重要
The Platform Configuration Tool works for upgrades from 2019.10, 2020.10, 2021.10, and 2022.4 to 2022.10. Post-installation checks and operations work after installing Orchestrator.
概述
UiPath 平台配置工具是一个PowerShell脚本,用于帮助您成功安装/升级Orchestrator。它可以帮助您在升级之前检查环境的完整性和就绪性,并帮助您在安装后执行一些操作。
该工具可从下方下载,而且还与 UiPathOrchestrator.msi 安装程序捆绑。捆绑的脚本可以在 Orchestrator 安装目录的 Tools 文件夹中找到,默认位置为 C:\Program Files (x86)\UiPath\Orchestrator\。该脚本会检查 Orchestrator 计算机。多节点安装时,在一个节点上运行该工具便已足够。
平台配置工具不遵循与 UiPathOrchestrator.msi 安装程序相同的版本控制模式,而且可以在产品发布周期外进行更新。我们建议您始终下载并使用以下工具的最新版本。
先决条件
| Software | Compatible Version |
|---|---|
| PowerShell | 5.1 |
| WebAdministration Module | N/A |
| pki Module | N/A |
脚本 Cmdlet
该脚本由旨在执行特定功能的三个 cmdlet 组成。可以在命令行中输入 cmdlet 调用命令及其相关参数以立即执行。
| Cmdlet | Description |
|---|---|
Test-PlatformReadiness | Invoked using the -Readiness command.Checks the sanity and readiness of your environment before an upgrade and the certificate requirements after the installation. |
Update-UiPathUrl | Invoked using the UpdateUiPathUrl command.Updates the public address of Orchestrator and checks if the new address is valid with the current certificate. |
Update-UiPathCertificate | Invoked using the UpdateUiPathCertificate command.Updates the Orchestrator SSL certificate or the Identity Server token-signing certificate. |
AddHostAdmin | Invoked using the AddHostAdmin command.Adds a system administrator to the host tenant. |
安装前检查
Asp.Net Core
检查 ASP.NET Core IIS 模块 v3.1.x+ 是否已安装并正常运行。如果不是,系统会提示您卸载并重新安装 ASP.Net Core Hosting Bundle。
CyberArk AIM
检查 CyberArk AIM 代理是否安装在 C:\Program Files (x86)\CyberArk 文件夹下。如果不是,系统会在安装后提示用户使用 Plugins.SecureStores.CyberArk.CLIPasswordSDKExePath 密钥在 UiPath.Orchestrator.dll.config 文件中添加 CLIPasswordSdk.exe。
如果在 UiPath.Orchestrator.dll.config 中找不到 CyberArk,则无需执行此检查。
web.config 加密
检查 web.config 文件是否已解密。如果已加密,则需要在升级之前手动将其解密。升级后, Orchestrator 的大多数配置设置都会移至 UiPath.Orchestrator.dll.config。
Learn how to encrypt the UiPath.Orchestrator.dll.config file.
web.config 锁定部分
检查 <system.webServer> 元素是否包含任何锁定部分。如果存在此类部分,则需要在 IIS 中手动将其解锁。
SQL Server 横向扩展
检查是否使用 SQL Server 横向扩展。系统会在安装过程中通知您已启用 Redis 横向扩展。
凭据存储插件
检查外部凭据存储插件是否以支持的框架为目标。
NLog 插件
检查 NLog 插件是否以支持的框架为目标。
文件系统存储桶
此检查将验证 Orchestrator 2020.4 及更高版本中是否存在 Buckets.FileSystem.Allowlist 应用程序设置。这涵盖了安装前检查 (Orchestrator 2020.4) 和安装后检查 (Orchestrator 2020.10+)。2020.4 之前的 Orchestrator 版本会跳过此检查。
- 要执行以下检查,您需要解密
connectionStrings和appSettings配置节。如果这些配置节中的任何一个被加密,则在终端中会出现一条警告提示,其余存储桶验证将被跳过。
Could not determine if any buckets with file system provider are in use. Config section 'connectionString' is encrypted, could not find the sql connection string to the UiPath database.
- 如果由于某种原因无法从数据库中检索存储桶,则在终端中会出现一条警告提示您,其余的验证也将被跳过。
Could not determine if any buckets with file system provider are in use. Could not connect to the UiPath Database.
-
对 Orchestrator 数据库存储桶表中检索到的存储桶根路径执行此验证。如果存在任何不合格的路径,则在终端中会出现一条警告提示您。
Buckets.FileSystem.Allowlist应用程序设置中的路径进行了类似的检查,以检查不合格的路径。 -
如果两个来源中的任何一条路径无效或不合格,则在以下所述的其余验证中均不会考虑该路径。
-
如果
Buckets.FileSystem.Allowlist应用程序设置未在配置文件中设置,则终端会提示您错误,要求您将允许列表添加到配置文件中。建议的路径是使用文件系统提供程序的存储桶的根路径。
All storage buckets using the file system provider are not on the allowed list.
Add the following setting in the configuration file to allow all exiting buckets root paths:
<add key="Buckets.FileSystem.Allowlist" value="C:\work\stuff\Bucket\|C:\work\stuff\Bucket1\" />
- 如果
Buckets.FileSystem.Allowlist应用程序设置已在配置文件中设置,那么将对使用文件系统提供程序的存储桶的根路径执行验证。如果存储桶根路径不是允许列表中定义的任何路径的子路径,则在终端中会出现一条警告提示您,要求您将存储桶根路径添加到Buckets.FileSystem.Allowlist。
There are some storage buckets using the file system provider that are not on the allowed list. The buckets feature will not work for buckets with root paths that are not on the allowed list.
Check if any of the following paths are required to be on the allowed list and add them to the 'Buckets.FileSystem.Allowlist' key in configuration file:
|C:\work\stuff\Buckets\|C:\work\stuff\Bucket1\
- 否则,如果每个存储桶根路径都是允许列表中某一路径的子路径,则终端将显示成功消息。
All storage buckets using file system provider have the root path on the allow list in the configuration file.
安装后检查
证书要求
升级后检查 Orchestrator 实例是否满足所有证书要求。
SSL 证书检查
- Orchestrator 网站的
hostname与证书上的使用者或使用者可选名称(包括通配符)匹配, - 具有有效的信任链,并且
- 未过期。
身份服务器令牌签名证书检查
- 证书具有适当的密钥长度(
2048位或更大), - 具有可由应用程序池用户访问的私钥,并且
- 未过期。
其他注意事项
Check the docs on installation considerations for other areas impacted by an upgrade to 2020.10+ that you need to be aware of.
运行脚本
命令参考
| Command & Parameters | Description |
|---|---|
-Readiness | Checks the sanity and readiness of your environment before an upgrade and the certificate requirements after the installation. Parameters: -SiteName-Help-InstallationDirectory |
-UpdateUiPathUrl | Updates the public address of Orchestrator. Parameters: -SiteName-OrchestratorUrl-SqlConnectionStringThe SQL Server PowerShell module is required to use this command. The module is installed by default with SQL Server. If you’re working on a machine that doesn’t have the module installed, see here how to install it. Use this command with caution as it does not have a roll-back mechanism if a step errors out during execution. |
-UpdateUiPathCertificate | Updates the Orchestrator SSL certificate or the Identity Server token-signing certificate. Use it in conjunction with the -readiness command to check the validity of the new certificates.Parameters: -SiteName-NewTokenSigningThumbprint-NewSSLThumbprint-KeepOldCertificate |
-AddHostAdmin | If access to the host organization is lost (for example, if the password for the system administrator is lost or the only users with system administrator accounts leave the company), you can use this command to add or restore a system administrator. Parameters: -SiteName-HostAdminUsername-HostAdminPassword-HostAdminEmail |
Script Parameters
| Parameter | Description |
|---|---|
-SiteName | Optional. The name of the Orchestrator website on the target machine. Defaults to "UiPath Orchestrator". -InstallationDirectory and SiteName are mutually exclusive. |
-Help | Optional. Displays information about the tool options or available commands, such as the commands' syntax or the checks it performs. |
-InstallationDirectory | Optional. The path of Orchestrator's installation directory. Usually C:\Program Files (x86)\UiPath\Orchestrator\. -InstallationDirectory and SiteName are mutually exclusive.Note: Make sure the installation directory path ends with a trailing backslash ( \). |
-OrchestratorUrl | Mandatory. The new public address of Orchestrator. |
-SqlConnectionString | Optional. UiPath database connection string. If left empty, the value is read from the appsettings.Production.json file. |
-NewTokenSigningThumbprint | Optional. The thumbprint of the new token signing certificate. |
-NewSSLThumbprint | Optional.The thumbprint of the new SSL certificate. |
-HostAdminUsername | Only mandatory when using the -AddHostAdmin command. Username of the host admin user to create or restore. |
-HostAdminPassword | Email of the host admin user to create or restore when using the -AddHostAdmin command. Only mandatory if using these external identity providers:Azure Active Directory *SAML with email user mapping strategy |
-HostAdminEmail | Password of the host admin user to create when using the -AddHostAdmin command. Password is only mandatory if the user is a basic authentication user. The password will need to be changed on first login. |
示例
要使用平台配置工具脚本,请打开 Administrator PowerShell 脚本。
找到解压缩平台配置工具存档的目录,并将该目录更改为此位置:
cd C:\Program Files (x86)\UiPath\Orchestrator\Tools\UiPath.Platform.Configuration.Tool
执行就绪检查
以下示例允许您对 Orchestrator 的预安装要求执行验证。该过程在 -verbose 级别记录其步骤并输出额外信息。
.\Platform.Configuration.Tool.ps1 `
-Readiness `
-SiteName "UiPath Orchestrator"
安装前检查是否成功输出(适用于从 2020.4 开始的升级)。
Validating 22.10 pre-installation requirements...
Checking AspNetCore hosting module...
AspNetCore hosting module is installed.
Checking CyberArk CLIPasswordSDK.exe path...
CyberArk CLIPasswordSDK.exe was found at the default installation path 'C:\Program Files (x86)\CyberArk\ApplicationPasswordSdk\CLIPasswordSDK.exe'.
Checking Web.config sections encryption...
Web.config sections are not encrypted.
Checking IIS configuration locked sections...
Configuration sections are not locked.
Checking Orchestrator ssl certificate subject alternative names...
Orchestrator host name is valid for the ssl certificate subject alternative names.
Checking sql server scaleout use...
Sql server scaleout is not used.
Checking external credential store plugins target framework...
Credential stores plugins validation is finished.
Checking external NLog plugins target framework...
NLog plugins validation is finished.
Checking buckets with file system storage provider...
All storage buckets using file system provider have the root path on the allowed list in the configuration file.
Checking platform certificates...
Platform certificates validation is finished.
All 22.10 pre-installation checks are done.
Platform readiness validations: 10 succeeded, 0 failed and 0 warning(s).
安装后更改证书
以下示例允许您更新 Orchestrator SSL 和身份服务器令牌签名证书。
.\Platform.Configuration.Tool.ps1 `
-UpdateUiPathCertificate `
-KeepOldCertificate $false
-SiteName "UiPath Orchestrator" `
-NewSSLThumbprint "a1b2c3d4" `
-NewTokenSigningThumbprint "z6y5x4v3"
备注:
确保证书设置了适当的权限,以避免出现内部服务器错误。有关更多信息,请参阅证书故障排除。
如果尚未将私钥添加到证书中,则可以通过执行以下步骤手动添加:
- 要找到私钥,请启动 Internet 信息服务 (IIS) 管理器,然后选择“应用程序池”。您应该可以在“身份”列下找到每项服务的私钥。
- 转到“控制面板”下的“管理计算机证书”。
- 转到“个人/证书”。
- 右键单击“新建证书”,然后转到“所有任务”>“管理私钥”以添加私钥。
更改 Orchestrator URL
以下示例允许您更新 Orchestrator URL。
.\Platform.Configuration.Tool.ps1 `
-UpdateUiPathUrl `
-OrchestratorUrl "https://mydomainname" `
-SiteName "UiPath Orchestrator" `
-SqlConnectionString "Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;Password=myPassword;"
注意
尽管我们建议对 Orchestrator URL 使用小写字母,但该工具会自动将任何大写字符串转换为小写字母。
创建新的系统管理员
The following example creates a new system administrator on the host tenant using basic authentication. Note that if an external identity provider is set as exclusive, basic authentication is only accessible through the hostlogin URL documented in Accessing Identity Management Portal.
.\Platform.Configuration.Tool.ps1 `
-AddHostAdmin `
-SiteName "UiPath Orchestrator" `
-HostAdminUsername someuser `
-HostAdminPassword som3pwd! `
-HostAdminEmail testemail@company.com
输出
输出以颜色进行编码。
| Color | Description |
|---|---|
| Red | Blockers Elements are missing or are not configured and will prevent the installation. |
| Yellow | Warnings You can install Orchestrator, but additional benefits will be absent. |
| Green | Messages The environment is ready for installation. |
约一个月前更新