automation-suite
2023.4
false
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT
Automation Suite on EKS/AKS Installation Guide
Last updated Nov 21, 2024

Updating credentials

Guidelines

To update credentials for the different Automation Suite components, take the following steps:

  1. Generate the input.json file.
  2. Provide the new credentials for the given components in the input.json as described in each component section.
  3. Run the uipathctl CLI as described in each component section.

Generating the input.json file

Generate the latest input.json file as follows:
  • A: Run the following command to get the latest revision of your input.json file:
    uipathctl manifest get-revisionuipathctl manifest get-revision
  • B: Run the following command to list all the past input.json files and determine the one you wish to choose:
    uipathctl manifest list-revisionsuipathctl manifest list-revisions

Guidelines

Updating the SQL connection strings

There are multiple scenarios where you may want to update the connection string used by Automation Suite products to connect to the SQL database, such as the following:

  • When periodically rotating the password used to connect to the database, for security and compliance;
  • When changing the FQDN for the SQL server;
  • When migrating the database to another SQL server for maintenance purposes;
  • When adding, modifying, or removing one or more connection attributes, such as MultiSubnetFailover;
  • When switching from basic authentication to integrated authentication using Kerberos and AD.
    Important:

    Products in Automation Suite do not create tables or schema at the time of updating the SQL database connection string. Make sure your new connection string refers to the same database that you currently use.

    To avoid downtime during the update process, make sure that your current connection string is valid at the time of the update process. You can revoke your old connection string after the update.

Updating the connection strings for installed products

To update the connection string for installed products in Automation Suite, connect to any of the server nodes and perform the following operations.
  1. Generate the input.json file.
  2. Provide the new connection strings for the installed products in the input.json.
  3. Run uipathctl.

Providing the new connection strings for installed products

There are two ways to provide the connection strings for products running in Automation Suite:

  • A: Provide a connection string template that will be common to all the products running in Automation Suite. This approach will assume the default database names for all the products.

  • B: Provide connection strings specific to each product.

Important:

Make sure you escape NET, JDBC, or ODBC passwords as follows:

  • for NET: add ' at the beginning and end of the password, and double any other '.
  • for JDBC/ODBC: add { at the beginning of the password and } at the end, and double any other }.

If you set TrustServerCertificate=False, then you may have to provide an additional CA certificate for the SQL Server. This is required if the SQL Server certificate is self-signed or signed by an internal CA. For details, see Updating the CA certificates.

A: Providing a common connection string for all products

All the products running in Automation Suite refer to a common template connection string. One use case for choosing this method would be when you want to change the password for all the products at once. Note that, in this case, the password will be the same for all the products.

In this scenarios, the database names for all products must be the default ones, as required by Automation Suite. If the database names you configured do not meet the Automation Suite requirements, follow the next step.

Tip: Check the list of databases and their default names in SQL database.

The following table explains which template format the product services accept:

Parameter

Description

Products

sql_connection_string_template

Full ADO.NET connection string where Catalog name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

Platform, Orchestrator, Automation Suite Robots, Test Manager, Automation Hub, Automation Ops, Insights, Task Mining, Data Service, Process Mining

sql_connection_string_template_jdbc

Full JDBC connection string where database name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

AI Center

sql_connection_string_template_odbc

Full ODBC connection string where database name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

Document Understanding, Apps

sql_connection_string_template_sqlalchemy_pyodbcFull SQL alchemy PYODBC connection string where database name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

Process Mining

sql_connection_string_template example

Server=tcp:sfdev1804627-c83f074b-sql.database.windows.net:1433;Initial Catalog=DB_NAME_PLACEHOLDER;Persist Security Info=False;User Id=testadmin;Password=***;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Max Pool Size=100;Server=tcp:sfdev1804627-c83f074b-sql.database.windows.net:1433;Initial Catalog=DB_NAME_PLACEHOLDER;Persist Security Info=False;User Id=testadmin;Password=***;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Max Pool Size=100;

sql_connection_string_template_jdbc example

jdbc:sqlserver://sfdev1804627-c83f074b-sql.database.windows.net:1433;database=DB_NAME_PLACEHOLDER;user=testadmin;password=***;encrypt=true;trustServerCertificate=false;Connection Timeout=30;hostNameInCertificate=sfdev1804627-c83f074b-sql.database.windows.net"jdbc:sqlserver://sfdev1804627-c83f074b-sql.database.windows.net:1433;database=DB_NAME_PLACEHOLDER;user=testadmin;password=***;encrypt=true;trustServerCertificate=false;Connection Timeout=30;hostNameInCertificate=sfdev1804627-c83f074b-sql.database.windows.net"

sql_connection_string_template_odbc example

SERVER=sfdev1804627-c83f074b-sql.database.windows.net,1433;DATABASE=DB_NAME_PLACEHOLDER;DRIVER={ODBC Driver 17 for SQL Server};UID=testadmin;PWD=***;MultipleActiveResultSets=False;Encrypt=YES;TrustServerCertificate=NO;Connection Timeout=30;"SERVER=sfdev1804627-c83f074b-sql.database.windows.net,1433;DATABASE=DB_NAME_PLACEHOLDER;DRIVER={ODBC Driver 17 for SQL Server};UID=testadmin;PWD=***;MultipleActiveResultSets=False;Encrypt=YES;TrustServerCertificate=NO;Connection Timeout=30;"
sql_connection_string_template_sqlalchemy_pyodbc example
"mssql+pyodbc://testadmin%40sfdev4515230-sql.database.windows.net:07%3Cl%5Bxj-%3D~%3Az%60Ds%26nl@sfdev4515230-sql.database.windows.net:1433/DB_NAME_PLACEHOLDER?driver=ODBC+Driver+17+for+SQL+Server""mssql+pyodbc://testadmin%40sfdev4515230-sql.database.windows.net:07%3Cl%5Bxj-%3D~%3Az%60Ds%26nl@sfdev4515230-sql.database.windows.net:1433/DB_NAME_PLACEHOLDER?driver=ODBC+Driver+17+for+SQL+Server"
Note: Update the input.json with the new connection string template you want to update.

B: Providing connection strings specific to each product

Platform

The Platform service provides administrative capabilities such as organization and tenant management, licensing management, user management, etc. The Platform service is enabled by default and cannot be removed. Its default database name is AutomationSuite_Platform.
To provide a connection string for the Platform service, add or update the following section in the input.json file:
"platform": {
  "sql_connection_str": "***" // dotnet connection string 
}"platform": {
  "sql_connection_str": "***" // dotnet connection string 
}

Orchestrator

The default database name for Orchestrator is AutomationSuite_Orchestrator.
To provide a connection string for the Orchestrator service, add or update the following section in the input.json file:
"orchestrator": {
  "sql_connection_str": "***" // dotnet connection string
}"orchestrator": {
  "sql_connection_str": "***" // dotnet connection string
}

Automation Suite Robots

Automation Suite Robots and Orchestrator share the same database by default. The database name is AutomationSuite_Orchestrator.
To provide a connection string for Automation Suite Robots, add or update the following section in the input.json file:
"asrobots": {
  "sql_connection_str": "***" // dotnet connection string
}"asrobots": {
  "sql_connection_str": "***" // dotnet connection string
}

Automation Hub

The default database name for Automation Hub is AutomationSuite_Automation_Hub.
To provide a connection string for the Automation Suite service, add or update the following section in the input.json file:
"automation_hub": {
  "sql_connection_str": "***" // dotnet connection string
}"automation_hub": {
  "sql_connection_str": "***" // dotnet connection string
}

Automation Ops

The default database name for Automation Ops is AutomationSuite_Platform.
To provide a connection string for the Automation Ops service, add or update the following section in the input.json file:
"automation_ops": {
  "sql_connection_str": "***" // dotnet connection string
}"automation_ops": {
  "sql_connection_str": "***" // dotnet connection string
}

AI Center

The default database name for AI Center is AutomationSuite_AICenter.
To provide a connection string for the AI Center service, add or update the following section in the input.json file:
"aicenter": {
  "sql_connection_str": "***" // jdbc connection string
}"aicenter": {
  "sql_connection_str": "***" // jdbc connection string
}

Apps

The default database name for Apps is AutomationSuite_Apps.
To provide a connection string for the Apps service, add or update the following section in the input.json file:
"apps": {
  "sql_connection_str": "***" // odbc connection string
}"apps": {
  "sql_connection_str": "***" // odbc connection string
}

Data Service

The default database name for Data Service is AutomationSuite_DataService.
To provide a connection string for the Data Service service, add or update the following section in the input.json file:
"dataservice": {
  "sql_connection_str": "***" // dotnet connection string
}"dataservice": {
  "sql_connection_str": "***" // dotnet connection string
}

Document Understanding

The default database name for Document Understanding is AutomationSuite_DU_Datamanager.
To provide a connection string for the Document Understanding service, add or update the following section in the input.json file:
"documentunderstanding": { 
"enabled": true,
"sql_connection_str": "***" // dotnet connection string,
"datamanager": {
 "sql_connection_str": "***" // odbc connection string
 }
}"documentunderstanding": { 
"enabled": true,
"sql_connection_str": "***" // dotnet connection string,
"datamanager": {
 "sql_connection_str": "***" // odbc connection string
 }
}

Insights

The default database name for Insights is AutomationSuite_Insights.
To provide a connection string for the Insights service, add or update the following section in the input.json file:
"insights": {
  "sql_connection_str": "***" // dotnet connection string
}"insights": {
  "sql_connection_str": "***" // dotnet connection string
}

Process Mining

The default database name for Process Mining is AutomationSuite_ProcessMining_Metadata.
To provide a connection string for the Process Mining service, add or update the following section in the input.json file:
"process_mining": {
  "enabled": true,
  "sql_connection_str": "***" // dotnet connection string
  "sqlalchemy_pyodbc_sql_connection_str": "", 
  "warehouse": {
     "sql_connection_str": "",
     "master_sql_connection_str": "",
     "sqlalchemy_pyodbc_sql_connection_str": ""
  }
}"process_mining": {
  "enabled": true,
  "sql_connection_str": "***" // dotnet connection string
  "sqlalchemy_pyodbc_sql_connection_str": "", 
  "warehouse": {
     "sql_connection_str": "",
     "master_sql_connection_str": "",
     "sqlalchemy_pyodbc_sql_connection_str": ""
  }
}

Task Mining

The default database name for Task Mining isAutomationSuite_Task_Mining.
To provide a connection string for the Task Mining service, add or update the following section in the input.json file:
"task_mining": {
  "sql_connection_str": "***" // dotnet connection string
}"task_mining": {
  "sql_connection_str": "***" // dotnet connection string
}

Test Manager

The default database name for Test Manager is AutomationSuite_Test_Manager .
To provide a connection string for the Test Manager service, add or update the following section in the input.json file:
"test_manager": {
  "sql_connection_str": "***" // dotnet connection string
}"test_manager": {
  "sql_connection_str": "***" // dotnet connection string
}

Running the uipathctl installer

To complete the update, run the uipathctl installer using the following command:
uipathctl manifest apply input.json --versions versions.jsonuipathctl manifest apply input.json --versions versions.json

Updating Redis credentials

Providing the new credentials for Redis

Update the following section in the input.json file with the new password and/or hostname:
"fabric": {
  "redis": {
    "hostname": "new_hostname",
    "password": "new_password",
    "port": 6380,
    "tls": true
  }"fabric": {
  "redis": {
    "hostname": "new_hostname",
    "password": "new_password",
    "port": 6380,
    "tls": true
  }

Running the uipathctl installer

To complete the update of the Redis credentials, run the uipathctl installer using the following command:
uipathctl manifest apply input.json --only redis --versions versions.jsonuipathctl manifest apply input.json --only redis --versions versions.json
Note:
You can use the dry-run flag with uipathctl to print the result of the command without applying it.

Updating objectstore credentials

Update the following section in the input.json file with the new access_key, secret_key or acount_key and account_name:
"external_object_storage": {
  "enabled": false, // <true/false>
  "create_bucket": true, // <true/false>
  "storage_type": "s3", // <s3,azure,aws>
  "fqdn": "",  // <needed in case of aws non instance profile>
  "port": 443, // <needed in case of aws non instance profile>
  "region": "", 
  "access_key": "", // <needed in case of aws non instance profile>
  "secret_key": "", // <needed in case of aws non instance profile>
  "use_managed_identity": false, // <true/false>
  "bucket_name_prefix": "",
  "bucket_name_suffix": "",
  "account_key": "", // <needed only when using non managed identity>
  "account_name": "",
  "azure_fqdn_suffix": "core.windows.net",
  "client_id": "" // <optional field in case of managed identity>
},"external_object_storage": {
  "enabled": false, // <true/false>
  "create_bucket": true, // <true/false>
  "storage_type": "s3", // <s3,azure,aws>
  "fqdn": "",  // <needed in case of aws non instance profile>
  "port": 443, // <needed in case of aws non instance profile>
  "region": "", 
  "access_key": "", // <needed in case of aws non instance profile>
  "secret_key": "", // <needed in case of aws non instance profile>
  "use_managed_identity": false, // <true/false>
  "bucket_name_prefix": "",
  "bucket_name_suffix": "",
  "account_key": "", // <needed only when using non managed identity>
  "account_name": "",
  "azure_fqdn_suffix": "core.windows.net",
  "client_id": "" // <optional field in case of managed identity>
},

Running the uipathctl installer

To complete the update of the object store credentials, run the uipathctl installer using the following command:
uipathctl manifest apply input.json --versions versions.jsonuipathctl manifest apply input.json --versions versions.json
Note:
You can use the dry-run flag with uipathctl to print the result of the command without applying it.

Updating the registry credentials

When the container registry in use requires authentication to pull images, pods must use a secret named uipathpullsecret. To update uipathpullsecret, take the following steps:
  1. Update the registry section of the input.json file:
    "registries": { 
        "docker": { 
          "url": "yourContainerRegistryUrl", 
          "username": "username", 
          "password": "newpassword" 
        }, 
        "helm": { 
          "url": "yourContainerRegistryUrl", 
          "username": "username", 
          "password": "newpassword" 
        } 
      }  "registries": { 
        "docker": { 
          "url": "yourContainerRegistryUrl", 
          "username": "username", 
          "password": "newpassword" 
        }, 
        "helm": { 
          "url": "yourContainerRegistryUrl", 
          "username": "username", 
          "password": "newpassword" 
        } 
      } 
  2. Delete the existing uipathpullsecret:
    kubectl delete secret  uipathpullsecret -n uipathkubectl delete secret  uipathpullsecret -n uipath
  3. Rerun the installation command:
    uipathctl manifest apply input.json --versions versions.jsonuipathctl manifest apply input.json --versions versions.json

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.