Login
Contents x
Running Containers
  • 24 Jan 2025
  • Dark
    Light
  • PDF
Contents

Running Containers

  • Updated on 24 Jan 2025
  • Dark
    Light
  • PDF
Article summary

Itential Platform Containerization

While Itential Platform can be deployed using a traditional server architecture, in which each server runs a single instance of Itential Platform, many benefits arise from its containerization:

Benefit Description
Performance and Horizontal Scaling Additional Itential Platform containers can be created and destroyed according to workload demands.
Deployment Automation Itential Platform containers can be deployed dynamically without manual intervention.
Fault Tolerance Itential Platform containers can substitute for one another in the event of a container failure.
Blue-Green Deployment Itential Platform environment upgrades can be completed with minimum production downtime.
Hybrid Deployments Itential Platform containers can integrate with both on-premise and cloud-based resources seamlessly.

To facilitate containerization, Itential provides pre-made images of Itential Platform. In this guide, you will learn:

  • The prerequisites for running Itential Platform containers.
  • How to run Itential Platform containers.
  • How to configure Itential Platform containers.

Prerequisites

Before proceeding, the following prerequisites must be met.

Container Management Platform

Itential Platform images are compliant with Open Container Initiative (OCI) specifications; however, this guide assumes the use of Docker. Specific instruction for using technologies that manage OCI containers, such as Docker Compose and Kubernetes, falls outside the scope of this guide.

Docker Repository Access

Itential Platform images are hosted on the Itential Docker repository. Contact your Itential Account Manager to obtain the credential information needed to download images from this repository, including your:

  • Access key ID
  • Secret access key
  • Bundle name

AWS Command Line Interface

Amazon Web Services Command Line Interface (AWS CLI) must be installed on your host operating system (OS).

Logging into the Itential Docker Repository

Before you can begin working with Itential Platform containers, you must log into the Itential Docker repository. To do so, issue the following command.

export AWS_ACCESS_KEY_ID=<access_key_id>
export AWS_SECRET_ACCESS_KEY=<secret_access_key>

aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 497639811223.dkr.ecr.us-east-2.amazonaws.com

...in which:

Parameter Description
<access_key_id> The AWS access key ID provided by your Itential Account Manager.
<secret_access_key> The AWS secret access key provided by your Itential Account Manager.

Pulling Container Images

To download images from the container registry, issue a Docker Pull command.

docker pull 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

...in which:

Parameter Description
<bundle_name> The bundle name provided by your Itential Account Manager.
<tag> The desired version of Itential Platform to pull/run. Examples: 2023.2, 2023.1.5. See warning below.
Warning:

Referring to a feature release version of Itential Platform (e.g., <bundle_name>:2023.2) will result in the latest maintenance build of that version being run. Itential recommends using a specific maintenance release version (e.g., <bundle_name>:2023.2.2) in production environments.

Starting an Itential Platform Container

To start an Itential Platform container, issue the following command.

docker run -d -p 3000:3000 -p 3443:3443 \
    497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Environment Variables

The following environment variables can be used to alter the startup behavior of the Itential Platform container.

Variable Type Description Example
IAP_CUSTOM_PROPERTIES String Sets the configuration mode of the Itential Platform container. A "true" value will enable Custom Properties mode, while a "false" value will enable Override mode. "false"
WAIT_FOR String If set, the Itential Platform container will wait until a specified service is available before starting. The service is defined in the container_name:port syntax. "mongodb:27017"
WAIT_FOR_DELAY Integer Specifies how long the Itential Platform container will wait, in seconds, between availability checks against the service defined in the WAIT_FOR environment variable. 120
WAIT_FOR_TIMEOUT Integer Specifies a timeout, in seconds, for availability checks against the service defined in the WAIT_FOR environment variable. 300

To set an environment variable, use the -e flag of the docker run command. For example:

docker run -d -p 3000:3000 -p 3443:3443 \
  -e WAIT_FOR:"mongodb:27017" \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Configuring the Itential Platform Container

Configuration of the Itential Platform container can be customized via the following files.

Configuration File Mount Location Description Applicable Itential Platform Versions
Redis /opt/itential/automation-platform/config/custom-redis.json Defines custom Redis properties. >=2023.1
MongoDB /opt/itential/automation-platform/config/custom-properties.json Defines custom MongoDB properties. >=2023.1
RabbitMQ /opt/itential/automation-platform/config/custom-rabbitmq.json Defines custom RabbitMQ properties. 2023.1
Itential Platform Profile /opt/itential/automation-platform/config/custom-profile.json Defines custom Itential Platform profile properties. >=2023.1
Itential Platform Service Configuration /opt/itential/automation-platform/config/custom-service-configs.json Defines custom Itential Platform service configuration properties. >=2023.1

To use a configuration file, mount it to its corresponding mount location with a bind mount. For example:

docker run -d -p 3000:3000 -p 3443:3443 \
  --mount type=bind,source=./volumes/iap/config/custom-properties.json,target=/opt/itential/automation-platform/config/custom-properties.json \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

For more information about configuring Itential Platform, refer to the Configuration section of the Itential Platform documentation.

Configuration Modes

How configuration files are applied to the Itential Platform container is dependent on what configuration mode the container is set to. Two configuration modes are available:

  • Override Mode (default): Enabled if the IAP_CUSTOM_PROPERTIES environment variable is set to "false" or is not present. Any configuration file mounted to the /opt/itential/automation-platform/config directory will override the corresponding default configuration file (located in the /opt/itential/automation-platform/defaults directory).
  • Custom Properties Mode: Enabled if the IAP_CUSTOM_PROPERTIES environment variable is set to "true". The image will ignore any default configuration files. As such, all custom configuration files must be present in the /opt/itential/automation-platform/config directory for Itential Platform to start.

Common Configuration Tasks

Though an Itential Platform application can function without a custom configuration of its component containers, the following changes are common in production environments.

Mounting Itential Platform Logs to the Host OS

By default, any logs stored by Itential Platform containers are lost when the containers and their volumes are removed. To ensure log persistence:

  1. Create a mount directory on the host OS (the OS that your container daemon is running on). This is where the logs are stored.

    mkdir -p ./volumes/iap/logs

  2. Use a bind mount to mount the directory into your Itential Platform container.

    docker run -d -p 3000:3000 -p 3443:3443 \
  --mount type=bind,source=./volumes/iap/logs,target=/opt/itential/logs \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Adding SSH Keys and Certificates to Itential Platform

To add custom SSH keys and certificates to Itential Platform:

  1. Create a mount directory on the host OS (the OS that your container daemon is running on). Place any SSH keys and certificates you would like to add to Itential Platform here.

    mkdir -p ./volumes/iap/keys

  2. Ensure all SSH keys and certificates have the proper permissions. The file owner should only have read access; all others should have no access (numeric permission 0400).

    chmod 0400 custom_key.key

  3. Create another mount directory on the host OS, this time to house a custom Itential Platform Profile configuration file. Create the configuration file, custom-profile.json, here.

    mkdir -p ./volumes/iap/config
cd ./volumes/iap/config
touch custom-profile.json

  4. Update the custom-profile.json file to reference your custom SSH keys and certificates.

    {
  "expressProps": {
    "description": "Express Server",
    "cacheControl": true,
    "timeout": 600000,
    "express_http": {
      "enable": false,
      "port": 3000
    },
    "express_https": {
      "enable": true,
      "port": 3443,
      "key": "/opt/itential/keys/custom_key.key",
      "cert": "/opt/itential/keys/custom_key.cert",
      "secureProtocol": "TLSv1_2_method",
      "ciphers": "ECDHE-RSA-AES128-GCM-SHA256",
      "client_reneg_limit": 1,
      "client_reneg_window": 600
    }
  }
}

  5. Use bind mounts to mount both directories into your Itential Platform container.

    docker run -d -p 3000:3000 -p 3443:3443 \
  --mount type=bind,source=./volumes/iap/keys,target=/opt/itential/keys \
  --mount type=bind,source=./volumes/iap/config/custom-profile.json,target=/opt/itential/automation-platform/config/custom-profile.json \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Implementing High Availability (HA) for Itential Platform

Multiple Itential Platform containers can run in a single application to provide HA. When using such a setup:

  • Each Itential Platform container must be bound to a unique port.
  • Itential Platform containers must be configured to start with staggered timing. This can be accomplished using the WAIT_FOR and WAIT_FOR_TIMEOUT environment variables.

For example, an application containing two Itential Platform containers might be configured as follows:

# We create a docker network so that they can talk to each other.
docker network create IAP_ha_network

# IAP_instance1
local_port_node_1_http=3000
local_port_node_1_https=3443
docker run -d -p 3000:$local_port_node_1 -p 3443:$local_port_node_1_https \
  --name IAP_instance1 -d --network IAP_ha_network \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

# IAP_instance2
local_port_node_2_http=3001
local_port_node_2_https=3444
docker run -d -p 3000:$local_port_node_2_http -p 3443:$local_port_node_2_https \
  --name IAP_instance2 -d --network IAP_ha_network \
  -e WAIT_FOR:"IAP_instance1" \
  -e WAIT_FOR_DELAY:60 \
  -e WAIT_FOR_TIMEOUT:300 \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Adding Open Source Adapters and Applications to Itential Platform

To add open source adapters and applications to Itential Platform:

  1. Create a mount directory on the host OS (the OS that your container daemon is running on). Install any open source adapters or applications you would like to add to Itential Platform to this directory.

    mkdir -p ./volumes/iap/opensource_adapters_apps/@itentialopensource
cd ./volumes/iap/opensource_adapters_apps/@itentialopensource

# Clone your open source adapter / application here. Then, install it:

cd open_source_adapter
npm install --legacy-bundling --prod

  2. Use a bind mount to mount the directory into your Itential Platform container.

    docker run -d -p 3000:3000 -p 3443:3443 \
  --mount type=bind,source=./volumes/iap/opensource_adapters_apps/@itentialopensource,target=/opt/itential/automation-platform/node_modules/@itentialopensource \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Adding Custom Adapters and Applications to Itential Platform

To add custom adapters and applications to Itential Platform:

  1. Create a mount directory on the host OS (the OS that your container daemon is running on). Install any custom adapters or applications you would like to add to Itential Platform to this directory.

    mkdir -p ./volumes/iap/automation-platform-custom
cd ./volumes/iap/automation-platform-custom

# Clone your custom adapter / application here. Then, install it:

cd custom_adapter
npm install --legacy-bundling --prod

  2. Use a bind mount to mount the directory into your Itential Platform container.

    docker run -d -p 3000:3000 -p 3443:3443 \
  --mount type=bind,source=./volumes/iap/automation-platform-custom,target=/opt/custom/node_modules \
  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag>

Encrypting Passwords

By default, some configuration files may contain passwords written in plaintext. To generate an encrypted password value for use in such files, run the following command to use the Itential Platform Encrypt tool.

docker run -it --entrypoint node 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag> \ 
  /opt/itential/automation-platform/node_modules/@itential/pronghorn-core/utils/encrypt.js <password_value>

...in which <password_value> is the plaintext password to be encrypted.

Further Reading

Example Docker Compose files can be found in the Itential Open Source GitLab repository. Documentation for these examples is provided in the README files located throughout the project.

Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2024 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout