- Overview
- Requirements
- Pre-installation
- Preparing the installation
- Installing and configuring the service mesh
- Downloading the installation packages
- Configuring the OCI-compliant registry
- Granting installation permissions
- Installing and configuring the GitOps tool
- Deploying Redis through OperatorHub
- Applying miscellaneous configurations
- Running uipathctl
- Installation
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite
- Migrating standalone products to Automation Suite
- Step 1: Restoring the standalone product database
- Step 2: Updating the schema of the restored product database
- Step 3: Moving the Identity organization data from standalone to Automation Suite
- Step 4: Backing up the platform database in Automation Suite
- Step 5: Merging organizations in Automation Suite
- Step 6: Updating the migrated product connection strings
- Step 7: Migrating standalone Orchestrator
- Step 8: Migrating standalone Insights
- Step 9: Migrating standalone Test Manager
- Step 10: Deleting the default tenant
- Performing a single tenant migration
- Migrating between Automation Suite clusters
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Orchestrator advanced configuration
- Configuring Orchestrator parameters
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring NLog
- Saving robot logs to Elasticsearch
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Skipping host library creation
- Troubleshooting
Automation Suite on OpenShift installation guide
Rotating Blob Storage Credentials
Introduction
To rotate the blob storage credentials for Process Mining in Automation Suite an administrator will need to have access to the Kubernetes cluster secrets using either kubectl, oc, lens, or another tool. The stored secrets must be updated with the new credentials, and the pods for Airflow and Process Mining need to be restarted to make sure all pods for these service receive the new credentials.
The storage credentials need to be updated in the <uipath> namespace.
The stored secret values are base 64 encoded. If using kubectl you will need to encode the values before updating them in the cluster. If using Lens (k8slens) then the Lens tooling can do the decode/encode automatically.
Examples
The following example shows how to update secrets:
oc patch secret processmining-external-storage-secret -n <uipath> -p "{\"data\":{\"ACCOUNTKEY\":\"<new_key_b64>\"}}"
oc patch secret processmining-external-storage-secret -n <uipath> -p "{\"data\":{\"ACCOUNTKEY\":\"<new_key_b64>\"}}"
Ceph Secrets
UiPath Namespace
processmining-service-rook-ceph-secret.OBJECT_STORAGE_ACCESSKEY
processmining-service-rook-ceph-secret.OBJECT_STORAGE_SECRETKEY
Minio Secrets:
UiPath Namespace
processmining-external-storage-secret.ACCESSKEY
processmining-external-storage-secret.SECRETKEY
S3 Secrets:
UiPath Namespace
processmining-external-storage-secret.ACCESSKEY
processmining-external-storage-secret.SECRETKEY
Azure Secrets:
UiPath Namespace
processmining-external-storage-secret.ACCOUNTNAME
processmining-external-storage-secret.ACCOUNTKEY
Azure connection string is URL encoded; the string will need to be decoded, have the access key updated, then re-encoded.
urlencode -d "wasb%3A%2F%2Fazureuser%40%3Fextra__wasb__connection_string%3DDefaultEndpointsProtocol%3Dhttps%3BEndpointSuffix%3Dcore.windows.net%3BAccountName%3Dazureuser%3BAccountKey%3DACCOUNT_KEY%3BBlobEndpoint%3Dhttps%3A%2F%2Fexample.blob.core.windows.net%2F%3BFileEndpoint%3Dhttps%3A%2F%2Fexample.file.core.windows.net%2F%3BQueueEndpoint%3Dhttps%3A%2F%2Fexample.queue.core.windows.net%2F%3BTableEndpoint%3Dhttps%3A%2F%2Fexample.table.core.windows.net%2F%26extra__wasb__sas_token%3D%26extra__wasb__shared_access_key%3D%26extra__wasb__tenant_id%3D"
urlencode "wasb://azureuser@?extra__wasb__connection_string=DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=azureuser;AccountKey=ACCOUNT_KEY;BlobEndpoint=https://example.blob.core.windows.net/;FileEndpoint=https://example.file.core.windows.net/;QueueEndpoint=https://example.queue.core.windows.net/;TableEndpoint=https://example.table.core.windows.net/&extra__wasb__sas_token=&extra__wasb__shared_access_key=&extra__wasb__tenant_id="
urlencode -d "wasb%3A%2F%2Fazureuser%40%3Fextra__wasb__connection_string%3DDefaultEndpointsProtocol%3Dhttps%3BEndpointSuffix%3Dcore.windows.net%3BAccountName%3Dazureuser%3BAccountKey%3DACCOUNT_KEY%3BBlobEndpoint%3Dhttps%3A%2F%2Fexample.blob.core.windows.net%2F%3BFileEndpoint%3Dhttps%3A%2F%2Fexample.file.core.windows.net%2F%3BQueueEndpoint%3Dhttps%3A%2F%2Fexample.queue.core.windows.net%2F%3BTableEndpoint%3Dhttps%3A%2F%2Fexample.table.core.windows.net%2F%26extra__wasb__sas_token%3D%26extra__wasb__shared_access_key%3D%26extra__wasb__tenant_id%3D"
urlencode "wasb://azureuser@?extra__wasb__connection_string=DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=azureuser;AccountKey=ACCOUNT_KEY;BlobEndpoint=https://example.blob.core.windows.net/;FileEndpoint=https://example.file.core.windows.net/;QueueEndpoint=https://example.queue.core.windows.net/;TableEndpoint=https://example.table.core.windows.net/&extra__wasb__sas_token=&extra__wasb__shared_access_key=&extra__wasb__tenant_id="