automation-suite
2023.10
false
- Overview
- Requirements
- Deployment templates
- Manual: Preparing the installation
- Manual: Preparing the installation
- Step 2: Configuring the OCI-compliant registry for offline installations
- Step 3: Configuring the external objectstore
- Step 4: Configuring High Availability Add-on
- Step 5: Configuring SQL databases
- Step 6: Configuring the load balancer
- Step 7: Configuring the DNS
- Step 8: Configuring the disks
- Step 9: Configuring kernel and OS level settings
- Step 10: Configuring the node ports
- Step 11: Applying miscellaneous settings
- Step 12: Validating and installing the required RPM packages
- Step 13: Generating cluster_config.json
- Certificate configuration
- Database configuration
- External Objectstore configuration
- Pre-signed URL configuration
- Kerberos authentication configuration
- External OCI-compliant registry configuration
- Disaster recovery: Active/Passive and Active/Active configurations
- High Availability Add-on configuration
- Orchestrator-specific configuration
- Insights-specific configuration
- Process Mining-specific configuration
- Document Understanding-specific configuration
- Automation Suite Robots-specific configuration
- Monitoring configuration
- Optional: Configuring the proxy server
- Optional: Enabling resilience to zonal failures in a multi-node HA-ready production cluster
- Optional: Passing custom resolv.conf
- Optional: Increasing fault tolerance
- install-uipath.sh parameters
- Adding a dedicated agent node with GPU support
- Adding a dedicated agent Node for Task Mining
- Connecting Task Mining application
- Adding a Dedicated Agent Node for Automation Suite Robots
- Step 15: Configuring the temporary Docker registry for offline installations
- Step 16: Validating the prerequisites for the installation
- Manual: Performing the installation
- Post-installation
- Cluster administration
- Managing products
- Getting Started with the Cluster Administration portal
- Migrating objectstore from persistent volume to raw disks
- Migrating from in-cluster to external High Availability Add-on
- Migrating data between objectstores
- Migrating in-cluster objectstore to external objectstore
- Migrating from in-cluster registry to an external OCI-compliant registry
- Switching to the secondary cluster manually in an Active/Passive setup
- Disaster Recovery: Performing post-installation operations
- Converting an existing installation to multi-site setup
- Guidelines on upgrading an Active/Passive or Active/Active deployment
- Guidelines on backing up and restoring an Active/Passive or Active/Active deployment
- Redirecting traffic for the unsupported services to the primary cluster
- Scaling a single-node (evaluation) deployment to a multi-node (HA) deployment
- Monitoring and alerting
- Migration and upgrade
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Orchestrator
- Step 7: Migrating standalone Insights
- Step 8: Migrating standalone Test Manager
- Step 9: Deleting the default tenant
- Performing a single tenant migration
- Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS
- Upgrading Automation Suite
- Downloading the installation packages and getting all the files on the first server node
- Retrieving the latest applied configuration from the cluster
- Updating the cluster configuration
- Configuring the OCI-compliant registry for offline installations
- Executing the upgrade
- Performing post-upgrade operations
- Product-specific configuration
- Using the Orchestrator Configurator Tool
- Configuring Orchestrator parameters
- Orchestrator appSettings
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to disable TX checksum offloading
- How to upgrade from Automation Suite 2022.10.10 and 2022.4.11 to 2023.10.2
- How to manually set the ArgoCD log level to Info
- How to expand AI Center storage
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- How to work with certificates
- How to forward application logs to Splunk
- How to clean up unused Docker images from registry pods
- How to collect DU usage data with in-cluster objectstore (Ceph)
- How to install RKE2 SELinux on air-gapped environments
- How to clean up old differential backups on an NFS server
- Unable to run an offline installation on RHEL 8.4 OS
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- First installation fails during Longhorn setup
- SQL connection string validation error
- Prerequisite check for selinux iscsid module fails
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- Volume unable to mount due to not being ready for workloads
- Support bundle log collection failure
- Test Automation SQL connection string is ignored
- DNS settings not honored by CoreDNS
- Data loss when reinstalling or upgrading Insights following Automation Suite upgrade
- Single-node upgrade fails at the fabric stage
- Cluster unhealthy after automated upgrade from 2021.10
- Upgrade fails due to unhealthy Ceph
- RKE2 not getting started due to space issue
- Volume unable to mount and remains in attach/detach loop state
- Upgrade fails due to classic objects in the Orchestrator database
- Ceph cluster found in a degraded state after side-by-side upgrade
- Unhealthy Insights component causes the migration to fail
- Service upgrade fails for Apps
- In-place upgrade timeouts
- Docker registry migration stuck in PVC deletion stage
- AI Center provisioning failure after upgrading to 2023.10 or later
- Upgrade fails in offline environments
- SQL validation fails during upgrade
- snapshot-controller-crds pod in CrashLoopBackOff state after upgrade
- Longhorn REST API endpoint upgrade/reinstall error
- Upgrade fails due to overridden Insights PVC sizes
- Service upgrade fails during pre-service script execution
- Setting a timeout interval for the management portals
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Update the underlying directory connections
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- Unhealthy services after cluster restore or rollback
- Pods stuck in Init:0/X
- Missing Ceph-rook metrics from monitoring dashboards
- Pods cannot communicate with FQDN in a proxy environment
- Failure to configure email alerts post upgrade
- No healthy upstream issue
- Failure to add agent nodes in offline environments
- Accessing FQDN returns RBAC: access denied error
- Document Understanding not on the left rail of Automation Suite
- Failed status when creating a data labeling session
- Failed status when trying to deploy an ML skill
- Migration job fails in ArgoCD
- Handwriting recognition with intelligent form extractor not working
- Failed ML skill deployment due to token expiry
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- After Disaster Recovery Dapr is not working properly for Process Mining
- Configuring Dapr with Redis in cluster mode
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Automation Suite certificate is not trusted from the server where CData Sync is running
- Running the diagnostics tool
- Using the Automation Suite support bundle
- Exploring Logs
- Exploring summarized telemetry
Automation Suite on Linux installation guide
Last updated Mar 9, 2026
Step 3: Configuring the external objectstore
Supported objectstores
Automation Suite supports the following external objectstores:
- Azure Storage (Azure Blob Storage)
- AWS S3
- S3 compatible objectstore.
Note:
- Only some S3-compatible objectstores are compatible with Automation Suite. Many storage providers do not fully support the S3 storage APIs required by the products installed on Automation Suite.
- When using Premium performance tier in Azure Blob Storage, you must select Block blobs. File shares and Page blobs are not supported. Using unsupported blob types may cause the prerequisites check to fail.
- For Automation Suite to function properly when using pre-signed URLs, you must make sure that your external objectstore is accessible from the Automation Suite cluster, browsers, and all your machines, including workstations and robot machines.
- When configuring the external object storage, you must follow the naming rules and conventions from your provider for both
bucket_name_prefixandbucket_name_suffix. In addition to that, the suffix and prefix must have a combined length of no more than 25 characters, and you must not end the prefix or start the suffix with a hyphen (-) as we already add the character for you automatically. - The Server Side Encryption with Key Management Service (SSE-KMS) can only be enabled on the Automation Suite buckets deployed in any region created after January 30, 2014.
SSE-KMS functionality requires pure SignV4 APIs. Regions created before January 30, 2014 do not use pure SignV4 APIs due to backward compatibility with SignV2. Therefore, SSE-KMS is only functional in regions that use SignV4 for communication. To find out when the various regions were provisioned, refer to the AWS documentation.
S3-compatible objectstore requirements
Your S3-compatible objectstore must have the following APIs for the products you plan to install on Automation Suite:
| UiPath naming | AWS naming | Platform | Orchestrator | AI Center | Apps | Document Understanding | Test Manager | Data Service | Process Mining | Task Mining | Insights |
|---|---|---|---|---|---|---|---|---|---|---|---|
GET_OBJECT | GetObject | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
HEAD_OBJECT | HeadObject | N/A | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | ✅ | ✅ | N/A |
PUT_OBJECT | PutObject | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
DELETE_OBJECT | DeleteObject | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
CREATE_MULTIPART_UPLOAD | CreateMultipartUpload | ✅ | ✅ | ✅ | N/A | N/A | ✅ | N/A | ✅ | ✅ | N/A |
UPLOAD_PART | UploadPart | ✅ | ✅ | ✅ | N/A | N/A | ✅ | N/A | ✅ | ✅ | N/A |
UPLOAD_PART_COPY | UploadPartCopy | ✅ | ✅ | N/A | N/A | N/A | N/A | N/A | ✅ | ✅ | N/A |
COMPLETE_MULTIPART_UPLOAD | CompleteMultipartUpload | ✅ | ✅ | ✅ | N/A | N/A | ✅ | N/A | ✅ | ✅ | N/A |
PRESIGNED_URL | GeneratePresignedUrl (SDK) | N/A | N/A | N/A | N/A | ✅ | N/A | N/A | N/A | N/A | N/A |
GET_BUCKET_LIST_OBJECTS | ListObjectsV2 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
LIST_MULTIPART_UPLOADS | ListMultipartUploads | ✅ | ✅ | ✅ | N/A | N/A | N/A | N/A | ✅ | ✅ | N/A |
DELETE_MULTIPLE_OBJECTS | DeleteMultipleObjects | N/A | ✅ | ✅ | N/A | N/A | N/A | N/A | ✅ | ✅ | N/A |
PUT_OBJECT_COPY | CopyObject | N/A | N/A | ✅ | N/A | N/A | N/A | N/A | ✅ | ✅ | N/A |
LIST_PARTS | ListParts | N/A | N/A | N/A | N/A | N/A | N/A | N/A | ✅ | ✅ | N/A |
PUT_BUCKET | PutBucket | N/A | N/A | ✅ | N/A | N/A | N/A | N/A | N/A | ✅ | N/A |
LIST_BUCKETS | ListBuckets | N/A | N/A | ✅ | N/A | N/A | N/A | N/A | N/A | ✅ | N/A |
HEAD_BUCKET | HeadBucket | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | ✅ | N/A |
To ensure secure and compatible communication with Automation Suite, your S3-compatible objectstore must support one or more of the following secure TLS cipher suites:
- TLS 1.3:
TLS_AES_128_GCM_SHA256TLS_AES_256_GCM_SHA384TLS_CHACHA20_POLY1305_SHA256
- TLS 1.2:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHATLS_ECDHE_RSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Note:
The list of supported cipher suites may evolve over time to align with security best practices and updates in the Go cryptographic library. Refer to the latest Go documentation for the current list.
S3-compatible objectstore configuration
Configuring CORS policies
Make sure the following CORS policy is configured at your objectstore server or the bucket level.
This is the CORS policy in JSON format:
JSON
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"POST",
"GET",
"HEAD",
"DELETE",
"PUT"
],
"AllowedOrigins": [
"https://{{fqdn}}"
],
"ExposeHeaders": [
"etag",
"x-amz-server-side-encryption",
"x-amz-request-id",
"x-amz-id-2"
],
"MaxAgeSeconds": 3000
}
]
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"POST",
"GET",
"HEAD",
"DELETE",
"PUT"
],
"AllowedOrigins": [
"https://{{fqdn}}"
],
"ExposeHeaders": [
"etag",
"x-amz-server-side-encryption",
"x-amz-request-id",
"x-amz-id-2"
],
"MaxAgeSeconds": 3000
}
]
This is the CORS policy in XML format:
XML
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
<ExposeHeader>x-amz-request-id</ExposeHeader>
<ExposeHeader>x-amz-id-2</ExposeHeader>
<ExposeHeader>etag</ExposeHeader>
</CORSRule>
</CORSConfiguration>
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
<ExposeHeader>x-amz-request-id</ExposeHeader>
<ExposeHeader>x-amz-id-2</ExposeHeader>
<ExposeHeader>etag</ExposeHeader>
</CORSRule>
</CORSConfiguration>
Configuring lifecycle policies
You can configure a lifecycle policy to automatically delete older log objects and reduce manual cleanup tasks. Automation Suite logs are stored in the automation-suite-logs/ folder of the platform bucket. UiPath recommends retaining these logs for 15 days.
The following example shows the steps needed for AWS:
- Create a file named
policy.jsonand add the following content:{ "Rules": [ { "Filter": { "Prefix": "automation-suite-logs/" }, "Status": "Enabled", "Expiration": { "Days": 15 }, "ID": "DeleteOldLogs" } ] }{ "Rules": [ { "Filter": { "Prefix": "automation-suite-logs/" }, "Status": "Enabled", "Expiration": { "Days": 15 }, "ID": "DeleteOldLogs" } ] } - To apply
policy.jsonto the bucket, run the following command:aws s3api put-bucket-lifecycle-configuration \ --bucket BUCKET_NAME \ --lifecycle-configuration file://policy.jsonaws s3api put-bucket-lifecycle-configuration \ --bucket BUCKET_NAME \ --lifecycle-configuration file://policy.json
Replace BUCKET_NAME with the name of your platform bucket.