VMware Telco Cloud Automation 3.1.1 Release Notes

VMware Telco Cloud Automation 3.1.1 \| 30 May 2024 \| Build - TCA: 23912982\| TCA Cloud Native: 23912405\| Airgap: 23915909

What's New

Updated Interoperability
GitOps - Alternative CNF Lifecycle Management Solution
CNF LCM Helm version updated to 3.13.0
Infrastructure Automation - Allow provisioning of ESX hosts with single physical NIC (PNIC) as uplink during RAN/cell site provisioning
VM configuration for ENS Receive Side Scaling (RSS)
vSphere CSI Container File Volume Security configuration support
VMware Aria Operations - Telco Cloud Automation Management Pack
TCA audit events in VMware Aria Operations for Logs

Updated Interoperability

VMware Telco Cloud Automation (TCA) 3.1.1 updates the interoperability to include Tanzu Kubernetes Grid 2.5.1.

With the update, VMware Telco Cloud Automation 3.1.1 updates the Kubernetes versions to 1.26.14, 1.27.11, and 1.28.7.

CIS hardening compliance for Photon 5 based BYOI templates.

Note:

Kubernetes versions 1.22 and 1.23 are no longer supported from this release. Kubernetes version 1.24 is scheduled to be EOL soon. Please contact your Broadcom representative for exact dates.

GitOps - Alternative CNF Lifecycle Management Solution

Environments where there is a large number of CNF instances running (typically RAN workloads) require a new approach for CNF LCM, for example, to automatically trigger the upgrade of multiple CNFs in parallel. To support such a use case, from this release, TCA offers an alternative way for CNF LCM besides the established ESTI NFV approach, i.e., managing GitOps based CNFs. Now the user can store the application's Helm charts and their DIP descriptions in a Git repository, register this repository as a partner system in TCA, then create an application based on that. The target cluster and namespace where to deploy it is defined during instantiation. Whenever a new commit is merged to the Git repository, the changes will automatically be made to the deployed application to match the desired state.

CNF LCM Helm version updated to 3.13.0

Helm version has been updated to 3.13.0 to align with our current supported application set. This is to ensure that TCA uses the same versions that the vendors test and use. This also eliminated some identified bugs in the previously used Helm version.

Infrastructure Automation - Allow provisioning of ESX hosts with single physical NIC (PNIC) as uplink during RAN/cell site provisioning

Certain customer scenarios mandate the use of single physical NIC as uplink for the DVS. This is a requirement in case RAN DU hosts in LLS-C1 configuration and TCA 3.1.1 allow this use case.

VM configuration for ENS Receive Side Scaling (RSS)

Receive Side Scaling (RSS) can significantly improve the performance of data plane network function as it allows multiple cores on the receive side for processing incoming traffic. It is supported by vSphere and NSX, and from this release, TCA exposes its configuration options via UI and during DIP, i.e., via the VNFD infra requirements section.

vSphere CSI Container File Volume Security configuration support

Telco customers have a security requirement to restrict the NFS volume access permission. vSphere CSI with TKGm Workload Clusters can support the configuration of NetPermission in the vSphere CSI config file. From this release, the user can also create and edit the vSphere CSI Container File Volume Security configuration via the TCA UI.

VMware Aria Operations - Telco Cloud Automation Management Pack

The VMware Aria Operations Management Pack for VMware Telco Cloud Platform (TCP) is specifically designed for Telco Cloud Automation (TCA). This management pack monitors the health of TCA instances and its entities and provides early warnings with the ability to generate customized alerts for monitored resources. With this management pack, the user can view service health, inventory data, and topology information from TCA. It also includes default alert definitions.

TCA audit events in VMware Aria Operations for Logs

For security reasons, customers want to see the audit events in VMware Aria Operations for Logs, which can be automatically forwarded from this release. This configuration change does not require any sub-system restart and some new events are also added to cover all the failure scenarios, such as, login success or failure, config or password changes for the appliance-manager component of TCA.

Important Notes

Downloading the BYOI Template
Download Photon BYOI Templates for VMware Tanzu Kubernetes Grid
Download RAN Optimized BYOI Templates for VMware Tanzu Kubernetes Grid
Download RAN Optimized Single Node Cluster BYOI Templates for VMware Tanzu Kubernetes Grid

Downloading the BYOI Template

Important:

Ensure that you are using the latest ovftool version to upload the templates.

Download Photon BYOI Templates for VMware Tanzu Kubernetes Grid

To download the Photon BYOI templates:

Browse to support.broadcom.com.
Login using your Broadcom credentials.
Ensure that you select the Software Defined Edge group from the drop-down on the top right.
Browse to My Downloads > VMware Telco Cloud Automation.
Expand the VMware Telco Cloud Automation row by clicking on it.
Select the appropriate release number.
Select the Drivers & Tools tab.
Read through and agree to the Broadcom Terms and Conditions.
Find the BYOI template and click on the download icon.
Download the latest BYOI template OVAs that your management and workload clusters run on from the OS and Kubernetes version line.

Download RAN Optimized BYOI Templates for VMware Tanzu Kubernetes Grid

To download RAN optimized BYOI templates:

Browse to support.broadcom.com.
Login using your Broadcom credentials.
Ensure that you select the Software Defined Edge group from the drop-down on the top right.
Browse to My Downloads > VMware Telco Cloud Automation.
Expand the VMware Telco Cloud Automation row by clicking on it.
Select the appropriate release number.
Select the Drivers & Tools tab.
Read through and agree to the Broadcom Terms and Conditions.
Download the OVA for RAN optimized Photon BYOI Template for Kubernetes version 1.27.11.

Download RAN Optimized Single Node Cluster BYOI Templates for VMware Tanzu Kubernetes Grid

To download RAN optimized Single Node Cluster BYOI templates:

Browse to support.broadcom.com.
Login using your Broadcom credentials.
Ensure that you select the Software Defined Edge group from the drop-down on the top right.
Browse to My Downloads > VMware Telco Cloud Automation.
Expand the VMware Telco Cloud Automation row by clicking on it.
Select the appropriate release number.
Select the Drivers & Tools tab.
Read through and agree to the Broadcom Terms and Conditions.
Download the OVA for RAN optimized Photon BYOI Single Node Cluster Template for Kubernetes version 1.27.11.

Discontinued Features

Kubernetes versions 1.22 and 1.23.

Deprecated Features

TKG AKOO and AKO.
VMware has deprecated the support for DPDK kernel modules rte-kni and igb_uio and these will be removed from future releases.

Alternatives:
- igb_uio - VMware recommends the use of vfio-pci instead which is available as part of Photon OS.
- rte_kni - VMware recommends the use of virtio_user. as an alternative to rte-kni.

Resolved Issues

Connected Endpoints

Connected Endpoints

Issue 3387901: Status of the endpoints might show up as Untrusted in Connected Endpoints UI in TCA Manager.

Audit Logs

Issue 3387959: There is no support for logging Infrastructure Automation and GitOps related events in Audit Logs.

Workaround:NA

CaaS Upgrade

Issue 3398089: After management cluster 1.24 is upgraded, vsphere-csi addon on workload cluster 1.24 is stuck with configuring.

Workaround:

Pause tca-kubecluster-operator and upgrade the workload cluster, then unpause tca-kubecluster-operator.
Issue 3393264: Cluster Upgrade wizard → Include Node Pool toggle button gets reset after individually selecting Templates.

Workaround:

Select Template first and then enable the Include Node Pool toggle.
Issue 3393278: Edit dualstack workload cluster shows IP family IPv4 which blocks 1.28.4 to 1.28.7 upgrade.

Workaround:

Upgrade workload cluster by clicking Upgrade Cluster in the action drop-down list instead.
Issue 3389197: If Management cluster 1.24 upgrade is stuck due to missing TKG template on VC, it takes ~4 hours to timeout and then the user can Retry.

Workaround: None
Issue 3389196: If Management cluster 1.24 upgrade fails due to missing TKG template on VC, the Retry operation will not work.

Workaround: Login to Management cluster, Restart Kbs pod and Retry upgrade from TCA Manager.

Certificate Observability

Issue 3389081: After migrating from 2.3 to 3.1.1 , the existing Airgap server and Harbor shows Disconnected under Connected Endpoints tab on TCA Manager.

Workaround:

For Airgap server:

Go to TCA Control Plane Appliance Management 9443 portal > Administration > Certificate > Trusted Certificate Option and save the CA cert of Airgap Server using file or content option if the CA cert of Airgap Server is missing in the current trusted CA certificates.

For Harbor:

After Migrating from 2.3 to 3.1.1, it is a manual step to Edit existing Harbor and add CA certificate.

Infrastructure Automation

Issue 2957277: The issue is seen if you register vCenter on TCA-CP appliance manager by IP and add the same vCenter in ZTP by FQDN. Only FQDNs are to be used while adding vCenters in ZTP. But appliance manager supports vCenter addition by IP.

Workaround: From TCA 3.0, Infrastructure Automation mandates the use of FQDN when adding vCenter(s). However, vCenter registration in TCA-CP allows using IP addresses. In such a scenario, failure will be seen when applying host config profile on a cell site group. In order to avoid this failure, the recommendation is to use vCenter FQDN when registering the same in the appliance manager.
Issue 3357082: Delete Host APIs /ztp/v1/csgs/<csg-id>/hosts/<host-id> and /ztp/v1/clusters/<cluster-id>/hosts/<host-id> do not process the query parameters wipeDisks and forceDelete correctly.

In these APIs, if the query parameters wipeDisks, forceDelete are provided, they are processed as True even if the provided values are False.

Workaround: For the delete API call, only provide the query parameters if the value is true. For False, do not include the query parameters. Alternatively, use the POST API for bulk host deletion - /ztp/v1/hosts/deletion with relevant payload.
Issue 3359732: If a host is installed with more than one accelerator tools/drivers such as both vrantools and ibbdtools, using either tool to configure an accelerator device will result in the following error: Config support for this device is not available. As a result, the host will fail to be added into a cell site group.
Workaround: If a host has both vranpf and ibbd drivers installed for Intel Accelerators, uninstall the ibbd driver before applying host profile by running the following commands:
```
esxcli software vib remove -n ibbdtools
esxcli software vib remove -n ibbd-pf
```

Workflow Hub

Issue 3367969: Error message is not proper when "model" key missing in "hosts" template for create-csg-hcp-infrastructure workflow.

Workaround: Introduced new state which will take care of this issues, i.e., invalid_payload_model_missing_from_host in prepare-csg-hcp-paylaod.yaml workflow. Please refer to https://gitlab.eng.vmware.com/core-build/swf-runtime/-/merge_requests/427/diffs PR for code changes.

excludeUpgradeTests
- name: invalid_payload_model_missing_from_host condition: '${ (all(.candhost.host[]; has("model"))) \| not }' transition: ERROR_INVALID_PAYLOAD_CANDIDATE_HOST_MODEL_MISSING - name: ERROR_INVALID_PAYLOAD_CANDIDATE_HOST_MODEL_MISSING type: operation actions: - functionRef: refName: failWorkflow arguments: errorMessage: '${ .candhost.host \| map(select(has("model") \| not) \| .name) \| " FAILED: Input Payload is missing key attribute model for following hosts : " + join(", ")}' end: true

excludeUpgradeTests

    - name: invalid_payload_model_missing_from_host      
      condition: '${ (all(.candhost.host[]; has("model"))) | not }'      
      transition: ERROR_INVALID_PAYLOAD_CANDIDATE_HOST_MODEL_MISSING

- name: ERROR_INVALID_PAYLOAD_CANDIDATE_HOST_MODEL_MISSING  
  type: operation  
  actions:    
     - functionRef:        
          refName: failWorkflow        
          arguments:          
              errorMessage: '${ .candhost.host | map(select(has("model") | not) | .name) | " FAILED: Input Payload is missing key attribute model for following hosts : " + join(", ")}'  
end: true

Migration

Issue 3379028: Migration validation fails if vApp options are disabled in the TCA VM.

If the vApp options are disabled or if the OVF properties values are lost for a TCA VM, then Migration fails at deploy validation.

Workaround: Ensure that the TCA VM's → vApp Properties are enabled and vApp Properties → Product Name is VMware Telco Cloud Automation.
Issue 3367899: If compute cluster domain(s) exist in TCA 2.3.x Infrastructure Automation, migration to TCA 3.0/3.1 will not be supported.

This is a prerequisite for migration. Compute Clusters functionality in the Infrastructure Automation is deprecated and migration is not supported for Compute Clusters.

You need to delete Compute Clusters in the Infrastructure Automation (TCA Manager Web UI (443) > login > Infrastructure Automation > Domains > Compute Cluster).

Workaround:

1. Revert the partially migrated appliances. (tcamigctl revert CLI).

2. In TCA 2.3 UI, Delete compute cluster domains. (TCA Manager Web UI (443) -> login -> Infrastructure Automation -> Domains -> Compute Cluster).

3. Retry the migration.

Multitenancy

Issue 3386170: No support for filtering tenant specific TCA audit logs in VMware Aria Operations for Logs(vRLI).

Workaround: NA

GitOps

Issue 3392293: Multi tenancy is not implemented for GitOps. Error is thrown if a tenant tries to access GitOps.

Workaround: None.
Issue 3392291: RBAC is not implemented for GitOps.

Workaround: None.

Currently an RBAC user has complete access to GitOps. GitOps User can also create GitOps configuration if he has access to Partner System and CaaS.
Issue 3386146: While creating a Git Configuration in TCA, if the branch/ target revision name is wrong, no error is thrown on TCA.

Workaround: None.
Issue 3386004: Cannot EDIT Git Configuration.

Workaround: User should only Delete and recreate fresh.
Issue 3385657: No error is thrown in TCA if CNF intent is invalid in Git. CNF instance is not even shown in TCA.

Workaround: User needs to manually fix the CNF intent file in Git and make it valid.
Issue 3385619: User is able to delete VIM even when a Git Configuration / Git based CNF is associated with it.

Workaround: None.
Issue 3383531: No validations while registering Git repo to Partner systems for URL / username & password / Token. No error is thrown in case of invalid inputs.

Workaround: None. User should. make sure correct details are provided.

Appliance Management

Issue 3392681: No support for events in TCA Appliance manager UI - Control Plane (9443 portal) in Audit Logs.

Workaround:NA
Issue 3392673: For TCA Appliance manager UI (9443 portal), only login success and failure events are logged. Change password events are not logged in Audit Logs. Configuration change events are not logged in Audit logs

Workaround: NA

CaaS Addon

Issue 3392599: Network permissions ACLs for file share volume might out of order on VSAN-FS volume if multiple node pools locate on different vSphere Clusters.

Workaround: When add multiple network permissions ACLs for vsphere-csi addon, make sure these network permissions ACLs are independent.

Log Management

Issue 3399367: Syslog Server details are missing from Appliance Management after upgrading VMware Telco Cloud Automation 2.3 to VMware Telco Cloud Automation 3.x.

Workaround:

Re-add the syslog server details in the Appliance Management after migration of TCA at: Configuration -> Log Management -> Destination Type -> Syslog Server.