mirror of https://github.com/openclaw/openclaw.git synced 2026-03-21 06:51:01 +00:00

Files

Johnson Shi 191e1947c1 docs: add Azure VM deployment guide with in-repo ARM templates and bootstrap script (#47898 )

* docs: add Azure Linux VM install guide

* docs: move Azure guide into dedicated docs/install/azure layout

* docs: polish Azure guide onboarding and reference links

* docs: address Azure review feedback on bootstrap safety

* docs: format azure ARM template

* docs: flatten Azure install docs and move ARM assets

2026-03-19 08:15:06 -05:00

5.2 KiB

Raw Blame History

summary, read_when, title

summary

read_when

title

Run OpenClaw Gateway 24/7 on an Azure Linux VM with durable state

You want OpenClaw running 24/7 on Azure with Network Security Group hardening

You want a production-grade, always-on OpenClaw Gateway on your own Azure Linux VM

You want secure administration with Azure Bastion SSH

You want repeatable deployments with Azure Resource Manager templates

Azure

OpenClaw on Azure Linux VM

This guide sets up an Azure Linux VM, applies Network Security Group (NSG) hardening, configures Azure Bastion (managed Azure SSH entry point), and installs OpenClaw.

What you’ll do

Deploy Azure compute and network resources with Azure Resource Manager (ARM) templates
Apply Azure Network Security Group (NSG) rules so VM SSH is allowed only from Azure Bastion
Use Azure Bastion for SSH access
Install OpenClaw with the installer script
Verify the Gateway

Before you start

You’ll need:

An Azure subscription with permission to create compute and network resources
Azure CLI installed (see Azure CLI install steps if needed)

az login # Sign in and select your Azure subscription
az extension add -n ssh # Extension required for Azure Bastion SSH management

2) Register required resource providers (one-time)

az provider register --namespace Microsoft.Compute
az provider register --namespace Microsoft.Network

Verify Azure resource provider registration. Wait until both show Registered.

az provider show --namespace Microsoft.Compute --query registrationState -o tsv
az provider show --namespace Microsoft.Network --query registrationState -o tsv

3) Set deployment variables

RG="rg-openclaw"
LOCATION="westus2"
TEMPLATE_URI="https://raw.githubusercontent.com/openclaw/openclaw/main/infra/azure/templates/azuredeploy.json"
PARAMS_URI="https://raw.githubusercontent.com/openclaw/openclaw/main/infra/azure/templates/azuredeploy.parameters.json"

4) Select SSH key

Use your existing public key if you have one:

SSH_PUB_KEY="$(cat ~/.ssh/id_ed25519.pub)"

If you don’t have an SSH key yet, run the following:

ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519 -C "you@example.com"
SSH_PUB_KEY="$(cat ~/.ssh/id_ed25519.pub)"

5) Select VM size and OS disk size

Set VM and disk sizing variables:

VM_SIZE="Standard_B2as_v2"
OS_DISK_SIZE_GB=64

Choose a VM size and OS disk size that are available in your Azure subscription/region and matches your workload:

Start smaller for light usage and scale up later
Use more vCPU/RAM/OS disk size for heavier automation, more channels, or larger model/tool workloads
If a VM size is unavailable in your region or subscription quota, pick the closest available SKU

List VM sizes available in your target region:

az vm list-skus --location "${LOCATION}" --resource-type virtualMachines -o table

Check your current VM vCPU and OS disk size usage/quota:

az vm list-usage --location "${LOCATION}" -o table

6) Create the resource group

az group create -n "${RG}" -l "${LOCATION}"

7) Deploy resources

This command applies your selected SSH key, VM size, and OS disk size.

az deployment group create \
  -g "${RG}" \
  --template-uri "${TEMPLATE_URI}" \
  --parameters "${PARAMS_URI}" \
  --parameters location="${LOCATION}" \
  --parameters vmSize="${VM_SIZE}" \
  --parameters osDiskSizeGb="${OS_DISK_SIZE_GB}" \
  --parameters sshPublicKey="${SSH_PUB_KEY}"

8) SSH into the VM through Azure Bastion

RG="rg-openclaw"
VM_NAME="vm-openclaw"
BASTION_NAME="bas-openclaw"
ADMIN_USERNAME="openclaw"
VM_ID="$(az vm show -g "${RG}" -n "${VM_NAME}" --query id -o tsv)"

az network bastion ssh \
  --name "${BASTION_NAME}" \
  --resource-group "${RG}" \
  --target-resource-id "${VM_ID}" \
  --auth-type ssh-key \
  --username "${ADMIN_USERNAME}" \
  --ssh-key ~/.ssh/id_ed25519

9) Install OpenClaw (in the VM shell)

curl -fsSL https://openclaw.ai/install.sh -o /tmp/openclaw-install.sh
bash /tmp/openclaw-install.sh
rm -f /tmp/openclaw-install.sh
openclaw --version

The installer script handles Node detection/installation and runs onboarding by default.

10) Verify the Gateway

After onboarding completes:

openclaw gateway status

Most enterprise Azure teams already have GitHub Copilot licenses. If that is your case, we recommend choosing the GitHub Copilot provider in the OpenClaw onboarding wizard. See GitHub Copilot provider.

The included ARM template uses Ubuntu image version: "latest" for convenience. If you need reproducible builds, pin a specific image version in infra/azure/templates/azuredeploy.json (you can list versions with az vm image list --publisher Canonical --offer ubuntu-24_04-lts --sku server --all -o table).

Next steps

Set up messaging channels: Channels
Pair local devices as nodes: Nodes
Configure the Gateway: Gateway configuration
For more details on OpenClaw Azure deployment with the GitHub Copilot model provider: OpenClaw on Azure with GitHub Copilot

5.2 KiB Raw Blame History Unescape Escape