ansible-skillInfrastructure automation with Ansible. Use for server provisioning, configuration management, application deployment, and multi-host orchestration. Includes playbooks for OpenClaw VPS setup, security hardening, and common server configurations.
Install via ClawdBot CLI:
clawdbot install botond-rackhost/ansible-skillInfrastructure as Code automation for server provisioning, configuration management, and orchestration.
# Install Ansible
pip install ansible
# Or on macOS
brew install ansible
# Verify
ansible --version# Test connection
ansible all -i inventory/hosts.yml -m ping
# Run playbook
ansible-playbook -i inventory/hosts.yml playbooks/site.yml
# Dry run (check mode)
ansible-playbook -i inventory/hosts.yml playbooks/site.yml --check
# With specific tags
ansible-playbook -i inventory/hosts.yml playbooks/site.yml --tags "security,nodejs"skills/ansible/
āāā SKILL.md # This file
āāā inventory/ # Host inventories
ā āāā hosts.yml # Main inventory
ā āāā group_vars/ # Group variables
āāā playbooks/ # Runnable playbooks
ā āāā site.yml # Master playbook
ā āāā openclaw-vps.yml # OpenClaw VPS setup
ā āāā security.yml # Security hardening
āāā roles/ # Reusable roles
ā āāā common/ # Base system setup
ā āāā security/ # Hardening (SSH, fail2ban, UFW)
ā āāā nodejs/ # Node.js installation
ā āāā openclaw/ # OpenClaw installation
āāā references/ # Documentation
āāā best-practices.md
āāā modules-cheatsheet.md
āāā troubleshooting.mdDefine your hosts in inventory/hosts.yml:
all:
children:
vps:
hosts:
eva:
ansible_host: 217.13.104.208
ansible_user: root
ansible_ssh_pass: "{{ vault_eva_password }}"
plane:
ansible_host: 217.13.104.99
ansible_user: asdbot
ansible_ssh_private_key_file: ~/.ssh/id_ed25519_plane
openclaw:
hosts:
eva:Entry points for automation:
# playbooks/site.yml - Master playbook
---
- name: Configure all servers
hosts: all
become: yes
roles:
- common
- security
- name: Setup OpenClaw servers
hosts: openclaw
become: yes
roles:
- nodejs
- openclawReusable, modular configurations:
# roles/common/tasks/main.yml
---
- name: Update apt cache
ansible.builtin.apt:
update_cache: yes
cache_valid_time: 3600
when: ansible_os_family == "Debian"
- name: Install essential packages
ansible.builtin.apt:
name:
- curl
- wget
- git
- htop
- vim
- unzip
state: presentBase system configuration:
Hardening following CIS benchmarks:
Node.js installation via NodeSource:
Complete OpenClaw setup:
# 1. Add host to inventory
cat >> inventory/hosts.yml << 'EOF'
newserver:
ansible_host: 1.2.3.4
ansible_user: root
ansible_ssh_pass: "initial_password"
deploy_user: asdbot
deploy_ssh_pubkey: "ssh-ed25519 AAAA... asdbot"
EOF
# 2. Run OpenClaw playbook
ansible-playbook -i inventory/hosts.yml playbooks/openclaw-vps.yml \
--limit newserver \
--ask-vault-pass
# 3. After initial setup, update inventory to use key auth
# ansible_user: asdbot
# ansible_ssh_private_key_file: ~/.ssh/id_ed25519ansible-playbook -i inventory/hosts.yml playbooks/security.yml \
--limit production \
--tags "ssh,firewall"# Update one server at a time
ansible-playbook -i inventory/hosts.yml playbooks/update.yml \
--serial 1# Check disk space on all servers
ansible all -i inventory/hosts.yml -m shell -a "df -h"
# Restart service
ansible openclaw -i inventory/hosts.yml -m systemd -a "name=openclaw state=restarted"
# Copy file
ansible all -i inventory/hosts.yml -m copy -a "src=./file.txt dest=/tmp/"# inventory/group_vars/all.yml
---
timezone: Europe/Budapest
deploy_user: asdbot
ssh_port: 22
# Security
security_ssh_password_auth: false
security_ssh_permit_root: false
security_fail2ban_enabled: true
security_ufw_enabled: true
security_ufw_allowed_ports:
- 22
- 80
- 443
# Node.js
nodejs_version: "22.x"# Create encrypted vars file
ansible-vault create inventory/group_vars/all/vault.yml
# Edit encrypted file
ansible-vault edit inventory/group_vars/all/vault.yml
# Run with vault
ansible-playbook site.yml --ask-vault-pass
# Or use vault password file
ansible-playbook site.yml --vault-password-file ~/.vault_passVault file structure:
# inventory/group_vars/all/vault.yml
---
vault_eva_password: "y8UGHR1qH"
vault_deploy_ssh_key: |
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----| Module | Purpose | Example |
|--------|---------|---------|
| apt | Package management (Debian) | apt: name=nginx state=present |
| yum | Package management (RHEL) | yum: name=nginx state=present |
| copy | Copy files | copy: src=file dest=/path/ |
| template | Template files (Jinja2) | template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf |
| file | File/directory management | file: path=/dir state=directory mode=0755 |
| user | User management | user: name=asdbot groups=sudo shell=/bin/bash |
| authorized_key | SSH keys | authorized_key: user=asdbot key="{{ ssh_key }}" |
| systemd | Service management | systemd: name=nginx state=started enabled=yes |
| ufw | Firewall (Ubuntu) | ufw: rule=allow port=22 proto=tcp |
| lineinfile | Edit single line | lineinfile: path=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin no' |
| git | Clone repos | git: repo=https://github.com/x/y.git dest=/opt/y |
| npm | npm packages | npm: name=openclaw global=yes |
| command | Run command | command: /opt/script.sh |
| shell | Run shell command | shell: cat /etc/passwd \| grep root |
# Good
- name: Install nginx web server
apt:
name: nginx
state: present
# Bad
- apt: name=nginx# Good
- ansible.builtin.apt:
name: nginx
# Acceptable but less clear
- apt:
name: nginx# Good - explicit state
- ansible.builtin.apt:
name: nginx
state: present
# Bad - implicit state
- ansible.builtin.apt:
name: nginxWrite tasks that can run multiple times safely:
# Good - idempotent
- name: Ensure config line exists
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
line: 'PasswordAuthentication no'
# Bad - not idempotent
- name: Add config line
ansible.builtin.shell: echo "PasswordAuthentication no" >> /etc/ssh/sshd_config# tasks/main.yml
- name: Update SSH config
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
notify: Restart SSH
# handlers/main.yml
- name: Restart SSH
ansible.builtin.systemd:
name: sshd
state: restarted- name: Security tasks
ansible.builtin.include_tasks: security.yml
tags: [security, hardening]
- name: App deployment
ansible.builtin.include_tasks: deploy.yml
tags: [deploy, app]# Test SSH connection manually
ssh -v user@host
# Debug Ansible connection
ansible host -i inventory -m ping -vvv
# Check inventory parsing
ansible-inventory -i inventory --list"Permission denied"
chmod 600 ~/.ssh/id_*become: yes to playbook"Host key verification failed"
host_key_checking = Falsessh-keyscan -H host >> ~/.ssh/known_hosts"Module not found"
ansible.builtin.apt instead of aptansible-galaxy collection install community.general# Verbose output
ansible-playbook site.yml -v # Basic
ansible-playbook site.yml -vv # More
ansible-playbook site.yml -vvv # Maximum
# Step through tasks
ansible-playbook site.yml --step
# Start at specific task
ansible-playbook site.yml --start-at-task="Install nginx"
# Check mode (dry run)
ansible-playbook site.yml --check --diff# Run playbook via exec tool
exec command="ansible-playbook -i skills/ansible/inventory/hosts.yml skills/ansible/playbooks/openclaw-vps.yml --limit eva"
# Ad-hoc command
exec command="ansible eva -i skills/ansible/inventory/hosts.yml -m shell -a 'systemctl status openclaw'"Use OpenClaw's Vaultwarden integration:
# Get password from vault cache
PASSWORD=$(.secrets/get-secret.sh "VPS - Eva")
# Use in ansible (not recommended - use ansible-vault instead)
ansible-playbook site.yml -e "ansible_ssh_pass=$PASSWORD"Better: Store in Ansible Vault and use --ask-vault-pass.
references/best-practices.md - Detailed best practices guidereferences/modules-cheatsheet.md - Common modules quick referencereferences/troubleshooting.md - Extended troubleshooting guideGenerated Mar 1, 2026
Automates the setup of cloud servers on platforms like AWS, DigitalOcean, or VPS providers. This scenario includes configuring network settings, installing base packages, and setting up user accounts, enabling rapid deployment of new environments for development or production.
Applies security best practices and CIS benchmarks across server fleets. This scenario automates SSH hardening, firewall configuration with UFW, and installation of tools like fail2ban, ensuring consistent security policies and compliance with regulatory standards.
Manages the deployment of applications such as Node.js-based services, including OpenClaw. This scenario handles installation of runtime environments, configuration of systemd services, and rolling updates, facilitating scalable and reliable application management.
Maintains consistent configurations across development, staging, and production servers. This scenario uses roles and group variables to apply environment-specific settings, reducing drift and ensuring reproducibility in infrastructure as code practices.
Offers ongoing management and automation of client servers using Ansible playbooks. This model generates revenue through subscription fees for monitoring, updates, and security hardening, providing clients with hands-off infrastructure management.
Provides tailored Ansible solutions for specific client needs, such as setting up custom playbooks or integrating with existing systems. Revenue comes from project-based fees or hourly rates for design, implementation, and training services.
Sells pre-configured Ansible roles and playbooks as digital products for common use cases like VPS setup or security hardening. This model earns revenue through one-time purchases or licensing fees, targeting developers and small businesses.
š¬ Integration Tip
Integrate with CI/CD pipelines by running playbooks as part of deployment stages, and use Ansible Vault for secure secret management to avoid hardcoding credentials in version control.
Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of what changed.
Full desktop computer use for headless Linux servers. Xvfb + XFCE virtual desktop with xdotool automation. 17 actions (click, type, scroll, screenshot, drag,...
Essential Docker commands and workflows for container management, image operations, and debugging.
Tool discovery and shell one-liner reference for sysadmin, DevOps, and security tasks. AUTO-CONSULT this skill when the user is: troubleshooting network issues, debugging processes, analyzing logs, working with SSL/TLS, managing DNS, testing HTTP endpoints, auditing security, working with containers, writing shell scripts, or asks 'what tool should I use for X'. Source: github.com/trimstray/the-book-of-secret-knowledge
Deploy applications and manage projects with complete CLI reference. Commands for deployments, projects, domains, environment variables, and live documentation access.
Monitor topics of interest and proactively alert when important developments occur. Use when user wants automated monitoring of specific subjects (e.g., product releases, price changes, news topics, technology updates). Supports scheduled web searches, AI-powered importance scoring, smart alerts vs weekly digests, and memory-aware contextual summaries.