通知を受け取る

UiPath Automation Suite

UiPath Automation Suite ガイド

手動: 高度なインストール

このページでは、Automation Suite の cluster_config.json 構成ファイルの使用方法について説明します。

★削除★ cluster_config.json file defines the parameters, settings, and preferences applied to the UiPath products deployed via Automation Suite. You need to update this file if you want to change defaults and use any advanced configuration for your cluster.

To edit cluster_config.json, you can use either:

  • a Linux text editor, such as vi or GNU nano, directly on the Linux machine via SSH (e.g., command: vi cluster_config.json);
  • お好みのテキスト エディター。その後、マシン上でファイルをコピー/ペーストします。

★削除★ cluster_config.json file allows you to configure the UiPath products you want to deploy. There are two types of UiPath products:

  • mandatory products: these are installed by default and do not have the enabled flag available on them;
  • optional products: these are not required to complete the install. However, be aware that products may have dependencies. Please see Product dependencies for more details on this.

To enable or disable a product via the cluster_config.json file, use true または false for the enabled flag.

cluster_config.json サンプル

{
  "fqdn": "PLACEHOLDER",
  "fixed_rke_address": "PLACEHOLDER",
  "multinode": "false",
  "admin_username": "PLACEHOLDER",
  "admin_password": "PLACEHOLDER",
  "profile": "ha",
  "telemetry_optout": "true",
  "rke_token": "PLACEHOLDER",
  "server_certificate": {
    "ca_cert_file": "/absolute/path/to/rootCA.crt",
    "tls_cert_file": "/absolute/path/to/server.crt",
    "tls_key_file": "/absolute/path/to/server.key"
  },
  "infra": {
    "docker_registry": {
      "username": "PLACEHOLDER",
      "password": "PLACEHOLDER"
    },
    "custom_dns_resolver": "/path/to/custom-resolv.conf"
  },
  "identity_certificate": {
    "token_signing_cert_file": "/absolute/path/to/identity.pfx",
    "token_signing_cert_pass": ""
  },
  "sql": {
    "server_url": "PLACEHOLDER",
    "username": "PLACEHOLDER",
    "password": "PLACEHOLDER",
    "port": "PLACEHOLDER",
    "create_db": "PLACEHOLDER"
  },
  "sql_connection_string_template": "PLACEHOLDER",
  "sql_connection_string_template_jdbc": "PLACEHOLDER",
  "sql_connection_string_template_odbc": "PLACEHOLDER",
  "orchestrator": {
    "testautomation": {
      "enabled": true
    },
    "updateserver": {
      "enabled": true
    }
  },
  "aicenter": {
    "enabled": true,
    "sql_connection_str": "PLACEHOLDER"
  },
  "documentunderstanding": {
    "enabled": true,
    "datamanager": {
      "sql_connection_str": "PLACEHOLDER"
    },
    "handwriting": {
      "enabled": true,
      "max_cpu_per_pod": 2
    }
  },
  "insights": {
    "enabled": true
  },
  "test_manager": {
    "enabled": true
  },
  "automation_ops": {
    "enabled": true
  },
  "automation_hub": {
    "enabled": true
  },
  "apps": {
    "enabled": true
  },
  "action_center": {
    "enabled": true
  },
  "task_mining": {
    "enabled": true
  },
  "dataservice": {
    "enabled": true
  }
}

 

全般的な構成


Mandatory parameters

Description

fqdn

The load balancer (multi-node HA-ready production mode) or machine (single-node evaluation mode) domain name.

fixed_rke_address

Fixed address used to load balance node registration and kube API requests. This should be fqdn if load balancer is configured as recommended. Otherwise FQDN of 1st Server Node. Refer to Configuring the load balancer.

Can be the IP/FQDN of the first rke2 server in your setup.

multinode

Set to true when choosing a multi-node HA-ready production profile. The value of this flag is set automatically by the interactive install wizard. It is used for internal purposes only and should not be modified manually.

admin_username

The username that you would like to set as admin (such as: admin ) for the host organization.

admin_password

The host admin password to be set.

rke_token

Use a newly generated GUID here. This is a pre-shared, cluster-specific secret. It is needed for all the nodes joining the cluster.

profile

Sets the profile of the installation. The available profiles are:
default: single-node evaluation profile.
ha: multi-node HA-ready production profile.
The value of this flag is set automatically by the interactive install wizard. It is used for internal purposes only and should not be modified manually.

infra.docker_registry.username

The username that you would like to set for the docker registry installation.

infra.docker_registry.password

The password that you would like to set for the docker registry installation.

Optional parameters

Description

telemetry_optout

true or false - used to opt-out of sending telemetry back to UiPath. It is set to false by default.

If you wish to opt out, then set to true.

 

証明書を設定する


証明書を取得するには、次の前提条件のドキュメントをご覧ください。

インストール時に証明書を指定しない場合、インストーラーが自己発行の証明書を作成し、それをクラスターに設定します。この証明書の有効期間は 90 日です。

📘

注:

Make sure to specify the absolute path for the certificate files. Run pwd to get the path of the directory where files are placed and append the certificate file name to the cluster_config.json です。


マルチノードの HA対応の運用環境のインストールでは、証明書は最初のノードに対してのみ必要です。

Parameter

Description

server_certificate.ca_cert_file

Absolute path to the Certificate Authority (CA) certificate. This CA is the authority that signs the TLS certificate. A CA bundle should contain only the chain certificates used to sign the TLS certificate. The chain limit is up to nine certificates.
If you are using a self-signed certificate, you need to specify the path to the rootCA.crt, which you previously created. Leave blank if you want the installer to generate.

server_certificate.tls_cert_file

Absolute path to TLS certificate (server.crt for self-signed created in earlier steps). Leave blank if you want the installer to generate.

server_certificate.tls_key_file

Absolute path to certificate key (server.key for self-signed created in earlier steps). Leave blank if you want the installer to generate.

identity_certificate.token_signing_cert_file

Absolute path to the Identity Service certificate used to sign tokens (identity.pfx for self-signed created in earlier steps). Leave blank if you want the installer to generate an identity certificate using the server certificate.

identity_certificate.token_signing_cert_pass

Plain text password set when it was exported.

additional_ca_certs

Absolute path to the file containing additional CA certificates that you want to be trusted by all the products running as part of Automation Suite. All certificates in the file should be valid PEM format.

For example, you need to provide the file containing the SQL server CA certificate if the certificate is not issued by a public certificate authority.

 

データベースの構成


必要なデータベースを自動作成する

インストーラーでデータベースを作成する場合は、次のフィールドに入力します。

Parameter

Description

sql.create_db

Set to true.

sql.server_url

FQDN of the SQL server, where you want the installer to configure database.

sql.port

Port number on which a database instance should be hosted in the SQ: server.

sql.username

Username / userid to connect to the SQL server.

sql.password

Password of the username provided earlier to connect to the SQL server.

📘

重要:

Ensure the user has the dbcreator role. This grants them permission to create the database in SQL Server. Otherwise the installation fails.

ODBC 接続では、特殊文字を含むユーザー名はサポートされていません。AI Center と Document Understanding のデータベース ユーザー名において、英字の大文字と小文字のみをご利用ください。

 

独自データベースを利用する

独自のデータベースを使用する場合は、すべてのデータベースに対して SQL 接続文字列を指定する必要があります。Automation Suite では、次の形式の SQL 接続文字列をサポートしています。

Parameter

Description

Products

sql_connection_string_template

Full ADO.NET connection string where Catalog name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

Platform, Orchestrator, Test Manager, Automation Hub, Automation Ops, Insights, Task Mining, Data Service

sql_connection_string_template_jdbc

Full JDBC connection string where database name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

AI Center

sql_connection_string_template_odbc

Full ODBC connection string where database name is set to DB_NAME_PLACEHOLDER. The installer will replace this placeholder with the default database names for the installed suite services.

Document Understanding

🚧

重要

Make sure the SQL account specified in the connection strings is granted the db_securityadmin and db_owner roles for all Automation Suite databases. If security restrictions do not allow the use of db_owner, then the SQL account should have the following roles and permissions on all databases:

  • db_ddladmin
  • db_datawriter
  • db_datareader
  • dbo スキーマに対する EXECUTE 権限

🚧

重要

構成ファイルに接続文字列を手動で設定する場合、次の方法で SQL、JDBC、または ODBC のパスワードをエスケープできます。

  • for SQL: add ' at the beginning and end of the password, and double any other ' です。
  • for JDBC/ODBC: add { at the beginning of the password and } at the end, and double any other } です。

📘

注:

If you set TrustServerCertificate=False, then you may have to provide an additional CA certificate for the SQL Server. This is required if the SQL Server certificate is self-signed or signed by an internal CA.

詳細については、「証明書を設定する」をご覧ください。

sql_connection_string_template の例
Server=tcp:sfdev1804627-c83f074b-sql.database.windows.net:1433;Initial Catalog=DB_NAME_PLACEHOLDER;Persist Security Info=False;User [email protected];Password=***;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Max Pool Size=100;
sql_connection_string_template_jdbc の例
jdbc:sqlserver://sfdev1804627-c83f074b-sql.database.windows.net:1433;database=DB_NAME_PLACEHOLDER;user=testadmin;password=***;encrypt=true;trustServerCertificate=false;Connection Timeout=30;hostNameInCertificate=sfdev1804627-c83f074b-sql.database.windows.net"
sql_connection_string_template_odbc の例
SERVER=sfdev1804627-c83f074b-sql.database.windows.net,1433;DATABASE=DB_NAME_PLACEHOLDER;DRIVER={ODBC Driver 17 for SQL Server};UID=testadmin;PWD=***;MultipleActiveResultSets=False;Encrypt=YES;TrustServerCertificate=NO;Connection Timeout=30;"
Automation Suite サービスの既定および任意のデータベース名。
{
  "orchestrator": "AutomationSuite_Orchestrator",
  "orchestrator_ta": "AutomationSuite_Orchestrator",
  "orchestrator_upd": "AutomationSuite_Platform",
  "platform": "AutomationSuite_Platform",
  "test_manager": "AutomationSuite_Test_Manager",
  "automation_ops": "AutomationSuite_Platform",
  "automation_hub": "AutomationSuite_Automation_Hub",
  "insights": "AutomationSuite_Insights",
  "task_mining": "AutomationSuite_Task_Mining",
  "dataservice": "AutomationSuite_DataService", 
  "aicenter": "AutomationSuite_AICenter",
  "documentunderstanding": "AutomationSuite_DU_Datamanager",
}

📘

注:

If you you want to override the connection string for any of the services above, set the sql_connection_str for that specific service.

その場合も、インストーラーを実行する前に、これらのデータベースを手動で作成する必要があります。

Orchestrator とプラットフォーム用の既定の接続文字列をオーバーライドする
{
  "orchestrator": {
    "sql_connection_str": "Server=tcp:sfdev1804627-c83f074b-sql.database.windows.net,1433;Initial Catalog=CustomOrchDB;Persist Security Info=False;User [email protected];Password=***;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Max Pool Size=100;"
  },
  "platform": {
    "sql_connection_str": "Server=tcp:sfdev1804627-c83f074b-sql.database.windows.net,1433;Initial Catalog=CustomIDDB;Persist Security Info=False;User [email protected];Password=***;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Max Pool Size=100;"
  }
}

To override the database connection strings for other products, set the sql_connection_str in the corresponding product blocks. The connection string should have a format supported by the respective product.

AI Center 用のデータベース接続文字列の設定例

Parameter

Description

aicenter.sql_connection_str

AICenter JDBC connection string (Refer below for the JDBC format)

📘

注:

JDBC 接続文字列が、下記の例の形式であることを確認してください。

"aicenter": {
    "enabled": true,
    "sql_connection_str": "jdbc:sqlserver://sfdev1804627-c83f074b-sql.database.windows.net;database=aicenter;[email protected];[email protected]_euHQZJ"
}
Document Understanding 接続文字列の例
"documentunderstanding": {
    "enabled": true,
  {
  "datamanager": {
    "sql_connection_str": "mssql+pyodbc://testadmin:[email protected]:1433/datamanager?driver=ODBC+Driver+17+for+SQL+Server",
  }
}

: データ マネージャー SQL の接続文字列は、既定値を独自の値で上書きする場合のみの任意の設定です。
オンライン インストールでは、手書き文字が常に有効です。
The default value for max_cpu_per-pod is 2, but you can adjust it according to your needs. For more information, check the Document Understanding configuration file.

 

Orchestrator 固有の設定


Orchestrator can save robot logs to an Elasticsearch server. You can configure this functionality in the orchestrator.orchestrator_robot_logs_elastic section. If not provided, robot logs are saved to Orchestrator's database.

The following table lists out the orchestrator.orchestrator_robot_logs_elastic fields:

Parameter

Description

elastic_uri

The address of the Elasticsearch instance that should be used. It should be provided in the form of a URI. If provided, then username and password are also required.

elastic_auth_username

The Elasticsearch username, used for authentication.

elastic_auth_password

The Elasticsearch password, used for authentication.

クリックすると例が表示されます。
"orchestrator": {
    "orchestrator_robot_logs_elastic": {
        "elastic_uri": "https://elastic.example.com:9200",
        "elastic_auth_username": "elastic-user",
        "elastic_auth_password": "elastic-password"
    }
}

 

Insights 固有の構成


Insights を有効化する場合、スケジュールされたメールやアラート メールの送信に使用する SMTP サーバーの構成を含めることができます。—これを指定しない場合、スケジュールされたメールやアラート メールは機能しません。

★削除★ insights.smtp_configuration fields details:

Parameter

Description

tls_version

Valid values are TLSv1_2, TLSv1_1, SSLv23. Omit key altogether if not using TLS.

from_email

Address that alert/scheduled emails will be sent from.

host

Hostname of the SMTP server.

port

Port of the SMTP server.

username

Username for SMTP server authentication.

password

Password for SMTP server authentication.

クリックすると例が表示されます。
"insights": {
    "enabled": true,
    "smtp_configuration": {
      "tls_version": "TLSv1_2",
      "from_email": "[email protected]",
      "host": "smtp.sendgrid.com",
      "port": 587,
      "username": "login",
      "password": "password123"
    }
  }

 

監視の構成


To provision enough resources for monitoring (see Using the monitoring stack), you should consider the number of vCPUs in the cluster and the amount of desired metric retention. See below for how to set the following monitoring resource configurations.

次の表で、監視フィールドの詳細について説明します。

Parameter

Description

prometheus_retention

In days.
This is the amount of days that metrics will be retained for the purpose of visualization in Grafana and manual querying via the Prometheus console.

Default value is 7.

prometheus_storage_size

In GB.
Amount of storage space to reserve per Prometheus replica.
A good rule of thumb is to set this value to:
0.65 * vCPU cores * (prometheus_retention / 7)

Example:
If you set prometheus_retention to 14 days, and your cluster has 80 cores spread across 5 machines, this becomes:
0.65 * 80 * (14 / 7)
52 * (2)
104

Default value is 45 and should not be set lower.

If Prometheus starts to run out of storage space, an alert will be triggered with specific remediation instructions. See here.

prometheus_memory_limit

In MB.
Amount of memory to limit each Prometheus replica to.
A good rule of thumb is to set this value to:
100 * vCPU cores * (prometheus_retention / 7)

Example:
If you've set prometheus_retention to 14 days, and your cluster has 80 cores spread across 5 machines, this becomes:
100 * 80 * (14 / 7)
8000 * (2)
16000

Default value is 3200 for the single-node evaluation mode, and 6000 for the multi-node HA-ready production mode, and should not be set lower.

If Prometheus starts to run out of memory, an alert will be triggered with specific remediation instructions. See here.

クリックすると例が表示されます。
"monitoring": {
  "prometheus_retention": 14,
  "prometheus_memory_limit": 16000,
  "prometheus_storage_size": 104
}

 

任意: プロキシ サーバーを構成する


📘

注:

インストールでプロキシ サーバーの構成を行う前に、プロキシ サーバーの要件が満たされていることを確認してください。

While running the interactive installer wizard, you need to exit it and update the cluster_config.json during the advanced configuration step.

vim またはお好みのエディターを使用して、構成ファイルに以下を追加する必要があります。

"proxy": {
  "enabled": "true",
  "http_proxy": "http://<PROXY-SERVER-IP>:<PROXY-PORT>",
  "https_proxy": "http://<PROXY-SERVER-IP>:<PROXY-PORT>",
  "no_proxy": "alm.<fqdn>,<fixed_rke_address>:9345,<fixed_rke_address>:6443,<named server address>,<metadata server address>,10.0.0.0/8,<private_subnet_ip>,<sql server host>,<Comma separated list of ips that should not got though proxy server>"
}

Mandatory parameters

Description

enabled

Use true or false to enable or disable proxy settings.

http_proxy

Used to route HTTP outbound requests from the cluster. This should be the proxy server FQDN and port.

https_proxy

Used to route HTTPS outbound requests from the cluster. This should be the proxy server FQDN and port.

no_proxy

Comma-separated list of hosts, IP addresses, or IP ranges in CIDR format that you do not want to route via the proxy server. This should be a private subnet range, sql server host, named server address, metadata server address: *.<fqdn>,<fixed_rke_address>:9345,<fixed_rke2_address>:6443.

fqdn - the cluster FQDN defined in cluster_config.json
fixed_rke_address - the fixed_rke_address defined in cluster_config.json
named server address - the IP address from /etc/resolv.conf
private_subnet_ip - the cluster VNet
sql server host - sql server host
metadata server address - the IP address 169.254.169.254 used to fetch machine metadata by cloud services such as Azure and AWS

 

任意: マルチノードの HA 対応の運用クラスターにおけるゾーン障害に対する復元設定を有効化する

マルチノード クラスターでゾーン障害に対する復元機能を有効化するには、次の手順を実行します。

  1. Make sure nodes are spread evenly across three availability zones. For a bare-metal server or VM provided by any vendor except for AWS, Azure, or GCP, zone metadata has to be provided via the configuration file at /etc/default/k8s-node-labels on every machine in following format.
NODE_REGION_LABEL=<REGION_NAME>
NODE_ZONE_LABEL=<ZONE_NAME>
cat > /etc/default/k8s-node-labels <<EOF
EXTRA_K8S_NODE_LABELS="topology.kubernetes.io/region=$NODE_REGION_LABEL,topology.kubernetes.io/zone=${NODE_ZONE_LABEL}"
EOF
  1. Update the cluster_config.json file during the advanced configuration step.

To update the cluster_config.json using the interactive installation wizard, exit at advanced configuration step and add the following to the configuration file using vim or your favorite editor:

"zone_resilience": true

Mandatory parameters

Description

zone_resilience

Use true or false to enable or disable resilience to zonal failure.

🚧

If you enable resilience to zonal failure, passing the --zone and --region arguments is:

  • 推奨: マシンが AWS、Azure、または GCP でプロビジョニングされ、メタデータ サービスが有効化されている場合。この場合は、インストーラーがゾーンとリージョンの詳細を設定するためです。
  • 必須: マシンが AWS、Azure または GCP でプロビジョニングされ、メタデータ サービスが無効化されている場合、または別のクラウド プロバイダーを選択した場合.

 

任意: カスタム {0} を渡す resolv.conf

The Kubernetes cluster that Automation Suite deploys uses the name servers configured in /etc/resolv.conf. Kubernetes does not work with local DNS resolvers (127.0.0.1 or 127.0.0.0/8), so if you have such name servers configured in /etc/resolv.conf file, you need to pass a file reference with the correct nameserver entries accessible from anywhere on the VM in the .infra.custom_dns_resolver parameter in cluster_config.json です。
For details on a known limitation, see Kubernetes documentation.

Optional Parameters

Description

.infra.custom_dns_resolver

Path to the file with correct name server entries that can be accessed from anywhere on the VM. These name server entries must not be from 127.0.0.0/8.

 

7 日前に更新


手動: 高度なインストール


このページでは、Automation Suite の cluster_config.json 構成ファイルの使用方法について説明します。

改善の提案は、API リファレンスのページでは制限されています

改善を提案できるのは Markdown の本文コンテンツのみであり、API 仕様に行うことはできません。