update provision-hf-accounts.sh: use hf-cli for all operations
- Use hf user create + hf user reset-apikey (no direct API calls) - Read acc-mgr token from secret-mgr --public (hf-acc-mgr-token) - Get username from ego-mgr get default-username - Get email from ego-mgr get email (fallback to <user>@claw.hangman-lab.top) - Requires updated hf CLI with reset-apikey + acc-mgr-token support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -4,9 +4,10 @@
|
||||
# credentials in secret-mgr (keys: hf, hf-access-token).
|
||||
#
|
||||
# Prerequisites:
|
||||
# - hf CLI configured with correct base-url (hf-api.hangman-lab.top)
|
||||
# - secret-mgr --public key "hf-acc-mgr" contains the account-manager API key
|
||||
# - ego-mgr default-username set for each agent (agents without it are skipped)
|
||||
# - hf CLI built with reset-apikey + acc-mgr-token support
|
||||
# - secret-mgr --public key "hf-acc-mgr-token" contains the account-manager token
|
||||
# - ego-mgr default-username and email set for each agent
|
||||
# - Agents without default-username are skipped
|
||||
#
|
||||
# Usage: run on claw-main as root (no arguments needed)
|
||||
#
|
||||
@@ -37,9 +38,9 @@ pcexec_env() {
|
||||
}
|
||||
|
||||
# Read acc-mgr token from secret-mgr --public
|
||||
ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr --public)
|
||||
ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr-token --public)
|
||||
if [ -z "$ACC_MGR_TOKEN" ]; then
|
||||
echo "ERROR: hf-acc-mgr not found in secret-mgr --public"
|
||||
echo "ERROR: hf-acc-mgr-token not found in secret-mgr --public"
|
||||
exit 1
|
||||
fi
|
||||
echo "=== acc-mgr token loaded from secret-mgr ==="
|
||||
@@ -54,49 +55,43 @@ for AGENT in "${AGENTS[@]}"; do
|
||||
echo " SKIP: no default-username set for $AGENT"
|
||||
continue
|
||||
fi
|
||||
echo " default-username: $USERNAME"
|
||||
echo " username: $USERNAME"
|
||||
|
||||
EMAIL="${USERNAME}@claw.hangman-lab.top"
|
||||
|
||||
# Generate a random password
|
||||
PASS=$(openssl rand -hex 16)
|
||||
# Get email from ego-mgr
|
||||
EMAIL=$(pcexec_env "$AGENT" "$EGO_MGR" get email 2>/dev/null || true)
|
||||
if [ -z "$EMAIL" ]; then
|
||||
EMAIL="${USERNAME}@claw.hangman-lab.top"
|
||||
echo " email (fallback): $EMAIL"
|
||||
else
|
||||
echo " email: $EMAIL"
|
||||
fi
|
||||
|
||||
# Create user via hf-cli
|
||||
CREATE_OUTPUT=$(pcexec_env "$AGENT" "$HF" user create \
|
||||
CREATE_OUTPUT=$("$HF" user create \
|
||||
--acc-mgr-token "$ACC_MGR_TOKEN" \
|
||||
--user "$USERNAME" \
|
||||
--email "$EMAIL" \
|
||||
--pass "$PASS" \
|
||||
--pass "$(openssl rand -hex 16)" \
|
||||
--json 2>&1) || true
|
||||
|
||||
USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
|
||||
|
||||
if [ -z "$USER_ID" ]; then
|
||||
echo " User creation returned: $CREATE_OUTPUT"
|
||||
echo " (may already exist, attempting to look up...)"
|
||||
# Fallback: look up existing user to get ID
|
||||
USER_ID=$(curl -sf "$(cat /root/.openclaw/bin/.hf-config.json | python3 -c "import json,sys;print(json.load(sys.stdin).get('base-url',''))")/users/$USERNAME" \
|
||||
-H "X-API-Key: $ACC_MGR_TOKEN" 2>/dev/null \
|
||||
| python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
|
||||
if [ -z "$USER_ID" ]; then
|
||||
echo " ERROR: could not create or find user $USERNAME, skipping"
|
||||
continue
|
||||
fi
|
||||
echo " Found existing user ID: $USER_ID"
|
||||
echo " User creation: $CREATE_OUTPUT"
|
||||
echo " (may already exist, continuing to reset-apikey...)"
|
||||
else
|
||||
echo " Created user ID: $USER_ID"
|
||||
fi
|
||||
|
||||
# Generate API key via /api-keys endpoint
|
||||
HF_BASE_URL=$(python3 -c "import json; print(json.load(open('/root/.openclaw/bin/.hf-config.json')).get('base-url',''))")
|
||||
APIKEY_RESP=$(curl -sf -X POST "${HF_BASE_URL}/api-keys" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"name\":\"${AGENT}-agent-key\",\"user_id\":${USER_ID}}" 2>&1)
|
||||
# Generate API key via hf user reset-apikey (uses acc-mgr-token for auth)
|
||||
APIKEY_OUTPUT=$("$HF" user reset-apikey "$USERNAME" \
|
||||
--acc-mgr-token "$ACC_MGR_TOKEN" \
|
||||
--json 2>&1) || true
|
||||
|
||||
API_KEY=$(echo "$APIKEY_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('key',''))" 2>/dev/null || true)
|
||||
API_KEY=$(echo "$APIKEY_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true)
|
||||
|
||||
if [ -z "$API_KEY" ]; then
|
||||
echo " ERROR: failed to generate API key: $APIKEY_RESP"
|
||||
echo " ERROR: failed to generate API key: $APIKEY_OUTPUT"
|
||||
continue
|
||||
fi
|
||||
echo " API key generated"
|
||||
|
||||
Reference in New Issue
Block a user