- Overview
- Requirements
- Installation
- Post-installation
- Migration and upgrade
- Upgrading Automation Suite on EKS/AKS
- Step 1: Moving the Identity organization data from standalone to Automation Suite
- Step 2: Restoring the standalone product database
- Step 3: Backing up the platform database in Automation Suite
- Step 4: Merging organizations in Automation Suite
- Step 5: Updating the migrated product connection strings
- Step 6: Migrating standalone Orchestrator
- Step 7: Migrating standalone Insights
- Step 8: Deleting the default tenant
- B) Single tenant migration
- Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS
- Monitoring and alerting
- Cluster administration
- Product-specific configuration
- Using the Orchestrator Configurator Tool
- Configuring Orchestrator parameters
- Orchestrator appSettings
- Configuring appSettings
- Configuring the maximum request size
- Overriding cluster-level storage configuration
- Configuring credential stores
- Configuring encryption key per tenant
- Cleaning up the Orchestrator database
- Troubleshooting
- The backup setup does not work due to a failure to connect to Azure Government
- Pods in the uipath namespace stuck when enabling custom node taints
- Unable to launch Automation Hub and Apps with proxy setup
- Pods cannot communicate with FQDN in a proxy environment
- Test Automation SQL connection string is ignored
Step 6: Migrating standalone Orchestrator
To migrate standalone Orchestrator to Automation Suite, you must gather settings and various files from the standalone installation and apply them to the Automation Suite installation.
To specify a custom maximum request size, see Configuring the maximum request size.
appSettings or secureAppSettings section of the UiPath.Orchestrator.dll.config file, you must add your custom configuration to the orchestrator-customconfig config map.
appSettings you must migrate and which not, see Orchestrator appSettings.
appSettings to Orchestrator, see Configuring appSettings.
By default, Orchestrator in Automation Suite uses the cluster-level storage configuration. The recommended configuration is external storage, where all tenants are stored in one bucket of a storage provider. The supported storage providers are Azure, S3, and MinIO.
To migrate FileSystem storage to cluster storage in Automation Suite, see Uploading files to storage.
To connect existing storage of type Azure, AWS S3, or S3-compatible (MinIO) to Orchestrator in Automation Suite, see Configuring Azure/Amazon S3 storage buckets. In this configuration, Orchestrator does not use the same storage as the other services in the cluster. Make sure to disconnect your previous Orchestrator from the storage account prior to configuring it with the Automation Suite, as this would prevent any potential data loss.
You must review the NLog section of the configuration file and build the NLog custom configuration.
To enable robot logs storage in Elasticsearch, see Saving robot logs to elasticsearch
To add plugins and perform advanced NLog configuration, see Configuring NLog.
To migrate custom plugins for credential stores to Automation Suite, update the configuration in the config map, and copy the plugins assemblies to the corresponding object store bucket.
The following credential stores plugins are deployed to Orchestrator in Automation Suite:
UiPath.Orchestrator.AzureKeyVault.SecureStore.dllUiPath.Orchestrator.SecureStore.CyberArkCCP.dll
Automation Suite does not support CyberArk AIM, so you cannot migrate it. We recommend migrating to the CyberArkCCP credential store instead.
For details on the credential store configuration in Orchestrator, see Configuring credential stores.
By default, at installation time, Orchestrator generates an encryption key to be used for sensitive information in the database. You must migrate this key if you want to reuse a database on a new Orchestrator deployment.
To migrate and update the encryption key, take the following steps:
- Decrypt the
secureAppSettingssection of theUiPath.Orchestrator.dll.configfile, if needed. For details, see Encrypting UiPath.Orchestrator.dll.config Sections. - Retrieve the encryption key from
UiPath.Orchestrator.dll.config. For details, see EncryptionKey. - Replace the encryption key in the
orchestrator-generated-secretsKubernetes secret by overwriting the value ofAPPSETTINGS__EncryptionKey. To do this, run the following command:ENCRYPT_KEY=$(echo <key>|base64 -w 0) kubectl -n uipath patch secret orchestrator-generated-secrets --type='json' \ -p="[{'op': 'replace', 'path': '/data/APPSETTINGS__EncryptionKey', 'value':'$ENCRYPT_KEY'}]"ENCRYPT_KEY=$(echo <key>|base64 -w 0) kubectl -n uipath patch secret orchestrator-generated-secrets --type='json' \ -p="[{'op': 'replace', 'path': '/data/APPSETTINGS__EncryptionKey', 'value':'$ENCRYPT_KEY'}]"Note: Make sure to replace<key>with the value of the key retrieved fromUiPath.Orchestrator.dll.config.
The encryption key certificate is installed in the Windows certificate store. You must provide the certificate to the Automation Suite environment so that it becomes available to the Orchestrator pods.
CertificatesStoreLocation and Azure.KeyVault.CertificateThumbprint settings are no longer required in Automation Suite, but you can use CertificatePassword if needed.
appSettings the connection settings for the Azure Key Vault:
Azure.KeyVault.VaultAddressAzure.KeyVault.ClientIdAzure.KeyVault.DirectoryId
To configure the encryption key per tenant, see Configuring encryption key per tenant.
