VMware vRealize Automation 8.6 | 12 OCT 2021

Check for additions and updates to these release notes.

Release Versions

VRealize Automation 8.6 | 12 October 2021
  • vRA Easy Installer (ISO) build 18747964
  • vRA Product (appliance) build 18747096
  • SaltStack Config build 18703476

Updates made to this document

vRA 8.6 critical patch is now available, refer to KB 86324 (vRA 8.6) and KB 86252 (CExP 10/2021).

Date Description of update Type
10/12/2021 Initial publishing.
10/19/2021 Upgrading to vRA 8.5.1 from vRA 8.5 fails with an error "Upgrade terminated due to critical error" Known Issue
10/19/2021 Upgrading from 8.5.0 may fail to complete Known Issue
10/25/2021 SSC - Minion data (grains) not present in vRealize Automation SaltStack Config after upgrading from 8.5.1 to 8.6 using vRealize Suite Lifecycle Manager Known Issue
10/26/2021 Updating a scheduled runner job fails Resolved Issue
11/30/2021 ABX Actions running on AWS Lambda might fail with an error. Known Issue
12/7/2021 List of critical issues resolved in the latest patch update. Known Issue
12/17/2021 If NSX-V to NSX-T migration is perfomed, it fails after importing vRA_output.json file Resolved Issue
03/02/2022 Added link to KB workaround used to resolve upgrade failure related to the log4j vulnerabilities.

About vRealize Automation 8.6

vRealize Automation 8.6 complements vRealize Automation 8.5.1 capabilities, focusing on XaaS improvements, Azure and puppet and new VCD endpoint integration.


Upgrade failure after performing steps in KB 87120

Performing the instructions used to address the CVE-2021-44228 and CVE-2021-45046 log4j vulnerabilities described in KB 87120 can cause upgrade failures for vRealize Automation and vRealize Orchestrator 8.6.2 or earlier. For a workaround, seeKB 87794.

Before you begin

Familiarize yourself with the supporting documents.

After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in vRealize Automation 8.6 product documentation.

For information on vRealize Orchestrator 8.5 features and limitations, refer to the vRealize Orchestrator 8.6 Release Notes.

vRealize Suite Lifecycle Manager 8.6 supports the installation of vRealize Automation 8.6. For information on vRealize Suite Lifecycle Manager 8.6, see the VMware vRealize Suite Lifecycle Manager 8.6 Release Notes. For information on installing and upgrading vRealize Automation using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.

What's New

The many benefits of vRealize Automation 8.6 include:

VCD Organizations can be added as a Cloud Account in vRA

Customers and partners with existing investment in VCD are now able to leverage vRA for modern template, catalog, pipeline, extensibility, multi-cloud management and governance capabilities while continuing to utilize VCD’s multi-tenanted infrastructure capabilities. VCD Organization owners will add their Org as a cloud account in vRA, map VCD OrgVDCs to vRA Cloud zones and continue to provision and manage IaaS resources into the OrgVDCs. Learn more about using a VCD cloud account.

Support Puppet Enterprise for machines without a public IP address

You can register machines without a public IP address.

Ability to configure name of Azure NIC interfaces

You can use the new API to configure a name of NIC for a VM running on Azure. Learn more about using extensibility actions to configure a NIC name.

Note: This is only supported using API and not using VCT.

Resource Quota policy additional day 2 governance

In this release, vRealize Automation Cloud includes Resource Quota Policy enhancements that add additional support for Day2 actions. Quotas now properly account for Day2 actions that affect allocations including disk and machine resizes. Learn more about resource quota policies.

Ability to add External validation to a custom day2 action

You can apply a complex validation to the user inputs on the custom day2 request form. The validation is run externally as a vRealize Orchestrator action and prevents you from submitting the request form until the validation is complete. Learn more.

New VMware Salt Modules Available

We are pleased to announce the release of Salt modules for vSphere/ESXi, NSX, and VMC. These modules were developed as a collaborative effort between VMware and the Salt Open Community and are available under the Salt GitHub project in 'Salt Extension Modules for VMware'.

Post DR, you can change the network settings of the vRA appliances, including new IP addresses, and continue to manage all workloads not impacted by the same DR event.

In case of a disaster recovery scenario, vRealize Automation is backed up by SRM and is brought up in a backup vCenter. With vRA this release, you can update the network settings, post DR without your vCenters being on a stretched L2. The same applies for the VMware Identity Manager. Please follow the steps in vRealize Automation and Identity Manager re-IP configuration in Site Recovery Manager to update network settings for vRA and vIDM. Note that any failed vCenter workloads are not managed by the newly-active vRA.

API Documentation and Versioning

API documentation is available with the product. To access all Swagger documents from a single landing page, go to https://<appliance.domain.com>/automation-ui/api-docs where appliance.domain.com is your vRealize Automation appliance.

Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API to a version before, you might encounter a change in an API response. As a best practice, use the apiVersion variable to lock your API to the version you want to use. If you do not lock your APIs, the default behavior varies depending upon the API.

  • For Cloud Assembly IaaS APIs, all requests which are executed without the apiVersion parameter will be redirected to the first version which is 2019-01-15. This redirect will allow every user who did not previously specify the apiVersion parameter to transition smoothly to the latest version without experiencing breaking changes.

    NOTE: For the Cloud Assembly IaaS APIs, the latest version is apiVersion=2021-07-15. If left unlocked, IaaS API requests will be redirected to the first version which is 2019-01-15. The first version is deprecated and will be supported for 12 months. To ensure a smooth transition to the new version, lock your IaaS API requests with the apiVersion parameter assigned to 2021-07-15.

  • For other APIs, you can specify the apiVersion parameter to lock your APIs to whatever date you choose.
    • If you want to lock your APIs to the version in effect for vRealize Automation 8.5.1, use apiVersion=2021-09-09.
    • If you want to lock your APIs to the version in effect for vRealize Automation 8.6, use apiVersion=2021-10-12.

    If left unlocked, your API requests will default to the latest version which is apiVersion=2021-10-12.

For more information about API versioning, see the vRealize Automation 8.6 API Programming Guide.

Service Name Service Description API Updates and Changes
ABX Holds all functionality specific to ABX, including creation and management of actions and their versions and executing actions and flows. No change
Approval Enforce policies which control who must agree to a deployment or day 2 action before the request is provisioned No change
Blueprint Create, validate, and provision VMware Cloud Templates (formerly called Blueprints) No change
CMX When using Kubernetes with vRealize Automation, deploy and manage Kubernetes clusters and namespaces. No change
Content Gateway(content service) Connect to your infrastructure as code content in external content sources such as SCM Providers and VMware Marketplace. No change
Custom Forms (form-service) Define dynamic form rendering and customization behavior in Service Broker and Cloud Assembly VMware services. No change
Deployment Access deployment objects and platforms or blueprints that have been deployed into the system. No change
IaaS Perform infrastructure setup tasks, including validation and provisioning of resources in iterative manner. No change
Migration This service is used to quickly setup a vRA 8 instance based on information in a configuration file a.k.a Zero-Setup No change
Project Holds all functionality specific to creation, management and delete of projects No change
Relocation Define policy and plans for bringing existing VMs from any cloud under management. No change
Catalog Access Service Broker catalog items and catalog sources, including content sharing and the request of catalog items. No change
Catalog Service (Policies) Interact with policies created in Service Broker. No change
Code stream all pipeline-service These API provide access to Code Stream services. No Change
Identity Service A list of identity, account and service management APIs. No change

Resolved Issues

The following issues were resolved in this release.

  • Unexpected state of the policy run upon restarting the vRO after migration

    The policies are not automatically started after migration.

  • Configuration Element XML content in the Version History repository contains the encrypted values of secure types when imported through a Package

    After Export and Import of Configuration element which contains a SecureString type, the Configuration Element XML content in the Version History repository contains the encrypted values of secure types.

  • Azure Enumeration fails for BLOB based snapshots

    With this fix, the failing data collection of snapshots, that were created from vhd blobs, is fixed. Prior to this fix, snapshots on the Azure cloud caused the entire Azure data collection to break.

  • Notification link to deployment

    In the event of "deployment lease expired" and "deployment lease expiring" scenarios, deployment owners receive an email which includes a url linking to the corresponding deployment page.

  • "Open redirect" vulnerability in VMware vRO

    Fixed "Open redirect" vulnerability by removing the redirection function from the application.

  • Updating a scheduled runner job fails

    Unable to change the schedule date on a schedule that is executing a job based on salt-run.

  • If NSX-V to NSX-T migration is perfomed, it fails after importing vRA_output.json file

    If NSX-V to NSX-T migration is perfomed, it fails after importing vRA_output.json file with the following error - 'Unrecognized field "syncDueAt" not marked as ignorable'.

Known Issues

The following known issues are present in this release.

  • Upgrading from 8.5.0 may fail to complete

    Starting an iterative upgrade through vRSLCM to vRA 8.5.1 or later on a vRA 8.5.0 system might fail at the vRealize Automation Upgrade/Patch/Internal Network step of Stage 1 about a minute or so after the launch. The previous upgrade, while completed successfully, has not been able to delete its runtime data and leaves the upgrade in an 'in progress' state. Hence, new upgrade cannot be launched.

    Workaround: In this release LCM will make the precheck and notify you for the issue. For information on workaround steps, see KB 85965.

  • Upgrading from vRA 8.5 fails with an error "Upgrade terminated due to critical error"

    Upgrading from vRA 8.5 or vRA 8.5.1 fails with the error "Upgrade terminated due to critical error". Disk space checks show /root at *or near* 100% utilization.

    Workaround: For information on workaround steps, see KB 85864.

  • SSC - Minion data (grains) not present in vRealize Automation SaltStack Config after upgrading 8.5.1 to 8.6 using vRealize Suite Lifecycle Manager

    After upgrading vRA SSC with vRSLCM from 8.5.1 to 8.6, you are unable to view minion grain or activity data in the SSC UI.

    Expected Behavior:  View grain and activity data from the SSC UI.

    Actual Behavior: Grain and activity data isn't being displayed in the SSC UI.

    Troubleshooting: Execute a salt <minion_name> grains.items on the CLI and verify grain data is returned.

    Manually restart raas and salt-master(s) after the upgrade has successfully completed. Issue the following commands:

    • systemctl restart raas
      • Issue on the SSC instance
    • systemctl restart salt-master
      • Issue on each of your Salt masters
  • ABX Actions running on AWS Lambda might fail with an error.

     Due to a minor change in the AWS Lambda service, ABX Actions run on AWS Lambda might fail with the following error:

    'Error com.amazonaws.services.lambda.model.ResourceConflictException: The operation cannot be performed at this time. The function is currently in the following state: Pending'.

    Workaround: The first trigger of the ABX action after the action was created or updated will most likely fail, but if you wait for a couple of seconds and try again, it should work as expected, and it should continue to work as expected until the action is updated and this requires ABX to update the backing AWS Lambda function.

  • List of critical issues that are resolved in the latest patch update available

    • System runs out of disk space on /var/log, UI becomes inaccessible due to failing disk health check, logs of services are lost
    • Upgrade progress monitor might not detect if VAMI installation has exited abnormally, waits indefinitely
    • Patch installer ignores RPM exclusion list, may affect installation of other patches.
    • Log bundle collector skips older infra logs and configuration files, might complicate troubleshooting

    Workaround: Fix with latest cumulative patch: KB 86324 (vRA 8.6) and KB 86252 (CExP 10/2021)

  • Configuring the IP Address RELEASED period does not work in a multi-tenant environment.

    The task that runs globally to move IP addresses from RELEASED to AVAILABLE is not tenant-aware. In a multi-tenant environment, where one or more tenants has configured an IP address timeout, only one timeout value is applied to all the tenants.

    This issue is being addressed and will be resolved in a future release.

    Workaround: None

  • When updating a vSphere machine to connect to a different network, an error occurs if the machine type is Windows and the cloud template does not specify a customization spec

    If a customization spec does not exist in the cloud account, a failure occurs when updating a deployed vSphere machine with Windows OS to connect to a different network. The error message is: Error from vCenter: A specified parameter was not correct: spec.identity.

    The error occurs because vRealize Automation does not detect the machine type as Windows and creates a customization suitable for a Linux machine.

    You can reconfigure the network on the deployed machine by using the Actions -> Update menu sequence or by performing an iterative deployment update.

    Workaround: Specify a customization spec in the cloud template in the machine component's customizationSpec section.

  • Incorrectly dropped or placed elements in Cloud Templates break the UI page

    In Firefox, using drag and drop can sometimes redirect the page. When dragging a resource node, dropping it outside of the canvas could also cause page redirection in Firefox.

    Workaround: Drop resource in canvas and delete it instead.

  • Custom Resource Subscriptions not available for Custom resource based on ABX

    Despite the fact the vRA 8.5.1 introduced ABX based custom resources, there are some limitations such as: Cloud admins are still not able to include ABX based resources in event based subscriptions.

  • Timeout exception appears during deployment update of ABX based custom resource

    When you update an ABX based custom resource deployment, you might see a ''504 Gateway Time-out issue" error. The error appears in the event of an ABX read action failure.

  • Exceptions for READ operation are not properly processed

    If a back-end error happens for deployment iterative updates, only a generic error message is shown. From server logs, a detailed error message is shown. However, due to the exception being handled not properly, only a generic error message is displayed in the UI.

  • Request tracker is not working for resource views

    On the All resources page, after selecting a machine and performing any day 2 action, the request tracker does not appear unless a manual refresh is initiated.

Changed and Deprecated Functionality


check-circle-line exclamation-circle-line close-line
Scroll to top icon