vRealize Orchestrator Appliance 7.6 | 11 April 2019 | Build 13020602
Check frequently for additions and updates to these release notes.
What's in the Release NotesThe release notes cover the following topics:
- What's New in vRealize Orchestrator 7.6
- Feature and Support Notice
- Deploying the VMware vRealize Orchestrator Appliance 7.6
- Internationalization Support
- How to Provide Feedback
- Prior Releases of vRealize Orchestrator
- Resolved Issues
- Known Issues
What's New in vRealize Orchestrator 7.6
vRealize Orchestrator 7.6 introduces a number of improvements, bug fixes, and extends the orchestration UI client with new functionalities:
- With the Orchestrator Client you can:
- Create, run, edit, and delete workflows and policies.
- Use the new input forms presentation when designing workflows.
- Debug a scriptable task.
- Use the built-in autocomplete capability for scripting.
- Create, edit, and delete actions and configuration elements.
- Easy content management
- Version history capability - automatic version creation and ability to restore Orchestrator objects from previous versions.
- Automatic merge and resolve of code conflicts in your content items.
- System dashboard on the main page, that provides system-level metrics about your Orchestrator environment.
- Performance tab, that provides metrics about your workflow runs.
- Workflow token replays collect contextual information about transitions between workflow items.
- Detailed logs per workflow item.
- Audit logs accessible through the main Orchestrator navigration manu and the individual workflow object editors.
- Wavefront integration for Orchestrator instance monitoring - configured through the Extension Properties page of the Orchestrator Control Center.
- Opentracing integration for monitoring of the workflow execution - configured through the Extension Properties page of the Orchestrator Control Center.
- For information on enabling the Wavefront and Opentracing integrations, see Enabling the Wavefront and Opentracing Extensions.
- Roles and permissions assignment (this is only for the vRA authenticated users).
- Assign roles to the users accordingly to the functionalities they want to use.
- Create groups, assign and delete users accordingly to the permissions they need to have in the group.
- Assign content items to a group.
- For more information on the Orchestrator roles and groups, see Orchestrator Client Permissions.
For more information on the new HTML5-based vRealize Orchestrator Client, see Using the VMware vRealize Orchestrator Client.
Feature and Support Notice
- [IMPORTANT] License restriction reminder - since the 7.4 release, we introduced the license restriction for vSphere authentication for Orchestrator.
- It is not possible to use Roles and permissions assignment feature if you are authenticated with vSphere.
- It is not possible to use Multi-tenancy feature if you are authenticated with vSphere.
- [IMPORTANT] VMC on AWS is not supported as authentication provider for Orchestrator, supported by the vSphere plug-in.
- [IMPORTANT] Java 8 SE is a prerequisite for the Orchestrator client. You need to manually install JDK/JRE 8 before installing the Orchestrator client.
- Avoid running workflows created in the new HTML5-based vRealize Orchestrator Client in the Java-based Orchestrator Legacy Client.
- [IMPORTANT] You can no longer set group permissions in the Orchestrator Legacy Client. To set group permissions, use the role and group management system of the vRealize Orchestrator Client.
- [IMPORTANT] Only Orchestrator users with administrative rights can login to the Orchestrator Legacy Client.
- [IMPORTANT] Currently, vRealize Orchestrator 7.6 does not support the Horizon plug-in. The release notes will be updated when the Horizon plug-in becomes compatible with vRealize Orchestrator 7.6.
- Restoring to previous version is supported only in the vRealize Orchestrator Client.
- For vSphere authenticated Orchestrator environments, only the administrator has access to the vRealize Orchestrator Client. These users have access to all client features, outside role and group permission management.
- The input parameter constraints of workflows created or edited in the vRealize Orchestrator Client do not automatically transfer to the XaaS blueprint request form in vRealize Automation. When using these workflows in XaaS operations, you must manually define the input parameters constraints in the XaaS blueprint request form. This limitation does not impact workflows created and edited exclusively in the Orchestrator Legacy Client.
Deploying the VMware vRealize Orchestrator Appliance 7.6
VMware vRealize Orchestrator 7.6 is available as a preconfigured virtual appliance.
The Orchestrator Appliance is distributed as an OVA file. It is prebuilt and preconfigured with Novell SUSE Linux Enterprise Server, PostgreSQL, and it can be deployed with vCenter Server 5.5 and later.
The Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.
Upgrading and Migrating to vRealize Orchestrator 7.6
For instructions about upgrading and migrating the vRealize Orchestrator Appliance, see Upgrading and Migrating VMware vRealize Orchestrator.
NOTE: Upgrading the vRealize Orchestrator Appliance from version 5.5.x to 7.5 is not supported. You must upgrade your vRealize Orchestrator Appliance 5.5.x to 6.0.x first and then migrate to 7.5.
Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the Orchestrator Appliance as root, and run the following command:
passwd -x number_of_days name_of_account
To make your Orchestrator Appliance root password last forever, run the following command:
passwd -x 99999 root
Plug-Ins Installed with vRealize Orchestrator 7.6
The following plug-ins are installed by default with vRealize Orchestrator 7.6:
- vRealize Automation Center Infrastructure Administration Plug-In 7.6.0
- vRealize Automation Plug-In for vRealize Orchestrator 7.6.0
- vRealize Orchestrator vCenter Server Plug-In 6.5.0
- vRealize Orchestrator Mail Plug-In 7.0.1
- vRealize Orchestrator SQL Plug-In 1.1.4
- vRealize Orchestrator SSH Plug-In 7.1.1
- vRealize Orchestrator SOAP Plug-In 2.0.0
- vRealize Orchestrator HTTP-REST Plug-In 2.3.2
- vRealize Orchestrator Plug-In for Microsoft Active Directory 3.0.9
- vRealize Orchestrator AMQP Plug-In 1.0.4
- vRealize Orchestrator SNMP Plug-In 1.0.3
- vRealize Orchestrator PowerShell Plug-In 1.0.13
- vRealize Orchestrator Multi-Node Plug-In 7.6.0
- vRealize Orchestrator Dynamic Types 1.3.1
- vRealize Orchestrator vCloud Suite API (vAPI) Plug-In 7.5.0
vRealize Orchestrator 7.6 provides multi-language support for the Orchestrator Control Center and supports internationalization level 1 for the vRealize Orchestrator Client.
How to Provide Feedback
Your active feedback is appreciated. Provide your feedback by using one of the following methods:
- Support Requests (SRs)
- The Orchestrator Discussion Forum
File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.
For more information on VMware Support and instructions on how to file SRs, please visit https://www.vmware.com/support/services.
Include log files in your SRs.
Follow these steps to gather log files and configuration from Orchestrator:
- Go to the Orchestrator Control Center at
- Log in as root.
- Navigate to Export Logs.
- Click the Export Logs button.
- Save the generated ZIP file.
- Upload the saved ZIP file to VMware Support.
Follow these steps to gather the appliance logs:
- Go to the Orchestrator VAMI at
Login as root.
Navigate to Admin -> Logs page.
Click Save Log Files.
- Upload the saved files to VMware Support.
Earlier Releases of vRealize Orchestrator
Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:
- vRealize Orchestrator 7.5.0
- vRealize Orchestrator 7.4.0
- vRealize Orchestrator 7.3.1
- vRealize Orchestrator 7.3.0
- vRealize Orchestrator 7.2.0
- vRealize Orchestrator 7.1.0
- vRealize Orchestrator 7.0.1
- vRealize Orchestrator 7.0
- vRealize Orchestrator 6.0.4
- vRealize Orchestrator 6.0.3
- vRealize Orchestrator 6.0.2
- vRealize Orchestrator 6.0.1
- vCenter Orchestrator 126.96.36.199
- vCenter Orchestrator 5.5.2
- vCenter Orchestrator 5.5.1
- vCenter Orchestrator 5.5
- vCenter Orchestrator 188.8.131.52
- vCenter Orchestrator 5.1.3
- vCenter Orchestrator 5.1.2
- vCenter Orchestrator 5.1.1
- vCenter Orchestrator 5.1
- vCenter Orchestrator 4.2.2
- vCenter Orchestrator 4.2.1
- vCenter Orchestrator 4.2
- vCenter Orchestrator 4.1.3
- vCenter Orchestrator 4.1.2
- vCenter Orchestrator 4.1.1
- vCenter Orchestrator 4.1
- vCenter Orchestrator 4.0.4
- vCenter Orchestrator 4.0.3
- vCenter Orchestrator 4.0.2
- vCenter Orchestrator 4.0.1
- vCenter Orchestrator 4.0
- When you first run the workflow “Add a vCenter instance”, there are two fields in the workflow presentation: "URL of PBM endpoint (the default vSphere 6.5 PBM endpoint URL is https://vSphereHostName:443/pbm) " and "URL of SMS endpoint (the default vSphere 6.5 SMS endpoint URL is https://vSphereHostName:443/sms/sdk)" . These fields are automatically populated with URL data, if you add the host name of the vCenter instance (IP or host name of the vCenter Server instance to add).
In this case, if you want to reuse the workflow and want to add another vCenter instance, you will change the host name/ip address to the one belonging to the new vCenter instance, but the fields will keep the old URLs. if you forget to change these fields manually, the workflow execution will fail.
Update the endpoint URLs of the new vCenter instance manually.
- In the "Add SSH Host" workflow there is the field "The Root Folders", that is used to configure an entry path on the server. This is an optional field.
Using "Add SSH Host" workflow and adding a root folder in the field "The Root Folders" can lead to this folder not appearing in the Inventory.
If the user wants to add a root folder, they can use "Add a Root Folder to SSH Host" as well.
- Wrong presentation when executing workflows from a remote Оrchestrator server (multi-node plugin) from the Orchestator Operations Client .
On execution of workflows on a remote Orchestrator environment (in multi-node plug-in) , you should be able to reach and browse through attached inventory-plugins like the vCenter plug-in.
You can encounter an issue when browsing through the remote-plugin in tree-view where you cannot expand the vCenter plug-in folder to view nested elements.
Workflows run on the remote Orchestrator server might not display correctly.
The known issues are grouped as follows.
- Upgrade Issues
- Configuration Issues
- Migration issues
- Web client
- Orchestrator Legacy Client Issues
- Miscellaneous Issues
- Previously known issues
- When upgrading vRealize Orchestrator 7.5 to 7.6, by using the default VMware repository, an error occurs.
If the default VMware repository is selected as the upgrade option when upgrading to vRealize Orchestrator 7.6 from 7.5, an error occurs when you check for updates.
Upgrade to vRealize Orchestrator 7.6 by using an ISO image. For more information, see Download and Mount ISO Image for Orchestrator Upgrade.
- The Delete button in the VAMI Cluster page, doesn't remove the node from vRO cluster nodes
When you remove a cluster node from Cluster page in VAMI using the Delete button, the node is not removed from Control Center Cluster page.
Remove the node from Control Center - Cluster management tab. For more information, see Removing a Node from an Orchestrator Cluster.
- Control Center fails to start its services
Certificate validation errors for the authentication provider endpoint can be seen in the logs. The validation errors are related to the certificate and the configured hostname for the authentication provider endpoint.Usually the error occurs when the authentication provider endpoint is configured with an ip address and this ip address is not declared in the authentication provider certificate.
Generate a new authentication provider certificate with the appropriate hostname and subject alternative names. Another approach is to configure the authentication provider hostname endpoint in the Control Center with the hostname or a listed subject alternative hostname/ip address to be used for the configuration of the authentication provider.
- Configurations and resource items that are part of the default/system content in Orchestrator not appear for a user with the workflow developer role after migration. Also, the workflow designer user does not see all workflows and actions from the default/system content.
After the migration of Orchestrator to 7.6, configurations and resource items that are part of the default/system content are not visible on the target destination for a user with the workflow developer role. They are not able to see all the workflows and actions that are part of the default/system content.
Follow these steps to allow the workflow designer to view the missing content:
1. Log in to the vRealize Orchestrator Client as an administrator.
2. Navigate to the Groups page.
3. Create a New group or open an existing group that the workflow designer already belongs to.
4. Edit the group, add the user (if not already included) and add the missing content to the group.
5. Save the changes.
- In the vRealize Orchestrator Client, you see tags containing underscore characters in the name.
The vRealize Orchestrator Operations Client doesn't support tag names with less than three characters or names containing white-space characters. All tags auto-generated from objects with shorter names will be suffixed with "underscore". All white-space characters will also be replaced with "underscore".
Example: The workflow located in "/Library/project A/app/DR/backup" in the Orchestrator Legacy Client, will have the following auto-generated tags in the vRealize Orchestrator Client: "Library", "project_A", "app", "DR_"
- Validation errors prevent the user from running workflows that require a file to be uploaded as an input.
The custom forms don't have a file upload input field. Workflows that require file input can't be run through the vRealize Orchestrator Client.
The user can upload his files as resources and use a resource as input instead of a raw file input.
- When users run a workflow repeatedly, they only see the workflow IDs instead of the workflow name.
If you run a workflow repeatedly, the presentation is populated with object IDs instead of names.
- After Upgrading to 7.6, execution logs are not displayed in the vRealize Orchestrator Client.
This issue occurs due to Log files being indexed with the previous version's Lucene codec. When upgraded, the index is not automatically re-coded with the new Lucene codec.
To resolve this issue, follow the instructions at https://kb.vmware.com/s/article/54485
- The user may lose the package tags if they make changes in the package name.
The tags of the packages are related with the package name. When you make changes to the name, package tags disappear after saving.
To avoid the loss of package tags it is not recommended to edit the package name.
- Even though there are multiple fields added to _Highlighted fields_ in the external validation of the workflow input form, only the first one is marked as invalid in case of validation errors.
When you add an external validation in the workflow input forms, only the first one of the added highlighted fields is taken into account.
- The save button is not active in the Input Form tab of the workflow editor
The save button is not active when the user creates or edits input forms in workflow editor.
Users should change the tab or edit the schema.
- Can't link Array-type variables to the configurations
Array-type variables cannot be created or linked to configurations.
- If the workflow input form has a custom validation added through the vRealize Orchestrator Client, it produces unexpected results (reports invalid values when they should be valid).
In the vRealize Orchestrator Client, validation actions are invoked with the correct values only when workflow and action input parameter names are the same.
Make sure that the validation action input parameters have the same names as the workflow input parameters being validated.
- If you add more than one resource element in a package, an error occurs when you try to increment the version of the package content.
If you add more than one resource element in a package, an error occurs when you try to increment the version of the package content.
You can export and import resource elements from the Resource menu of the vRealize Orchestrator Client.
- A user with the workflow designer role and group member permissions can receive an error when they try to assign configuration element to a group.
If the user has a workflow designer role and group member permissions, they will receive the "Failure to update configuration User LDAP-USER-[<username>] - vsphere.local\<username> doesn't have required access rights ((Edit, false)) for calling updateConfigurationElementWithContent method" error when trying to assign a configuration element to a group.
The administrator user can assign the configuration element item to be available for the designer user directly from the group:
1. Log in to the vRealize Orchestrator Client as an administrator.
2. Navigate to the Groups menu.
3. Select the impacted group and click Edit.
4. Go to the Items tab.
5, Add the desired configuration element to the group.
6. Save the changes
The workflow designer will be able to use the configuration elements added by the administrator.
- The Orchestrator Legacy Client does not run on versions of Java earlier than Java 8.
You need Java 8 to run the Orchestrator Legacy Client.
- vRealize Orchestrator actions are not recognized as custom properties by vRealize Automation if the action modules contain space characters.
After an upgrade from any version of Orchestrator earlier than 7.0, action modules that contain spaces in their names are no longer visible by any vRealize Automation installations running on version 7.x. As a result, the actions in these modules cannot be associated to property definitions in vRealize Automation.
Workaround: Verify that action modules do not have space characters in their names. Before upgrading vRealize Orchestrator, replace any space characters from your action module names with an underscore character ("_") or a dot (".").
- The vCenter Server plug-in does not support policies.
The vCenter Server plug-in for vRealize Orchestrator does not support using policies to monitor for events that are issued by the managed vCenter Server instance.
- The Orchestrator vRealize Automation plug-in cannot retrieve vRealize Automation items if there are more than 100 items.
vRealize Automation plug-in used by vRealize Orchestrator cannot retrieve vRealize Automation provisioned items. This issue also affects Orchestrator workflows with the CAFEResource input, that are exposed in vRealize Automation as a catalog item.
- During the installation of a plug-in in Control Center, an error message appears.
When you install a plug-in from the
Manage Plug-Inspage in Control Center, the error message
Plug-in 'name_of_the_plug-in' (plug-in_file_name) is not compatible with the current platform version. Supported platform versions are ''. Clicking on the 'Install' button will install it anywayappears. You can safely ignore this error and proceed with the installation of the plug-in.
The Orchestrator authentication configuration might become invalid, if the authentication provider certificate changes or regenerates.
When the SSL certificate of the vRealize Automation or vSphere instance that is configured as the authentication provider in Control Center is changed or regenerated, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.
Workaround: Import the new authentication provider certificate:
- Log in to Control Center as root.
- Click Certificates.
- Click the Import on the Trusted Certificates tab.
- Load the SSL certificate from a URL or a file.
- Click Import.
- The vRealize Orchestrator SQL plug-in cannot connect to a MySQL database.
When you run the Add a database workflow against a MySQL database, the workflow fails with a
The driver 'com.mysql.jdbc.Driver' for 'MySQL' database cannot be found!error message.
NOTE: The support for MySQL databases was removed in vRealize Orchestrator 7.0.
Workaround: To enable support for MySQL database, you must install the JDBC driver for MySQL on the Orchestrator platform.
chown vco:vco mysql-connector-java-x.x.x.jar
chmod 644 mysql-connector-java-x.x.x.jar
service vco-server restart
- Download the latest JDBC driver for MySQL from http://dev.mysql.com/downloads/connector/j/.
- Extract the downloaded archive.
- In the extracted folder, locate the
mysql-connector-java-x.x.x.jarfile, where x.x.x is the current subminor version.
- Copy the
/usr/lib/vco/app-server/libdirectory on the Orchestrator server.
- Change the ownership of the
- Change the permissions of the
- Restart the Orchestrator server service.
- The SOAP plug-in cannot connect through an authenticated proxy server.
When you run the
Add a SOAP hostworkflow, use a proxy server that does not require authentication.
If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to explicitly enable certain versions of SSL or TLS.
For information about this issue, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html.
Workaround: For information about explicitly enabling SSLv3 and TLSv1 for outgoing HTTPS connections, see Enable TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (KB 2144318).
- vCenter Server objects are not accessible in the vSphere Web Client (Flex)
Orchestrator cannot access vCenter Server objects in the vSphere Web Client (Flex), if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.
Workaround: Register the vCenter Server instance by host name.
- The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.
The SSH plug-in for vRealize Orchestrator 7.1 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.
- Problems handling non-ASCII characters in certain contexts.
Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
- If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is unreadable.
- If you try to insert non-ASCII characters into attribute names, the characters do not appear. This issue occurs for workflow attributes and action attributes.
- Using the Orchestrator Java client through Java WebStart is not supported, if the Orchestrator Appliance is behind Network Address Translation (NAT).
- The Orchestrator service cannot recover after a back up and restore procedure
When you back up and restore Orchestrator, the server is not accessible from vRealize Automation and an
Unable to establish a connection to vCenter Orchestrator servererror appears. This results in Orchestrator being unable to start, while having a STARTED status, missing tasks and policies, and workflows that must be re-run.
Workaround: Re-create the missing scheduled tasks and policies, re-run the scheduled workflows that did not start, and restart the Orchestrator service.
- The Storage VSAN workflows of the vCenter Server plug-in do not support adding Solid-State Drive (SSD) disks to an ESXi host.
Add disks to disk groupand
Remove disks from disk groupsworkflows do not support adding SSD disks as capacity disks to ESXi hosts.
Compiling a custom model-driven plug-in fails if you use an extension method that contains lambda expressions.
When you use model-driven to create plug-ins and you add extension methods to a certain extension, the plug-in does not compile if the extension method contains lambda expressions. The plug-in compilation fails with an error message, similar to the following:
Caused by: java.lang.ArrayIndexOutOfBoundsException: 52789.
Workaround: Do not use lambda expressions in the body of the extension methods.
- The RESTOperation ID does not initialize properly if the REST host instance is created by using a Swagger spec.
In the HTTP-REST plug-in, when the REST host instance is created by a Swagger spec, the RESTOperation ID does not initialize properly and the getOperation of the RESTHost object does not work.
The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.
On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, but they are not.
Workaround: Do not include virtual machines with snapshots in the workflow.
- Adding values to vCenter Server data object properties of the Array type is not possible.
For example, the following code does not work:
var spec = new VcVirtualMachineConfigSpec();
spec.deviceChange = ;
spec.deviceChange = new VcVirtualDeviceConfigSpec();
In the above code, Orchestrator converts the empty
VirtualDeviceConfigSpecbefore it calls
setDeviceChange(). When calling
spec.deviceChange = new VcVirtualDeviceConfigSpec(), Orchestrator calls
getDeviceChange()and the array remains a fixed, empty Java array. Calling s
pec.deviceChange.add()results in the same behavior.
Workaround: Declare the array as a local variable:
var spec = new VcVirtualMachineConfigSpec();
var deviceSpec = ;
deviceSpec = new VcVirtualDeviceConfigSpec();
spec.deviceChange = deviceSpec;
- Passing a VcSnapshotInfo object as an attribute of type Any between two workflow elements causes an exception during serialization
In the vCenter Server plug-in, passing a
VcSnapshotInfoobject or an array of
VcSnapshotInfoobjects as an attribute of type
Anybetween two workflow elements triggers a serialization that fails with a
Can not set long field com.codahale.metrics.error message.
Workaround: Change the workflow to omit passing a
VcSnapshotInfoobject or an array of
VcSnapshotInfoobjects between the workflow elements.