- Overview
- Requirements
- Deployment templates
- Manual: Preparing the installation
- Manual: Preparing the installation
- Step 2: Configuring the OCI-compliant registry for offline installations
- Step 3: Configuring the external objectstore
- Step 4: Configuring High Availability Add-on
- Step 5: Configuring SQL databases
- Step 7: Configuring the DNS
- Step 8: Configuring the disks
- Step 9: Configuring kernel and OS level settings
- Step 10: Configuring the node ports
- Step 11: Applying miscellaneous settings
- Step 12: Validating and installing the required RPM packages
- Step 13: Generating cluster_config.json
- Cluster_config.json Sample
- General configuration
- Profile configuration
- Certificate configuration
- Database configuration
- External Objectstore configuration
- Pre-signed URL configuration
- ArgoCD configuration
- Kerberos authentication configuration
- External OCI-compliant registry configuration
- Disaster recovery: Active/Passive and Active/Active configurations
- High Availability Add-on configuration
- Orchestrator-specific configuration
- Insights-specific configuration
- Process Mining-specific configuration
- Document Understanding-specific configuration
- Automation Suite Robots-specific configuration
- AI Center-specific configuration
- Monitoring configuration
- Optional: Configuring the proxy server
- Optional: Enabling resilience to zonal failures in a multi-node HA-ready production cluster
- Optional: Passing custom resolv.conf
- Optional: Increasing fault tolerance
- Adding a dedicated agent node with GPU support
- Adding a Dedicated Agent Node for Automation Suite Robots
- Step 15: Configuring the temporary Docker registry for offline installations
- Step 16: Validating the prerequisites for the installation
- Running uipathctl
- Manual: Performing the installation
- Post-installation
- Cluster administration
- Managing products
- Getting Started with the Cluster Administration portal
- Migrating Redis from in-cluster to external High Availability Add-on
- Migrating data between objectstores
- Migrating in-cluster objectstore to external objectstore
- Migrating from in-cluster registry to an external OCI-compliant registry
- Switching to the secondary cluster manually in an Active/Passive setup
- Disaster Recovery: Performing post-installation operations
- Converting an existing installation to multi-site setup
- Guidelines on upgrading an Active/Passive or Active/Active deployment
- Guidelines on backing up and restoring an Active/Passive or Active/Active deployment
- Scaling a single-node (evaluation) deployment to a multi-node (HA) deployment
- Monitoring and alerting
- Migration and upgrade
- Migrating between Automation Suite clusters
- Upgrading Automation Suite
- Downloading the installation packages and getting all the files on the first server node
- Retrieving the latest applied configuration from the cluster
- Updating the cluster configuration
- Configuring the OCI-compliant registry for offline installations
- Executing the upgrade
- Performing post-upgrade operations
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to reduce permissions for an NFS backup directory
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to disable TX checksum offloading
- How to manually set the ArgoCD log level to Info
- How to expand AI Center storage
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- How to check the TLS version
- How to work with certificates
- How to schedule Ceph backup and restore data
- How to collect DU usage data with in-cluster objectstore (Ceph)
- How to install RKE2 SELinux on air-gapped environments
- How to clean up old differential backups on an NFS server
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- Temporary registry installation fails on RHEL 8.9
- Frequent restart issue in uipath namespace deployments during offline installations
- DNS settings not honored by CoreDNS
- Upgrade fails due to unhealthy Ceph
- RKE2 not getting started due to space issue
- Upgrade fails due to classic objects in the Orchestrator database
- Ceph cluster found in a degraded state after side-by-side upgrade
- Service upgrade fails for Apps
- In-place upgrade timeouts
- Upgrade fails in offline environments
- snapshot-controller-crds pod in CrashLoopBackOff state after upgrade
- Upgrade fails due to overridden Insights PVC sizes
- Upgrade failure due to uppercase hostname
- Setting a timeout interval for the management portals
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Update the underlying directory connections
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- Missing Ceph-rook metrics from monitoring dashboards
- Mismatch in reported errors during diagnostic health checks
- No healthy upstream issue
- Redis startup blocked by antivirus
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Automation Suite certificate is not trusted from the server where CData Sync is running
- Running the diagnostics tool
- Using the Automation Suite support bundle
- Exploring Logs
- Exploring summarized telemetry
Automation Suite on Linux installation guide
Step 3: Post-deployment steps
This page provides instructions on the operations you can perform after deploying Automation Suite to AWS.
Validating the installation
- Under CloudFormation > Stacks, you can find all of your deployments.
- Select the stack you deployed, a status of CREATE_COMPLETE indicates the deployment has completed successfully.
Updating certificates
The installation process generates self-signed certificates on your behalf. By default, these certificates are compliant with FIPS 140-2 and expire after 1825 days, but you can choose any of the following expiry periods at the time of deployment: 90, 365, 730, 1825, or 3650 days.
You must replace the self-signed certificates with certificates signed by a trusted Certificate Authority (CA) as soon as the installation completes. If you do not update the certificates, the installation will stop working after the certificate expiry date.
If you installed Automation Suite on a FIPS 140-2-enabled host and want to update the certificates, make sure they are compatible with FIPS 140-2.
For instructions, see Managing certificates.
Enabling FIPS 140-2
After completing an Automation Suite installation using the AWS deployment template, you can enable FIPS 140-2 on your machines. For instructions, see Security and compliance.
Accessing the installer package
In AWS deployments, the installer package containing all the scripts for post-deployment operations is decompressed in the /root/installer directory.
Accessing the deployment outputs
-
From the Stack you selected, select the Output tab on the top. On this tab, you should have access to all the information you need for next steps.
-
For any of the credentials, you can access them via the secrets link provided in the table. Select on the link and go to Retrieve Secret Value for the credentials.
Key Value Description ArgoCD https://alm.${CONFIG_CLUSTER_FQDN}You can use the ArgoCD console to manage installed products. ArgoCD Secret < See link in console > Credentials for ArgoCD Automation Suite Secret < See link in console > Credentials for Automation Suite Portal Cluster Administration URL https://${CONFIG_CLUSTER_FQDN}/uipath-managementPortal centralizes the resources required to complete an Automation Suite installation and perform common post-installation operations. Automation Suite URL https://${CONFIG_CLUSTER_FQDN}Automation Suite Portal Host Administration Portal https://${CONFIG_CLUSTER_FQDN}The host portal is for system administrators to configure the Automation Suite instance. The settings that you configure from this portal are inherited by all your organizations, and some can be overwritten at the organization level. Host Administration Secret < See link in console > Credentials for Host Administration Interface Tour Interface tour The general-use Automation Suite user interface serves as a portal for both organization administrators and organization users. It is a common organization-level resource from where everyone can access all the Automation Suite areas: administration pages, platform-level pages, service-specific pages, and user-specific pages. Rancher https://monitoring.${CONFIG_CLUSTER_FQDN}Automation Suite uses Rancher to provide cluster management tools out of the box. This helps you manage the cluster and access monitoring and troubleshooting. Dashboard (Grafana) Monitoring URL https://monitoring.${CONFIG_CLUSTER_FQDN}/dashboardThe URL to dashboard (Grafana) monitoring tools Metrics (Prometheus) Monitoring URL https://monitoring.${CONFIG_CLUSTER_FQDN}/metricsThe URL to metrics (Prometheus) monitoring tools. Alertmanager Monitoring URL https://monitoring.${CONFIG_CLUSTER_FQDN}/alertmanagerThe URL to Alertmanager monitoring tools.
Accessing the Cluster Administration portal
The Cluster Administration portal is a centralized location where you can find all the resources required to complete an Automation Suite installation and perform common post-installation operations. For details, see Getting started with the Cluster Administration portal.
To access the Cluster Administration portal, take the following step:
Go to the following URL: https://${CONFIG_CLUSTER_FQDN}/uipath-management.
You do not need any credentials to access the Cluster Administration portal.
Accessing the Automation Suite portal
The general-use Automation Suite user interface serves as a portal for both organization administrators and organization users. It is a common organization-level resource from where everyone can access all Automation Suite areas: administration pages, platform-level pages, service-specific pages, and user-specific pages.
To access Automation Suite, take the following steps:
- Go to the following URL:
https://{CONFIG_CLUSTER_FQDN}. - Switch to the Default organization.
- The username is orgadmin.
- Retrieve the password by selecting the secrets link provided in the output table for AutomationSuiteSecret. Go to Retrieve Secret Value for the credentials.
Accessing host administration
The host portal is where system administrators configure the Automation Suite instance. The settings configured from this portal are inherited by all your organizations, and some can be overwritten at the organization level.
To access host administration, take the following steps:
- Go to the following URL:
https://{CONFIG_CLUSTER_FQDN}. - Switch to the Host organization.
- The username is admin.
- Retrieve the password by selecting the secrets link provided in the output table for HostAdministrationSecret. Go to Retrieve Secret Value for the credentials.
Accessing ArgoCD
You can use the ArgoCD console to manage installed products.
To access ArgoCD, take the following steps:
- Go to the following URL:
https://alm.${CONFIG_CLUSTER_FQDN}. - The username is admin if you want to use the ArgoCD admin account, or argocdro if you want to use the ArgoCD read-only account.
- Retrieve the password by selecting to the secrets link provided in the output table for ArgoCdSecret. Go to Retrieve Secret Value for the credentials.
Accessing the monitoring tools
To access the monitoring tools for the first time, log in as an admin with the following default credentials:
-
Username: admin
-
Password: to retrieve the password , run the following command:
kubectl get secrets/dex-static-credential -n uipath -o "jsonpath={.data['password']}" | base64 --decodekubectl get secrets/dex-static-credential -n uipath -o "jsonpath={.data['password']}" | base64 --decode
To update the default password used for Dex authentication while accessing the monitoring tools, take the following steps.
-
Run the following command by replacing
newpasswordwith your new password:password="newpassword" password=$(echo -n $password | base64) kubectl patch secret dex-static-credential -n uipath --type='json' -p="[{'op': 'replace', 'path': '/data/password', 'value': '$password'}]"password="newpassword" password=$(echo -n $password | base64) kubectl patch secret dex-static-credential -n uipath --type='json' -p="[{'op': 'replace', 'path': '/data/password', 'value': '$password'}]" -
Run the following command to update the password:
./bin/uipathctl manifest apply /opt/UiPathAutomationSuite/cluster_config.json --versions versions/helm-charts.json./bin/uipathctl manifest apply /opt/UiPathAutomationSuite/cluster_config.json --versions versions/helm-charts.json
Accessing cluster VMs
-
Navigate to EC2 and find your Automation Suite instance(s) depending if you deployed single-node or multi-node.
-
Find the public IP of the Bastion or instance you want to connect to.
-
Open a terminal and use SSH to connect to Bastion.
ssh -i <path_to_private_key> <username>@<bastion_ip>ssh -i <path_to_private_key> <username>@<bastion_ip> -
From Bastion, you can access other nodes via SSH using the following command. The username must be the same as the one used to connect to Bastion.
ssh -i .ssh/private_key <username>@<node_address>ssh -i .ssh/private_key <username>@<node_address>
Performing cluster operations
The templates provide automations for cluster operations leveraging Systems Manager documents.
Using Systems Manager documents
To use the Systems Manager documents, take the following steps:
-
Go to the Systems Manager service.
-
In the left menu, select Documents.
-
In the Owned by me tab, select the SSM document you want to run.
-
Select the Execute automation button.
-
Fill in the parameters and select the Execute button.
UpdateAMIDocument
Description
The SSM document creates a new Launch Template version for the server and agent Automatic Scaling Groups with an updated AMI ID.
Usage
The document exposes 2 parameters:
ImageName(e.g.:RHEL-8.6*_HVM-20*) - If theImageNameparameter is provided and AMI that matches theImageNamewill be set on the Automatic Scaling Groups;AmiId(e.g.:ami-032e5b6af8a711f30) - If provided, theAmiIdtakes precedence overImageNameand is set on the Automatic Scaling Groups.
If you did not use a custom AMI at deployment time, you can leave the parameters empty. In this case, the ImageName stored in Parameter Store is used as default value.
RegisterAiCenter
Description
The SSM document registers AI Center to the external Orchestrator provided at deployment time.
Usage
The document exposes a single, mandatory, parameter: IdentityToken, which is an installation access token generated by the external Identity service. Since the token has a short availability (approximately 1-2 hours), we recommend generating it just before running the SSM document. For instructions, see Installation key.
OnDemandBackup
Description
Creates a snapshot of the Automation Suite cluster. Does not perform a backup on the SQL server.
Usage
This SSM document does not require any parameters.
Execution logs
To check the logs of the file, select the Step ID for the captureOnDemandBackup step.
GetAllBackups
Description
Lists all snapshot available in the Automation Suite cluster.
Usage
This SSM document does not require any parameters.
Execution logs
To check the list of available snapshots, select the Step ID for the getSnapshotList step.
OnDemandRestore
Description
Restores the Automation Suite cluster to a snapshot.
Usage
The SSM document exposes the SnapshotName parameter. To get a snapshot, use the GetAllBackups document and check the logs.
Execution logs
To view the execution logs, take the following steps:
-
See the restore flow by selecting State machines.
-
Select OnDemandRestoreStateMachine.
-
Select the name of the running execution.
-
Select the step for which you want to check the execution logs and look in the output section for the
CommandInformation.CommandIdand copy it.
-
Go to the Run Command service.
-
In Command history, search for the command ID you copied earlier.
-
Select the instance ID.
-
In the output section, select CloudWatch Logs to see the full logs.
- Validating the installation
- Updating certificates
- Enabling FIPS 140-2
- Accessing the installer package
- Accessing the deployment outputs
- Accessing the Cluster Administration portal
- Accessing the Automation Suite portal
- Accessing host administration
- Accessing ArgoCD
- Accessing the monitoring tools
- Accessing cluster VMs
- Performing cluster operations
- Using Systems Manager documents
- UpdateAMIDocument
- RegisterAiCenter
- OnDemandBackup
- GetAllBackups
- OnDemandRestore