automation-suite
2024.10
true
- Overview
- Requirements
- Recommended: Deployment templates
- Manual: Preparing the installation
- Manual: Preparing the installation
- Step 1: Configuring the OCI-compliant registry for offline installations
- Step 2: Configuring the external objectstore
- Step 3: Configuring High Availability Add-on
- Step 4: Configuring Microsoft SQL Server
- Step 5: Configuring the load balancer
- Step 6: Configuring the DNS
- Step 7: Configuring the disks
- Step 8: Configuring kernel and OS level settings
- Step 9: Configuring the node ports
- Step 10: Applying miscellaneous settings
- Step 12: Validating and installing the required RPM packages
- Step 13: Generating cluster_config.json
- Cluster_config.json Sample
- General configuration
- Profile configuration
- Certificate configuration
- Database configuration
- External Objectstore configuration
- Pre-signed URL configuration
- ArgoCD configuration
- External OCI-compliant registry configuration
- Disaster recovery: Active/Passive and Active/Active configurations
- High Availability Add-on configuration
- Orchestrator-specific configuration
- Insights-specific configuration
- Process Mining-specific configuration
- Document Understanding-specific configuration
- Automation Suite Robots-specific configuration
- AI Center-specific configuration
- Monitoring configuration
- Optional: Configuring the proxy server
- Optional: Enabling resilience to zonal failures in a multi-node HA-ready production cluster
- Optional: Passing custom resolv.conf
- Optional: Increasing fault tolerance
- Adding a dedicated agent node with GPU support
- Adding a dedicated agent Node for Task Mining
- Connecting Task Mining application
- Adding a Dedicated Agent Node for Automation Suite Robots
- Step 15: Configuring the temporary Docker registry for offline installations
- Step 16: Validating the prerequisites for the installation
- Manual: Performing the installation
- Post-installation
- Cluster administration
- Managing products
- Getting Started with the Cluster Administration portal
- Migrating objectstore from persistent volume to raw disks
- Migrating from in-cluster to external High Availability Add-on
- Migrating data between objectstores
- Migrating in-cluster objectstore to external objectstore
- Migrating to an external OCI-compliant registry
- Switching to the secondary cluster manually in an Active/Passive setup
- Disaster Recovery: Performing post-installation operations
- Converting an existing installation to multi-site setup
- Guidelines on upgrading an Active/Passive or Active/Active deployment
- Guidelines on backing up and restoring an Active/Passive or Active/Active deployment
- Monitoring and alerting
- Migration and upgrade
- Migrating between Automation Suite clusters
- Upgrading Automation Suite
- Downloading the installation packages and getting all the files on the first server node
- Retrieving the latest applied configuration from the cluster
- Updating the cluster configuration
- Configuring the OCI-compliant registry for offline installations
- Executing the upgrade
- Performing post-upgrade operations
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to disable TX checksum offloading
- How to manually set the ArgoCD log level to Info
- How to expand AI Center storage
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- How to check the TLS version
- How to schedule Ceph backup and restore data
- Unable to run an offline installation on RHEL 8.4 OS
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Prerequisite check for selinux iscsid module fails
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- Volume unable to mount due to not being ready for workloads
- Support bundle log collection failure
- Temporary registry installation fails on RHEL 8.9
- Data loss when reinstalling or upgrading Insights following Automation Suite upgrade
- Unable to access Automation Hub following upgrade to Automation Suite 2024.10.0
- Single-node upgrade fails at the fabric stage
- Upgrade fails due to unhealthy Ceph
- RKE2 not getting started due to space issue
- Volume unable to mount and remains in attach/detach loop state
- Upgrade fails due to classic objects in the Orchestrator database
- Ceph cluster found in a degraded state after side-by-side upgrade
- Unhealthy Insights component causes the migration to fail
- Service upgrade fails for Apps
- In-place upgrade timeouts
- Docker registry migration stuck in PVC deletion stage
- AI Center provisioning failure after upgrading to 2023.10 or later
- Upgrade fails in offline environments
- SQL validation fails during upgrade
- snapshot-controller-crds pod in CrashLoopBackOff state after upgrade
- Upgrade fails due to overridden Insights PVC sizes
- Failure to upgrade to Automation Suite 2024.10.1
- Upgrade fails due to Velero migration issue
- Setting a timeout interval for the management portals
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Update the underlying directory connections
- Partial failure to restore backup in Automation Suite 2024.10.0
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- MongoDB pods in CrashLoopBackOff or pending PVC provisioning after deletion
- Pods stuck in Init:0/X
- Missing Ceph-rook metrics from monitoring dashboards
- Mismatch in reported errors during diagnostic health checks
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- After Disaster Recovery Dapr is not working properly for Process Mining
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Automation Suite certificate is not trusted from the server where CData Sync is running
- Running the diagnostics tool
- Using the Automation Suite support bundle
- Exploring Logs
Automation Suite on Linux installation guide
Last updated Mar 10, 2025
Configuring the cluster
To update the connection string or credentials to the SQL Server, directly edit the
cluster_config.json file on the primary the server node. You can directly edit the SQL fields (sql.username, sql.password, and sql.server_url) in the file based on what you need to update.
After updating the file, rerun the interactive installation wizard on the same machine with the updated config as the parameter. You only need to rerun the installation on the primary server.
To update the global Kerberos auth configuration and/or the service specific auth configuration, see Configuring Kerberos authentication via cluster_config.json.
One system administrator is created in Automation Suite by default with the username admin on the host organization.
If access to the host organization is lost - for example, if the password for the system administrator is lost or the only users with system administrator accounts leave the company - there is a tool to add or restore a system administrator.
This script does not work if the SQL connection string parameter "Integrated Security=true" exists for platform services.
./bin/uipathctl config add-host-admin --username [new-admin-username] --email [new-admin-email] --password [new-admin-password]./bin/uipathctl config add-host-admin --username [new-admin-username] --email [new-admin-email] --password [new-admin-password]--usernameis a required field.--passwordis required only if the new administrator uses basic authentication to login.--emailis optional unless your external identity provider requires it (for example, Google matches by email, not username).
There are a few important notes about how the administrator is created or restored:
- New administrators cannot have the same username or email as an existing administrator. If you use the same username or email as an existing administrator, the existing administrator is updated. This is useful if you want to change the password.
- If an administrator was deleted and you use the same username or email for a new user, the deleted administrator will be restored instead of creating a new one. The password field is not overwritten in this case. An exceptional case is if multiple administrators were deleted with the same username or email, which results in a new administrator being created.
- If any of the external identity providers configured on the host are forced, that imposes restrictions on the parameters.
For instance, if Windows AD is forced, the username must be in the form
user@domain. If Google is forced, then email is required. - When logging in to a new administrator account for the first time, the password must be changed.
Organization and system administrators may be unable to log in due to an issue with their configured Azure Active Directory
or other external identity provider. Organization administrators may be locked out because the
Disable basic authentication flag is checked in the Authentication Settings. Organization and system administrators may be locked out because an external
identity provider was configured as force/exclusive. This tool will try to re-enable basic authentication for an organization.
This script does not work if the SQL connection string parameter
Integrated Security=true exists for platform services.
./bin/uipathctl config enable-basic-auth --orgname [org-name]./bin/uipathctl config enable-basic-auth --orgname [org-name]Note:
--orgname is a required field. If basic authentication is restricted at the host level, set the orgname to host.
The Istio ingress gateway configured in Automation Suite for routing, communicating between the services, and more uses TLS to secure the exchanges. To prevent any security threats, deprecated TLS protocol version are disabled by default.
Only TLS version 1.2 and higher are currently supported, and if you use a previous version, it is recommended that you upgrade. However, it is still possible to connect using a previous TLS version, but you must first enable it on the Automation Suite server.
Important: TLS 1.0 and 1.1 are deprecated, and enabling these versions can pose a security risk. You are strongly recommended to upgrade
to TLS 1.2 or higher instead of enabling lower versions on the server.
To enable an unsupported TLS version, take one of the following steps:
-
To enable support for TLS 1.0 and higher, run the following command:
kubectl -n istio-system patch gateway main-gateway --type=json \ -p='[{ "op": "replace", "path": "/spec/servers/0/tls/minProtocolVersion", "value": "TLSV1_0"}]'kubectl -n istio-system patch gateway main-gateway --type=json \ -p='[{ "op": "replace", "path": "/spec/servers/0/tls/minProtocolVersion", "value": "TLSV1_0"}]' -
To enable support for TLS 1.1 and higher, run the following command:
kubectl -n istio-system patch gateway main-gateway --type=json \ -p='[{ "op": "replace", "path": "/spec/servers/0/tls/minProtocolVersion", "value": "TLSV1_1"}]'kubectl -n istio-system patch gateway main-gateway --type=json \ -p='[{ "op": "replace", "path": "/spec/servers/0/tls/minProtocolVersion", "value": "TLSV1_1"}]'
You can forward logs to external tools, such as Splunk, using the OpenTelemetry Collector. For details on how to install and use the OpenTelemetry Collector, refer to the official documentation of the tool provider (such as Splunk official documentation).
Note:
This method refers to forwading logs from infrastructure and application pods. For saving robot logs, please refer to Saving robot logs to Elasticsearch.
