Itential Automation GatewayDeploy and manageConfigure

Configure gateway client

Client configuration enables interaction with gateway servers for resource management and service execution. The client configuration section specifically applies to client nodes connecting to gateway servers.

You can connect to your gateway server from a local client on the same machine as your server, or, you can install the gateway client on a separate machine.

Local client (same machine as server)

For RPM/DEB installations, the client functionality is included with the server installation.

The gateway application mode enables you to configure whether iagctl acts as a server, client, or other modes when executed. By default, the application mode is set to server to manage connections to Gateway Manager. To send requests to your server, set the application mode to client.

1

Set the application mode to client

$export GATEWAY_APPLICATION_MODE=client
2

Add iagctl to your system path

$export PATH=/opt/gateway:$PATH
3

Log in as admin

  1. Run iagctl login admin.
  2. Enter admin when prompted for the initial password.
  3. Create a new password when prompted. Your password must be longer than 8 characters.
  4. Follow the remaining prompts to finish logging in.

Install and configure a separate client

1

Install gateway client

Install a gateway client on a separate machine to manage the resources on your gateway server.

Download the IAG binary executable for your particular operating system from the Itential software repository.

  1. Navigate to your Downloads folder and extract the archive. Before running the following command, update x.y.z and arch to reflect the version you downloaded.
$tar -zxvf iagctl-x.y.z_linux_arch.tar.gz
  1. Run the extracted executable:
$./iagctl
  1. Copy the file to your bin directory:
$mv ./iagctl /usr/local/bin/iagctl
2

Configure client

Create a client configuration file at ~/.gateway.d/gateway.conf.

The configuration sections relevant to client nodes include [application], [client], and [log]. See Configuration variables for more information.

The host value should match the server where your IAG server is running.

$[application]
$mode = client
$# CA certificate for verifying server certificates in mutual TLS
$ca_certificate_file = ~/.gateway.d/certificates/ca.pem
$
$[client]
$host = gateway-server-hostname
$port = 50051
$use_tls = true
$# Client certificates for mutual TLS authentication
$certificate_file = ~/.gateway.d/certificates/client.pem
$private_key_file = ~/.gateway.d/certificates/client-key.pem

Client authentication

Initial login

Log in using the admin account created during server startup:

$iagctl login admin

Follow the prompts to:

  1. Enter admin when prompted for the initial password.
  2. Create a new password when prompted. Your password must be longer than 8 characters.
  3. Follow the remaining prompts to finish logging in.

Subsequent logins

$iagctl login username

Verify configuration

Verify your client configuration:

$iagctl version --show-config

The expected output shows your active terminal configuration, including values from the configuration file and overriding environment variables.

Client operations

Once configured and authenticated, you can perform various client operations:

$# List services
$iagctl get services
$
$# Create a repository
$iagctl create repository example-repo --url https://github.com/example/repo.git
$
$# Create a service
$iagctl create service python-script my-service --repository example-repo --filename main.py
$
$# Run a service
$iagctl run service python-script my-service --set key=value

For more information, see Command reference.

Troubleshooting client configuration

Connection Issues:

  • Verify server hostname/IP accessibility
  • Check firewall rules for port 50051
  • Confirm TLS configuration matches server settings
  • Ensure mutual TLS certificates are properly configured on both client and server

Authentication Issues:

  • Ensure correct username and password
  • Check API key expiration (default 24 hours)
  • Verify client has necessary permissions
  • Confirm mutual TLS certificate validation is working

Configuration Issues:

  • Use iagctl --verbose for detailed logging
  • Check configuration file syntax
  • Verify certificate file paths and permissions
  • Ensure the correct configuration sections are being applied to the appropriate node types