Rate This Document
Findability
Accuracy
Completeness
Readability

Deploying an OpenClaw Instance

When OpenClaw runs in a cVM, you must use encrypted disks or enable FDE (see Enabling FDE) to protect the storage. The following steps use the construction of a Linux Unified Key Setup (LUKS) encrypted disk as an example.

  1. Create a LUKS encrypted disk to serve as the memory storage area. You can customize the disk size:
    qemu-img create -f qcow2 disk.qcow2 10G
  2. Write the image to the boot configuration XML file of the cVM:
    <devices>
        <disk type='file' device='disk'>
            <driver name='qemu' type='qcow2'/>
            <source file='/path/to/disk.qcow2'/>
            <target dev='vdb' bus='virtio'/>
            <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
        </disk>
    </devices>
  3. Start and log in to the cVM, install an encryption tool, and check the path for mounting the image.
    1. Install the encryption tool and check the block devices.
      yum install cryptsetup
      lsblk
    2. Use cryptsetup to format the disk into an encrypted disk with the specified encryption mode. In this command, <disk_path> represents the pre-configured disk (e.g., /dev/vdb), which will be mapped under /dev/mapper as a Device Mapper (DM); all subsequent read and write operations will be performed through this DM (the configured password must be at least 8 characters long).
      Select the disk drive letter based on your actual environment to prevent damaging the system disk. (Type uppercase YES to confirm the command.)
      cryptsetup luksFormat <disk_path> -c sm4-xts-plain64 --key-size 256 --hash sm3
    3. Decrypt and map the disk.
      Enter the password as prompted. Once the disk is successfully mapped, you can verify the device information using lsblk:
      cryptsetup luksOpen <disk_path> crypt1
    4. Create a filesystem and mount it to the specified directory.
      mkfs.ext4 /dev/mapper/crypt1 # Required for the first-time deployment only. Skip this in subsequent operations to avoid data loss.
      mkdir -p /mnt/crypt
      mount /dev/mapper/crypt1 /mnt/crypt/
    5. After use, unmount the directory and close the encrypted disk using cryptsetup:
      umount /mnt/crypt/
      cryptsetup close crypt1
  4. Deploy the source and install dependencies.
    1. Update the Node.js 22 source. The current openEuler image does not support version check in the Node.js 22 installation script. You need to comment out the relevant code.

      If wget downloads fail inside the VM due to certificate issues, resolve them by running the following commands first:

      echo "check_certificate=off" > ~/.wgetrc
      wget https://rpm.nodesource.com/setup_22.x
      sed -i '35,37s/^/#/' setup_22.x
      bash setup_22.x
    2. Install the dependencies.
      yum install -y git cmake
      yum install -y nsolid

      If the Node.js 22 installation fails due to network issues, download and install it in a stable network environment:

      wget https://rpm.nodesource.com/pub_22.x/nodistro/nsolid/aarch64/nsolid-22.22.0-ns6.2.0.aarch64.rpm
      rpm -ivh nsolid-22.22.0-ns6.2.0.aarch64.rpm

    3. After the installation is complete, run the following command to verify:
      node -v

    4. Install pnpm.
      npm install -g pnpm

      If the following error occurs during installation, disable certificate verification:

      npm config set strict-ssl false

  5. Install and configure OpenClaw.
    1. Configure environment variables.
      export OPENCLAW_STATE_DIR="/mnt/crypt/.openclaw"
      export OPENCLAW_CONFIG_PATH="/mnt/crypt/.openclaw/openclaw.json"
    2. Install OpenClaw. <work_dir> indicates the directory where you want to save the downloaded OpenClaw source code.
      cd <work dir>
      git clone https://github.com/openclaw/openclaw.git
      cd openclaw
      pnpm install

      To bypass verification, run git config --global http.sslVerify false.

      pnpm setup
      source /root/.bashrc
      pnpm link <absolute_path_to_openclaw>
      pnpm run build

      If pnpm run build encounters a Node.js out-of-memory error, manually increase the memory limit by running export NODE_OPTIONS="--max-old-space-size=4096".

    3. Check the OpenClaw version.
      openclaw -v