- Overview
- Requirements
- Root privileges requirements
- High Availability – three availability zones
- Certificate Requirements
- Network Requirements
- Installation
- Post-installation
- Cluster administration
- Managing products
- Managing the cluster in ArgoCD
- Setting up the external NFS server
- Automated: Enabling the Backup on the Cluster
- Automated: Disabling the Backup on the Cluster
- Automated, Online: Restoring the Cluster
- Automated, Offline: Restoring the Cluster
- Manual: Enabling the Backup on the Cluster
- Manual: Disabling the Backup on the Cluster
- Manual, Online: Restoring the Cluster
- Manual, Offline: Restoring the Cluster
- Additional configuration
- Migrating objectstore from persistent volume to raw disks
- Monitoring and alerting
- Migration and upgrade
- Migration options
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Insights
- Step 7: Deleting the default tenant
- B) Single tenant migration
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to Troubleshoot Services During Installation
- How to Uninstall the Cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bundle
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to automatically clean up Longhorn snapshots
- How to disable TX checksum offloading
- How to address weak ciphers in TLS 1.2
- Unable to run an offline installation on RHEL 8.4 OS
- Error in Downloading the Bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- First installation fails during Longhorn setup
- SQL connection string validation error
- Prerequisite check for selinux iscsid module fails
- Azure disk not marked as SSD
- Failure After Certificate Update
- Automation Suite not working after OS upgrade
- Automation Suite Requires Backlog_wait_time to Be Set 1
- Volume unable to mount due to not being ready for workloads
- RKE2 fails during installation and upgrade
- Failure to upload or download data in objectstore
- PVC resize does not heal Ceph
- Failure to Resize Objectstore PVC
- Rook Ceph or Looker pod stuck in Init state
- StatefulSet volume attachment error
- Failure to create persistent volumes
- Storage reclamation patch
- Backup failed due to TooManySnapshots error
- All Longhorn replicas are faulted
- Setting a timeout interval for the management portals
- Update the underlying directory connections
- Cannot Log in After Migration
- Kinit: Cannot Find KDC for Realm <AD Domain> While Getting Initial Credentials
- Kinit: Keytab Contains No Suitable Keys for *** While Getting Initial Credentials
- GSSAPI Operation Failed With Error: An Invalid Status Code Was Supplied (Client's Credentials Have Been Revoked).
- Alarm Received for Failed Kerberos-tgt-update Job
- SSPI Provider: Server Not Found in Kerberos Database
- Login Failed for User <ADDOMAIN><aduser>. Reason: The Account Is Disabled.
- ArgoCD login failed
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis Probe Failure
- RKE2 Server Fails to Start
- Secret Not Found in UiPath Namespace
- After the Initial Install, ArgoCD App Went Into Progressing State
- MongoDB pods in CrashLoopBackOff or pending PVC provisioning after deletion
- Unexpected Inconsistency; Run Fsck Manually
- Degraded MongoDB or Business Applications After Cluster Restore
- Missing Self-heal-operator and Sf-k8-utils Repo
- Unhealthy Services After Cluster Restore or Rollback
- RabbitMQ pod stuck in CrashLoopBackOff
- Prometheus in CrashloopBackoff state with out-of-memory (OOM) error
- Missing Ceph-rook metrics from monitoring dashboards
- Using the Automation Suite Diagnostics Tool
- Using the Automation Suite Support Bundle Tool
- Exploring Logs
Certificate Requirements
Automation Suite requires two certificates at the time of installation.
- Server certificate – required for TLS communication between the client and the cluster;
- Identity token-signing certificate – required to sign the authentication token.
The installation process generates self-signed certificates on your behalf. These certificates will expire in 90 days, and you must replace them with certificates signed by a trusted Certificate Authority (CA) as soon as installation completes. If you do not update the certificates, the installation will stop working after 90 days.
Aside from the above certificates, you may need to provide additional trusted CA certificates if you want the cluster to trust external services. Example: SQL Server CA Certificate, SMTP Server CA Certificate, etc.
For instructions, see Managing certificates.
The server certificate must meet the following requirements:
- File format should be
.pem
, i.e., Base64 encoded DER certificate; - Private key length should be at least 2048;
- Extended Key Usage: TLS Web Server Authentication; required for accessing Automation Suite on iOS devices;
- Certificate key must be decrypted. If the key is encrypted, run the following command to decrypt it:
# replace /path/to/encrypted/cert/key to absolute file path of key # replace /path/to/decrypt/cert/key to store decrypt key # Once prompted, please entry the passphrase or password to decrypt the key openssl rsa -in /path/to/encrypted/cert/key -out /path/to/decrypt/cert/key
# replace /path/to/encrypted/cert/key to absolute file path of key # replace /path/to/decrypt/cert/key to store decrypt key # Once prompted, please entry the passphrase or password to decrypt the key openssl rsa -in /path/to/encrypted/cert/key -out /path/to/decrypt/cert/key - Should have Subject Alternative Name for all the DNS entries required for installing Automation Suite. If the FQDN for the
cluster is
automationsuite.mycompany.com
, the certificate SAN should have the following DNS:automationsuite.mycompany.com
*.automationsuite.mycompany.com
Note:Alternatively, if the*
wildcard is too generic, make sure you have SAN entries for the following DNS:automationsuite.mycompany.com
alm.automationsuite.mycompany.com
monitoring.automationsuite.mycompany.com
registry.automationsuite.mycompany.com
objectstore.automationsuite.mycompany.com
insights.automationsuite.mycompany.com
Automation Suite requires three files at the time of installation, as follows:
- Server / TLS certificate file — the server’s public certificate file. This file must contain only the leaf server certificate.
- Server / TLS key file — private key file for the server certificate.
- Certificate Authority Bundle — this is the Public Certificate of CA which is used to sign or issue the server certificate. This file must contain both root and all intermediate certificates if present.
To verify the CA and Server certificate, run the following command on the Linux machine:
# Please replace /path/to/ca-certificate-bundle and /path/to/server-certificate with actual file path.
openssl verify -CAfile /path/to/ca-certificate-bundle /path/to/server-certificate
# Please replace /path/to/ca-certificate-bundle and /path/to/server-certificate with actual file path.
openssl verify -CAfile /path/to/ca-certificate-bundle /path/to/server-certificate
Automation Suite has the following requirements in terms of token-signing certificates at the time of installation:
- File format should be
pkcs12
to sign the authentication token; - Password for signing the certificate is requires.
If an identity token signing certificate is not provided, Automation Suite uses the server certificates to generate the one at the time of installation.