Release Versions

VMware Aria Automation| July 2024

VMware Aria Automation 8.18| July 23 2024

  • VMware Aria Automation build 24024333

  • VMware Aria Automation Easy Installer build 23838682

  • VMware Aria Automation Cloud Extensibility Proxy build 24024335

  • VMware Aria Automation Orchestrator build 24024334

Updates made to this document

Date

Description of update

Type

July 23rd 2024

Initial publishing for VMware Aria Automation 8.18

For more information, see our blogs about the VMware Aria Automation releases.

Note: VMware has announced the End of Availability (EoA) of the VMware Aria SaaS services including VMware Aria Automation SaaS, as of February 2024. VMware will continue to support customers currently using VMware Aria SaaS services until the end of their subscription term. See VMware End Of Availability of Perpetual Licensing and SaaS Services.

Note: The VMware Aria Automation Cloud Extensibility Proxy build specified above is only applicable for on-prem VMware Aria Automation deployments. The last applicable cloud extensibility proxy build for VMware Aria Automation SaaS is 23103969.

About VMware Aria Automation

You can find information about these new features and more at VMware Aria Automation and in the signpost and tooltip help in the user interface. Even more information is available when you open the in-product support panel where you can read and search for related topics, and view community posts and KBs, that appear for the active user interface page.

Notice: Release Notes for previous releases are archived yearly:

Before you begin

Familiarize yourself with the supporting documents.

VMware Aria Automation

VMware Aria Automation 8.18

After setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in VMware Aria Automation product documentation.

After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in VMware Aria Automation product documentation.

Automation Orchestrator 8.18

VMSA-2024-0017 security advisory and patch

Important: A new security advisory is published for VMware Aria Automation. For more information, go to VMSA-2024-0017 and KB325790. Apply the necessary patch at the earliest convenience.

VMware Aria Automation 8.18 What's New

  • The VMware Remote Control Application (VMRC) console proxy is updated to support WebMKS

    Previously, you could not use VMRC day 2 actions from VMware Aria Automation on-prem to communicate with vSphere 8+ instances. This is because vSphere 8+ only supports communication over WebMKS while MKS, used by older vSphere versions, is deprecated. For more information, go to KB 93070.

    Starting with this release, VMware Aria Automation on-prem will use WebMKS as the default communication method between VMRC and vSphere 7+ and 8+ instances. The console proxy abstracts the underlying vCenter as the connections are now proxied. The workaround for on-prem instances mentioned in the above KB article is no longer needed. It is recommended that users start planning their upgrade to the current product version along with upgrading to vSphere 8+.

  • Content library filtering improvements to the Catalog Setup Wizard

    Starting this release, Catalog Setup Wizard has made the following improvements that provide a better VM image browsing experience. 

    • Users can now filter the list of available Deep Learning VM images by specifying a content library name.

    • Content related to Tanzu Kubernetes Grid (TKG) is now excluded from the search results which reduces the search term clutter.

  • Split catalog items for the Catalog Setup Wizard

    Starting this release, the Catalog Setup Wizard creates five catalog items for better usability.

    • AI Workstation: Installs a GPU-enabled deep learning VM. 

    • AI RAG Workstation: Installs a GPU-enabled deep learning VM with all necessary NVIDIA software to run a RAG workflow. 

    • Triton Inferencing Server: Installs a GPU-enabled deep learning VM with NVIDIA Triton Inferencing Server.

    • AI Kubernetes Cluster: Installs a GPU-enabled Tanzu Kubernetes Grid (TKG) Cluster.  

    • AI Kubernetes RAG Cluster: Installs a GPU-enabled Tanzu Kubernetes Grid (TKG) Cluster with all necessary NVIDIA software to run a RAG workflow in production. 

    For detailed instructions on using the Catalog Setup Wizard and deploying the five catalog items, see the product documentation.

  • Automatic installation of the TKG RAG operator

    Starting from this release, the AI Kubernetes Cluster catalog item will automatically install the NVIDIA Retrieval Augmented Generation (RAG) Kubernetes operator in addition to the NVIDIA GPU operator. Catalog users now have access to a fully functional Tanzu Kubernetes Cluster that is capable of running RAG workloads. Users will be required to manually install any sample RAG applications.   

  • Air-gapped support for Non-RAG workloads on DLVM

    Starting this release, the Catalog Setup Wizard now provides options to configure a private registry and specify HTTP/HTTPs proxy configurations. Non-RAG NVIDIA containers and vGPU drivers can now be stored in locations that are not accessible through the internet. This capability enables the deployment of the following catalog items on a deep learning VM in air-gapped environments:

    • PyTorch

    • TensorFlow

    • Triton Inference Server

    • CUDA samples

    For detailed instructions on using the Catalog Setup Wizard and using air-gapped environments, see the product documentation.

  • New workflow for the Launchpad in VMware Aria Automation

    A new workflow is available to help users getting started or use as shortcuts in VMware Aria Automation. You can leverage this workflow to increase time-to-value by skipping the manual required steps to publish VM images from vCenter to catalog items for end user consumption.

    • Auto-discover images from a cloud account

    • Automatically associate cloud zone to a project

    • Automatically create cloud templates based on the discovered image

    • Automatically version and release cloud templates

    • Automatically create a content source

    • Automatically validate a project to pull catalog updates

    • Automatically create a content sharing policy based on user choice of project name

    • Assign users to a project or catalog

    • Optional step to select network and storage for the VM (if skipped, network and storage will be allocated randomly)

    For detailed instructions on using the Launchpad in VMware Aria Automation, see the product documentation.

  • Set the storage priority for storage profiles and datastores

    You can now set the priority for storage profiles and datastores to specify the order of datastores to be picked among all the eligible datastores. This allows users to place VMs in a specific cluster based on the set priority. This feature modifies the current behavior where multiple datastores eligible for placement are selected based on the available capacity.

  • Cloud template assignment with compliance for onboarding deployments

    A new feature in onboarding plans allows cloud administrators to assign a template to an onboarded deployment. There are three ways to associate a cloud template to an onboarded deployment:

    1. No cloud template associated.

    2. For visual only, to allow a cloud template link on the deployment but not assigned with compliance.

    3. Fully assigned by each virtual machine with compliance and can operate the update action using the assigned template.

    To assign the cloud template and make the onboarded deployment compliant, follow the steps below:

    1. Select a relevant cloud template.

    2. Map every machine resource in the template to a VM by selecting discovered VMs from the machine selection page.

    3. Validate and run the onboarding plan.

    Note: Onboarding compliance only supports Cloud.Machine and Cloud.vSphere.Machine resource types and their attached disks and networks. Onboarding no longer supports automatic generation of cloud templates. Administrators can either onboard with an existing template or without a template.

    For more information about onboarding, go to What are onboarding plans in Automation Assembler.

  • Dark mode added in VMware Aria Automation

    A beta version of Dark mode is now available for VMware Aria Automation Identity and Access Management. You can switch between Light and Dark mode from the preferences under the My account page. For more information, go to How do I set my preferences for VMware Aria Automation.

  • Reduced set of languages for localization

    Beginning with the next major release, we will be reducing the number of supported localization languages. The three supported languages will be:

    • Japanese

    • Spanish

    • French

    The following languages will no longer be supported:

    • Italian

    • German

    • Brazilian

    • Portuguese

    • Traditional Chinese

    • Korean

    • Simplified Chinese

    Impact:

    • Customers who were using the deprecated languages will no longer receive updates or support in these languages.

    • All user interfaces, help documentation, and customer support will be available only in English or in the three supported languages mentioned above.

  • Update Provisioning Service to call Active Directory (AD) during project change

    In previous releases, users who delete a project or use the Change Project feature while having an active AD integration would receive a 403 Forbidden error. These scenarios occur because Active Directory does not listen for events coming from the Project Service. The AD integration is now updated to track these project changes.

  • New location of the default runtime container image in the Terraform runtime integration

    In the Terraform runtime integration, the location of the default runtime container image is being changed. The new image location is projects.packages.broadcom.com/vra/terraform:latest. The previous location projects.registry.vmware.com/vra/terraform:latest will be inaccessible.

    Only the location is changing. The content of the image remains the same.

    If you are running any instances of VMware Aria Automation with an existing Terraform runtime integration, you must change the image location to projects.packages.broadcom.com/vra/terraform:latest or the runtime integration will fail.

  • Deprecation in Storage Profiles properties

    The storage profiles properties 'Shares' and 'Limit IOPS' are being deprecated to align with deprecation strategy in vSphere. These properties will be removed in a future release.

Automation Orchestrator 8.18 What's New

  • Plug-in and log level configuration are moved from the Control Center to the System settings section in the Automation Orchestrator Client

    Plug-in and log configuration are now performed from the System Settings page of the Automation Orchestrator Client. New REST APIs for managing plug-ins and log levels are also introduced. You can find more information about the Automation Orchestrator REST API in the Swagger UI located at https://<your_orchestrator_FQDN>/vco/api/docs/.

  • Control Center will be removed from Automation Orchestrator in the next release

    Automation Orchestrator configuration will be done through the command line interface. For more information, see the product documentation.

Resolved Issues

  • The vco pod experiences multiple restarts and Java heap dumps

    This issue occurs when you have a very large vSphere infrastructure with a large amount of VMs and uses the VcPlugin.getAllVirtualMachines() method frequently. In such scenarios, the Automation Orchestrator pod or pods experience multiple restarts and Java heap dumps.

    To resolve this issue, the vCenter plug-in was optimized and made configurable for different use case scenarios. The relevant changes are:

    • Default objects (main and live) cache sizes - changed from 100 000 000 entries to 20 000 entries for each vCenter attached to to plug-in.

    • Default objects (main and live) cache expiration times - changed from 14 440 seconds to 600 seconds.

    The vCenter plug-in cache can be configured through the following system properties:

    • com.vmware.vmo.plugin.vi4.cache.main.max.size - Sets the maximum number of entries the cache can contain. This property controls the size of the main and the live objects cache. If set to zero, elements are removed immediately after being loaded into cache. This can be useful in testing, or to disable caching temporarily without a code change. The default value is 20 000 entries.

    • com.vmware.vmo.plugin.vi4.cache.main.expirationSeconds - Sets the main cache expiration time in. Specifies that each entry should be automatically removed from the cache after a fixed duration has elapsed from the time of the entry's creation, or the most recent replacement of the entry value. The default value is 600 seconds.

    • com.vmware.vmo.plugin.vi4.cache.live.objects.expirationSeconds - Sets the live object cache expiration. Specifies that each entry should be automatically removed from the cache aftera fixed duration has elapsed from the time of the entry's creation, or the most recent replacement of the entry value. The default value is 600 seconds.

    • com.vmware.vmo.plugin.vi4.cache.clearOnSessionRefresh - Controls whether to clear all caches (main and live objects) on session refresh. The default value is false.

  • Cloud Consumption Interface (CCI) does not support sAMAccountName (short AD username)

    When adding a new directory in vIDM, the admin user has the choice of two directory-search attributes. This choice impacts the format of usernames in the associated on-prem Aria Automation deployment. The possible values are:

    • sAMAccountName - usually the user name without a domain, resulting in a short name in VMware Aria Automation, which does not include the domain. This is the default when setting up a new directory.

    • userPrincipalName - usually the user name with a domain, resulting in a long or full username in VMware Aria Automation, which includes the domain.

    CCI uses the usernames available in the project data to construct the vCenter access lists for the supervisor namespaces it manages. In systems configured with short user names, these project user names are domain-less and vCenter appears to discard them without error during project-sync, leaving users without the ability to access the supervisor namespace that they created from CCI.

  • Spread by memory does not consider managed machines even after onboarding the machines

    Spread by memory placement policy is not calculated properly the memory ratio as described in the documentation.

  • Obsolete log4j library removed from the SNMP plug-in

    In previous releases, the SNMP plug-in for Automation Orchestrator used an outdated version of the log4j library. This library is no longer needed and as such is removed from the SNMP plug-in starting with the current release.

  • "LoadBalancerDescription" objects are created with an expiration time of nine days and are getting cleaned up causing regressions

    Your load balancer is recreated when iterative deployment is performed on the deployment without any changes to load balancer.

  • "LoadBalancerDescription" does not get deleted with the rest of the load balancer components

    When deleting a load balancer from your deployment, the "LoadBalancerDescription" property is not removed.

  • Usage of outdated hashes might lead to collision attacks

    The default certificate thumbprint digest algorithm is changed from SHA-1 to SHA-256. This change might impact Automation Orchestrator plug-ins which use the IKeystoreCache#getThumbprints plug-in SDK method for custom certificate validations.

Known Issues

  • You receive a 502 Bad Gateway error when attempting to play videos from the Launchpad

    Workaround: Play the videos directly from YouTube.

  • VM is not placed in the correct storage profile based on the applied priority and constraint tags

    When storage profile level priority is used and your cloud template contains a storage constraint tag, based on all the allocation filters if multiple storage profiles are eligible, storage profile with the priority might not be selected as expected. Instead another storage profile is selected.

    No workaround, make sure that only one eligible storage profile remains at the end of allocation.

  • You encounter a issue when attempting to export a DCGM Exporter Catalog item

    The Catalog Setup Wizard does not create the DCGM Exporter Catalog item. 

    Workaround:

    Log in to the deep learning VM over SSH and run the following commands:

    • docker run -d --gpus all --cap-add SYS_ADMIN --rm -p 9400:9400 registry-URI-path/nvidia/k8s/dcgm-exporter:ngc_image_tag

    For example, to run dcgm-exporter:3.2.5-3.1.8-ubuntu22.04 from the NVIDIA NGC catalog, run the following command:

    • docker run -d --gpus all --cap-add SYS_ADMIN --rm -p 9400:9400 nvcr.io/nvidia/k8s/dcgm-exporter:dcgm-exporter:3.2.5-3.1.8-ubuntu22.04

    For more information on the DCGM Exporter, go to Add DCGM Exporter for DL workload monitoring.

VMware Aria Automation 8.17 What's New

  • New VMware Aria Automation home page

    A new user dashboard is now part of the VMware Aria Automation home page to help users navigate through complex architectures as part of Automation Assembler for administrators. Whether a user is new to VMware Aria products, or they are a seasoned VMware Aria Automation user, they can find the dashboard useful for the following scenarios:

    • Provide an overview for cloud environments by segment and VM status.

    • Visualize an inventory summary broken down by cloud zone and projects.

    • Visualize a deployment summary with upcoming lease policy changes and recently expired policies.

    • Review recent in-product notifications and respond to requests directly.

    Note: The home page is the default landing page for Automation Assembler only if the administrator does not have a cloud account in the organization. Otherwise, the default landing page is the Resources page in Automation Assembler. For more information, go to How do I get started with Automation Assembler using the VMware Aria Automation Launchpad.

  • New Launchpad added to the VMware Aria Automation home page

    A new Launchpad is now available for users who are getting started with VMware Aria Automation or want shortcut access to commonly used actions. You can perform easy-to-learn use cases using the two guided workflows. The Launchpad covers the following use cases:

    • Add a cloud account: use your credentials to validate and link cloud accounts.

    • Apply lease expiration: create a lease policy to enforce resource expiration.

    For more information, go to How do I get started with Automation Assembler using the VMware Aria Automation Launchpad.

  • Cloud Consumption Interface (CCI) Supervisor namespace, TKG, and other resource support in the Automation Assember design canvas

    CCI on-prem was released in VMware Aria Automation 8.16.1. The current release introduces support for defining multi-tier applications in Automation Assembler templates by leveraging Supervisor namespaces, TKG clusters, and any other CCI resources. You can now run a catalog item containing CCI resources that was prepared by an administrator. This capability brings together CCI and the rest of VMware Aria Automation capabilities around Infrastructure as Code (IaC) and governance with policies. For more information, go to Automating Kubernetes-based workloads in Automation Assembler.

  • Integrating a single VMware Aria Operations on-prem instance with multiple VMware Aria Automation on-prem tenants

    A single VMware Aria Operations instance can now integrate with multiple VMware Aria Automation tenants running on the same on-premises appliance.

  • Day 2 action for unregistering a cluster of VMs

    Unregister day2 action is supported for cluster of VMs. Note that the action is unavailable on a single VM within a cluster that shares disk or disk cluster with other VMs.

  • Increased number of private cloud accounts in VMware Aria Automation

    With this release, we are increasing the number of supported private cloud accounts in VMware Aria Automation from 50 to 100. For more information, go to Scalability and Concurrency Maximums.

  • Content sharing policy now supports scope at the organization level and also enables role-based access control

    Starting this release, the content-sharing policy supports two enhancements:

    1. The ability to share content across the entire organization by setting the scope as Organization. The organization-scoped policies only affect shared VMware cloud templates (VCT).

    2. A Role-based access entitlement. This feature allows for content sharing between users based on their set roles.  The roles can be project administrators, project members, and named custom roles.

    These enhancements significantly streamline content sharing and access control within the organization. For more information, go to How do I configure Automation Service Broker content sharing policies.

  • New Active Directory (AD) error messages when changing projects

    When invoking the Change Project action on a deployment that is associated with an Active Directory integration, there are certain scenarios that will cause validation errors.

    When the source project is associated with an AD integration, but the target project is not associated with an AD integration. In such cases, you receive the following error message:

    "Target project is not associated with AD integration".

    To resolve this error, the target project must be associated with an AD integration that has the same organizational unit.

    Another possible scenario occurs when both the source project and the target project are associated with an AD integration, but the AD integration is not part of the same organizational unit. In such cases you receive the following error message:

    "The properties(OU, BaseDN) associated with the project did not match the project".

    To resolve this error, the organizational unit of the target project must be changed, or a new AD integration must be made to associate with the same organization unit.

  • Announcing intent to deprecate specific Kubernetes automation capabilities

    VMware by Broadcom is announcing the planned deprecation of Kubernetes integration capabilities, including the TKG integration and TMC integration documented under How do I work with Kubernetes in Automation Assembler. The actual deprecation and removal of these capabilities from the product will happen in a future release. Customers are encouraged to adopt the Cloud Consumption interface (CCI) and vSphere TKG IaaS service. For more information on CCI, go to Getting Started with the Cloud Consumption Interface in Automation Service Broker.

  • Announcing intent to remove deprecated automation capabilities

    VMware by Broadcom wants to remind customers that the following capabilities are deprecated and scheduled to be removed from VMware Aria Automation in a future release:

    • Support for NSX-V

    • Support for NSX-T Manager Mode

    • Support for NSX-V to NSX-T migration

    • Migration Assistant for vRealize Automation 7.6 to VMware Aria Automation 8.0 and later

    • Migration Assistant for NSX-V to NSX-T

    • Support for the VMware Aria Automation integration with vCloud Director

    Any customer currently leveraging these capabilities in VMware Aria Automation should make plans to stop using the relevant functionality.

  • Announcing intent to remove support of vCenter 6.x

    VMware by Broadcom wants to remind customers that the support for vCenter 6.x will be removed from VMware Aria Automation in a future release. Any customer currently using vCenter 6.x cloud accounts in VMware Aria Automation should make plans to upgrade to a supported version of vCenter.

Automation Orchestrator 8.17 What's New

  • License management is moved from the Control Center to the Automation Orchestrator Client

    License management for your external Automation Orchestrator deployment is now done from the Licensing page of the Automation Orchestrator Client. This page includes information about your currently applied license and the option to manually add a license. For more information, go to Automation Orchestrator feature enablement with licenses. As it is set to match the license in VMware Aria Automation, the Licensing page is unavailable in embedded Automation Orchestrator deployments.

  • The Command scripting object is removed

    The Command scripting object is removed and the 'execute' and 'executeAndLog' methods are deactivated. If these methods are invoked, they throw an exception. If your actions or workflows have scriptable task items that use this scripting object or methods, these scripts must be updated.

Resolved Issues

  • Unable to add a VMware Cloud Foundation (VCF) cloud account domain in VMware Aria Automation

    When attempting to add a VCF cloud account domain to VMware Aria Automation, you receive the following error message:

    "Something went wrong in a backend service."

    This error occurs when a user is adding a VCF cloud account domain in VMware Aria Automation while another domain creation is in progress in the SDDC Manager.

  • Rebuild fails with an error if the original VM image is no longer available

    Previously, a rebuild day 2 operation fails if the underlying image has been deleted at the endpoint. This is an issue for users who are unaware that the image is missing at the endpoint and the rebuild operation is blocked unless a new image reference is manually added from the back end for the machine.

    This issue is now resolved. When triggering the rebuild resource level day 2 action, if the image is missing, the user is prompted to select an image from the available list of image templates to rebuild the machine. 

    However, in case of the rebuild being performed at the deployment level, an available image must be manually patched on the machine properties and then the rebuild day 2 action can be attempted on the deployment. To do this, users must use the "__resolvedImageLink" and "_imageRef" input properties along with the relevant image value. Alternatively, users can trigger a resource level rebuild operation for that particular VM which will enable the user to select an image and rebuild the machine from the UI. 

  • Actions/{id}/bundle added to Swagger

    The actions/{id}/bundle REST API endpoint is added to the Automation Orchestrator Swagger documentation.

Known Issues

  • Disk resize cannot be performed on "VMname" because the state of the resource has changed and an error appears when the user tries to perform resize disk day 2 action on VM

    If the user is not using SCSI controller key=1000 and unit number=0 in the configuration of virtual devices that are attached to the VM, then a resize disk action error will appear.

    Workaround: Ensure that among disks attached to the VM, one disk is always configured with SCSI controller key=1000 and unit number=0. See KB https://knowledge.broadcom.com/external/article/369794

API Documentation and Versioning

Notice: Release Notes for previous releases are archived yearly:

API documentation is available with the product. To access all Swagger documents from a single landing page, go to:

  • https://<appliance.domain.com>/automation-ui/api-docs for vRealize Automation 8.x, where appliance.domain.com is your vRealize Automation appliance.

Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API using the apiVersion variable before, you might encounter a change in an API response. Any API updates and changes are provided in the What's New section for each release.

For unlocked APIs, the default behavior varies depending upon the API.

  • For Cloud Assembly IaaS APIs, all requests which are executed without the apiVersion parameter will be redirected to the first version which is 2019-01-15. This redirect will allow every user who did not previously specify the apiVersion parameter to transition smoothly to the latest version without experiencing breaking changes.

    Note: For the Automation Assembly IaaS APIs, the latest version is apiVersion=2021-07-15. If left unlocked, IaaS API requests will be redirected to the first version which is 2019-01-15. The first version is deprecated and will be supported for 24 months. To ensure a smooth transition to the new version, lock your IaaS API requests with the apiVersion parameter assigned to 2021-07-15.

  • For other APIs, your API requests will default to the latest version. If you select one of the earlier version dates listed for the Swagger spec, the API behavior will reflect APIs that were in effect as of that date and any date until the next most recent version date. APIs are not versioned for every vRealize Automation release and not all APIs support the apiVersion parameter.

For more information about using the apiVersion parameter, see the Programming Guides listed in:

API updates and changes for each release are covered in the following sections:

VMware Aria Automation July 2024 API Changes

Service Name

Service Description

API Updates and Changes

Relocation

Define policy and plans for bringing existing VMs from any cloud under management.

Payload of POST /relocation/onboarding/task/create-deployment-bulk updated to add a template field that supports onboarding with a cloud template.

Snippet of a sample payload shows a template field with resource mapping that includes:

  • Name of the cloud template

  • Link to the cloud template ID

  • VMs to be onboarded, mapped to machines in the cloud template

"template": { 
  "name": "cloud_template_name", 
  "link": "/blueprint/api/blueprints/template_ID_string", 
  "components": { 
    "/resources/compute/resource_ID_string_1": "Cloud_vSphere_Machine_1", 
    "/resources/compute/resource_ID_string2": "Cloud_vSphere_Machine_2"

Previous Known Issues

The following is a list of known issues documented in earlier releases of VMware Aria Automation. For more detailed information about the relevant releases where these issues were first documented, go to the VMware Aria Automation Release Notes Archive (8.12-8.16.2).

  • Password length issue when using Kerberos authentication

    After Automation Orchestrator is upgraded, if the deployment is in FIPS mode, some plug-in endpoints configured with Kerberos authentication stop working and you receive the following error message in the logs:

    org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: password must be at least 112 bits

    Workaround: Use longer and stronger passwords, with at least 14 characters, to satisfy the FIPS requirements.

  • Issues with importing Automation Orchestrator workflows

    You can experience issues importing an Automation Orchestrator workflow into the VMware Aria Automation catalog content sources if the workflow inputs or fields include the "project" ID element as it is a system property. Having the ID added to the workflow inputs or fields can cause you to receive an error message similar to the following: “Error downloading catalog item ‘/workflow/<workflowId>’ (Error: Content provider error).”.

    Note: This issue is only valid for “project” ID elements manually added to workflows. It does not relate to automatically generated project fields created when a workflow or cloud template is imported into Service Broker.

    Workaround: Remove the "project" ID element from the workflow inputs or fields.

  • You receive a error status code 500 when a extensibility action content source has its "shared" field value as NULL

    When your project includes extensibility actions, the number of items shown on the Content Source page includes fewer actions than the total number of actions included in the project. For example, you might see five out of ten actions shown in the Number of items field and red exclamation mark next to it. This means that not all actions are synchronized in the content source and that the problematic actions are not available for use in the Catalog.

    Workaround: See KB 93437.

  • Unsupported Kerberos authentication for the PowerShell plug-in

    The PowerShell Plug-in for VMware Aria Automation Orchestrator does not support Kerberos authentication when used in FIPS mode because of security restrictions on the required security provider.

    When used with older versions of Automation Orchestrator in FIPS mode, using Kerberos authentication in the PowerShell plug-in is not recommended as it can break the FIPS compliance.

    Workaround: Use the Run Script In Guest workflow to run a PowerShell script inside the virtual machine.

  • Using Python scripts with the latest version of the requests library or urllib3 v2 client causes extensibility actions to fail with a "urllib3 v2.0 only supports OpenSSL 1.1.1+" error.

    The latest version of requests library and urllib3 v2 currently cannot be used in extensibility actions, as these dependencies require an OpenSSL version later than 1.1.1.

    Workaround: In the dependencies text box of the extensibility action editor, specify a version of the request library that is earlier than 2.29.0, or if you are using urllib3, specify a version that is earlier than 2.

  • Service and role names are replaced with old values when deploy.sh is ran for second time

    This important issue has been identified with the Aria Automation 8.12 release. Refer to KB 92018 for more details before upgrading or installing.

  • You might receive a error if your custom form field includes regex constrains

    If your custom form includes one or more fields with a regex constraint, you can receive a error message similar to the following: "Some data cannot be retrieved. If the problem persists, contact your system administrator. Failed request: <action name>”.

    Workaround: Ensure that the regex adheres to both Java and JavaScript compliance standards. When this adjustment is made, the issue is resolved.

  • Complex custom forms do not load take more than 10 minutes to load

    For complex custom forms with hundreds of fields and complicated default value rules, there might be a slow down to render the form. In most cases the longer rendering time is not noticeable, while the more complex the form is, the slow down can be significant.

    No workaround.

  • After upgrading, if the deployment specifies a boot disk size that is less than the image boot disk size, the deployment will fail.

    This known issue occurs when upgrading to 8.11.1 and later.

  • Some services are not accessible after associating a tenant with Aria Automation 8.12 through LCM

    After associating a tenant with VMware Aria Automation 8.12 through LCM, users may not be able to access the following services:

    • Assembler

    • Migration Assistant

    • Pipelines

    • Config 

    Workaround:

    1. Login to the tenant as a user with Organization Owner privileges.

    2. Under Identity & Access Management, click the Active Users tab.

    3. Select the affected user and click Edit Roles.

    4. To grant the user access to Assembler and Migration Assistant, click Add Service Access and select Cloud Assembly.

    5. To grant the user access to Pipelines, click Add Service Access and select Code Stream.

    6. To grant the user access to Config, click Add Service Access and select SaltStack Config.

  • Delete operation for day 2 actions fails when deleting a pool from a deployment that depends on a virtual service

    If an Avi load balancer resource, such as a health monitor, is used by two pools in different deployments, deleting the health monitor from one of the deployments will fail with a "false" error.

    The failure to delete the resource is valid as the health monitor is referenced by multiple pools. However, the error displayed in VMware Aria Automation is not descriptive. The error displayed in the Avi load balancer is more detailed and shows why the delete operation failed.

    No workaround.

  • You receive a validation error when an action input is bound to the Project field

    When a catalog item with custom forms has an external action that has the Project field as an input, this can cause an error. Opening the catalog item, the action run fails with the one of the following error messages: “Cannot execute external actions due to validation errors [Request info field with name: 'project' does not exist.];” or Some data cannot be retrieved. If the problem persists, contact your system administrator. Failed request: <action name>.

    Workaround: Do not explicitly pass the project field as an action input. When an Automation Orchestrator action run is started, the project ID is implicitly passed as a context parameter. Instead of having an input for the project in the action, use the “_projectId” context parameter.

    For example, if the Automation Orchestrator action receives one input called "project":

    1. Remove that input, and in the action script, create a variable called "project" and assign it with the following context parameter value: var project = System.getContext().getParameter("_projectId").

    2. Save the action.

    3. In the catalog item custom form designer, re-select the updated action.

    4. Save the modified custom form.

  • The CMX agent needs to support all Spring Boot supported metrics so that alerts can be created

    Now that the CMX service has moved to Spring Boot, it needs to support all metrics, particularly "system_cpu_usage", and needs to push them to Wavefront. Without this, alerts cannot be created in Wavefront when the CPU usage crosses the threshold.

    No workaround.

  • The Change Project process fails for multi-tenant environments in deployments with remote access

    This issue can occur if your deployment includes remote access with an authentication type other than publicPrivateKey. Other authentication types store their authentication credentials link and during the change project action, the remote access credentials are set with the tenant organization. The compute description is patched but with the owner context (because of reenterWithOwnerAuthContext logic) and have a provider organization. The authentication credentials are set in the tenant organization, but it is changed to the provider organization and the patch request fails with IllegalAccess exception.

    Workaround:

    A potential workaround is to update the cloud templates from which the deployments are created to use publicPrivateKey authentication type for remote access.

    remoteAccess:
  authentication: publicPrivateKey
  sshKey: ${input.sshKey}
  username: root

  • Workflows for Aria Automation user interaction times out if there is no response for a long time

    Manual user interactions cannot be answered from Aria Automation if more than 24 hours have passed, however, they can still be answered from Automation Orchestrator. On an attempt to answer the manual user interaction from Aria Automation, this error message appears:

    "Could not process request due to: Could not find information about request ID: '<request id>' for resource: '<resource id>'"

  • The Automation Orchestrator debugger does not step into sub-actions

    The Automation Orchestrator action debugger does not step into inner actions called using the System.getModule(module).action() method.

    Workaround: Use the root action as the only element in a new workflow and debug the workflow using the workflow debugger.

  • Intermittent behavior where servers are not added to a pool when using existing security groups

    When associating an NSX security group to an Avi load balancer pool, the reference to this security group must be the full path of the security group as seen in NSX.

    No workaround.

  • Deploying an NSX Load Balancer with persistence configuration fails if values for required fields are not specified

    When deploying an NSX load balancer with a route that includes persistence configuration, the VMware Aria Automation Template displays all possible fields under properties > routes > persistenceConfig. You must specify values for all required fields as follows:

    • For PersistenceConfig.type = COOKIE, specify values for the following fields:

      • cookieMode

      • cookieGarble

    • For PersistenceConfig.type = SOURCE_IP, specify a value for ipPurge.

    • Do not use PersistenceConfig.type = NONE.

    If a value is missing for any required field, the deployment will fail.

    For more information about resource schema for the Cloud.NSX.LoadBalancer > routes > persistenceConfig, go to Aria Automation SaaS Resource Type Schema.

    No workaround.

  • The "sseapi-config auth" command throws errors in VMware Aria Automation Config SaaS

    The "sseapi-config auth" command can be used to view the fingerprint IDs of the Master Key.  Currently, this command does not work for VMware Aria Automation Config SaaS.

    No workaround.

  • Drop-down menu values do not get reset to the last selected value if the action is re-triggered

    In cases where the valueOptions (dropdown, multiSelect, dualList, combobox, and others) are controlled by an external source, you might encounter this situation:

    1. You select a value from the drop-down menu.

    2. An action triggers, causing the menu to have zero options.

    3. The originally selected value is cleared from the UI control but is available on request.

    Workaround: Explicitly select the empty value if available.

  • Virtual Machine (VM) deployments fail with "Getting virtual machine on NSX-T policy endpoint"

    Special characters cannot be used in the name of a VM when NSX tags are used.

    No workaround.

  • When creating an instance, creating disks with labels fails due to unexpected snake case transformation

    This is a bug that is a part of a very unlikely scenario. 

    On instance creation, when a user attempts to create an instance with disks, using initialize_params and assigns labels to that disk that contain snake case format (ex. "first_key": "first_value"), the key will be converted to "firstKey" which is not a valid label format. 

    It is recommended to add the labels separately using the disk resource, or use an underscore in the label key.

  • Inconsistent performance tier information for Azure machine when managed disk is resized using day 2 actions

    When an Azure disk with a Premium managed disk is resized with day 2 actions in Aria Automation, the baseline performance tier is updated accordingly in the Azure portal. However, the performance tier remains the same in the template in the Aria Automation custom properties. This leads to inconsistent performance tier information.

    No workaround.

  • Deleted actions appear for helpers

    Unsupported delete actions appear for helpers such as CloudZoneAllocationHelper and CustomNamingHelper.

    No workaround.

  • vCenter machines are showing with an Automatic Private IP Addressing (APIPA) IP as the primary IP

    The APIPA IP is an IPv4 address that is assigned to a machine when the DHCP server in the system is not reachable. The address is within the following range: from 169.254.0.1 through 169.254.255.254. When this occurs, the VMware Aria Automation algorithm is incorrectly selecting the APIPA IP address as the primary IP address for the machine that appears in the VMware Aria Automation UI. This is true for both discovered and deployed machines. 

    VMware Aria Automation shows the APIPA IP as the primary IP address of the vCenter machine because the algorithm for determining the primary IP address failed to filter out these IPs. 

    No workaround.

  • Integrate plug-in version 0.21.0 into project Flagman

    In cloud templates for idem.gcp resources, users should use type_ and not type.

    There are two different identified cases:

    In instance -> network_interfaces, the property type_ can easily be mistaken and written as type. If type is used, VMware Aria Automation does not notify the user (as expected), but the property is skipped over and the wanted value is not set.

    network_interfaces:
        - access_configs:
            - kind: compute#accessConfig
              name: External NAT
              network_tier: PREMIUM
              set_public_ptr: false
              type_: ONE_TO_ONE_NAT
          kind: compute#networkInterface
          name: nic0
          network: https://www.googleapis.com/compute/v1/projects/tango-gcp/global/networks/default
          stack_type: IPV4_ONLY
          subnetwork: https://www.googleapis.com/compute/v1/projects/tango-gcp/regions/us-central1/subnetworks/default

    The other use case is in disk. The last property type_ can easily be mistaken and written as type. This leads to the same result as described above - the user is not notified in any way, the property is skipped over, and the value is set to the default value, not the specified value in the cloud template.

      Idem_GCP_COMPUTE_DISK_2:
    type: Idem.GCP.COMPUTE.DISK
    properties:
      name: e2e-idem-disk-2-${input.UUID}
      account: ${resource.Allocations_Compute_1.selectedCloudAccount.name}
      size_gb: 1
      project: ${resource.Allocations_Flavor_1.selectedCloudAccount.additionalProperties.gcp.project}
      zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.name}
      type_: ${'/projects/' + resource.Allocations_Flavor_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-ssd'}

     

    No workaround.

  • Python packages not downloading from private registries that require setuptools

    When using a private python repository that is based on setuptools package, the dependencies cannot be downloaded.

  • Creating instance with status other than RUNNING does not get applied

    When a new VM instance is created, the Google Compute Engine automatically provisions it in a RUNNING state, even when the deployment template specifies another desired runtime status (eg. TERMINATED).

check-circle-line exclamation-circle-line close-line
Scroll to top icon