2022.4.0
Release date: 25 April 2024
- Automation Hub
- Process Mining
- Test Manager
- Insights
Release date: 29 July 2022
Develop
et impera" with our newest Automation Suite member: Data Service. We bring the service within your reach for broader accessibility,
providing secure storage and management capabilities for your UiPath® data models. Now you can store your business data by
creating Data Service entities, import them in Studio, design workflows using your own data, interact with other UiPath® products, such as Apps, all from a central location. Moreover, you can reference the available API resources to develop your own application and leverage the Data Service functionality to your interests. That's one way to satisfy
your automation "sweet(suite) tooth".
When upgrading to a new Automation Suite version, newly onboarded products are not enabled by default. This is also the case of Data Service, which you can only enable following a 2022.4 upgrade. For instructions, see Managing products.
On the other hand, if you perform an Automation Suite clean installation, Data Service is enabled by default, regardless of whether you opt for the Basic or Complete profile. To disable the product, see Manual: Advanced installation experience.
As part of this Automation Suite version, we have also enabled Resource Catalog by default. This new service is integrated with Orchestrator, and no action is required from your part in terms of installation and configuration. For more details on the functionality brought about by the Resource Catalog, see Orchestrator documentation.
The integration allows you to connect Automation Suite to any third-party identity provider (IdP) that supports the SAML 2.0 standard - like Okta or PingOne, to name a few.
The integration was already available at the host level, but now you can also enable it at the organization level.
About the SAML authentication model | Configuring the SAML integration (for organizations)
We have added support for LDAP over SSL for the Active Directory integration.
Insights licensed at host level
The Insights service license can now be managed from the host level as well, as for other service licenses, not only from the organization level.
Auditing for license allocation and deallocation
Allocating or deallocating licenses at the host level are now recorded in the host audit logs.
Performance improvements for the Licenses page
To increase performance in retrieving large users or groups lists in the Licenses page, we've made the following UI changes, which apply for tenants with the User License Management model enabled:
- The Users list can't be filtered by the Name column anymore.
- Searching for a user doesn't sort the list anymore.
- Deleted users or groups are identified with an N.A label.
Orphan licenses of deleted users or groups must be removed manually, so they can be reintroduced in the license pool for future reallocation.
New user license: Automation Developer
For existing customers who have RPA Developer Pro, RPA Developer, or Test Developer Pro user licenses, here's what changes you can see in the product:
- All existing RPA Developer Pro licenses are renamed to Automation Developer. <!
- Existing RPA Developer licenses remain as they are.
- Existing Test Developer Pro licenses, which were not shown in the product, are now added to your count of Automation Developer licenses.
Converting licenses
How? If you are on version 2020.4 or later, you can request to convert your existing RPA Developer and Test Developer Pro user licenses to Automation Developer user licenses by submitting a licensing ticket to Support.
Why? Converting your existing licenses to Automation Developer licenses lets you take advantage of having fewer license types to manage. Also, in the case of RPA Developer licenses, converting the license lets you upgrade to the full set of capabilities offered by Automation Developer.
Updating license allocation: After the conversion of licenses is complete and your Automation Developer licenses become available in Automation Cloud, you must update the license allocation. For those users or groups who had an RPA Developer license allocated either through a group or directly assigned, allocate an Automation Developer license to them instead.
We have automated the process of verifying if your environment meets the requirements before installing Automation Suite. You now have dedicated scripts that help you prepare for a smooth installation. For details on how to use the new tools, see:
You can now install Automation Suite on machines running Red Hat Enterprise Linux (RHEL) 8.5. In addition to that, RHEL 8.4 is supported for GPU.
There are two ways to access ArgoCD now, depending on the operations you want to perform: you can use either the read-only account for basic scenarios or the admin account for advanced configuration. For more details, see Managing the cluster in ArgoCD.
drain-node.sh
script. For instructions, see Shutting down a node.
We want you to be able to easily keep an eye on the improvements we make to our cloud templates. That is why we have decided to document template improvements in separate release notes. Every couple of weeks, you will see new release notes in the sections dedicated to each template:
Templates for Automation Suite 2022.4.0 will be released soon, and we will make sure to add all the details to the release notes.
Note that overall Automation Suite release notes will not be impacted by this change.
Many components in Automation Suite use Persistent Volumes to store the data within the cluster. These Persistent Volumes are replicated on multiple nodes to ensure you have minimal RTO and RPO in the multi-node HA-ready production deployment.
Some components, such as Ceph, which stores NuGet packages and queue data in Orchestrator, datasets uploaded in AI Center, recordings for Task Mining analysis, etc., had a replication factor of 18x. In other words, to store 1GB of data, you needed 18GB of disk space spread across multiple server nodes. Needless to say, this involved huge storage overhead. Other Persistent Volumes used by components such as Prometheus, AlertManager, RabbitMQ, MongoDB, Insights, etc., were in a similar situation.
This Automation Suite release brings a series of storage level optimizations designed to reduce Ceph Objectstore requirements to a replication factor of 9x. This is possible by moving Ceph from Replicated to Erasure coding algorithm.
However, you can consider this solution only if you use Ceph 15.x. This is the case if you clean-install Automation Suite 2022.4 or you upgrade from one of the following versions: 2021.10.0, 2021.10.1, 2021.10.2 to 2022.4.0. On the other hand, if your Ceph version is 16.x, performing the storage optimization operations will result in reduce fault tolerance to data corruption. For this reason, storage optimizations are not recommended when upgrading from 2021.10.3 or 2021.10.4 to 2022.4. For details on this, see Optimizing Objectstore storage.
If, however, you decide to perform the additional migration steps for Ceph when upgrading to Automation Suite 2022.4, here's what you need to keep in mind. The migration needs temporary storage in underlying disks. If you have at least 35% of available storage, you can follow Automated: Migrating Ceph data pool from replicated to erasure-coded type. Otherwise, you must bring the additional disk of 512GiB on any of the server machines where you plan to perform the migration, and follow the instructions in Manual: Migrating Ceph data pool from replicated to erasure-coded type.
Keep in mind that, when upgrading the cluster from 2021.10 to 2022.4, the storage size of other components will remain the same because Kubernetes inherently does not support reducing the size of Persistent Volumes. Fresh installations are not affected by this limitation.
As for other components, we have also drastically reduced their size to bring down the overall storage requirements.
To find out how much storage you need for your use case, see Evaluating your storage needs.
We have put a lot of effort into overhauling the entire backup and restore experience so that you can keep your Automation Suite cluster safe without moving heaven and earth.
You can now choose between two different approaches: an automated and a manual one. The automated backup and restore method plays the leading role and is also the recommended option as it makes the entire process more approachable and less error-prone.
uipathctl.sh
. Wondering what is so versatile about it? Aside from helping you configure the backup and restore the cluster, the script
can also be used in upgrade scenarios. For more details, see Using uipathctl.sh.
On the other hand, the manual approach to the backup and restore operation requires more technical expertise but also opens the door to more customization.
For an overview of the two options and additional instructions, see Backing up and restoring the cluster.
As is also the case of the backup and restore operation, we have also considerably improved the upgrade experience so that you can easily move to the latest Automation Suite version. Similarly, you can now choose between an automated and manual method.
uipathctl.sh
script.
On the other hand, the manual upgrade is a more complex operation, which requires more technical knowledge and is suitable for those of you who want increased control of the entire process. Note, however, that manual upgrades from version 2021.10 require that you take some additional steps to migrate from Canal to Cilium CNI.
For instructions on how to upgrade Automation Suite, either manually or using the automated method, see Upgrading Automation Suite.
Numerous alerts have been introduced to give you more control over Automation Suite and to be aware of any issues that you may encounter. Among them are the alerts for routing request, node going down, MongoBD, RabbitMQ alerts, etc. For more details, see Alert runbooks.
- The
install-uipath.sh
installer now accept the following new flags:-c
,-m|--machines
,--compare-config
,--skip-compare-config
. For more details, see install-uipath.sh parameters. - You no longer have to execute the
install-uipath.sh
installer when loading the Document Understanding and Computer Vision bundles in an offline environment. Refer to our documentation for the new commands: single-node evaluation profile and offline multi-node HA-ready production profile. - We have considerably simplified the GPU installation. Check out Enabling the GPU on the cluster for the new instructions.
- The Istio gateway now requires TLS version 1.2 and above. While not recommended, using a deprecated TLS version is still possible. For more details, see Enabling a deprecated TLS version.
- We have updated the requirements for the node port used for internal communication. Now you must only enable port
30071
instead of the30000
-32767
range.
Starting with 2022.4, the MongoDB certificates generated during installation are valid for three years. The CA certificate is renewed automatically 30 days before it expires, while the TLS certificate is renewed 20 days before it expires. Because of this, there is no user intervention needed to maintain the validity of the certificates.
However, if you want to renew the certificates manually, you can use the certificate rotation CLI. Follow the steps from the MongoDB certificate renewal page to do so.
New Security Settings tab
The Automation Suite host portal and the Admin page of the organization-level portal now include a new tab called Security Settings.
This new tab includes the functionality that was previously available from the now-removed Authentication Settings tab that was available from the Users (host level) or Accounts & Groups (organization level) pages.
Header updates
We made a few minor changes to the Automation Suite header:
- The user icon has moved from the upper-left corner of the window to the upper-right corner of the window.
- In the upper-left corner, we now have the App launcher icon, which opens the list of Automation Suite products available to you.
User preferences
From the user icon, you can now select the Preferences option to open the Preferences page. From there, you can set your language and theme preferences, as well as reset your password.
/connect/token
endpoint no longer accepts the multipart/form-data
content type.
application/x-www-form-urlencoded
content type instead.
To follow Microsoft’s recommended least privilege model, we have updated the permissions that must be assigned from Azure in order to set up the Azure AD integration as follows:
- For Group member permissions, instead of Group.Read.All we are now requiring the GroupMember.Read.All permission.
- For User permissions, instead of User.Read.All, we are now requiring the User.ReadBasic.All permission. (User.Read continues to be required, as before.)
Impact
If you already had the integration set up, you must update your Azure configuration to:
- Replace the old permissions with the new ones.
- Following the permissions changes, select the Grant admin consent checkbox.
Azure AD login troubleshooting: If you do not perform step 2, your users are asked to provide consent when they attempt to log in. Because only an Azure administrator can consent, users won't be able to log in anymore.
Configuring Azure for the integration (steps 9 and 10)
- Automation Suite has a dependency on Linux IP forwarding, which must be enabled. Occasionally, during node maintenance activity, IP forwarding would accidentally get disabled, breaking the communication to and from the affected node. Starting this release, Automation Suite automatically enables Linux IP forwarding.
- Previously, any call to Automation Suite would return a partial certificate chain, which browsers and other tools would sometimes deem as untrusted. Starting with this release, Automation Suite always returns a full certificate chain.
-
Longhorn creates replicas of each Persistent Volume on different nodes to ensure High Availability. If the replication process on any node is faulted, Longhorn reclaims the affected replica and releases the space.
However, if the node on which the faulted replica resides is unreachable for more than 30 minutes, Longhorn is not able to reclaim that space. For this reason, the faulted replica will continue to use the disk for eternity. To reclaim this space, we have introduced a cronjob that periodically checks for faulted replicas.
- When wiping an old installation, and then installing the new cluster on the same machines, Istio pods were assigned incorrect IP addresses, which were outside the CIDR range of the Kubernetes cluster. For this reason, services running on the nodes with invalid Istio IP addresses were not able to serve traffic. This unwanted behavior occurred due to the residue files left behind by the uninstallation of the old cluster. To fix this problem, we have introduced an autohealer feature that monitors and heals Istio pods.
- After restarting a single-node cluster, pods using Persistent Volumes were stuck in initialization status with the
volumeattachment
error. To prevent this issue, we have introduced an autohealer feature that monitors and heals pods. - Sometimes Ceph pods were stuck in termination state forever due to Longhorn being unable to delete the underlying loopback devices. This caused storage to be down, which, in turn, made the cluster inaccessible. To fix this problem, we have added a periodical cronjob that identifies the issue and implements the auto-recover functionality.
- NetworkManager would manipulate the routing table for interfaces in the default network namespace where many CNIs, including RKE2's default, create veth pairs for connections to containers. This would interfere with the CNI’s ability to route correctly and could cause the Automation Suite installation to fail. To fix these issues, we have configured NetworkManager to ignore the flannel network interface.
- Custom login page HTML would lose style properties after saving, leaving the page, and then returning to the page.
- When configuring SMTP for system email notifications, the SMTP Host field failed validation if using a hostname instead of an FQDN.
- Fixed the
configureUiPathDisks.sh
script to configure the/datadisk
Longhorn partition when the underlying disk is vertically scaled. - When audit configuration was immutable, upgrades failed with no specific error message during the infra installation stage. We have fixed the issue.
-
Erratum - added October 11, 2024: In a proxy environment, if the proxy server uses the same port as the TCP port of any other service in the Istio service mesh, such as port 8080, pods cannot communicate with the FQDN. The issue causes the following error:
System.Net.Http.HttpRequestException: The proxy tunnel request to proxy 'http://<proxyFQDN>:8080/' failed with status code '404'.
System.Net.Http.HttpRequestException: The proxy tunnel request to proxy 'http://<proxyFQDN>:8080/' failed with status code '404'.To fix the issue, see the Troubleshooting section.
-
Erratum - added August 29, 2024: We have identified certain vulnerabilities associated with the usage of weak ciphers in TLS 1.2. For details on how to mitigate the issue, see How to address weak ciphers in TLS 1.2.
-
Erratum - added April 19, 2024: In certain situations, Prometheus pods can fail to start due to an out-of-memory (OOM) error. To fix the issue, see the Troubleshooting section.
-
Erratum - added April 19, 2024: In certain situations, Ceph metrics and alerts are missing from the monitoring dashboards. To fix the issue, see the Troubleshooting section.
-
Erratum - added April 19, 2024: False positive CephMgrIsAbsent alerts are displayed even though there are no storage issues.
-
Erratum January 2024: The replica cleanup script would incorrectly reclaim storage on the nodes. For more details, see the Storage reclamation patch troubleshooting article.
-
User sessions on the host- and organization-level portals do not time out.
-
To enforce a timeout period, you must manually set a timeout interval for the Management portals.
To find out what has changed on each Automation Suite component, visit the following links.
If the component is greyed out, this new Automation Suite version does not bring any changes to it.
Component |
Version |
---|---|
RKE2 |
v1.21.4+rke2r2 |
ArgoCD |
v2.2.5 |
rook-ceph |
v1.7.9 |
cert-manager |
1.2.0 |
rancher |
2.6.0 |
rancher-istio | 100.0.0-up1.10.4 |
longhorn |
1.2.2 |
longhorn-crd |
1.1.100 |
reloader |
v0.0.89 |
csi-driver-smb |
v1.4.0 |
rabbitmq-operator |
1.5.0 |
redis-operator |
6.2.8-11 |
redis-cluster |
6.2.8-53 |
mongodb |
4.4.4-ent |
docker_registry |
2.7.1 |
self_heal_operator |
0.0.1 |
The migration tool version you need depends on the standalone products you plan to migrate and the targeted Automation Suite version. For more details, see Migration compatibility matrix.
For instructions on migrating a standalone product to the current version of Automation Suite, see Full migration.
- Changes to license-related tenant limitations
- What’s New
- What’s New
- Data Service Now Available in Automation Suite
- Resource Catalog Now Available in Automation Suite
- SAML Integration at Organization Level
- LDAP Over SSL (LDAPS)
- Licensing
- Automated Prerequisite Validation
- Support for New RHEL Versions
- ArgoCD Access
- Graceful Node Shutdown
- Documentation Updates
- Improvements
- Storage Optimizations
- Enhanced Backup and Restore Experience
- Improved Upgrade Experience
- Improved Alerting
- Installation Improvements
- MongoDB Certificate Renewal
- User Interface Improvements
- Breaking Changes
- Connect Token
- Azure AD Integration (organization)
- Bug Fixes
- Known Issues
- Bundling Details
- Product versions
- Internal third-party component versions
- Migration tool version