Itential Automation GatewayDeploy and manageInstall

Deploy IAG container image

IAG containerization

Itential Automation Gateway (IAG) can be deployed using a containerized method of deployment.

Prerequisites

Before proceeding, the following prerequisites must be met:

  • OCI compliance
  • Docker repository access
  • AWS CLI on the host OS

For CLI commands, remember to input the desired version for your environment, where applicable (e.g., docker run --name iag_4.3.4). For sample illustration purposes only, version 4.3.4 is used in this article.

Container management platform

IAG images are compliant with Open Container Initiative (OCI) specifications; however, this guide assumes the use of Docker. Specific instruction for using technologies that manage OCI containers, such as Docker Compose, falls outside the scope of this guide.

Docker repository access

IAG images are hosted on the Itential Docker repository. Contact your Itential Account Manager to obtain the credential information needed to download images from this repository, including your:

  • Access key ID
  • Secret access key

AWS command line interface

Amazon Web Services Command Line Interface (AWS CLI) must be installed on your host operating system (OS).

For CLI commands, remember to input the desired version for your environment, where applicable.

Log into the Itential Docker repository

Before you can begin working with IAG containers, you must log into the Itential Docker repository. Issue the following command.

$export AWS_ACCESS_KEY_ID=<access_key_id>
$export AWS_SECRET_ACCESS_KEY=<secret_access_key>
$
$aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 497639811223.dkr.ecr.us-east-2.amazonaws.com
ParameterDescription
<access_key_id>The AWS access key ID provided by your Itential Account Manager.
<secret_access_key>The AWS secret access key provided by your Itential Account Manager.

Pull container images

To download images from the container registry, issue a docker pull command.

$bundle_name=config
$docker pull 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:4.3.4

Start an IAG container

To start an IAG container, issue the following commands.

Create Docker network

$docker network create itential-network

Start container

$docker run --name iag_2023_3 -d --network itential-network -p 127.0.0.1:8083:8083/tcp 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:4.3.4

IAG dependencies

The IAG dependencies must be running in your environment. This guide assumes these dependencies will be hosted via containers. However, dependencies may also be hosted via stand-alone servers, as they would be in a non-containerized IAG application.

IAG andItential Platform must be on the same Docker network for each application to communicate with the other.

Use the IAG image

To start an IAG container, issue the following command:

$docker run --name some_IAG -d --network some_network \
>-p host_machine_ip:host_port_number:container_port_number/tcp \
>497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:<tag>
ParameterDescription
some_IAGThe desired name of the container.
some_networkThe Docker network to run the container in. If this network does not already exist, it will need to be created using the docker network create some_network command.
tagThe desired version of IAG to run. This can also be used to upgrade the IAG image.

The host_machine_ip, host_port_number, and container_port_number fields should be added and should match theItential Platform container docs. The IAG port is 8083.

Referring to a feature release version of IAG (e.g., automation-gateway:4.3.0) will result in the latest maintenance release of that version being run. Itential recommends using a specific maintenance release version (e.g., automation-gateway:4.3.4) in production environments.

Set up IAG database persistence

The default behavior of the IAG container is to reset the IAG database once the container is stopped using the docker-compose down command.

For the IAG database to persist so that it is still available if the container is restarted or stopped, set up a volume to host the database on the host machine.

1

Create the mount location on the host machine

$mkdir -p ./volumes/iag/data
2

Set up the mount reference in the docker-compose file

$docker run --name some_IAP -d --network some_network \
>-p host_machine_ip:host_port_number:container_port_number/tcp \
>--mount type=bind,source=./volumes/iag/data,target=/opt/itential/automation-gateway/data \
>497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:<tag>

Build a customized IAG image

The IAG image does not have root access. If packages that require root access need to be added to the image, Itential recommends that you build a new IAG image that adds the packages.

The following Dockerfile example builds a new IAG image that adds the git package.

1## base the image on the IAG image
2##
3FROM 497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:<tag>
4USER root
5RUN mkdir -p /opt/ansible/logs && \
6chown itential:itential /opt/ansible/logs && \
7apk add git
8USER itential

IAG properties

All the properties listed in the properties.yml file can be configured using environment variables.

For each property, place the text automation_gateway_ in front of the IAG property name.

Example

1environment:
2  ## configure logging
3  automation_gateway_logging_level: 'INFO'
4  ## enable ansible and provide the paths to the playbooks, collections, and roles
5  automation_gateway_ansible_enabled: 'true'

Learn more

  • Example Docker Compose files can be found in the Itential Open Source GitLab repository. Documentation for these examples is provided in README files located throughout the project.
  • To use Itential Automation Gateway Docker images, see the demo examples provided at Docker Compose examples IAG.