CloudBees Assurance Program

The CloudBees Assurance Program specifies the set of plugins, plugin versions, and plugin dependencies that are either verified or trusted, depending on how much they have been tested. This provides greater stability and security for Jenkins environments. Not only are these plugins independently stable, but they are tested as a whole (in aggregate) to ensure compatibility with each other and the Jenkins instance.

The primary administrator interface for the CloudBees Assurance Program is the Beekeeper. It provides a centralized view of the monitored Jenkins plugins, recommended actions, and configuration options. The Beekeeper allows administrators to review and install upgrades for plugins. Additionally, administrators can enable automatic upgrades or downgrades of plugins which are not in compliance with the support policy for the CloudBees Assurance Program.

When enrolled in the CloudBees Assurance Program, two changes are immediately made to the instance: the Beekeeper displays the current compliance status with CloudBees Assurance Program, and the Update Center configuration is modified to point at the CloudBees Assurance Program Update Center.

The CloudBees Assurance Program Update Center modifies the list of "Updates" and "Available" plugins on the Manage Plugins page to hide plugins that would be incompatible with CloudBees Assurance Program due to dependencies on plugin versions which are outside of the CloudBees Assurance Program.

Through the CloudBees Assurance Program, CloudBees classifies plugins into tiers according to how much risk to a given installation’s stability a given plugin may pose. See Plugin support policies for details.
The Plugin management guide provides step-by-step instructions for the actions described in this chapter.
Beekeeper alerting to an available upgrade
Figure 1. Administrative Monitor advising of a new upgrade

The Beekeeper regularly evaluates the state of the instance to ensure compliance with CloudBees Assurance Program and provides an "Administrative Monitor" to alert administrators to upgrades needing their attention.

When an upgrade is available, the administrator is notified by Beekeeper, with a notification on the "Manage Jenkins" Page and on the administrative monitor shown in the header for other pages.

Upgrade message from header
Figure 2. Upgrade message from header

Clicking Manage will navigate to a Beekeeper screen that outlines the available upgrades.

upgrade view
Figure 3. Information about the available upgrade and possible actions to perform

To reconcile the difference between revisions, Beekeeper reports what actions it will need to perform to upgrade successfully (such as downgrading or upgrading installed plugins).

Before any upgrade, CloudBees recommends creating a backup of the instance in case there is some unexpected failure during the upgrade process.

The new product release notification shows the offered release and a More Info…​ button that directs the administrator to a page providing additional information about the upgrade.

The upgrade page shows:

  1. Current version and the offered release

  2. Link to Release Notes describing the new features, fixes and known issues

  3. Results of a simulation of the upgrade (including changes in core and/or plugin versions)

  4. Link to documentation and downloads

Upgrading the product
Figure 4. Upgrading the product

Incremental upgrades

The CloudBees Assurance Program can also provide incremental upgrades. Incremental upgrades include a subset of functionality delivered prior to the full product release. For example, incremental upgrades may deliver plugin security fixes or important new features that can’t wait until the next full product release.

Incremental upgrades appear in the page with a message that a new revision is available. The upgrade page shows the current and offered revisions as well as a simulation of the changes.

Depending on the plugins you have installed, no change may be needed in the running instance. You should choose the upgrade even in those cases so that Beekeeper uses the upgraded configuration.

Incremental upgrades

Incremental upgrades

Given that incremental upgrades are usually used for important inter-release upgrades of the recommended configuration, such as security upgrades, if you perform an initial installation of a version for which an incremental upgrade is available (and the instance is connected to CloudBees Update Center) you will have the option of applying the upgrade from the setup wizard:

Incremental Upgrade offered in the Setup Wizard

Incremental Upgrade offered in the Setup Wizard

If you decide to install the incremental upgrade at this point, depending on the affected plugins, an additional restart may be required at the end of the installation process. If you decide to skip the upgrade in the setup wizard, it will be offered by the Beekeeper Upgrade Assistant as described above so it can be installed at the most convenient time.

If for any reason you need to automatically skip this behavior, just set the system property cb.BeekeeperProp.disableIncrementalWizard to true.

Automatic upgrades

Beekeeper allows administrators to easily and automatically keep their verified plugins up-to-date with the versions recommended by the CloudBees Assurance Program. To enroll the instance in automatic CAP version compliance, check the Allow automatic upgrades of plugins on restart setting and click Save. It’s recommended that you restart the instance after making changes to allow Beekeeper to perform any necessary automatic upgrades.

If Allow automatic upgrades of plugins on restart was not enabled, Beekeeper will report when the instance is out of compliance with the verified plugins recommended by CAP. To resolve the drift out of compliance, the administrator may either manually follow the Beekeeper recommended actions, or enable Allow automatic upgrades of plugins on restart and then restart the instance to allow the necessary upgrades to complete.

Beekeeper after upgrade
Figure 5. Successful upgrade pending restart

If an upgrade fails, Beekeeper will notify the administrator and allow the upgrade to be canceled.

Beekeeper upon a failed upgrade
Figure 6. Failed upgrade

Enforcing downgrades

Beekeeper supports automatic plugin upgrades and downgrades to provide comprehensive compliance with the CloudBees Assurance Program. By checking Allow automatic downgrades of plugins on restart, Beekeeper automatically downgrades any installed plugins that exceed the versions explicitly recommended by CAP. While this behavior will only affect plugins considered verified and part of the CloudBees Assurance Program, it may have unintended side effects on stability if the instance has been taking advantage of features and configurations provided by more recent versions of those plugins.

Consequently, this option should be used sparingly.

System properties

Property Default Description

cb.BeekeeperProp.noFullUpgrade

false

Set to true to not check for full upgrades. Does not disable checks for security fixes to currently installed plugins, even if the security fixes for those currently installed plugins require a full upgrade. An older installation that includes a plugin with a known security issue will be shown as a Beekeeper warning. The solution to that warning may require a full upgrade, but with noFullUpgrade=true, that upgrade will not be included in the warnings

cb.BeekeeperProp.autoInstallIncremental

false

Set to true to install incremental upgrades automatically at startup

cb.BeekeeperProp.disableIncrementalWizard

false

Disable checking for incremental releases during the setup wizard

com.cloudbees.jenkins.cjp.installmanager.CJPPluginManager.allRequired

false

If true every plugin in the envelope will be considered required when CAP is enabled

com.cloudbees.jenkins.cjp.installmanager.CJPPluginManager.suggestedRequired

false

If true all suggested plugins (as defined in the setup wizard) in the envelope will be considered required when CAP is enabled.

Copyright © 2010-2019 CloudBees, Inc.Online version published by CloudBees, Inc. under the Creative Commons Attribution-ShareAlike 4.0 license.CloudBees and CloudBees DevOptics are registered trademarks and CloudBees Core, CloudBees CodeShip, CloudBees Jenkins Enterprise, CloudBees Jenkins Platform, CloudBees Jenkins Operations Center and DEV@cloud are trademarks of CloudBees, Inc. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Jenkins is a registered trademark of the non-profit Software in the Public Interest organization. Used with permission. See here for more info about the Jenkins project. The registered trademark Jenkins® is used pursuant to a sublicense from the Jenkins project and Software in the Public Interest, Inc. Read more at www.cloudbees.com/jenkins/about. Apache, Apache Ant, Apache Maven, Ant and Maven are trademarks of The Apache Software Foundation. Used with permission. No endorsement by The Apache Software Foundation is implied by the use of these marks.Other names may be trademarks of their respective owners. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this content, and CloudBees was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this content, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.