VMware vCenter Orchestrator 4.1.2
Release Notes
vCenter Orchestrator 4.1.2 | 27 Oct 2011 | Build 027
vCenter Server 4.1.2 | 27 Oct 2011 | Build 491557
Check frequently for additions and updates to these release
notes. |
What's in the Release NotesThe release notes cover the following
topics:
Downloading and Installing VMware vCenter Orchestrator 4.1.2
You can install Orchestrator 4.1.2 only on 64-bit operating system
platform. If you have downloaded and installed VMware vCenter Server
4.1.2, Orchestrator is already installed on your system and only needs
configuration.
Read the VMware vCenter Orchestrator Installation and
Configuration Guide for step-by-step guidance on configuring
vCenter Orchestrator.
Upgrading to vCenter Orchestrator 4.1.2 and Migrating the Orchestrator
Configuration Data
If you are running an earlier version of Orchestrator on a 32-bit
platform, you can use the data migration tool included in the vCenter
Server installation media to back up and restore the existing Orchestrator
configuration settings.
Read the VMware vCenter Orchestrator Installation and
Configuration Guide for step-by-step guidance on migrating the
Orchestrator configuration settings.
If you have developed workflows, actions, plug-ins, policies, and so on
using a previous version of Orchestrator, perform the following steps:
- Export packages of all the custom workflows, actions, policies, and
so on, that you developed under the previous version of Orchestrator.
- Create a new instance of an empty database for Orchestrator 4.1.2.
- Install and Configure Orchestrator 4.1.2 by following the
instructions of the VMware vCenter Orchestrator Installation and
Configuration Guide.
- Connect Orchestrator 4.1.2 to the new Orchestrator database.
- Import the packages you exported from the older version of
Orchestrator.
Top
of Page
Internationalization (I18N) Support
vCenter Orchestrator 4.1.2 complies with I18N Level 1. Although
Orchestrator is not localized, it can run on non-English operating systems
and handle non-English text.
Functionality Caveats
This release provides experimental support for the following:
- OpenLDAP
- MySQL
- PostrgreSQL
For details about enabling OpenLDAP and experimental database providers
in the Orchestrator configuration, see Enabling Experimental Support for OpenLDAP, PostgreSQL,
and MySQL in VMware vCenter Orchestrator.
Top
of Page
How to Provide Feedback
Your active feedback is appreciated. Provide your feedback through:
- Support Requests (SRs)
- Orchestrator Discussion Forum
Support Requests
File all issues that you find as Support Requests (SRs), even if you
report them to VMware by other means.
You can find the VMware Support's commitment to SRs filed by customers
and instructions on how to file an SR at http://www.vmware.com/support/services/.
Experienced SR users can file support requests at http://www.vmware.com/support/sr/sr_login.jsp.
Use your registered VMware store account to log in.
Include log files in your SRs. To gather log files from
Orchestrator:
- Go to the Orchestrator configuration interface at
http://orchestrator_server_ip_address:8282 .
- Log in with your username and password.
- Click Logs.
- Click Generate log report.
- Save the generated ZIP file.
- Upload the saved ZIP file to VMware Support.
For Orchestrator configuration issues, include an exported
configuration file in your SRs. To export your configuration from the
Orchestrator configuration interface:
- Go to the Orchestrator configuration interface at
http://orchestrator_server_ip_address:8282 .
- Log in with your username and password.
- Click General.
- Click the Export Configuration tab.
- Type your password and press Enter.
- Save the
*.vmoconfig file.
- Upload the saved files to VMware Support.
Orchestrator Discussion Forum
View the Orchestrator forum at http://communities.vmware.com/community/vmtn/mgmt/orchestrator.
Use your registered VMware store account to log in.
Top
of Page
Prior Releases of vCenter Orchestrator
Features and issues from earlier releases of vCenter Orchestrator are
described in the release notes for each release. To review release notes
for earlier releases of vCenter Orchestrator, click one of the following
links:
Top
of Page
Resolved Issues
The following issues have been resolved in the Orchestrator 4.1.2
release:
- Security vulnerabilities in the Apache Struts version embedded in Orchestrator
Earlier versions of Orchestrator versions embed Apache Struts 2.0.11 or earlier, which contain vulnerabilities described at the following URLs:
The vulnerabilities are classified as Important, according to the VMware Security Response Policy. This issue is fixed in this release.
- Workflow validation fails although the code is correct
The usual code for calling an Orchestrator action is System.getModule("someModule").someAction(); . If you split this into declaration, followed by an action call, for example:
var module = System.getModule("someModule"); module.someAction();
the workflow validation fails. This issue is fixed in this release.
- You cannot import a certificate in Orchestrator, if the certificate is not a CSR file
When you try to import a certificate in Orchestrator, and the certificate is not in CSR file format, for example, a CER file, the Orchestrator configuration interface does not accept the file and reports an error.
This issue is fixed in this release.
- You cannot re-insert a timeout.date or security.group attribute value
When you work with user interactions you cannot re-insert a timeout.date attribute that has already been removed. The reason is that you are not allowed to type a dot symbol (".") in the attribute name field. As a result, it is not possible to use an existing user interaction with a timeout value.
This issue occurs because SOAP clients can only refer to the internal name (itemNN ) instead to the description, and with each newly created item, a different name is generated for it. This way, every existing workflow has to be changed when the modification is requested. The same is valid for the security.group attribute. This issue is fixed in this release.
- SOAP clients cannot determine external input for user interactions
SOAP clients cannot determine the required or permitted external input parameters (name or type) for user interactions in workflows in contrast to input and output parameters for workflows.
This issue is fixed in this release.
- The Orchestrator client cannot create Configurations attributes that contain a dash character
By using the Orchestrator client you cannot create Configurations attributes that contain a dash character ("-"). However, it is possible to create attributes with such names by using the setAttributeWithKey() API call.
This issue is fixed in this release.
- A workflow might stop responding for a long time
A current workflow run might stop responding indefinitely if the LockingSystem.lockAndWait() API method is called with parameters exceeding 100 characters in length.
This issue is fixed in this release.
- WorkflowToken objects exposed through the SOAP API lack the businessState property
WorkflowToken objects exposed through the SOAP API lack the businessState property, as well as the corresponding getter and setter methods. Other similar properties like globalState are exposed, and the businessState property is available in all other APIs (in scripting API for example).
This issue is fixed in this release.
- A workflow run does not provide enough information in the scripting log output
There is no direct correlation between the current workflow run and the output written in the scripting log (app-server/server/vmo/log/script-logs.log) .
Workflows can use the System.log() method to add debug or other information to the Orchestrator scripting log. The information in the log can help in troubleshooting and debugging customer-developed workflows. However, the log entry does not provide enough information to determine which workflow execution has added the particular output.
The issue is fixed this release and for clarity purposes, an additional prefix is added to each line in the scripting log to describe the workflow run. The line format is changed to:
<Date> <Severity> [SCRIPTING_LOG] [<Workflow> (<Execution start date>)] <Message>
- Workflow string attribute is null, when the workflow is linked to from other workflow
If a workflow defines a string attribute, the attribute value is an empty string when the workflow is run directly. When the workflow is linked from another workflow, the string attribute is "null" .
This issue is fixed in this release and string attributes are an empty string (their value is "" ) initially. String attributes will have a "null" value, if they are explicitly nullified in a scriptable task element.
- Object literals are not properly transferred as Properties objects
Properties is an object, which contains one or more key-value pairs. JavaScript contains special construction to define such objects as an object literal. However, the workflow engine does not recognize these object literals as objects of type Properties , although they have very similar semantics. Consequently, such objects are null when assigned to a workflow variable.
This issue is fixed in this release.
- The Add hours to date function produces an error
When the Add hours to date element (from the Basic palette) is added to the workflow and the input and output parameters are correctly wired, the workflow run fails with the error:
[I] TypeError: Cannot find function addHours . (Workflow:date / Add hours to date (item0)#2 )
This issue is fixed in this release, and the Add hours to date element was replaced with the addHoursToDate action in the com.vmware.library.date module. The action can be used the same way as the Add hours to date element.
- The virtual machine is cloned successfully but the workflow fails
When you clone a virtual machine by using the Clone, Windows Sysprep with single NIC and credential workflow, the process successfully creates a new virtual machine but fails to execute a customization. The cause is an incorrect default license key that is used in the customization process. The issue is visible in the sysprep log files on the newly created virtual machine or while tracking the worklflow run.
This issue is fixed in this release.
-
Incorrect file path appearing in multiple browsers while using the Orchestrator configuration interface
When you import a configuration file or install an application from the Orchestrator configuration interface and you select a local file (for example, file.txt ), the path that appears in the input field is C:\fakepath\file.txt in Google Chrome or a similar address in other browsers containing the fakepath string.
The issue depends on the browser you use and how it implements the W3C recommendation about uploading files from HTML elements.
This issue is fixed in this release.
-
SSH 1.0.3 Plug-in is unable to transfer files larger than 2KB in size
Sometimes files copied using the SSHSession.getFile() scripting API get corrupt. Using SSH to fetch files that are sized from 1KB to 2KB from arbitrary UNIX/LINUX boxes or storage locations to the Orchestrator server works correctly. Larger files might be corrupted, accumulated sporadically, and often with the last file lines cut off.
This issue is fixed in this release.
- Property or method vm not found on object VcClusterAntiAffinityRuleSpec
You assign a value to the vm property of a VcClusterAffinityRuleSpec or a VcClusterAntyAffinityRuleSpec object in a scriptable task of the workflow that you design. When you run the workflow, it fails with the following error message: Property or method 'vm' not found on object VcClusterAntiAffinityRuleSpec .
- In the API explorer, the property executions of workflow object is incorrectly shown to be of type Object
When you browse through the API explorer, the type of the executions property is displayed as Object. The actual type of the execution property is an array of WorkflowTokens .
This issue is fixed in this release.
-
Incorrect error message displayed when you use Reference Error construct
There are some workflows in the Orchestrator library that use the new ReferenceError() function in their scripting to mark errors. However, Rhino scripting is not unwrapping correctly the error message, and the root cause of the error remains unclear. You should not use the new ReferenceError('<<message>>') construct in your scripting, you should replace it with a simple throw <<message>> . You can clone system workflows to apply the above fix.
This issue is fixed in this release.
-
Virtual Machine power state values are not listed while creating an IF condition based on the virtual machine power state
When you create an IF condition based on the virtual machine power state it is not possible to select a value from the pop-up window as no values are listed.
This issue is fixed in this release.
- Orchestrator cannot connect to remote SQL servers by using dynamic ports
This issue is fixed in this release.
- The library used in the SSH plug-in is updated
The library used in the SSH plug-in is updated to provide the following new capabilities:
- attribute Boolean property to
SSHSession object
- attribute string terminal to
SSHSession object
- method
addEnvironment(string key, string value) to SSHSession object
The Jcraft jsch version is also updated from version 0.1.29 to version 0.1.42.
-
Relocate virtual machine disks workflow might fail with a non-descriptive error message
When you try to relocate a virtual machine by using the Relocate virtual machine disks workflow, it cannot move both the disks and the virtual machine in at the same time, in case the virtual machine is powered on. The workflow might fail with a non-descriptive error message.
The issue is fixed in this release and Orchestrator checks whether the virtual machine is powered on. If the virtual machine is powered on, the workflow fails with an error message stating that to migrate both the disks and the virtual machine at the same time, the virtual machine must be powered off.
- Some relations between objects in the vCenter Server plug-in are invalid
Some of the relations between vCenter Server
plug-in objects are invalid and search results might be empty. The list
of the invalid relations is the following:
- Type name:
ResourcePool ; Relation name: getNetwork_Network
- Type name:
ResourcePool ; Relation name: getNetwork_DistributedVirtualPortgroup
- Type name:
VmFolder ; Relation name: getResourcePool_ResourcePool
- Type name:
HostSystem ; Relation name: getResourcePool_ResourcePool
- Type name:
HostSystem ; Relation name: getResourcePool_VirtualApp
This issue is fixed in this release.
- When you run a workflow asynchronously through JavaScript,
the workflow parameters might be inconsistent
When you run a
workflow asynchronously through JavaScript, the workflow parameters
might be inconsistent, and some of the properties might be null. For
instance, if you run a workflow with an input parameter of the type VirtualMachine , when the workflow completes and you get the
value of the input parameter from the WorkflowToken , the
value of the name property is null.
This issue is fixed in this release.
- You might not be able to add host to a cluster by running
the Add host to cluster workflow
You might not be able to
add a host to a cluster by running the Add host to cluster workflow,
because the authenticity of the SSL certificate of the host is not
verified. If you try to add a host to a cluster by using the vSphere
Client, the vSphere Client prompts you to accept the host certificate or
to decline it. The task that the Add host to cluster workflow creates
vCenter Server does not prompt for user interaction, and the workflow
cannot be completed.
This issue is fixed in this release.
- The weboperator Web view might not display the schema image
of a workflow
When you select a workflow in the weboperator
Web view and click the Schema tab, the schema might not
load.
This issue is fixed in this release.
- When you try to deploy a server with more than 4 CPUs, the vCenter Server action getConfigSpec fails
When you use the vCenter Server getConfigSpec action to deploy a server with more than 4 CPUs (for example, 8 CPUs), the action fails because the number of CPUs is set to be less than 4.
This issue is fixed in this release and you can deploy servers with the maximum CPU count supported by the vSphere version you are using.
Top
of Page
Known Issues
The known issues in this Orchestrator release are grouped as
follows:
Installation Issues
- Orchestrator 4.1.2 standalone installer does not detect previous versions of Orchestrator and completes the installation process, creating a second Orchestrator instance
If you have
an Orchestrator 4.0.1 or 4.1 installation on a 64-bit server and you run
the installer for Orchestrator 4.1.2 standalone, two Orchestrator
instances are created. However, the upgrade to Orchestrator 4.1.2 is not
successful, and you can run only the previous version of Orchestrator.
Workaround: To install Orchestrator 4.1.2, perform
the following steps:
- Export the existing configuration settings.
- Uninstall the Orchestrator instance.
- Install Orchestrator 4.1.2.
- Import the configuration settings.
- Restarting the Orchestrator server service after reinstalling plug-ins
adds Java exceptions to the logs
In the
Troubleshooting tab of the Orchestrator configuration
interface, if you reinstall plug-ins by clicking Reset current
version and then restart the Orchestrator server, several Java
exceptions are written to the Orchestrator server logs.
- Orchestrator registry keys remain after you uninstall
Orchestrator by using Windows Control Panel
If you uninstall
Orchestrator using the Windows Control Panel, some Orchestrator registry
entries are not removed.
Workaround: To remove the Orchestrator entries
manually:
- Click Start > Run.
- Type
regedit and press Enter.
- In the Registry Editor, click
File > Export to back up the
current registry settings.
- Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\VMware .
- Right-click the Orchestrator entries and select
Delete.
Internationalization Issues
- You might not be able to configure the LDAP settings if your
LDAP password contains non-ASCII characters
When you try to
configure the LDAP settings in the Orchestrator configuration interface
and the LDAP password that you enter contains non-ASCII characters, the
process of configuring might fail with an error message of the type Unable to connect to LDAP Server . This issue appears under
the following conditions:
- When the LDAP password contains characters such as and ÿ in
German and French locales.
- When the LDAP password contains any native characters in Japanese,
Korean, and Simplified Chinese locales.
- Problems handling non-ASCII characters in certain
contexts
Using non-ASCII characters in input parameters
results in incorrect behavior in the following contexts:
- If you run the SCP put or SCP get workflows from the SSH folder on
a file with a name that contains non-ASCII characters, the workflow
runs, but name of the resulting file on the destination machine is
garbled.
- If you try to insert non-ASCII characters into attribute names,
the characters do not appear. The issue occurs for Web view
attributes, workflow attributes and action attributes.
Configuration Issues
- Orchestrator does not work with forest and external trusts in Active Directory
Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.
- Windows XP SP2 and earlier cannot connect to Orchestrator 4.1.2
Orchestrator does not allow connecting with Windows XP SP2 and earlier, because of restrictions in the SSL cipher suites that can be used.
Workaround: To fix this issue, make sure that you upgrade to Windows XP SP3.
- SSL server certificate is overwritten if no new SSL server certificate was installed
When you upgrade to Orchestrator 4.1.2, the SSL server certificate is overwritten in case you have not created a new self-signed certificate, or if you have not installed a certificate signed by a Certificate Authority. The certificate is overwritten with a newly generated certificate. For more information about replacing and installing certificates, see the VMware vCenter Orchestrator Installation and Configuration Guide.
- You might not be able to configure your server certificate
in the Orchestrator Configuration interface
If you attempt
to import a server certificate with wrong values, you receive a
validation message that your server certificate is not signed by a root
authority.
Workaround: If a you have never successfully added a
server certificate, perform the following steps:
- Delete the
vmo-keystore row from the Orchestrator
database.
- Restart the Orchestrator configuration service.
- Import the server certificate.
If you have previously
imported a server certificate, delete the vmo_keystore row
from the Orchestrator database and import the certificate again. If
you have previously imported a server certificate, and backed up the
certificate by exporting the certificate database, you can delete the vmo_keystore row, and import the certificate database. The
default name of the certificate file is vmo-server.vmokeystore .
- Support for TNSNames missing when you connect to an Oracle
database
You cannot use TNSNames to connect to an Oracle
database. You can connect to an Oracle database using an IP address or a
DNS name.
Workaround: Add support for RAC
and TNS configuration for Oracle 11g Database instances to vCenter
Orchestrator (KB 1022828).
- SSL certificate is lost when you import configuration from
previous installation
If you import the configuration of a
previous installation into the 4.1.2 installation, the SSL certificate
from the old installation is not loaded. In the Orchestrator
configuration interface the Server Certificate tab
shows a red triangle.
Workaround: You must import the certificate
manually.
- Restricted access to vCenter Server inventory can cause
errors if you set Session per user
If you select the
Session per user option in the vCenter
Server tab of the configuration interface, accessing the
vCenter Server inventory can result in some errors if the connected user
has restricted access to inventory objects.
- No error message is displayed on the Network tab of the
Orchestrator configuration interface when a network port is already in
use
The Network configuration is saved successfully without
errors even when the port numbers that you enter are already taken on
your host.
Workaround: Make sure the port numbers you enter on
the Network tab are free.
Networking Issues
Miscellaneous Issues
- When you add a Custom Decision element to a workflow, the
Orchestrator client might shut down unexpectedly
After
installing the Orchestrator client on a Windows 7 64-bit machine, if you
try to add a Custom Decision element to a workflow, the Orchestrator
client might shut down unexpectedly without an error message. This issue
occurs when you try to connect the Custom Decision element to the next
element that should run in the workflow.
Workaround: Perform the following steps:
- Connect the workflow element that must run before the Custom
Decision element to the Custom Decision element.
- Connect the Custom Decision element to the next workflow element
that you want to run.
- Importing a package using the Orchestrator client fails
occasionally
Occasionally, importing a package using the
Orchestrator client results in the error Unable to import a
certificate, reason : Unable to save keystore .
Workaround: Close the error message and attempt the
import again.
- The Used plug-ins tab in the Orchestrator client does not
appear at all or does not list the plug-ins associated with the selected
package
You cannot check dependencies between packages
because the Used plug-ins tab is either not displayed
or not populated with the list of associated plug-ins. If the tab is not
displayed and the Orchestrator client is not refreshed, you must click
another tab or view.
- The Orchestrator client stops responding if you use the Used
plug-ins tab in edit mode
When you attempt to insert or
remove associated plug-ins on the Used plug-ins tab,
the Orchestrator client stops responding.
Workaround: Restart the Orchestrator client.
- The Revert option for the parameters table on the Scripting
tab of the Edit Actions view does not revert to the last saved
state
When you add a parameter to an action script, you
cannot remove it using the Revert option.
Workaround: Right-click the parameter and click
Delete Selected.
- Characters are accepted as the input value for workflow
attributes of number type
Format validation has been
disabled on workflow attributes that are of the number type. Invalid
input values are accepted without any warning, and workflows are saved
successfully, which can lead to unpredictable results.
- Changes to input parameter descriptions are not propagated
to the presentation
If you change the description of an
input parameter for a workflow, the change is not propagated to the
description in the presentation.
Workaround: Copy the description to the presentation
manually.
- The Convert disks to thin provisioning workflow does not
handle virtual machines with snapshots correctly and does not convert
the thick-provisioned disks
On completion, the Convert disks
to thin provisioning workflow reports that the thick-provisioned disks
of virtual machines with snapshots are successfully converted to
thin-provisioned, when they are actually not.
Workaround: Do not include virtual machines with
snapshots in the workflow.
- Windows Server 2008 automatically renames VMOAPP and DAR
files to ZIP causing the application installation and plug-in upload in
the Orchestrator configuration interface to fail
If you are
running Orchestrator on Windows Server 2008, the extension of the
archives you download is automatically changed to ZIP. When you are
installing an application or uploading a plug-in by using the
Orchestrator configuration interface, you must use a VMOAPP or DAR file.
Workaround: Change the ZIP extension back to either
VMOAPP or DAR to use the downloaded archive in the Orchestrator
configuration interface.
- Repeatedly publishing and unpublishing Web views can cause
memory issues
Publishing and unpublishing of Web views
restarts the Tapestry framework, which regenerates new meta-class
information without cleaning up the previous meta-class information.
Publishing and unpublishing a Web view by repeatedly calling the methods Webview.enable() and Webview.disable() in a
loop in scripts can consume large quantities of memory and eventually
leads to performance issues.
- Adding values to vCenter Server data object properties of
type Array is impossible
When Orchestrator runs scripts, the
vCenter Server 4.1 plug-in converts JavaScript arrays to Java arrays of
a fixed size. As a consequence, you cannot add new values to vCenter
Server data objects that take arrays as property values. You can create
an object that takes an array as a property if you instantiate that
object by passing it a pre-filled array. However, after you have
instantiated the object, you cannot add values to the array.
For example, the following code does not work:
var spec = new
VcVirtualMachineConfigSpec(); spec.deviceChange =
[]; spec.deviceChange[0] = new
VcVirtualDeviceConfigSpec(); System.log(spec.deviceChange[0]);
In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java
array VirtualDeviceConfigSpec[] before it calls setDeviceChange() . When calling spec.deviceChange[0]
= new VcVirtualDeviceConfigSpec() , Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java
array. Calling spec.deviceChange.add() results in the same
behavior.
Workaround: Declare the array as a local variable,
as follows:
var spec = new VcVirtualMachineConfigSpec(); var deviceSpec
= []; deviceSpec[0] = new
VcVirtualDeviceConfigSpec(); spec.deviceChange =
deviceSpec; System.log(spec.deviceChange[0]);
- Workflow input parameters of type SecureString cannot take a
null value
You cannot start a workflow with a null value if
that workflow takes a SecureString as an input parameter,
unless you start the workflow from within another workflow. If you start
a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads
attributes from the cache rather than from the Orchestrator database,
resulting in a null input parameter. If you then change the workflow
state to passive by implementing a long-running workflow element, the
attributes are reloaded from the database, converting the null value
into an empty string. This is the only way you can use a null value to
start a workflow that requires a SecureString input
parameter.
- Workflow fails and an error message is displayed
If the LockingSystem.lockAndWait() API method is called with parameters exceeding 100 characters in length, the current workflow run fails and displays one of the following error messages
Lock id must be not null and no longer than 100 characters
or
Owner must be not null and no longer than 100 characters
Workaround: Reduce the parameter length using a hash of the original parameter (SHA-1, SHA-256 or MD5)
- HTML tags used in workflow presentation descriptions or names are not rendered in Web views
HTML tags used in workflow presentation descriptions or names are not rendered in Web views. This is a security fix preventing potential cross-scripting exploits.
|