(Image generated by Nano Banana - Gemini Image Generation)
References:
- OpenClaw Official Website
- OpenClaw Practical Tutorial: Chinese FAQ and Recommended Skills
- OpenClaw Security Guide: Security Enhancement Recommendations
- YouTube Tutorial: Deploying OpenClaw on GCP
This article documents the complete solution process for the permission, environment variable, and process persistence issues encountered when installing OpenClaw (2026 Latest Version) in a Debian/Ubuntu environment on Google Cloud Platform (GCP).
Preface
The AI Agent field has been very popular recently. OpenClaw, as an open-source AI agent that can operate 24 hours a day, has impressed people with its powerful system access and browsing capabilities. For security reasons, deploying it on a cloud VM (such as GCP GCE) is the most ideal approach, which can ensure 24/7 online availability and isolate sensitive local data.
However, in the default Debian/Ubuntu environment of GCP, due to the permission mechanism being slightly different from that of a general Desktop Linux, following the official script for installation often leads to many pitfalls.
🛠️ Basic Installation Process of OpenClaw on GCP
Before we get into troubleshooting, let's quickly go through the standard installation logic:
1. Create a VM Instance
Create a new VM in the GCP Console:
-
Machine type: Recommended
e2-smallore2-medium(depending on your Agent load). - Operating system: Recommended to choose Ubuntu 24.04 LTS or Debian 12.
- Hard disk: Recommended 20GB or more.
2. Connect and Basic Updates
After entering the VM via SSH, first perform a system update:
sudo apt update && sudo apt upgrade -y
sudo apt install -y git curl build-essential
3. Officially Install OpenClaw
The official website provides a one-click installation script:
curl -fsSL https://openclaw.ai/install.sh | bash
But! If you directly execute the above script, you will usually encounter the following two serious permission and path problems on GCP.
🛠️ Problem 1: "HAL 9000" Style Denial of sudo-rs
Symptom: When executing the official installation script, the following error is encountered with sudo-rs:
sudo-rs: I'm sorry evanslin. I'm afraid I can't do that
Reason:
- Interaction Restriction: The script executed via
curl ... | bashcannot obtain password input from the terminal whensudois required. - No Password Account: GCP defaults to using SSH Key login, and the user account usually does not have a physical password set, leading to
sudoauthentication failure.
Solution: Use NVM (Node Version Manager) to install Node.js, and build the environment under the user directory, completely avoiding the sudo requirement.
# 1. Install NVM
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
# Reload shell configuration
source ~/.bashrc
# 2. Install Node.js
nvm install node # Recommended version v25.7.0+
🛠️ Problem 2: NVM Path and Environment Variables
After using NVM, although sudo is avoided, a new problem arises: when you log in again or execute commands using a non-interactive shell, the system may not be able to find the node or openclaw command.
This is because the NVM path is dynamically loaded. It is recommended to ensure that the following content exists in ~/.bashrc:
export NVM_DIR="$HOME/.nvm"
[-s "$NVM_DIR/nvm.sh"] && \. "$NVM_DIR/nvm.sh"
[-s "$NVM_DIR/bash_completion"] && \. "$NVM_DIR/bash_completion"
🛠️ Problem 3: How to Make OpenClaw Run 24/7 Stably?
After installation, in order to keep the Agent running after closing the SSH window, I switched from the original GCP Web SSH to using the local gcloud CLI, but I also found a new small pitfall.
1. Why gcloud ssh can't find openclaw?
This is usually because GCP's gcloud compute ssh may create a new username based on your local account name, instead of using the account you used when installing on the VM (e.g., evanslin).
Verification method: Please enter the following in the "Web SSH" and "Local gcloud SSH" windows respectively:
whoami
Root cause: If the web version shows evanslin, but the gcloud version shows a name like evan_lin_yourdomain_com, then the home directory paths of the two are completely different, and your NVM and OpenClaw settings will of course "disappear".
Solution: When executing the gcloud command, explicitly specify the account to log in to:
gcloud compute ssh evanslin@openclaw-evanlin
This will ensure that you return to the correct environment!
2. Use tmux and Startup Script to Achieve Perfect Execution
In order to ensure that environment variables can be loaded correctly in any SSH session (web version or gcloud version), and to keep OpenClaw running stably in the background, it is recommended to use the following "scripted" startup method.
Step 1: Create a Startup Script
In a window where you can normally execute openclaw (usually Web SSH), create a startup script:
cat << 'EOF' > ~/start_openclaw.sh
#!/bin/bash
# 1. Force loading NVM path
export NVM_DIR="$HOME/.nvm"
[-s "$NVM_DIR/nvm.sh"] && \. "$NVM_DIR/nvm.sh"
# 2. Automatically correct PATH (please adjust the path according to your Node version)
export PATH="$HOME/.nvm/versions/node/v25.7.0/bin:$PATH"
# 3. Execute command
openclaw "$@"
EOF
# Grant execution permission
chmod +x ~/start_openclaw.sh
Step 2: Verify the Script
From now on, no matter where you log in from, please use this script uniformly. Test in the gcloud ssh window:
~/start_openclaw.sh gateway
If it can run successfully, it means the path has been manually connected!
Step 3: Combine tmux to Solve the Disconnection Problem
Now we combine the script with tmux to achieve true 24/7 background operation:
- Open a new session:
tmux new -s openclaw - Execute the script inside:
~/start_openclaw.sh gateway - Perfectly detach: Press
Ctrl + Band release, then pressD. - Reconnect at any time: Next time you log in, execute
tmux a -t openclaw.
Summary
The key to deploying OpenClaw on GCP is "user directory priority". By using NVM to avoid the system-level sudo-rs restriction, not only is the installation process smoother, but it also makes it easier to switch Node.js versions to meet the latest requirements of OpenClaw.
After successful deployment, don't forget to use openclaw onboard to start configuring your API Keys and communication channels (such as Telegram or Discord).
I hope this note can help developers who are also working hard on GCP. See you next time!
Top comments (0)