vRealize Automation 8.4.1 | 24 August 2021

  • vRA Easy Installer (ISO) build 18067628
  • vRA product (appliance)  build 18054500

Check regularly for additions and updates to these release notes.

Updates made to this document

Date Description of update Type
23 June 2021 Deployments fail for blueprints that contain compute tags longer than 256 characters or a key larger than 128 characters Known Issue
06 August 2021 vRealize Automation upgrade fails with error code LCMVRAVACONFIG90030 due to password expiration Known Issue
18 August 2021 Added information and KB link for vRA 8.4.1 Patch 1 Patch
24 August 2021 vRealize Automation appliances show high CPU and memory usage Resolved Issue

What's in the Release Notes

New vRealize Automation 8.4.1 Patch 1

vRealize Automation 8.4.1 Patch 1 is now available and includes bug fixes in different areas. This is a cumulative update. 

For more information and installation instructions, see KB 85450.

About vRealize Automation 8.4.1

vRealize Automation 8.4.1 adds to the vRealize Automation 8.4 capabilities with enhancements and new features in these areas:

  • Usability and reduction of time it takes to achieve value with vRA
  • Governance capabilities via policies
  • Multi-cloud capabilities focusing on Microsoft Azure
  • Additional integration of SaltStack Config into vRA
  • Network Automation expansion with initial support for NSX-T Federation

 

What's New

The many benefits of vRealize Automation 8.4.1 include: 

Resource view for deployments

In addition to the existing deployment view, you can now use the new resource view to monitor and manage your resources:

  • Select if you prefer managing all your resources or managing resources by specific resource types.
  • Perform searches by resource name among all resources outside the deployment layer.
  • Easy access to day 2 actions performed directly on resources.
  • See if a resource or deployment is undergoing a day 2 action.

Concurrent day 2 actions for deployment resources

Allow multiple resources in the same deployment to perform day 2 actions one after another without waiting for the first action to finish.

Property group enhancements (RBAC, cloud template association)

Property groups are enhanced with several new features:

  • Role based access control (RBAC) permissions to use and manage property groups.
  • Show associated cloud templates to specific property groups. Learn more.

Additional policy criteria attributes across all policy types

Several new resource-based deployment criteria attributes are now consistently available across all policy types and enhance the policy based multi-cloud governance capabilities. Learn more.

Some of the resource attributes include:

  • Cloud Zone
  • Cloud Account
  • CPU Count
  • Cloud Type
  • Flavor
  • Has Snapshots
  • Image
  • Image ID
  • OS Type
  • Power State
  • Region
  • Disks
  • Tags
  • Total Memory (MB)
  • Resource Type

Scoping a policy to multiple projects

Scoping a policy to multiple projects allows cloud administrators and project administrators to define policies that can apply to one project, across multiple projects, or the entire organization. Scoping can be done by leveraging a set of project-based criteria available across all policy types. Expanding the scope of a policy so that it can be applied to multiple projects in an organization allows a policy to be defined once and reused across multiple projects. Scoping enhances the multi-cloud governance capabilities. Learn more.

Policies: Define and enforce resource limits using resource quota policies

Cloud administrators can now control the consumption of resources across the entire organization and in projects by setting and enforcing reusable resource quotas or consumption limits on certain metrics, such as CPU, Storage, Memory, or number of instances.

This allows cloud administrators to gain more visibility into the consumption of a finite set of shared resources and enforce policy-based governance on resource quotas across the entire organization, per project, or per user. Learn more

Ability to enable or disable boot diagnostics for Azure VMs - Day0

You can toggle boot diagnostics for VMs provisioned in Azure with the VMware Cloud Templates. Learn more.

Ability to enable or disable log analytics for Azure VMs

You can toggle log analytics for VMs in Azure. Learn more.

Support of NSX Federation with NSX-T Cloud Account (Global Manager / Local Manager, existing networks)

With an NSX-T cloud account, it is now possible to connect to NSX-T Global Manager and configure an association between NSX-T Global Manager and Local Managers in the context of the NSX-T Federation. Learn more.

SaltStack Config Cloud Template Integration

SaltStack Config integration is further enhanced to support: Learn more.

  • Automatic installation of minions by using VMware Cloud Templates.
  • Deploying software config as salt state files in VMware Cloud Templates.
Custom resource action troubleshooting
  • Ability to show user input from workflow runs.
  • You can now view values from workflows performed as part of a resource action.

Ability to create subscriptions based on custom resource pre and post events

Cloud administrators can trigger action runs before and after custom resource provisioning.

Before You Begin

Familiarize yourself with the supporting documents.

After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in vRealize Automation 8.4 product documentation.

For information on vRealize Orchestrator 8.4.1 features and limitations, refer to the vRealize Orchestrator 8.4.1 Release Notes.

API Documentation and Versioning

API documentation is available with the product. To access all Swagger documents from a single landing page, go to https://<appliance.domain.com>/automation-ui/api-docs where appliance.domain.com is your vRealize Automation appliance.

Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API to a version before, you might encounter a change in an API response. As a best practice, use the apiVersion variable to lock your API to the version you want to use. For example:

  • To lock your APIs to the vRealize Automation 8.4 APIs, use apiVersion=2021-04-15
  • To lock your APIs to the vRealize Automation 8.4.1 APIs, use apiVersion=2021-05-25

If left unlocked, your API requests will default to the latest version which is apiVersion=2021-05-25.

For information on how to lock you APIs to a specific version, see the "API Versioning" section of the vRealize Automation 8.4 API Programming Guide.

Service Name Service Description API Updates and Changes
ABX Create or manage actions and their versions. Execute actions and flows. No change
Aggregator

This is a new service running inside approval container

Find resource usage metrics at org, user and project level.

No change
Approval Enforce policies which control who must agree to a deployment or day 2 action before the request is provisioned No change
Blueprint Create, validate, and provision blueprints or cloud templates.

New parameters:

1) GET /blueprint/api/blueprints
New param : propertyGroups

Filter blueprints with any of the specified property groups

2) GET /blueprint/api/blueprints/{blueprintId}/versions
New param : propertyGroups
Filter blueprints with any of the specified property groups

CMX When using Kubernetes with vRealize Automation, deploy and manage Kubernetes clusters and namespaces. No change
Content Gateway
(content service)
Connect to your infrastructure as code content in external content sources such as SCM Providers and VMware Marketplace. No change
Custom Forms (form-service) Define dynamic form rendering and customization behavior in Service Broker and Cloud Assembly VMware services. No change

Deployment

Access deployment objects and platforms or blueprints that have been deployed into the system.

New Endpoints

  • GET /deployment/api/resources
  • GET /deployment/api/resources/{resourceId}
  • GET /deployment/api/resources/filters
  • GET /deployment/api/resources/filters/{filterId}

New Params

  • GET /deployment/api/deployments/{deploymentId}/requests - boolean inProgressRequests - Retrieves the requests that are currently in-progress for a deployment. Incase of a false value the param is ignored.
  • GET /deployment/api/deployments/{deploymentId}/resources and /deployment/api/deployments/{deploymentId}/resources/{resourceId} - param expand - The expanded details of the requested comma separated objects. Ex. currentRequest.
IaaS Perform infrastructure setup tasks, including validation and provisioning of resources in iterative manner. No change

IaaS:

Salt configuration on a machine - Provisioning Service

This API is used to configure salt on a machine while creation

This is a modification done to the existing API

POST /iaas/api/machines

Added 1 new optional parameter

  • saltConfiguration :- Salt Configuration
    masterId
    minionId
    saltEnvironment
    stateFiles
    pillarEnvironment
    variables
    installerFileName
    additionalMinionParams
    additionalAuthParams

GET /iaas/api/machines/{id}

saltConfiguration property is added to the

GET machine response

Migration This service is used to quickly setup a vRA 8 instance based on information in a configuration file a.k.a Zero-Setup No change
Project

Provide visibility and isolation of provisioned resources for users with a project role.

No change
Relocation Define policy and plans for bringing existing VMs from any cloud under management. No change
Catalog Access Service Broker catalog items and catalog sources, including content sharing and the request of catalog items. No change
Catalog Service (Policies) Interact with policies created in Service Broker. No change
Code stream all pipeline-service These API provide access to Code Stream services. No change
Identity Service A list of identity, account and service management APIs.

Added /am/api/orgs/{orgId}/groups/{groupId}/users

Search users in a group.

Customers that upgraded to vRealize Automation 8.4 using the new upgrade bundle might see errors during scale out (similar to patched environments). As mentioned in KB 79105, the ova bundle is hosted on my.vmware.com.

vIDM 3.3.3 does not support IWA (Integrated Windows Authentication) with an embedded Linux connector. vRA 8.x Customers using LDAP or IWA with the external Windows connector are not impacted. For more details refer to KB 82013.

Upgrading to vRealize Automation 8.4.1

Using VMware vRealize Suite Lifecycle Manager, you can upgrade your vRealize Automation 8.x instance to 8.4. For more information, see Upgrading vRealize Suite Lifecycle Manager and vRealize Suite Products.

Resolved Issues

  • vRO represents Array types as complex types with only one column, rather than a field whose "type.isMultiple" is true.

    When adding a workflow which has an array input and consequently customizing its form, do not change the ID of the column in the Values tab of the data grid. The default value must stay set at _column-0_ . Conversely, you can change the label of the column (which is visible in the UI when adding values to the datagrid).

  • License re-configuring is not supported.

    After configuring vRealize Automation with the Enterprise license, the system can not be re-configured to use the Advanced License.

  • PowerShell tasks appear to be stuck

    When there is no active session PowerShell tasks appear to be stuck. This behavior is seen because the PowerShell process responsible to run the user script is held by Windows system process WmiPrvSE.

     

  • Available option to set time zone from vCenter Machine Console window

     Undefined behavior when user sets time zone from vCenter Machine Console window

     

  • Tenant Names with different cases are treated the same way

    A tenant named vmware and another one named VMware are seen as the same.

  • When a vCenter cloud account is updated to add a data center, the resources from this data center are not immediately available for use.

    Changes made to regions (data centers) for a vCenter cloud account do not take immediate effect and require data collection to run.

     

  • After upgrading to vRealize Orchestrator or vRealize Automation 8.3, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version.

    After upgrading to vRealize Orchestrator or vRealize Automation 8.3, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version. This problem occurs with resource elements that were previously updated in the vRealize Orchestrator Client by using a different source file. After upgrading your vRealize Orchestrator or vRealize Automation deployment, these resource elements can be replaced by an older version. This is an intermittent issue.

     

  • If vRA is upgraded from vRA 8.0/8.1/8.2 to 8.3 and AD is configured for a project, deployment fails with the error message: "Failed to successfully create Computer object in Active Directory".

    In the vRA 8.3, the AD scripts used to create active directory record are updated to support overriding relative DN from values set in blueprint. User has to re-validate the existing AD integration in vRA after upgrade to deploy the new scripts.

     

  • When FIPS mode is enabled, Code Stream pod restarts in high load conditions.

    When a high number of concurrent pipelines are run with FIPS mode enabled, Code Stream pods are restarted because the memory consumption exceeds the preset limit of 2.5GB.

     

  • After a single-node installation, the RaaS log shows the error: No such file or directory. Additionally, ctypes.util.find_library() did not manage to locate a library called '/var/lib/raas/unpack/_MEIuxtdsP/Cryptodome/Util/../Cipher/_raw_des.so'.

    This error only occurs at the time of installation and only shows up once in the log.

     

  • Machine creation API ignores scsiController and unitNumber provided to attach the disk to the machine being created.

    The API request POST /iaas/api/machines is used to create machines and uses the scsiController and unitNumber to attach the disk. Currently, this API creates the machine and attaches the disk but ignores the user input for scsiController and unitNumber.

     

  • After upgrading vRealize Automation, a banner with a 403 Forbidden error message is displayed in Migration Assistant UI.

    This error occurs only for upgraded environments and for users who were granted access to Migration Assistant before the upgrade.

     

  • Nested blueprint function does not work with star properties.

    Nested blueprint function does not work with star properties.

     

  • Support for subgroup in the vRA GitLab integration. The GitLab folder structure now could have more than 2 nested folders, e.g group/sub-group/project.

    Resolves the issues whereas vRA integration with Gitlab fails to sync if there're more than 2 nested folders. 

     

  • Unable to update Custom Resources after upgrade from 8.3 to 8.4.

    Resolves the issue when some users are not able to save changes made to the Custom Resources under the Design tab. 

  • Running  resource action against deployment, creates new "deployment" object, which cannot be deleted and prevents the deployment from being destroyed or executing other deployment actions.

    Resolves the issues when a user is running a resource action against a deployment and upon successful run of the action, there is now a new object in the topology view of the deployment. The object is labeled with the same name as the deployment and its type is (deployment). The user then try to delete the deployment it might fail.

    The vCenter resources are being successfully removed and only the vRA deployment remains with just the new "(deployment)" object in it.

     

  • Project field is empty when requesting a catalog item, unless selected twice.

    Resolves a UI issue where the project field appears to be empty when a user is requesting a catalog item. If the user selected it twice, the issue would not occur. 

     

  • CSS for custom forms on resource action for custom resources does not take effect

    Resolves the issue that might occur when trying to use CSS on Custom Forms  Day-2 action.

  • Unable to bind integer values to vRO action inputs in custom form

    Resolves the issue when the user can only bind decimal values to vRO inputs, and not integer values

     

  • Unable to add workflow into Service Broker, when the workflow has inputs that are not included in the Input Form.

    Resolves the issue when a user might get an error while trying to add a workflow into Service broker with inputs not included in the Input form. 

     

  • Deployment and Blueprint test failing for specific Location/Environment variable inputs in Blueprint using capability tags

    Resolves the issue when the Blueprint Deployment and Test failing for specific Location/Environment variable pointed in Blueprint using capability tags

     

  • Pagination is not working correctly when viewing Enterprise Groups in Identity & Access Management

    Resolves the issue when the user can experience strange pagination behaviour when viewing Enterprise Groups in Identity & Access Management

     

  • Assessment fails with timeout in case of large number of vRA 7.x compute resources.

    Resolves the issue when a large number of vRA 7.x compute resources might cause Migration Assessment Failure.

     

  • Migration gets stuck at XaaS Blueprints, when the required workflow is missing in the 8.x vRealize Orchestrator

    Resolves the issue when the migration would get stuck at XaaS Blueprints, when the required workflow is missing in the 8.x vRealize Orchestrator

     

  • Migration stuck at Reservation > Storage profile

    Resolves the issue when the migration might get stuck at Reservation - Storage Profile

     

  • Missing 7.x deployments after migration due to duplicate Ids returned.

    Resolves the issue that after migration from 7.x, some of the deployments might be missing due to duplicate IDs. 

     

  • Assessment Failed when error occurs while capturing the blueprint payload

    Resolves the issue when the Assessment fails if an error occurs while capturing the blueprint payload. 

     

  • vRealize Automation requests fail with the error "Connection reset by peer"

    vRealize Automation requests fail with the error "Connection reset by peer"

     

  • VM is deleted after a provisioning failure of VM with duplicate name. 

    VM is deleted after a provisioning failure of VM with duplicate name. This happens only when the VM is deployed using OVF template from content library in vCenter 6.5.

     

  • Custom branding logo is not legible after upgrade to 8.4

    Resolves the issue when the custom branding logo is not legible after upgrade to 8.4

     

  • Intermittent errors in kube-system/state-enforcement-cron caused by failing "vracli status first-boot" check

    Resolves the intermittent errors in kube-system/state-enforcement-cron caused by failing "vracli status first-boot" check. 

     

  • vRA installation is failing because root password expired.

    Resolved the issue when vRA installation is failing because root password expired. Allows setting the root password on first boot even when the original password has expired.

     

  • The pgjsonb returner has been removed.

    Environments that were previously using the pgjsonb returner should switch to the sseapi returner.

     

  • Jobs appear to hang or sit 'in progress' for an extended period of time. This behavior can be attributed to three (3) possible reasons.

    Users may notice jobs with a status of 'Queued...' for a longer than expected time.

    1. Communications between a master and SSC, using the plugin.

    • ​Installing the plugin and setting up the correct credentials in <code>/etc/salt/master.d/raas.conf</code> will resolve this communication issue.

    2. Auth token expiration causes the master to authenticate.

    • Delete the <code>auth_token.jwt</code> in <code>/var/cache/salt/master</code> directory and restart the salt master.

    3. Seeing celery related errors in the SSC raas logs.

    • Delete the <code>*.db</code> files from <code>/var/lib/raas/cache</code> directory and restart raas.
  • New vRealize Automation appliances show high CPU and memory usage

    After upgrading to vRealize Automation 8.4.1, the vRealize Automation appliances were showing high CPU and memory usage with or without load. This issue is resolved with the release of vRealize Automation 8.4.1 P1.

Known Issues

The following known issues are present in this release.
  • vRA deployment fails to initialize on new setups from Easy Installer

    vRA deployment (single or clustered) fails to initialize on new setups from Easy Installer or vRealize Suite LCM
    The error shown in LCM is LCMVRAVAVACONFIG590003

    Workaround: Retry cluster initialization from within vRealize Suite LCM.

  • A long running migration might fail with a 401 error.

    Due to limitations in vRA 8, the migration service uses user tokens to communicate with other vRA services when transferring data. For long-running migrations, the token can expire before the migration completes resulting in migration failure.

    Workaround: Temporarily increase the TTL time for a Provisioning client token in the vIDM UI. Login to the vIDM UI using admin credentials. Navigate to Catalog > Settings > Remote App Access. Locate the Provisioning client and increase the Access Token Time-To-Live(TTL) from 8 hrs to 24 hrs. 

  • Unable to access the onboarding page.

    Navigating to the onboarding page in Cloud Assembly->Infrastructure might cause a 302 status code. This can happen if you have been logged in for a long time.

    Workaround: Log out and then log back in.

  • vRealize Automation 8 does not support Internet Explorer 11

    You cannot use Internet Explorer 11 with vRealize Automation 8.

    Workaround: Use a different browser instead of Internet Explorer 11.

  • BP Canvas is not refreshed after custom resource has been changed or deleted.

    If you delete a custom resource, the change is not propagated to the Blueprint canvas immediately.

    Workaround: The Canvas has a cache mechanism, which can be updated after using refresh button, next tot he search pane.

  • Create different custom resources with the same vRO object type is not supported

    In vRA 7.X it was possible to create different custom resources for the same type. This allowed users to define a different set of create / delete / operate actions for the same vRO type with creating different custom resource types. In vRA 8.x We do not support a case where same vRO_Type can be leveraged from different custom resources. 

  • vRO workflow is not executed through catalog when there is empty input with reference type

    Null pointer exception appears on attempt to request  vRO Workflow with and empty value for the Workflow input with a reference type.

    Workaround: Set a default value for the reference type or make the field mandatory.

  • Unsuccessfully provisionined custom resource can't be deleted from a deployment

    When you request a custom resource, if the workflow run that creates the resource fails, a resource in the deployment service is still created (since we are replying to the initial request with a STARTED status which in turn creates the resource in deployment). This resource cannot be deleted since it doesn't contain the metadata that is added upon successful provisioning of the resource in vRO.

    Workaround: Right after the first attempt to delete the custom resource, a dialog appears which asks you whether you want to force deletion. Say yes to force its deletion.

  • Custom Resource Name is not propagated correctly to the deployment view list

    When you create a custom resource based on vRO_Type, you usually use a comprehensive display name. Currently this display name is not available in the Deployment view. The resource, which appears in the deployment is identified only by its type.

  •  vRO Workflow presentation with an OGNL expression does not render properly when used as a custom day2 operation in vRA.

    Custom Resource Actions with workflows that have OGNL constraints in their presentation may not render properly and it may not be possible to populate all required fields.

  • Cost\Price functionality does not work with shared infrastructure multi-tenancy

    The pricing functionality might report inaccurate results when configured to a multi-tenant deployment where tenants can share infrastructure resources. This is because pricing does not recognize multi-tenancy. The price is calculated only for the org for which vROPs is added and deployments are created. 

  • Deployments with an existing network fail during allocation on vSphere / NSX-v cloud accounts when DRS is disabled on the vSphere cluster.

    When selecting an NSX-V network in the network profile and requesting a deployment with an existing network, the deployment fails during allocation with the message: "Unable to find a common placement for compute...with the network configuration...". This occurs when the vCenter contains clusters with DRS disabled.

    Workaround: Enable DRS on the cluster and include the cluster in the vRA cloud zone, or select a vSphere network in the network profile.

  • Service broker forms do not populate default values set in vRO workflow input

    When vRO workflow has a string input set with default value ,it does not get automatically propagated in the request form when starting the workflow from service broker.

    Workaround: Set the given default value using service broker Custom forms.

  • Service Broker cannot import vRO workflows that have actions in valueList for a string field

    Schema for string field that contains valueList populated by an action cannot be parsed and imported in Service Broker

  • Pulling Docker Images Behind Proxy requires additional configuration

     The ABX service pulls container images from publicly available Internet repositories. If vRA is deployed on an isolated network that does not allow outbound traffic to public sites, a HTTP proxy must be configured. While vRA 8 enables proxy configuration via its CLI, the workflow does not include an automatic setup for the docker service.

     Workaround: Such configuration should be made separately. KB article to be determined.

  • Complex objects with type anyOf are not supported in cloud template request forms

    If the form contains anyOf property for a complex object, anyOf will be visualized as a string dropdown instead of different sets of constrains to validate the input.

    Workaround: Use Enum type instead of anyOf values.

  • When exporting a package using Mozilla Firefox v84, the generated file has a .zip extension instead of .package and cannot be imported in vRO

    When you export a package with Firefox 84.0.2 on MacOS 10.15 the package is saved as a .zip file.

    Workaround: 

    • Use Google Chrome or a different version of Mozilla Firefox
    • Change the file extension from .zip to .package

    Note: In macOS, modify the file from the terminal, as the Finder application does not support changing the file format from a known format to an unknown.

  • Execution of local scripts on a virtual machine via a Workflow “Software-Install-Base” triggered by a vRealize Automation Custom Resource can cause the deployment to fail with an error “An Item with the same key has already been added: Key: LinkedView”.

    If the vRealize Automation Blueprint (or Cloud Template) is setup to execute local scripts via a Custom Resource that references the vRO Workflow “Software-Install-Base” which has a Dynamic Type:DynamicTypes:CustomScript.Script then the deployment fails.

    Workaround: Standup a SaltStack Server to run scripts locally on the machine or use another method of local script execution like cloud-init or ABX, or Code Stream.

  • Custom resource is not automatically deleted when blocking post provisioning Action/workflow fails

    When a custom resource is provisioned via blueprint successfully but there is a blocking post provision subscription whose "Action/workflow" fails, upon deleting the deployment the custom resource will not be automatically deleted. 

    This can be fixed by either manually deleting the resource or by creating and adding a "Recover action/workflow" (that deletes the resource) to the subscription

  • Attempting to accept keys for minions results in a key acceptance job stuck in the "Queued" state in the Activity Tab and the keys are not successfully accepted.

    A regression in this release has been discovered that prevents minion keys from being accepted via the SaltStack Config UI.

    Keys may be accepted on each individual salt-master, either by logging into the salt-master and accepting the keys with salt-key on the CLI, or via a cmd.run, job targeted at a minion running on the master.

  • NEW Deployments fail for blueprints that contain compute tags longer than 256 characters or a key larger than 128 characters

    Deployments fail if a blueprint contains compute tags longer than 256 characters or a key longer than 128 characters.Workaround:

    Workaround: Workaround: Reduce tag or key lengths below the character limits.

  • New vRealize Automation upgrade fails with error code LCMVRAVACONFIG90030 due to password expiration

    During upgrade, when the root password is set to non-expiring {color:#FF0000}or{color} has not been changed in over 365 days, the password is updated to expire immediately. As a result LCM can not connect to vRA to check upgrade status and upgrade fails.Workaround:

    Workaround: Workaround: Update the password before the upgrade.

check-circle-line exclamation-circle-line close-line
Scroll to top icon