vRealize Orchestrator 8.8 | 28 APR 2022
Check for additions and updates to these release notes.
|VMware vRealize Orchestrator 8.8 | 28 April 2022
Updates made to this document:
|Date||Description of update||Type|
vRealize Orchestrator 8.8 includes multiple new features and fixed issues. The new features include:
vRO 8.x: RESTOperation.createRequest should not automatically translate spaces to the "+" symbol.
java.net.URLEncoder.encode() method is now replaced with
org.springframework.web.util.UriUtils.encodeQuery(). This change concerns the encoding of URL addresses and more specifically, the encoding of query parameters when performing a REST operation. The space is now encoded to
%20 as opposed to
+. Replacing space with
%20 is the more common way and is also recommended in the RFC specifications, which should be supported by the majority of REST hosts.
You can now update the authentication of a scheduled task in the vRealize Orchestrator Client.
When a editing a scheduled task, a new field called Starting user is available. You can use this field to change the user who is authenticated to run the scheduled task. This feature is only available while editing a existing scheduled task that you have created previously.
Updates and plug-in API compatibility changes for the Auto Deploy plug-in for vRealize Orchestrator.
vRealize Orchestrator 8.8 includes an updated and preinstalled Auto Deploy plug-in. The plug-in API compatibility is also updated to support:
NOTE: To use this plug-in in vRealize Orchestrator 7.6, you must first update the vSphere plug-in to version 7.x. Also regarding vRealize Orchestrator 7.6, the Auto Deploy plug-in includes full support for the Java-based Orchestrator Legacy Client while support for workflows created in the HTML5-based vRealize Orchestrator Client is limited.
Changes to the input form for Active Directory configuration workflows. The Per user session option is no longer supported.
Because LDAP authentication is no longer supported and shared session is the only possible authentication, the useSharedSession checkbox is now removed from the input form of several Active Directory workflows and the username and password fields are now mandatory. This change impacts the Add an Active Directory server, Update an Active Directory server and Configure Active Directory server workflows.
The New “Create a computer with password in an organizational unit” workflow is now available
The new workflow creates a computer in an organizational unit with a default password value equal to
computername$. The workflow also enables the configuration of a custom password by checking the choose password different from the default one option.
REST plug-in support for OpenAPI 3.0 and Swagger 2.0.
The Add a REST host by Swagger spec from a URL and Add a REST host by Swagger spec as a string workflows can now create REST hosts from both Swagger 2.0 and OpenAPI 3.0 schemas.
For both workflows this is achieved by adding a dropdown in the host properties tab which is called Swagger/OpenAPI version. Depending on which version you choose, you can access an additional tab called Swagger 2.x or OpenAPI 3.0. In this tab you can select the host, basePath and Preferred communication protocols for the former and the preferred URL address for the latter.
The following methods were added to the
RestHostManager scripting object:
The vRealize Orchestrator Appliance is a VMware Photon OS-based appliance distributed as an OVA file. It is prebuilt and preconfigured with an internal PostgreSQL database, and it can be deployed with vCenter Server 6.0 or later.
The vRealize Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.
For instructions about deploying the vRealize Orchestrator Appliance, see Download and Deploy the vRealize Orchestrator Appliance.
For information about configuring the vRealize Orchestrator Appliance server, see Configuring a Standalone vRealize Orchestrator Server.
You can upgrade a standalone or clustered vRealize Orchestrator 8.x deployment to the latest product version by using a mounted ISO image.
For more information about upgrading the vRealize Orchestrator Appliance, see Upgrading vRealize Orchestrator.
You can migrate a standalone vRealize Orchestrator instance authenticated with vSphere or vRealize Automation to vRealize Orchestrator 8.8. Product versions of vRealize Orchestrator 7.x supported for migration include versions 7.3 to 7.6. The migration of clustered vRealize Orchestrator 7.x deployments is not supported.
For more information about migrating the vRealize Orchestrator Appliance, see Migrating vRealize Orchestrator.
The following plug-ins are installed by default with vRealize Orchestrator 8.8:
Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:
Imported resource elements revert their updates after some time.
Imported plug-in configurations can revert to an earlier version after performing a Pull or Push operation. This issue is caused in by the local version history of the configuration which does not include the latest changes.
Basic authentication is disabled by default when using vRealize Automation authentication for your vRealize Orchestrator deployment.
To use basic authentication in vRealize Orchesrator, the system property
com.vmware.o11n.sso.basic-authentication.enabled must be set to
Cannot add a Git repository hosted by a Git provider which requires a 4096-bit encryption.
In previous releases, vRealize Orchestrator only provided a 2048-bit RSA key pair when authenticating with a Git repository over a SSH connection. Users with stricter security policies can now use a 4096-bit RSA key pair when integrating a Git repository in vRealize Orchestrator over a SSH connection.
The breakpoint marker in the workflow schema does not activate on mouse click.
Issues with the way the workflow schema manages the breakpoint toggle can cause the breakpoint market to become unresponsive.
Ensure correct client certificate selection in the REST plug-in.
Some REST host operations can encounter a client certification selection issue. This issue is caused by the
chooseClientAlias() method in
X509ExtendedKeyManager. A new
KeyManagerCertWrapper wrapper is added to
X509ExtendedKeyManager to resolve this client certification issue. The wrapper calls all methods aside from the
X509ExtendedKeyManager method and returns the right key alias.
Fix for the CVE-2021-23337 and CVE-2020-8203 security vulnerabilities reported in the vRealize Orchestrator Control Center.
The swagger libraries for the vRealize Orchestrator Control Center are updated to resolve the CVE-2021-23337 and CVE-2020-8203 security vulnerabilities.
User interface elements enter in a extend-collapse animation loop.
On slower vRealize Orchestrator environments, clicking on elements in the side navigation while the animations are still in progress might trigger an extend-collapse animation loop.
The interaction form for resuming a failed workflow does not display fields for all defined variables when one of the variables is a
Property type. Inputs for variables coming after the
Property variable will be hidden. The input fields for the
Property type will not be populated.
The variable type is not interpreted for the
Property type which causes issues during form rendering. The
Property type is now used while generating the input form.
You receive an "error: failed to push to protected branch" error. Pushing commits to a protected Git branch fails.
If the configured Git branch is protected, the push operation fails consistently but the message that appears indicates that the push is successful.
Workaround: The decision was taken not to fix this issue in the current or upcoming releases of vRealize Orchestrator. This known issue entry is going to be deleted from the release notes for the next release.
Imported resource elements are reverted to an earlier state.
After importing a resource element from a file and then updating the resource element without making a commit in Git, the element state is reverted to an earlier state after a certain period of time. For example, you might import a REST host resource element and then run the Update a REST host workflow (which does not update the resource element in Git). After a certain period of time, the changes made to the REST host are lost.
Workaround: Manually increase the resource element version from the vRealize Orchestrator Client after the update so the resource state in Git is synchronized.
This section contains previously known issues (known issues remaining from earlier releases of vRealize Orchestrator that still exist in the product).
The RESTOperation ID does not initialize properly if the REST host instance is created by using a Swagger spec.
In the HTTP-REST plug-in, when the REST host instance is created by a Swagger spec, the RESTOperation ID does not initialize properly and the getOperation method of the RESTHost object does not work.
The Storage VSAN workflows of the vCenter Server plug-in do not support adding Solid-State Drive (SSD) disks to an ESXi host.
The Add disks to disk group and Remove disks from disk groups workflows do not support adding SSD disks as capacity disks to ESXi hosts.
Problems handling non-ASCII characters in certain contexts.
Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
The SSH plug-in encounters firewall connectivity issues.
The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.
Workaround: The SSH plug-in for vRealize Orchestrator 7.1 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.
If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to explicitly enable certain versions of SSL or TLS.
For information about this issue, see the Java Secure Socket Extension (JSSE) Reference Guide.
Workaround: For information about explicitly enabling SSLv3 and TLSv1 for outgoing HTTPS connections, see How to enable TLSv1.1 and TLSv1.2 for outgoing HTTPS connections in vRO 6.0.x (KB 2144316).
The SOAP plug-in cannot connect through an authenticated proxy server.
When attempting to run the Add a SOAP host workflow, you encounter an issue with the proxy server authentication.
Workaround: When running the workflow, use a proxy server that does not require authentication.
The vRealize Orchestrator authentication configuration might become invalid if the authentication provider certificate changes or regenerates.
When the SSL certificate of the vRealize Automation or vSphere instance that is configured as the authentication provider in Control Center is changed or regenerated, the vRealize Orchestrator authentication configuration becomes invalid, and the vRealize Orchestrator server cannot start.
Workaround: Import the new authentication provider certificate:
During the installation of a plug-in in the vRealize Orchestrator Control Center, an error message appears.
When you install a plug-in from the Manage Plug-Ins page in Control Center, the following error message appears: Plug-in 'name_of_the_plug-in' (plug-in_file_name) is not compatible with the current platform version. Supported platform versions are 'names_of_the_supported_versions'. Clicking on the 'Install' button will install it anyway.
Workaround: You can safely ignore this error and proceed with the installation of the plug-in.
Adding values to vCenter Server data object properties of the Array type is not possible.
For example, the following code does not work:
var spec = new VcVirtualMachineConfigSpec(); spec.deviceChange = ; spec.deviceChange = new VcVirtualDeviceConfigSpec(); System.log(spec.deviceChange);
Workaround: Declare the array as a local variable:
var spec = new VcVirtualMachineConfigSpec(); var deviceSpec = ; deviceSpec = new VcVirtualDeviceConfigSpec(); spec.deviceChange = deviceSpec; System.log(spec.deviceChange);