Has anyone tried integrating Minio-HTTPS with orchestrator? We have setup the minio with self-signed certificate to access it over HTTPS. Minio access is working from Orchestrator server and data can be uploaded manually. But after updating the details in UiPath.Orchestrator.dll.config file when we try to publish the package from Studio it’s getting failed. Also minio-HTTP integration is working fine without any issues and package can be uploaded. Only issue is with HTTPS. Can someone help me?
I’ve seen it with HTTP Request activities so the same may apply for Publishing.
As you are using a self-signed certificate, import the certificate to your local machine where you are publishing from so that it is trusted and try again.
Have you check the logs for Studio as well as on Orchestrator (Event Viewer)?
@codemonkee - Hi Tim, sorry for the delayed response. Yes, the certificate is already imported to Orchestrator server(Studio is also in the same server) and access to minio over the browser is showing secure without any warnings. I did check the event viewer but not getting any details. I am wondering is there any change in the connection string if it’s HTTPS. I did try different ways including 443, console port, without ports etc but none of them worked.
Support team is not responding properly till now (could be a less priority issue to them). I couldn’t get any details with --enablelowlevel on robot. Not sure whether that will help for Studio related issues. Logs just say the error as it is, nothing more.
08:13:17.0810 => [ERROR] [UiPath.Studio.App.Logging.OutputLogger] [11] Error: Publish of Process project to Orchestrator failed. An error has occurred.
08:13:17.0810 => [ERROR] [UiPath.Studio.exe] [11] Error: Publish of Process project to Orchestrator failed. An error has occurred.
I’m just going through the motions of configuring Orchestrator with Minio in my sandbox environment, so bare with me as I go through the motions for the first time!
Quick clarification, the logs you show above appear to specifically by from Studio, did you check the logs for Orchestrator?
I would expect you to see a log like with the trace mentioning minio
System.Xml.XmlException: 'doctype' is an unexpected token. The expected token is 'DOCTYPE'. Line 1, position 3.
If you could detail the steps you have taken so far for both Orchestrator and Minio that would be helpful.
As a quick run though, this is what I’ve done so far
Minio Console
Created Service Account for user (Make note of Access Key / Secret)
After Orchestrator was up and running, I testing publishing a package and was successful, and it created the Storage structure for Processes
The one thing I’ll note is that the documents show an example using Port 9001, for the Minio Console, but the boot up script indicated port 9000 for the API.
I know you specifically asked about TLS/SSL, I’ll have to try and tackle that next and see how it goes. If not tomorrow, probably sometime next week. In the meantime if you could provide some indepth details on steps you’ve taken on your side that would be helpful.
@codemonkee - Thank you for the response. I have put the Studio in same orchestrator machine to test it first. I can create a separate VM for Studio but that wouldn’t do any help here I guess.
Can you please let me know what Orchestrator logs are you referring to? If it’s the Event Viewer, please find the screenshot below when the upload failed in studio. It doesn’t show any errors. All I can find is Robot status check and Identity token messages. No warnings or errors (Screenshot is provided at the end). Only error I can find is the Studio Logs. Is there any other logs I can check?
Please find the steps I tried below.
Brought up minio server with HTTP first. Have root user and root password stored in Environment variables. I haven’t created service account.
After installing, added 2 environment variables for OpenSSL.
OPENSSL_CONF - C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
Path - C:\Program Files\OpenSSL-Win64\bin
Updated the openssl.cfg file as below (Path : “C:\Program Files\OpenSSL-Win64\bin\openssl.cfg”) with dummy details. SAN was mandatory with IP and DNS otherwise MC client was throwing me some certificate validation error. Rest of the details other than CN was just random inputs.
Updated the connection string in UiPath.Orchestrator.dll.config file and restarted the orch from IIS. This info was provided by UiPath Tech Support, so I followed the same.
Even tried converting .crt & .key certificate to .pfx and imported to Orchestrator, no luck. Tried with default HTTPS port 443 with minio and connection string without 443, not working.
Most probably it’s the certificate issue, but how/where to find the what’s going wrong?
Thought I will create a tutorial on this as it might be helpful to someone. Well, I m stuck.!!
originally I exported as PKCS-8 which MinIO only supports the key as a PKCS-1. (Header would be prefixed with -----BEGIN RSA PRIVATE KEY----- and not -----BEGIN ENCRYPTED PRIVATE KEY-----
I also had to recreate the certificate with an IP SAN on top of the DNS SAN in order to log into the Minio Console Web UI.
Separated the Cert Chain and Key into their respective files (private.key and public.crt)
Unsuccessful response from server without XML error:
Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host..: Minio.Exceptions.InternalClientException:
Minio API responded with
message=Unsuccessful response from server without XML
error: Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host..
I then tried with the following Storage.Location value and received No path allowed in endpoint
https://{hostname}:9000: No path allowed in endpoint.: Minio.Exceptions.InvalidEndpointException: Minio API responded with message=No path allowed in endpoint.
at void Minio.RequestUtil.ValidateEndpoint(Uri uri, string Endpoint) in /q/.q/sources/minio-dotnet/Minio/Helper/RequestUtil.cs:line 107
Next I tried tacking on common parameters for SSL such as ;WithSSL, ;UseSSL, ;UseTLS and received the following error
System.ArgumentException: Parse error: The connection string has an invalid assignment (WithSSL). (Parameter 'connectionString')
After some trial and error, I dug through UiPath’s Minio DLL files (UiPath.Storage.Minio.dll and Minio.dll)
I searched for properties/text such as “Secure”, “SSL”, “Https” and after trying a few properties from Minio.dll such as ;Secure as this is the property that sets the HTTPS flag in the Client (but failed), ended up locating a Boolean SslEnabled in the UiPath.Storage.MinioMinioStorageClientOptions
Perhaps, but probably not right away as I’m fairly busy with other things going on.
In the meantime, I’ve suggested an edit on the UiPath.Orchestrator.dll.config documentation to update the Minio example connection string to include SslEnabled=false just to provide a hint that it can be set to true in the meantime.
Really it would be nice if they had some dedicated documentation for each Storage Provider supported by Storage.Type and Storage Buckets.
Thanks a lot Tim…!!
