fbad91c9de
Changes: - claude_provider.py: Added --dangerously-skip-permissions flag - docs/DEPLOYMENT.md: Full deployment documentation Why: - Claude CLI blocks --dangerously-skip-permissions with root - Created non-root user "orchestrator" to run agents without confirmations - Service now runs as User=orchestrator Architecture: - /home/orchestrator/orchestrator/ - Orchestrator code - /opt/architect-app-v2/ - Web panel - User orchestrator owns SSH keys and can execute commands
2.6 KiB
2.6 KiB
Deployment - TZZR Orchestrator
Arquitectura del Servidor
Servidor: 69.62.126.110 (tzzrarchitect)
├── Usuario: orchestrator (no-root)
│ ├── /home/orchestrator/orchestrator/ # Orchestrator + venv
│ └── /home/orchestrator/.ssh/tzzr # Claves SSH
├── /opt/architect-app-v2/ # Architect App v3.0
└── Docker
└── gitea (puerto 3000) # Repositorios
Por qué usuario no-root
Claude CLI bloquea --dangerously-skip-permissions con root por seguridad.
Crear un usuario orchestrator permite que los agentes ejecuten comandos sin confirmación.
| Usuario | --dangerously-skip-permissions | Acceso sistema |
|---|---|---|
| root | Bloqueado | Total |
| orchestrator | Funciona | Limitado |
Configuración del Usuario
# Crear usuario
useradd -m -s /bin/bash orchestrator
# Copiar orchestrator
cp -r /opt/orchestrator /home/orchestrator/
chown -R orchestrator:orchestrator /home/orchestrator/orchestrator
# Copiar claves SSH
mkdir -p /home/orchestrator/.ssh
cp /root/.ssh/tzzr /home/orchestrator/.ssh/
cp /root/.ssh/tzzr.pub /home/orchestrator/.ssh/
chown -R orchestrator:orchestrator /home/orchestrator/.ssh
chmod 700 /home/orchestrator/.ssh
chmod 600 /home/orchestrator/.ssh/tzzr
# Login de Claude Code
su - orchestrator
cd orchestrator && source .venv/bin/activate
claude # Autenticar con cuenta Anthropic
Servicio Systemd
/etc/systemd/system/architect-app.service:
[Unit]
Description=Architect App v2
After=network.target
[Service]
User=orchestrator
WorkingDirectory=/home/orchestrator/orchestrator
ExecStart=/home/orchestrator/orchestrator/.venv/bin/python /opt/architect-app-v2/app.py
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
Comandos:
systemctl daemon-reload
systemctl restart architect-app
systemctl status architect-app
journalctl -u architect-app -f
ClaudeProvider con --dangerously-skip-permissions
El archivo orchestrator/providers/claude_provider.py construye el comando:
cmd = [self.cli_path, "--dangerously-skip-permissions", "-p", prompt, "--output-format", "json"]
Rutas Importantes
| Ruta | Descripcion |
|---|---|
| /home/orchestrator/orchestrator/ | Codigo del orchestrator |
| /home/orchestrator/orchestrator/.venv/ | Virtual environment |
| /home/orchestrator/.ssh/tzzr | Clave SSH |
| /opt/architect-app-v2/ | Architect App |
| /opt/architect-app-v2/data/ | SQLite + config |
Acceso Manual
su - orchestrator
cd orchestrator && source .venv/bin/activate
python orchestrator/main.py