Itential Automation GatewayDeploy and managePlan

Application modes

Itential Automation Gateway (IAG) can run in four distinct modes to provide automation for various operating environments. You can tailor each mode to specific scenarios, ranging from individual users to complex, distributed ecosystems.

To switch between application modes, set the configuration variable GATEWAY_APPLICATION_MODE as described in Application variables.

See an example configuration file in the Configuration variables overview.

The following examples disable TLS. However, Itential strongly recommends enabling TLS in production environments.

Local mode

Local mode is the default setting.

  • Suitable for users or small teams who need to run automations from a single machine
  • No login required.
  • Ideal for simple setups or initial testing and development phases

To use Local mode, set GATEWAY_APPLICATION_MODE to local.

The following example shows a gateway.conf file configured to run in local mode:

$[application]
$mode              = local

Server mode

Server mode sets a centralized location where you can manage all resources.

  • IAG executes services on the gateway server if you don’t configure a distributed architecture with runner nodes
  • Gateway Manager and the gateway client send requests to the gateway server

For information about configuring a gateway server, see Server variables.

To use Server mode, set GATEWAY_APPLICATION_MODE to server.

The following example shows a gateway.conf file configured to run in server mode. Anything commented out is the default setting.

$[application]
$mode              = server
$
$[server]
$#api_key_expiration = 1440
$#certificate_file   = /etc/gateway/gateway.crt
$listen_address      = 0.0.0.0
$#port               = 50051
$#private_key_file   = /etc/gateway/gateway.key
$use_tls             = false

Client mode

Client mode is essential for managing a gateway server.

  • A gateway client connects to a gateway server instance running in server mode and sends requests to the server
  • This mode enables you to create and manage services, repositories, secrets, and user accounts
  • A gateway server is required for client mode to function because client mode execfutes all operations against the connected server

For more information on configuring a gateway client, see Client variables.

To use Client mode, set GATEWAY_APPLICATION_MODE to client.

The following example shows a gateway.conf file configured to run in gateway client mode. Anything commented out is the default setting.

$[application]
$mode              = client
$
$[client]
$#certificate_file =
$host              = some.gateway-server.domain
$#port             = 50051
$#private_key_file =
$use_tls           = false

Runner mode

Runner mode is designed for specialized execution-only nodes that receive service execution requests from gateway servers. They handle the actual automation task processing while the gateway servers manage coordination and communication.

For more information on runner nodes and IAG architectures, see Choose a deployment architecture.

To use Runner mode, set GATEWAY_APPLICATION_MODE to runner.

The following example shows a gateway.conf file configured for runner mode. Note that this example configures etcd as the store backend, but you can use either an etcd database or an Amazon DynamoDB table as your shared database. Anything commented out is the default setting.

$[application]
$mode              = runner
$
$[runner]
$#announcement_address =
$#certificate_file     = /etc/gateway/gateway.crt
$listen_address        = 0.0.0.0
$#port                 = 50051
$#private_key_file     = /etc/gateway/gateway.key
$use_tls               = false
$
$[store]
$backend                   = etcd
$etcd_hosts                = etcd-host.domain:2379
$etcd_use_tls              = false
$#etcd_ca_certificate_file =
$#etcd_certificate_file    =
$#etcd_client_cert_auth    = false
$#etcd_private_key_file    =

Feature availability in each mode

The following table shows which features are available in each mode and highlights the dependency of server mode on client connections for running automations.

Runner mode has been omitted because gateway runners are limited to executing only automations that a gateway server sends to them.

FeatureLocalServerClient
Run AutomationsYesvia ClientYes
Create SecretsYesvia ClientYes
Create ServicesYesvia ClientYes
Create RepositoriesYesvia ClientYes
Manage UsersNovia ClientYes
Login MethodNonevia ClientRequired