CloudBees CD v10.0.0

Released: 2020-06-30

CloudBees is pleased to announce the general availability of CloudBees CD 10.0.0. This release delivers innovation across many vectors such as:

  • Native CI integration

  • CloudBees CD installation on Kubernetes improvements

  • DSL improvements for managing automation as code

Security fixes

This release includes the following security updates

  • The Apache web server used in CloudBees CD is upgraded to 2.4.43. [NMB-27887]

  • PHP is upgraded to 7.4.6. For details, see https://www.php.net/releases/7_4_6.php. [NMB_28894, NMB-29098, NMB-29289]

  • OpenSSL is upgraded to 1.1.1g. [NMB-29097]

  • Jetty upgraded to 9.4. [NMB-27667]

  • HTTP OPTIONS method disabled in CloudBees CD Server Jetty port 8443. [NMB-29052]

  • eccert uses SHA1 and DSA for the keystore jetty key/cert [NMB-28211]

Java 11 support

The Java version used by the Flow server and agent has been upgraded to Java 11 in order to support the following security improvements in this release. [NMB-28898, NMB-28462]

  • The default Diffie Hellman key size is changed from 1024 to 2048. [NMB-26760]

    If you are upgrading CloudBees CD from version 9.1 or earlier, to version 10.0, a new passkey with AES 256-bit encryption is automatically generated, replacing the older 128-bit passkey. It is extremely important you back up your current database and passkey file before upgrading to v10.0.

  • Flow components now reject client initiated SSL renegotiation.

  • JVM 11 deprecates TLSv1 and TLSv1.1 and no longer uses them.

    Customers who only upgrade the Flow server components must ensure that they are using TLS v1.2 on the agents in order to connect to the upgraded Flow server components. External services should be verified for TLSv1.2 support. [NMB-28428]

  • The following crypto algorithms are being deprecated and are no longer supported:

    • SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, CBC

    • In Java 11 default deprecation list is: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC

    • And additionally, these are deprecated: anon, NULL, CBC in the Flow bundled Java 11.

New features

CloudBees Flow is now CloudBees CD

CloudBees is introducing new, self-describing product names across our entire product line that make them easier for anyone in our target market to find, and to understand intuitively what they do.

With the release of version 10.0, what you’ve known previously as CloudBees Flow, or even ElectricFlow, is now called CloudBees CD. It is still the recognized leader in continuous delivery release orchestration and application release orchestration. The only thing that’s changed is the name—​and all the new features listed below.

New CloudBees CD release strategy

Starting in January 2020, the release strategy for CloudBees CD is updated to add a preview release in addition to the standard long-term support (LTS), maintenance (patch), and hotfix releases. As such, CloudBees CD 10.0 rolls up previous preview releases since CloudBees Flow 9.2.

For more details see CloudBees maintenance lifecycle policies.

Native CI integration

Native CI integration seamlessly provides CI job and build data access within CloudBees CD.

  • Simplify calling a CI job from a CloudBees CD pipeline:[CEV-24229]

    Documentation: Triggering CI jobs

    • Managing CI configurations in CloudBees CD

    • Defining a new pipeline task type: CI Job

    • Rendering CI jobs, pipelines, and build paramet/ers in CloudBees CD.

  • The CloudBees CD Jenkins plugin sends CI build details to CloudBees CD. Refer to CloudBees CD Jenkins plugin updates for more details. [NMB-24171]

  • API support

    • New getCIjob, getCIJobs, and getCIJobParameters APIs used to retrieve information from CloudBees CI jobs. [NMB-24230, NMB-24231]

      Documentation: CI job commands

    • New ciConfiguration API commands used configure [NMB-24230, NMB-24231]

      Documentation: CI configuration commands

    • Support for CI Job type added to create/modifyTask API. [NMB-24232]

      Documentation: Pipelines and Releases—​createTask

    • New ciBuildDetails API used to publish CI build details to CloudBees CD releases and pipeline runs. [NMB-24171]

      Documentation: CI build detail commands

CloudBees CD on Kubernetes

Installation of CloudBees CD on Kubernetes using Helm charts, introduced as a preview feature in 9.2, is now GA.

Helm support

  • Helm 3 support added. [NMB-28916]

  • Helm chart deployment on Red Hat OpenShift has been certified. [NMB-28920]

  • Support for Helm 2 retired.

    Agent-only installation using the agent Helm chart

  • The CloudBees CD on Kubernetes installation instructions now include details about installing agents using the agent Helm chart. [NMB-29131]

    Documentation: Flow agent installation and upgrade.

Creating persistent shared storage

This release contains new documentation about creating persistent shared storage for both Filestore on Google Cloud Platform and EFS on Amazon EKS. [NMB-29152]

Documentation: Creating persistent shared storage

Also see: Support resources on the cloudbees-example repo

DSL improvements for managing automation as code

New DSL IDE, directly available from the CloudBees CD main menu, for users to easily test and run local DSL files. Features include: [CEV-24098]

  • Open/Save DSL file from/to the client machine

  • Run the DSL

  • Type-ahead, autocomplete for DSL methods

  • DSL output window for both successful outcome and error.

  • DSL help

  • Undo/redo

  • Code formatting

  • Shortcut keys

    Allow inline edit and save for DSL without opening a modal. [CEV-24099]

    Sort and maintain nested objects in alphabetical order when saved. [CEV-24094]

    New catalog item: Import DSL from Git. Use the new Import DSL from Git catalog item to run the specified domain-specific language script from a Git repository, thus creating a new or overwriting an existing object hierarchy. With this UI, you specify details about the Git repository, the branch name, and the location in the checked-out directory from which the import takes place. [CEV-24463]

    Documentation: xref:10.0@@cloudbees-cd-api:flow-api:dslabout.adocUsing the CloudBees CD DSL].

Release hierarchy improvements

Improvements to hierarchy data fix: a new background trigger is introduced which allows users to fix the hierarchy data for flowRuntimes which were created before CloudBees Flow v9.2. [CEV-23898]

This trigger does the following:

  • Fixes hierarchy data as a background operation in batches.

    • Wakes up every 2 minutes and fixes the flowRuntimes, both completed and active, that require a data fix and fixes it, in batches of 100 each time.

    • Once a flowRuntime record is fixed, changes the flag requiresHierarchyDataFix to 0.

  • Allows user to switch off/on this background operation.

  • Provides a server setting that allows users to turn off the hierarchy data fix operation:

    /server/settings/enableFlowRuntimeHierarchyDataFix

    Users can set this flag to false if they wish to stop the hierarchy data fix in the background.

Release portfolio and pipeline enhancements

Triggered pipelines can now be attached to a release. [CEV-23963]

Regarding pipeline and release portfolio lists:

  • After upgrade, pipeline runs triggered before CloudBees CD 9.2 may not be visible in this view.

  • Pre-9.2 pipeline runs are not available for searching and filtering.

  • Existing pipeline runs are available to be attached.

Pipeline and Release portfolio views are not affected.
DevOps Insight

The Continuous Integration Dashboard in DevOps Insight has been enhanced to include a releases filter. [CEV-24864]

Performance improvements

Pipeline Runs and Release List UI

The UI response time when navigating to Pipeline Runs and Release List pages has been significantly improved, depending on the server configuration, when compared with previous releases. [CEV-23712, CEV-23357]

A server setting is introduced to change the frequency with which the Pipeline Runs and Release List pages are updated. If not configured, it defaults to 10 seconds. [CEV-24531]

Tag-based search

The time to search for tagged items when tens of thousands of tags are present has been significantly improved, depending on the server configuration, when compared with previous releases. [CEV-24993]

API

The response times for the following APIs have improved significantly:

  • getTags [CEV-24993]

  • getReleases [CEV-23959]

  • getPipelineRuntimes [CEV-23712, CEV-24201]

DSL export

The performance when exporting DSL for large projects has been significantly improved, reducing the CPU used. [CEV-24443]

Faster Startup Time

With previous releases, when there were thousands of stale sessions that needed to be cleaned up at startup, the CloudBees CD server would start processing jobs after several minutes on startup. Improvements have been made to optimize the processing and deletion of these expired sessions resulting in faster startup times. [NMB-27944]

Plugin enhancements

Plugin development framework

Version 2.3.0 of the CloudBees CD Plugin Development Framework (flowPDF) has been released with the following enhancements:

  • Enhanced to provide support for developing flow plugins using Groovy. The new libraries for Groovy as well as detailed tutorials for many sample Groovy-based plugins are documented in the Flow Plugin Developer Guide.

    The CloudBees CD Plugin Development Framework (flowPDF) provides a combination of tools, APIs, and libraries that are used to create a CloudBees CD plugin in four steps. The entire set of capabilities of the framework are available through a single command line tool (CLI) called flowpdk . This tool is available in our open source community GitHub organization here: https://github.com/electric-cloud-community/flowpdf

    In addition, a comprehensive Plugin Developer Guide , which consists of plugin concepts, samples, and tutorials in both HTML and PDF formats, is at the URL above.

    Since Release 9.0, the CloudBees CD Plugin Development Framework is the recommended approach to develop plugins and replaces the Plugin Commander SDK. The Plugin Commander SDK, and its guide, is considered obsolete and is no longer supported.
Plugin dependency management improvements

  • Provisioning of binary dependencies (for example Grape jars) in the agent resource, required by a plugin, is now seamlessly delivered through a new feature called Plugin Dependency Management in the CloudBees CD server.

  • A new DSL based fallback provisioning mechanism is introduced for older versions of CloudBees CD server. Plugins that uptake this feature no longer require CloudBees CD repository to be setup in order to function. The following plugins have completely taken up this feature: EC-Kubectl, EC-EC2, EC-Ansible, EC-AmazonECS, EC-RemoteAccess. Look for more plugins incorporating this in the next release. [NMB-27689]

  • Plugin Dependency Management using Server Operation now works via gateways. [NMB-29031]

  • If the CloudBees CD server runs on Windows and agent runs on Linux, then the Plugin Dependency Management now maintains the path for Grapes. [NMB-29063]

  • These plugins have been updated to support plugin dependency management. Binary dependencies required by these plugins no longer require the CloudBees CD Artifact Repository Server to be set up. [FLOWPLUGIN-655]

    • EC-CloudFoundry

    • EC-AzureContainerService-Docker

    • EC-Docker

    • EC-Dynatrace

    • EC-GoogleContainerEngine

    • EC-Kubectl

    • EC-Kubernetes

    • EC-RemoteAccess

    • EC-OpenShift - but it is still using Artifact Repository to store its Ansible dependencies

New plugins
Name Summary

EC-FeatureFlags

This plugin integrates CloudBees CD with CloudBees Feature Flags to facilitate feature flagging as part of deployments and releases. This plugin is bundled with CloudBees CD and is installed automatically as part of the CloudBees CD Installer. [FLOWPLUGIN-8242]

Documentation: EC-FeatureFlags help file

EC-GCP-ComputeEngine

A new plugin that integrates with Google Cloud Platform to provision and manage Compute Engine Instances.

EC-GCP-SecretManager

A new community plugin that integrates with Google Cloud Platform to manage secrets.

EC-GCP-Storage
Jetbrains CloudBees CD plugin

With v10.0, the CloudBees CD Plugin version 1.1 for IntelliJ, available at CloudBees CD plugin, replaces the Electric Flow plugin, which is no longer supported. This plugin includes the following improvements:

  • Support for newer versions starting from IntelliJ version 2020.1.X.

  • Ability to configure the CloudBees CD web URL separately from the server URL. [CEV-22857]

  • Ability to approve pending CloudBees CD Pipeline gate approvals or work items from inside of the Intellij IDE. [CEV-25036]

  • Updated configuration page with improved formatting.

  • Improved documentation for the plugin.

CloudBees CD Jenkins plugin updates

This plugin is now fully Jenkins pipeline compatible with the addition of ability to publish artifacts and create and deploy applications from deployment package post-build actions. It is available in both Jenkins LTS and CloudBees CI.

  • The following post-build actions have been updated to send Jenkins Build details to Flow.

    • Trigger a release in CloudBees CD

    • Run a pipeline in CloudBees CD

    • Publish artifacts to the CloudBees CD repository

    • Event-based watchers have been created to send build data to CloudBees CD automatically if build has been triggered by CloudBees CD.

  • Support for new CloudBees CI build detail APIs:

    • New post-build action: Associate build to release to allow attaching CloudBees CI build data of the independent builds to releases or release runs.

    • TriggerPipeline now attaches CloudBees CI Build Data to the triggered pipeline run.

    • TriggerRelease now attaches CloudBees CI Build Data to the triggered release pipeline run.

  • The following issues are resolved:

    • Fixed an issue with Publish Artifact creating a wrong repository structure if the artifact had been published from the Jenkins agent node.

    • Fixed double slashes that appeared in CD Artifact URLs under certain conditions.

    • Deploy Application Post Build Action now has a link to the exact application that has been deployed instead of a link to all applications on customer instance.

    • Fixed an issue in EC-Jenkins CD Plugin when artifact’s URL could not be retrieved for the Report stage of "Run And Monitor" and "Run And Wait" under certain conditions.

    • Updated Run Procedure by RunAndWait option, which includes extra dependOnCdJobOutcome and checkInterval sub-options. [FLOWPLUGIN-7068]

    • Updated Deploy Application build summary with an extra link to CD application.

    • Fixed an error with "Publish Artifacts" failed a successfull build under certain conditions.

    • Fixed a bug when parameter "Stages to run" has been ignored and all stages were running.

    • Parameters label for Trigger release has been changed to be more concrete.

    • Documentation for "Publish Artifacts" and "Deploy Application" Post Build Actions has been improved and now has the list of supported cases.

CloudBees CD Jenkins plugin installation

The CI integrated experience requires version 1.1.16 of the CloudBees CD Jenkins plugin installed on your Jenkins master.

Prerequisites:

  • Jenkins master, version 2.190.3 or greater

  • These plugins installed on your Jenkins master.

    • Git plugin, version 4.1.0

    • Git client plugin, version 3.0.0

    • Token Macro plugin, version 2.10

      Follow these steps to install the CloudBees CD Jenkins plugin onto your Jenkins master.

      1. If installed, uninstall the CloudBees CD Jenkins plugin on your Jenkins Master, then exit and restart Jenkins.

      2. From the link: CloudBees CD Jenkins plugin download page, download version 1.1.16.

      3. In the Jenkins Master, navigate to Manage Plugins > Advanced > Upload Plugin to initiate uploading the HPI file from the previous step.

      4. Exit and restart Jenkins.

Retired plugins

  • EC-Report

  • EC-ReportEngine

Updated plugins

The following is a list of key changes made to existing plugins. For a complete list see bundled plugins.

EC-ServiceNow Provides ability to optionally pass ServiceNow display values in addition to ServiceNow system identifiers.

CloudBees CD Plugin

This plugin is now fully Jenkins pipeline compatible with the addition of ability to publish artifacts and create and deploy applications from deployment package post-build actions. It is available in both Jenkins LTS and CloudBees Core.

EC-Bamboo

Enhanced CollectReportingData procedure to gracefully handle datetime in a non UTC timezone.

EC-Jenkins

  • This plugin is enhanced to surface more detailed build information for Jenkins Pipelines and creates new HTML Reports.

  • Deprecated usage of depth parameter in API calls. [FLOWPLUGIN-8260]

EC-Jira

Added error-resistant handling of PEM RSA private key: base64 body validation, beginning and end markers, number of pads.

EC-Helm

This plugin supports both Helm 2.0 and Helm 3.0 and OpenShift as well as Kubernetes deployments. Documentation for this plugin provides instructions for how this plugin can be used, for example, to spin up CloudBees Core in GCP.

EC-PluginManager

Fixes to access the plugin catalog through HTTPS.

EC-SonarQube

Support for HTTP Proxy has been added. Customers who use HTTP proxy can specify proxy information (host, port and credentials at the configuration level) and all procedures will use the proxy as second credentials for authentication.

Flow Plugin Development Framework (flowPDF)

Enhanced to provide support for developing flow plugins using Groovy. The new libraries for Groovy as well as detailed tutorials for many sample Groovy-based plugins are documented in the Flow Plugin Developer Guide.

Feature enhancements

CEV-24078

The Application Deployments list can now be sorted by clicking the column headers.

CEV-23151

The Resource page, previously available only via the Automated Platform UI, is now available from the Deploy UI.

CEV-21659

Added DSL editor and DSL export actions now available on Personas lists.

New platform support

This section lists new platform support. For the current list of supported platforms, consult Supported platforms for CloudBees CD

Server support

Red Hat Enterprise Linux 8 (64-bit). [NMB-28605]

Agent support

  • Red Hat Enterprise Linux 8 (64-bit). [NMB-28605]

  • MacOS Catalina. [NMB-28785]

  • Windows Server 2019. [NMB-28960]

CloudBees CD on Kubernetes

  • Amazon Elastic Kubernetes Service (Amazon EKS):

    • 1.13.10

    • 1.14.7

    • 1.15.10

  • Google Kubernetes Engine (GKE):

    • 1.13.x

    • 1.14.x

    • 1.15.x

Database support

Support for Oracle 12c has been retired.

Browser support

No changes.

Resolved issues

CEV-22185

Issue resolved with pipeline workspaces disappearing in some circumstances.

CEV-22960

A catalog item based on a procedure with a credential as a required parameter can now be launched.

CEV-23176

Pipeline task now shows the progress of sub-pipeline.

CEV-23199

Resolved an issue where LDAP users were placed into a persona but not showing up in the persona editor.

CEV-23224

Assigning ANYONE to a manual task now skips group checking and permission checking within groups.

CEV-23314

Enhanced the generateDslToDirectory procedure in the EC-DslDeploy plugin to be able to generate ACLs for objects in a different file.

CEV-23357

Update of pipelines via DSL now preserves the order of tasks in the stage.

CEV-23712

Slow response on the Pipeline Run list page due to getPipelineRuntimes,getPipelineRuntimeDetails, and getPipelineStageRuntimeTasks commands clogging API threads.

CEV-23713

Fixed an issue where, in some circumstances, the job details page of a deployer task inside a release pipeline appeared blank.

CEV-23902

Pipeline schedules created in the CloudBees CD UI were corrupted when modified in project schedules tab in Platform UI.

CEV-23960

Resolved a problem where the sign-in page went into infinite redirect after upgrade from 9.1 to 9.2.

CEV-23972

Fixed issue when updating an existing pipeline via the DSL editor caused a spurious InvalidResourceName exception if resourceName='' (resourceName as an empty string) was specified.

CEV-23989

Fixed an issue where setting the approver via property and selecting the JavaScript Format checkbox from the UI for a manual task inserts invalid javascript syntax resulting in an invalid approver name. As a result, the task could not be approved.

CEV-24049

Fixed an issue when a pipeline, copied from project A to project B with waitForTriggeredPipelines configured, had dependentProjectName set to project A instead of project B.

CEV-24142

When an application process was run from a snapshot, parameters were grayed out after selecting Select None in Last Run.

CEV-24283

getProcesses --applicationEntityRevisionId returned all processes in an application when the Deny Read permission on the process was set via UserGroup. It worked when Deny Read permission on the process is set directly on the user.

CEV-24378

Incorrect line in GroovyAPI docs under ActualParameter example code has been corrected

CEV-24420

Problem with opening the service account page has been corrected.

CEV-24462

Fixed problems when a tier map is deleted while an active pipeline still depends on that tier map.

CEV-24556, CEV-25111

CloudBees CD manual task instruction with multiple lines is sent as a single line in the email notification.

CEV-24613

Workspace defined in Application/Component process step ccould not be unselected.

CEV-24863

After being redirected to Pipeline Execution from a Service Catalog, the action menu was not working.

CEV-24955

Error corrected when running procedures with credential parameter in releases and pipelines entry gates.

CEV-24985

The UI hung when certain names were used in K8s cluster configuration.

CEV-24986

DSL option for User and Group ACL pages

CEV-24987

DSL export is now available as an action on Resources or Resource Pools lists.

CEV-25084

java.lang.IllegalArgumentException: could not resolve property: pipelineCurrentStage when filtering a pipeline run by current stage.

NMB-26237

LDAP users did not show up local group assignments. Group details page allows adding LDAP users with both userPrincipalName and sAMAccountName causing confusion in ACL assigments. It now allows only the User Name Attribute format as in the registered AD.

NMB-27137

Fixed issue where, upon update, the database collation is switched from utf8_unicode_ci to utf8_general_ci, which causes the error

NMB-28189

Font not found while running ec-report on EC-ReportEngine-1.0.0.135287.

NMB-28462

A memory leak can arise when the job details page gets invoked. This issue is tied to a Java 8 limitation with Garbage Collection that is repaired with the use of Java 11.

NMB-28879

Provide a REST API endpoint where gates is optional so that manual task in pipeline stage (not in a gate) can be completed via the endpoint.

NMB-28908

Indentation for CloudBees CD Helm template generated files indention corrected.

NMB-28958

Project name starting with / (slash character) are no longer allowed.

NMB-29044

In some circumstances, after importing correct CloudBees CD license, all APIs were failing with A Server license for CloudBees Flow is required message.

NMB-29102

Password no longer is displayed as clear text in logs or console output.

NMB-29107

If CloudBees CD cluster nodes had near zero low time offset (0.3 millis), getJobDetails of jobs with very fast steps failed with the message java.lang.IllegalArgumentException: durationMillis must not be negative.

NMB-29108

Unlimited concurrent users shown when license contains only registered users.

NMB-29114

Description of properties were not exported to DSL code.

NMB-29210

An issue that caused the CPU usage to spike between CloudBees CD Server clustered nodes has been resolved.

NMB-29224

Render Condition field now supports up to 4000 characters.

NMB-29300

A URL redirect security vulnerability has been addressed.

NMB-29365

Problem fixed where runProcedure intermittently threw a javax.persistence.OptimisticLockException exception. to be logged.

Behavior changes

CEV-23976

New precautions are in place to prevent the Everyone group from being deleted. For more details about the Everyone group and access control, see Configuring access control

Installation notes

For complete installation and upgrade information, see CloudBees CD installation guide.

Upgrading your CloudBees CD environment

IMPORTANT: Before starting an upgrade, make sure to back up your existing CloudBees CD data.

Upgradable versions

Upgrades to CloudBees CD 10.x are supported only from ElectricCommander 5.0 or any version before 9.0. Upgrades to version 10.x from version 4.2 or earlier are not supported. For upgrade instructions, see Upgrade on traditional platforms.

Upgrading an older DevOps Insight version

Upgrading from a CloudBees CD version 9.0.x , or earlier, requires upgrading the DevOps Insight server to 10.0. If upgrading from CloudBees CD version 9.1, then upgrading version 9.1 the DevOps Insight server is not required.

Updating elements containing applicationServiceMapping [CEV-16237 and CEV-16158]

If your XML export file from CloudBees CD 8.0.1 or earlier versions has elements containing applicationServiceMapping, you must change all instances of that string in the file to serviceClusterMapping before importing the file into version 10.0. For example, change the following XML:

<applicationServiceMapping>
  <applicationServiceMappingId>9efcda31-a85f-11e7-8500-0800279f198d</applicationServiceMappingId>
  <applicationServiceMappingName>9efcda31-a85f-11e7-8500-0800279f198d</applicationServiceMappingName>
  …
</applicationServiceMapping>

to

<serviceClusterMapping>
  <serviceClusterMappingId>9efcda31-a85f-11e7-8500-0800279f198d</serviceClusterMappingId>
  <serviceClusterMappingName>9efcda31-a85f-11e7-8500-0800279f198d</serviceClusterMappingName>
  …
</serviceClusterMapping>
Backing up and restoring custom settings

The DevOps Insight installer overwrites the elasticsearch.yml configuration file with a new file. As of DevOps Insight version 8.3, the file includes a Custom Settings section, which lets you add Elasticsearch settings not managed by the DevOps Insight server without being lost during an upgrade. If you added settings to this file in version 8.2 or earlier that you want to preserve, you must back up the file to a separate location before upgrading to version {product-version-9-2} or newer versions and then add the settings to the Custom Settings section after the upgrade. During future upgrades, the installer will preserve the settings in the Custom Settings section. [NMB-25850]

Updating the MySQL configuration before upgrading

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to use the following two lines in their MySQL configuration:

init_connect='SET collation_connection = utf8_unicode_ci, NAMES utf8'
skip-character-set-client-handshake

Before upgrading CloudBees CD, you must remove these lines or comment them out. Otherwise, jobs will not start.

Ensuring the correct default MySQL default collation

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to ensure that the default collation for their database schema is set to utf8_unicode_ci or utf8_general_ci and that no table in their schema overrides this. As of release 9.0, the CloudBees CD server checks this configuration on startup and logs errors in the server log if it is not set correctly.

If the collation is not configured correctly, then entering non-ASCII text into CloudBees CD might cause errors. For example, setting a release name to a non-ASCII value and attempting a search causes an exception.

If your MySQL database schema or any tables in it are set to a non-UTF-8 collation order, see Knowledge Base article KBEC-00385 - Converting a MySQL Database From Latin-1 to UTF-8 for detailed instructions about safely converting your schema to UTF-8. [NMB-26521, NMB_27459]

Upgrading agents that run the ec-groovy job step in multizone deployments

In multizone CloudBees CD deployments, CloudBees CD agents that are in a different zone than the CloudBees CD server must be upgraded to version 9.0 or later for the ec-groovy job step to run successfully on those agents. You must also upgrade the gateway agents that lead back to the server’s zone including those in any zones in between the agent’s zone and the server’s zone. [NMB-27490]

For details about multiple zones and gateway agents, refer to Zones and gateways.

Removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations

CloudBees recommends removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations for all components. [NMB-27934, NMB-29326]

  1. Upgrade agents older that fall into this category for security reasons:

    • Windows, Linux: 6.0.3 or older; 6.2 or older

    • Mac OS: 8.4 or older

  2. If this warning appears on the Automation Platform UI:

    Note: We recommend removing `SSL 2.0 Client Hello` format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.

    then enter the following command on the CloudBees CD server:

    $ ecconfigure --serverTLSEnabledProtocol=TLSv1.2
Upgrading the DevOps Insight server

This section provides information about upgrading the DevOps Insight server from Version 7.3 to Version 10.0.

Re-Specifying configuration settings

The installers (GUI, interactive console, and silent mode) for the DevOps Insight server do not preserve the configuration setting for the DevOps Insight server host name ( --hostName ) or the setting for the Elasticsearch number of shards ( --elasticsearchNumberOfShards ) during the upgrade from 7.3 to 9.2. If you specified nondefault values during the 7.3 Reporting server installation, you must re-specify these settings during the upgrade. (All other settings are preserved.)

DevOps Insight server configuration notes

For a production environment, CloudBees recommends that you install the DevOps Insight server on a system other than systems running other CloudBees CD components (such as the CloudBees CD server, web server, repository server, or agent). If you must install it on the same system (such as for testing or other non-production or trial-basis situations) see DevOps Insight server with other components for details.

Configuration notes

Performing a full import

During a full import, the import operation might hang in the following scenarios. To import successfully into CloudBees CD 8.0 and newer versions, perform the appropriate workarounds [CEV-15447, CEV-11873]:

  • A manual process step in a process has formal parameters. The workaround is to remove the entry related to the property sheet for the job step that is associated with the manual process step.

  • In the exported XML file from the earlier release, two pipelines are in different projects, and both pipelines have no gate tasks. The flow associated with the pipeline is duplicated under both projects. The workaround is to remove the flow element under the projects.

Updating application component plugins

Application components are based on plugins (EC-Artifact, EC-Maven and EC-FileSysRepo) with plugin details (such as name, procedure, and parameters) stored in properties on the component. Before version 5.4, the value for the pluginProjectName property included the plugin name and version (for example, EC-Artifact-1.0.3.4), which closely tied components to specific versions.

When you export your project data before upgrading from ElectricCommander 5.0, 5.1, 5.2, or 5.3 to CloudBees CD 8.x, or later, you must update the application component plugin versions in the export file to the versions on the target CloudBees CD server before importing the data to CloudBees CD 10.0.

For example, if the promoted EC-Artifact plugin version is 1.0.4.1, then in the snippet below, you would change EC-Artifact-1.0.3.4 to EC-Artifact-1.0.4.1:

<property>
  <propertyId>3f509ffd-506b-11e6-9960-f01faf2c26a3</propertyId>
  <propertyName>pluginProjectName</propertyName>
  <counter>0</counter>
  <createTime>2016-07-23T00:20:20.829Z</createTime>
  <expandable>1</expandable>
  <lastModifiedBy>admin</lastModifiedBy>
  <modifyTime>2016-07-23T00:20:20.829Z</modifyTime>
  <owner>admin</owner>
  <tracked>1</tracked>
  <value>EC-Artifact-1.0.3.4</value>
  </property>
<property>

Starting with release 5.4, CloudBees CD uses the plugin key (which does not include the version) when defining a component. [CEV-6679]

Limitations

When an application is cloned from one project (the original project) to another (the destination project), the tier maps for the application will point to the environments with the same names in the destination project. To deploy the application to the environments in the original project, you must create tier maps connecting the application to those environments.

Known issues

NMB-21550

Some antivirus software might flag parl.exe and delete it, which causes the installation to fail. The workaround is to register this file in the acceptlist of the antivirus.

NMB-24949

When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error.

NMB-26021

Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool ) until the CloudBees CD server is restarted.

NMB-26962

(Windows platforms only) If the Elasticsearch cluster which is used by DevOps Insight is in the red state (in Elasticsearch this means that it only partly functions and some data is unavailable) then upgrade reconfigure or uninstall operations will not work. Because the Elasticsearch service can not be stopped when a cluster is in red state kill the Elasticsearch service process by the task manager before running the installer for these actions.

NMB-28135

The Microsoft Edge browser does not work with SAML 2.0 and a self-signed certificate during redirection from the identity provider to the service provider. Edge is not recommended for login via SAML 2.0.

NMB-28380

Can’t ignore server mismatch and override passkey from Database Configuration page.

NMB-28381

The ec-groovy command line utility fails when invoking createArtifactVersion with error This server cannot handle version <x> messages.

NMB-29391

The warning, WARNING: An illegal reflective access operation has occurred is logged by Java 11 for the cglib library.

NMB-29486

The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. See KBEC-00452 - Error installing CloudBees CD 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.

CEV-11106

When an application with snapshots created in CloudBees CD 6.1 or earlier is cloned and a project containing this application is imported to CloudBees CD 6.3 or higher the import operation fails.

CEV-12363

Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missed configuration.

CEV-12429

The stage inclusion status in the Release Dashboard changes color after a stage is renamed.

CEV-14689

No error prompt appears for failed tasks and retry tasks during a pipeline runtime.

CEV-15122

If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter) then the step is not retried even if it uses "retry on error" error handling. The job eventually completes with an error.

CEV-15829

The retry count for group tasks or rules using "automated retry on error" is missing from the Pipeline runtime page.

CEV-16245

Multiple mapped environments with the same name from different projects are not supported in email notifications.

CEV-16250

A project import might not include the path-to-production view.

CEV-16930

Jobs might not appear upon drill-down into the "Clusters With Most Deployments" widget in the DevOps Insight Microservices Dashboard if the service does not contain a deploy step in the process.

CEV-17164

When you do a full import from version 8.0 to version 8.2 or newer and two or more releases have the same name (under different projects) and are associated to the same pipeline then after import the runs for all releases might become associated to the first imported release. This is because CloudBees CD cannot differentiate runs between the releases since all runs are under the same pipeline project and have the same name. To work around this issue rename releases in the export file so that all their occurrences (in deploymentHistoryItem flowRuntime and so on) are unique.

CEV-18531

All subreleases of a release must appear before the release in the DSL for the release-to-subrelease link to be created.

CEV-19239 CEV-19259

The ability to search by assignee in a Deployment Report is not available in the DevOps Insight report editor.

CEV-21426

If Release Command Center was setup for JIRA for user-stories and defects and the JIRA project name was mapped to the release project name using the following field mapping: ` projectName:releaseProjectName` then before upgrading to 10.0 the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD":releaseProjectName

CEV-22379

Long custom labels in email notifications do not render correctly.

CEV-23624

Approval by email on manual tasks should not expect parameters.

CEV-22644

Navigation to a sub-release editor takes user to the parent release editor. As a workaround, select the subrelease from the left-hand navigation in the parent’s release editor.

CEV-23957

When you use the Deploy UI to edit a resource pool and add a tag while renaming it at the same time, the operation fails with the following error: Resource pool 'oldPoolName' does not exist . To work around this issue, rename the resource pool, then save the change, and then add the tag to the resource pool.

CEV-23958

Running an application process with a parallel manual application process step or running an application process with a parallel manual application and component process steps fails to delete the project.

CEV-23960

If you are signed in to the Deploy UI and upgrade to CloudBees CD 10.0, the version 10.0 sign-in page for the Automation Platform UI goes into an infinite redirect. This is because the version 10.0 Automation Platform UI thinks that your sign-in session expired even though it is active. To work around this issue, do one of the following:

  • Before upgrading, sign out from the Deploy UI and the Automation Platform UI.

  • After upgrading, sign out from the Deploy UI and then sign in.

  • After upgrading, clean your browser cache and cookies to kill the pre-upgrade sign-in session.

As documented at KBEC-00443 - Login page goes to infinite redirect after upgrading Flow to 10.0

CEV-24712

Attempt to delete a project containing a CIBuildDetails object (injected by Jenkins LTS or CloudBees CI) results in the error: The DELETE statement conflicted with the REFERENCE constraint.

CEV-24710

Users will not be able to delete a project if there are Jenkins builds associated with this project that are references in releases not in the project.

CEV-24617

Attempt to delete a build from a pipeline run via buildname and flowRuntimeId results in the error deleted object would be re-saved by cascade.

CEV-25150

If you use the ectool export to export your system configuration from a previous release and then use ectool import to import the same configuration to a CloudBees CD 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona based menu items, may be missing in the CD server UI. It is recommended to use ectool export and ectool import only between servers at the same version.

N/A

You can revert changes only for high-level design objects such as applications procedures procedure steps workflow definitions and state definitions.

Restarting the CloudBees CD server while new records are created for all tracked objects might take at least as long as an export or import of all projects (10 to 40 minutes for a large project).

N/A

Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD and LDAP servers the depth of group hierarchy in the LDAP server and the network latency between the servers. Make sure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.

N/A

System performance might decrease if you disable change tracking at the server level and then re-enable it. (Change tracking is enabled by default.) For details about using change tracking see change tracking.