For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Open sourceSupportFAQsDocs Home
DocumentationAPI referenceRelease notes
DocumentationAPI referenceRelease notes
  • Platform On-Prem
    • Overview
    • Navigate
        • Overview
        • Minimal architecture
        • High availability
        • Cloud
        • Active-standby
        • Blue-green
        • Deploy with containers
        • Deploy with Kubernetes
        • Alternative architectures
      • System requirements
    • Search resources
  • Apps
    • FlowAI
    • Itential Automation Gateway
  • Resources
    • Itential Academy
    • Version lifecycle
    • Itential MCP
    • Accessibility conformance
    • Get support
    • FAQs
LogoLogo
Open sourceSupportFAQsDocs Home
On this page
  • Before you begin
  • Container runtime
  • Registry access
  • AWS CLI
  • Log in to the registry
  • Pull a Platform image
  • Start a container
  • Configure with environment variables
  • Generate an encrypted value
  • Common configuration tasks
  • Persist logs to the host
  • Add SSH keys and certificates
  • Add adapters and custom applications
  • Run multiple containers for high availability
  • Related reading
Platform On-PremPlanChoose a deployment architecture

Deploy with containers

Was this page helpful?
Previous

Deploy with Kubernetes

Next
Built with

Itential provides pre-built OCI-compliant images of Platform 6 hosted on the Itential Docker registry. Containers are well-suited for development environments and teams using Docker-based workflows.

Containerization offers the following advantages over a traditional server deployment:

BenefitDescription
Horizontal scalingAdditional Platform containers can be created and destroyed according to workload demands
Deployment automationContainers can be deployed dynamically without manual intervention
Fault toleranceContainers can substitute for one another in the event of a failure
Blue-green deploymentEnvironment upgrades can be completed with minimal production downtime
Hybrid deploymentsPlatform containers integrate with both on-premise and cloud-based resources

This guide covers Docker. Detailed instructions for Docker Compose and Kubernetes fall outside its scope. Example Docker Compose files are available in the Itential open source repository.

Before you begin

Container runtime

Platform images are compliant with Open Container Initiative (OCI) specifications. This guide assumes Docker as the container runtime.

Registry access

Platform images are hosted on the Itential Docker registry. Contact your Itential Account Manager to obtain:

  • Access key ID
  • Secret access key
  • Bundle name

AWS CLI

The AWS Command Line Interface (AWS CLI) must be installed on your host OS to authenticate with the Itential registry.

Log in to the registry

Authenticate with the Itential Docker registry before pulling or running images.

$export AWS_ACCESS_KEY_ID=<access_key_id>
$export AWS_SECRET_ACCESS_KEY=<secret_access_key>
$
$aws ecr get-login-password --region us-east-2 \
>  | docker login --username AWS --password-stdin 497639811223.dkr.ecr.us-east-2.amazonaws.com

Replace <access_key_id> and <secret_access_key> with the credentials provided by your Itential Account Manager.

Pull a Platform image

$docker pull 497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

Replace <bundle_name> with your bundle name and <tag> with the desired Platform version, for example 6.0.2.

Referencing a feature release tag such as 6.0.0 pulls the latest maintenance build of that version, which may change over time. In production environments, always pin to a specific maintenance release tag such as 6.0.2.

Start a container

The minimum required configuration is an encryption key. Pass it using the -e flag.

$docker run -d -p 3000:3000 -p 3443:3443 \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

For information on generating an encryption key, see Install Platform 6.

Configure with environment variables

All Platform configuration properties can be set using environment variables with the ITENTIAL_ prefix. Pass each variable using the -e flag.

$docker run -d -p 3000:3000 -p 3443:3443 \
>  -e ITENTIAL_SERVER_ID="server1" \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

For the full list of available properties and their environment variable equivalents, see Platform properties reference.

Generate an encrypted value

To generate an encrypted value from inside the container — for example, to store a password in encrypted form — run:

$docker run -it --entrypoint node \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-<bundle_name>:<tag> \
>  /opt/itential/platform/server/utils/encrypt.js <password_value> <encryption_key>

Replace <password_value> with the plaintext value to encrypt.

Common configuration tasks

Persist logs to the host

By default, container logs are lost when a container and its volumes are removed. To persist logs, mount a host directory into the container.

1

Create a log directory on the host

$mkdir -p ./itential/platform/logs
2

Mount the directory when starting the container

The default log directory inside the container is /var/log/itential/platform. You can change this with the ITENTIAL_LOG_DIRECTORY environment variable.

$docker run -d -p 3000:3000 -p 3443:3443 \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  --mount type=bind,source=./itential/platform/logs,target=/var/log/itential/platform \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

Add SSH keys and certificates

1

Create a keys directory and place your files in it

$mkdir -p ./itential/platform/keys
2

Set permissions on each key and certificate

Keys and certificates must be readable only by the file owner.

$chmod 0400 custom_key.key
$chmod 0400 custom_key.cert
3

Mount the directory and pass the file paths as environment variables

$docker run -d -p 3000:3000 -p 3443:3443 \
>  --mount type=bind,source=./itential/platform/keys,target=/opt/itential/platform/keys \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  -e ITENTIAL_WEBSERVER_HTTPS_CERT="/opt/itential/platform/keys/custom_key.cert" \
>  -e ITENTIAL_WEBSERVER_HTTPS_KEY="/opt/itential/platform/keys/custom_key.key" \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

Add adapters and custom applications

1

Create a directory and install the adapter

$mkdir -p ./itential/platform/custom_adapters_apps/@itentialopensource
$cd ./itential/platform/custom_adapters_apps/@itentialopensource
$
$# Clone the adapter, then install its dependencies
$cd open_source_adapter
$npm install --install-strategy=nested --prod
2

Mount the directory and set the service directory environment variable

$docker run -d -p 3000:3000 -p 3443:3443 \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  -e ITENTIAL_SERVICE_DIRECTORY="/opt/itential/platform/custom" \
>  --mount type=bind,source=./itential/platform/custom_adapters_apps/@itentialopensource,target=/opt/itential/platform/custom \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

Run multiple containers for high availability

Multiple Platform containers can run together to provide high availability. Each container must:

  • Be bound to a unique host port
  • Connect to the same MongoDB and Redis instance

The following example starts two Platform containers sharing external MongoDB and Redis:

$# Container 1
$docker run -d \
>  -p 3000:3000 -p 3443:3443 \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  -e ITENTIAL_MONGO_URL="mongodb://host.docker.internal:27017" \
>  -e ITENTIAL_REDIS_HOST="host.docker.internal" \
>  --name IAP_instance1 \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>
$
$# Container 2
$docker run -d \
>  -p 3001:3000 -p 3444:3443 \
>  -e ITENTIAL_ENCRYPTION_KEY="<encryption_key>" \
>  -e ITENTIAL_MONGO_URL="mongodb://host.docker.internal:27017" \
>  -e ITENTIAL_REDIS_HOST="host.docker.internal" \
>  --name IAP_instance2 \
>  497639811223.dkr.ecr.us-east-2.amazonaws.com/<bundle_name>:<tag>

Related reading

  • Deployment overview
  • Deploy with Kubernetes
  • Platform properties reference
  • Configuration
  • Docker Compose examples