Should installing ignition under domain account be avoided?

As we know domain accounts can have some or loads of various policies which are mostly invisible to the normal users.
Would you agree that installing ignition under domain account should be avoided to prevent potential weird problems which are difficult or impossible to fix?
My understanding that whenever possible local admin account should be used - is it right?


Depending on who you ask, whenever possible the gateway should not be hosted on Windows at all :slight_smile:

In general, if you don't need a domain account (i.e. for access to network folders) you should stick to the default LOCAL_SYSTEM account, since it makes your IT group happy with some OS-level restrictions available automatically.


I have not seen it myself but quite curious if it is possible for the operating system to be so locked up that there is no diagnosis available to check what went wrong ? eg. wrapper file empty, no logs in the status page in the gateway?

If you need to access network file shares in the domain, then a domain account is the simplest way to run Ignition under Windows and access such resources.

But then, I'm one of those who think running operations with Windows is engineering malpractice.

1 Like

I recently had to set up Ignition to login with a domain. The IT was getting rid of all local logins to the SQL Server db, which was fair as there was like 60-70 of them that mostly only existed for stored procedure/schema convenience reasons, and they only wanted to have to worry about security of domain users. But this was necessary for me to be able to have Ignition login to the SQL Server as the domain user with an integratedSecurity=true keyword in the connection string. This and network drives are probably the two biggest reasons that would require this.

1 Like

my understanding is that installing ignition is a lot safer on local admin account but running on domain account is not an issue

ps always happy to change my mind if there is a good reason

@pturmel i assume you mean linux? any pointers or good resource to learn? whats your favorite distributions ?

ps i only touched vm demo with ubuntu and it felt gread when console commands worked as intended :slight_smile:

I believe Phil is travelling at the minute, so here's a search that came back with this post:

Furthermore, I believe Phil uses a flavor that can offer commercial support for that particular distro.


Personally, I have two Linux servers for R&D. One is Debian Stretch 10, recommended because the debian distro does not get updates often, therefore is a stable branch. On it I run docker with about 20 Ignition instances all running at the same time. Docker is much more lightweight than VMs'.

The other is Ubuntu Server 20.04 LTS.

I shared this tip recently in another thread, for me the best command to know is "history". Type that in, and it will show every command you've entered since first powering up the box, even surviving reboots. If you want to enter the same command again and that appears on line 250, just type !250 or sudo !250, and it will re-enter it for you.

If you are deploying Edge devices on OnLogic hardware, they can pre-install Linux for a small fee. Personally, I go for this, it saves the time of the install and keeping different USB sticks with Linux installers on them.


@Matrix_Engineering thanks for sharing that info i will definatelly play bit more with linux if time permits

are you aware of any major limitations when using ignition in a docker?

It's another layer of abstraction, but worth it, especially for R&D testing, IMO. There are some good resources now, on IU, elective studies on Ignition with Docker, and scripts to quickly deploy a new docker container with official installs.

It's really handy for testing the new releases. I basically have a docker image for all minor versions of 8.1

1 Like

Some things, like editing the ignition.conf, are harder to do in docker, and using the gwcmd. I keep it pretty much a standard install.

On my Ubuntu server, I have Ignition on the bare metal along with MariaDB.

Indeed. In Europe. Mostly family, but a bit of work on the side.

FWIW, the kickstart is obsolete now. The yaml-based auto-install is superior, anyways.

Yes, I consider this critical, and without requiring a re-install. Ubuntu offers on-demand support for any installation from its regular repositories.

1 Like

@pturmel there are a lot of resources to learn redhat distro which has paid support

Can you please share your opinion if both ubuntu or redhat are a good choice when learning linux and also using ignition?

You can only get support for redhat itself, the paid version, installed from the paid repos. If you install Fedora or CentOS, the free versions from free repos, you cannot get support. You would have to reinstall with redhat.

Not true for Ubuntu.


If the wind takes you near Slovenia, we can go for tea/coffee/beer... :beers:

I wish I could take you up on that, but family is in France. Maybe in the future.

1 Like

@pturmel thanks for clarifying licencing for redhat, as everybody on this planet i have limited time so i need to be selective how to invest my time and what to learn...