- Overview
- Requirements
- Installation
- Prerequisite checks
- Downloading the installation packages
- uipathctl cluster
- uipathctl cluster maintenance
- uipathctl cluster maintenance disable
- uipathctl cluster maintenance enable
- uipathctl cluster maintenance is-enabled
- uipathctl cluster migration
- uipathctl cluster migration export
- uipathctl cluster migration import
- uipathctl cluster migration run
- uipathctl cluster upgrade
- uipathctl config
- uipathctl config add-host-admin
- uipathctl config additional-ca-certificates
- uipathctl config additional-ca-certificates get
- uipathctl config additional-ca-certificates update
- uipathctl config alerts
- uipathctl config alerts add-email
- uipathctl config alerts remove-email
- uipathctl config alerts update-email
- uipathctl config argocd
- uipathctl config argocd ca-certificates
- uipathctl config argocd ca-certificates get
- uipathctl config argocd ca-certificates update
- uipathctl config argocd generate-dex-config
- uipathctl config argocd generate-rbac
- uipathctl config argocd registry
- uipathctl config argocd registry get
- uipathctl config argocd registry update
- uipathctl config enable-basic-auth
- uipathctl config orchestrator
- uipathctl config orchestrator get-config
- uipathctl config orchestrator update-config
- uipathctl config saml-certificates get
- uipathctl config saml-certificates rotate
- uipathctl config saml-certificates update
- uipathctl config tls-certificates
- uipathctl config tls-certificates get
- uipathctl config tls-certificates update
- uipathctl config token-signing-certificates
- uipathctl config token-signing-certificates get
- uipathctl config token-signing-certificates rotate
- uipathctl config token-signing-certificates update
- uipathctl health
- uipathctl health bundle
- uipathctl health check
- uipathctl health diagnose
- uipathctl health test
- uipathctl manifest
- uipathctl manifest apply
- uipathctl manifest diff
- uipathctl manifest get
- uipathctl manifest get-revision
- uipathctl manifest list-applications
- uipathctl manifest list-revisions
- uipathctl manifest render
- uipathctl prereq
- uipathctl prereq create
- uipathctl prereq run
- uipathctl resource
- uipathctl resource report
- uipathctl snapshot
- uipathctl snapshot backup
- uipathctl snapshot backup create
- uipathctl snapshot backup disable
- uipathctl snapshot backup enable
- uipathctl snapshot delete
- uipathctl snapshot list
- uipathctl snapshot restore
- uipathctl snapshot restore create
- uipathctl snapshot restore delete
- uipathctl snapshot restore history
- uipathctl snapshot restore logs
- uipathctl version
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite on EKS/AKS
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Orchestrator
- Step 7: Migrating standalone Insights
- Step 8: Deleting the default tenant
- B) Single tenant migration
- Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Using the Orchestrator Configurator Tool
- Configuring Orchestrator parameters
- Orchestrator appSettings
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Troubleshooting
- The backup setup does not work due to a failure to connect to Azure Government
- Pods in the uipath namespace stuck when enabling custom node taints
- Unable to launch Automation Hub and Apps with proxy setup
- Pods cannot communicate with FQDN in a proxy environment
- Test Automation SQL connection string is ignored
Step 6: Migrating standalone Orchestrator
To migrate standalone Orchestrator to Automation Suite, you must gather settings and various files from the standalone installation and apply them to the Automation Suite installation.
To specify a custom maximum request size, see Configuring the maximum request size.
appSettings
or secureAppSettings
section of the UiPath.Orchestrator.dll.config
file, you must add your custom configuration to the orchestrator-customconfig
config map.
appSettings
you must migrate and which not, see Orchestrator appSettings.
appSettings
to Orchestrator, see Configuring appSettings.
By default, Orchestrator in Automation Suite uses the cluster-level storage configuration. The recommended configuration is external storage, where all tenants are stored in one bucket of a storage provider. The supported storage providers are Azure, S3, and MinIO.
To migrate FileSystem storage to cluster storage in Automation Suite, see Uploading files to storage.
To connect existing storage of type Azure, AWS S3, or S3-compatible (MinIO) to Orchestrator in Automation Suite, see Configuring Azure/Amazon S3 storage buckets. In this configuration, Orchestrator does not use the same storage as the other services in the cluster. Make sure to disconnect your previous Orchestrator from the storage account prior to configuring it with the Automation Suite, as this would prevent any potential data loss.
You must review the NLog section of the configuration file and build the NLog custom configuration.
To enable robot logs storage in Elasticsearch, see Saving robot logs to elasticsearch
To add plugins and perform advanced NLog configuration, see Configuring NLog.
To migrate custom plugins for credential stores to Automation Suite, update the configuration in the config map, and copy the plugins assemblies to the corresponding object store bucket.
The following credential stores plugins are deployed to Orchestrator in Automation Suite:
UiPath.Orchestrator.AzureKeyVault.SecureStore.dll
UiPath.Orchestrator.SecureStore.CyberArkCCP.dll
Automation Suite does not support CyberArk AIM, so you cannot migrate it. We recommend migrating to the CyberArkCCP credential store instead.
For details on the credential store configuration in Orchestrator, see Configuring credential stores.
By default, at installation time, Orchestrator generates an encryption key to be used for sensitive information in the database. You must migrate this key if you want to reuse a database on a new Orchestrator deployment.
To migrate and update the encryption key, take the following steps:
- Decrypt the
secureAppSettings
section of theUiPath.Orchestrator.dll.config
file, if needed. For details, see Encrypting UiPath.Orchestrator.dll.config Sections. - Retrieve the encryption key from
UiPath.Orchestrator.dll.config
. For details, see EncryptionKey. - Replace the encryption key in the
orchestrator-generated-secrets
Kubernetes secret by overwriting the value ofAPPSETTINGS__EncryptionKey
. To do this, run the following command:ENCRYPT_KEY=$(echo <key>|base64 -w 0) kubectl -n uipath patch secret orchestrator-generated-secrets --type='json' \ -p="[{'op': 'replace', 'path': '/data/APPSETTINGS__EncryptionKey', 'value':'$ENCRYPT_KEY'}]"
ENCRYPT_KEY=$(echo <key>|base64 -w 0) kubectl -n uipath patch secret orchestrator-generated-secrets --type='json' \ -p="[{'op': 'replace', 'path': '/data/APPSETTINGS__EncryptionKey', 'value':'$ENCRYPT_KEY'}]"Note: Make sure to replace<key>
with the value of the key retrieved fromUiPath.Orchestrator.dll.config
.
The encryption key certificate is installed in the Windows certificate store. You must provide the certificate to the Automation Suite environment so that it becomes available to the Orchestrator pods.
CertificatesStoreLocation
and Azure.KeyVault.CertificateThumbprint
settings are no longer required in Automation Suite, but you can use CertificatePassword
if needed.
appSettings
the connection settings for the Azure Key Vault:
Azure.KeyVault.VaultAddress
Azure.KeyVault.ClientId
Azure.KeyVault.DirectoryId
To configure the encryption key per tenant, see Configuring encryption key per tenant.