vRealize Orchestrator Appliance 8.2 | 06 October 2020 | Build 16995073
vRealize Orchestrator Update Repository 8.2 | 13 October 2020 | Build 17015463
Check frequently for additions and updates to these release notes.
What's in the Release NotesThe release notes cover the following topics:
- What's New in vRealize Orchestrator 8.2
- Offensive Language Notice
- Feature Notice
- Deploying the VMware vRealize Orchestrator 8.2 Appliance
- Upgrading and Migrating to vRealize Orchestrator 8.2
- Root Password Expiry Extension
- Plug-ins Installed with vRealize Orchestrator 8.2
- Internationalization Support
- How to Provide Feedback
- Prior Releases of vRealize Orchestrator
- Resolved Issues
- Known Issues
ImportantUpgrade failure after performing steps in KB 87120
Performing the instructions used to address the CVE-2021-44228 and CVE-2021-45046 log4j vulnerabilities described in KB 87120 can cause upgrade failures for vRealize Automation and vRealize Orchestrator 8.6.2 or earlier. For a workaround, see KB 87794.
What's New in vRealize Orchestrator 8.2
vRealize Orchestrator 8.2 is mostly maintenance and stabilizing release. You can now edit workflows and actions directly from the parent workflow that references them. For more information, see Edit Workflows and Actions from the Parent Workflow.
New Version of the vRealize Automation REST API
A new version of the vRealize Automation REST APIs is available with all vRealize Automation releases. The new version increases resource support to 300 resources per deployment and provides performance improvements. If you are an API user and have not locked your API to a version before, you might encounter a change in an API response. As a best practice, use the apiVersion variable to lock your API to the version you want to use. For example:
- To lock your APIs to the vRealize Automation 8.1 APIs, use apiVersion=2020-01-30
- To lock your APIs to the vRealize Automation 8.2 APIs, use apiVersion=2020-08-25
If left unlocked, your API requests will default to the latest version which is apiVersion=2020-08-25.
For information on how to lock you APIs to a specific version, see the "API Versioning" section of the vRealize Automation 8.2 API Programming Guide (https://code.vmware.com/docs/12597)
Note: The vRealize Orchestrator REST API does not support the apiVersion parameter and is backward compatible.
Offensive Language Notice
At VMware, we value inclusion. To foster this principle within our customer, partner, and internal community, we removed non-inclusive language from our documentation.
The workflow token replay feature is now disabled by default. You can run token replays for each workflow run individually, or enable the feature for all workflow runs from the vRealize Orchestrator Control Center. For more information, see Using Workflow Token Replay in the vRealize Orchestrator Client.
Deploying the VMware vRealize Orchestrator 8.2 Appliance
The vRealize Orchestrator Appliance is a VMware PhotonOS-based appliance distributed as an OVA file. It is prebuilt and preconfigured with an internal PostgreSQL database, and it can be deployed with vCenter Server 6.0 or later.
The vRealize Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.
For instructions about deploying the vRealize Orchestrator Appliance, see Download and Deploy the vRealize Orchestrator Appliance.
For information about configuring the vRealize Orchestrator Appliance server, see Configuring a Standalone vRealize Orchestrator Server.
Upgrading and Migrating to vRealize Orchestrator 8.2
You can upgrade a standalone or clustered vRealize Orchestrator 8.0 or 8.0.1 deployment to the latest product version by using a mounted ISO image.
For more information about upgrading the vRealize Orchestrator Appliance, see Upgrading vRealize Orchestrator.
You can migrate a standalone vRealize Orchestrator instance authenticated with vSphere or vRealize Automation to vRealize Orchestrator 8.2. Product versions of vRealize Orchestrator 7.x supported for migration include versions 7.3 to 7.6. The migration of clustered vRealize Orchestrator 7.x deployments is not supported.
For more information about migrating the vRealize Orchestrator Appliance, see Migrating vRealize Orchestrator.
Root Password Expiry Extension
Important: For security reasons, the password expiry of the root account of the vRealize Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the vRealize Orchestrator Appliance as root, and run the following command:
passwd -x number_of_days name_of_account
To make your vRealize Orchestrator Appliance root password last forever, run the following command:
passwd -x 99999 root
Plug-Ins Installed with vRealize Orchestrator 8.2
The following plug-ins are installed by default with vRealize Orchestrator 8.2
- vRealize Orchestrator vCenter Server Plug-In 6.5.0
- vRealize Orchestrator Mail Plug-In 7.0.3
- vRealize Orchestrator SQL Plug-In 1.1.5
- vRealize Orchestrator SSH Plug-In 7.2.0
- vRealize Orchestrator SOAP Plug-In 2.0.2
- vRealize Orchestrator HTTP-REST Plug-In 2.3.8
- vRealize Orchestrator Plug-In for Microsoft Active Directory 3.0.11
- vRealize Orchestrator AMQP Plug-In 1.0.4
- vRealize Orchestrator SNMP Plug-In 1.0.3
- vRealize Orchestrator PowerShell Plug-In 1.0.18
- vRealize Orchestrator Multi-Node Plug-In 8.2.0
- vRealize Orchestrator Dynamic Types 1.3.6
- vRealize Orchestrator vCloud Suite API (vAPI) Plug-In 7.5.2
vRealize Orchestrator 8.2 provides multi-language support for the vRealize Orchestrator Control Center and the vRealize Orchestrator Client.
How to Provide Feedback
Your active feedback is appreciated. Provide your feedback by using one of the following methods:
- Support Requests (SRs)
- The vRealize Orchestrator Community Forum
File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.
For more information on VMware Support and instructions on how to file SRs, please visit the official VMware Support Offerings page.
Include log files in your SRs.
To generate your vRealize Orchestrator logs:
1. Log in to the vRealize Orchestrator Appliance command line as root.
2. Run the vracli log-bundle command.
Result: The log bundle is generated in the root folder of the vRealize Orchestrator Appliance.
Earlier Releases of vRealize Orchestrator
Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:
- vRealize Orchestrator 8.1
- vRealize Orchestrator 8.0.1
- vRealize Orchestrator 8.0
- vRealize Orchestrator 7.6.0
- vRealize Orchestrator 7.5.0
- vRealize Orchestrator 7.4.0
- Unable to load more than 20 object cards from Card View.
If you configure your display to use a 2K resolution and above, or a custom resolution that is more than 1080 pixels in height, the Card View cannot load more than 20 cards.
- Duplicated folders appear in Tree View in an embedded vRealize Orchestrator Client after upgrading a High Availability (HA) vRealize Automation 8.0.1 environment.
After upgrading to vRealize Automation 8.1, multiple folders with identical names appear in the Tree View of the embedded vRealize Orchestrator Client. One of the folders is used while the other folders might be empty. A similar issue can also occur with fresh HA vRealize Automation 8.1 deployments.
- Running a workflow with a legacy presentation validation fails when the ognl uses the "__current" variable.
Workflows created in the Orchestrator Legacy Client that use the "__current" variable in their OGNL custom validation script fail to start from the vRealize Orchestrator Client when the field value is an SDK object.
- Pull and push operations take a long time to finish.
In some cases, pull and push operations from the vRealize Orchestrator Client to the integrated Git server continue for 2 minutes.
- Properties and Array/Properties types cannot have default external source values.
Using external values for Properties and Array/Properties types in the workflow input form does not show the correct actions. Even if you are able to set the correct action, the input form is populated with invalid values during validation.
- Breakpoints are enabled in visual diff view in Version History.
You can place element and scriptable task breakpoints in the visual diff view.
- Missing Duplicate button in Tree View.
When you select folders or individual objects in Tree View, the Duplicate button is missing.
- Built-in actions cannot be duplicated.
If you edit actions that come with the standard vRealize Orchestrator library, you must first duplicate the relevant action. You are not able to duplicate the action because the Duplicate button is missing from the action card.
- The Version History page displays inaccurate data for the current version. After performing a push operation, the last change made to the content disappears.
This error can occur when multiple object editors are open at the same time and one or more users are making changes. For example, you might make changes to a vRealize Orchestrator workflow and a vRealize Orchestrator action in separate tabs in your browser. After you make several changes to both the workflow and the action, you save your changes to the workflow. When you push the updated workflow to the integrated Git repository, the action changes you saved are lost.
- You are logged out of the vRealize Orchestrator Client even though there is activity in the browser window.
Your session times out and you are logged out when there is a prolonged period of inactivity in the browser. By default, that period is set to 25 minutes. If you have multiple browser tabs or browser windows opened to the same application, the inactivity time out is counted separately for each tab or window. Therefore, you are logged out of your session even though you are active in one of the tabs.
- Actions that are part of the Input Form of a workflow are missing from the package that contains the workflow.
Actions that are part of the Input Form of a workflow are missing from the package that contains the workflow.
The known issues are grouped as follows.
- Configuration Issues
- Migration/Upgrade issues
- Web client issues
- Miscellaneous Issues
- Previously known issues
- The vRealize Orchestrator Control Center container fails to start and cannot be opened in the browser.
This issue is caused by an error in the in /data/vco/usr/lib/vco/configuration/log/catalina.log file.
- Restart the vco-app pod that got stuck by running the following command.
kubectl -n prelude delete pod vco-app[id]
- After a few seconds, the pod is destroyed and a new pod is deployed.
* vco-app-[id_new_deployment] 3/3 Running 30 4d6h
- Restart the vco-app pod that got stuck by running the following command.
- When migrating vRealize Orchestrator 7.4 to vRealize Orchestrator 8.2, the local changes to actions and resources on the Git history page are empty.
When migrating vRealize Orchestrator 7.4 to vRealize Orchestrator 8.2, the local changes to actions and resources in the Git history page are empty. The content is not available.
Workaround: Migrate your vRealize Orchestrator instance first from 7.4 to 8.1 HF1/HF2, and then upgrade to 8.2.
- Plug-in content might be detected as local changes in Git when using the vRealize Orchestrator Git integration.
After installing vRealize Automation or vRealize Orchestrator 8.1 Patch 3, workflows and actions from the vCenter Plug-in are detected as local changes in Git, such as
Workflows/Library/vCenter/Virtual Machine management/Device Management/Add CD-ROM/workflow.xml.
- Kubernetes pods for vco-app- fail with a CrashLoopBackOff status after a vRealize Automation 8.1 patch deployment
vco-app-xxxlog includes entries similar to the following:
[ERROR] ERROR: duplicate key value violates unique constraint "uk_vmoreselt"
Detail: Key (tenantid, categoryid, name)=(__SYSTEM, 8a7482a57310c83401733xxxxxxxxxxxxx, configuration.json) already exists.
Where: SQL statement "UPDATE vmo_resourceelement
SET categoryid = '8a7482a57310c83401733xxxxxxxxx'
WHERE categoryid IN ( SELECT t.id FROM Tree t WHERE t.id != '8a7482a57310c83401733xxxxxxxxxxx' AND t.name = 'SecurityModel' AND t.level = '11' AND t.parentcategoryid = '8a7482a57310c83401733xxxxxxxxxx' AND t.tenantId = '_SYSTEM' ) and tenantid = '_SYSTEM'"
- Log in to the Posgres DB of the vRealize Automation Appliance.
- Locate the vco-db password:
- Run the
kubectl get secret db-credentials -n prelude -o yamlcommand.
- Locate the
vco-dbvalue and decrypt it (echo “vco-db value” | base64 --decode )
- Run the
- To navigate to the Postgres pod console, run the
kubectl exec -it postgres-0 /bin/bash -n preludecommand.
- To log in to ebs-db, run
the psql -U vco-db -h localhostcommand.
Clean up the database.
Check the entry with the following categoryid: SELECT name, categoryid FROM vmo_resourceelement ORDER BY name
Delete the entry with the following categoryid: DELETE FROM vmo_resourceelement WHERE categoryid ‘8a7482a57310c83401733xxxxxxxx’.
- When migrating vRealize Orchestrator 7.4 to version 8.1 patch 3 or version 8.2, system workflows are detected as local changes in Git History.
The system workflows that are migrated from version 7.4 to version 8.1 patch 3 or version 8.2 are detected as local changes in Git History.
- After upgrade, the Waiting for input category shows zero workflow tokens.
After upgrade, the number of tokens in a Waiting state that appear in the Workflow Runs and Waiting for input categories is different.
- Pushing commits to a protected Git branch fails.
If the configured Git branch is protected, the push operation fails consistently, but the message that appears indicates that the push is successful.
- Workflow logs do not change when you select elements from the workflow schema.
When you select elements from the workflows schema, the logs do not change. They appear only on the first selected element.
Workaround: Enable token replay and select the element from the token Tree View.
- Workflow validation errors persist for workflows even after resolving the errors.
Validation errors do not disappear from the workflow schema after resolving the errors and saving the validated workflow.
- Receiving errors when running custom decision element scripts with the new runtimes.
Workaround: Do not add custom decision scripts to Python, Node.js, or PowerShell scripts.
- Users can discard Git changes to content they do not have access to.
Users with workflow designer rights can discard Git changes to content that they do not have access to from the Git History page.
- In the vRealize Orchestrator Client, you see tags containing underscore characters in the name.
The vRealize Orchestrator Client does not support tag names with less than three characters or names containing white-space characters. All tags that are auto-generated from objects with shorter names are suffixed with underscore characters. All white-space characters will also be replaced with underscores. For example, a workflow located in
/Library/project A/app/DR/backupin the Orchestrator Legacy Client, when migrated, has the following auto-generated tags in the vRealize Orchestrator Client: "Library", "project_A", "app", "DR_".
Workaround: Follow the tagging conventions when creating new content in the vRealize Orchestrator Client.
- Some content imported from vRealize Orchestrator 7.6 cannot be deleted in vRealize Orchestrator 8.0.
Library workflows imported from vRealize Orchestrator 7.6 to vRealize Orchestrator 8.x cannot be deleted as a dependency of a custom content as those Library workflows are read-only. You might want to delete them as they existed in vRealize Orchestrator 7.6 and do not exist in vRealize Orchestrator 8.x but are imported with the package. Git errors can occur in relation to some of these workflows using characters that were valid in vRealize Orchestrator 7.6 but not vRealize Orchestrator 8.
Workaround: Before exporting, delete the library workflows from the package. Alternatively, before importing, you can unselect library workflows from the import. If you did not use either of these workarounds, you can restore the last vRealize Orchestrator database backup before the import.
- Local changes are not available after duplicating and deleting a workflow.
You duplicate a workflow and then delete it. In Git history, there is no local change for the deleted workflow.
- Switching an active repository to inactive, and then back to active again, causes an error while trying to push local changes.
Changing the state of the repository may cause an error on the next commit to repository. The error message can be the following: "Error: Push to remote failed with status: REJECTED_NONFASTFORWARD".
Workaround: First pull, and then push local changes.
- Resource element details cannot be updated.
The vRealize Orchestrator Client does not support updating the following resource element properties: name, description, version (not visible in the UI), mime type.
- After upgrading to vRealize Orchestrator or vRealize Automation 8.x, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version.
This issue occurs with resource elements that were previously updated in the vRealize Orchestrator Client by using a different source file. After upgrading your vRealize Orchestrator or vRealize Automation deployment, these resource elements can be replaced by an older version. This is an intermittent issue.
1. Log in to the vRealize Orchestrator Client.
2. Navigate to Assets>Resources.
3. Select the resource element affected by the problem.
4. Select the Version History tab, and restore the element to the appropriate version.
5. Repeat for all affected resource elements.
- Scheduled workflow runs are triggered at a different than the expected time with the time offset to UTC time.
When you schedule workflow runs through scripting by using the
*workflow.scheduleRecurrently()*function, scheduled workflows are always triggered in UTC time. There is a discrepancy between the vRealize Orchestrator Client UI and the function behavior, because the UI adds the time zone of your browser to the recurrence pattern. However, the time zone is not included in the recurrence pattern when using the function and the calculations of the time to the trigger the workflow runs are done on the server side in UTC time.
Workaround: When you schedule workflow runs in scripting, use time values in UTC time.
- Unable to properly save variables of the Regexp type in the Variables editor. Incorrect values are displayed in the editor.
This issue is caused by the
Regexptype variables being misinterpreted as special objects instead of strings.
Workaround: Switch to using
stringtype variables as they are an equivalent of
- Duplicated workflows created in Orchestrator Legacy Client might display a constant instead of an external action in their value options.
When editing the input parameters of a workflow that is designed in the Orchestrator Legacy Client, and duplicated in the vRealize Orchestrator Client, the value options might be set as a constant instead of an external action.
Workaround: Navigate to the Input Form tab and edit the input parameter presentation to include the required external action.
- Unable to select an action as an external source in input forms because of a return type issue.
In the vRealize Orchestrator Client Input Form tab, you are unable to select an action that has a return type of either
Array/Anyfor a default value or value option.
1. Log in to the vRealize Orchestrator Client.
2. Select your workflow and navigate to the Input Form tab.
3. Set the action with the return type expected from the widget default value or value option and save the changes.
4. Select the default value or value option action, save the workflow, and revert the action to previous version or change the return type back to the
- vRealize Orchestrator database size is very large because of the vmo_tokenreplay table.
The vmo_tokenreplay table is very large in size.
Workaround: Log in to Control Center as root. Under Extension Properties, select the token replay extension and disable the Record replay for all workflow runs property.
- When importing packages that are larger in size than allowed, you see a message stating that the upload failed with a status code 500.
By default, the maximum size for imported packages is 50 MB. If you try to import packages that are larger than 50 MB, you see a message that the upload failed.
- Importing a package created in a newer vRealize Orchestrator version into an earlier version of vRealize Orchestrator can cause an error.
Compatibility issues between vRealize Orchestrator versions lead to the inability to import packages created in newer product versions into earlier vRealize Orchestrator deployments.
- The vCenter Server plug-in does not support policies.
The vCenter Server plug-in for vRealize Orchestrator does not support using policies to monitor for events that are issued by the managed vCenter Server instance.
- Running the Run SSH command workflow in the Multi-node plug-in causes the workflow to fail.
Attaching a remote vRealize Orchestrator instance using the Multi-node plug-in, and running the Run SSH command workflow, which is synchronized from the remote repository, causes the workflow to fail.
Workaround: To make the workflow pass successfully, rename the local variable in the generated workflow for the Run SSH Command final scripting element. The following script is an example fix.
var r = remoteToken.getOutputParameters(); result = r.get("result"); errorText = r.get("errorText"); outputText = r.get("outputText");
- During the installation of a plug-in in Control Center, an error message appears.
When you install a plug-in from the
Manage Plug-Inspage in Control Center, the error message
Plug-in 'name_of_the_plug-in' (plug-in_file_name) is not compatible with the current platform version. Supported platform versions are ''. Clicking on the 'Install' button will install it anywayappears. You can safely ignore this error and proceed with the installation of the plug-in.
The Orchestrator authentication configuration might become invalid, if the authentication provider certificate changes or regenerates.
When the SSL certificate of the vRealize Automation or vSphere instance that is configured as the authentication provider in Control Center is changed or regenerated, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.
Workaround: Import the new authentication provider certificate:
- Log in to Control Center as root.
- Click Certificates.
- Click the Import on the Trusted Certificates tab.
- Load the SSL certificate from a URL or a file.
- Click Import.
- The SOAP plug-in cannot connect through an authenticated proxy server.
When you run the
Add a SOAP hostworkflow, use a proxy server that does not require authentication.
If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to explicitly enable certain versions of SSL or TLS.
For information about this issue, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html.
Workaround: For information about explicitly enabling SSLv3 and TLSv1 for outgoing HTTPS connections, see Enable TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (KB 2144318).
- vCenter Server objects are not accessible in the vSphere Web Client (Flex)
Orchestrator cannot access vCenter Server objects in the vSphere Web Client (Flex), if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.
Workaround: Register the vCenter Server instance by host name.
- The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.
The SSH plug-in for vRealize Orchestrator 7.1 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.
- Problems handling non-ASCII characters in certain contexts.
Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
- If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is unreadable.
- If you try to insert non-ASCII characters into attribute names, the characters do not appear. This issue occurs for workflow attributes and action attributes.
- The Storage VSAN workflows of the vCenter Server plug-in do not support adding Solid-State Drive (SSD) disks to an ESXi host.
Add disks to disk groupand
Remove disks from disk groupsworkflows do not support adding SSD disks as capacity disks to ESXi hosts.
Compiling a custom model-driven plug-in fails if you use an extension method that contains lambda expressions.
When you use model-driven to create plug-ins and you add extension methods to a certain extension, the plug-in does not compile if the extension method contains lambda expressions. The plug-in compilation fails with an error message, similar to the following:
Caused by: java.lang.ArrayIndexOutOfBoundsException: 52789.
Workaround: Do not use lambda expressions in the body of the extension methods.
- The RESTOperation ID does not initialize properly if the REST host instance is created by using a Swagger spec.
In the HTTP-REST plug-in, when the REST host instance is created by a Swagger spec, the RESTOperation ID does not initialize properly and the getOperation of the RESTHost object does not work.
The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.
On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, but they are not.
Workaround: Do not include virtual machines with snapshots in the workflow.
- Adding values to vCenter Server data object properties of the Array type is not possible.
For example, the following code does not work:
var spec = new VcVirtualMachineConfigSpec();
spec.deviceChange = ;
spec.deviceChange = new VcVirtualDeviceConfigSpec();
In the above code, Orchestrator converts the empty
VirtualDeviceConfigSpecbefore it calls
setDeviceChange(). When calling
spec.deviceChange = new VcVirtualDeviceConfigSpec(), Orchestrator calls
getDeviceChange()and the array remains a fixed, empty Java array. Calling s
pec.deviceChange.add()results in the same behavior.
Workaround: Declare the array as a local variable:
var spec = new VcVirtualMachineConfigSpec();
var deviceSpec = ;
deviceSpec = new VcVirtualDeviceConfigSpec();
spec.deviceChange = deviceSpec;
- Passing a VcSnapshotInfo object as an attribute of type Any between two workflow elements causes an exception during serialization
In the vCenter Server plug-in, passing a
VcSnapshotInfoobject or an array of
VcSnapshotInfoobjects as an attribute of type
Anybetween two workflow elements triggers a serialization that fails with a
Can not set long field com.codahale.metrics.error message.
Workaround: Change the workflow to omit passing a
VcSnapshotInfoobject or an array of
VcSnapshotInfoobjects between the workflow elements.