OpenClaw SLS Integration
This skill provisions Alibaba Cloud SLS observability for OpenClaw on Linux and keeps reruns safe.
At a high level, execute this flow:
- Check and install
aliyun CLI (install latest when missing)
- Install
LoongCollector by project region (skip if already running)
- Create an identifier-based machine group (local identifier + cloud machine group)
- Create
logstore index and dashboards
- Create
logstore collection config
- Bind the collection config to the machine group
Capture Intent Before Execution
Before running commands, make sure the user intent is complete:
- Confirm the target
PROJECT and LOGSTORE.
- Confirm Linux host access with
sudo available.
- Confirm AK/SK are already exported in environment variables.
- If any required input is missing, ask for it first and do not run partial setup.
Prerequisites
Required:
PROJECT: SLS project nameLOGSTORE: SLS logstore name
Read from environment variables:
ALIBABA_CLOUD_ACCESS_KEY_IDALIBABA_CLOUD_ACCESS_KEY_SECRETALIYUN_UID (used for the local UID file under /etc/ilogtail/users)
Recommended optional:
ALIBABA_CLOUD_REGION_ID (auto-resolved from PROJECT when not set)
If you use different AK/SK variable names, export them to these standard names first.
Expected Result
After successful execution, the environment should contain:
- Running
LoongCollector (or ilogtaild) on the host
- Machine group
openclaw-sls-collector
- Logstore index created on the target
LOGSTORE
- Dashboards
openclaw-audit and openclaw-gateway
- Collection config
openclaw-audit_${LOGSTORE}
- Config binding between
openclaw-audit_${LOGSTORE} and openclaw-sls-collector
One-Time Execution Flow (Idempotent)
The commands below are designed as "exists -> skip" and are safe to rerun.
Strict template mode: for index/config/dashboard payloads, always read from files in references/.
Do not handcraft or simplify JSON bodies beyond required placeholder replacement.
set -euo pipefail
# ===== User inputs =====
: "${PROJECT:?Please export PROJECT}"
: "${LOGSTORE:?Please export LOGSTORE}"
: "${ALIBABA_CLOUD_ACCESS_KEY_ID:?Please export ALIBABA_CLOUD_ACCESS_KEY_ID}"
: "${ALIBABA_CLOUD_ACCESS_KEY_SECRET:?Please export ALIBABA_CLOUD_ACCESS_KEY_SECRET}"
: "${ALIYUN_UID:?Please export ALIYUN_UID}"
MACHINE_GROUP="openclaw-sls-collector"
CONFIG_NAME="openclaw-audit_${LOGSTORE}"
# 1) Install aliyun CLI if missing (Linux)
if ! command -v aliyun >/dev/null 2>&1; then
if command -v apt-get >/dev/null 2>&1; then
sudo apt-get update
sudo apt-get install -y aliyun-cli
elif command -v dnf >/dev/null 2>&1; then
sudo dnf install -y aliyun-cli
elif command -v yum >/dev/null 2>&1; then
sudo yum install -y aliyun-cli
elif command -v zypper >/dev/null 2>&1; then
sudo zypper -n install aliyun-cli
else
echo "aliyun CLI not found. Install aliyun-cli manually for your Linux distribution." >&2
exit 1
fi
fi
# Export auth variables for aliyun CLI
export ALIBABA_CLOUD_ACCESS_KEY_ID
export ALIBABA_CLOUD_ACCESS_KEY_SECRET
is_loong_running() {
if sudo /etc/init.d/loongcollectord status 2>/dev/null | grep -qi "running"; then
return 0
fi
if sudo /etc/init.d/ilogtaild status 2>/dev/null | grep -qi "running"; then
return 0
fi
return 1
}
# 2) Resolve region and install LoongCollector (skip when already running)
REGION_ID="${ALIBABA_CLOUD_REGION_ID:-}"
if [ -z "$REGION_ID" ]; then
REGION_ID="$(aliyun sls GetProject --project "$PROJECT" --cli-query 'region' --quiet 2>/dev/null | tr -d '\"' || true)"
fi
if [ -z "$REGION_ID" ]; then
echo "Cannot resolve region from project: $PROJECT. Please set ALIBABA_CLOUD_REGION_ID." >&2
exit 1
fi
if ! is_loong_running; then
wget "https://aliyun-observability-release-${REGION_ID}.oss-${REGION_ID}.aliyuncs.com/loongcollector/linux64/latest/loongcollector.sh" -O loongcollector.sh
chmod +x loongcollector.sh
./loongcollector.sh install "${REGION_ID}"
fi
# Post-install verification: one of loongcollectord/ilogtaild must be running.
if ! is_loong_running; then
sudo /etc/init.d/loongcollectord start >/dev/null 2>&1 || true
sudo /etc/init.d/ilogtaild start >/dev/null 2>&1 || true
fi
if ! is_loong_running; then
echo "LoongCollector installation check failed: neither loongcollectord nor ilogtaild is running." >&2
exit 1
fi
# 3) Local user-defined identifier + create machine group
sudo mkdir -p /etc/ilogtail
sudo mkdir -p /etc/ilogtail/users
if [ ! -f /etc/ilogtail/user_defined_id ]; then
sudo touch /etc/ilogtail/user_defined_id
fi
RAND8="$(LC_ALL=C tr -dc 'a-z0-9' </dev/urandom | head -c 8)"
USER_DEFINED_ID_PREFIX="${PROJECT}_openclaw_sls_collector_"
EXISTING_USER_DEFINED_ID="$(sudo awk -v p="${USER_DEFINED_ID_PREFIX}" 'index($0,p)==1 {print; exit}' /etc/ilogtail/user_defined_id 2>/dev/null || true)"
if [ -n "${EXISTING_USER_DEFINED_ID}" ]; then
USER_DEFINED_ID="${EXISTING_USER_DEFINED_ID}"
else
USER_DEFINED_ID="${USER_DEFINED_ID_PREFIX}${RAND8}"
echo "${USER_DEFINED_ID}" | sudo tee -a /etc/ilogtail/user_defined_id >/dev/null
fi
if ! sudo grep -Fxq "${USER_DEFINED_ID}" /etc/ilogtail/user_defined_id 2>/dev/null; then
echo "Failed to persist USER_DEFINED_ID to /etc/ilogtail/user_defined_id" >&2
exit 1
fi
if [ ! -f "/etc/ilogtail/users/${ALIYUN_UID}" ]; then
sudo touch "/etc/ilogtail/users/${ALIYUN_UID}"
fi
if [ ! -f "/etc/ilogtail/users/${ALIYUN_UID}" ]; then
echo "Failed to create UID marker file: /etc/ilogtail/users/${ALIYUN_UID}" >&2
exit 1
fi
if ! aliyun sls GetMachineGroup --project "$PROJECT" --machineGroup "$MACHINE_GROUP" >/dev/null 2>&1; then
cat > /tmp/openclaw-machine-group.json <<EOF
{
"groupName": "${MACHINE_GROUP}",
"groupType": "",
"machineIdentifyType": "userdefined",
"machineList": ["${USER_DEFINED_ID}"]
}
EOF
aliyun sls CreateMachineGroup \
--project "$PROJECT" \
--body "$(cat /tmp/openclaw-machine-group.json)"
fi
if ! aliyun sls GetMachineGroup --project "$PROJECT" --machineGroup "$MACHINE_GROUP" >/dev/null 2>&1; then
echo "Machine group was not created successfully: ${MACHINE_GROUP}" >&2
exit 1
fi
# 4) Create logstore (if missing) + index + multiple dashboards
if ! aliyun sls GetLogStore --project "$PROJECT" --logstore "$LOGSTORE" >/dev/null 2>&1; then
aliyun sls CreateLogStore --project "$PROJECT" \
--body "{\"logstoreName\":\"${LOGSTORE}\",\"ttl\":30,\"shardCount\":2}"
fi
if ! aliyun sls GetIndex --project "$PROJECT" --logstore "$LOGSTORE" >/dev/null 2>&1; then
# Use the index template as-is from references/index.json
aliyun sls CreateIndex \
--project "$PROJECT" \
--logstore "$LOGSTORE" \
--body "$(cat references/index.json)"
fi
sed "s/\${logstoreName}/${LOGSTORE}/g" references/dashboard-audit.json > /tmp/openclaw-audit-dashboard.json
sed "s/\${logstoreName}/${LOGSTORE}/g" references/dashboard-gateway.json > /tmp/openclaw-gateway-dashboard.json
# Create dashboard uses project + body(detail). Update uses path + project + body.
if aliyun sls GET "/dashboards/openclaw-audit" --project "$PROJECT" >/dev/null 2>&1; then
aliyun sls PUT "/dashboards/openclaw-audit" \
--project "$PROJECT" \
--body "$(cat /tmp/openclaw-audit-dashboard.json)"
else
aliyun sls POST "/dashboards" \
--project "$PROJECT" \
--body "$(cat /tmp/openclaw-audit-dashboard.json)"
fi
if aliyun sls GET "/dashboards/openclaw-gateway" --project "$PROJECT" >/dev/null 2>&1; then
aliyun sls PUT "/dashboards/openclaw-gateway" \
--project "$PROJECT" \
--body "$(cat /tmp/openclaw-gateway-dashboard.json)"
else
aliyun sls POST "/dashboards" \
--project "$PROJECT" \
--body "$(cat /tmp/openclaw-gateway-dashboard.json)"
fi
# 5) Create collection config (update when already exists)
# Render collector config strictly from references/collector-config.json
sed \
-e "s/\${configName}/${CONFIG_NAME}/g" \
-e "s/\${logstoreName}/${LOGSTORE}/g" \
-e "s/\${region_id}/${REGION_ID}/g" \
references/collector-config.json > /tmp/openclaw-collector-config.json
if aliyun sls GetConfig --project "$PROJECT" --configName "$CONFIG_NAME" >/dev/null 2>&1; then
aliyun sls UpdateConfig \
--project "$PROJECT" \
--configName "$CONFIG_NAME" \
--body "$(cat /tmp/openclaw-collector-config.json)"
else
aliyun sls CreateConfig \
--project "$PROJECT" \
--body "$(cat /tmp/openclaw-collector-config.json)"
fi
# 6) Bind collection config to machine group
aliyun sls ApplyConfigToMachineGroup \
--project "$PROJECT" \
--machineGroup "$MACHINE_GROUP" \
--configName "$CONFIG_NAME"
echo "OpenClaw SLS observability setup completed."
Response Format
When this skill completes, return a concise status report with:
- Inputs used:
PROJECT, LOGSTORE, resolved REGION_ID
- Created/updated resources (machine group, index, dashboards, config, binding)
- Any skipped steps (already existed / already running)
- Next verification commands for the user
Verification Commands
aliyun sls GetMachineGroup --project "$PROJECT" --machineGroup openclaw-sls-collector
aliyun sls GetIndex --project "$PROJECT" --logstore "$LOGSTORE"
aliyun sls GetDashboard --project "$PROJECT" --dashboardName openclaw-audit
aliyun sls GetDashboard --project "$PROJECT" --dashboardName openclaw-gateway
aliyun sls GetConfig --project "$PROJECT" --configName "openclaw-audit_${LOGSTORE}"
Reference Files
- Command flow:
references/cli-commands.md
- Index definition:
references/index.json
- Dashboard templates:
references/dashboard-audit.json, references/dashboard-gateway.json
- Collection config template:
references/collector-config.json
Read reference files only when needed:
- Use
cli-commands.md for step-by-step troubleshooting.
- Use JSON templates when creating/updating resources.
