IAG Container Image
  • 14 May 2024
  • Dark
  • PDF

IAG Container Image

  • Dark
  • PDF

Article summary

IAG Containerization

Itential Automation Gateway (IAG) can now be deployed using a containerized method of deployment.


Before proceeding, the following prerequisites must be met:

  • OCI compliance
  • Docker repository access
  • AWS CLI on the host OS

For CLI commands, remember to input the desired version for your environment, where applicable (e.g., docker run --name iag_2023_3). For sample illustration purposes only, version 2023.3 is used in this article.

Container Management Platform

IAG images are compliant with Open Container Initiative (OCI) specifications; however, this guide assumes the use of Docker. Specific instruction for using technologies that manage OCI containers, such as Docker Compose, falls outside the scope of this guide.

Docker Repository Access

IAG images are hosted on the Itential Docker repository. Contact your Itential Account Manager to obtain the credential information needed to download images from this repository, including your:

  • Access key ID
  • Secret access key

AWS Command Line Interface

Amazon Web Services Command Line Interface (AWS CLI) must be installed on your host operating system (OS).


For CLI commands, remember to input the desired version for your environment, where applicable.

Logging into the Itential Docker Repository

Before you can begin working with IAG containers, you must log into the Itential Docker repository. To do so, issue the following command.

export AWS_ACCESS_KEY=<access_key_id>
export AWS_SECRET_ACCESS_KEY=<secret_access_key>

aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 497639811223.dkr.ecr.us-east-2.amazonaws.com
Parameter Description
<access_key_id> The AWS access key ID provided by your Itential Account Manager.
<secret_access_key> The AWS secret access key provided by your Itential Account Manager.

Pulling Container Images

To download images from the container registry, issue a docker pull command.

docker pull 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-${bundle_name}:2023.3

Starting an IAG Container

To start an IAG container, issue the following commands.

Create Docker Network

docker network create itential-network

Start Container

docker run --name iag_2023_3 -d --network itential-network -p 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:2023.3

IAG Dependencies

The Automation Gateway dependencies must be running in your environment. This guide assumes these dependencies will be hosted via containers. However, dependencies may also be hosted via stand-alone servers, as they would be in a non-containerized IAG application.

IAG and IAP must be on the same docker network for each application to communicate with the other.

Using the IAG Image

To start an IAG container, issue the following command:

docker run --name some_IAG -d --network some_network \
-p host_machine_ip:host_port_number:container_port_number/tcp \
Parameter Description
some_IAG The desired name of the container.
some_network The Docker network to run the container in. If this network does not already exist, it will need to be created using the docker network create some_network command.
tag The desired version of IAG to run. This can also be used to upgrade the IAG image.

The host_machine_ip, host_port_number and container_port_number fields should be added and should match the IAP container docs. The IAG port is 8083.


Referring to a feature release version of IAG (e.g., 'automation-gateway:2023.3') will result in the latest maintenance release of that version being run. As such, Itential recommends using a specific maintenance release version (e.g., 'automation-gateway:2023.3.1') in production environments.

Setup IAG Database Persistence

The default behavior of the IAG container is to reset the IAG database once the container is stopped using the docker-compose down command.

For the IAG database to persist so that it is still available if the container is restarted or stopped, a volume needs to be setup to host the database on the host machine.

  1. Create the mount location on the host machine.

    mkdir -p ./volumes/iag/data
  2. Setup the mount reference in the docker-compose file.

    docker run --name some_IAP -d --network some_network \
    -p host_machine_ip:host_port_number:container_port_number/tcp \
    --mount type=bind,source=./volumes/iag/data,target=/opt/itential/automation-gateway/data \

Building a Customized IAG Image

The IAG image does not have root access. If packages that require root access need to be added to the image, Itential recommends that you build a new IAG image that adds the packages.

Below is a Dockerfile example that builds a new IAG image that adds the git package to it.

## base the image on the automation gateway image
FROM 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:<tag>
USER root
RUN mkdir -p /opt/ansible/logs && \
chown itential:itential /opt/ansible/logs && \
apk add git
USER itential

IAG Properties

All the properties listed in properties.yml can be configured using environment variables.

For each property the text automation_gateway_ needs to be placed in front of the IAG property name.


  ## configure logging
  automation_gateway_logging_level: 'INFO'
  ## enable ansible and provide the paths to the playbooks, collections, and roles
  automation_gateway_ansible_enabled: 'true'
  • Example Docker Compose files can be found in the Itential Open Source GitLab repository. Documentation for these examples is provided in README files located throughout the project.
  • To use Automation Gateway docker images, see the demo examples provided at Docker Compose Examples IAG.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.