automation-suite
2023.4
false
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Automation Suite on EKS/AKS Installation Guide

Last updated Nov 21, 2024

Configuring input.json

The input.json file allows you to configure the UiPath products you want to deploy, the parameters, settings, and preferences applied to the selected products, and the settings of your cloud infrastructure. You must update this file to change the defaults and use any advanced configuration for your cluster.
Note:

Some products may have dependencies. For details, see Cross-product dependencies.

To edit input.json, you can use your favorite text editor on your client machine.

General parameters

Description

kubernetes_distribution

Specificy which Kubernetes distrubution you use. Can be aks or eks.

registries

URLs to pull the docker images and helm charts for UiPath products and Automation Suite.

registry.uipath.com

fqdn

The load balancer endpoint for Automation Suite

admin_username

The username that you would like to set as an admin for the host organization.

admin_password

The host admin password to be set.

profile

Default value, not changeable

  • ha: multi-node HA-ready production profile.

telemetry_optout

true or false - used to opt out of sending telemetry back to UiPath. It is set to false by default.
If you want to opt out, then set to true.
"kubernetes_distribution": "aks",

  "registries": {
    "docker": {
      "url": "registry.uipath.com"
    },
    "helm": {
      "url": "registry.uipath.com"
    }
  },
  "fqdn": "replace with your fqdn",
  
  "admin_username": "replace with your UiPath admin username",
  "admin_password": "replace with your UiPath admin password",
  
  "profile": "ha",
  
  "telemetry_optout": false"kubernetes_distribution": "aks",

  "registries": {
    "docker": {
      "url": "registry.uipath.com"
    },
    "helm": {
      "url": "registry.uipath.com"
    }
  },
  "fqdn": "replace with your fqdn",
  
  "admin_username": "replace with your UiPath admin username",
  "admin_password": "replace with your UiPath admin password",
  
  "profile": "ha",
  
  "telemetry_optout": false

UiPath® products

You can enable and disable products in Automation Suite at the time of installation and at any point post-installation. For more details on each product configuration, see Managing products.

Orchestrator example:

"orchestrator": {
  "enabled": true,
  "external_object_storage": {
    "bucket_name": "uipath-as-orchestrator"
  },
  "testautomation": {
    "enabled": true
  },
  "updateserver": {
    "enabled": true
  }"orchestrator": {
  "enabled": true,
  "external_object_storage": {
    "bucket_name": "uipath-as-orchestrator"
  },
  "testautomation": {
    "enabled": true
  },
  "updateserver": {
    "enabled": true
  }

Bring your own components

Automation Suite allows you to bring your own Gatekeeper (and OPA Policies), Cert Manager, Monitoring, and Logging components. If you choose to exclude these components, ensure that you have these present in your cluster before installing Automation Suite.

In the following below, all components are excluded. However, you can remove the ones you would like Automation Suite to provision.

"exclude_components": [
    "gatekeeper",
    "opa-policies",
    "network-policies",
    "cert-manager",
    "monitoring",
    "logging",
    "velero"
  ]  "exclude_components": [
    "gatekeeper",
    "opa-policies",
    "network-policies",
    "cert-manager",
    "monitoring",
    "logging",
    "velero"
  ]

Certificate configuration

If no certificate is provided at the time of installation, the installer creates self-issued certificates and configures them in the cluster.

Note:
Make sure to specify the absolute path for the certificate files. Run pwd to get the path of the directory where files are placed and append the certificate file name to the input.json.

Parameter

Description

server_certificate.ca_cert_file

Absolute path to the Certificate Authority (CA) certificate. This CA is the authority that signs the TLS certificate. A CA bundle must contain only the chain certificates used to sign the TLS certificate. The chain limit is nine certificates.

If you use a self-signed certificate, you must specify the path to rootCA.crt, which you previously created. Leave blank if you want the installer to generate ir.

server_certificate.tls_cert_file

Absolute path to the TLS certificate (server.crt is the self-signed certificate). Leave blank if you want the installer to generate it.

server_certificate.tls_key_file

Absolute path to the certificate key (server.key is the self-signed certificate). Leave blank if you want the installer to generate it.

identity_certificate.token_signing_cert_file

Absolute path to the identity token signing certificate used to sign tokens (identity.pfx is the self-signed certificate). Leave blank if you want the installer to generate an identity certificate using the server certificate.

identity_certificate.token_signing_cert_pass

Plain text password set when exporting the identity token signing certificate.

additional_ca_certs

Absolute path to the file containing the additional CA certificates that you want to be trusted by all the services running as part of Automation Suite. All certificates in the file must be in valid PEM format.

For example, you need to provide the file containing the SQL server CA certificate if the certificate is not issued by a public certificate authority.

Infrastructure prerequisites

You must provide configurations details of the prerequisites that you configured on Azure or AWS. For input.json parameter requirements, see the following prerequisite sections:

Orchestrator-specific configuration

Orchestrator can save robot logs to an Elasticsearch server. You can configure this functionality in the orchestrator.orchestrator_robot_logs_elastic section. If not provided, robot logs are saved to Orchestrator's database.
The following table lists out the orchestrator.orchestrator_robot_logs_elastic parameters:

Parameter

Description

orchestrator_robot_logs_elastic

Elasticsearch configuration.

elastic_uri

The address of the Elasticsearch instance that should be used. It should be provided in the form of a URI. If provided, then username and password are also required.

elastic_auth_username

The Elasticsearch username, used for authentication.

elastic_auth_password

The Elasticsearch password, used for authentication.

Insights-specific configuration

If enabling Insights, users can include SMTP server configuration that will be used to send scheduled emails/alert emails. If not provided, scheduled emails and alert emails will not function.

The insights.smtp_configuration fields details:

Parameter

Description

tls_version

Valid values are TLSv1_2, TLSv1_1, SSLv23. Omit key altogether if not using TLS.

from_email

Address that alert/scheduled emails will be sent from.

host

Hostname of the SMTP server.

port

Port of the SMTP server.

username

Username for SMTP server authentication.

password

Password for SMTP server authentication.

enable_realtime_monitoringFlag to enable Insights Real-time monitoring. Valid values are true, false. Default value is false.

Example

"insights": {
    "enabled": true,
    "enable_realtime_monitoring": true,
    "smtp_configuration": {
      "tls_version": "TLSv1_2",
      "from_email": "test@test.com",
      "host": "smtp.sendgrid.com",
      "port": 587,
      "username": "login",
      "password": "password123"
    }
  }"insights": {
    "enabled": true,
    "enable_realtime_monitoring": true,
    "smtp_configuration": {
      "tls_version": "TLSv1_2",
      "from_email": "test@test.com",
      "host": "smtp.sendgrid.com",
      "port": 587,
      "username": "login",
      "password": "password123"
    }
  }

Process Mining-specific configuration

If enabling Process Mining, we recommend users to specify a SECONDARY SQL server to act as a data warehouse that is separate from the primary Automation Suite SQL Server. The data warehouse SQL Server will be under heavy load and can be configured in the processmining section:

Parameter

Description

sql_connection_str

DotNet formatted connection string with database set as a placeholder: Initial Catalog=DB_NAME_PLACEHOLDER.

sqlalchemy_pyodbc_sql_connection_str

Sqlalchemy PYODBC formatted connection string for custom airflow metadata database location: sqlServer:1433/DB_NAME_PLACEHOLDER.

Example:

mssql+pyodbc://testadmin%40myhost:mypassword@myhost:1433/AutomationSuite_Airflow?driver=ODBC+Driver+17+for+SQL+Server&TrustServerCertificate=YES&Encrypt=YES

where

user: testadmin%40myhost
Note:

If there is '@' in user name it has to be urlencoded to %40

Example: (SQL Server setup with Kerberos authentication)

mssql+pyodbc://:@assql2019.autosuitead.local:1433/AutomationSuite_ProcessMining_Warehouse?driver=ODBC+Driver+17+for+SQL+Server&TrustServerCertificate=YES&Encrypt=YES&Trusted_Connection=yes

warehouse.sql_connection_str

DotNet formatted SQL connection string to the processmining data warehouse SQL Server with placeholder for dbname:

Initial Catalog=DB_NAME_PLACEHOLDER.

warehouse.sqlalchemy_pyodbc_sql_connection_str

Sqlalchemy PYODBC formatted SQL connection string to the processmining data warehouse SQL Server with placeholder for dbname:

sqlServer:1433/DB_NAME_PLACEHOLDER.

warehouse.master_sql_connection_str

If the installer is creating databases through sql.create_db: true setting, a DotNet formatted master SQL connection string must be provided for the processmining data warehouse SQL Server. Database in the connection string must be set as master.

Sample Process Mining connection string

"processmining": {
    "enabled": true,
    "app_security_mode": "system_managed",
    "sql_connection_str": "Server=tcp:shared_sqlserver_fqdn,1433;Initial Catalog=AutomationSuite_ProcessMining_Metadata;Persist Security Info=False;User Id=username;Password='password';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;Max Pool Size=100;",
    "sqlalchemy_pyodbc_sql_connection_str": "mssql+pyodbc://username:password@shared_sqlserver_fqdn:1433/AutomationSuite_Airflow?driver=ODBC+Driver+17+for+SQL+Server&TrustServerCertificate=YES&Encrypt=YES",
    "warehouse": {
      "sql_connection_str": "Server=tcp:dedicated_sqlserver_fqdn,1433;Initial Catalog=AutomationSuite_ProcessMining_Warehouse;Persist Security Info=False;User Id=username;Password='password';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;Max Pool Size=100;",
      "sqlalchemy_pyodbc_sql_connection_str": "mssql+pyodbc://useername:password@dedicated_sqlserver_fqdn:1433/AutomationSuite_ProcessMining_Warehouse?driver=ODBC+Driver+17+for+SQL+Server&TrustServerCertificate=YES&Encrypt=YES",
      "master_sql_connection_str": "Server=tcp:dedicated_sqlserver_fqdn,1433;Initial Catalog=master;Persist Security Info=False;User Id=username;Password='password';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;Max Pool Size=100;"
    },
    "blob_storage_account_use_presigned_uri": true
  }, "processmining": {
    "enabled": true,
    "app_security_mode": "system_managed",
    "sql_connection_str": "Server=tcp:shared_sqlserver_fqdn,1433;Initial Catalog=AutomationSuite_ProcessMining_Metadata;Persist Security Info=False;User Id=username;Password='password';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;Max Pool Size=100;",
    "sqlalchemy_pyodbc_sql_connection_str": "mssql+pyodbc://username:password@shared_sqlserver_fqdn:1433/AutomationSuite_Airflow?driver=ODBC+Driver+17+for+SQL+Server&TrustServerCertificate=YES&Encrypt=YES",
    "warehouse": {
      "sql_connection_str": "Server=tcp:dedicated_sqlserver_fqdn,1433;Initial Catalog=AutomationSuite_ProcessMining_Warehouse;Persist Security Info=False;User Id=username;Password='password';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;Max Pool Size=100;",
      "sqlalchemy_pyodbc_sql_connection_str": "mssql+pyodbc://useername:password@dedicated_sqlserver_fqdn:1433/AutomationSuite_ProcessMining_Warehouse?driver=ODBC+Driver+17+for+SQL+Server&TrustServerCertificate=YES&Encrypt=YES",
      "master_sql_connection_str": "Server=tcp:dedicated_sqlserver_fqdn,1433;Initial Catalog=master;Persist Security Info=False;User Id=username;Password='password';MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;Max Pool Size=100;"
    },
    "blob_storage_account_use_presigned_uri": true
  },
Attention:

When setting up Microsoft SQL Server make sure that the timezone of the SQL Server machine where the Airflow database and a dedicated Process Mining database are installed, is set to UTC.

Attention:

When configuring the connection strings for the processmining data warehouse SQL Server, the named instance of the SQL Server should be omitted.

Named instances of SQL Server cannot operate on the same TCP port. Therefore, the port number alone is sufficient to distinguish between instances.

For example, use tcp:server,1445 instead of tcp:server\namedinstance,1445.
Important: Note that the names for template PYODBC connection string sql_connection_string_template_sqlalchemy_pyodbc and the PYODBC connection string sqlalchemy_pyodbc_sql_connection_str used when you bring your own database are different. Also connection string names are different for the template SQL sql_connection_string_template and sql_connection_str used when you bring your own database.
Important:
If you bring your own database and you configured this using the sql_connection_str and sqlalchemy_pyodbc_sql_connection_str connection strings in the processmining section of the input.jsonfile, the template connection strings sql_connection_string_template and sql_connection_string_template_sqlalchemy_pyodbc are ignored if specified.
Important:
You must use the default server port 1433 for the following databases:
  • warehouse.sql_connection_str
  • warehouse.sqlalchemy_pyodbc_sql_connection_str
  • warehouse.master_sql_connection_str

Non-standard SQL server ports are not supported.

Automation Suite Robots-specific configuration

Automation Suite Robots can use package caching to optimize your process runs and allow them to run faster. NuGet packages are fetched from the filesystem instead of being downloaded from the Internet/network. This requires an additional space of minimum 10GiB and should be allocated to a folder on the host machine filesystem of the dedicated nodes.

To enable package caching, you need to update the following input.json parameters:

Parameter

Default value

Description

packagecaching

true

When set to true, robots use a local cache for package resolution.

packagecachefolder

/uipath_asrobots_package_cache

The disk location on the serverless agent node where the packages are stored.

AI Center-specific configuration

For AI Center to function properly, you must configure the aicenter.external_object_storage.port and aicenter.external_object_storage.fqdn parameters in the input.json file.
Note: You must configure the parameters in the aicenter section of the input.json file even if you have configured the external_object_storage section of the file.
The following sample shows a valid input.json configuration for AI Center:
"aicenter": {
  "external_object_storage" {
    "port": 443,
    "fqdn": "s3.us-west-2.amazonaws.com"
  }
},
"external_object_storage": {
  "enabled": true,
  "create_bucket": false,
  "storage_type": "s3", 
  "region": "us-west-2", 
  "use_instance_profile": true
}
..."aicenter": {
  "external_object_storage" {
    "port": 443,
    "fqdn": "s3.us-west-2.amazonaws.com"
  }
},
"external_object_storage": {
  "enabled": true,
  "create_bucket": false,
  "storage_type": "s3", 
  "region": "us-west-2", 
  "use_instance_profile": true
}
...

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2025 UiPath. All rights reserved.