RSS
 

Release Versions

VMware Aria Automation| August 2023

VMware Aria Automation 8.13.1 | Sept 7 2023

  • VMware Aria Automation 8.13.1 build 22360938

  • VMware Aria Automation Easy Installed build 22395538

  • VMware Aria Automation Cloud Extensibility Proxy build 22360952

  • VMware Aria Automation Orchestrator build 22352281

Updates made to this document

Date

Description of update

Type

August 26th 2023

Initial publishing for VMware Aria Automation August 2023

September 7th 2023

Initial publishing for VMware Aria Automation 8.13.1

For more information, see our blogs about the VMware Aria Automation releases.

Starting with the April 2023 release, the product name is now changed from vRealize Automation to VMware Aria Automation. VMware Aria Automation also now includes these services as one unified product:

  • VMware Aria Automation Config (formerly SaltStack Config)

  • VMware Aria Automation for Secure Hosts (formely SaltStack SecOps)

  • VMware Aria Automation Orchestrator (formerly vRealize Orchestrator)

About VMware Aria Automation

You can find information about these new features and more at VMware Aria Automation and in the signpost and tooltip help in the user interface. Even more information is available when you open the in-product support panel where you can read and search for related topics, and view community posts and KBs, that appear for the active user interface page.

Notice: Release Notes for previous releases are archived yearly:

Before you begin

Familiarize yourself with the supporting documents.

VMware Aria Automation

VMware Aria Automation 8.13

After setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in VMware Aria Automation product documentation.

After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in VMware Aria Automation product documentation.

Automation Config and Secure Hosts

Automation Config and Secure Hosts 8.12

Automation Orchestrator 8.13

Automation Config Upgrade Requirements

Before you can upgrade your Automation Config appliance you must upgrade the Master plugin. For information on upgrading the Master plugin, see Upgrade the Master Plugin.

VMware Aria Automation August 2023/ 8.13.1 What's New

  • Custom naming for plug-in resources

    The plug-in based resources now support a custom naming feature. You can now define custom naming templates at the project level or organization level and use it the same way as classic resources. Custom naming helpers are also available in the Automation Assembler canvas. These helpers can be used like other allocation helpers on cloud objects.

  • FIPS compliance for plug-in based resources

    Newly added services to VMware Aria Automation are Federal Information Processing Standards (FIPS) compliant. This satisfies requirements from the US federal government divisions, research institutions, universities, defense contractors, and anyone else using government networks or protecting government data. Financial and healthcare organizations also require FIPS compliance for protection of their confidential data.

  • Storage filter should pass all the eligible selections to downstream filters

    The SPREAD placement policy, both at the project level and cloud zone level, can now be used with multiple storage profiles that are selected through storage constraint tags . There are several behavior changes for soft constraints at storage profile level: 

    • If soft constraints are used for storage in cloud templates, the corresponding storage profile item with a matching tag is selected.

    • If there is no matching storage profile item for that tag, then the default profile for that region is selected.  

    • If there is a SPREAD policy at the cloud zone or project level, then the compute cluster is selected based on the policy. Afterwards, tag matching is used to select the corresponding storage profile item.  

    • In case of soft constraints, if there is no matching storage item connected to the selected compute cluster, then default storage item is selected.

    • In case of hard constraints, if there is no matching storage item connected to the selected compute cluster, then provisioning fails based on the definition of the specific hard constraint.

    Workaround:

    1. Tag the required storage profile by adding a tag in the capability tags field (such as mytag) of the profile.

    2. Add the same tag in the cloud template YAML as shown:

      Cloud_Azure_Machine_1:     
   type: Cloud.Azure.Machine     
   properties:      
    storage:          
     constraints:            
       - tag: mytag

  • Updates to the Service Broker Catalog

    The Catalog items UI is updated to be user focused and share more details. These updates include:

    • You can now select a list view when browsing catalog items.

    • New design and font for the catalog card to allow a longer description and name.

    • Smaller My Resource Usage summary.

    • Sort and search are moved to top right side.

  • Plug-in based resources now support new OOTB Day 2 actions

    These Day 2 actions are now supported for plug-in based resources:

     AWS * EC2: power on, power off

    • S3 bucket: Delete

    • LB: Delete - delete works, but the LB resource type is currently hidden

    • RDS: Delete - delete works, but the RDS resource type is currently hidden

    • EKS: Delete - delete works, but the EKS resource type is currently hidden

    GCP * VM - power on, power off, resume, suspend

    • Storage Bucket: Delete

    • Service Account: Delete

    • Shielded Machine: power on, power off, resume, suspend

  • Updates related to Terraform license changes made by HashiCorp

    On August 10 2023, HashiCorp announced that its source code license from Mozilla Public License (MPL) is changing to the Business Source License (BSL/BUSL) for future releases of its products, including Terraform, Vault, Consul, Boundary, Nomad, Waypoint, Packer, and Vagrant. This licensing change effects only Terraform versions newer than 1.5.5.

    As a result, we are immediately restricting customers from choosing any Terraform versions newer than 1.5.5 in VMware Aria Automation when running their Terraform configurations.

  • Add a cloud account for vCenter that is connected to vSphere+

    VMware Aria Automation now supports adding vCenter cloud accounts that are used as vSphere IaaS layers for workload automation. This feature introduces support for adding a cloud account for vCenter that is connected to the vSphere+ cloud service.

    As part of this, the UI and API are updated to reflect the unique nature of vSphere+ connected to vCenter. Particularly for the UI, the experience is simplified. You are no longer required to specify the IP, FQDN, or cloud proxy information as all vCenter instances that are connected to vSphere+ are provisioned in the same SaaS org. Therefore, they are automatically discovered by VMware Aria Automation automatically and can be selected one at a time.

  • VMware Aria Automation Config support for Salt Onedir packages

    VMware Aria Automation Config now supports Salt installed with Onedir packages as the new preferred installation method of Open Salt 3006 and later. Through Onedir, all Salt executables are included under one directory. Onedir also includes the Python version needed by Salt and its required dependencies. For more information on Onedir and the upgrade process, see Upgrade to onedir.

    When upgrading Open Salt to Onedir, it is highly recommended to review the user guide. Remember to follow step 4 in the Upgrade to onedir documentation and reinstall any third-party Python packages.

    For Salt Masters connected to and managed by VMware Aria Automation Config, the RaaS master plugin needs to be reinstalled. Follow the Aria Config documentation for installing/upgrading/configuring RaaS master plugin.

    For more information, see KB 89728.

     Note: Support of Salt Onedir with Photon OS 4.0 will be available in an upcoming release.

  • VMware Aria Automation for Secure Hosts: Qualys Vulnerability scan imports now has UI support

    The Qualys Vulnerability scan import now has UI support with VMware Aria Automation for Secure Hosts. For more information, go to How to run a third party scan.

  • Salt Open (Open Source Project) release Information

    The Salt Project is an open source automation and configuration management engine. Salt is the technology that underlies the core functionality of VMware Aria Automation Config. For more information on the Salt Project, go to The Salt Project.

    The following extensions are released for Salt Open: 

    Note: VMware Aria Automation Config updates are called out separately in these release notes.

    • Salt Analytics enables customers to forward the analytics information to any external systems to monitor Salt infrastructure. 

    • Salt Heist improves Salt management by installing or upgrading Salt at scale. It also provides an agentless solution by removing the agent when it is no longer needed.

    • Salt Describe improves the user experience by automatically generating Salt state files to manage desired states for greenfield or brownfield environments. These files can be used as is or with changes based on the business needs. 

    For more details on Salt Open releases, visit the following links:

Automation Orchestrator What's New

  • Limiting the number of vAPI metamodels supoprted by Aria Automation Orchestrator vAPI plug-in

    Starting with the 8.13.1 release, the number of vAPI metamodels that can be added from the Automation Orchestrator vAPI plug-in is limited to a default value of 20. This value can be changed by adding the vapi.metamodels.count to your Automation Orchestrator deployment and setting the property value to the desired number of metamodels. Adding more than 20 models can consume excessive memory and lead to instability of the Automation Orchestrator deployment. 

Resolved Issues

  • User cannot change the status of the Enable Features option under the Help panel

    When the Enable Features option (Support Requests and Feedback) is deactivated for secondary tenants, the change is not applied and the settings stay active.

  • The Debugger does not step into sub-actions in the script of an action

    Previously, when debugging an action, the debugger did not step into sub-actions when the Step Into button is pressed. Now, the debugger steps into sub-actions when the Step Into button is pressed while debugging inside the action editor.

  • You receive a data collection error in vra-vcd-adapter when an imported cross-vdc network is present

    The VCD public cloud adapted fails when collection data about a VCD infrastructure object. This error occurs when there is an imported VDC network configured in the remote VCD tenant. This causes other VCD constructs to not be collected, including storage policies, datastores, VMs, volumes, and others.

    This issue is now resolved and you can collect data when using imported VDC networks, including VDC networks scoped to VCD data center groups. This allows the provisioning of compute workfloads connected to such networks while also leveraging integration capabilities such as IPAM, static and dynamic IP assignments, external IPAM integrations, and others.

  • The dynamic enumerations input for cloud templates cannot be validated if the actions return type is Array/Properties

    The validation fails when a cloud template includes a string enumeration input with a dynamic value with the Array/Properties return type containing only the properties value and label. With the latest release such issues are resolved by treating the Array/Properties value as an enumerated list of keys and values. For each properties element in the array, its corresponding list element has a key - the value of the label property, and value - the value of the value property.

  • The inputs for Constant values for the Form Designer action parameters of the array/number or array/date type behave as a single value

    This issue is resolved through changes made to the way in which the Form Designer handles these parameters.

    When the action parameters are of the array/string or array/number type, the input for Constant values is a Textarea, where you can enter the array elements values separated by commas.

    When constant action parameters are of the array/date type, an array input is used. This allows you to add or remove elements, while not adding any empty or incorrect values to the array. The parameter value is saved in the form schema as a string of ISO date-time strings separated by commas.

  • The PowerShell version of the PowerCLI container is now updated

    The PowerShell version of the PowerCLI 12 container is now updated from version 7.1 to the latest version of LTS 7.2.

  • Scheduled task inputs with a drop-down menu cannot be seen

    When scheduling a workflow with an input that requires a drop-down menu to be shown for value options, the menu with the value options gets cut off by the page footer.

    This layout issue is now fixed. As part of this fix, the pages for creating, editing, and viewing details of scheduled workflows are now unified. As a result, you can now update the input values of an existing scheduled task, instead of needing to create a new scheduled task. New values are applied from the first future run.

Known Issues

  • The Change Project process fails for multi-tenant environments in deployments with remote access

    This issue can occur if your deployment includes remote access with an authentication type other than publicPrivateKey. Other authentication types store their authentication credentials link and during the change project action, the remote access credentials are set with the tenant organization. The compute description is patched but with the owner context (because of reenterWithOwnerAuthContext logic) and have a provider organization. The authentication credentials are set in the tenant organization, but it is changed to the provider organization and the patch request fails with IllegalAccess exception.

    Workaround:

    A potential workaround is to update the cloud templates from which the deployments are created to use publicPrivateKey authentication type for remote access.

    remoteAccess:
  authentication: publicPrivateKey
  sshKey: ${input.sshKey}
  username: root

  • Drop-down menu values do not get reset to the last selected value if the action is re-triggered

    In cases where the valueOptions (dropdown, multiSelect, dualList, combobox, and others) are controlled by an external source, you might encounter this situation:

    1. You select a value from the drop-down menu.

    2. An action triggers, causing the menu to have zero options.

    3. The originally selected value is cleared from the UI control but is available on request.

    Workaround: Explicitly select the empty value if available.

VMware Aria Automation July 2023/8.13 What's New

  • Secure Host supports CIS Benchmark for RHEL9

    VMware Aria Automation for Secure Hosts now supports the CIS benchmark for RHEL9.

  • Command line support for configuring VMware Aria Automation Orchestrator

    VMware Aria Automation Orchestrator can now be configured through the command line interface (CLI) by using 'vracli vro' commands in addition to using the existing Control Center options. For information on configuring VMware Aria Automation Orchestrator with CLI commands, go to Configuring the Automation Orchestrator Appliance authentication provider with the command line interface and Additional command line interface configuration options.

  • Support for load balancer in GCP plugin

    It is now possible to create external global TCP Load balancers from the plugin based load balance resource.

    As part of load balance it is possible to:

    • Insert, delete, and update an instanceGroup resource

    • Add, remove, and list instances associated with an instanceGroup resource

    • Get and list healthChecks

    • Patch and update a healthCheck resource

    • Insert and delete backendService resources

    • Insert and delete forwardingRules

    • Get and list forwardingRules

    • Get and list backendService resource

    • Patch and update a firewall resource

    • Update and patch a backendServices resource

    • Get and list firewalls

    • Insert and delete firewalls

    • Insert and delete healthChecks

    • Support for get/list target pools

    • Patch set labels and set target on a forwardingRules resource

  • Onboarded deployments are compliant with Service Broker policy limits

    Deployments that include VM and disks are now compliant towards Service Broker policy limits. Onboarded deployments are counted towards the limits below:

    • org limit: CPU, VM count, memory, and storage

    • org user limit: CPU, VM count, memory, and storage

    • project limit: CPU, VM count, memory, and storage

    • project user limit: CPU, VM count, memory, and storage

    You can choose to allow onboarding resources to count towards limits by switching the option to do so to "on". By default, the option is "off", which is consistent with the previous behavior. 

  • VMware Aria Automation billable object visibility

    VMware Aria Automation is introducing an ability for administrators to view a summary of billable objects under management via API and UI. In addition, the resource center inside Aria Automation Assembler and Aria Automation Service Broker is being enhanced to provide the ability to filter out billable resources by themselves or in combination with any other filters that are already supported. Learn more about billable objects.

  • Day 2 action to change performance tier of Azure storage disks

    VMware Aria Automation now supports the modification of an Azure storage disk's performance tier as a day 2 action. You can now see a day 2 action available on these disks that allows you to modify the perforance tier of the disk as needed.

  • Rebuild virtual machine for Onboarded and Migrated vSphere workloads

    Following the last release of Rebuild Day2 action, we now support Rebuild actions for onboarded vSphere workloads and vSphere workloads from the migration assistant tool. When an onboarded VM is selected to be rebuilt for the first time, the user can view and confirm the image selection.

  • Resource visualization Improvement

    In this release, Aria Automation includes these UI improvements for plugin based resource:

    •  Allocation helper properties can be collapsed

    • New category  to display generic idem resource properties.

    • Descriptions are added to parameters.

    • Added Breadcrumbs component to properties tooltip for backwards navigation.

    • When an Allocation Helper component is linked to an Idem resource directly in the canvas it populates the respective property binding automatically, whenever possible.

  • Support for service accounts in GCP plugin

    VMware Aria Automation users can now deploy GCP service accounts and service account keys using blueprints, catalogs and Idem service.

    Use case: 

    1. Create a service account

    2. Create a storage bucket

    3. Storage bucket should be accessible only through service account

  • Increasing inventory limits

    Plugin based framework now supports 250,000 idem resources in inventory. 

  • Custom Forms Versions Integrated with Content Items

    Service Broker custom forms versions now includes these improvements:

    • You can customize root-level blueprint-based content items. 

    • You can create a custom form for specific blueprint versions, by clicking on the details panel and then on the name of the version (now shown as link) to open the Form Designer for this specific version.

    • The addition of a "Disable custom form" button in the action menu in the details panel, which disables the custom form for that specific blueprint version

    • New column in the blueprint version table that indicates whether this version has a version-specific custom form.

    • The button "Delete custom form" is re-labeled as "Delete version-specific custom form" in the datagrid action menu located in details panel.

  • Remove node.js 14 from runtimes and polyglot

    Scripting elements created for Node.js 14 will be automatically switched to run on Node.js 18.

  • Python 3.7 is deprecated and will be removed in next releases

    Deprecation notice

    Python 3.7 is will reach End-Of-Life on 27 of July 2023. Python 3.7 runtime is now deprecated and will be removed from Aria Orchestrator starting with the October 2023 release. Customers are advised to start using Python 3.10 runtime. This applies to both Aria Orchestrator and ABX services.

  • Optionally neglect CPU/Memory of powered off VMs in resource quota policy

    You can now choose to neglect CPU and memory consumed by powered-off virtual machines (VMs) in a resource quota policy. This allows users who are restricted by a resource quota policy to provision VMs even though they have surpassed CPU or memory quotas if some VMs that are being accounted for in the quota are powered-off. 

  • Unregister provisioned machines Day2 action

    You can now unregister Aria Automation provisioned vSphere virtual machines from Aria Automation as a resource day2 action. When you unregister a provisioned VM, it is removed from the Aria Automation inventory but remains the same in vCenter as it was before performing the action. This virtual machine is then moved and listed as a "discovered" VM in Aria Automation and can be onboarded, if needed.

    Note: When a provisioned VM is unregistered, its deployment remains in place.

  • The package signing certificate can now be changed using the "Generate Package Signing Certificate" workflow

    The package signing certificate can now be changed using the "Generate Package Signing Certificate" workflow instead of using the Control Center.

  • PowerCLI 11 runtime is deprecated

    Deprecation notice

    PowerCLI 11 (PowerShell 6.2) runtime is deprecated and will be removed from Aria Orchestrator starting with the October 2023 release. Customers are advised to start using PowerCLI 12 runtime.

  • Qualys Vulnerability scan imports via API with Aria Automation Secure Host

    Aria Automation Secure Host now supports direct import of Qualys vulnerability scan results via API.

Known Issues

  • You receive a error status code 500 when a extensibility action content source has its "shared" field value as NULL

    When your project includes extensibility actions, the number of items shown on the Content Source page includes fewer actions than the total number of actions included in the project. For example, you might see five out of ten actions shown in the Number of items field and red exclamation mark next to it. This means that not all actions are synchronized in the content source and that the problematic actions are not available for use in the Catalog.

    Workaround: See KB93437.

Resolved Issues

  • Approval Policy Notifications with AD Group as the Approver

    Previously, email notifications were not sent for an approval request when the approver group was an Active Directory group. Now, a notification email is sent to the AD group configured as the approver.

  • Pushing subscription from vRA 8.8.2 on prod and pre-prod the event "Custom resource post provision" is activated thrice

    When a Custom Resource is provisioned in HA environment, sometimes the "Custom resource post provision" event was posted many times because of synchronicity issues between nodes. This usually happened when the workflow that provisions the Custom Resource ran for more than 2-3 minutes and there was a blocking subscription on the "Custom resource post provision".

  • Aria Automation Secure Host includes CVE information for all architecture types for a RHEL based system

    Aria Automation for Secure Hosts now lists the CVE/Patch information based on the architecture type of the RHEL based system. For example: Power PC, X86_64.

  • Downloading Automation for Secure Hosts assessment results sometimes does not work

    Previously, downloading the compliance report using the download button in the JSON format sometimes did not work. This is now resolved and works as expected

  • Performance issues could occur for growing target groups in Aria Automation Config

    In some cases, performance issues could occur in Aria Automation Config and due to growing target groups.

VMware Aria Automation June 2023/8.12.2 What's New

  • Continued management of workloads failed over by SRM

    When workloads managed by Aria Automation are protected by and failed over by VMware Site Recovery Manager (SRM) to a secondary site, Aria Automation users can now continue managing that workload and it's associated networks and disks. The workload is visible in Aria Automation with updated properties to reflect any changes as a result of the workload movement, and the day 2 actions are still available.

    Note: This initial feature release supports vSphere machines, with vSphere attached disks and vSphere networks

  • Support for VM snapshots in GCP

    Plugin based framework in Aria Automation supports the following use cases on snapshot:

    Use case 1

    Creation of a new snapshot from a disk resource while creating a new deployment using a blueprint

    For example, the VCT  YAML block can have a create a disk, and in the same VCT another YAML block to create a snapshot right after the disk (above) gets created.

    When you create a deployment with this VCT, a disk is created and a snapshot is taken.

    Use case 2

    Deletion of an existing snapshot 

    Deleting a snapshot from Delete action

    Use case 3

    Update an existing snapshot (eg. set labels)

    Snapshot can be updated while updating an existing deployment using a VCT

    Use case 4

    Restoring a disk from a snapshot (using a blueprint)

    In the VCT, a disk can be created and have a snapshot taken of it. Then, you can create another disk out of that snapshot (specified via 'source_snapshot' property).

  • Support for managing disks resources in GCP

    VMware Aria Automation supports  storage profiles, attach, detach a disks , encryption for GCP resources in plugin based architecture

    It has the capability to manage simple as possible disk resource in GCP plugin to attach to a request to create a VM instance.

    This includes:

    • Disk creation (present)

    • Disk deletion (absent)

    • Disk display (describe)

    Added support for DiskTypes resource as in https://cloud.google.com/compute/docs/reference/rest/v1/diskTypes

    It is possible to attach or detach a disk to an instance resource. Aria Automation also supports adding or removing one or more ResourcePolicies from a disk resource. It also supports Customer Managed Encryption Key (CMEK). If auto delete flag  is set, then the disk is also deleted when the instance is deleted. It is possible to attach labels to disk.

    Aria Automation supports both  both boot and non-boot (data) persistent disks. All the properties that are available in GCP will be available through Aria Automation. 

  • Support for AWS subnet and Test feature in VCT

    VMware Aria Automation June 2023 includes these improvements:

    • AWS subnet resource is available in assembler.  This can be used in VCT and create catalog

    • Provides the Public IP and list of NICs connect to  AWS's EC2 instances

    • Provides the list of volumes with their properties for AWS EC2 instances. The Test functionality is now fully enabled to test VCT containing plugin based resources

    • Basic approval support is added allowing the approver to approve or reject deployments 

    • Support VCT dry run for allocation resources

  • Support for managing network resource in GCP

    VMware Aria Automation supports provisioning of network resources on Google Cloud Platform (GCP) . This is now possible through the  plugin based architecture. Network object was not available in classic GCP VM object. With plugin based architecture it is possible to create, update, and delete network objects.

    Google Cloud VPC Network Peering connects two Virtual Private Cloud (VPC) networks so that the resources in each network can communicate with each other. Plugin based architecture supports addPeering, removePeering, updatePeering, switchToCustomMode, patch, and getEffectiveFirewalls.

  • Support for storage buckets in GCP plugin

    The Buckets resource represents a bucket in Cloud Storage. 

    VMware Aria automation supports creating and deleting a Bucket resource in GCP. It also provides the ability to patch and update a storage bucket/

    The StorageBucket Resource is managed with default access control and they can be patched and updated.

    Aria Automation also provides an option to lock the retention policy of a Bucket resource.

  • Support for GPU for VMs in GCP plugin

    VMware Aria Automation supports the creation of GCP VMs with a specific number of GPU resources.

    The plugin based architecture provides all properties that are available in GCP instead of a predefined set by Aria Automation. This includes a GPU property that was not available in classic GCP VM object in Aria Automation. However, with plugin based architecture, the GPU property is available in Assembler where the user can provide the inputs for this.

    The number of GPU can be provided in YAML.

  • Storage policy support for plugin based resource

    VMware Aria Automation now supports Storage policies for VCT to have resources from plugin based architecture. 

    Storage Allocation supports cloud specific inputs. Storage profile filtering logic is same as for classic resources.

  • Manage shielded instance resources in GCP

     VMware Aria Automation supports the creation of shielded instances in GCP by using the shielded property. It provides a capability to identify shielded instance.

    It is possible to set a shielded instance integrity policy to a GCP VM resource. It is also possible to update a shielded instance config of an instance resource.

  • When onboarding machines, ability to also onboard the connected NSX-T networks

    When virtual machines are onboarded, you can now also onboard connected NSX networks. As part of that, the networks appear in related deployments and the VM IP address state will be maintained when VM is removed.

  • Support for GCP VMs

    VMware Aria Automation supports the provisioning of virtual machines (VM) hosted on Google Cloud Platform (GCP). This is possible through the  plugin based architecture. The classic GCP VM objects in Aria Automation that are available in assembler has limited set of properties. However, with plugin based architecture, the VM objects provide all properties that are available in Google Cloud Platform.

    The benefits of this is that the user can provide inputs for all or any of the properties instead of a predefined set by Aria Automation. For example, a GPU property that was not available in classic GCP VM object in Aria Automation. However, with plugin based architecture, the GPU property is available in assembler where the user can provide the inputs.

Known Issues

  • Boot disk is provisioned on a datastore that does not match storage profile constraints

    During the allocation phase of a deployment, when a datastore is being selected for the disks included in the deployment, it is possible that the storage profiles are not taken into account. Therefore, a datastore that does not match the constraints set by the storage profiles can be selected for the disk.

    This issue can happen:

    1) Only when the configuration property PREVENT_COMPUTE_STORAGE_OVERALLOCATION is set to true (which is false by default).

    2) Only when running 10 or more deployments in parallel.

    Starting 8.11.2 and higher, this issue is now fixed. During VM deployment, boot disk is provisioned on a datastore that matches the expected storage profile constraints.

  • Virtual Machine (VM) deployments fail with "Getting virtual machine on NSX-T policy endpoint"

    Special characters cannot be used in the name of a VM when NSX tags are used.

    No workaround.

  • Integrate plug-in version 0.21.0 into project Flagman

    In cloud templates for idem.gcp resources, users should use type_ and not type.

    There are two different identified cases:

    In instance -> network_interfaces, the property type_ can easily be mistaken and written as type. If type is used, VMware Aria Automation does not notify the user (as expected), but the property is skipped over and the wanted value is not set.

    network_interfaces:
        - access_configs:
            - kind: compute#accessConfig
              name: External NAT
              network_tier: PREMIUM
              set_public_ptr: false
              type_: ONE_TO_ONE_NAT
          kind: compute#networkInterface
          name: nic0
          network: https://www.googleapis.com/compute/v1/projects/tango-gcp/global/networks/default
          stack_type: IPV4_ONLY
          subnetwork: https://www.googleapis.com/compute/v1/projects/tango-gcp/regions/us-central1/subnetworks/default

    The other use case is in disk. The last property type_ can easily be mistaken and written as type. This leads to the same result as described above - the user is not notified in any way, the property is skipped over, and the value is set to the default value, not the specified value in the cloud template.

      Idem_GCP_COMPUTE_DISK_2:
    type: Idem.GCP.COMPUTE.DISK
    properties:
      name: e2e-idem-disk-2-${input.UUID}
      account: ${resource.Allocations_Compute_1.selectedCloudAccount.name}
      size_gb: 1
      project: ${resource.Allocations_Flavor_1.selectedCloudAccount.additionalProperties.gcp.project}
      zone: ${resource.Allocations_Compute_1.selectedPlacementCompute.name}
      type_: ${'/projects/' + resource.Allocations_Flavor_1.selectedCloudAccount.additionalProperties.gcp.project + '/zones/' + resource.Allocations_Compute_1.selectedPlacementCompute.id + '/diskTypes/pd-ssd'}

     

    No workaround.

Resolved Issues

  • Unable to configure LDAP Authentication

    Previously, the LDAP integration caused searches for LDAP users and groups to be scoped too widely.  For very large directories, this meant that sometimes users and groups that definitely existed in the directory could not be found because of Active Directory enforced limits on number of records returned.

    Additionally, the usernames or group names would appear in the list of checkboxes, but after checking them and clicking 'save', the selections were not maintained and the checkboxes would be empty again.

    Now, this has been corrected and no longer occurs. However, if after upgrading to 8.12.2, you are still experiencing situations where Aria Automation Config cannot seem to find existing users and groups, you can add additional qualifiers to the User Search DN Filter and Group Search DN Filter:

    • For example, assuming your corporate directory has a BaseDN of 'dc=corp,dc=example,dc=com'.  Users that should be allowed access to AAC belong to the Active Directory Security Group with a distinguishedName of 'cn=ops,cn=groups,ou=Engineering,dc=corp,dc=example,dc=com'. You can set the Group Search DN Filter to 'cn=groups,ou=Engineering,dc=corp,dc=example,dc=com'.  This would scope the list of groups to all groups in the Engineering OU, which would be far less than all groups in the directory.

    • If you want to set permissions directly on users, you could set the User Search DN Filter to just return users in the Engineering OU with this filter: ou=Engineering,dc=corp,dc=example,dc=com'.  This would cause only Engineering users to show in the user lists.

    It's important to remember that these are only search filters.  When users and groups are checked in the Users and Groups tab in the Authentication workspace, AAC saves the distinguishedName of the users and/or group and creates a link internally to the distinguishedName.  LDAP-based servers can always look up an object by distinguishedName.  Changing the search criteria on the initial authorization tab will not remove these links, it will just change the lists of users and groups that can be found and selected.

  • Timeout errors would occur when AD/LDAP was used to authenticate Ansible Tower with Aria Automation

    Previously, Basic Authentication was used to authenticate Ansible Tower with Aria Automation. This would cause timeout errors when AD/LDAP credentials were used.

    With this release, Aria Automation now uses OAuth2 Token Authentication to connect with Ansible Tower (based on Red Hat Ansible Platform recommended approach). For more information see the Summary of Authentication Methods in Red Hat Ansible Tower blog.

  • Workflow Request Runs are deleted after 24 hours regardless of their status

    In previous releases, a scheduled job would delete all requested workflow runs older than 24 hours, regardless of their status. This resulted in errors when a workflow run took longer than 24 hours to complete. To resolve this issue, we have made improvements to the deletion process and introduced changes to the query.

    • Updated the scheduled job to consider the final statuses of workflow executions as a part of the deletion process.

    • Modified the query to ensure that only workflow runs with final statuses are taken into account for deletion.

    These enhancements ensure that workflow executions remain open until they reach a final state

  • The external validation parameter bound to the Request Info projectId field has a null value

    This issue occurs when a day2 custom form has an external validation element with the parameter bound to the Request Info > Project ID field. When running the validation action, the projectId value is null. This issue does not have a workaround and is fixed for the 8.12.2 release.

  • Can't scale a load balancer through the IaaS API

    When Aria Automation creates a load balancer, we check to see if there are 0 machines, if so we skip creating Pools/Virtual Servers/etc. When scaling out a load balancer, it will fail if there are 0 Pools since Aria Automation does not have logic to create these resources during update time.

    Aria Automation now includes a feature toggle to always create Pools/VirtualServers/etc. no matter how many machines are attached to the load balancer. This means that when a load balancer with 0 machines is created, Aria Automation creates Pools for it, and when you scale out you do not encounter a no pools error message.

    To enable the new behavior, set "nsxt.policy.create.lb.resources.without.machines" (via the Configuration Properties UI) to true before provisioning a load balancer.

  • When you have a switch in a Automation Orchestrator workflow the step does not run

    In product versions 8.11.0 and 8.11.1, when workflow elements are dropped on an arrow going out of a switch element, they are not performed when the workflow is run.

  • Setting parameters for Cloud.Service.AWS.API.Gateway.Method

    In previous releases, users of Aria Automation Assembler resource Cloud.Service.AWS.API.Gateway.Method were able to set the property value for method.request.querystring.tableName with string values like 'true' or 'false'. Starting this release, users are required to use boolean literals instead of string values. Using string values will result in failure to udpate the property value. 

    APIMethod:

        type: Cloud.Service.AWS.API.Gateway.Method

        properties:

          request_parameters:

            # Please use boolean literal values true or false instead of 'true' or 'false'

            method.request.querystring.tableName: true

  • Remove the functionality of the saveToVersionRepository scripting method

    Performance issues were caused by a version history repository storing a large amount of versions of configuration and/or resource elements, as a result of automated version generation caused by saveToVersionRepository method calls.

    The functionality of the saveToVersionRepository method, that is exposed to ConfigurationElement and ResourceElement instances in the Automation Orchestrator scripting API, has been removed. The method is still available in the Automation Orchestrator scripting API, however it simply generates a log message as part of the Workflow logs that states that it is no longer functional and that it will be removed in a future release. The method has been marked as deprecated.

    Whenever users, who have a Configuration or Resource element which has been updated from both the Automation Orchestrator client and the Automation Orchestrator scripting API (Workflow runs), decide to Pull from or Push to a remote Git repository with which they have an active integration, the current state of the given Configuration or Resource element will be used, given that the Configuration or Resource element is affected by this operation.

    Automation Orchestrator workflow developers should revise any workflows and/or actions which previously called the saveToVersionRepository method and remove those calls from their code.

  • Creating instances with status other than RUNNING does not get applied

    Google Compute Engine automatically starts newly deployed instances. Previously, idem-gcp plugin simply ignored the value of status property, (optionally) passed as part of the SLS used to create the instance.

     This is resolved by having the idem-gcp plugin fetch the value of this property and try to put the instance to the desired state specified by this property immediately after the instance is deployed.

  • Rest plugin does not handle API keys for authorization

    The VMware Aria Automation Orchestrator HTTP REST Plugin did not handle the authorization of APIs with custom defined API keys in the past.

    As a result, when invoking operations such as REST APIs from workflows, inputs for API keys did not appear in the workflow form.

    With this resolution, the REST plugin is able to parse api Key authorization with input type “header”  and “query” for both Swagger2 and OpenAPI3. As a result, the user is able to give values for these input types on workflow forms. 

  • When running a simple VM deployment, with the configuration property PREVENT_COMPUTE_STORAGE_OVERALLOCATION set to true. There is a chance that the boot disk is provisioned on a datastore not matching the storage profile constraints.

    During the allocation phase of a deployment, when a datastore is being selected for the disks included in the deployment, it is possible that the storage profiles are not taken into account. Hence, a datastore that does not mach the constraints set by the storage profiles could be selected for the disk.

    This issue can happen:

    1) only when the configuration property PREVENT_COMPUTE_STORAGE_OVERALLOCATION is set to true (which is false by default);

    2) only when running 10 or more deployments in parallel;

    Resolution: Starting 8.11.2 and higher, this issue is now fixed. During VM deployment, boot disk is provisioned on a datastore matches with the storage profile constraints as expected.

VMware Aria Automation May 2023/8.12.1 What's New

  • Ability to re-provision a vSphere machine through day 2 action

    This day2 action replaces the existing VM with a brand new VM, configured by the same name, ID and IP assignment. The action is available by default for assembly admins, service broker admins, project admins, and deployment owners. 

    Note: In order to rebuild a day2 action:

    1. A non-persistent disk attached to a VM is wiped clean once a rebuild action is called on the VM.

    2. If there's an FCD present, the FCD is detached from the VM but remains unchanged when rebuild action is called.

    3. Rebuild is applicable to VM at all states except the Missing State.

    4. Limited to deployed vsphere VMs only in this release. 

    5. Onboarded and Migrated vshpere VMs are not supported in this release.

    6. Rebuild action can take a longer time when compared to other day 2 actions as it involves re-provisioning the VM.

    It is advised to take a snapshot of the resource before performing Rebuild Day2 operation.

  • Ability to reserve/unreserve an IP address to make it unavailable/available for deployment

    You can query available IP addresses from Aria Automation internal IPAM and reserve one or more IP addresses to make them unavailable for a deployment. These operations are supported via API only. See the Managing IP Addresses section in the API programming guide for additional information.

Known Issues

  • Using Python scripts with the latest version of the requests library or urllib3 v2 client causes extensibility actions to fail with a "urllib3 v2.0 only supports OpenSSL 1.1.1+" error.

    The latest version of requests library and urllib3 v2 currently cannot be used in extensibility actions, as these dependencies require an OpenSSL version later than 1.1.1.

    Workaround: In the dependencies text box of the extensibility action editor, specify a version of the request library that is earlier than 2.29.0, or if you are using urllib3, specify a version that is earlier than 2.

  • After upgrading, if the deployment specifies a boot disk size that is less than the image boot disk size, the deployment will fail.

    This known issue occurs when upgrading to 8.11.1 and later.

  • Workflows for Aria Automation user interaction times out if there is no response for a long time

    Manual user interactions cannot be answered from Aria Automation if more than 24 hours have passed, however, they can still be answered from Automation Orchestrator. On an attempt to answer the manual user interaction from Aria Automation, this error message appears:

    "Could not process request due to: Could not find information about request ID: '<request id>' for resource: '<resource id>'"

  • When creating an instance, creating disks with labels fails due to unexpected snake case transformation

    This is a bug that is a part of a very unlikely scenario. 

    On instance creation, when a user attempts to create an instance with disks, using initialize_params and assigns labels to that disk that contain snake case format (ex. "first_key": "first_value"), the key will be converted to "firstKey" which is not a valid label format. 

    It is recommended to add the labels separately using the disk resource, or use an underscore in the label key.

  • Python packages not downloading from private registries that require setuptools

    When using a private python repository that is based on setuptools package, the dependencies cannot be downloaded.

  • Creating instance with status other than RUNNING does not get applied

    When a new VM instance is created, the Google Compute Engine automatically provisions it in a RUNNING state, even when the deployment template specifies another desired runtime status (eg. TERMINATED).

Resolved Issues

  • Azure Premium SSD Disks with Invalid Performance Tier

    When provisioning an Azure Virtual Machine with an attached Premium SSD storage disk, Aria Automation allows users to select non-compliant performance tiers that are not compatible with Premium SSD disks.

    When deploying to Azure the performance tier is updated to a compliant option in Azure, but Aria Automation shows the previously non-compliant selection. The same behavior is present when customers resize these disks through Aria Automation regardless of if the disk is attached to a VM or standalone. Customers should cross-reference Azure documentation to select appropriate performance tiers. 

  • Exporting a Package with “Edit contents” unlocks system content

    Plugin content (e.g. Workflows) are no longer be affected by the "View contents", "Add to package" and "Edit contents" settings of imported packages.

  • Ensure vCOIN plugin appears as VMware Certified

    VMware Aria Automation Orchestrator Plugin for vSphere Web Client was showing as not VMware Certified in the Client Plugins section of the vSphere Client.

    This has been fixed in the latest release and the plugin would list as VMware Certified for new registrations. Already existing plugin registrations need to be re-registered to be shown as VMware Certified.

  • Workflow developers can override content that is not part of their permissions

    The Automation Orchestrator shows an alert when the currently logged in user does not have permissions to override specific elements they are trying to import with a package and these elements are not selectable within the package import dialog.

    The REST API will now return error within the response, when the user does not have permissions to override content.

  • Changes to Aria Automation Per-user session token authentication

    Customers using Aria Orchestrator plugin for Aria Automation with 'Session Per User' connections were facing the issue of user access token being stale and incorrect when used with multiple user log-ins. This impacted all the Aria Automation API calls using Session Per User for workflow, action and inventory look-ups resulting in failures/incorrect API responses when executed both from Aria Automation or Aria Orchestrator.

    Starting this release, the Orchestrator plugin for Aria Automation includes a fix to correctly handle the user Access tokens. All workflows, actions, inventory lookups using Session Per User to execute Aria Automation APIs should work seamlessly when executed directly from Orchestrator or through Aria Automation when used in multiple logged-in user environments.

  • Pushing an object using the version button after changing the remote branch results in all local changes being pushed

    Whenever you had an integrated active remote Git repository and you attempted to push a single content object using the Version button, items outside of the one selected, could be pushed to the remote Git repository. This issue could occur after a Remote Branch change, or after switching between active repositories.

  • Revisit content sharing policy to use content-sources rather than content-items when source is present in policy

    Content sharing policy updates for this release include:

    1. Content Sharing policies with content-sources are now enforced with sources as the target and not the content-items within the content-source. The enforcements tab now shows content-sources as the target item as well 

    2. Once Aria Automation is upgraded to 8.12.1 or higher all content-sharing policies are reinforced one time to allow changes from point 1 to be incorporated. This is a one time action where the re-enforcement is scheduled evenly over the first two hours.

VMware Aria Automation April 2023/8.12.0 What's New

  • Introducing the New VMware Aria Family Name

    Introducing the New VMware Aria Family Name!

    The Merriam-Webster dictionary defines an aria as “an accompanied, elaborate melody sung (as in an opera) by a single voice.” VMware Aria – a single cloud management solution – is the voice that promises to remove multi-cloud complexity that manifests itself as so much “noise” and restore melodious, harmonious cloud operations back to our customers.

    Note:

    • Users may have to delete cookies/ refresh cache for rebranding changes to get reflected on some pages.

    • Older events generated by the system (e:g in Audit logs) will not contain rebranded names.

  • New Aria Automation unified tile with rebranded service names (SaaS only)

    All Aria Automation Cloud services are grouped under a unified service "Aria Automation" tile. Depending on the user license and role, you will see "Aria Automation Assembler" (formerly Cloud Assembly), "Aria Automation Service Broker", "Aria Automation Pipeline" (formerly Code Stream) and "Aria Automation Config" (formerly SaltStack Config) as a family of services under "Aria Automation".

    A new landing page also explains the details of this new structure and provides an introduction to Aria Automation. A new service switcher enables quick and easy navigation between services under Aria Automation. This configuration will be seamlessly enabled for all Aria Automation users.

    Note: This is not available for users accessing existing Aria Automation services from VMware Cloud Partner Navigator. In that scenario, the experience is not changed.

    You might have to delete cookies/ refresh the cache for rebranding changes to get reflected on some pages.

    Older events generated by the system, for example in Audit logs, will not contain rebranded names.

    For more information on VMware Aria Automation, see the Getting Started with VMware Aria Automation guide.

  • New timeout options for extensibility action flows

    Users can now choose from two options for the setting maximum timeout during the initialization of ABX action flows:

    • Set timeout value up to 5 hours

    • Set no limit for flow run by leaving the timeout text box blank

  • Ability to use Aria Automation to provision storage disk with thin provisioning type

    You can now set the provisioning type as thick/thin/eager or both on the storage profile and in cloud template as a property in attached disks. 

    When the thin provisioning type is used, disk provisioning will proceed successfully even if there is not enough space in the datastore.  This feature will be available for attached/independent disks. 

  • Introducing a new plug-in architecture for faster access to updated Native Public Cloud provider settings and a more agile Automation Assembler user experience

     Public cloud resources are continuously updated with new properties and operations. To enable quicker public cloud resource consumption, Aria Automation delivers new plug-in based designs and deployments model in Automation Assembler. The plug-in architecture results in faster access to updated provider settings and a more agile Automation Assembler user experience. When a cloud provider, such as AWS, adds more resources and properties, those resources and properties are easily added to the associated plug-in.

     Allocation policy is available for all new cloud resources. These resources can be used to create Virtual Cloud Templates and can be exposed as catalog items.

    This new architecture allows us to deliver new AWS services like EC2, S3 bucket, GP3, IO2 in cloud assembly canvas.

    Notes:

    • 8.12 on-prem Aria Automation requires 48GB of memory. Before upgrading make sure you have secured the required memory.

    • Some components are beta

  • Ability to filter Audit Log from Aria Automation

    The Audit Log now allows administrators to track usage and consumption with Aria Automation. This feature includes these enhancements:

    • Filter search for audit logs

  • Ability to display version history for content sources in Custom forms

    Custom forms in Aria Automation Service Broker now supports version history. Additionally, you can now apply custom forms to different versions of VMware Cloud Template.

    The custom forms author can now:

    • Create multiple versions of a custom form

    • Review a list for all versions of a custom form

    • Restore to a previous version of the custom form

    • Create a new version of custom form based off the latest custom form version

    • Attach a custom form to a specific version of the content source item (only for Cloud Templates)

    Note: Legacy custom forms (migrated from previous versions of Aria Automation) are bound to and shared across all versions of a specific Cloud Template. If you delete the legacy custom form, it is deleted for all versions of the Cloud Template. If you want to bind a legacy custom form to a specific version of Cloud Template, you need to Enable/Disable the custom form for that specific version of Cloud Template by clicking the Cloud Template version -> Customize form -> Enabled/Disabled -> Save button.

    For more information on version history for content sources in custom forms, see the Custom Forms Version History Blog Post.

  • Upcoming deprecation of the Virtual Private Zones functionality

    VMware is announcing intent to deprecate Virtual Private Zone and image mapping from provider to child tenant's functionality. All customers using this functionality should start making plans to remove the configuration as the functionality will be removed in a future Aria Automation release with exact dates along with additional guidance to be announced. Please reach to your VMware contact for more information.

  • IaaS API - Support for creating IPAM integration endpoint

    Previously, there was no API to create an IPAM integration endpoint in Aria Automation. Now, there is an API that allows admins to perform this task without going to UI. For information on how to use the IPAM integration endpoint, refer to How do I import an IPAM package.

  • Ability to run Custom Actions and Out Of Box Day2 Actions in parallel

    VMware Aria Automation supports custom actions and out of box actions running on same resource or deployment, with these considerations:

    • The custom action has to start first before the out of box action

    • If there is one resource out of box action in progress, you can not start another action (neither custom action nor out of box action) on same resource or deployment; If there is one deployment out of box action in progress, you can not start another action (neither custom action nor out of box action) on same deployment or any of the resource

    • If there is one resource custom action in progress, you can not start another custom action on same resource or deployment; If there is one deployment custom action in progress, you can not start another custom action on same deployment or any of the resource

    • If there is in progress request on resource, day2 actions which end up deleting the resource will be blocked (e.g. deployment.delete, deployment.update, machine.delete, machine.remove disk). However, the removal operations (except the deployment related) are still allowed through IAAS API's

    • Parallel running actions might fail if they are conflicting with each other: running a custom action to install apache on a machine and out of box action Reboot on the same machine at the same time

  • Ansible Automation Controller (previously Ansible Automation Tower) Support

    Aria Automation supports Automation Controller (previously Ansible Tower), which is part of Ansible Automation Platform.

  • Ability to change project on a deployment that contains migrated, provisioned, and onboarded resources

    You can now use the change project functionality on deployments that contain any combination of deployed, migrated and onboarded resources.

    Supported resources include these resource types and constraints: Deployments with deployed resources can contain virtual machines, disks, load balancers, networks, security groups, Azure groups, NATs, gateways, custom resources, Terraform configurations, and Ansible and Ansible Tower resources.

Automation Config What's New

  • Display latest salt grains data to users of Cloud Assembly for a more detailed resource view

    For VMs deployed using Automation Assembler with a Config resource, the latest salt grains data is displayed in the resource view (updated periodically every 6 hours).

Automation for Secure Hosts What's New

  • VMware Aria Automation for Secure Hosts supports CIS Benchmark for Windows 2022

    VMware Aria Automation for Secure Hosts now has the latest CIS benchmark for Windows Server 2022.

Automation Orchestrator What's New

  • VMware vCenter 8 APIs are now available through the Automation Orchestrator plug-ins

    The following VMware vCenter APIs are now available through the Automation Orchestrator plug-ins:

    • VMware vCenter 8 API through VMware Aria Automation Orchestrator Plug-in for vCenter Server

    • VMware vCenter 8 Update Manager API through VMware Aria Automation Orchestrator Plug-in for vSphere Update Manager

    • VMware vCenter 8 Auto Deploy API through VMware Aria Automation Orchestrator Plug-in for vSphere Auto Deploy

    All new features and APIs definitions can be found here. The vSphere Management SDK is a bundle that contains a set of vSphere software development kits: vSphere Web Services SDK, vSphere Storage Policy SDK, vSphere Storage Management SDK, vSphere ESX Agent Manager SDK, and SSO Client SDK. These SDKs provide documentation, libraries, and code examples needed for developers to rapidly build solutions integrated with VMware virtualization platforms.

Known Issues

  • Service and role names are replaced with old values when deploy.sh is ran for second time

    This important issue has been identified with the Aria Automation 8.12 release. Refer to KB 92018 for more details before upgrading or installing.

  • Some services are not accessible after associating a tenant with Aria Automation 8.12 through LCM

    After associating a tenant with VMware Aria Automation 8.12 through LCM, users may not be able to access the following services:

    • Assembler

    • Migration Assistant

    • Pipelines

    • Config 

    Workaround:

    1. Login to the tenant as a user with Organization Owner privileges.

    2. Under Identity & Access Management, click the Active Users tab.

    3. Select the affected user and click Edit Roles.

    4. To grant the user access to Assembler and Migration Assistant, click Add Service Access and select Cloud Assembly.

    5. To grant the user access to Pipelines, click Add Service Access and select Code Stream.

    6. To grant the user access to Config, click Add Service Access and select SaltStack Config.

  • The Automation Orchestrator debugger does not step into sub-actions

    The Automation Orchestrator action debugger does not step into inner actions called using the System.getModule(module).action() method.

    Workaround: Use the root action as the only element in a new workflow and debug the workflow using the workflow debugger.

  • Inconsistent performance tier information for Azure machine when managed disk is resized using day 2 actions

    When an Azure disk with a Premium managed disk is resized with day 2 actions in Aria Automation, the baseline performance tier is updated accordingly in the Azure portal. However, the performance tier remains the same in the template in the Aria Automation custom properties. This leads to inconsistent performance tier information.

    No workaround.

Resolved Issues

  • Boot disk is provisioned on a datastore does not match the storage profile constraints.

    When running a simple VM deployment, with the configuration property PREVENT_STORAGE_OVER_ALLOCATION set to true, the boot disk is provisioned on a datastore does not match the storage profile constraints. This issue can occur for versions older than 8.11.2.

    This issue can happen:

    1. When the configuration property PREVENT__COMPUTE_STORAGE_OVERALLOCATION is set to true (which is false by default)

    2. When running 10 or more deployments in parallel

    Resolution: Starting 8.11.2 and higher, this issue is now fixed. During VM deployment, the boot disk is provisioned on a datastore and matches the storage profile constraints as expected.

  • Check for read/write permissions of Aria Automation Orchestrator folders before running workflows

    The "Copy file from vCO to guest" and "Copy file from guest to vCO" workflows runs may fail due to read/write permission errors. When this happens, update the js-io-rights.conf with the desired read/write permissions for files and folders.

  • Aria Automation workflow run intermittently fails to continue after answering user interaction

    When a workflow is waiting for an input from a user, the workflow run does not continue after the user answers the user interaction. The issue can be seen intermittently when the token that was used to start the workflow run has been revoked.

  • In some scenarios users are not able to login to a provisioned VM using username/password

    After provisioning a VM with remoteAccess and usernamePassword authentication method, in some cases users were unable to login to the VM with the credentials from the Cloud Template.

    This issue is now fixed. After provisioning a VM, users can now login with username/password included in the Cloud Template.

  • Tags on Azure cloud zone and compute deleted after upgrade

    Previously, when upgrading to vRealize Automation 8.11.0, some users noticed that tags on Azure availability zone computes were no longer available. Now, tags are not deleted after upgrading to a new release version.

  • Running the 'vracli cap' enable/disable command that already has the same desired value returns error and non-zero exit code

    Previously, these commands would exit with a non-zero exit code if the given capability was already enabled (or disabled respectively).

    vracli capabilities <capability-name> --enable
vracli capabilities <capability-name> --disable

     With the latest fix, these are not considered an error anymore and the aforementioned commands will exit with exit code 0 in these situations.

     Impacts: For typical usage (manually running the command), there is no impact. If automated scripts use these commands and expect them to exit with non-zero status and the capability does not need toggling, they might need to be updated.

  • Not possible to add regex while comparing branch name in Git Webhooks

    You can pass regex as a branch name when configuring a Git webhook in Automation Pipelines.

    In previous releases, you were required to create a Git webhook per repository branch which resulted in multiple webhooks. Now, by providing a suitable regex, you can link a single webhook resource to multiple branches resulting in fewer webhooks both in Git and in Automation Pipelines.

  • New runtimes available in Aria Automation Orchestrator

    In previous releases of Aria Automation Orchestrator, polyglot library versions were NodeJs - 14, Powershell - 6.2 or 7.1 (PowerCLI 11 or 12), and Python - 3.7. Users were unable to add a package supported by newer version of Polyglot and faced the TLS should be 1.2 or higher error.

    Now, these new runtimes were added In Aria Orchestrator Polyglot - Powershell 7.3.3 and Python 3.10. Users are now able to update packages without error using these environments.  

  • Automation Orchestrator using credentials of currently logged in user when updating scheduled tasks

    Previously, when a user attempted to update a scheduled task that they had created, the Use current user button did not use the credentials of the logged in user. Now, the Use current user button uses the correct user credentials. 

API Documentation and Versioning

Important:

Advance Notice of an Upcoming Change

The Cloud Services Platform (CSP) will support Proof Key for Code Exchange (PKCE) authentication and deprecate non-PKCE authentication. If you are a VMware Aria Automation API user and you have an IP Authorization Policy configured in a customer organization using CSP, you will need to obtain the refresh token by following the CSP API documented in Get Access Token by API Refresh Token. The token obtained by following the IaaS API login endpoint documented in Get Your Access Token will be deprecated.

When the release date for this change is known, this notice will be updated.

Notice: Release Notes for previous releases are archived yearly:

API documentation is available with the product. To access all Swagger documents from a single landing page, go to:

  • https://www.mgmt.cloud.vmware.com/automation-ui/api-docs/ for vRealize Automation Cloud.

  • https://<appliance.domain.com>/automation-ui/api-docs for vRealize Automation 8.x, where appliance.domain.com is your vRealize Automation appliance.

Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API using the apiVersion variable before, you might encounter a change in an API response. Any API updates and changes are provided in the What's New section for each release.

For unlocked APIs, the default behavior varies depending upon the API.

  • For Cloud Assembly IaaS APIs, all requests which are executed without the apiVersion parameter will be redirected to the first version which is 2019-01-15. This redirect will allow every user who did not previously specify the apiVersion parameter to transition smoothly to the latest version without experiencing breaking changes.

    NOTE: For the Cloud Assembly IaaS APIs, the latest version is apiVersion=2021-07-15. If left unlocked, IaaS API requests will be redirected to the first version which is 2019-01-15. The first version is deprecated and will be supported for 24 months. To ensure a smooth transition to the new version, lock your IaaS API requests with the apiVersion parameter assigned to 2021-07-15.

  • For other APIs, your API requests will default to the latest version. If you select one of the earlier version dates listed for the Swagger spec, the API behavior will reflect APIs that were in effect as of that date and any date until the next most recent version date. APIs are not versioned for every vRealize Automation release and not all APIs support the apiVersion parameter.

For more information about using the apiVersion parameter, see the Programming Guides listed in:

API updates and changes for each release are covered in the following sections:

VMware Aria Automation August 2023 API Changes

The following table lists the API services with updates or changes since the previous release.

Service Name

Service Description

API Updates and Changes

IaaS

Perform infrastructure setup tasks, including validation and provisioning of resources in an iterative manner.

To access any updates or changes listed for the IaaS APIs, you must include apiVersion=2021-07-15 in your call. For example:

GET https://cloud.domain.com/iaas/api/zones?apiVersion=2021-07-15

(SaaS only) Updated endpoints to create a vSphere+ cloud account with either a type-agnostic or type-specific endpoint:

  • For the type-agnostic endpoint POST /iaas/api/cloud-account, specify "cloudAccountType": "vSphere" and include "environment": "aap" as either a cloudAccountProperty or a customProperty.

  • For the type-specific endpoint POST /iaas/api/cloud-accounts-vsphere, include "environment": "aap" in the payload.

VMware Aria Automation July 2023 API Changes

The following table lists the API services with updates or changes since the previous release.

Service Name

Service Description

API Updates and Changes

ABX

Create or manage extensibility ctions and their versions. Run actions and flows.

The source code limit for extensibility actions is increased from 32,000 characters to 128,000 characters. This does not affect extensibility actions uploaded as a ZIP file.

Deployment

Access deployment objects and platforms or blueprints that have been deployed into the system.

New endpoint returns the number of billable objects such as the number of VMs, CPUs, and CPU cores. The number is tied to the user's organization.

GET /deployment/api/billing-metrics

New Boolean parameter "billable" added for the following endpoint.

GET /deployment/api/resources

If set to true, the response includes information about billable resources.

New input parameter "imageRef" to specify the image when rebuilding a VM added for the following endpoint.

POST /deployment/api/resources/{resourceId}/requests

Sample payload to rebuild a VM with the image ID 205297c5c01c47e8f9f5451d8af9b87f64ed1bcd

{    "actionId": Cloud.vSphere.Machine.Rebuild,     "inputs": {        "imageRef": "/resources/images/205297c5c01c47e8f9f5451d8af9b87f64ed1bcd}  

NOTES:

  • To get the image ID, you can use GET /iaas/api/fabric-images

  • The image input is only required during rebuild if the image property is not set for the machine being rebuilt. This is usually the case for onboarded machines.

  • If the image is already set for a machine, the image cannot be modified and the "imageRef" input is ignored.

VMware Aria Automation June 2023 API Changes

The following table lists the API services with updates or changes since the previous release.

Service Name

Service Description

API Updates and Changes

Infrastructure as a Service

Perform infrastructure setup tasks, including validation and provisioning of resources in an iterative manner.

To access any updates or changes listed for the IaaS APIs, you must include apiVersion=2021-07-15 in your call. For example:

GET https://cloud.domain.com/iaas/api/zones?apiVersion=2021-07-15

New endpoints to get associated IP ranges for networks, fabric networks, and fabric vSphere networks:

  • GET /iaas/api/networks/{id}/network-ip-ranges

  • GET /iaas/api/fabric-networks/{id}/network-ip-ranges

  • GET /iaas/api/fabric-networks-vsphere/{id}/network-ip-ranges

VMware Aria Automation May 2023 API Changes

The following table lists the API services with updates or changes since the previous release.

Service Name

Service Description

API Updates and Changes

Infrastructure as a Service

Perform infrastructure setup tasks, including validation and provisioning of resources in an iterative manner.

To access any updates or changes listed for the IaaS APIs, you must include apiVersion=2021-07-15 in your call. For example:

GET https://cloud.domain.com/iaas/api/zones?apiVersion=2021-07-15

New and updated Network IP Range endpoints to support querying, allocating, and releasing network IPs:

  • GET /iaas/api/network-ip-ranges/{id}

  • GET /iaas/api/network-ip-ranges/{id}/ip-addresses

  • GET /iaas/api/network-ip-ranges/{id}/ip-addresses/{ipAddressId}

  • POST /iaas/api/network-ip-ranges/{id}/ip-addresses/allocate

  • POST /iaas/api/network-ip-ranges/{id}/ip-addresses/release

VMware Aria Automation April 2023 API Changes

The following table lists the API services with updates or changes since the previous release.

Service Name

Service Description

API Updates and Changes

Catalog

Access Service Broker catalog items and catalog sources, including content sharing and the request of catalog items.

New Catalog Admin Items endpoints to enable versioning custom forms:

  • GET /catalog/api/admin/items/{id}/versions

  • GET /catalog/api/admin/items/:id/versions/{versionId}

  • PATCH /catalog/api/admin/items/{id}/versions/{versionId}

CMX

When using Kubernetes integration, deploy and manage Kubernetes clusters and namespaces.

New input parameter "tagIds" added for the following Kubernetes Zones endpoints:

  • POST /cmx/api/resources/k8s-zones

  • PUT /cmx/api/resources/k8s-zones/{id}

Custom Forms

Define dynamic form rendering and customization behaviour in Service Broker and Assembler VMware services.

New endpoints to enable versioning custom forms.

Form Version endpoints:

  • GET /form-service/api/forms/versions

  • GET /form-service/api/forms/versions/{id}

  • POST /form-service/api/forms/versions/

  • PATCH /form-service/api/forms/versions/{id}/restore

Form Definition endpoints:

  • GET /form-service/api/forms/search

  • DELETE /form-service/api/forms/deleteBySourceAndType

Deployment

Access deployment objects and platforms or blueprints that have been deployed into the system.

New input option "expand=inprogressRequests" added for the following endpoints:

  • GET /deployment/api/deployments/{deploymentId}/resources

  • GET /deployment/api/deployments/{deploymentId}/resources/{resourceId}

  • GET /deployment/api/resources

  • GET /deployment/api/resources/{resourceId}

If used, the response includes a key-value pair for inprogressRequests where:

  • Key is count

  • Value is the total number of current requests

New Boolean parameter "inprogressRequests" added for the following endpoint:

GET /deployment/api/resources/{resourceId}/requests

If set to true, the response includes actively running requests only. Otherwise all requests are included.

Infrastructure as a Service

Perform infrastructure setup tasks, including validation and provisioning of resources in an iterative manner.

To access any updates or changes listed for the IaaS APIs, you must include apiVersion=2021-07-15 in your call. For example:

GET https://cloud.domain.com/iaas/api/zones?apiVersion=2021-07-15

New Package Import endpoints to support IPAM package import:

  • POST /iaas/api/integrations-ipam/package-import

  • OPTIONS /iaas/api/integrations-ipam/package-import

  • HEAD /iaas/api/integrations-ipam/package-import/{id}

  • PATCH /iaas/api/integrations-ipam/package-import/{id}

Added Project endpoints to get and updated zones associated with a project:

  • GET /iaas/api/projects/{id}/zones

  • PUT /iaas/api/projects/{id}/zones

New Tags endpoint to create tags:

POST /iaas/api/tags

Orchestrator Gateway

Run workflows and actions to automate complex IT tasks.

The following endpoints have been removed:

  • GET /vro/actions

  • POST /vro/actions

  • GET /vro/actions/{categoryName}/{actionName}

  • GET /vro/catalog/{namespace}/{type}/{id}/{relation}

  • GET /vro/catalog/{namespace}/{type}/{id}

  • GET /vro/catalog/{namespace}/{type}

  • GET /vro/catalog/{namespace}

  • GET /vro/catalog/types/{type}

  • GET /vro/catalog
check-circle-line exclamation-circle-line close-line
Scroll to top icon