docs/install/ansible.md
Deploy OpenClaw to production servers with openclaw-ansible, an automated installer with a security-first architecture.
<Info> The [openclaw-ansible](https://github.com/openclaw/openclaw-ansible) repo is the source of truth for Ansible deployment. This page is a quick overview. </Info>| Requirement | Details |
|---|---|
| OS | Debian 11+ or Ubuntu 20.04+ |
| Access | Root or sudo privileges |
| Network | Internet connection for package installation |
| Ansible | 2.14+ (installed automatically by the quick-start script) |
curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw-ansible/main/install.sh | bash
# Check service status
sudo systemctl status openclaw
# View live logs
sudo journalctl -u openclaw -f
# Restart gateway
sudo systemctl restart openclaw
# Channel login (run as openclaw user)
sudo -i -u openclaw
openclaw channels login --channel <name>
Four-layer defense model:
DOCKER-USER iptables chain prevents external port exposureNoNewPrivileges, PrivateTmp, unprivileged userVerify your external attack surface:
nmap -p- YOUR_SERVER_IP
Only port 22 (SSH) should be open. Gateway and Docker stay locked down.
Docker is installed for agent sandboxes (isolated tool execution), not for running the gateway. See Multi-Agent Sandbox and Tools for sandbox configuration.
Or run the playbook directly and then run the setup script manually:
```bash
ansible-playbook playbook.yml --ask-become-pass
# Then run: /tmp/openclaw-setup.sh
```
The Ansible installer sets up OpenClaw for manual updates; see Updating for the standard flow.
To re-run the playbook (for example, after configuration changes):
cd openclaw-ansible
./run-playbook.sh
This is idempotent and safe to run multiple times.
# Verify permissions
sudo ls -la /opt/openclaw
# Test manual start
sudo -i -u openclaw
cd ~/openclaw
openclaw gateway run
```
# Check sandbox image
sudo docker images | grep openclaw-sandbox
# Build the sandbox image if missing (requires a source checkout)
cd /opt/openclaw/openclaw
sudo -u openclaw ./scripts/sandbox-setup.sh
# For npm installs without a source checkout, see
# https://docs.openclaw.ai/gateway/sandboxing#images-and-setup
```
For detailed security architecture and troubleshooting, see the openclaw-ansible repo: