VMware vRealize Automation 8.6 | 12 OCT 2021
Check for additions and updates to these release notes.
|VRealize Automation 8.6 | 12 October 2021
Updates made to this document
|Date||Description of update||Type|
|10/19/2021||Upgrading to vRA 8.5.1 from vRA 8.5 fails with an error "Upgrade terminated due to critical error"||Known Issue|
|10/19/2021||Upgrading from 8.5.0 may fail to complete||Known Issue|
|10/25/2021||SSC - Minion data (grains) not present in vRealize Automation SaltStack Config after upgrading from 8.5.1 to 8.6 using vRealize Suite Lifecycle Manager||Known Issue|
|10/26/2021||Updating a scheduled runner job fails||Resolved Issue|
|11/30/2021||ABX Actions running on AWS Lambda might fail with an error.||Known Issue|
|12/7/2021||List of critical issues resolved in the latest patch update.||Known Issue|
|12/17/2021||If NSX-V to NSX-T migration is perfomed, it fails after importing vRA_output.json file||Resolved Issue|
|03/02/2022||Added link to KB workaround used to resolve upgrade failure related to the log4j vulnerabilities.|
vRealize Automation 8.6 complements vRealize Automation 8.5.1 capabilities, focusing on XaaS improvements, Azure and puppet and new VCD endpoint integration.
Upgrade failure after performing steps in KB 87120
Performing the instructions used to address the CVE-2021-44228 and CVE-2021-45046 log4j vulnerabilities described in KB 87120 can cause upgrade failures for vRealize Automation and vRealize Orchestrator 8.6.2 or earlier. For a workaround, seeKB 87794.
Familiarize yourself with the supporting documents.
After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in vRealize Automation 8.6 product documentation.
For information on vRealize Orchestrator 8.5 features and limitations, refer to the vRealize Orchestrator 8.6 Release Notes.
vRealize Suite Lifecycle Manager 8.6 supports the installation of vRealize Automation 8.6. For information on vRealize Suite Lifecycle Manager 8.6, see the VMware vRealize Suite Lifecycle Manager 8.6 Release Notes. For information on installing and upgrading vRealize Automation using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.
The many benefits of vRealize Automation 8.6 include:
VCD Organizations can be added as a Cloud Account in vRA
Customers and partners with existing investment in VCD are now able to leverage vRA for modern template, catalog, pipeline, extensibility, multi-cloud management and governance capabilities while continuing to utilize VCD’s multi-tenanted infrastructure capabilities. VCD Organization owners will add their Org as a cloud account in vRA, map VCD OrgVDCs to vRA Cloud zones and continue to provision and manage IaaS resources into the OrgVDCs. Learn more about using a VCD cloud account.
Support Puppet Enterprise for machines without a public IP address
You can register machines without a public IP address.
Ability to configure name of Azure NIC interfaces
You can use the new API to configure a name of NIC for a VM running on Azure. Learn more about using extensibility actions to configure a NIC name.
Note: This is only supported using API and not using VCT.
Resource Quota policy additional day 2 governance
In this release, vRealize Automation Cloud includes Resource Quota Policy enhancements that add additional support for Day2 actions. Quotas now properly account for Day2 actions that affect allocations including disk and machine resizes. Learn more about resource quota policies.
Ability to add External validation to a custom day2 action
You can apply a complex validation to the user inputs on the custom day2 request form. The validation is run externally as a vRealize Orchestrator action and prevents you from submitting the request form until the validation is complete. Learn more.
New VMware Salt Modules Available
We are pleased to announce the release of Salt modules for vSphere/ESXi, NSX, and VMC. These modules were developed as a collaborative effort between VMware and the Salt Open Community and are available under the Salt GitHub project in 'Salt Extension Modules for VMware'.
Post DR, you can change the network settings of the vRA appliances, including new IP addresses, and continue to manage all workloads not impacted by the same DR event.
In case of a disaster recovery scenario, vRealize Automation is backed up by SRM and is brought up in a backup vCenter. With vRA this release, you can update the network settings, post DR without your vCenters being on a stretched L2. The same applies for the VMware Identity Manager. Please follow the steps in vRealize Automation and Identity Manager re-IP configuration in Site Recovery Manager to update network settings for vRA and vIDM. Note that any failed vCenter workloads are not managed by the newly-active vRA.
API documentation is available with the product. To access all Swagger documents from a single landing page, go to https://<appliance.domain.com>/automation-ui/api-docs where appliance.domain.com is your vRealize Automation appliance.
Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API to a version before, you might encounter a change in an API response. As a best practice, use the apiVersion variable to lock your API to the version you want to use. If you do not lock your APIs, the default behavior varies depending upon the API.
NOTE: For the Cloud Assembly IaaS APIs, the latest version is apiVersion=2021-07-15. If left unlocked, IaaS API requests will be redirected to the first version which is 2019-01-15. The first version is deprecated and will be supported for 12 months. To ensure a smooth transition to the new version, lock your IaaS API requests with the apiVersion parameter assigned to 2021-07-15.
If left unlocked, your API requests will default to the latest version which is apiVersion=2021-10-12.
For more information about API versioning, see the vRealize Automation 8.6 API Programming Guide.
|Service Name||Service Description||API Updates and Changes|
|ABX||Holds all functionality specific to ABX, including creation and management of actions and their versions and executing actions and flows.||No change|
|Approval||Enforce policies which control who must agree to a deployment or day 2 action before the request is provisioned||No change|
|Blueprint||Create, validate, and provision VMware Cloud Templates (formerly called Blueprints)||No change|
|CMX||When using Kubernetes with vRealize Automation, deploy and manage Kubernetes clusters and namespaces.||No change|
|Content Gateway(content service)||Connect to your infrastructure as code content in external content sources such as SCM Providers and VMware Marketplace.||No change|
|Custom Forms (form-service)||Define dynamic form rendering and customization behavior in Service Broker and Cloud Assembly VMware services.||No change|
|Deployment||Access deployment objects and platforms or blueprints that have been deployed into the system.||No change|
|IaaS||Perform infrastructure setup tasks, including validation and provisioning of resources in iterative manner.||No change|
|Migration||This service is used to quickly setup a vRA 8 instance based on information in a configuration file a.k.a Zero-Setup||No change|
|Project||Holds all functionality specific to creation, management and delete of projects||No change|
|Relocation||Define policy and plans for bringing existing VMs from any cloud under management.||No change|
|Catalog||Access Service Broker catalog items and catalog sources, including content sharing and the request of catalog items.||No change|
|Catalog Service (Policies)||Interact with policies created in Service Broker.||No change|
|Code stream all pipeline-service||These API provide access to Code Stream services.||No Change|
|Identity Service||A list of identity, account and service management APIs.||No change|
The following issues were resolved in this release.
Unexpected state of the policy run upon restarting the vRO after migration
The policies are not automatically started after migration.
Configuration Element XML content in the Version History repository contains the encrypted values of secure types when imported through a Package
After Export and Import of Configuration element which contains a SecureString type, the Configuration Element XML content in the Version History repository contains the encrypted values of secure types.
Azure Enumeration fails for BLOB based snapshots
With this fix, the failing data collection of snapshots, that were created from vhd blobs, is fixed. Prior to this fix, snapshots on the Azure cloud caused the entire Azure data collection to break.
Notification link to deployment
In the event of "deployment lease expired" and "deployment lease expiring" scenarios, deployment owners receive an email which includes a url linking to the corresponding deployment page.
"Open redirect" vulnerability in VMware vRO
Fixed "Open redirect" vulnerability by removing the redirection function from the application.
Updating a scheduled runner job fails
Unable to change the schedule date on a schedule that is executing a job based on salt-run.
If NSX-V to NSX-T migration is perfomed, it fails after importing vRA_output.json file
If NSX-V to NSX-T migration is perfomed, it fails after importing vRA_output.json file with the following error - 'Unrecognized field "syncDueAt" not marked as ignorable'.
The following known issues are present in this release.
Upgrading from 8.5.0 may fail to complete
Starting an iterative upgrade through vRSLCM to vRA 8.5.1 or later on a vRA 8.5.0 system might fail at the vRealize Automation Upgrade/Patch/Internal Network step of Stage 1 about a minute or so after the launch. The previous upgrade, while completed successfully, has not been able to delete its runtime data and leaves the upgrade in an 'in progress' state. Hence, new upgrade cannot be launched.
Workaround: In this release LCM will make the precheck and notify you for the issue. For information on workaround steps, see KB 85965.
Upgrading from vRA 8.5 fails with an error "Upgrade terminated due to critical error"
Upgrading from vRA 8.5 or vRA 8.5.1 fails with the error "Upgrade terminated due to critical error". Disk space checks show /root at *or near* 100% utilization.
Workaround: For information on workaround steps, see KB 85864.
SSC - Minion data (grains) not present in vRealize Automation SaltStack Config after upgrading 8.5.1 to 8.6 using vRealize Suite Lifecycle Manager
After upgrading vRA SSC with vRSLCM from 8.5.1 to 8.6, you are unable to view minion grain or activity data in the SSC UI.
Expected Behavior: View grain and activity data from the SSC UI.
Actual Behavior: Grain and activity data isn't being displayed in the SSC UI.
Troubleshooting: Execute a salt <minion_name> grains.items on the CLI and verify grain data is returned.
Manually restart raas and salt-master(s) after the upgrade has successfully completed. Issue the following commands:
ABX Actions running on AWS Lambda might fail with an error.
Due to a minor change in the AWS Lambda service, ABX Actions run on AWS Lambda might fail with the following error:
'Error com.amazonaws.services.lambda.model.ResourceConflictException: The operation cannot be performed at this time. The function is currently in the following state: Pending'.
Workaround: The first trigger of the ABX action after the action was created or updated will most likely fail, but if you wait for a couple of seconds and try again, it should work as expected, and it should continue to work as expected until the action is updated and this requires ABX to update the backing AWS Lambda function.
List of critical issues that are resolved in the latest patch update available
Configuring the IP Address RELEASED period does not work in a multi-tenant environment.
The task that runs globally to move IP addresses from RELEASED to AVAILABLE is not tenant-aware. In a multi-tenant environment, where one or more tenants has configured an IP address timeout, only one timeout value is applied to all the tenants.
This issue is being addressed and will be resolved in a future release.
When updating a vSphere machine to connect to a different network, an error occurs if the machine type is Windows and the cloud template does not specify a customization spec
If a customization spec does not exist in the cloud account, a failure occurs when updating a deployed vSphere machine with Windows OS to connect to a different network. The error message is: Error from vCenter: A specified parameter was not correct: spec.identity.
The error occurs because vRealize Automation does not detect the machine type as Windows and creates a customization suitable for a Linux machine.
You can reconfigure the network on the deployed machine by using the Actions -> Update menu sequence or by performing an iterative deployment update.
Workaround: Specify a customization spec in the cloud template in the machine component's customizationSpec section.
Incorrectly dropped or placed elements in Cloud Templates break the UI page
In Firefox, using drag and drop can sometimes redirect the page. When dragging a resource node, dropping it outside of the canvas could also cause page redirection in Firefox.
Workaround: Drop resource in canvas and delete it instead.
Custom Resource Subscriptions not available for Custom resource based on ABX
Despite the fact the vRA 8.5.1 introduced ABX based custom resources, there are some limitations such as: Cloud admins are still not able to include ABX based resources in event based subscriptions.
Timeout exception appears during deployment update of ABX based custom resource
When you update an ABX based custom resource deployment, you might see a ''504 Gateway Time-out issue" error. The error appears in the event of an ABX read action failure.
Exceptions for READ operation are not properly processed
If a back-end error happens for deployment iterative updates, only a generic error message is shown. From server logs, a detailed error message is shown. However, due to the exception being handled not properly, only a generic error message is displayed in the UI.
Request tracker is not working for resource views
On the All resources page, after selecting a machine and performing any day 2 action, the request tracker does not appear unless a manual refresh is initiated.