw/gateway.creds${CL}" diff --git a/install/alpine-ironclaw-install.sh b/install/alpine-ironclaw-install.sh index 65141f191..0a842a07b 100644 --- a/install/alpine-ironclaw-install.sh +++ b/install/alpine-ironclaw-install.sh @@ -35,20 +35,41 @@ fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz" chmod +x /usr/local/bin/ironclaw -msg_info "Configuring IronClaw" -mkdir -p /root/.ironclaw +msg_info "Configuring Environment" GATEWAY_TOKEN=$(openssl rand -hex 32) +mkdir -p /root/.ironclaw +{ + echo "Gateway-Token" + echo "Token: $GATEWAY_TOKEN" +} >> /root/.ironclaw/gateway.creds + +mkdir -p /root/.ironclaw cat </root/.ironclaw/.env +DATABASE_BACKEND=postgres DATABASE_URL=postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable GATEWAY_ENABLED=true GATEWAY_HOST=0.0.0.0 GATEWAY_PORT=3000 GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN} CLI_ENABLED=false -AGENT_NAME=ironclaw RUST_LOG=ironclaw=info,tower_http=info EOF chmod 600 /root/.ironclaw/.env +msg_ok "Configured Environment" + +msg_info "Configuring IronClaw" +# Set values in the database since it is typically the true source of truth and ensures values are set correctly on first run before the service starts. +/usr/local/bin/ironclaw --no-onboard config set database_backend postgres >/dev/null +/usr/local/bin/ironclaw --no-onboard config set database_url "postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable" >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_enabled true >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_host 0.0.0.0 >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_port 3000 >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_auth_token "${GATEWAY_TOKEN}" >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.cli_enabled false >/dev/null +/usr/local/bin/ironclaw --no-onboard config set secrets_master_key_source none >/dev/null +# Running ironclaw defaults to use env for secrets and creates this entry, but we want to set that during onboard. +sleep 5 +sed -i '/SECRETS_MASTER_KEY/d' /root/.ironclaw/.env msg_ok "Configured IronClaw" msg_info "Creating Service" diff --git a/install/ironclaw-install.sh b/install/ironclaw-install.sh index 07cbea755..83b63926a 100644 --- a/install/ironclaw-install.sh +++ b/install/ironclaw-install.sh @@ -24,23 +24,44 @@ PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql PG_DB_NAME="ironclaw" PG_DB_USER="ironclaw" PG_DB_EXTENSIONS="vector" setup_postgresql_db fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \ - "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz" + "ironclaw-$(uname -m)-unknown-linux-gnu.tar.gz" chmod +x /usr/local/bin/ironclaw -msg_info "Configuring IronClaw" -mkdir -p /root/.ironclaw +msg_info "Configuring Environment" GATEWAY_TOKEN=$(openssl rand -hex 32) +mkdir -p /root/.ironclaw +{ + echo "Gateway-Token" + echo "Token: $GATEWAY_TOKEN" +} >> /root/.ironclaw/gateway.creds + +mkdir -p /root/.ironclaw cat </root/.ironclaw/.env +DATABASE_BACKEND=postgres DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable GATEWAY_ENABLED=true GATEWAY_HOST=0.0.0.0 GATEWAY_PORT=3000 GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN} CLI_ENABLED=false -AGENT_NAME=ironclaw RUST_LOG=ironclaw=info,tower_http=info EOF chmod 600 /root/.ironclaw/.env +msg_ok "Configured Environment" + +msg_info "Configuring IronClaw" +# Set values in the database since it is typically the true source of truth and ensures values are set correctly on first run before the service starts. +/usr/local/bin/ironclaw --no-onboard config set database_backend postgres >/dev/null +/usr/local/bin/ironclaw --no-onboard config set database_url "postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable" >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_enabled true >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_host 0.0.0.0 >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_port 3000 >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.gateway_auth_token "${GATEWAY_TOKEN}" >/dev/null +/usr/local/bin/ironclaw --no-onboard config set channels.cli_enabled false >/dev/null +/usr/local/bin/ironclaw --no-onboard config set secrets_master_key_source none >/dev/null +# Running ironclaw defaults to use env for secrets and creates this entry, but we want to set that during onboard. +sleep 5 +sed -i '/SECRETS_MASTER_KEY/d' /root/.ironclaw/.env msg_ok "Configured IronClaw" msg_info "Creating Service" @@ -51,10 +72,7 @@ After=network.target postgresql.service [Service] Type=simple -User=root -WorkingDirectory=/root -EnvironmentFile=/root/.ironclaw/.env -ExecStart=/usr/bin/dbus-run-session /usr/local/bin/ironclaw +ExecStart=/usr/bin/dbus-run-session /usr/local/bin/ironclaw run Restart=on-failure RestartSec=5