- Overview
- Requirements
- Installation
- Post-installation
- Cluster administration
- Monitoring and alerting
- Migration and upgrade
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to Troubleshoot Services During Installation
- How to Uninstall the Cluster
- How to clean up offline artifacts to improve disk space
- How to Disable TLS 1.0 and 1.1
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bundle
- How to debug failed Automation Suite installations
- How to disable NIC checksum offloading
- Unable to run an offline installation on RHEL 8.4 OS
- Error in Downloading the Bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Failure After Certificate Update
- Automation Suite Requires Backlog_wait_time to Be Set 1
- Cannot Log in After Migration
- Setting a timeout interval for the management portals
- Update the underlying directory connections
- Kinit: Cannot Find KDC for Realm <AD Domain> While Getting Initial Credentials
- Kinit: Keytab Contains No Suitable Keys for *** While Getting Initial Credentials
- GSSAPI Operation Failed With Error: An Invalid Status Code Was Supplied (Client's Credentials Have Been Revoked).
- Login Failed for User <ADDOMAIN><aduser>. Reason: The Account Is Disabled.
- Alarm Received for Failed Kerberos-tgt-update Job
- SSPI Provider: Server Not Found in Kerberos Database
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis Probe Failure
- RKE2 Server Fails to Start
- Secret Not Found in UiPath Namespace
- ArgoCD goes into progressing state after first installation
- Unexpected Inconsistency; Run Fsck Manually
- Missing Self-heal-operator and Sf-k8-utils Repo
- Degraded MongoDB or Business Applications After Cluster Restore
- Unhealthy Services After Cluster Restore or Rollback
- Using the Automation Suite Diagnostics Tool
- Using the Automation Suite Support Bundle Tool
- Exploring Logs
Post-migration steps
Post-migration steps are mandatory and include:
Take the following steps:
- Run
kubectl edit secret platform-service-secrets -n uipath
and updateidentity.sqlConnectionString
,identity.hostAdminUsername
, andidentity.hostAdminPassword
using base64 encoded values. - Use the instructions provided in Updating the Identity token signing certificate.
- If using SAML, run
kubectl edit secret identity-saml-certificates -n uipath
and updatecurrent.saml2.pfx
andfuture.saml2.pfx
via the decrypted private keys, andcurrentCertPassword
andfutureCertPassword
via base64 encoded values. - If using Kerberos, run
kubectl edit secret krb5-keytab -n uipath
and update thekrb5.keytab
value.
Take the following steps:
- Run
kubectl --kubeconfig <directory of SF cluster yaml file> get secrets/redb-redis-cluster-db -n uipath --template '{{ .data.password }}'
to get Redis password. Decode the Base64 value. - Run
kubectl --kubeconfig <directory of SF cluster yaml file> get secrets/redb-redis-cluster-db -n uipath --template '{{ .data.port }}'
to get Redis port. Decode the Base64 value. - Run
kubectl --kubeconfig <directory of SF cluster yaml file> exec -i -t -n redis-system redis-cluster-0 -c redis-enterprise-node "--" sh -c "clear; (bash || ash || sh)"
to get into Redis node. - Use port and password got from previous commands to run
redis-cli -p <Port number> -a <Password> --scan --pattern is:* | xargs redis-cli -p <Port number> -a <Password> del
to delete the old keys. - Run exit to get out.
C:\Program Files (x86)\UiPath\Orchestrator\Identity\Tools\DataMigrator.Cli
-
.\UiPath.DataMigrator.Cli.exe kube-migrate -d <identity.sqlConnectionString for the k8s env>
Restart identity-service-api after running the migrator command.
Prerequisites
The MSIToAutomationSuiteTenantMigrator tool requires .NET 6.0 at a minimum. If .NET 6.0 or later is not present, download and install .NET Runtime for Linux before using the MSIToAutomationSuiteTenantMigrator tool.
sudo yum install dotnet-sdk-6.0 -y
Downloading the tool
The MSIToAutomationSuiteTenantMigrator tool is available for download here.
Running the tool
\
before special characters.
To link tenants from a standalone installation to Automation Suite, run:
./MSIToAutomationSuiteTenantMigrator -s '<Orchestrator DB connection string (the one cloned from the standalone installation server)>' -p '<Platform DB connection string (Automation Suite)>' -t '<List of tenant names separated by comma, e.g. orchTenant1,orchTenant2>'
./MSIToAutomationSuiteTenantMigrator -s '<Orchestrator DB connection string (the one cloned from the standalone installation server)>' -p '<Platform DB connection string (Automation Suite)>' -t '<List of tenant names separated by comma, e.g. orchTenant1,orchTenant2>'
Prerequisites
The MSIToAutomationSuiteTenantMigrator tool requires .NET 6.0 at a minimum. If .NET 6.0 and beyond is not present, download and install .NET Runtime 6.0.3 for Windows before using the MSIToAutomationSuiteTenantMigrator tool.
Downloading the tool
The MSIToAutomationSuiteTenantMigrator tool is available for download here.
Running the tool
$
with `$
.
To link tenants from a standalone installation to Automation Suite, run:
MSIToAutomationSuiteTenantMigrator.exe -s "<Orchestrator DB connection string (the one cloned from the standalone installation server)>" -p "<Platform DB connection string (Automation Suite)>" -t "<List of tenant names separated by comma, e.g. orchTenant1,orchTenant2>"
MSIToAutomationSuiteTenantMigrator.exe -s "<Orchestrator DB connection string (the one cloned from the standalone installation server)>" -p "<Platform DB connection string (Automation Suite)>" -t "<List of tenant names separated by comma, e.g. orchTenant1,orchTenant2>"
Configure SMTP for the host and (optionally) for any organizations where you want to use different SMTP settings than the host.
To configure AD integration, refer to Configuring SSO: Active Directory.
If AD integration and authentication were enabled in the standalone deployment, take the following steps in the Automation Suite cluster:
- Make sure the domain controllers are discoverable by the Automation Suite cluster. If not, use the Kube DNS configuration;
- Configure integrated Windows authentication and Kerberos authentication using keytab file;
- Configure LDAP integration via the Portal under the host admin;
- Configure Windows authentication via the Portal under the host admin;
-
Configure LDAPS for secure connection to LDAP.
Note: The account used for the LDAP integration configuration should only have read access to all trusted domains in the current and trusted forests.
Update the Orchestrator configuration. Make sure to review the following:
- Custom configuration from
UiPath.Orchestrator.dll.config
- Any
web.config
settings. - Storage (packages, execution media, and buckets data) - mostly applicable to
Storage.Type=FileSystem
- Custom NLog targets.
- Custom credential stores.
- Encryption key per tenant configuration.
You can simplify many of the following steps by using the provided Orchestrator Configurator Tool.
orchestrator_configurator.sh
bash tool can update the Orchestrator custom config map and upload files to the Orchestrator well-known blob storage locations.
Use the -y
parameter to skip confirmation of the proposed actions.
orchestrator-customconfig
config map using a tool such as Lens or kubectl.
values.json
file. The Orchestrator deployment should restart automatically after this configuration change.
{
"Kestrel": {
"Limits": {
"MaxRequestBodySize": 314572800
}
}
{
"Kestrel": {
"Limits": {
"MaxRequestBodySize": 314572800
}
}
appSettings.custom.json
file edited in the pre-migration steps now contains all the customization needed in the appSettings
section. You need to place this .json
file in the orchestrator-customconfig
config map, in the values.json
file, under the appSettings
key.
{
"ExampleSetting.Enabled": true,
"ExampleSetting.Type": "BasicExample",
"ExampleSetting.Count": 3
}
{
"ExampleSetting.Enabled": true,
"ExampleSetting.Type": "BasicExample",
"ExampleSetting.Count": 3
}
-c|--app-settings
parameter:
./orchestrator-configurator.sh -c appSettings.custom.json
./orchestrator-configurator.sh -c appSettings.custom.json
If using the configurator tool, go through all the steps to gather all required appSettings overrides, and run the script once at the end.
/var/orchestator/data
path.
kubectl cp
, using the -s|--storage-folder
parameter:
./orchestrator-configurator.sh -s blobstoragefolder
./orchestrator-configurator.sh -s blobstoragefolder
storage
folder becomes the content of the /var/orchestrator/data
folder.
To use network FileStore, edit the Orchestrator ArgoCD app parameters, and set the following:
storage.type = smb
storage.smb.domain
storage.smb.password
storage.smb.source
storage.smb.username
storage.smb.size
To configure other storage options, edit the Orchestrator ArgoCD app parameters and set the following:
storage.type
to the desired provider (Azure, AWS, Minio)storage.connectionString
Overview of the Orchestrator app storage settings:
Orchestrator web browser access to Amazon and Azure storage buckets can be restricted due to the same-origin policy on the provider side. Successfully accessing the content of such a bucket requires you to configure the respective provider to allow cross-origin requests from Orchestrator.
See instructions on how to configure each provider to allow cross-origin requests from Orchestrator.
Ceph
, in the uipath
bucket. The Orchestrator pod will then be able to load them at startup. You also need to place the configuration in orchestrator-customconfig
in the nlog.json
file.
-n|--nlog-extensions-folder
and -l|--nlog-config-file
parameters.
./orchestrator-configurator.sh -n nlogextensions -l nlog.custom.json
./orchestrator-configurator.sh -n nlogextensions -l nlog.custom.json
/var/orchestrator/plugins/nlog
. The configurator automatically updates the assemblyFile paths, prepending the plugins path to them.
appsettings.custom.json
, so there are no more required configuration updates.
values.json
file of orchestrator-customconfig
under the appSettings section.
/var/orchestrator/plugins/securestore/
path.
-p|--securestore-plugins-folder
parameter:
./orchestrator-configurator.sh -p securestoreplugins
./orchestrator-configurator.sh -p securestoreplugins
orchestrator-generated-secrets
by overwriting the value of APPSETTINGS__EncryptionKey
.
cluster_config.json
file. This ensures all changes made via ArgoCD are properly saved in the Automation Suite configuration file.
cluster_config.json
, run the following command:
./configureUiPathAS.sh config get -i /path/to/old/cluster_config.json -o ./cluster_config.json
./configureUiPathAS.sh config get -i /path/to/old/cluster_config.json -o ./cluster_config.json
create_db
to false
. Not doing so would prevent the installer from overriding SQL connection strings and retaining the latest state of the cluster.
cluster_config.json
at this stage. The operation requires running the installer, which reverts the changes made to the SQL connection strings.
For details on the alternative options to configure Kerberos authentication, see Configuring Automation Suite as a Kerberos client.
- Step 1: Updating secrets and Identity Server configuration
- Updating Identity Application Secrets With Previously Saved Identity Configuration Data
- Remove old Identity cache keys
- Running Identity Server DataMigrator CLI
- Step 2: Linking tenants from a standalone installation to Automation Suite
- For Linux
- For Windows
- Updating SMTP Configuration Information
- Step 3: Updating AD Integration and Authentication
- Step 4: Updating the Orchestrator Configuration
- Configuring web.config
- Configuring appSettings
- Configuring Storage
- Azure/Amazon S3 Storage Buckets
- Configuring NLog
- Configuring credential stores
- Configuring encryption key
- Configuring encryption key per tenant
- Step 5: Recreating cluster_config.json
- Step 6: Reconnecting Robots