Cumulative Update for vRealize Automation 7.6
search cancel

Cumulative Update for vRealize Automation 7.6

book

Article ID: 325972

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

This article contains a list of known issues that are resolved in the latest patch available for vRealize Automation 7.6
Current Patch Version:  Patch 30
List of issues resolved in this patch:

See the attached spreadsheet titled:  vRA76-P30-ResolvedList.xlsx under the Attachment(s) section for a full list of all resolved issues and their associated Symptom(s).

Important: Patch 29 and above fixes VMSA-2022- 0021 for embedded VMware Identity Manager.
Important: Patch 28 and above fixes VMSA-2022-0014 for embedded VMware Identity Manager.
Important: Patch 27 and above fixes VMSA-2022-0011 for embedded VMware Identity Manager.  For manual remediation see Workaround instructions for vRA 7.6 within HW-154129 - Workaround instructions to address CVE-2022-22954, CVE-2022-22955, CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960 in Workspace ONE Access Appliance (VMware Identity Manager)
Important: Patch 25 and above updates Apache Log4j to 2.17. Do not run the Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in vRealize Automation 7.6 after installing Patch 25 or above.


Environment

VMware vRealize Automation 7.6.x

Resolution

To resolve the listed issues, install the latest vRealize Automation 7.6 patch with the instructions below.

Note:  If you wish to deploy this patch using vRealize Suite Lifecycle Manager, you will need to use the properly "wrapped" patch file and not the one listed below.  To obtain the wrapped patch for vRealize Automation, log into the patch site here: How to Download vRealize Suite product patches in Customer Connect

The patch files can be large (>5GB) so ensure there are no network policies in place that may prevent transfers of such file sizes.

Prerequisites

Note: Pre-checker should be successful and green to install or rollback a patch.

For successful patch deployments, perform these prerequisite steps on the target vRealize Automation cluster:

  • If Database tab within the 5480 VAMI clustering is set to SYNC, convert to ASYNC
  • Ensure that the virtual appliance(s) have their Time Zone set to UTC
  • Remove old / obsolete nodes from the Distributed Deployment Information Table. For detailed steps, see Remove a Node from the Distributed Deployment Information Table section of vRealize Automation documentation.
  • Ensure that VMware vCloud Automation Center Management Agent is the latest 7.6 version and is running on all IaaS cluster nodes.
  • Ensure 16GB of free space is available for each virtual appliance participating in the cluster for the /dev/sdd1 partition.
  • Ensure at least 1024 MB free on 'C:\' for each IaaS node.
  • VMware vCloud Automation Center Management Agent service account requirements:
    • Ensure "Log on as a service account" is enabled. 
    • Local Administrator
    • Required username format should be in down-level domain format: domain\username, e.g. "vra\administrator".
  • On each vRA appliance, open the /etc/hosts file and locate the entry IPv4 loopback IP Address (127.0.0.1).  Ensure that the Fully Qualified Domain Name of the node is added immediately after 127.0.0.1 and before localhost.
For example: 127.0.0.1 FQDN_HOSTNAME_OF_NODE localhost

  • Verify that you have taken a snapshot of the vRealize Automation system while it is shut down. This is the preferred method of taking a snapshot. See the recommendation below:

    Shutdown/Startup Order of Operations by Component

    Shutdown
    Startup
    Proxy Agents
    Primary appliance
    Distributed Execution Managers
    Secondary appliance
    Secondary Manager service
    Primary Web node
    Primary Manager Services
    Secondary Web node
    Secondary Web node
    Primary MS
    Primary Web node
    Secondary MS
    Secondary appliances
    Distributed Execution Managers
    Primary appliance
    Agents
  • If your environment uses load balancers for high availability, disable traffic to secondary nodes and disable service monitoring until after installing or removing patches and all services are showing REGISTERED
  • Obtain the files from below and copy it to the file system available to the browser you use for the vRealize Automation appliance management interface.
    • hf_install.sql and hf_rollback.sql are attached as separate downloadable links within this article under Attachments.

Note:  If you attempt to install or remove a patch without all nodes running, the vRealize Automation appliance management interface might become unresponsive. If that happens, contact technical support. Do not attempt to manage patches through other means or use vRealize Automation until you resolve the issue.

Installation Procedure

Patch downloads have been moved to Customer Connect.
SHA256SUM

f9dfffa98a8d9acb8af1eb6dd16a234eaa1bdccd03353741c8dc9d1a4aa50044
  1. Download the file from the Customer Connect and verify the SHA256SUM.
  2. Log in to the vRealize Automation appliance management interface (https://vrealize-automation-appliance-FQDN:5480) as root.
  3. Upload the patch by clicking vRA Settings > Patches > Patch Management > New Patch > Upload
  4. Once the patch uploads successfully, logout of the current VAMI session.
  5. Clear browser cache and login to the primary node VAMI again.
  6. Navigate to vRA Settings > Patches > Patch Management > New Patch
  7. A new pre-check box appears.  Click Run Pre-check
  8. Once the pre-checker is green, click Install
  9. Select Done
  10. SSH into the appliance in which hosts the primary (non-replica) role for PSQL. 
    1. Only perform this step if you have not done so in a previous Patch install. Run the below shell script followed by a VAMI service restart 
      sh /usr/local/horizon/scripts/HW-137959-Patch.sh

service vami-lighttp restart
  11. Once the installation is complete and successful, ensure all the services are running.
  12. Once complete, run hf_install.sql and updateview.sqlagainst the IaaS SQL Server database if it is not run in previous HF installations.

Verification of successful patch installation:

  • All Management Agents within the Cluster tab now report as 7.6.0.17541
  • All Manager Service components now report as 7.6.0.17216
  • All Default Web Site components now report as 7.6.0.17216
  • All DEM components now report as 7.6.0.17216
  • All Model Manager Data component now reports as 7.6.0.17216
  • The Installed Patches tab shows a successful installation.
Note: Patch 26 through 29 do not increment vRA component versions.

Rollback

  1. Run hf_rollback.sql against the IaaS database after reverting to a previous hotfix installation.

Adding new nodes to a patched vRealize Automation environment

To add new nodes to an existing patched vRealize Automation cluster requires re-running the patch to update the newly added node.
  1. Keep the environment in Async replication mode.
  2. Deploy a fresh appliance for the environment, click on Cancel when the Installation wizard pops after logging into the 5480 appliance management page.
  3. Re-join the new node to the primary from the Cluster tab
  4. From the Patch tab on the appliance management page of the primary node, re-initiate the installation of the patch by selecting the patch from the installed patches tab and selecting install. *Do not upload patch again and attempt fresh install of patch.


Workaround:

Known Issues

  1. If Patch 26 or 27 fails with
"35000":"Exception in thread \"main\" java.lang.NoClassDefFoundError
  1. Run the following command on each node in the cluster 
rm -f /usr/lib/vcac/tools/config/repo/{log4j-1.2-api-*.jar,log4j-api-*.jar,log4j-core-*.jar,log4j-slf4j-impl-*.jar} && cp -f /usr/lib/vcac/patches/repo/cafe/vcac/wars-core/vcac/WEB-INF/lib/{log4j-1.2-api-2.17.0.jar,log4j-api-2.17.0.jar,log4j-core-2.17.0.jar,log4j-slf4j-impl-2.17.0.jar} /usr/lib/vcac/tools/config/repo
  1. shell-ui-app fails to register properly post installation:
To resolve this issue Restart vRealize Automation services:

Standalone

  1. SSH into the appliance
  2. Execute the following command to stop / restart vcac-server: 
    service vcac-server stop
  3. Start Services: 
    service vcac-server start

Clustered

  1. SSH into each replica appliance node and stop services: 
    service vcac-server stop
  2. SSH into the primary appliance node and stop services: 
    service vcac-server stop
  3. Start services on the primary node: 
    service vcac-server start
  4. Once the primary node has entered: "Waiting for application to start..." start the replica appliances, the order does not matter: 
    service vcac-server start
  5. Monitor the Services tab within the appliance management interface.
  1. Patch pre-checker fails during vRealize Automation 7.6 Patch 2+ or below patch installation done using LCM and overall install patch request fails in LCM.
  • Reason:  vRealize Automation 7.6 Patch 2+ has a patch pre-checker. This fails if there are anomalies in the vRealize Automation instance. LCM reports total failure for patch request but the pre-check result is not visible in LCM UI
    • Workaround:  Fix the failures reported by the prechecker, found in the VA node at the location /usr/lib/vcac/patches/repo/patch_installation_details.json and retry the failed request from LCM.
  1. If a Precheck failed error occurs for the Xenon-Service or release-management service perform the following: 
    service xenon-service start && service tekton-server start
​​​

Additional Information

Due to the severity of the latest VMSAs, only the latest patch HF28 and above will be posted.

Previous Patch Release Download Links:

Patch Version:  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 ​​​​​​- 9 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 22 - 23 - 24 - 25 - 26 - 27 - 28


 


Attachments

vRA76-P30-ResolvedList get_app
vRA76-P29-ResolvedList get_app
hf_rollback get_app
hf_install get_app
updateview get_app
Powered by Wolken Software