Deploying OpenClaw on AMD Developer Cloud

Deploying OpenClaw on AMD Developer Cloud

← Back to Technical Articles
April 20, 2026 Tutorial 15 min read

01 — Overview and Stack

This tutorial walks you through deploying OpenClaw (a self-hosted AI agent platform) on AMD Developer Cloud, backed by an open-source Large Language Model (LLM) served via vLLM on AMD's Radeon Open Compute (ROCm) software stack.

The setup enables you to run OpenClaw as a persistent cloud agent for tasks like model evaluation, file operations, and web-search-augmented research, without tying up your local hardware.

Free Credits AMD Developer Cloud offers promotional credits for new accounts, giving you access to MI300X Graphics Processing Unit (GPU) Droplets at no upfront cost. Apply at amd.com/en/developer/resources/rocm-hub/amd-developer-cloud.html.
OpenClaw 2026.4.15 Qwen3-30B-A3B vLLM on ROCm AMD MI300X DigitalOcean SearXNG
ComponentValue
GPUAMD MI300X, 192 GB Video RAM (VRAM)
PlatformAMD Developer Cloud (DigitalOcean GPU Droplet)
ModelQwen/Qwen3-30B-A3B — Mixture-of-Experts (MoE), 30B total / 3B active per token, text only, served as qwen3-30b
Inference servervLLM on ROCm, Docker image vllm/vllm-openai-rocm:latest
Tool call parserhermes — confirmed valid in this ROCm vLLM build
Web searchSearXNG, self-hosted Docker container, no Application Programming Interface (API) key required
vLLM port8000
SearXNG port8888
OpenClaw Control UI port18789
Setup methodManual Secure Shell (SSH) from local Windows machine

02 — Prepare Your Local Machine

Complete these steps on the command prompt of your local Windows machine before creating the cloud droplet.

Note The commands in this section use Windows Command Prompt syntax. If you are on macOS or Linux, substitute cat ~/.ssh/id_ed25519.pub for the key check and run ssh -V directly in your terminal.
Step 1 Verify Your Secure Shell (SSH) Key

Verify SSH is available on your machine:

powershell.exe -NoProfile -Command "ssh -V"
Expected OpenSSH_for_Windows_9.x, LibreSSL 3.x (exact version numbers may differ).

Check whether an SSH key already exists:

type %USERPROFILE%\.ssh\id_ed25519.pub
Expected A single line starting with ssh-ed25519 AAAA...

An error message The system cannot find the path specified indicates no SSH key exists. Create a new SSH key with the following command:

ssh-keygen -t ed25519 -C "amd-droplet"
Expected A prompt asking for a file location. Press Enter to accept the default. Set a passphrase or press Enter to skip.
Step 2 Obtain a HuggingFace Read Token

vLLM uses your HuggingFace (HF) token to download model weights during startup.

  1. Log in at huggingface.co.
  2. Go to Settings → Access Tokens.
  3. Click Create new token and select Read permission.
  4. Copy the token value. You will paste it on the droplet in Step 5.

03 — Create the GPU Droplet

A GPU Droplet is a cloud virtual machine (VM) with a dedicated Graphics Processing Unit. AMD Developer Cloud provides access to MI300X GPU Droplets via DigitalOcean.

Documentation Full DigitalOcean GPU Droplet documentation: docs.digitalocean.com/products/droplets/how-to/gpu/

Log in to cloud.digitalocean.com and follow these steps:

  1. Click Create → Droplets.
  2. Hardware: select the single MI300X instance (gpu-mi300x1-192gb).
  3. Image: select ROCm Software.
    Why ROCm: ROCm is AMD's open-source GPU compute platform. It includes the drivers and libraries required to run vLLM on AMD hardware. A generic Ubuntu image would require manual ROCm installation.
  4. Authentication: click Add SSH Key and select or paste your public key from Step 1.
  5. Click Create Droplet and wait 30–60 seconds for provisioning to complete.
  6. Copy the public Internet Protocol version 4 (IPv4) address shown on the overview page — you will use it in every SSH command that follows.
Expected A public IPv4 address in the format 134.199.x.x appears on the overview page within 60 seconds.
Billing AMD Developer Cloud charges approximately $2/hour for the MI300X instance. Billing continues even when the droplet is powered off. Destroy the droplet at the end of each session to stop billing.

04 — Set Up the Droplet

Run all commands in this section inside the droplet via SSH, in the same terminal window unless stated otherwise.

Step 1 Connect to the Droplet via SSH

Open Command Prompt on your local machine and run:

ssh root@<YOUR_DROPLET_IPV4_ADDRESS>
Expected On first connection, type yes when asked to confirm the host fingerprint. Your shell prompt will change to indicate you are now on the remote droplet (beginning with root@).
Step 2 Store Credentials as Environment Variables

Write your tokens to the droplet's shell environment. Replace the placeholder values with your actual tokens. These variables persist across reconnections because they are written to .bashrc.

cat >> /root/.bashrc << 'EOF'
export HF_TOKEN=<your_huggingface_read_token>
export MY_API_KEY=<your_chosen_secret_key>
EOF
source /root/.bashrc
Note HF_TOKEN: your HuggingFace read token from Step 2.
MY_API_KEY: any secure string you choose — this protects the vLLM API endpoint from unauthorised access.

Verify both variables are set:

echo $HF_TOKEN
echo $MY_API_KEY
Expected Both commands print their values. If either is blank, re-run the cat block above and source ~/.bashrc again.
Step 3 Install Node.js and OpenClaw

OpenClaw requires Node.js version 24 or later.

curl -fsSL https://deb.nodesource.com/setup_24.x | bash -
apt-get install -y nodejs

Verify Node.js installed correctly:

node --version
Expected v24.x.x

Install OpenClaw globally:

npm install -g openclaw@latest
Expected Installation completes without errors in 1–2 minutes.
Step 4 Start vLLM with Qwen3-30B-A3B

vLLM is a high-throughput inference engine. This command starts vLLM in a Docker container, downloads the Qwen3 model weights from HuggingFace (~60 GB on first run), and exposes a standard chat completions API on port 8000.

Critical The tool call parser must be hermes. Other parsers (llama, llama3_json, gemma4, pythonic) are either invalid or have bugs in the ROCm vLLM 0.19.1 build. 
docker run -d \
  --name vllm-qwen3 \
  --ipc=host --network=host --privileged \
  --cap-add=CAP_SYS_ADMIN --cap-add=SYS_PTRACE \
  --device=/dev/kfd --device=/dev/dri \
  --group-add=video \
  --security-opt=seccomp=unconfined \
  --shm-size 16G \
  -v ~/.cache/huggingface:/root/.cache/huggingface \
  -e HF_TOKEN=$HF_TOKEN \
  vllm/vllm-openai-rocm:latest \
  Qwen/Qwen3-30B-A3B \
  --served-model-name qwen3-30b \
  --api-key $MY_API_KEY \
  --host 0.0.0.0 --port 8000 \
  --max-model-len 32768 \
  --gpu-memory-utilization 0.80 \
  --enable-auto-tool-choice \
  --tool-call-parser hermes
Expected A container ID hash is printed immediately, e.g. ffd7c08bb1d8.... The model loads in the background.
Step 5 Monitor vLLM Loading
docker logs -f vllm-qwen3
Expected sequence 1. Docker image layers pulling, with multiple Pull complete lines (first run only).
2. Loading safetensors checkpoint shards: 100%
3. Capturing CUDA graphs
4. INFO: Application startup complete.
5. GET /v1/models HTTP/1.1 200 OK

Time: 10–20 minutes on first run. Subsequent runs are faster as weights are cached at ~/.cache/huggingface.
Press Ctrl+C to stop watching logs. The container keeps running.
Step 6 Confirm vLLM is Serving the Model
curl http://127.0.0.1:8000/v1/models \
  -H "Authorization: Bearer $MY_API_KEY"
Expected {"object":"list","data":[{"id":"qwen3-30b",...,"max_model_len":32768,...}]}
If connection refused: vLLM is still loading; wait and retry.
If Unauthorized: run echo $MY_API_KEY to verify the variable is set.
Step 7 Test Inference End-to-End
curl -s http://127.0.0.1:8000/v1/chat/completions \
  -H "Authorization: Bearer $MY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"qwen3-30b","messages":[{"role":"user","content":"Say hello"}],"max_tokens":50}' \
  | python3 -m json.tool
Expected JSON response with choices[0].message.content containing a greeting.
The first request may take 1–2 minutes due to GPU kernel warmup. Subsequent requests are fast.
Step 8 Start SearXNG for Web Search

SearXNG is a self-hosted, open-source meta-search engine that aggregates results from Google, Bing, DuckDuckGo and others, with no API key required. OpenClaw uses it to give the agent live web access.

Start a SearXNG container on the droplet:

docker run -d -p 8888:8080 --name searxng searxng/searxng
Expected Container ID hash printed. Verify both containers are running:
docker ps
Both vllm-qwen3 and searxng appear in the list.
Alternative If you prefer to configure search during OpenClaw setup instead, run openclaw configure --section web and select SearXNG as the provider when prompted.
Step 9 Generate Gateway Token and Create Config Directory

Run in your SSH session. The token is generated randomly and stored as a shell variable for the current session. Do not close this terminal before Step 12.

GATEWAY_TOKEN=$(openssl rand -hex 24)
echo "Gateway token: $GATEWAY_TOKEN"
mkdir -p ~/.openclaw
Expected A 48-character hex string is printed. You do not need to copy it — it is substituted automatically in the next step.
Step 10 Write the OpenClaw Configuration File

Run immediately after Step 9 in the same terminal. The shell substitutes $GATEWAY_TOKEN and $MY_API_KEY automatically. Do not edit the values manually.

cat > ~/.openclaw/openclaw.json << CONFIGEOF
{
  "gateway": {
    "mode": "local",
    "auth": { "mode": "token", "token": "${GATEWAY_TOKEN}" },
    "controlUi": { "allowInsecureAuth": true }
  },
  "models": {
    "mode": "merge",
    "providers": {
      "vllm": {
        "baseUrl": "http://127.0.0.1:8000/v1",
        "apiKey": "${MY_API_KEY}",
        "api": "openai-completions",
        "models": [{
          "id": "qwen3-30b", "name": "Qwen3 30B",
          "reasoning": false, "input": ["text"],
          "cost": {"input":0,"output":0,"cacheRead":0,"cacheWrite":0},
          "contextWindow": 32768, "maxTokens": 4096
        }]
      }
    }
  },
  "agents": {
    "defaults": {
      "model": { "primary": "vllm/qwen3-30b" },
      "sandbox": { "mode": "all" }
    }
  },
  "plugins": { "entries": { "vllm": { "enabled": true } } },
  "tools": {
    "web": {
      "search": { "enabled": true, "provider": "searxng" },
      "searxng": { "baseUrl": "http://127.0.0.1:8888" }
    }
  }
}
CONFIGEOF

Verify the config saved with the correct values:

cat ~/.openclaw/openclaw.json | grep -E "primary|baseUrl|id|provider"
Expected Actual values appear, not variable names like ${GATEWAY_TOKEN}.
Step 11 Run OpenClaw Onboarding
openclaw onboard

When prompted, enter these values:

Model provider:  vLLM
Base URL:        http://127.0.0.1:8000/v1
API Key:         <your MY_API_KEY value>
Model ID:        qwen3-30b
Channel:         Skip for now
Expected Onboarding completes with default model set to vllm/qwen3-30b. This step creates the agent bootstrap files the gateway needs to start.
Step 12 Install and Start the OpenClaw Gateway
openclaw gateway install
Expected Gateway service installed as a systemd unit; it will survive SSH disconnections. 
openclaw config set gateway.mode local
openclaw gateway start
openclaw status
Expected in status output Gateway: local · ws://127.0.0.1:18789 · reachable Xms
Agents: 1 · 1 bootstrap file present
Sessions: default qwen3-30b (32k ctx)
If unreachable Re-run openclaw gateway install then openclaw gateway start.
Step 13 Get the Dashboard URL
openclaw dashboard
Expected A tokenised URL like http://127.0.0.1:18789/?token=eyJ...
Copy the full URL including the token parameter.

05 — Access OpenClaw from Your Local Machine

The OpenClaw gateway binds only to the loopback interface (127.0.0.1) on the droplet for security. An SSH tunnel forwards the port to your local machine.

Step 1 Open an SSH Tunnel

Run this on your local Windows machine, not inside the droplet. Open a new Command Prompt window, keeping your droplet SSH session open separately.

Critical Do not run this command inside the droplet SSH session. If you see Permission denied (publickey), you ran it on the wrong machine. 
ssh -L 18789:127.0.0.1:18789 -N root@<YOUR_DROPLET_IPV4_ADDRESS>
Expected The window appears to hang with no output. This is correct; the tunnel is active. Leave this window open for the entire session.

If the browser later shows disconnected (1006): the tunnel dropped. Re-run this command in a new local Command Prompt window.
Step 2 Open the OpenClaw Control UI

Paste the tokenised URL from Step 13 into your browser. Do not use http://127.0.0.1:18789 directly. Use the full tokenised URL.

Expected The OpenClaw Control User Interface (UI) loads, showing Overview, Chat, Agents, and Settings tabs.
Step 3 Test the Chat
  1. Click the Chat tab.
  2. Select vllm/qwen3-30b from the model dropdown.
  3. Type /new and press Send to start a fresh session.
  4. Type: Tell me your name and press Send.
Expected Qwen3 responds within 10–30 seconds. Confirm in vLLM logs on the droplet:
docker logs vllm-qwen3 --tail 5
Expected log line: 127.0.0.1:XXXXX - POST /v1/chat/completions HTTP/1.1 200 OK

06 — Troubleshooting

vLLM Startup Errors

ErrorFix
KeyError: invalid tool call parser Only hermes is valid for Qwen3 in this build. Do not use llama, llama3_json, gemma4, or pythonic.
Connection refused on port 8000 vLLM is still loading. Wait for Application startup complete in docker logs.
{"error":"Unauthorized"} Wrong API key. Run: echo $MY_API_KEY.
Container exits immediately Run docker logs vllm-qwen3 to read the error before the container exits.

Gateway Errors

ErrorFix
Gateway: unreachable after gateway start Run openclaw gateway install then openclaw gateway start.
disconnected (1006) in browser SSH tunnel dropped. Re-open in a new local CMD window:
ssh -L 18789:127.0.0.1:18789 -N root@<YOUR_DROPLET_IP>
Permission denied (publickey) on tunnel Run the tunnel command on the command prompt of your local Windows machine, not on the droplet.
openclaw logs --follow: pairing required Use: tail -f /tmp/openclaw/openclaw-$(date +%Y-%m-%d).log

Restart vLLM

docker stop vllm-qwen3 && docker rm vllm-qwen3
# Then re-run the full docker run command from Step 4.
Note The OpenClaw gateway does not need restarting when vLLM restarts. It reconnects automatically on the next request.

07 — Shut Down and Destroy the Droplet

Always destroy the droplet at the end of each session; powering it off does not stop billing.

Stop Services on the Droplet

openclaw gateway stop
docker stop vllm-qwen3
docker stop searxng

Destroy on DigitalOcean

  1. Go to cloud.digitalocean.com and select your droplet.
  2. Click Destroy in the left sidebar.
  3. Click Destroy this Droplet and confirm.
Snapshot Option Before destroying, save a snapshot to preserve the installed software and cached model weights (~60–80 GB). This avoids the 10–20 minute model download on the next session. DigitalOcean charges approximately $0.06/GB/month for snapshot storage.
Warning Powering off the droplet does not stop billing. Only destroying does.

08 — Known Issues and Caveats

When selecting a model to use with OpenClaw on vLLM, keep these compatibility constraints in mind. The issues below are specific to OpenClaw's request format, the vLLM ROCm build, and Anthropic's authentication policy — not limitations of AMD Developer Cloud or the MI300X hardware.

Abandoned Gemma 4-31B — Tool Parser Incompatibility

The gemma4 tool parser in the ROCm vLLM 0.19.1 image crashes on startup with a TypeError. Since OpenClaw always sends tool_choice: auto, vLLM requires a working parser and rejects all requests with 400 Bad Request. Use hermes with a Hermes-format model instead.

Abandoned Llama 3.2-11B Vision-Instruct — Multimodal Processor Mismatch

The transformers version in the vLLM ROCm image lacks support for MllamaProcessor, so the model cannot load at all. The model is also gated on HuggingFace and requires a Meta access request, adding a second barrier.

Abandoned Anthropic Claude — Authentication Dead End

OpenClaw 2026.4.15 expects OAuth tokens (sk-ant-oat01-), which Anthropic blocks for third-party tools. Standard API keys (sk-ant-api03-) are rejected by OpenClaw's validator. Neither token format works; this is an OpenClaw compatibility issue with Anthropic's current authentication policy.