automation-suite
2024.10
false
- Overview
- Requirements
- Deployment templates
- Manual: Preparing the installation
- Manual: Preparing the installation
- Step 2: Configuring the OCI-compliant registry for offline installations
- Step 3: Configuring the external objectstore
- Step 4: Configuring High Availability Add-on
- Step 5: Configuring SQL databases
- Step 6: Configuring the load balancer
- Step 7: Configuring the DNS
- Step 8: Configuring the disks
- Step 9: Configuring kernel and OS level settings
- Step 10: Configuring the node ports
- Step 11: Applying miscellaneous settings
- Step 12: Validating and installing the required RPM packages
- Step 13: Generating cluster_config.json
- Cluster_config.json Sample
- General configuration
- Profile configuration
- Certificate configuration
- Database configuration
- External Objectstore configuration
- Pre-signed URL configuration
- ArgoCD configuration
- Kerberos authentication configuration
- External OCI-compliant registry configuration
- Disaster recovery: Active/Passive and Active/Active configurations
- High Availability Add-on configuration
- Orchestrator-specific configuration
- Insights-specific configuration
- Process Mining-specific configuration
- Document Understanding-specific configuration
- Automation Suite Robots-specific configuration
- AI Center-specific configuration
- Monitoring configuration
- Optional: Configuring the proxy server
- Optional: Enabling resilience to zonal failures in a multi-node HA-ready production cluster
- Optional: Passing custom resolv.conf
- Optional: Increasing fault tolerance
- Adding a dedicated agent node with GPU support
- Adding a dedicated agent Node for Task Mining
- Connecting Task Mining application
- Adding a Dedicated Agent Node for Automation Suite Robots
- Step 15: Configuring the temporary Docker registry for offline installations
- Step 16: Validating the prerequisites for the installation
- Running uipathctl
- Manual: Performing the installation
- Post-installation
- Cluster administration
- Managing products
- Getting Started with the Cluster Administration portal
- Migrating Redis from in-cluster to external High Availability Add-on
- Migrating data between objectstores
- Migrating in-cluster objectstore to external objectstore
- Migrating from in-cluster registry to an external OCI-compliant registry
- Switching to the secondary cluster manually in an Active/Passive setup
- Disaster Recovery: Performing post-installation operations
- Converting an existing installation to multi-site setup
- Guidelines on upgrading an Active/Passive or Active/Active deployment
- Guidelines on backing up and restoring an Active/Passive or Active/Active deployment
- Scaling a single-node (evaluation) deployment to a multi-node (HA) deployment
- Monitoring and alerting
- Migration and upgrade
- Migrating standalone products to Automation Suite
- Step 1: Restoring the standalone product database
- Step 2: Updating the schema of the restored product database
- Step 3: Moving the Identity organization data from standalone to Automation Suite
- Step 4: Backing up the platform database in Automation Suite
- Step 5: Merging organizations in Automation Suite
- Step 6: Updating the migrated product connection strings
- Step 7: Migrating standalone Orchestrator
- Step 8: Migrating standalone Insights
- Step 9: Migrating standalone Test Manager
- Step 10: Deleting the default tenant
- Performing a single tenant migration
- Migrating between Automation Suite clusters
- Upgrading Automation Suite
- Downloading the installation packages and getting all the files on the first server node
- Retrieving the latest applied configuration from the cluster
- Updating the cluster configuration
- Configuring the OCI-compliant registry for offline installations
- Executing the upgrade
- Performing post-upgrade operations
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to disable TX checksum offloading
- How to manually set the ArgoCD log level to Info
- How to expand AI Center storage
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- How to check the TLS version
- How to reduce permissions for an NFS backup directory
- How to work with certificates
- How to schedule Ceph backup and restore data
- How to clean up unused Docker images from registry pods
- How to collect DU usage data with in-cluster objectstore (Ceph)
- How to install RKE2 SELinux on air-gapped environments
- How to clean up old differential backups on an NFS server
- Unable to run an offline installation on RHEL 8.4 OS
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- Volume unable to mount due to not being ready for workloads
- Support bundle log collection failure
- Temporary registry installation fails on RHEL 8.9
- Frequent restart issue in uipath namespace deployments during offline installations
- DNS settings not honored by CoreDNS
- Unable to install temporary registry
- Data loss when reinstalling or upgrading Insights following Automation Suite upgrade
- Unable to access Automation Hub following upgrade to Automation Suite 2024.10.0
- Upgrade failure during posthook import
- Single-node upgrade fails at the fabric stage
- Upgrade fails due to unhealthy Ceph
- RKE2 not getting started due to space issue
- Volume unable to mount and remains in attach/detach loop state
- Upgrade fails due to classic objects in the Orchestrator database
- Ceph cluster found in a degraded state after side-by-side upgrade
- Unhealthy Insights component causes the migration to fail
- Service upgrade fails for Apps
- In-place upgrade timeouts
- Docker registry migration stuck in PVC deletion stage
- AI Center provisioning failure after upgrading to 2023.10 or later
- Upgrade fails in offline environments
- SQL validation fails during upgrade
- snapshot-controller-crds pod in CrashLoopBackOff state after upgrade
- Upgrade fails due to overridden Insights PVC sizes
- Failure to upgrade to Automation Suite 2024.10.1
- Upgrade fails due to Velero migration issue
- Upgrade stuck on rook-ceph application deletion
- Setting a timeout interval for the management portals
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Update the underlying directory connections
- Robot cannot connect to an Automation Suite Orchestrator instance
- Partial failure to restore backup in Automation Suite 2024.10.0
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Accessing FQDN returns RBAC access denied error
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- Pods stuck in Init:0/X
- Missing Ceph-rook metrics from monitoring dashboards
- Mismatch in reported errors during diagnostic health checks
- No healthy upstream issue
- Log streaming does not work in proxy setups
- Failure to add agent nodes in offline environments
- Node becomes unresponsive (OOM) during large Document Understanding bundle upload
- Backup operations fail with PartiallyFailed status
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- After Disaster Recovery Dapr is not working properly for Process Mining
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Automation Suite certificate is not trusted from the server where CData Sync is running
- Running the diagnostics tool
- Using the Automation Suite support bundle
- Exploring Logs
- Exploring summarized telemetry
Automation Suite on Linux installation guide
Last updated Mar 9, 2026
How to work with certificates
Description
This section explains how to use openssl commands to validate a chain of certificates (CA, intermediate, and server), and separate or combine certificates.
You can bring certificates as follows:
- Scenario 1: Three crt/pem files including CA, intermediate, and server certs and a private key.
- Scenario 2: Two crt/pem files including CA and server certs and a private key.
- Scenario 3: One pfx file containing all CA/intermediate and server certs and a private key.
The following table describes the used file names:
| File name | Description |
|---|---|
ca.crt | A CA certificate. |
intermediate.crt | An intermediate certificate. |
ca-bundle.crt | A certificate containing CA and intermediate certificates. |
server.crt | A server certificate. |
server.key | A private key used to generate the server.crt. |
server.pfx | A pfx certificate file containing CA, intermediate, server certificates, and the server private key. |
Scenario 1 and Scenario 2
When you bring three different cert files (CA, intermediate, and server), take the following steps for validation:
-
Combine the CA with the intermediate certs (applicable only for Scenario 1).
cp ca.crt ca-bundle.crt cat intermediate.crt >> ca-bundle.crtcp ca.crt ca-bundle.crt cat intermediate.crt >> ca-bundle.crt -
Check the server cert contains (specifically the
subject alternative namesandvalidityfields.openssl x509 -in server.crt -text -nooutopenssl x509 -in server.crt -text -noout -
Check if the server cert was signed by the CA server.
openssl verify -CAfile ca-bundle.crt server.crtopenssl verify -CAfile ca-bundle.crt server.crtOutput:
server.crt: OKserver.crt: OK -
Check if the server cert was generated by the server private key by comparing the md5 hashes. If the following commands' outputs match, then it validates that the server cert was generated using the private key.
-
openssl x509 -noout -modulus -in server.crt | openssl md5Server cert output:
(stdin)= c9b0c5c3fe11b0b09947415236c4a441 -
openssl rsa -noout -modulus -in server.key | openssl md5Server private key output:
stdin)= c9b0c5c3fe11b0b09947415236c4a441)
-
-
Generate the pfx file from the server cert and the private key. Once the following command is run, you are prompted to type a passcode twice. Thepasscode is always required to decrypt the pfx file.
openssl pkcs12 -inkey server.key -in server.crt -export -out server.pfxopenssl pkcs12 -inkey server.key -in server.crt -export -out server.pfxOutput:
Enter Export Password: Verifying - Enter Export Password:Enter Export Password: Verifying - Enter Export Password:
Scenario 3
When you bring one certificate in pfx format containing CA, intermediate, server, and private key, you can use the pfx file as an identity token signing certificate, but you must break the pfx file into multiple cert files. The following steps describe how to break the pfx file accordingly.
-
Export the CA certificate (including intermediate if provided in the pfx file):
openssl pkcs12 -in server.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ca.crtopenssl pkcs12 -in server.pfx -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ca.crt -
Export the server certificate:
openssl pkcs12 -in server.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.crtopenssl pkcs12 -in server.pfx -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.crt -
Export the private key:
openssl pkcs12 -in server.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > server.keyopenssl pkcs12 -in server.pfx -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > server.key