- Overview
- Requirements
- Installation
- Prerequisite checks
- Configuring the OCI-compliant registry
- Output example: prerequisite check
- Output example: Automation Suite installation
- Downloading the installation packages
- uipathctl cluster
- uipathctl cluster maintenance
- uipathctl cluster maintenance disable
- uipathctl cluster maintenance enable
- uipathctl cluster maintenance is-enabled
- uipathctl cluster migration
- uipathctl cluster migration export
- uipathctl cluster migration import
- uipathctl cluster migration run
- uipathctl cluster upgrade
- uipathctl config
- uipathctl config add-host-admin
- uipathctl config additional-ca-certificates
- uipathctl config additional-ca-certificates get
- uipathctl config additional-ca-certificates update
- uipathctl config alerts
- uipathctl config alerts add-email
- uipathctl config alerts remove-email
- uipathctl config alerts update-email
- uipathctl config argocd
- uipathctl config argocd ca-certificates
- uipathctl config argocd ca-certificates get
- uipathctl config argocd ca-certificates update
- uipathctl config argocd generate-dex-config
- uipathctl config argocd generate-rbac
- uipathctl config argocd registry
- uipathctl config argocd registry get
- uipathctl config argocd registry update
- uipathctl config enable-basic-auth
- uipathctl config orchestrator
- uipathctl config orchestrator get-config
- uipathctl config orchestrator update-config
- uipathctl config saml-certificates get
- uipathctl config saml-certificates rotate
- uipathctl config saml-certificates update
- uipathctl config tls-certificates
- uipathctl config tls-certificates get
- uipathctl config tls-certificates update
- uipathctl config token-signing-certificates
- uipathctl config token-signing-certificates get
- uipathctl config token-signing-certificates rotate
- uipathctl config token-signing-certificates update
- uipathctl health
- uipathctl health bundle
- uipathctl health check
- uipathctl health diagnose
- uipathctl health test
- uipathctl manifest
- uipathctl manifest apply
- uipathctl manifest diff
- uipathctl manifest get
- uipathctl manifest get-revision
- uipathctl manifest list-applications
- uipathctl manifest list-revisions
- uipathctl manifest render
- uipathctl prereq
- uipathctl prereq create
- uipathctl prereq run
- uipathctl resource
- uipathctl resource report
- uipathctl snapshot
- uipathctl snapshot backup
- uipathctl snapshot backup create
- uipathctl snapshot backup disable
- uipathctl snapshot backup enable
- uipathctl snapshot delete
- uipathctl snapshot list
- uipathctl snapshot restore
- uipathctl snapshot restore create
- uipathctl snapshot restore delete
- uipathctl snapshot restore history
- uipathctl snapshot restore logs
- uipathctl version
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite on EKS/AKS
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Orchestrator
- Step 7: Migrating standalone Insights
- Step 8: Deleting the default tenant
- B) Single tenant migration
- Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Using the Orchestrator Configurator Tool
- Configuring Orchestrator parameters
- Orchestrator appSettings
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Troubleshooting
Configuring the OCI-compliant registry
In offline installations, you need a registry compliant with OCI (Open Container Initiative) to store the container images and deployment Helm charts.
There are two ways to upload the Automation Suite artifacts to the external OCI-compliant registry:
- Option A: By mirroring your OCI-compliant registry with the UiPath® registry;
- Option B: By hydrating your OCI-compliant registry with the offline bundle.
The following table compares the two options to upload the artifacts to the registry so that you can choose the one that suits your needs:
Option A: Mirroring the registry |
Option B: Hydrating the registry |
---|---|
Copies the artifacts from the UiPath® registry to any target registry. |
Uses the offline tarball to untar and upload the artifacts to the target registry. |
Requires Docker and Helm tools. |
Requires Podman and Helm tools. |
Requires internet access to copy the artifacts from the UiPath® registry to the target registry. |
Requires internet access only to download the offline tarball to the jump server. Uploading the tarball does not require internet access. |
Requires a temporary space to cache the images during the copying method. This space is usually configured during the Docker
installation. The default location is
/var/lib/docker .
|
Requires a temporary space to extract the tarball and a temporary space for Podman to load the images. The location of the tarball extraction must be provided during the hydration step. The Podman location can be
/var/tmp , which must have adequate storage available.
|
The required storage capacity for the
/var/lib/docker directory is around 128 GiB.
|
The required storage capacity for the extraction is around 200 GiB, and
/var/tmp must be 256 GiB.
|
This method requires internet access on the jump machine from which you upload the Automation Suite artifacts onto your OCI-compliant registry.
Prerequisites for mirroring the UiPath® registry
To mirror the UiPath® registry, you need the following:
-
a VM running a Linux distribution (recommended) or a laptop (not recommended);
-
a Docker client authenticated with the private registry;
-
Helm 3.8 or newer authenticated with the private registry;
-
as-images.txt
; -
as-helm-charts.txt
; -
mirror-registry.sh
; -
outbound connectivity to
registry.uipath.com
; -
128 GiB of free disk space for Docker under the
/var/lib/docker
partition on the machine from which you upload the container images and charts.
Installing Docker and Helm
You must have Docker and Helm installed and authenticated on the machine from which you plan to upload the Automation Suite container images and charts to your registry.
-
To download the Docker binaries, see the official documentation.
-
To authenticate the Docker registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
docker login my.registry.io:443 --username "admin" --password "secret"
docker login my.registry.io:443 --username "admin" --password "secret" -
To download the Helm binaries, see the official documentation.
-
To authenticate the Helm registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
helm registry login my.registry.io:443 --username "admin" --password "secret"
helm registry login my.registry.io:443 --username "admin" --password "secret"
Downloading as-images.txt
as-images.txt
, see Downloading installation bundles.
Downloading as-helm-charts.txt
as-helm-charts.txt
, see Downloading installation bundles.
Downloading the optional Document Understanding bundles
To download the optional Document Understanding bundles, see Document Understanding documentation.
Downloading mirror-registry.sh
mirror-registry.sh
script, see Downloading the installation packages.
Uploading the Automation Suite images to your registry
mirror-registry.sh
script requires outbound connectivity to the source (default registry.uipath.com
) and target registries.
mirror-registry.sh
script does not perform authentication to the registry. It is assumed that you have already authenticated to the registry.
Flag |
Environment variable |
Description |
---|---|---|
|
|
Mandatory. Path to the image manifest file. |
|
|
Mandatory. Path to the Helm chart manifest file. |
|
|
Mandatory. Pass the URL for the target registry. |
|
|
Optional. Pass the URL for the source registry; the default is
registry.uipath.com .
|
-
Ensure that you have the necessary permissions to execute the shell script, by running the following command:
chmod +x mirror-registry.sh
chmod +x mirror-registry.sh -
Upload the Automation Suite images to your registry, by running the following command:
./mirror-registry.sh --target-registry-url my.registry.io:443 --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txt
./mirror-registry.sh --target-registry-url my.registry.io:443 --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txtNote: For registries, such as Harbor, which require using a project, make sure you append the project name to the target registry URL you include in the command, as shown in the following example:./mirror-registry.sh --target-registry-url my.registry.io:443/myproject --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txt
./mirror-registry.sh --target-registry-url my.registry.io:443/myproject --source-registry-url registry.uipath.com --images-manifest /home/myuser/as-images.txt --helm-charts-manifest /home/myuser/as-helm-charts.txt
This method only requires internet access on the jump machine to download the offline bundle. Once the bundle is available, you can upload to your OCI-compliant registry without an internet connection.
This method may also require additional space on the machine to un-tar and upload to your registry. In addition, this method may take longer than the mirroring approach.
Prerequisites for hydrating the registry
To hydrate the registry, you need the following:
- a VM running a Linux distribution is preferred over running the script on a laptop;
- ability to download and copy or somehow propagate the offline bundle to the VM;
- Helm 3.8 or newer authenticated with the private registry;
- Podman installed, configured, and authenticated with the private registry;
- 150 GiB of free disk space for Podman under
/var/lib/containers
for loading the containers locally before pushing them to the remote registry. You can change the default path by updating the location of the graphRoot path in the output of thepodman info
command. - Set the
TMP_DIR
environment variable as described in the official Podman documentation. as-cmk.tar.gz
Installing Podman and Helm
You must ensure you have Podman and Helm installed and authenticated on the machine from which you plan to upload the Automation Suite container images and charts to your registry.
- To download the Podman binaries, see the official documentation.
- To authenticate to the Podman registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
podman login my.registry.io:443 --username "admin" --password "secret"
podman login my.registry.io:443 --username "admin" --password "secret" - To download the Helm binaries, see the official documentation.
- To authenticate the Helm registry, see the official documentation. Alternatively, you can use the following command by replacing the sample credentials with your actual registry credentials:
helm registry login my.registry.io:443 --username "admin" --password "secret"
helm registry login my.registry.io:443 --username "admin" --password "secret"
Downloading as-cmk.tar.gz
as-cmk.tar.gz
, see Downloading installation bundles.
Downloading the optional Document Understanding bundles
To download optional Document Understanding bundles, see Document Understanding documentation.
Downloading hydrate-registry.sh
hydrate-registry.sh
script, see Downloading the installation packages.
Uploading the Automation Suite images to the registry
hydrate-registry.sh
script.
hydrate-registry.sh
script does not require outbound connectivity except with the target registries.
hydrate-registry.sh
script does not perform authentication to the registry. It is assumed that you have already authenticated to the registry.
Flag |
Description |
---|---|
|
Mandatory. Path to the offline bundle. |
|
Mandatory. Pass the URL for the target registry. |
|
The location to be used to untar the offline bundle. It can be either
/var/lib/containers or a custom location. Ensure you have a minimum of 100 GiB of storage. It is recommended to have 256 GiB of storage.
|
-
Ensure that we have the necessary permissions to execute the shell script, by running the following command:
chmod +x mirror-registry.sh
chmod +x mirror-registry.sh -
Upload the Automation Suite images to your registry by running the following command:
./hydrate-registry.sh --target-registry-url my.registry.io:443 --offline-bundle-path /path/to/as-cmk.tar.gz
./hydrate-registry.sh --target-registry-url my.registry.io:443 --offline-bundle-path /path/to/as-cmk.tar.gz
./hydrate-registry.sh --target-registry-url my.registry.io:443/myproject --offline-bundle-path /path/to/as-cmk.tar.gz
./hydrate-registry.sh --target-registry-url my.registry.io:443/myproject --offline-bundle-path /path/to/as-cmk.tar.gz