- Overview
- Requirements
- Installation
- Q&A: Deployment templates
- Configuring the machines
- Configuring the external objectstore
- Configuring an external Docker registry
- Configuring the load balancer
- Configuring the DNS
- Configuring Microsoft SQL Server
- Configuring the certificates
- Online multi-node HA-ready production installation
- Offline multi-node HA-ready production installation
- Disaster recovery - Installing the secondary cluster
- Downloading the installation packages
- install-uipath.sh parameters
- Enabling Redis High Availability Add-On for the cluster
- Document Understanding configuration file
- Adding a dedicated agent node with GPU support
- Adding a dedicated agent Node for Task Mining
- Connecting Task Mining application
- Adding a Dedicated Agent Node for Automation Suite Robots
- Post-installation
- Cluster administration
- Monitoring and alerting
- Migration and upgrade
- Migration options
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Insights
- Step 7: Deleting the default tenant
- B) Single tenant migration
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bundle
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to automatically clean up Longhorn snapshots
- How to disable TX checksum offloading
- How to manually set the ArgoCD log level to Info
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- Unable to run an offline installation on RHEL 8.4 OS
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- First installation fails during Longhorn setup
- SQL connection string validation error
- Prerequisite check for selinux iscsid module fails
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- GPU node affected by resource unavailability
- Volume unable to mount due to not being ready for workloads
- Support bundle log collection failure
- Failure to upload or download data in objectstore
- PVC resize does not heal Ceph
- Failure to resize PVC
- Failure to resize objectstore PVC
- Rook Ceph or Looker pod stuck in Init state
- StatefulSet volume attachment error
- Failure to create persistent volumes
- Storage reclamation patch
- Backup failed due to TooManySnapshots error
- All Longhorn replicas are faulted
- Setting a timeout interval for the management portals
- Update the underlying directory connections
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- Issues accessing the ArgoCD read-only account
- MongoDB pods in CrashLoopBackOff or pending PVC provisioning after deletion
- Unhealthy services after cluster restore or rollback
- Pods stuck in Init:0/X
- Prometheus in CrashloopBackoff state with out-of-memory (OOM) error
- Missing Ceph-rook metrics from monitoring dashboards
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Using the Automation Suite Diagnostics Tool
- Using the Automation Suite Support Bundle Tool
- Exploring Logs
Step 1: Preparing the AWS deployment
This page lists the steps you need to take before deploying Automation Suite to AWS.
The AWS deployment requires a moderate level of familiarity with AWS services.
If you are new to AWS, you can start by reading the following introductory materials to get familiar. They provide basic materials for how to design, deploy, and operate infrastructure and applications on the AWS Cloud.
This Quick Start also assumes familiarity with AWS Services listed in the Request resources quotas section of this guide. For a detailed diagram and description of the architecture, see:
If you don’t already have an AWS account, create one by following the step-by-step instructions. Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.
The following sections walk you through the steps you need to take to configure your AWS Account specific to the Automation Suite deployment requirements.
You need at least one EC2 key pair in the AWS account in the Region where you will deploy the Quick Start.
To create a key pair, see Amazon EC2 key pairs and Linux instances.
Take note of the key-pair name as it is needed during the deployment.
This Quick Start requires you to have established ownership of the parent domain under which the web application will be served. If you want to register a domain, see Registering a public domain.
If you have registered the domain using AWS Route 53, then the hosted zone is preconfigured, and no additional configuration is necessary.
Otherwise, you should set up a hosted zone in your AWS account, with the required name server, start of authority, CNAME, and text records. For further details on how to create a public hosted zone, see Working with public hosted zones.
WaitConditionHandle
resource in the routing stack. The Physical Id
of this resource is an URL. Execute a POST
request as described here.
If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources and if this Quick Start deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services.
For more information, see What is Service Quotas? and AWS service quotas.
Resource |
Requirement |
---|---|
VPCs |
1 |
Subnets |
Up to 6 |
NAT gateways |
2 |
VPC endpoints |
1 |
Internet gateways |
1 |
Elastic IP addresses |
Up to 6 |
AWS Identity and Access Management (IAM) security groups |
1 |
IAM roles |
Up to 7 |
Auto Scaling groups |
Up to 2 |
Application Load Balancers |
Either 0 or 1 |
Network Load Balancers |
Either 1 or 2 |
Public certificate authorities (CA) |
1 |
Hosted zone |
1 |
RDS instances |
1 |
Bastion hosts |
1 |
Secrets |
4 |
Parameters in Parameter Store |
3 |
SSM documents |
Either 0 or 3 |
Lambda Functions |
3 |
Instance Profiles |
2 |
Security Groups |
3 |
In order for the Quick Start to work in a Region other than its default Region, all the services that are part of the deployment must also be supported in that Region.
For an up-to-date list of AWS Regions and the AWS services they support, see AWS Regional Services.
Unrecognized resource type
error, then Quick Start is not
supported in that Region.
Before launching the Quick Start, you must sign in to the AWS Management Console with IAM permissions for the resources that the templates deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions.
For more information, see AWS managed policies for job functions.
For a complete list of roles and policies that the CloudFormation template creates, see Roles and policies.
The following table describes all the external endpoints that the service interacts with:
Requirements |
Details |
---|---|
AWS metadata service |
Provides details about your Amazon EC2 instance |
AWS management APIs |
Used via AWS CLI or lambda functions |
AWS bootstrap archive |
Used for services to provision and manage resources. Retrieved from the following URL:
https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz |
AWS CLI package |
Used for the command line interface to interact with AWS services from a machine. You can access the package from the following
URL:
https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip |
AWS SSM Agent |
Used for managing instances via remote commands at scale. You can download the agent from the following URL:
https://s3.${AWS::Region}.amazonaws.com/amazon-ssm-${AWS::Region}/latest/linux_amd64/amazon-ssm-agent.rpm |
AWS Cloudwatch Agent |
Used for collecting system and application logs for monitoring. You can download the agent from the following URL:
https://s3.amazonaws.com/amazoncloudwatch-agent/redhat/amd64/latest/amazon-cloudwatch-agent.rpm |
Nvidia drivers |
Required for GPU-enabled VMs. You can get the drivers from the Nvidia repository. |
External repository if used |
N/A |
UiPath S3 buckets for templates / lambda functions usage / bash scripts for installation. |
N/A |
For more details, see Network requirements.
Connect AiCenter to an external Orchestrator
to true
and provide certificates for Orchestrator and Identity to the parameters listed in AWS deployment parameters. For details on how to obtain the certificates, see Chain certificates.
To encode the certificates in base64 format, run the following commands:
cat orchestrator.cer | base64 | tr -d '\n' > orchestratorCert
cat identity.cer | base64 | tr -d '\n' > identityCert
cat orchestrator.cer | base64 | tr -d '\n' > orchestratorCert
cat identity.cer | base64 | tr -d '\n' > identityCert
To register AI Center to the external Orchestrator, you must run this SSM document.