orion/HangmanLab.Server.T2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update provision-hf-accounts.sh: use hf-cli for all operations

Browse Source 
- Use hf user create + hf user reset-apikey (no direct API calls)
- Read acc-mgr token from secret-mgr --public (hf-acc-mgr-token)
- Get username from ego-mgr get default-username
- Get email from ego-mgr get email (fallback to <user>@claw.hangman-lab.top)
- Requires updated hf CLI with reset-apikey + acc-mgr-token support

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
orion
2026-04-16 21:08:27 +00:00
parent 0e688e1982
commit 53b4d6df26
1 changed files with 25 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
scripts/provision-hf-accounts.sh
View File

@@ -4,9 +4,10 @@
# credentials in secret-mgr (keys: hf, hf-access-token). # credentials in secret-mgr (keys: hf, hf-access-token).
# #
# Prerequisites: # Prerequisites:
# - hf CLI configured with correct base-url (hf-api.hangman-lab.top) # - hf CLI built with reset-apikey + acc-mgr-token support
# - secret-mgr --public key "hf-acc-mgr" contains the account-manager API key # - secret-mgr --public key "hf-acc-mgr-token" contains the account-manager token
# - ego-mgr default-username set for each agent (agents without it are skipped) # - ego-mgr default-username and email set for each agent
# - Agents without default-username are skipped
# #
# Usage: run on claw-main as root (no arguments needed) # Usage: run on claw-main as root (no arguments needed)
# #
@@ -37,9 +38,9 @@ pcexec_env() {
} }
# Read acc-mgr token from secret-mgr --public # Read acc-mgr token from secret-mgr --public
ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr --public) ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr-token --public)
if [ -z "$ACC_MGR_TOKEN" ]; then if [ -z "$ACC_MGR_TOKEN" ]; then
echo "ERROR: hf-acc-mgr not found in secret-mgr --public" echo "ERROR: hf-acc-mgr-token not found in secret-mgr --public"
exit 1 exit 1
fi fi
echo "=== acc-mgr token loaded from secret-mgr ===" echo "=== acc-mgr token loaded from secret-mgr ==="
@@ -54,49 +55,43 @@ for AGENT in "${AGENTS[@]}"; do
echo " SKIP: no default-username set for $AGENT" echo " SKIP: no default-username set for $AGENT"
continue continue
fi fi
echo " default-username: $USERNAME" echo " username: $USERNAME"
# Get email from ego-mgr
EMAIL=$(pcexec_env "$AGENT" "$EGO_MGR" get email 2>/dev/null || true)
if [ -z "$EMAIL" ]; then
EMAIL="${USERNAME}@claw.hangman-lab.top" EMAIL="${USERNAME}@claw.hangman-lab.top"
echo " email (fallback): $EMAIL"
# Generate a random password else
PASS=$(openssl rand -hex 16) echo " email: $EMAIL"
fi
# Create user via hf-cli # Create user via hf-cli
CREATE_OUTPUT=$(pcexec_env "$AGENT" "$HF" user create \ CREATE_OUTPUT=$("$HF" user create \
--acc-mgr-token "$ACC_MGR_TOKEN" \ --acc-mgr-token "$ACC_MGR_TOKEN" \
--user "$USERNAME" \ --user "$USERNAME" \
--email "$EMAIL" \ --email "$EMAIL" \
--pass "$PASS" \ --pass "$(openssl rand -hex 16)" \
--json 2>&1) || true --json 2>&1) || true
USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
if [ -z "$USER_ID" ]; then if [ -z "$USER_ID" ]; then
echo " User creation returned: $CREATE_OUTPUT" echo " User creation: $CREATE_OUTPUT"
echo " (may already exist, attempting to look up...)" echo " (may already exist, continuing to reset-apikey...)"
# Fallback: look up existing user to get ID
USER_ID=$(curl -sf "$(cat /root/.openclaw/bin/.hf-config.json | python3 -c "import json,sys;print(json.load(sys.stdin).get('base-url',''))")/users/$USERNAME" \
-H "X-API-Key: $ACC_MGR_TOKEN" 2>/dev/null \
| python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
if [ -z "$USER_ID" ]; then
echo " ERROR: could not create or find user $USERNAME, skipping"
continue
fi
echo " Found existing user ID: $USER_ID"
else else
echo " Created user ID: $USER_ID" echo " Created user ID: $USER_ID"
fi fi
# Generate API key via /api-keys endpoint # Generate API key via hf user reset-apikey (uses acc-mgr-token for auth)
HF_BASE_URL=$(python3 -c "import json; print(json.load(open('/root/.openclaw/bin/.hf-config.json')).get('base-url',''))") APIKEY_OUTPUT=$("$HF" user reset-apikey "$USERNAME" \
APIKEY_RESP=$(curl -sf -X POST "${HF_BASE_URL}/api-keys" \ --acc-mgr-token "$ACC_MGR_TOKEN" \
-H "Content-Type: application/json" \ --json 2>&1) || true
-d "{\"name\":\"${AGENT}-agent-key\",\"user_id\":${USER_ID}}" 2>&1)
API_KEY=$(echo "$APIKEY_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('key',''))" 2>/dev/null || true) API_KEY=$(echo "$APIKEY_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true)
if [ -z "$API_KEY" ]; then if [ -z "$API_KEY" ]; then
echo " ERROR: failed to generate API key: $APIKEY_RESP" echo " ERROR: failed to generate API key: $APIKEY_OUTPUT"
continue continue
fi fi
echo " API key generated" echo " API key generated"