订阅

UiPath AI Center

UiPath AI Center

5. Run the AI Center Application Installer

Accessing the Admin Console

Navigate to the admin console, this will always be https://<machine-ip>:8800. This is where the configuration for the application installer will take place. On navigating to that address, the below page is displayed.

Click Continue to Setup.

Configure DNS (optional)

📘

Accessing this page

If the below page is not appearing automatically and you want to configure specific DNS/certificate you can access this page at the following url
https://:8800/tls

If the Linux machine has DNS configured and you with to use your own certificate when accessing AI Center app based on a fully qualified domain name, this configuration screen will allow you to do so.
Enter the hostname and upload both the private key and the SSL certificate. Make sure that the domain is reachable from the network where you want to access AI Center over the ports 8800, 31443, 31390.

Logging in to the Admin Console

After configuring the DNS in the step above (or clicking **Skip & Continue" to skip that step), the following page is displayed:

Enter your password from Step 4: Run the AI Center Infrastructure Installer. After successfully logging in, you will be prompted to upload a license file:

Upload the yaml file that has your AI Center license (contact your AI Center representative if you do not have an AI Center license).

Choose your Install type

Airgapped Installation

If you are following the airgapped installation, in this step you must upload the installation bundle.
Click on Choose a bundle to upload button and select aif_services file extracted on previous step.

📘

Airgap bundle upload

Since the Airgap bundle is a big file you may experience some issue while uploading it, if you face an issue please refresh your page and reupload same bundle it should continue from where it stopped.

Online Installation

Nothing to do here

Configure the Installer

Next step is to configure installer using following screen:

The fields in this page need to be completed. Please refer to the explanations below

Ingress

  • Host (IP or FQDN) IP of the Linux machine. If you configured DNS for this machine and completed the step Configure DNS above then enter the fully qualified domain name of this machine.

Single Database Vs Multiple Databases

Just select right option according to what you did in step 2.

SQL

  • Host Enter the IP address of the SQL database where you created the databases in Step 2. SQL Configuration.
  • Username Enter the username for the SQL database owner
  • Password Enter the password for the SQL database.

📘

Azure databases

If you are using Azure databases please make sure to use FQDN to connect to the databases. It can be public or private domain name (as long as DNS is configured) but it won't work if you are using the private IP is documented here: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns

Orchestrator

  • Endpoint Enter the Orchestrator address with port 443. Do not include http, https. The Orchestrator endpoint must be the domain name <domain-name>:443.

🚧

Orchestrator port

Make sure to include the right port here (default is 443) after the domain-name. Not including the port is a common source of user error during the install.

See the examples below for pitfalls to avoid.

Orchestrator endpoint entered

Correct

aicenter.orchestrator.cloudapp.azure.com:443

https://aicenter.orchestrator.cloudapp.azure.com

https://23.96.154:443

23.96.154:443

身份服务器

This is only necessary if UiPath Identity Server is different from Orchestrator Endpoint.

Identity Server Access Token

This is the identity token from Orchestrator. To generate this token navigate to <orchestrator-address>/identity in a browser. Make sure you are logged in to the host tenant (as opposed to the "default" tenant). The below page is displayed:

If you see a page that does not have the left navigation as above, you are likely logged in to the default tenant. Make sure you log in as the host tenant.

Now click Installation Access Token, click Generate Token and use the two card icon to copy this token to your clipboard.

Paste this token into the field Identity access token.

🚧

Note that this token expires in an hour. The configuration should be deployed immediately after you have generated the token to reduce the risk of issues. If you have to edit the configuration and re-deploy, be sure to generate a new token.

Is Orchestrator using self signed certificate?

If Orchestrator is using a self signed certificate or a certificate delivered by an entity which is not globally trusted you need to pass Orchestrator certificate there. Select Yes and then upload certificate as .cer or .crt file. Most browsers allow you to download certificate by simply accessing the Orchestrator and downloading it from there.

Is Identity Server using self signed certificate?

If Identity Server is separated from Orchestrator and is using a self signed certificate or a certificate delivered by an entity which is not globally trusted you need to pass Identity Server certificate there.
Select Yes and then upload certificate as .cer or .crt file. Most browsers allow you to download certificate by simply accessing the Identity Server and downloading it from there.

Feature Management

This field is optional and used to add preview features to your AI Center installation. Please check with your Account Manager/CSM if you need anything here.

Installation Platform

Select OneBox here.

Preflight Checks

Click Continue in the configuration page. You will be navigated to a page with title Preflight checks. If all your preflight checks pass, you will see a page like this:

The only preflight checks that can be cautiously ignored are:

  • Total Memory Conservatively, the machine should have at least 52GB RAM, to see how provisioning less memory limits the capacities of AI Center see the hardware requirements page.
  • Certificate SSL Validation this let you know if certificate that you are using for AI Center is globally trusted or not. By default AI Center is using self signed certificate which is not globally trusted however we strongly recommend to get a globally trusted certificate for your non POC environments.

Troubleshooting Preflight Checks

If you do not see a green checkmark on the preflight checks use this guide to fix your errors.

Preflight Check

Orchestrator Check

Verifies that:

  • We can connect to orchestrator domain on the path /api/auth
  • Verifies uipath.orchestrator.dll.config is correctly set.

Solution: Make sure the network rules are set so the linux machine can connect to Orchestrator. Verify that UiPath.Orchestrator.dll.config (or Web.config if Orchestrator 20.4) is correctly set in 3. Configure Orchestrator.

Identity Server Check

Verifies that:

  • We can connect to identity server on path /identity

Solution: Make sure the network rules are set so the linux machine can connect to Identity Server (if different from Orchestrator).

Identity Server Access Token Validation

Verifies that:

  • Access token is valid.

Solution: If you pass the Identity Server Check, make sure that you have a fresh token as the token validity is 1 hour.

Orchestrator and Identity Server checks fail AND you do not have an external DNS

If you do not have an external DNS through which the Orchestrator domain name or the Identity Server domain name can be resolved, you need an extra application of a configuration file. See Advanced Troubleshooting - DNS Resolution

DB Checks

Verifies that:

  • SQL Server connection and credentials are valid.
  • Checks DB exists
  • Checks user is assigned db_owner role for each DB.

Solution: Make sure SQL Server is allowing incoming connections on its port and that SQL Server Authentication is enabled. The DB creation and proper role creation is handled automatically by the script in 2. Configure Database.

All checks below Disk Space fail.

If you have verified the network/firewall rules for Orchestrator and SQL Server but are still seeing all the checks related to connections fail it may be due to a more nuanced network configuration issue called IP Masquerading. This is usually caused when the linux machine and Orchestrator/SQL Server are on different subnets. If this happens, run:

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

On the linux machine, and retry the preflight checks.

If you are unable to resolve preflight check failure please contact support and send them a Support Bundle. See Advanced Troubleshooting - Support Bundle for instructions on how to create one.

Running the Application Installer

Once all the preflight checks are passing, click Continue. You will see the following page:

This page means that the AI Center application installer has started. If all configurations where set correctly, this should execute within 20-30 mins. See below to output the log that will show whether the installation was successful.

Troubleshooting the Application Installer

👍

Summary

At a high-level troubleshooting the application install by yourself (note you can also just send UiPath technical support your Support Bundle, see below) involves these steps:
Looking at the provision log to determine what happened. Run kubectl logs -f provision-* to see the latest provision log.
Fix/Edit your configuration after you learn of the error from the logs.
Re-trigger a provision by saving the configuration, clicking Go to new new version and then clicking Deploy

Running Logs

To see running logs, you can use the kubernetes commadline interface since the application installer runs on top of kubernetes.

To run any kubernetes command, reload your bash shell (once per terminal session) by running bash -l.

Every time a configuration is changed and deployed (for the first configuration the deploy is done automatically, for subsequent one you must save the configuration and click Deploy), a new job will be executed to install the application.

To see the running logs on the linux machine run:

bash -l
kubectl get pods

you will see something like this:

aif-admin@aicenter-onprem-int0:~$ kubectl get pods
NAME                                  READY   STATUS             RESTARTS   AGE
...
...
provision-rmvfg                       0/1     Running            0          1m

The output shows a name formatted like provision-. To see the running application installer do:

kubectl logs -f provision-rmvfg

Where you replace 'rmvgf' with whatever identifier is shown in your terminal (alternatively just type kubectl logs -f provision and hit TAB, this will autocomplete the identifier).

This will show running logs (if the process has not ended) as well as the logs when the process has succeeded or terminated. Most, if not all users can troubleshoot without having to use anything other than the command above.

Successful Install

A successful install will show the screenshot below 20-30 minutes after passing the preflight checks:

If you see this screen, you can proceed to the step 6. Verify Installation .

Known Issues

Contingent on triggering an installation only after you have passed the preflight checks, there is only one known issue that can happen in the AI Center installer. If this is the case, you will see the following output from the log:

...
Starting ai-helper deployment ...Release "ai-helper" does not exist. 
Installing it now.
Error: etcdserver: request timed outHelm installation failed for ai-helper in namespace aifabric. 
Exiting !!!onebox provisioning failed. 
Exiting !!!

This is an intermittent etcdserver issue. Retry the installation by going to the admin console on <ip>:8800, clicking on Config, pasting a new Identity server token, hitting Continue to new version, and finally clicking Deploy.

This issue should resolve itself with up to 5 installation attempts. If you face the same issue (Error: etcdserver: request timed out) and retrying does not resolve the issue please contact support and create a support bundle.



Install OOB models (airgapped only)

For airgapped installation you need to manually download OOB models and then "install" them on your AI Center machine to be able to use them. For each model that you want to add you will have a tar file that you need to move to your AI Center machine. Once on AI Center machine just run following commands for each file:

tar -zxvf formextractor-1.tar.gz
cd formextractor
nohup sudo ./setup.sh > formextractor.out 2>&1

Logs will be accessible in formextract.out file. We recommend using nohup for this command because installation can take up to an hour and this would avoid any issue due to losing connection to the machine.

Advanced Troublshooting

Creating a Support Bundle

To create a support bundle, navigate to the admin UI (<machine-ip>:8800) and click on Troubleshoot on the top navigation bar. Click the button to generate a new support bundle, and then download that bundle. When you contact support, include in the ticket that file (support-bundle.tar.gz).

DNS Resolution

As mentioned above, this issue will surface during preflight checks. As a reminder, this issue occurs when there is no external DNS that will resolve the Orchestrator domain or the Identity Server domain.

To address this issue (note if you are an experienced linux user, the issue cannot be simply solved by adding entries to /etc/hosts), we will need to edit cluster's configmap so the cluster is aware of this DNS. To do do so you need to run the following command:

kubectl -n kube-system edit cm coredns

It will open a vi editor with file looking as follow

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
        }
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2020-11-30T12:25:28Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "17667708"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: 2bde7049-eda6-46eb-b523-beb8c421085f

A new section hosts needs to be added after loadbalance in Corefile section (line 19), you can list there as many dns you want to and add fallthrough at the end:

apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        health
        ready
        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           fallthrough in-addr.arpa ip6.arpa
           ttl 30
        }
        prometheus :9153
        forward . /etc/resolv.conf
        cache 30
        loop
        reload
        loadbalance
        hosts example.hosts orchestrator-dns.com {
          1.2.3.4 example.hosts
          5.6.7.8 orchestrator-dns.com
          fallthrough
        }
    }
kind: ConfigMap
metadata:
  creationTimestamp: "2020-11-30T12:25:28Z"
  name: coredns
  namespace: kube-system
  resourceVersion: "17667708"
  selfLink: /api/v1/namespaces/kube-system/configmaps/coredns
  uid: 2bde7049-eda6-46eb-b523-beb8c421085f

After that the DNS will be configured and working inside your cluster.

📘

coredns.yaml

Make sure that after your edit coredns is a proper yaml file and don't use tab to indent but spaces only.

Updated 5 days ago



5. Run the AI Center Application Installer


建议的编辑仅限用于 API 参考页面

You can only suggest edits to Markdown body content, but not to the API spec.