tzzr/orchestrator
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
orchestrator/docs/DEPLOYMENT.md

102 lines
2.6 KiB
Markdown
Raw Permalink Normal View History

feat: --dangerously-skip-permissions + user orchestrator Changes: - claude_provider.py: Added --dangerously-skip-permissions flag - docs/DEPLOYMENT.md: Full deployment documentation Why: - Claude CLI blocks --dangerously-skip-permissions with root - Created non-root user "orchestrator" to run agents without confirmations - Service now runs as User=orchestrator Architecture: - /home/orchestrator/orchestrator/ - Orchestrator code - /opt/architect-app-v2/ - Web panel - User orchestrator owns SSH keys and can execute commands
2025-12-23 18:26:00 +00:00
# Deployment - TZZR Orchestrator
## Arquitectura del Servidor
```
Servidor: 69.62.126.110 (tzzrarchitect)
├── Usuario: orchestrator (no-root)
│ ├── /home/orchestrator/orchestrator/ # Orchestrator + venv
│ └── /home/orchestrator/.ssh/tzzr # Claves SSH
├── /opt/architect-app-v2/ # Architect App v3.0
└── Docker
└── gitea (puerto 3000) # Repositorios
```
## Por qué usuario no-root
Claude CLI bloquea `--dangerously-skip-permissions` con root por seguridad.
Crear un usuario `orchestrator` permite que los agentes ejecuten comandos sin confirmación.
| Usuario | --dangerously-skip-permissions | Acceso sistema |
|---------|-------------------------------|----------------|
| root | Bloqueado | Total |
| orchestrator | Funciona | Limitado |
## Configuración del Usuario
```bash
# Crear usuario
useradd -m -s /bin/bash orchestrator
# Copiar orchestrator
cp -r /opt/orchestrator /home/orchestrator/
chown -R orchestrator:orchestrator /home/orchestrator/orchestrator
# Copiar claves SSH
mkdir -p /home/orchestrator/.ssh
cp /root/.ssh/tzzr /home/orchestrator/.ssh/
cp /root/.ssh/tzzr.pub /home/orchestrator/.ssh/
chown -R orchestrator:orchestrator /home/orchestrator/.ssh
chmod 700 /home/orchestrator/.ssh
chmod 600 /home/orchestrator/.ssh/tzzr
# Login de Claude Code
su - orchestrator
cd orchestrator && source .venv/bin/activate
claude # Autenticar con cuenta Anthropic
```
## Servicio Systemd
`/etc/systemd/system/architect-app.service`:
```ini
[Unit]
Description=Architect App v2
After=network.target
[Service]
User=orchestrator
WorkingDirectory=/home/orchestrator/orchestrator
ExecStart=/home/orchestrator/orchestrator/.venv/bin/python /opt/architect-app-v2/app.py
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
```
Comandos:
```bash
systemctl daemon-reload
systemctl restart architect-app
systemctl status architect-app
journalctl -u architect-app -f
```
## ClaudeProvider con --dangerously-skip-permissions
El archivo `orchestrator/providers/claude_provider.py` construye el comando:
```python
cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"]
```
## Rutas Importantes
| Ruta | Descripcion |
|------|-------------|
| /home/orchestrator/orchestrator/ | Codigo del orchestrator |
| /home/orchestrator/orchestrator/.venv/ | Virtual environment |
| /home/orchestrator/.ssh/tzzr | Clave SSH |
| /opt/architect-app-v2/ | Architect App |
| /opt/architect-app-v2/data/ | SQLite + config |
## Acceso Manual
```bash
su - orchestrator
cd orchestrator && source .venv/bin/activate
python orchestrator/main.py
```
Reference in New Issue Copy Permalink