- Overview
- Requirements
- Installation
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite on EKS/AKS
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Orchestrator
- Step 7: Migrating standalone Insights
- Step 8: Migrating standalone Test Manager
- Step 9: Deleting the default tenant
- Performing a single tenant migration
- Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Troubleshooting
- The backup setup does not work due to a failure to connect to Azure Government
- Pods in the uipath namespace stuck when enabling custom node taints
- Unable to launch Automation Hub and Apps with proxy setup
- Pods cannot communicate with FQDN in a proxy environment
- Test Automation SQL connection string is ignored
- EKS backup failure due to Velero version
- Velero backup fails with FailedValidation error
- Accessing FQDN returns RBAC access denied error
Automation Suite on EKS/AKS installation guide
To migrate standalone Orchestrator to Automation Suite, you must gather settings and various files from the standalone installation and apply them to the Automation Suite installation.
Migrating the maximum request size
To specify a custom maximum request size, refer to Configuring the maximum request size.
Migrating appSettings
To migrate custom changes made to the appSettings or secureAppSettings section of the UiPath.Orchestrator.dll.config file, you must add your custom configuration to the orchestrator-customconfig config map.
You cannot or must not migrate all custom settings. For details on which appSettings you must migrate and which not, refer to Orchestrator appSettings.
To apply custom appSettings to Orchestrator, refer to Configuring appSettings.
Migrating the storage
By default, Orchestrator in Automation Suite uses the cluster-level storage configuration. The recommended configuration is external storage, where all tenants are stored in one bucket of a storage provider. The supported storage providers are Azure, S3, and MinIO.
To migrate FileSystem storage to cluster storage in Automation Suite, refer to Uploading files to storage.
To connect existing storage of type Azure, AWS S3, or S3-compatible (MinIO) to Orchestrator in Automation Suite, refer to Configuring Azure/Amazon S3 storage buckets. In this configuration, Orchestrator does not use the same storage as the other services in the cluster. Make sure to disconnect your previous Orchestrator from the storage account prior to configuring it with the Automation Suite, as this would prevent any potential data loss.
Migrating NLog
You must review the NLog section of the configuration file and build the NLog custom configuration.
To enable robot logs storage in Elasticsearch, refer to Saving robot logs to elasticsearch
To add plugins and perform advanced NLog configuration, refer to Configuring NLog.
Migrating credential stores
To migrate custom plugins for credential stores to Automation Suite, update the configuration in the config map, and copy the plugins assemblies to the corresponding object store bucket.
The following credential stores plugins are deployed to Orchestrator in Automation Suite:
UiPath.Orchestrator.AzureKeyVault.SecureStore.dllUiPath.Orchestrator.SecureStore.CyberArkCCP.dll
Automation Suite does not support CyberArk AIM, so you cannot migrate it. We recommend migrating to the CyberArkCCP credential store instead.
For details on the credential store configuration in Orchestrator, refer to Configuring credential stores.
Migrating the encryption key
By default, at installation time, Orchestrator generates an encryption key to be used for sensitive information in the database. You must migrate this key if you want to reuse a database on a new Orchestrator deployment.
To migrate and update the encryption key, take the following steps:
- Decrypt the
secureAppSettingssection of theUiPath.Orchestrator.dll.configfile, if needed. For details, refer to Encrypting UiPath.Orchestrator.dll.config Sections. - Retrieve the encryption key from
UiPath.Orchestrator.dll.config. For details, refer to EncryptionKey. - Replace the encryption key in the
orchestrator-generated-secretsKubernetes secret by overwriting the value ofAPPSETTINGS__EncryptionKey. To do this, run the following command:ENCRYPT_KEY=$(echo <key>|base64 -w 0) kubectl -n uipath patch secret orchestrator-generated-secrets --type='json' \ -p="[{'op': 'replace', 'path': '/data/APPSETTINGS__EncryptionKey', 'value':'$ENCRYPT_KEY'}]"ENCRYPT_KEY=$(echo <key>|base64 -w 0) kubectl -n uipath patch secret orchestrator-generated-secrets --type='json' \ -p="[{'op': 'replace', 'path': '/data/APPSETTINGS__EncryptionKey', 'value':'$ENCRYPT_KEY'}]"Note:Make sure to replace
<key>with the value of the key retrieved fromUiPath.Orchestrator.dll.config.
Migrating the encryption key per tenant
The encryption key certificate is installed in the Windows certificate store. You must provide the certificate to the Automation Suite environment so that it becomes available to the Orchestrator pods.
The CertificatesStoreLocation and Azure.KeyVault.CertificateThumbprint settings are no longer required in Automation Suite, but you can use CertificatePassword if needed.
Retrieve the from the appSettings the connection settings for the Azure Key Vault:
Azure.KeyVault.VaultAddressAzure.KeyVault.ClientIdAzure.KeyVault.DirectoryId
To configure the encryption key per tenant, refer to Configuring encryption key per tenant.