VMware vRealize Orchestrator 6.0.1 Release Notes

|

vRealize Orchestrator 6.0.1 | 12 March 2015 | Build 2510741

vRealize Orchestrator Appliance 6.0.1 | 12 March 2015 | Build 2510740

Release Notes last updated on 5 May 2015.

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New in vRealize Orchestrator 6.0.1

With this release vRealize Orchestrator introduces a more flexible content delivery mechanism due to increased workflow development efficiency and a new troubleshooting experience. Workflow developers benefit from a more programming-free design experience provided by the new control flow activities and error handling mechanism. Workflow execution and monitoring is easier when using the new administrative interface. vRealize Orchestrator 6.0.1 introduces better configuration options for vSphere 6.0, by using a unified page for configuring vCenter Single Sign-On authentication, licensing, and vCenter component registry. The stability of the vCenter Server plug-in has been improved by resolving major issues based on customer feedback.

vRealize Orchestrator 6.0.1 has an updated model for installing the vSphere Web Client plug-in for vRealize Orchestrator. vRealize Orchestrator 6.0.1 supports the vSphere Web Client integration and context execution of vRealize Orchestrator workflows as part of vSphere Web Client 6.0.

Switch Case

The Switch Case activity handles complex conditional and branching operations within the automated workflows. In common with the decision elements, Switch Case activity controls the workflow run by letting workflow developers specify different code that should be executed in various conditions. In the switch statement, a variable is tested for equality against a list of values. When a case statement matches the value of the variable, the particular workflow branch is processed.

Global Error Handling

In addition to the traditional activity based error handling, Orchestrator 6.0.1 introduces a global error handling mechanism, which lets workflow developers select a default error path for a global workflow level. The default error handling activity diagram lets a custom definition of rollback actions in case of a workflow failure.

vRealize Orchestrator Control Center (Beta)

vRealize Orchestrator 6.0.1 introduces the Control Center interface, which increases the administrative efficiency of vRealize Orchestrator instances by providing a centralized administrative interface for runtime execution, workflow monitoring, unified log access and configurations, and correlation between the workflow execution and system resources. Because this feature is currently in Beta, you are encouraged to try it and provide additional feedback. The vRealize Orchestrator logging mechanism has been optimized with an additional log file that gathers various performance metrics for vRealize Orchestrator engine's throughput.

Feature and Support Notice

The features listed below are deprecated in vRealize Orchestrator 6.0.1 and scheduled for removal in future releases. None of the deprecated features should be used as part of any vRealize Orchestrator based solution.

  • LDAP authentication
  • The Orchestrator configuration interface has been deprecated in vCenter Orchestrator 5.5.1 and it is planned to be removed in the next major release of vRealize Orchestrator. Recommended vRealize Orchestrator configuration should happen through vRealize Orchestrator configuration workflows and vRealize Orchestrator configuration API.
  • The Orchestrator standalone Windows installer is deprecated and it is planned to be removed in the next major release of vRealize Orchestrator. It is not recommended to use the standalone Windows installer as a part of a Software-Defined Data Center solution.
    You can use the PowerShell plug-in with the Orchestrator Appliance to run PowerShell scripts on an external Windows host. See Invoke an External Script.

Deploying the VMware vRealize Orchestrator Appliance 6.0.1

VMware vRealize Orchestrator 6.0.1 is available as a preconfigured virtual appliance. The appliance significantly reduces the time and skills required to deploy vRealize Orchestrator and provides a low-cost alternative to the traditional Windows-based installation.

The Orchestrator Appliance is distributed as an OVF file. It is prebuild and preconfigured with Novell SUSE Linux Enterprise Server, PostgreSQL, and OpenLDAP, and it can be used with vCenter Server 4.1 and later.

The Orchestrator Appliance functionality is suitable for any use case from lab evaluation to large-scale production, when an external database is used. The appliance offers all of the components included in the regular Windows-based installation, along with the flexibility to use either the prebuilt directory services and database, or external ones like Active Directory or Oracle. The Orchestrator appliance is certified to run at the same performance level as the Windows-based installation.

The Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vCenter Server and vCloud Director, with your IT processes and environment.

Upgrading to vRealize Orchestrator 6.0.1

To upgrade to vRealize Orchestrator 6.0.1, you must export your current Orchestrator configuration settings, deploy Orchestrator Appliance 6.0.1, and import the configuration settings.

For instructions about deploying and using the Orchestrator Appliance, see Installing and Configuring VMware vRealize Orchestrator.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the Orchestrator Appliance as root, and run the following command:

passwd -x number_of_days name_of_account

To make your Orchestrator Appliance root password last forever, run the following command:

passwd -x 99999 root

Plug-Ins Installed with vRealize Orchestrator 6.0.1

The following plug-ins are installed by default with vRealize Orchestrator 6.0.1:

  • vRealize Orchestrator vCenter Server Plug-In 6.0.1
  • vRealize Orchestrator Mail Plug-In 5.5.1
  • vRealize Orchestrator SQL Plug-In 1.1.4
  • vRealize Orchestrator SSH Plug-In 7.0.0
  • vRealize Orchestrator SOAP Plug-In 1.0.3
  • vRealize Orchestrator HTTP-REST Plug-In 1.0.6
  • vRealize Orchestrator Plug-In for Microsoft Active Directory 1.0.6
  • vRealize Orchestrator AMQP Plug-In 1.0.4
  • vRealize Orchestrator SNMP Plug-In 1.0.2
  • vRealize Orchestrator PowerShell Plug-In 1.0.6
  • vRealize Orchestrator Multi-Node Plug-In 6.0.1
  • vRealize Orchestrator Dynamic Types 1.0.1

Internationalization Support

vRealize Orchestrator 6.0.1 supports internationalization level 1. Although Orchestrator is not localized, it can run on non-English operating systems and supports non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

You can find the VMware Support's commitment to SRs filed by customers and instructions on how to file an SR at https://www.vmware.com/support/services/beta.

Include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Click Export.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Important: Do not export your configuration with a password.

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

vRealize Orchestrator 6.0.1 resolves the following issues:

  • Orchestrator cannot use distributed port groups for new virtual machines
    If you upgrade the vCenter Server plug-in to version 5.5.2 or later, virtual machines cannot be attached to distributed port groups that are imported from a previous vCenter Server instance.

    The issue is resolved in this release.

  • Vulnerability issues in the Orchestrator Appliance
    The Orchestrator Appliance uses the Bash shell which is part of the Linux operating system. In case the operating system has a vulnerable version of Bash, the Bash security vulnerability might be exploited through the Orchestrator Appliance.
    vRealize Orchestrator 6.0.1 contains fixes that address the vulnerabilities described in CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.

    The issue is resolved in this release.

  • Orchestrator returns a limited number of objects
    When you use Orchestrator with the vCenter Server 5.5.x plug-in, the getAllVMsOfResourcePool, getAllVMsOfCluster, and getAllVMsOfComputeResource actions show a maximum of 100 results.

    The issue is resolved in this release.

  • Import Package dialog box responding slowly
    The Import Package dialog box might respond slowly when importing a package with content that is already available in Orchestrator.

    The issue is resolved in this release.

  • The Orchestrator Mail plug-in returns an Invalid Email addresses error message
    When the Mail plug-in attempts to send a message to multiple email addresses, if one or more of the email addresses in the list are incorrect, is not delivered to any email address, and you receive an Invalid Email addresses error message.

    The issue is resolved in this release.

  • Multi-Node plug-in might extract the type attribute from the incorrect location
    When generating remote plug-in objects, the Multi-Node plug-in might extract the type attribute from the incorrect location.

    The issue is resolved in this release.

Known Issues

The known issues are grouped as follows:

Installation Issues

  • Export of Orchestrator configuration might fail when you upgrade vSphere to version 6.0
    If you attempt to upgrade vSphere to version 6.0 after installing it in a custom location, you receive an Export of source Orchestrator configuration failed error message, and your Orchestrator configuration data is not transferred.
  • Workaround: Manually export the Orchestrator configuration. For details about exporting the Orchestrator configuration files, see Create an Archive for Upgrading Orchestrator.

  • Restarting Orchestrator server service after reinstalling plug-ins adds Java exceptions to the logs
    On the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by clicking Reset current version and then restart the Orchestrator server, several Java exceptions are written to the Orchestrator server logs.
  • You might be unable to configure the LDAP settings if your LDAP password contains non-ASCII characters
    While configuring the LDAP settings in the Orchestrator configuration interface, if the LDAP password that you enter contains non-ASCII characters, the attempt might fail with an Unable to connect to LDAP Server error message. This issue occurs under the following conditions:
    • When the LDAP password contains characters such as € and ÿ in German and French locales.
    • When the LDAP password contains any native characters in Japanese, Korean, and Simplified Chinese locales.
  • Problems handling non-ASCII characters in certain contexts
    Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
    • If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for workflow attributes and action attributes.

Configuration Issues

  • Exported configuration with a password cannot be reimported
    If you export your Orchestrator configuration with a password, and attempt to reimport it, you receive a Could not import the configuration.: javax.crypto.BadPaddingException: Given final block not properly padded error message and the import of the configuration fails.
  • Changes might not be added when exporting configuration settings from the Orchestrator configuration interface
    If you are exporting Orchestrator configuration data through the Orhestrator configuration interface, changes might not be added to the exported configuration package. This can lead to incorrectly configured nodes when configuring a cluster.

    Workaround: Restart the Orchestrator configuration interface before exporting the configuration data.

  • The Orchestrator configuration interface might display a validation error
    If you have a correctly configured vRealize Orchestrator with Single Sign-On authentication, you might see a validation error on the Authentication tab in the Orchestrator configuration interface.

    Workaround: Restart the Orchestrator configuration server.

  • The Orchestrator configuration interface does not load after a restart
    If you restart the Orchestrator configuration server, the page does not load or loads without an applied style sheet.

    Workaround: Access the Orchestrator Configuration page after a minute.

  • vCenter Server objects not accessible in the vSphere Web Client
    Orchestrator cannot access vCenter Server objects in the vSphere Web Client if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.

    Workaround: Register the vCenter Server instance by host name.

  • The Orchestrator server might become unavailable, after you modify the Single Sign-On settings by running a workflow from the Configuration plug-in
    You must always restart the Orchestrator server right after running a workflow for configuring the Single Sign-On settings, otherwise the Orchestrator server might become unavailable. The new Single Sign-On settings are applied after the server restarts. For this reason, if you are performing an automatic configuration of Orchestrator server through workflows, make sure that the Single Sign-On configuration is the last step of the process and is performed right before you restart the Orchestrator server.

  • Orchestrator authentication configuration might become invalid, if the vCenter Single Sign-On server certificate changes or regenerates
    When Orchestrator is configured to use vCenter Single Sign-On, if the certificate of the vCenter Single Sign-On server changes or regenerates, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

    Workaround: To work around this issue, import the new vCenter Single Sign-On certificate:

    1. Log in to the Orchestrator configuration interface as vmware.
    2. Click Network.
    3. In the right pane, click the SSL Trust Manager tab.
    4. Load the vCenter Single Sign-On SSL certificate from a URL or a file.
    5. Click Import.
    6. Click Startup Options.
    7. Click Restart the Orchestrator configuration server to restart the Orchestrator Configuration service after adding the new SSL certificate.
  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that are not in the same tree but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

  • Support for TNSNames missing when you connect to an Oracle database
    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: Add support for RAC and TNS configuration for Oracle 11g Database instances to vRealize Orchestrator (KB 1022828).

  • SSL certificate is not loaded when you import configuration from previous installation
    If you import the configuration of a previous installation into the current installation, the SSL certificate from the old installation is not loaded. In the Orchestrator configuration interface, the Server Certificate tab shows a red triangle.

    Workaround: Import the certificate manually.

  • Restricted access to vCenter Server inventory can cause errors if you select Session per user
    If you select the Session per user option on the vCenter Server tab of the configuration interface, attempting to access the vCenter Server inventory might result in some errors for a user with restricted access to inventory objects.
  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already in use
    The network configuration is saved successfully without errors even when the port numbers that you enter are already in use on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are available.

Client Issues

  • The Orchestrator installable client fails to connect to a host
    The installable client of the Orchestrator Appliance cannot connect to the Orchestrator server on any operating system, giving the Cannot connect to host error.

    The issue is resolved in this release.

  • Script response view does not display non-English characters
    After you produce a script task, if the script produces a response with non-English characters, the response view does not render them.

    The issue is resolved in this release.

  • Adding parameters to a composite type might result in a JDBC error
    If you use the Orchestrator client to define a composite return type and add parameters with long field names, the composite type name might exceed 100 characters, which results in a JDBC error. Consequently, you cannot save the composite type.
  • Deleting a package with Keep shared selected also deletes shared content
    If you have an embedded workflow and another workflow in separate packages and try to delete the package with the embedded workflow by selecting the Keep shared option, the shared content is deleted with the package.

    Workaround: To restore the deleted workflow, access the folder in which the shared workflow was located, use the Restore deleted workflows option, and select the workflows to restore.

  • Use of the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported
  • The Revert option for the parameters table does not revert to the last saved state
    When you add a parameter to an action script, you cannot remove it using the Revert option on the Scripting tab of the Edit Actions view.

    Workaround: Right-click the parameter and click Delete Selected.

  • Invalid input is accepted as the input value for workflow attributes of number type
    Format validation has been disabled on workflow attributes that are of the number type. Invalid input values are accepted without any warning, and workflows are saved successfully, which can lead to unpredictable results.

Miscellaneous Issues

  • Some workflows reset the cluster configuration
    Enable HA on cluster, Enable DRS on cluster, Disable DRS on cluster, Disable HA on cluster, Disable vCloud Distributed Storage on cluster, and Enable vCloud Distributed Storage on cluster workflows cause an unwanted reset of the cluster configuration.

    The issue is resolved in this release.

  • Get virtual machines by name workflow returns wrong results
    If you upgrade the vCenter Server plug-in to version 6.0.1 and run the Get virtual machines by name workflow, the workflow returns all virtual machines, instead of the correct list of virtual machines.

    The issue is resolved in this release.

  • vRealize Orchestrator displays the vCenter Server plug-in as unusable
    After you upgrade vRealize Orchestrator to version 6.0.x, if you have not upgraded the Site Recovery Manager plug-in to version 6.0.0, the vCenter Server plug-in becomes unusable.

    Workaround: Upgrade the Site Recovery Manager plug-in to version 6.0.0 or disable the Site Recovery Manager 5.8.0 plug-in.

  • The Orchestrator configuration interface might not be accessible with Internet Explorer 11
    If you are using Internet Explorer 11, you might be unable to log in to the Orchestrator configuration interface.

    Workaround: Install Internet Explorer version 11.0.11 or a recent version of Google Chrome or Mozilla Firefox.

  • The workflow token remains uncompleted, if a workflow has a slash in its name
    If you have a workflow with a slash in its name, when you run the workflow, the workflow token might never change to completed, although the workflow itself has completed running.

    Workaround: Remove the slash from the name of the workflow.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks
    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the workflow.

  • Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail
    If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in by using the Orchestrator configuration interface, you must use a VMOAPP or DAR file.

    Workaround: Change the ZIP extension back to either VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

  • Adding values to vCenter Server data object properties of type Array is impossible
    When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a result, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a prefilled array. However, after you have instantiated the object, you cannot add values to the array.

    For example, the following code does not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();
    System.log(spec.deviceChange[0]);

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable, as follows:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;
    System.log(spec.deviceChange[0]);

  • Workflows cannot start with input parameters of type SecureString, that take a null value
    You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. If you start a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then change the workflow state to passive by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way you can use a null value to start a workflow that requires a SecureString input parameter.