VMware vRealize Automation 8.5.1 | 16 SEP 2021

Check for additions and updates to these release notes.

Release Versions

VRealize Automation 8.5.1 | 16 September 2021
  • vRA Easy Installer (ISO) build 18627676
  • vRA Product (appliance) build 18627002
  • SaltStack Config build 18565512

Updates made to this document

Date Description of update Type
09/16/2021 Initial publishing.
10/07/2021 Failed to start upgrade to 8.5.1 Known Issue
10/08/2021 The vRealize Orchestrator Control Center password is reset to its initial value after service redeployment. Known Issue
10/19/2021 Upgrading from 8.5.0 may fail to complete Known Issue
10/19/2021 Upgrading to vRA 8.5.1 from vRA 8.5 fails with an error "Upgrade terminated due to critical error" Known Issue

About vRealize Automation 8.5.1

vRealize Automation 8.5.1 adds to the vRealize Automation 8.5 capabilities focusing on the areas of multi-cloud support with Azure, XaaS improvements with ABX custom resources and vRO, as well as expansion of network automation capabilities with vSphere, VMC and Azure. Pipeline automation now supports Docker and Kubernetes tasks.

Before you begin

Familiarize yourself with the supporting documents.

After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in vRealize Automation 8.5 product documentation.

For information on vRealize Orchestrator 8.5 features and limitations, refer to the vRealize Orchestrator 8.5 Release Notes.

What's New

The many benefits of vRealize Automation 8.5.1 include:

New "Project Supervisor" role for approvals

This release introduces a new out of the box role called "Project Supervisor" which can be used for approving deployment requests. Any user with this role can serve as an approver only for that specific Project. Learn more.

Onboard vSphere networks

You can onboard vSphere network objects along with the VM while executing the onboarding plan. When a VM is onboarded, the attached vSphere network object is also onboarded and the network object is shown on the deployment canvas.

Indicate vRO based catalog item status

Based on the status of vRO workflow, you can see if any items are valid/invalid/out of sync.

SaltStack SecOps: New Benchmark for RHEL8 (CIS)

New certified compliance benchmark for Red Hat Enterprise Linux version 8 based on the Center for Internet Security (CIS) standards. This new benchmark allows the scanning and automated remediation of RHEL8 through the SaltStack SecOps add-on for vRealize Automation.

Custom Resources with extensibility actions

Application architects can use extensibility actions in cloud templates to build complex applications. They can create custom resources based on extensibility actions and assess lifecycle operation and day2 context actions.

The extensibility action script can return text that can be directly populated as a custom component on the design canvas. Learn More.

Kubernetes support in Code Stream Workspace

The Code Stream pipeline workspace now supports Docker and Kubernetes for continuous integration tasks. The Kubernetes platform manages the entire lifecycle of the container, similar to Docker. In the pipeline workspace, you can choose Docker (the default selection) or Kubernetes. In the workspace, you select the appropriate endpoint. The Kubernetes workspace provides:

  • The builder image to use
  • Image registry
  • Namespace
  • Node port
  • Persistent Volume Claim
  • Working directory
  • Environment variables
  • CPU limit
  • Memory limit.

You can also choose to create a clone of the Git repository.

Ability to configure machine tags in VCT for VMs deployed in VMC

You can configure machine tags for a VM deployed on VMC and update the tag after initial deployment. These tags are used to dynamically assign a VM to an appropriate security group. This builds on similar capability introduced for NSX-T in earlier vRA release.

Ability to change default Active Directory OU settings after VM provisioning.

You can now configure a special custom property in the YAML template and move machines to a different OU after the post provisioning task.

Cloud Templates with dynamic vRO inputs

You can now leverage dynamic inputs in native Cloud Templates when vRO workflow based dynamic values are enabled in Cloud Templates input.

Allow IPAM settings to be an input property on machine NIC component in the blueprint

Prior to this feature, IPAM properties always come from the network that the nic targets to. This feature allows customers to directly set gateway addresses, domain, dns and dns search domain via VCT and ignore the properties from the network.

Other Support Improvements

Realize Suite Lifecycle Manager 8.4.1 Product Support Pack 2 supports the installation of vRealize Network Insight 6.3. See VMware vRealize Suite Lifecycle Manager 8.4 Release Notes. To install and upgrade vRealize Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.

API Documentation and Versioning

API documentation is available with the product. To access all Swagger documents from a single landing page, go to https://<appliance.domain.com>/automation-ui/api-docs where appliance.domain.com is your vRealize Automation appliance.

Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API to a version before, you might encounter a change in an API response. As a best practice, use the apiVersion variable to lock your API to the version you want to use. If you do not lock your APIs, the default behavior varies depending upon the API.

  • For Cloud Assembly IaaS APIs, all requests which are executed without the apiVersion parameter will be redirected to the first version which is 2019-01-15. This redirect will allow every user who did not previously specify the apiVersion parameter to transition smoothly to the latest version without experiencing breaking changes.

    NOTE: For the Cloud Assembly IaaS APIs, the latest version is apiVersion=2021-07-15. If left unlocked, IaaS API requests will be redirected to the first version which is 2019-01-15. The first version is deprecated and will be supported for 12 months. To ensure a smooth transition to the new version, lock your IaaS API requests with the apiVersion parameter assigned to 2021-07-15.

  • For other APIs, you can specify the apiVersion parameter to lock your APIs to whatever date you choose.
    • If you want to lock your APIs to the version in effect for vRealize Automation 8.5, use apiVersion=2021-08-12.
    • If you want to lock your APIs to the version in effect for vRealize Automation 8.5.1, use apiVersion=2021-09-09.

    If left unlocked, you API requests will default to the latest version which is apiVersion=2021-09-09.

For more information about API versioning, see the vRealize Automation 8.5 API Programming Guide.

Service Name Service Description API Updates and Changes
ABX Holds all functionality specific to ABX, including creation and management of actions and their versions and executing actions and flows. No change
Approval Enforce policies which control who must agree to a deployment or day 2 action before the request is provisioned No change
Blueprint Create, validate, and provision VMware Cloud Templates (formerly called Blueprints) No change
CMX When using Kubernetes with vRealize Automation, deploy and manage Kubernetes clusters and namespaces. No change
Content Gateway(content service) Connect to your infrastructure as code content in external content sources such as SCM Providers and VMware Marketplace. No change
Custom Forms (form-service) Define dynamic form rendering and customization behavior in Service Broker and Cloud Assembly VMware services. No change
Deployment Access deployment objects and platforms or blueprints that have been deployed into the system. No change
IaaS Perform infrastructure setup tasks, including validation and provisioning of resources in iterative manner. No change
Migration This service is used to quickly setup a vRA 8 instance based on information in a configuration file a.k.a Zero-Setup No change
Project Holds all functionality specific to creation, management and delete of projects No change
Relocation Define policy and plans for bringing existing VMs from any cloud under management. No change
Catalog Access Service Broker catalog items and catalog sources, including content sharing and the request of catalog items. No change
Catalog Service (Policies) Interact with policies created in Service Broker. No change
Code stream all pipeline-service These API provide access to Code Stream services. Workspace section in pipeline has two new fields to support k8s based workspaces.​

POST /codestream​/api​/pipelinesGET ​/codestream​/api​/pipelines/{id}

GET ​/codestream​/api​/pipelines/{project-name}/{pipeline-name}.workspace

in the request/response payloadWorkspace Type: Two new fields are added "type" - indicates type of workspace (defaults to docker and backward compatible)"customProperties" - a key value pair to customise k8s workspace

Identity Service A list of identity, account and service management APIs. No change

Resolved Issues

The following issues were resolved in this release.

  • Missing algorithmParameters for LB error not handled properly

    For the algorithms: HTTP_HEADER and URL, without algorithmParameters the yaml validation error is not clear. The algorithm URI also requires algorithmParameters but it does not show yaml validation error.

  • Change Security day2 operation to remove association with VMs for migrated deployments

    Change Security Groups/Reconfigure (Existing type Security Group) day 2 operation to remove association with VM’s for Deployments migrated from VRA 7.x to VRA 8.x are not supported for NSX-V endpoints. In vRealize Automation, the UI depicts that disassociation was complete, however the NSX-V endpoint still reflects the association.

  • When clicking on an AWS instance in the UI, the control jumps to the S3 bucket

    This only occurs when using a Chrome browser. When the user clicks on the side panel tree, the tree scrolls to the top.

  • The vRealize Orchestrator container restarts when over 5000 actions are run for the purpose of catalog item population.

    This issue was tested in an environment where 250 catalog items, each running over 20 vRealize Orchestrator actions, were run in parallel. This causes all available Tomcat threads to be exhausted, which in turn causes a vRealize Orchestrator container restart due to a health check probe fail.

  • Running any action from a vRealize Orchestrator Client embedded in a vRealize Automation in an external vRealize Orchestrator deployment returns the following: Action execution with id: was not found.

    This occurs when a user wants to run or debug an action in an external vRealize Orchestrator cluster while triggering it from an embedded vRealize Orchestrator Client. The external vRealize Orchestrator cluster must be added as an integration in vRealize Automation.

  • The vSSC photon appliace is missing libraries required to deploy Windows minions

    The vSSC photon appliance is missing libraries required to deploy Windows minions. The .ova requires pypsexec, smbprotocol, and impacket to be installed, in order to successfully deploy/configure windows minions.

  • Deployment created successfully but doesn't contain any resources

    Deployment is created successfully, but it doesn't contain any resources. When the VCT is empty, the user can deploy the VCT.

  • Catalog service restarted every 2-3 days

    The Catalog service pods are getting restarted every 2-3 days. The Catalog service container memory grows slowly and tries to take more than the assigned limit which results in Kubernetes terminating and restarting the catalog service container.

  • Cloud Assembly inputs validation is missing when using some reserved name

    In Cloud Assembly, when defining some inputs there's no validation which eventually causes conflict when promoting the template to service broker.

  • Workflow with input of type properties and widget multi value picker does not fill widget correctly

    Using an action that returns a "Properties" type for the default value of the multi value picker widget results in having empty keys in the value column.

  • Object input is not working when used with expression

    Object input is failing when used with a complex expression in array notation. For example:

    formatVersion: 1inputs:  disks:    type: array    minItems: 2    maxItems: 2    items:      type: object      properties:        name:          type: string        capacityGB:          type: integerresources:  disk:    type: Cloud.Volume    allocatePerInstance: true    properties:      name: '${input.disks[count.index % length(input.disks)].name}'      capacityGb: '${input.disks[count.index % length(input.disks)].capacityGB}'      count: '${length(input.disks) * 2}'  machine:    type: Cloud.Machine    allocatePerInstance: true    properties:      image: ubuntu      flavor: small      count: '${length(input.disks)}'      attachedDisks: '${map_to_object(slice(resource.disk[*].id, 2*count.index, 2*(count.index + 1)), "source")}'
  • Deployments are failing when compute tags longer than 256 characters are used

    Post upgrade to 8.4, deployments are failing for Cloud Templates with compute tags having length greater than 256 characters or key greater than 128 characters.

  • Custom Resources are not available in Cloud Template after Activating it.

    The Custom Resource should be available in the Cloud Template, once it is activated.

  • Custom Forms ValuePicker and MultiValuePicker additionally filters data when requested from getExternalValues

    When searching with a specific term, there are search results that are not shown in the UI component dropdown. The Value Picker and Multi-Value Picker do not show results whose label or value do not contain the search term. This can be observed when we search for username in the Active directory and we know that there are search results, but value picker does not show them, because the user's Display Name did not contain his username. 

  • After upgrading from 8.1 to 8.3 Windows deployments fails when running a wrapper workflow [Wrapped ch.dunes.scripting.server.polyglot.PolyglotRunnerException:

    Polyglot powercli scripts fail with "An item with the same key has already been added. Key: LinkedView". This is caused by a VMHost powercli object that cannot be parsed into JSON.

Known Issues

The following known issues are present in this release.

  • Upgrading from 8.5.0 may fail to complete

    Starting an iterative upgrade trhough vRSLCM to vRA 8.5.1 or later on a vRA 8.5.0 system fails at the vRealize Automation Upgrade/Patch/Internal Network step of Stage 1 about a minute or so after the launch. The previous upgrade, while completed successfully, has not been able to delete its runtime data and leaves the upgrade in in progress state. Hence, new upgrade cannot be launched.

    Workaround: For information on workaround steps, see KB 85965.

  • Upgrading to vRA 8.5.1 from vRA 8.5 fails with an error "Upgrade terminated due to critical error"

    Upgrading to vRA 8.5.1 or later version fails with the error "Upgrade terminated due to critical error". Disk space checks show /root at *or near* 100% utilization.

    Workaround: For information on workaround steps, see KB 85864.

  • The vRealize Orchestrator Control Center password is reset to its initial value after service redeployment.

    After the vRealize Orchestrator Appliance is deployed, you can change the Control Center password by running the vracli vro update-cc-password command. However, after running the /opt/scripts/deploy.sh script to redeploy the vRealize Orchestrator services, the Control Center password is reset to its initial value.

  • Exceptions for READ operation are not properly processed

    If a back-end error happens for deployment iterative updates, only a generic error message is shown. From server logs, a detailed error message is shown. However, due to the exception being handled not properly, only a generic error message is displayed in the UI.

  • Incorrectly dropped or placed elements in Cloud Templates break the UI page

    In Firefox, using drag and drop can sometimes redirect the page. When dragging a resource node, dropping it outside of the canvas could also cause page redirection in Firefox.

    Workaround: Drop resource in canvas and delete it instead.

  • Custom Resource Subscriptions not available for Custom resource based on ABX

    Despite the fact the vRA 8.5.1 introduced ABX based custom resources, there are some limitations such as: Cloud admins are still not able to include ABX based resources in event based subscriptions.

  • Timeout exception appears during deployment update of ABX based custom resource

    When you update an ABX based custom resource deployment, you might see a ''504 Gateway Time-out issue" error. The error appears in the event of an ABX read action failure.

  • Request tracker is not working for resource views

    When a day 2 action is performed on a resource in resource view, the status tracker does not show on the UI to indicate the action is in progress and when the action is completed, the UI does not refresh automatically to show the completion of the action.

    Workaround: Manually refresh for request status updates.

Changed and Deprecated Functionality


check-circle-line exclamation-circle-line close-line
Scroll to top icon