Problem
autobot-ai-stack.service.j2 uses User={{ ai_user }} / Group={{ ai_group }} which defaults to autobot-ai:autobot-ai. For co-located deployments (ai-stack on same node as backend), the service also uses the backend venv (/opt/autobot/autobot-backend/venv/bin/uvicorn) and backend source files via symlinks — all owned by autobot:autobot.
This causes permission errors accessing backend files when running as autobot-ai.
How It Was Discovered
During #3491: after deploying source files, the ai-stack failed to start with permission errors on the backend venv and symlinked modules. Manual workaround: sudo chown -R autobot:autobot /opt/autobot/autobot-ai-stack + service override to User=autobot.
Fix
The ai-stack role should detect co-located mode (same host as backend) and set ai_user/ai_group to the backend user. Two options:
- Add a default
ai_colocated: false flag; when true, override ai_user: autobot / ai_group: autobot
- In
setup_wizard.py's _inject_co_located_ai_stack(), pass ai_user: autobot / ai_group: autobot as extra vars when injecting ai-stack onto the backend node
Affected Files
autobot-slm-backend/ansible/roles/ai-stack/defaults/main.ymlautobot-slm-backend/ansible/roles/ai-stack/templates/autobot-ai-stack.service.j2autobot-slm-backend/setup_wizard.py (where co-located ai-stack is injected)
Problem
autobot-ai-stack.service.j2usesUser={{ ai_user }}/Group={{ ai_group }}which defaults toautobot-ai:autobot-ai. For co-located deployments (ai-stack on same node as backend), the service also uses the backend venv (/opt/autobot/autobot-backend/venv/bin/uvicorn) and backend source files via symlinks — all owned byautobot:autobot.This causes permission errors accessing backend files when running as
autobot-ai.How It Was Discovered
During #3491: after deploying source files, the ai-stack failed to start with permission errors on the backend venv and symlinked modules. Manual workaround:
sudo chown -R autobot:autobot /opt/autobot/autobot-ai-stack+ service override toUser=autobot.Fix
The
ai-stackrole should detect co-located mode (same host as backend) and setai_user/ai_groupto the backend user. Two options:ai_colocated: falseflag; when true, overrideai_user: autobot/ai_group: autobotsetup_wizard.py's_inject_co_located_ai_stack(), passai_user: autobot/ai_group: autobotas extra vars when injecting ai-stack onto the backend nodeAffected Files
autobot-slm-backend/ansible/roles/ai-stack/defaults/main.ymlautobot-slm-backend/ansible/roles/ai-stack/templates/autobot-ai-stack.service.j2autobot-slm-backend/setup_wizard.py(where co-located ai-stack is injected)