Release Versions

About vRealize Automation 8.8

Before you begin

What's New

• Support file upload component in Custom Forms

  You now can employ file uploads as part of their form inputs with these limitations:

  1. File uploads are deactivated when used as o11n action parameters.

  2. There is a hard limit of the maximum size of all files in the form set to 768KB.

  3. There is a hard limit of the maximum size of the form input request when provisioning a Custom Resource set to 768KB.

   

• Support change owner Day2 action for single user that is part of an AD group

  Support changing deployment owner to users that are part of AD groups which are project administrator or project member.

  Note: If user is a project viewer or supervisor, they are not eligible to be owner of a deployment.

• Allow global configuration of memory allocation limits

  A global configuration property has been added that sets the maximum memory allocation amount on an individual host or cluster for the entire org.

• Azure properties under protectedSettings is now encrypted

  The Azure provisioning extension property under protectedSettings is now encrypted.  

• vRA Migration Assistant supports vRA 7.6 only

  Changed and Deprecated Functionality:

  With this release, vRealize Automation supports migrations through the Migration Assistant from vRealize Automation 7.6 only. You can still perform a migration assessment for older versions.

  Option to migrate vRA 7.5 or below versioned sources is to upgrade the source to 7.6. Once the source upgrade to 7.6 is complete, edit the migration source in the migration tool so that the tool can take into account the change in the version of the source. There's no need to run assessment again as the update will be picked up automatically.

• Enhance day-2 operations for TKGs clusters- Update K8s version, Update Tanzu Cluster VM classes, Scale worker nodes

  VRealize Automation now supports day-2 operations for TKGs cluster to add further automation . When you have provisioned Tanzu Kubernetes Cluster as Deployment, you can execute one of these operations:

  • Update Kubernetes version - You can choose from the dropdown one of the available version that you can update

  • Update Tanzu Cluster workers count - Update workers count by typing number in the dialog box

  • Update Tanzu Cluster VM classes - Update vm classes of control plane nodes and worker nodes, you can choose the class from available classes in the dropdowns

   

• Approval policy now includes multi-level approvals

  Approval policies now include multi-level approvals. Approvals can be set to specific levels, with all matching policies firing sequentially based upon the criteria selected. This includes a revamped approval progress screen to show the levels currently pending or approved, and the approver pending a decision to better inform the end-user of their approval flow status. Learn more.

• Provisioning now supports an approval policy with limit > 2 days

   The Project's request timeout value has been disassociated with the allocation timeout for provisioning service objects, and vRealize Automation now sets that to a value greater than the maximum approval policy period. Customers should no longer see errors at provisioning time for objects that were pending approval for more than 2 days.

• Request ID is now displayed in deployment request history

  Request ID is now displayed for each action on the deployment History tab. You can leverage this information for debugging and billing purposes.

• Disk resizing and VM tagging - Scale and minor feature fixes in vRA/VCD integration

  Disk resizing and VM updates now:

  • Introduces disk resizing capability

  • Updating the sizing policy of a deployed VM in VCD

  • Supports VM Tagging

  • Supports VMs in vRA tagging and updating

• Custom forms supports workflows with legacy presentations from vRO java client

  Custom forms in vRA now support workflows with legacy presentations from the vRO java client.

• Ability to provision NSX-T On-Demand VLAN Segments - VCT support

  You can now provision NSX-T VLAN segments by specifying one or more VLAN IDs on private NSX network type. This can be used in cases where your overall design prohibits you from provisioning overlay networks on NSX-T. As part of this feature, we also collect and display information about VLAN transport zones which should be selected in network profile in order to give ability for VLAN networks to be created. Learn more.

• Custom Naming has been revamped to include expanded functionality.

  Custom Naming has been revamped to include expanded functionality:

  • Scoping has been expanded to be either single project, multiple projects, or full org

  • Templates can now be assigned at a per-resource level which include: compute, network, storage, load balancer, resource group, gateway, NAT and security group

  • Counters are now configurable for starting and increment value, and will increment sequentially

  • Validation for compute name uniqueness is now available and will check against all objects vRA manages or discovers

  • Matching patterns allow for specific strings within a per-resource naming template to increment independent of one another

API Documentation and Versioning

Resolved Issues

• Resource Actions and Custom Resources (that have additional actions added) must include the "tenant" (orgId) property to their "formDefinition".

  When trying to create Resource Actions or Custom Resources (that have additional actions added) with a custom formDefinition that does not have a "tenant" property will not be able to create their definitions from vRA 8.8.0 onwards.

• Behaviour Change: Deployment failures occur when static IP assignments are used with “Network Configure” extensibility event

  Behaviour Change: Deployment failures occur when static IP assignments are used with “Network Configure” extensibility event

  In Cloud Templates, when "assignment: static" is used for a VM network interface, a network with IP ranges configured will be selected during allocation. If there are no networks with IP ranges configured in network profile(s) then allocation fails.

  The "assignment: static" should only be used for a VM network interface when using a vRA internal IPAM or an external IPAM with static IP ranges. If the static IP is allocated via the "Network Configure" extensibility event custom solution then the "assignment: static" should not be used for a VM network interface in the Cloud Template. This results in an allocation failure.

  Workaround - If the static IP is allocated via the "Network Configure" extensibility event custom solution and allocation is failing with Error: 'Unable to find common placement for compute <vm-name> and its associated network', then remove the "assignment: static" from the VM network interface in the Cloud Template and retry.

• Resource Actions and Custom Resources (that have additional actions added) must include the "tenant" (orgId) property to their "formDefinition".

  This affects users that explicitly set their formDefinition without providing "tenant" property with it for the aforementioned features (e.g. API users).

• Spring is updated to 5.3.latest due to CVE-2022-22965

  A recently, privately reported issue in spring-framework was made public on March 30. An application using spring-framework might be vulnerable to remote code execution (RCE) via data binding.

  The specific exploit requires the application to be packaged as a WAR and deployed to:

  • Apache Tomcat.

  • CVE-2022-22965

  Supported versions

  • Spring Framework 5.3.0 to 5.3.17

  • Spring Framework 5.2.0 to 5.2.19

    Unsupported versions

  • Unsupported versions are also affected

   Resolution: We have updated the automation-platform and all vRA services that had the dependencies.

• Input field is Unable to read the data of readOnly field with Default value comes from External source

  When creating readOnly fields with dynamic value in the blueprints, they are translated to readOnly fields in the custom form. When the default custom form is used for a request the request passes, but when a customized form is used the request fails with '<readonly field id> is required'.

• Invoke a REST operation - Some tabs disappear when opening the workflow presentation

  Some tabs disappear when opening the workflow presentation. This happens when there is external source binding for the "visibility" property of a form element. When the form renders, all fields are visible by default, but based on the external source's response some form elements can become invisible.

• Leading a target-group search with a space breaks the search feature

  Leading a search for target-groups with a space causes the search feature to break. You will experience an infinite spinning wheel and an inability to view your target groups.

• Cannot create Cluster Plan when Vsphere endpoint is using proxy

  The Cmx agent is missing in the extensibility proxy and this results in a problem retrieving Kubernetes versions. If extensibility proxy is enabled for vsphere endpoint this can make all supervisor functionalities unable to work. 

• SSC: Leading a target-group search with a space breaks the search feature

  Leading a search for target-groups with a space causes the search feature to break. You will experience an infinite spinning wheel and an inability to view your target groups.

• Salt configuration CREATE with job id [] failed. Error:: : Minion deployment and/or state file run failed on Windows VM;s [Salt Error: Failed to start Salt]

  Minion deployment is failing on windows VM;s with the below error from the salt side

  Salt Side Error:

  "return": "Exception occurred in runner deploy.minion: Traceback (most recent call last):\n File \"/usr/lib/python3.7/site-packages/salt/client/mixins.py\", line 390, in low\n data[\"return\"] = func(*args, **kwargs)\n File \"/usr/lib/python3.7/site-packages/salt/loader.py\", line 1241, in _call_\n return self.loader.run(run_func, *args, **kwargs)\n File \"/usr/lib/python3.7/site-packages/salt/loader.py\", line 2274, in run\n return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)\n File \"/usr/lib/python3.7/site-packages/salt/loader.py\", line 2289, in _run_as\n return _func_or_method(*args, **kwargs)\n File \"/usr/lib/python3.7/site-packages//sseape/runners/deploy.py\", line 589, in minion\n raise salt.exceptions.SaltException('Error in installing salt minion - {}'.format(str(ret)))\nsalt.exceptions.SaltException: Error in installing salt minion - {'salt-vm-windows-test-mcm612-187496514722': {'Error':
  
  {'Not Deployed': 'Failed to start Salt on host salt-vm-windows-test-mcm612-187496514722'}
  
  }}\n",
  "master_uuid": "a50dfade-26bf-42a5-be08-0b2d785af2c8",
  "minion_id": "saltstack_enterprise_installer",

• Day2 Add Disk action on Azure VM which is of un-managed disk type.

  vRA does not support creation of independent un-managed Azure disks. Hence, the Day2 Add disk action must be disabled on Azure VM which is of un-managed disk type.

• RELEASE_IPADDRESS_PERIOD_MINUTES toggle is not org-aware

  The task that runs globally to move IP addresses from RELEASED to AVAILABLE is not org aware. In multi-org/multi-tenant environments where one or more tenants have configured the timeout, it will only pick one value and apply it to all orgs.

• Added authorization in the get all service definitions endpoint breaks some pipeline jobs

  In order to access the Identity service API endpoint for retrieving all service definitions in organization (GET /csp/gateway/slc/api/definitions) an authentication credentials must be provided to the request.

• External value 'complex' parameter CSV gets deleted when other values are changed

  Due to error the parsing logic, the Form Designer was deleting the set value for a 'Complex' parameter whenever any of the other paramaters' values were changed.

• Fix CSV values not evaluated to string value for certain cases

  There are value inconsistencies for 'Complex' values with columns/fieds of type String/Password when the corresponding value in the CSV is either:

  • number - value is being written in the form schema as a number even though it's supposed to be string. (i.e. value: 12 instead of value: '12')

  • false - value is being written as a value: false instead of value: 'false'

• vSphere adapter - Network Reconfiguring of a Windows machine without customization spec is failing

  When updating a deployed vSphere machine with Windows OS to connect to a different network and there is no customization spec specified in the cloud account, a failure occurs. The failure error message is: "Error from vCenter: A specified parameter was not correct: spec.identity". The reason for the error is that vRA does not detect this is a Windows machine and creates customization suitable for a Linux machine.

• Azure, AWS networks are marked missing and re-collected as new networks.

  vRealize Automation Network Profiles created for AWS & Azure cloud accounts that contain discovered Networks and Security Groups can start to have missing items (i.e. Networks and/or Security Groups). Missing items start to appear in a couple of days after their creation and on some environments. The cause of missing items appeared to be Enumeration process which cannot find correspondence between the cloud account and the Provisioning entities and because of this the Provisioning entities are deleted.

• Bracket position error issue occurred on Requests - Confirm Delete Requests page.

  Bracket placement in the pop-up confirmation screen is not as expected when multiple deployment resources are present.

• Reconfiguring security rules fail after upgrade.

  After upgrading, users cannot reconfigure security groups with new rules that use a protocol and port on NSX-T versions earlier then 3.x.

• Provisioning a VM from a snapshot does not place the VM in the correct datastore as configured in the storage profile.

  When provisioning a VM by using a snapshot, the VM is not placed in the correct datastore where that snapshot resides regardless of the datastores configured in the storage profiles.

• Extensibility actions running on AWS Lambda might fail with an error.

  Due to a minor change in the AWS Lambda service, extensibility actions running on AWS Lambda might fail with the following error:

  'Error com.amazonaws.services.lambda.model.ResourceConflictException: The operation cannot be performed at this time. The function is currently in the following state: Pending'.

• Administrator role missing permissions.

  When SaltStack Config is integrated with vIDM and has a role of Administrator, you cannot view minions, minion keys or accept minion keys.

• Exceptions for READ operation are not properly processed.

  If a back-end error happens for deployment iterative updates, only a generic error message is shown. From the server logs, a detailed error message is shown. However, because of the exception not being handled properly, only a generic error message is displayed in the UI.

• Request tracker is not working for resource views.

  On the All resources page, after selecting a machine and performing any day 2 action, the request tracker does not appear unless a manual refresh is initiated.

Known Issues

• NSX-v to NSX-T migration does not update any description objects

  NSX-v to NSX-T migration does not update any description objects as the endpoint_links are not expected to be set there. So, after V2T migration the load balancer description records still point to NSX-v and get deleted when the NSX-v cloud account is deleted. This causes problems with Day-2 operations on such deployments

  Workaround: Do not delete the NSX-v cloud account after migration if the vRA 7 to 8 migration was performed.

• Onboarding machines with VLAN IDs in custom properties fails

  Onboarded NSX-T VLAN segments have data collected VLAN IDs in their custom properties. Onboarding of VMs copies all enumerated custom properties when onboarding VMs connected to existing VLAN segments. As we do not support specifying vlanIds custom property for existing networks this causes a validation failure.

• Pipeline running during upgrade gets stuck in execution post upgrade

  If you upgrade to 8.8 while there are executions running, those executions get stuck after upgrade and will not reach terminal state.

  Workaround:

  1. Upgrade to 8.8 when there are no running (in-progress) executions.

  2. In case upgrade is performed when there are running executions, rerun stuck executions after upgrade.

• Cluster capacity API fails with 500 ISE "Failed to retrieve compute metrics. Please try after sometime".

   Cluster compute metrics are not visible in cloud zone page in vRealize Automation.

  Workaround: Add the cluster compute to the corresponding Cloud Zone to get the cluster compute metrics.

• HCMP: Cluster capacity API fails with 500 ISE "Failed to retrieve compute metrics. Please try after sometime".

  Cluster compute metrics are not visible in cloud zone page in vRA.

  Workaround: Add the Cluster compute into the corresponding Cloud Zone to get the cluster compute metrics.

• Visibility binding doesn't work in Custom Form Renderer

  Visibility binding option was released in Form Designer from version 8.6.2, but implementation is missing in Form Renderer and hence not working.

• SSC: Master authentication failures.

  When a RaaS instance is running, every 24 hours, the key rotation engine attempts to refresh a jwt token. Under certain circumstances, the engine keeps an expired jwt token, instead of refreshing it, causing 401 traceback errors in the salt-master service, as it can't authenticate to the RaaS service. This will cause certain key functionalities of SSC to fail.

  Workaround: On the VM running the salt-master service, do the following:

  1. Remove the sseapi_key.pub:

     rm /etc/salt/pki/master/sseapi_key.pub

  2. Remove the jwt auth token:

     rm /var/cache/salt/master/auth_token.jwt

  3. Restart the salt-master service:

     systemctl restart salt-master

• Custom validation for catalog item by custom forms is now supported via API

  If a customer used vRA 8.6 and had catalog item form external validations via UI, after upgrading to vRA 8.7, when requesting a catalog item via API, the external validation won't be executed.

  Workaround: On the service broker UI, go to the custom form that the catalog item has, and re-save the form by clicking the "save" button on the UI. You can also find the catalog item id and the form id, and use PATCH /catalog/api/admin/items/{catalog-item-id} to populate the catalog item with the formId.

• IPv4 and IPv6 addresses are not allocated in the internal IPAM upon VM re-onboarding.

  For a VM that was onboarded and its IP allocated successfully, unregistering the VM and onboarding the VM immediately will still keep its IPs Released instead of being Allocated again. 

  Workaround: Wait for 30 minutes before onboarding the VM again to have the IP allocated.

• Upgrading from vRealize Automation 8.5 and 8.5.1 might fail with an error "Upgrade terminated due to critical error".

  Upgrading from vRealize Automation 8.5 or 8.5.1 might fail with the error "Upgrade terminated due to critical error". Disk space checks show /root at *or near* 100% utilization.

  Workaround: For information on workaround steps, see KB 85864.

• Failed to start upgrade to 8.5.1 and 8.6.0.

  Starting an iterative upgrade trhough vRSLCM to vRealize Automation 8.5.1 or later on a vRealize Automation 8.5.0 system fails at the vRealize Automation Upgrade/Patch/Internal Network step of Stage 1 about a minute or so after launching the upgrade. The previous upgrade, while completed successfully, is unable to delete its runtime data and leaves the upgrade in an "in progress" state. Hence, a new upgrade cannot be launched. This is likely to affect some systems with long host names (FQDNs) that has been upgraded from vRealize Automation 8.4.x to 8.5.0.

  Workaround: In this release, LCM will perform the precheck and notify you of the issue. For information on workaround steps, see KB 85965.

• Incorrectly dropped or placed elements in Cloud Templates break the UI page.

  In Firefox, using drag and drop can sometimes redirect the page. When dragging a resource node, dropping it outside of the canvas could also cause page redirection in Firefox.

  Workaround: Drop the resource in the canvas and delete it instead.

• Custom resource subscriptions not available for custom resources based on extensibility actions.

  While vRealize Automation 8.5.1 introduced extensibility action based custom resources, there are some limitations to the feature. For example, cloud admins are still unable to include extensibility action based resources in event based subscriptions.

• Timeout exception appears during deployment update of an extensibility action based custom resource.

  When you update an extensibility action based custom resource deployment, you might see a ''504 Gateway Time-out issue" error. The error appears in the event of an extensibility action read failure.

Changed and Deprecated Functionality