| vRealize Automation 8.3 | 05 May 2021
Check regularly for additions and updates to these release notes. |
What's in the Release Notes
About vRealize Automation 8.3
vRealize Automation 8.3 adds to the vRealize Automation 8.2 capabilities to bring it closer in capability to the vRA 7.x release, reintroducing key capabilities like XaaS and adding capabilities such as Powershell support in ABX and python, node.js and Powershell in vRO.
Important
Upgrade failure after performing steps in KB 87120
Performing the instructions used to address the CVE-2021-44228 and CVE-2021-45046 log4j vulnerabilities described in KB 87120 can cause upgrade failures for vRealize Automation and vRealize Orchestrator 8.6.2 or earlier. For a workaround, see KB 87794.
New vRealize Automation 8.3 Patch 1
vRealize Automation 8.3 Patch 1 is now available and includes bug fixes in different areas. This is a cumulative update.
For more information and installation instructions, see KB 82781.
What's New
The many benefits of vRealize Automation 8.3 include:
Networking: NSX-V to NSX-T migration
Support for NSX-V to NSX-T migration via vRA Migration Assistant. Migration is supported for these topologies in vRA 8.3:
- On-Demand Routed Networks (no services)
- On-Demand Routed Networks (DHCP)
- On-Demand Private Networks (DHCP)
- On-Demand Security Groups
- Existing Security Groups
- On-Demand One-Armed Load Balancers on Existing Networks
- On-Demand and Existing Security Groups (together)
- On-Demand/Existing Security Groups with Load Balancers
Note: Support for additional topologies will be delivered in a future release. Learn more.
Networking: Additional properties in IPAM SDK action schema
IPAM SDK action schema is extended to include these properties:
- Standardized projectId, blueprintId, deploymentId for Allocate/Deallocate/AllocateRange/DeallocateRange/UpdateRecord
- Included addressSpaceId, vraIPAddressId in Deallocate/UpdateRecord
- Added ID fields for AllocateRange/DeallocateRange
- Learn more
Networking: NSX-T Tier-1/ NSX-V ESG sharing within a deployment
- Ability to reuse a single NSX-T Tier-1 router or NSX-V Edge Service Gateway (ESG) in a single deployment.
- Previously in vRA Cloud/vRA 8.x, every on-demand NSX-T network created a new Tier-1 logical router, and every on-demand NSX-V network created a new ESG. With the Tier-1/ESG sharing capability, you can share a Tier-1 or ESG in a deployment, without requiring a separate Tier-1 or ESG for every network in the deployment.
- You can achieve this capability with the Gateway resource type in the Cloud Template. The Gateway resource represents the Tier-1/ESG and can be connected to multiple networks in the deployment.
- Learn more.
Networking: New NAT resource type for port forwarding (DNAT rules) support for NSX outbound networks
In 8.2, vRA introduced port forwarding (DNAT rules) support for NSX outbound networks with the Cloud Template resource type, Cloud.NSX.Gateway. This allowed DNAT rules to be specified for the gateway/router connected to the outbound network
In 8.3, a new Cloud Template resource type, Cloud.NSX.NAT is available in the Cloud Template for users to define DNAT rules for the deployment.
Note: vRealize Automation still supports the Cloud.NSX.Gateway resource type to be used with NAT rules for backward compatibility. However, this will be unsupported in a future release. In a future release, users will have to use the Cloud.NSX.NAT resource type for defining DNAT rules, and use Cloud.NSX.Gateway resource for defining shared NSX-T Tier1 or NSX-V ESG. Learn more.
Networking: Reconfigure On-Demand Security group - Iterative and Day 2 - NSX-T
Reconfigure Security Group (Day-2 and Iterative deployment) action is only supported for NSX-T on-demand security groups. It allows you to modify, add, or remove rules of a security group for a running application. Learn more.
Learn more about the reconfigure day-2 action.
Networking: IPAM - Filtration for data collected networks
Allows filtration for data collected networks to minimize the initial set of networks for which actions are executed.
Previously, for the Infoblox IPAM plugin, we datacollect all networks from Infoblox with a default page size of 1000. For customers, who have thousands of networks, but only need to use a few in vRA, they can easily tag these networks with Extensible Attributes.
In vRealize Automation 8.3, properties in the Infoblox plugin are enabled to allow you to provide special filters that select only the required network type objects from Infoblox and filter out the rest. Learn more.
Networking: Load Balancer - Health monitor settings for NSX-V and NSX-T
You can configure (Day 0) active health monitor to test server availability, and passive health monitor to monitor failures during client connections and mark servers causing consistent failures as DOWN.
Support reconfiguration (Day 2) of health monitor settings. Learn more about the reconfigure load balancers day 2 action.
Change deployment ownership day 2 action
You can change the deployment owner as admin or member for any project member, project admin, and org admin.
Learn more about the change owner day-2 action.
Deployment last request filter
- You can filter deployments now by the last request status or the deployment lifecycle status.
- Deployment lifecycle status: create/update/delete successful or failed
- Last request status: the last request status on the deployment, can include cancelled/approval_pending/approval_rejected/in_progress/successful/failed
- See how to access the deployment page filters.
Property Groups
- Property groups help users to work more efficiently by reusing groups of properties, storing metadata and tracking resource usage
- Create, update, read, and delete property groups with pre-defined data
- Reuse property group as cloud template inputs and resource properties
- Query resource and deployment by property groups as key value pairs
- For more, see the property groups documentation.
Secrets in Cloud Templates and Extensibility
- The idea of the "Secure properties" feature is to store sensitive data in encrypted form in the database and not show it anywhere in vRA.
- Create and encrypt secret variables for project scope under infrastructure administration, and use in cloud templates.
- Create and encrypt secret variables for extensibility actions, and use in ABX.
- For more, see the documentation on how to use secrets and how to use secrets with Terraform configurations.
vRA Terraform Provider updates
- Verified to be part of Hashicorp Terraform registry
- Support First Class Disk resource type in vRA8 Terraform provider
Add custom properties while onboarding VMs
While onboarding VMs, users can specify custom properties to be added during the process. Users can specify these at a onboarding plan level. You can also remove these properties from individual VMs if the addition is not required. For more information, see What are onboarding plans in vRealize Automation Cloud Assembly.
Support disks with onboarding
Users will be able to onboard disks as part of an onboarding plan. They should be able to perform all Day 0\1\2 operations on onboarded disks. For more information, see What are onboarding plans in vRealize Automation Cloud Assembly.
Change owner of migrated deployments
Once deployments are migrated from 7.x to 8.x, as the admin, you can change the owner of these deployments. For migration information, see the vRealize Automation 8 Transition Guide.
Optimization of Reservation to Cloud Zone Migration
Ensures minimal number of cloud zones are created while migrating reservations with migration assistant. For migration information, see the vRealize Automation 8 Transition Guide.
Migration Assistant support for vRA 7.4
The migration assistant supports migration from vRA 7.4 to vRA 8.x. For migration information, see the vRealize Automation 8 Transition Guide.
Support Disk creation in to a SDRS datastore cluster
Supports day 0/1/2 actions to create new disks when SDRS is enabled and datastore clusters are being used for placement.
Consider all matched storage profiles & data stores instead of only first
When multiple storage profiles become eligible for placement, the following criteria will be followed for placement optimization:
- All eligible datastores belonging to these storage profiles become under consideration and not just the first
- vRA ensures that the cluster and datastore are connected.
Reuse Azure resource groups
- Users can choose if the day 2 created disk should go to a new resource group or into an existing one. If existing is required, customer will be able to choose the Resource Group from a drop down.
- Users can choose to reuse a resource group when defining the blueprint so that even with day 0 provisioning, they do not create new resource groups.
Networking: Change Security Group - Iterative deployment
- Change security groups for a machine component using iterative development
- If you want to associate or dissociate a security group (existing/new) which is part of deployment, to one or more machines in the deployment, you can attach/detach the security group in the cloud template to/from respective machine(s), and update deployments with this new topology through iterative development.
- If you want to add an additional security group (existing/new) which is not part of deployment, to one or more machines in the deployment, you can add the additional security group in the cloud template and add (attach) it to machine(s), and update deployments with this new topology through iterative development. Learn more.
HCMP : Cloud zone capacity and consumption Insights
- Integrate with vRealize Operations to view capacity insights for a cloud zone in the context
- Key Indicators such as Physical resources available (CPU GHz, Cores), and utilization are provided
- Trend of consumption for CPU and Memory help in understanding capacity trend situation
- Projects and resources consumed from this cloud zone by them are provided for detailed consumption analysis
- Learn more
vRA Vertical Scale
- Enable customers to deploy and upgrade the vRA cluster using a standard-size (12 CPU, 42GB RAM) and extra-large-size (24 CPU, 96GB RAM) VA.
- This functionality is available via vRSLCM.
- Deploy standard/large vRA clusters, and upgrade from standard to large
Multi-tenancy
- In vRA 8.2, the image and flavor mappings were bundled into the VPZ. This potentially creates a manageability challenge.
- In vRA 8.3, Flavor/Image Mappings are managed by the provider at the Tenant Management screen. They are decoupled from VPZs to enable the provider to define "global" mappings in the same way as an org admin can define it for their own org. The provider can also define tenant-specific mappings.
- For more information, see Configuring Multi-provider tenant resources with vRealize Automation.
Performance Improvements
- Leverage vCenter content library to clone the "closest" template when creating a new VM. This eliminates copying of templates when a template copy may already be present in the local data store, reducing cloning time.
- Deployments are distributed across multiple cloud zones, based on policy, when all other criteria select multiple candidate cloud zones.
- ABX actions run in a K8s pod which was tied to a particular ABX action - for the life of the platform. Pods will be reclaimed and available for other ABX actions to be run, enhancing ABX scale and concurrency characteristics.
Active Directory per blueprint
Support for Active Directory at blueprint level.
Resource utilization for consumers
- Shows my resource usage
- Displays the total consumption of resource usage (CPU, memory, storage) per user
- Learn more about the resource usage dashboard.
Improvements in Custom resource types and custom day2 actions
- Enhance custom resource request forms and allow decorating resource types with powerful workflows and dynamic request forms:
- Ability to use resource properties in Custom request forms of a day2 actions
- Ability to bind complex objects and query collection of object properties and reference types
Custom Forms enhancements
Multi-Value picker enhancements include:
- Ability to browse full details while searching via "show all" option
- Support for reference object types
Number of cores per socket for vSphere machines in VMware Cloud Templates
- Virtual cores per socket feature allows vSphere to simulate how physical cores are organized.
- This feature helps reduce software licensing costs and improve performance for the VM by allowing better NUMA scheduling at the hypervisor layer.
- Number of cores are defined by setting the numCores attribute for Cloud.vSphere.Machine.
Learn more.
Auto-enable Federated Catalog & Blueprints for Cloud customers
- The Federated Catalog feature is automatically enabled through an internal process.
- When vRA receives a CSP notification for new Flex customer's subscription ID (attached to an Org), vRA checks if that SID contains the "vRA for Flex" SKU. If so, the Federated Catalog feature flag is enabled for the Org.
SaltStack Config integration in vRealize Automation
In the 8.3 release, SaltStack Config is integrated in vRealize Automation to enable deployment of Photon OS based SaltStack Config appliance and installation of minions in newly created VMs.
In this first phase of integration, the supported capabilities are:
- Deployment of single node SaltStack Config (with master) via vRealize Suite Lifecycle Manager (LCM)
- vRealize Suite Lifecycle Manager creates an integration endpoint in vRealize Automation
- Users specify deployment of minions in new VMs via YAML code snippets in cloud templates
- Users have the ability to switch between vRealize Automation and SaltStack Config interfaces
- Learn more.
Notify cloud consumers for optimization and enable consumers to take action
As a cloud admin, you can alert project owners of optimization opportunities. You can also enable deployment owners to optimize deployments, by providing recommendations and actions in-context for deployments.
Non-overlapping cloud zones
Cloud zones in vRA represents compute capacity and they include compute resources (vCenter clusters, hosts or resource pools for VMware Cloud, availability zones for AWS, Azure and GCP).
Cloud zones are defined in one of three ways:
1 - Include all available clusters / availability zones
2 - Manually select clusters / availability zones
3 - Dynamically select clusters / availability zones based on tags
Prior to the vRA 8.3 release, the same compute resources could be a member of multiple cloud zones.
In vRA 8.3, cloud zone definitions no longer include the same underlying compute resources.
All existing cloud zone definitions continue to work the same way, however the user is notified when a cloud zone includes a compute resource that is already a member of another cloud zone. Modify and re-save cloud zones to make them distinct.
Note: Auto-generated cloud zones (during cloud account creation) are associated with the underlying compute resources after the data collection. For dynamically defined cloud zones (tag based), when the tags are updated for the underlying compute resources, the cloud zone definitions are updated after the next data collection cycle.
For more information, see Learn more about vRealize Automation Cloud Assembly cloud zones.
Documentation for resource action condition expression
Updated documentation to include examples for resource action condition expression. Learn more.
Support for Azure VMware Solution and Google Cloud VMware Engine
vRealize Automation is tested and certified to work with VMware's hosted cloud solutions on Microsoft Azure and Google Cloud Platform, called Azure VMware Solution (AVS) and Google Cloud VMware Engine (GCVE), respectively. Workloads running on AVS or GCVE are now managed by vRealize Automation Cloud after setting up vCenter and NSX-T cloud accounts. For more information, refer to Azure VMware Solution documentation and Google Cloud VMware Engine documentation.
Logging integration
vRA does not support multiple Logging Integration Endpoints. In regards to performance, vRA only supports one external log endpoint: either a Syslog server or vRealize Log Insight.
Note: vRealize Log Insight is prioritized over Syslog. Learn more.
Federal Information Processing Standards (FIPS) Support
vRealize Automation 8.3 includes cryptographic modules that have successfully passed NIST FIPS 140-2 Cryptographic Module Validation Program (CMVP) testing. When these modules are configured to run in ‘FIPS-mode’, they cover all cryptographic operations in the product that perform a security function and/or process sensitive data, with these exceptions:
- The identity and access management (vIDM) functionality in vRA
- Cloud Template resources with prefix "Cloud.Service" that use opensource Terraform libraries to provision
- Cloud Template resources with the prefix “Cloud.Terraform" that contain any Terraform Configuration resource supported by Terraform or even custom providers that work with Terraform
Note: You can choose whether to be in FIPS-mode ONLY during installation and before content in vRA/vRO is generated. Also, FIPS mode is available only for greenfield vRA environments.
Before You Begin
Familiarize yourself with the supporting documents.
- Install vRealize Automation with vRealize Easy Installer
- Administering Users in vRealize Automation
- vRealize Automation Transition Guide
After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in vRealize Automation 8.3 product documentation.
- Getting Started with vRealize Automation Cloud Assembly
- Using and Managing vRealize Automation Cloud Assembly
- Getting Started with vRealize Automation Code Stream
- Using and Managing vRealize Automation Code Stream
- Getting Started with vRealize Automation Service Broker
- Using and Managing vRealize Automation Service Broker
For information on vRealize Orchestrator 8.3 features and limitations, refer to the vRealize Orchestrator 8.3 Release Notes.
API Documentation and Versioning
API documentation is available with the product. To access all Swagger documents from a single landing page, go to https://<appliance.domain.com>/automation-ui/api-docs where appliance.domain.com is your vRealize Automation appliance.
Before using the API, consider the latest API updates and changes for this release and note any changes to the API services that you use. If you have not locked your API to a version before, you might encounter an unexpected change in an API response. As a best practice, assign the apiVersion variable to lock your API to the version you want to use. For example:
- To lock your APIs to the vRealize Automation 8.2 APIs, use
apiVersion=2020-10-06 - To lock your APIs to the vRealize Automation 8.3 APIs, use
apiVersion=2021-02-04
If left unlocked, your API requests will default to the latest version which is apiVersion=2021-02-04.
For information on how to lock you APIs to a specific version, see the "API Versioning" section of the vRealize Automation 8.3 API Programming Guide.
Before using the API, consider the latest API updates and changes for this release.
| Service Name | Service Description | API Updates and Changes |
|---|---|---|
| iaas-api | This API holds all functionality specific to Provisioning service including infrastructure setup, validation and provisioning of resources in iterative manner. | New property
New functionality
Change for obtaining the access token As of vRealize Automation 8.0.1 or later, you must use both the Identity Service API and the IaaS API to obtain the access token used to authenticate an API session. Using the token generated by the Identity Service API alone will not work due to a missing internal state. For the complete procedure on how to obtain the token needed for authentication, see Get Your Access Token in the API Programming Guide. |
| project-service | This API holds all functionality specific to creation, management and delete of projects |
New request params
|
| blueprint-service | This API holds all functionality specific to Blueprint services, including creation, validation, and provisioning. | New endpoints
New params:
|
| relocation-service | The relocation service is used to define policy and plans for bringing existing VMs from any cloud under management. | New endpoints
New properties
|
| migration-service | This service is used to quickly setup a vRA 8 instance based on information in a configuration file a.k.a Zero-Setup | New endpoints
|
| cgs-service | Content Service APIs are used to connect to your Infrastructure as Code content in external content sources (ex: SCM Providers and VMWare Marketplace). | New endpoints
|
| form-service | Define dynamic form rendering and customization behavior in Service Broker and Cloud Assembly VMware services. | New endpoints
New parameters
|
| Deployment | This API provides access to deployment objects and platforms/blueprints that have been deployed into the system. | New endpoint
New request param
|
| Approvals | Enforce policies which control who must agree to a deployment or day 2 action before the request is provisioned | New endpoints:
|
| Resource quota policy - Aggregator service | This is new service running inside approval container These APIs provide access to find the resource usage metrics at org, user and project level |
New endpoints:
|
| Code stream all pipeline-service | These API provide access to Code Stream services. | DELETE /codestream/api/executions. This new API is used to bulk delete execution and clear memory. It deletes only those executions which are in terminal state. It also accepts filter parameters. For example, the following command deletes all the terminal executions of pipeline 'pipelineName': DELETE /codestream/api/executions$filter=name eq 'pipelineName'. |
At VMware, we value inclusion. To foster this principle within our customer, partner, and internal community, we removed non-inclusive language in our documentation.
Customers that upgraded to vRealize Automation 8.3 using the new upgrade bundle might see errors during scale out (similar to patched environments). As mentioned in KB 79105, the ova bundle is hosted on my.vmware.com.
vIDM 3.3.3 does not support IWA (Integrated Windows Authentication) with an embedded Linux connector. vRA 8.x Customers using LDAP or IWA with the external Windows connector are not impacted. For more details refer to KB 82013.
Support for Azure VMware Solution and Google Cloud VMware Engine
vRealize Automation Cloud is tested and certified to work with VMware's hosted cloud solutions on Microsoft Azure and Google Cloud Platform, called Azure VMware Solution (AVS) and Google Cloud VMware Engine (GCVE), respectively. Workloads running on AVS or GCVE are now managed by vRealize Automation Cloud after setting up vCenter and NSX-T cloud accounts. For more information, refer to Azure VMware Solution documentation and Google Cloud VMware Engine documentation.
Upgrading to vRealize Automation 8.3
Using VMware vRealize Suite Lifecycle Manager, you can upgrade your vRealize Automation 8.x instance to 8.3. For more information, see Upgrading vRealize Suite Lifecycle Manager and vRealize Suite Products.
Resolved Issues
- Migration Assessment of a single vRealize Automation 7.x installation into multiple vRealize Automation 8.x organizations requires manual certificate acceptance.
This occurs when you attempt to migrate a single vRealize Automation 7.x environment into multiple 8.x organizations and your source vRealize Automation 7.x installation has configured an insecure SSL certificate.
- Under certain circumstances, scaling in or out a load balanced machine cluster fails with a cryptic error message
When scaling in or out a load balanced machine cluster where the load balancer contains "loggingLevel" or "type" properties with different values than the same properties on the parent (IaC) load balancer, the operation fails with the following message:
Update operation is supported for one property at a time
- The policy details page shows empty value for "Role" when a custom role is deleted.
After deleting a custom role, when a user navigates to viewing the details of an existing Day 2 policy, the page should display a message reflecting that the role was deleted. However, the value for "Role" is empty.
Known Issues
The following known issues are present in this release.- Unable to access the onboarding page.
Navigating to the onboarding page in Cloud Assembly->Infrastructure might cause a 302 status code. This can happen if you have been logged in for a long time.
Workaround: Log out and then log back in.
- vRA deployment fails to initialize on new setups from Easy Installer
vRA deployment (single or clustered) fails to initialize on new setups from Easy Installer or vRealize Suite LCM
The error shown in LCM is LCMVRAVAVACONFIG590003Workaround: Retry cluster initialization from within vRealize Suite LCM.
- When a vCenter cloud account is updated to add a data center, the resources from this data center are not immediately available for use.
Changes made to regions (data centers) for a vCenter cloud account do not take immediate effect and require data collection to run.
Workaround: Wait for the next data collection to complete successfully. Data collection runs approximately every 10 minutes.
- PowerShell tasks appear to be stuck
When there is no active session PowerShell tasks appear to be stuck. This behaviour is seen because the PowerShell process responsible to run the user script is held by Windows system process WmiPrvSE.
Workaround : Login to the system and keep an active session. Lock the screen instead of completely logging out.
- vRO represents Array types as complex types with only one column, rather than a field whose "type.isMultiple" is true.
When adding a workflow which has an array input and consequently customizing its form, do not change the ID of the column in the Values tab of the data grid. The default value must stay set at _column-0_ . Conversely, you can change the label of the column (which is visible in the UI when adding values to the datagrid).
- License re-configuring is not supported.
After configuring vRealize Automation with the Enterprise license, the system can not be re-configured to use the Advanced License.
- vRealize Automation 8 does not support Internet Explorer 11
You cannot use Internet Explorer 11 with vRealize Automation 8.
Workaround: Use a different browser instead of Internet Explorer 11.
- BP Canvas is not refreshed after custom resource has been changed or deleted.
If you delete a custom resource, the change is not propagated to the Blueprint canvas immediately.
Workaround: The Canvas has a cache mechanism, which can be updated after using refresh button, next tot he search pane.
- Create different custom resources with the same vRO object type is not supported
In vRA 7.X it was possible to create different custom resources for the same type. This allowed users to define a different set of create / delete / operate actions for the same vRO type with creating different custom resource types. In vRA 8.x We do not support a case where same vRO_Type can be leveraged from different custom resources.
- vRO workflow is not executed through catalog when there is empty input with reference type
Null pointer exception appears on attempt to request vRO Workflow with and empty value for the Workflow input with a reference type.
Workaround: Set a default value for the reference type or make the field mandatory.
- Unsuccessfully provisionined custom resource can't be deleted from a deployment
When you request a custom resource, if the workflow run that creates the resource fails, a resource in the deployment service is still created (since we are replying to the initial request with a STARTED status which in turn creates the resource in deployment). This resource cannot be deleted since it doesn't contain the metadata that is added upon successful provisioning of the resource in vRO.
Workaround: Right after the first attempt to delete the custom resource, a dialog appears which asks you whether you want to force deletion. Say yes to force its deletion.
- Custom Resource Name is not propagated correctly to the deployment view list
When you create a custom resource based on vRO_Type, you usually use a comprehensive display name. Currently this display name is not available in the Deployment view. The resource, which appears in the deployment is identified only by its type.
- Available option to set timezone from vCenter Machine Console window
Undefined behaviour when user sets timezone from vCenter Machine Console window
Workaround: Don't change the time zone.
- Tenant Names with different cases are treated the same way
A tenant named vmware and another one named VMware are seen as the same.
Workaround: Tenants in vRA 8.x are based on hostnames since hostnames are case insensitive the tenant names are also case insensitive. This means that a tenant named VMware is the same as VMWARE or vmware or any other combination cases. The tenant name capitalization may vary and may not be preserved across the application.
- vRO Workflow presentation with an OGNL expression does not render properly when used as a custom day2 operation in vRA.
Custom Resource Actions with workflows that have OGNL constraints in their presentation may not render properly and it may not be possible to populate all required fields.
- Cost\Price functionality does not work with shared infrastructure multi-tenancy
The pricing functionality might report inaccurate results when configured to a multi-tenant deployment where tenants can share infrastructure resources. This is because pricing does not recognize multi-tenancy.The price is calculated only for the org for which vROPs is added and deployments are created.
- Assessment Service swagger is not available
The assessment service swagger page is not available.
Workaround: Run the assessment through the migration API listed on the migration swagger page.
- Deployments with an existing network fail during allocation on vSphere / NSX-v cloud accounts when DRS is disabled on the vSphere cluster.
When selecting an NSX-V network in the network profile and requesting a deployment with an existing network, the deployment fails during allocation with the message: "Unable to find a common placement for compute...with the network configuration...". This occurs when the vCenter contains clusters with DRS disabled.
Workaround: Enable DRS on the cluster and include the cluster in the vRA cloud zone, or select a vSphere network in the network profile.
- Service broker forms do not populate default values set in vRO workflow input
When vRO workflow has a string input set with default value ,it does not get automatically propagated in the request form when starting the workflow from service broker.
Workaround: Set the given default value using service broker Custom forms.
- Service Broker cannot import vRO workflows that have actions in valueList for a string field
Schema for string field that contains valueListpopulated by an action cannot be parsed and imported in Service Broker
- Pulling Docker Images Behind Proxy requires additional configuration
The ABX service pulls container images from publicly available Internet repositories. If vRA is deployed on an isolated network that does not allow outbound traffic to public sites, a HTTP proxy must be configured. While vRA 8 enables proxy configuration via its CLI, the workflow does not include an automatic setup for the docker service.
Workaround: Such configuration should be made separately. KB article to be determined.
- Complex objects with type anyOf are not supported in cloud template request forms
If the form contains anyOf property for a complex object, anyOf will be visualized as a string dropdown instead of different sets of constrains to validate the input.
Workaround: Use Enum type instead of anyOf values.
- Exception in input dialog if properties not defined in object type schema
If input property is of object type and properties is not defined in json schema, the input dialog in test or deploy blueprint dialog would not load.
Workaround: Either remove default value from input property, or define properties schema in the input property with default value.
- Cannot send value while deploying with input array field
Although users can fill the values in input form, UI is sending array of null to blueprint service in test/deployment dialog.
Workaround: Use object or string/number fields instead.
- After upgrading to vRealize Orchestrator or vRealize Automation 8.3, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version.
After upgrading to vRealize Orchestrator or vRealize Automation 8.3, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version. This problem occurs with resource elements that were previously updated in the vRealize Orchestrator Client by using a different source file. After upgrading your vRealize Orchestrator or vRealize Automation deployment, these resource elements can be replaced by an older version. This is an intermittent issue.
Workaround:
1. Log in to the vRealize Orchestrator Client.
2. Navigate to Assets>Resources.
3. Select the resource element affected by the problem.
4. Select the Version History tab, and restore the element to the appropriate version.
5. Repeat for all affected resource elements.
- If vRA is upgraded from vRA 8.0/8.1/8.2 to 8.3 and AD is configured for a project, deployment fails with the error message: "Failed to successfully create Computer object in Active Directory".
In the vRA 8.3, the AD scripts used to create active directory record are updated to support overriding relativeDN from values set in blueprint. User has to re-validate the existing AD integration in vRA after upgrade to deploy the new scripts.
Workaround: Revalidate the AD integration account in UI.
- When FIPS mode is enabled, Code Stream pod restarts in high load conditions.
When a high number of concurrent pipelines are run with FIPS mode enabled, Code Stream pods are restarted because the memory consumption exceeds the preset limit of 2.5GB.
Workaround:
With FIPS mode enabled, increase the memory limit of the Code Stream pods to 3GB.
1. SSH into the node. For HA setup, SSH into any one of the nodes.
2. Check the current pod memory limit: kubectl -n prelude describe deployment codestream-app
3. Verify that the limit is: Limits: memory: 2500M
4. Edit the deployment yaml: kubectl -n prelude edit deployment codestream-app
5. Increase the memory limit, and verify that the limit is: Limits: memory: 3000M6
6. Code Stream pods will be recreated.
- When exporting a package using Mozilla Firefox v84, the generated file has a .zip extension instead of .package and cannot be imported in vRO
When you export a package with Firefox 84.0.2 on MacOS 10.15 the package is saved as a .zip file.
Workaround:
- Use Google Chrome or a different version of Mozilla Firefox
- Change the file extension from .zip to .package
Note: In macOS, modify the file from the terminal, as the Finder application does not support changing the file format from a known format to an unknown.
- NEW You can create a day2 policy with duplicate actions/authorities using API.
When you attempt to create a policy with duplicate actions/authorities using the API, the system does not perform validation checks and the policy is created.
Note: This does not happen when you create a policy using the UI because the dropdown does not show or allow duplicate selection of entries.
Workaround: Create a day2 policy using the UI and not the API.
- New Execution of local scripts on a virtual machine via a Workflow “Software-Install-Base” triggered by a vRealize Automation Custom Resource can cause the deployment to fail with an error “An Item with the same key has already been added: Key: LinkedView”.
If the vRealize Automation Blueprint (or Cloud Template) is setup to execute local scripts via a Custom Resource that references the vRO Workflow “Software-Install-Base” which has a Dynamic Type:DynamicTypes:CustomScript.Script then the deployment fails.
Workaround: Standup a SaltStack Server to run scripts locally on the machine or use another method of local script execution like cloud-init or ABX, or Code Stream.
