Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub ยท Developer Tools
Ansible
Infrastructure automation with Ansible. Use for server provisioning, configuration management, application deployment, and multi-host orchestration. Includes playbooks for OpenClaw VPS setup, security hardening, and common server configurations.
skill openclawclawhub Free
Infrastructure automation with Ansible. Use for server provisioning, configuration management, application deployment, and multi-host orchestration. Includes playbooks for OpenClaw VPS setup, security hardening, and common server configurations.
โฌ 0 downloads โ
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- SKILL.md, ansible.cfg, inventory/group_vars/all.yml, inventory/hosts.yml, playbooks/openclaw-vps.yml, playbooks/security.yml
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 0.1.0
Provenance
- Publisher
- botond-rackhost
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Ansible Skill
Infrastructure as Code automation for server provisioning, configuration management, and orchestration.
Prerequisites
# Install Ansible pip install ansible # Or on macOS brew install ansible # Verify ansible --version
Run Your First Playbook
# Test connection ansible all -i inventory/hosts.yml -m ping # Run playbook ansible-playbook -i inventory/hosts.yml playbooks/site.yml # Dry run (check mode) ansible-playbook -i inventory/hosts.yml playbooks/site.yml --check # With specific tags ansible-playbook -i inventory/hosts.yml playbooks/site.yml --tags "security,nodejs"
Directory Structure
skills/ansible/ โโโ SKILL.md # This file โโโ inventory/ # Host inventories โ โโโ hosts.yml # Main inventory โ โโโ group_vars/ # Group variables โโโ playbooks/ # Runnable playbooks โ โโโ site.yml # Master playbook โ โโโ openclaw-vps.yml # OpenClaw VPS setup โ โโโ security.yml # Security hardening โโโ roles/ # Reusable roles โ โโโ common/ # Base system setup โ โโโ security/ # Hardening (SSH, fail2ban, UFW) โ โโโ nodejs/ # Node.js installation โ โโโ openclaw/ # OpenClaw installation โโโ references/ # Documentation โโโ best-practices.md โโโ modules-cheatsheet.md โโโ troubleshooting.md
Inventory
Define your hosts in inventory/hosts.yml: all: children: vps: hosts: eva: ansible_host: 217.13.104.208 ansible_user: root ansible_ssh_pass: "{{ vault_eva_password }}" plane: ansible_host: 217.13.104.99 ansible_user: asdbot ansible_ssh_private_key_file: ~/.ssh/id_ed25519_plane openclaw: hosts: eva:
Playbooks
- Entry points for automation:
- # playbooks/site.yml - Master playbook
- ---
- name: Configure all servers
- hosts: all
- become: yes
- roles:
- - common
- - security
- name: Setup OpenClaw servers
- hosts: openclaw
- become: yes
- roles:
- - nodejs
- - openclaw
Roles
- Reusable, modular configurations:
- # roles/common/tasks/main.yml
- ---
- name: Update apt cache
- ansible.builtin.apt:
- update_cache: yes
- cache_valid_time: 3600
- when: ansible_os_family == "Debian"
- name: Install essential packages
- ansible.builtin.apt:
- name:
- - curl
- - wget
- - git
- - htop
- - vim
- - unzip
- state: present
1. common
Base system configuration: System updates Essential packages Timezone configuration User creation with SSH keys
2. security
Hardening following CIS benchmarks: SSH hardening (key-only, no root) fail2ban for brute-force protection UFW firewall configuration Automatic security updates
3. nodejs
Node.js installation via NodeSource: Configurable version (default: 22.x LTS) npm global packages pm2 process manager (optional)
4. openclaw
Complete OpenClaw setup: Node.js (via nodejs role) OpenClaw npm installation Systemd service Configuration file setup
Pattern 1: New VPS Setup (OpenClaw)
# 1. Add host to inventory cat >> inventory/hosts.yml << 'EOF' newserver: ansible_host: 1.2.3.4 ansible_user: root ansible_ssh_pass: "initial_password" deploy_user: asdbot deploy_ssh_pubkey: "ssh-ed25519 AAAA... asdbot" EOF # 2. Run OpenClaw playbook ansible-playbook -i inventory/hosts.yml playbooks/openclaw-vps.yml \ --limit newserver \ --ask-vault-pass # 3. After initial setup, update inventory to use key auth # ansible_user: asdbot # ansible_ssh_private_key_file: ~/.ssh/id_ed25519
Pattern 2: Security Hardening Only
ansible-playbook -i inventory/hosts.yml playbooks/security.yml \ --limit production \ --tags "ssh,firewall"
Pattern 3: Rolling Updates
# Update one server at a time ansible-playbook -i inventory/hosts.yml playbooks/update.yml \ --serial 1
Pattern 4: Ad-hoc Commands
# Check disk space on all servers ansible all -i inventory/hosts.yml -m shell -a "df -h" # Restart service ansible openclaw -i inventory/hosts.yml -m systemd -a "name=openclaw state=restarted" # Copy file ansible all -i inventory/hosts.yml -m copy -a "src=./file.txt dest=/tmp/"
Group Variables
# inventory/group_vars/all.yml --- timezone: Europe/Budapest deploy_user: asdbot ssh_port: 22 # Security security_ssh_password_auth: false security_ssh_permit_root: false security_fail2ban_enabled: true security_ufw_enabled: true security_ufw_allowed_ports: - 22 - 80 - 443 # Node.js nodejs_version: "22.x"
Vault for Secrets
# Create encrypted vars file ansible-vault create inventory/group_vars/all/vault.yml # Edit encrypted file ansible-vault edit inventory/group_vars/all/vault.yml # Run with vault ansible-playbook site.yml --ask-vault-pass # Or use vault password file ansible-playbook site.yml --vault-password-file ~/.vault_pass Vault file structure: # inventory/group_vars/all/vault.yml --- vault_eva_password: "y8UGHR1qH" vault_deploy_ssh_key: | -----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY-----
Common Modules
ModulePurposeExampleaptPackage management (Debian)apt: name=nginx state=presentyumPackage management (RHEL)yum: name=nginx state=presentcopyCopy filescopy: src=file dest=/path/templateTemplate files (Jinja2)template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conffileFile/directory managementfile: path=/dir state=directory mode=0755userUser managementuser: name=asdbot groups=sudo shell=/bin/bashauthorized_keySSH keysauthorized_key: user=asdbot key="{{ ssh_key }}"systemdService managementsystemd: name=nginx state=started enabled=yesufwFirewall (Ubuntu)ufw: rule=allow port=22 proto=tcplineinfileEdit single linelineinfile: path=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin no'gitClone reposgit: repo=https://github.com/x/y.git dest=/opt/ynpmnpm packagesnpm: name=openclaw global=yescommandRun commandcommand: /opt/script.shshellRun shell commandshell: cat /etc/passwd | grep root
1. Always Name Tasks
- # Good
- name: Install nginx web server
- apt:
- name: nginx
- state: present
- # Bad
- apt: name=nginx
2. Use FQCN (Fully Qualified Collection Names)
- # Good
- ansible.builtin.apt:
- name: nginx
- # Acceptable but less clear
- apt:
- name: nginx
3. Explicit State
- # Good - explicit state
- ansible.builtin.apt:
- name: nginx
- state: present
- # Bad - implicit state
- ansible.builtin.apt:
- name: nginx
4. Idempotency
- Write tasks that can run multiple times safely:
- # Good - idempotent
- name: Ensure config line exists
- ansible.builtin.lineinfile:
- path: /etc/ssh/sshd_config
- regexp: '^PasswordAuthentication'
- line: 'PasswordAuthentication no'
- # Bad - not idempotent
- name: Add config line
- ansible.builtin.shell: echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
5. Use Handlers for Restarts
- # tasks/main.yml
- name: Update SSH config
- ansible.builtin.template:
- src: sshd_config.j2
- dest: /etc/ssh/sshd_config
- notify: Restart SSH
- # handlers/main.yml
- name: Restart SSH
- ansible.builtin.systemd:
- name: sshd
- state: restarted
6. Tags for Selective Runs
- name: Security tasks
- ansible.builtin.include_tasks: security.yml
- tags: [security, hardening]
- name: App deployment
- ansible.builtin.include_tasks: deploy.yml
- tags: [deploy, app]
Connection Issues
# Test SSH connection manually ssh -v user@host # Debug Ansible connection ansible host -i inventory -m ping -vvv # Check inventory parsing ansible-inventory -i inventory --list
Common Errors
"Permission denied" Check SSH key permissions: chmod 600 ~/.ssh/id_* Verify user has sudo access Add become: yes to playbook "Host key verification failed" Add to ansible.cfg: host_key_checking = False Or add host key: ssh-keyscan -H host >> ~/.ssh/known_hosts "Module not found" Use FQCN: ansible.builtin.apt instead of apt Install collection: ansible-galaxy collection install community.general
Debugging Playbooks
# Verbose output ansible-playbook site.yml -v # Basic ansible-playbook site.yml -vv # More ansible-playbook site.yml -vvv # Maximum # Step through tasks ansible-playbook site.yml --step # Start at specific task ansible-playbook site.yml --start-at-task="Install nginx" # Check mode (dry run) ansible-playbook site.yml --check --diff
From OpenClaw Agent
# Run playbook via exec tool exec command="ansible-playbook -i skills/ansible/inventory/hosts.yml skills/ansible/playbooks/openclaw-vps.yml --limit eva" # Ad-hoc command exec command="ansible eva -i skills/ansible/inventory/hosts.yml -m shell -a 'systemctl status openclaw'"
Storing Credentials
Use OpenClaw's Vaultwarden integration: # Get password from vault cache PASSWORD=$(.secrets/get-secret.sh "VPS - Eva") # Use in ansible (not recommended - use ansible-vault instead) ansible-playbook site.yml -e "ansible_ssh_pass=$PASSWORD" Better: Store in Ansible Vault and use --ask-vault-pass.
References
references/best-practices.md - Detailed best practices guide references/modules-cheatsheet.md - Common modules quick reference references/troubleshooting.md - Extended troubleshooting guide
External Resources
Ansible Documentation Ansible Galaxy - Community roles geerlingguy roles - High quality roles Ansible for DevOps - Book by Jeff Geerling
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
4 Config1 Docs1 Files
- SKILL.md
- inventory/group_vars/all.yml
- inventory/hosts.yml
- playbooks/openclaw-vps.yml
- playbooks/security.yml
- ansible.cfg