Itential Automation GatewayDeploy and manageConfigure

Initial IAG configuration

The System Configuration UI is the primary interface for administering IAG properties. Use it to view and modify server configuration at runtime — most changes take effect dynamically without rebooting IAG.

For more information on breaking changes to the data types of certain configuration parameters, see IAG release notes and breaking changes.

System configurations

Most configurations, except those in the System and Databases sections of properties.yml, can be modified directly in the UI. Changes made via the UI take effect dynamically without rebooting the IAG server.

Properties that display a lock icon are read-only in the UI and can only be changed in properties.yml. Due to RBAC, changes to properties.yml are restricted to users who are members of the admin group. Changes made via properties.yml require a reboot.

Expose IAG on different ports

IAG runs on port 8083 by default. IAG can’t run on a standard port (80-HTTP or 443-HTTPS) because, in Linux, only root or setuid applications can bind to ports below 1024. See Privileged ports for running services on specific ports. To work around this limitation and run IAG over port 443, configure HAProxy to listen on 443 and forward to localhost 3443.

Subsystem configuration

You can modify the configuration for any subsystem — such as Ansible, Nornir, or Scripts — from the left navigation menu in the System Configuration UI. Select the subsystem, edit the properties, and save your changes. A success dialog confirms the save.

Multiple IAG instances for Itential Platform integration

When deploying multiple IAG instances for use with Itential Platform, don’t use load balancers in front of the Gateway servers. Because IAG doesn’t use a unifying database to connect multiple instances, load balancing can cause inconsistent behavior.

Instead, configure a separate AutomationGateway adapter in Itential Platform for each IAG instance, with each adapter pointing to a single IAG server’s IP address or hostname. Itential Platform automatically selects an available adapter when executing playbooks and other automation tasks.

For this configuration to work properly, all IAG instances must be identical, including the IAG version, Ansible version, playbooks, modules, and all other configurations and dependencies.

Backup database

IAG server configuration is saved in automation-gateway.db. Back up this file before performing any upgrades.

During the first boot, configuration parameters from properties.yml are injected into the database. This applies to both newly created property files and pre-2021.2 property files used for upgrades. All subsequent reboots use the configuration stored in the database, and any changes after the first boot must be made from the System Configuration UI.

The only exception is parameters in the System and Databases sections of properties.yml — those are still modified by editing the file directly and restarting the server.

Audit log

Audit logging is enabled by default. If the audit property in the config file is set to true, audit logging is active. To disable it, set it to false. For more details, see View audit log.

Password reset

If the password_reset_enabled flag is set to true, admins and users can recover a username or reset a password instead of getting locked out of the IAG server.

For more information on first-time login with password reset enabled, see Update default password.