CloudBees CD/RO v2023.06.0
CloudBees is pleased to announce the v2023.06.0 long-term support (LTS) release of CloudBees CD/RO. With this release, CloudBees added several new features and system improvements, including:
If you do not use CloudBees CI controllers in dashboards, the following issue does not affect normal CloudBees CD/RO operation. In 2023.06.0, an issue [BEE-35885] was introduced that causes newly configured CloudBees CI controllers to fail to register and display within dashboards. This issue also applies to new manually configured CloudBees CI controllers. There is no known workaround for this issue. v2023.06.1, released July 10, 2023, resolves this issue. If you use CloudBees CI controllers in dashboards, or may in the future, you are encouraged to upgrade from v2023.06.0 to v2023.06.1. You may also skip v2023.06.0, and upgrade directly to v2023.06.1. |
-
The Pipeline editor features and UI have been upgraded. For more information, refer to New features.
-
CloudBees Accessibility Conformance Report has been updated. For more information, refer to New features.
-
Downscaling requirements when upgrading CloudBees CD/RO on Kubernetes are no longer required. For more information, refer to Enhancements.
-
For CloudBees CD/RO on Kubernetes, the ZooKeeper configuration has been improved to help reduce deployment times. For more information, refer to New features.
-
CloudBees CD/RO bundled database version update. For more information, refer to New features.
-
The Elasticsearch engine included with CloudBees Analytics was updated. For more information, refer to New features.
-
Updated CloudBees CD/RO Kubernetes agent third-party tools. For more information, refer to New features.
-
Plugin Development Kit (PDK) version update. For more information, refer to PDK enhancements.
Security fixes
- This release includes the following security updates to address potential vulnerabilities:
-
Apache Server HTTP (httpd) has been updated to v2.4.57. For changes in v2.4.57, refer to the Apache httpd v2.4.57 release notes.
-
PHP has been updated to version 8.1.18. For changes in v8.1.18, refer to the PHP 8 ChangeLog.
New features
- Pipeline editor UI enhancements
-
In this release, we’ve improved the user interface (UI) of the pipeline editor with the following updates:
-
Drag and Drop: You can now easily move task stages and gates by dragging and dropping them within the editor.
-
Quick Object Creation: We’ve added the ability to create new procedures, application pipelines, or release objects directly from the pipeline editor.
-
New Task Icons: We’ve introduced new icons for task features, such as adding a task and copying a task, to enhance visual clarity.
For more information refer to, Pipeline UI.
-
- Update to the CloudBees Accessibility Conformance Report
-
An updated version of the CloudBees Accessibility Conformance Report was published that provides information about the accessibility features for CloudBees CD/RO v2023.06. This report is based on the VPAT® (Voluntary Product Accessibility Template) Version 2.4Rev, the WCAG (Web Content Accessibility Guidelines) 2.0 Levels A and AA, Section 508, EN 301 549.
For more information, refer to Accessibility.
- Kubernetes Zookeeper deployments improved
-
The ZooKeeper Helm charts have been updated to publish to DNS records even if pods are not ready to help speed up startup and complete discovery before other pods are probed as
Ready
.To implement this feature, upgrade to v2023.06.0 or use the manual configuration instructions found in How to reduce ZooKeeper startup time in cluster mode.
- Bundled MariaDB updated
-
CloudBees CD/RO includes a bundled MariaDB, which has been updated in v2023.06.0 to v10.11.2.
For CloudBees CD/RO on Kubernetes, v2023.06.0 Helm charts have also been updated to include the new version by default.
- CloudBees Analytics Elasticsearch updated
-
CloudBees Analytics includes a bundled Elasticsearch engine, which has been updated in v2023.06.0 to 7.17.10. For more information on migrating your CloudBees Analytics integration, refer to Upgrade the CloudBees Analytics server.
- Updated CloudBees CD/RO Kubernetes agent third-party tools
-
The following CloudBees CD/RO agent third-party tools have been updated in this release:
-
helm v3.11.2 → v3.11.3
-
kubectl v1.26.3 → v1.27.1
-
kubectl-argo-rollouts 1.4.0 → 1.4.1
There are compatibility issues the distributors of these tools have raised that you should review previous to installing the updated agent image. For more information, refer to Configure agent third-party tools.
-
Feature enhancements
- Downscaling requirements during Kubernetes upgrade
-
Starting with CloudBees CD/RO v2023.06.0, scaling down the
flow-server
,flow-web
,flow-repository
components to one replica is no longer mandatory during upgrades. This is now optional. For additional details, refer to Upgrading your CloudBees CD/RO servers.
- Proxy support for email servers
-
Proxy support for email servers was added in ecconfigure and the CloudBees CD/RO installer.
- Default options added for application process
-
For application process options Smart Deploy, Check Dependencies, and Staging artifacts you can now set default options. By default, Smart Deploy is set to
true
, and Check Dependencies and Staging artifacts are set tofalse
.
Plugin enhancements
- CloudBees CD/RO plugins catalog
-
The CloudBees CD/RO plugins catalog is available on the CloudBees CD/RO documentation site.
For more information about plugin support and versioning, refer to Plugin Concepts.
- Plugin updates
AnsibleTower 1.1.6 |
Updated jackson-databind to 2.15.0-rc1. |
||
AzureCLI |
Added support for creating CloudBees CD/RO Resource Templates based on Azure CLI. To create Resource Templates based on Azure CLI, in the CloudBees CD/RO main menu, navigate to , and then select Cloud Provider and Azure CLI. |
||
EC-DslDeploy 4.2.0 |
|
||
EC-ESX 2.3.7 |
Removed from catalog. |
||
EC-FlowLogCollector 1.2.0 |
Added the Result property field to the Gather Logs procedure. |
||
EC-GCP-ComputeEngine |
Added Labels field for Create Image procedure. |
||
Git 1.12.3 |
|
||
Helm 1.7.1 |
|
||
EC-Nexus 2.2.0 |
|
||
EC-Rest 2.4.0 |
|
||
EC-Selenium |
Removed from catalog. |
||
EC-SQLServer |
Removed from catalog. |
||
EC-Splunk |
|
||
EC-Tomcat |
Added a Health check timeout parameter to the StartApp and StartServer procedures. |
||
Trigger-Property 2.0.0 |
Upgraded from Perl 5.8 to Perl 5.32. The plugin is not backward compatibility with releases prior CloudBees CD/RO 10.3. Starting with this release, a new agent is required to run the plugin procedures. |
When upgrading from plugins that have been migrated to PDK, you must migrate your existing plugin configurations. You can use the Migrate configurations procedure from the Service catalog to migrate your existing plugin configurations. |
- Plugin Development Kit enhancements
-
Download current PDK bundle: v3.8.3
This version includes the following updates:
-
The PDK REST-client has been updated to support uploading and downloading large files.
-
Fixed issue with generating rest plugin with anonymous authentication schema produced error
configuration parameter 'authScheme' should be present in the configuration
[BEE-20659]. -
Fixed issue where PDK Check connection ignored SSL regardless of selected value [BEE-27202].
-
New platform support
This section lists new platform support.
None.
On June 29, 2023, CloudBees CD/RO v10.6.x will reach EOL. For more information, refer to CloudBees maintenance lifecycle policies. CloudBees recommends upgrading to the newest CloudBees CD/RO release to maintain support. |
Refer to the following topics for a list of officially supported platforms for CloudBees CD/RO:
Resolved issues
BEE-32649 |
Fixed CloudBees Software Delivery Automation server database collision. This issue has been fixed in CloudBees CD/RO v2023.06.0. As a workaround for earlier versions, remove the affected record from the database and leave only one configuration.
|
||
BEE-34091 |
Fixed issue when a trigger was configured with a quiet time of
|
||
BEE-32374 |
In some ZooKeeper deployments, there were issues with delayed service discovery because of multiple pod restarts and the default orderly startup nature. Starting with v2023.06.0, the ZooKeeper Helm chart includes a To implement this fix, upgrade to v2023.06.0 or use the manual configuration instructions found in How to reduce ZooKeeper startup time in cluster mode. |
||
BEE-7440 |
When runtime objects are created, ACLs definitions are propagated to enable filtering based on user permissions. |
||
BEE-20205 |
If an unknown branch name was passed as a property reference, and could not be retrieved from CloudBees CI build parameters, CloudBees CI job tasks would fail during runtime because the |
||
BEE-29770 |
When creating a task and selecting a plugin configuration, only the first 50 plugin configurations were shown. This issue is now fixed and all plugin configuration should be visible [SECO-2592]. |
||
BEE-30951 |
Fixed issue when CloudBees CI builds running from group tasks in parallel would fail because one task runtime in the group fails, and all other tasks runtimes and their jobs in the same group would forcibly abort. The job started by the CloudBees CI procedure was forcibly aborted by the Abort CI Build step, the The force abort logic for An abort logic for |
||
BEE-30980 |
When creating an SSO SAML Service Provider and adding a Web Service URL, if the URL ended in a This issue has been fixed, and URLs are resolved as needed when including a trailing |
||
BEE-31027 |
In CloudBees CD/RO, when a running pipeline was restarted with an active CloudBees CI job, there was no input request icon shown for the CloudBees CI job was waiting for input. This behavior is now fixed, and the waiting for input icon is present for all corresponding CloudBees CI build details associated with pipeline run. |
||
BEE-31285 |
Fixed issue where tasks within a parallel group were unable to run if a previous task within the group had a |
||
BEE-32713 |
Previously, the waiting for input icon was shown only for latest CloudBees CI build detail. With this fix the waiting for input icon is shown for all corresponding CloudBees CI build details associated with a pipeline run. |
||
BEE-32059 |
When generating dashboards with columns in YAML, the Eval DSL procedure was unable to validate the configuration. This issue has been fixed, and YAML-generated dashboards with columns can now be validated using Eval DSL. |
||
BEE-32288 |
When a pipeline is restarted in a preceding stage, a manual task configured with the Always run option enabled was not aborted as expected and may still attempt to or actually run. This behavior has been refactored to abort manual tasks configured with the Always run option enabled if the pipeline is restarted in preceding stage. |
||
BEE-34210 |
In grouped parallel tasks, if the first task configuration resulted in |
Installation notes
For complete installation and upgrade information, refer to CloudBees CD/RO on Kubernetes and Install CloudBees CD/RO on traditional platforms.
CloudBees deprecated the CloudBees CD/RO ec-jruby and ec-jython wrapper programs with v10.11. The wrapper programs are no longer installed as part of CloudBees CD/RO tools.
|
CloudBees CD/RO server installation binaries are signed for traditional installations so that you can verify their origin and authenticity. Verifying binaries is an optional step in the installation process that can help prevent a man-in-the-middle attack. For more information, refer to Verify installation binaries.
- CloudBees CD/RO on Kubernetes
CloudBees CD/RO server and agent Helm chart values are publicly available and provide the CloudBees default installation values. The CloudBees CD/RO images.tag
value associated with v2023.06.0 is 2023.06.0.164409_3.2.44_20230601
.
CloudBees CD/RO Docker images and Helm charts are signed so that you can verify their origin and authenticity. Verifying Docker tags and Helm charts is an optional step in the installation process that can prevent a man-in-the-middle attack. For more information, refer to Verify Docker images and Verify Helm charts.
- Updated Helm charts
Updated Helm charts are available for CloudBees CD/RO v2023.06.0.
Name | Chart version | App version | Description |
---|---|---|---|
cloudbees/cloudbees-flow |
2.25.0 |
2023.06.164409 |
A Helm chart for CloudBees Flow |
cloudbees/cloudbees-flow-agent |
2.25.0 |
2023.06.164409 |
A Helm chart for CloudBees Flow Agent |
- CloudBees CD/RO Universal Base Image (UBI)
The actual UBI associated with v2023.06.0 is 9.1.0-1829
.
- Upgrading gateway agents
-
All gateway agents that meet the following criteria must be updated to CloudBees CD/RO v10.2+:
-
Your enterprise implements a multi-zone environment.
-
Agent versions are a combination of pre-v10.2 and v10.2+.
-
The access route to a v10.2+ agent is configured through a pre-v10.2 gateway agent.
-
- Configuring autostart services for Linux installations
-
Linux installations that you perform as a non-root user or without
sudo
permissions cannot automatically start the CloudBees CD/RO server, web server, repository server, or agents. Instead, you must set up the service autostart after installation is complete. Refer to Configure autostart for non-root/non-sudo Linux installations to learn more.
- Upgrading your CloudBees CD/RO environment
-
Before starting an upgrade, make sure to back up your existing CloudBees CD/RO data. - Upgradable versions
-
Upgrades to CloudBees CD/RO 10.x are supported only from ElectricCommander 5.0. For upgrade instructions, refer to the Upgrade on traditional platforms.
- Updating the MySQL configuration before upgrading
-
Since release 8.0.1, CloudBees has instructed customers using a MySQL database to add the following two lines to their MySQL configuration:
init_connect='SET collation_connection = utf8_unicode_ci, NAMES utf8' skip-character-set-client-handshake
Before upgrading CloudBees CD/RO, you must remove these lines or comment them out. Otherwise, jobs will not start.
- Ensuring the correct default MySQL default collation
-
Make sure that the default collation for the MySQL database schema is set to
utf8_unicode_ci
orutf8_general_ci
and that no table in the schema overrides this setting. The CloudBees CD/RO server checks this configuration on startup and logs errors in the server log if it is not set correctly.If the collation is not configured correctly, entering non-ASCII text into CloudBees CD/RO can cause errors. For example, setting a release name to a non-ASCII value, and attempting a search, causes an exception.
If your MySQL database schema, or any tables within, are set to a non-UTF-8 collation order, refer to the Knowledge Base article KBEC-00385 - Converting a MySQL Database From Latin-1 to UTF-8 for detailed instructions about safely converting your schema to UTF-8. [NMB-26521, NMB-27459]
- Upgrading agents that run the
ec-groovy
job step in multizone deployments -
In multizone CloudBees CD/RO deployments, CloudBees CD/RO agents that are in a different zone than the CloudBees CD/RO server must be upgraded to version 9.0 or later for the
ec-groovy
job step to run successfully on those agents. You must also upgrade the gateway agents that lead back to the server’s zone, including those in any zones in between the agent’s zone and the server’s zone. [NMB-27490]For details about multiple zones and gateway agents, refer to Zones and gateways.
- Removing the
SSL 2.0 Client Hello
orSSLv2Hello
protocol from your security configurations -
CloudBees recommends removing the
SSL 2.0 Client Hello
orSSLv2Hello
protocol from your security configurations for all components. [NMB-27934, NMB-29326]-
Upgrade agents to the latest operating system version for security reasons.
-
If this warning appears on the Automation Platform UI:
Note: We recommend removing `SSL 2.0 Client Hello` format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.
then enter the following command on the CloudBees CD/RO server:
$ ecconfigure --serverTLSEnabledProtocol=TLSv1.2
-
- Upgrading the CloudBees Analytics server
-
This section provides information about upgrading the CloudBees Analytics server.
-
It is not possible to upgrade CloudBees Analytics v9.0.1 and below to CloudBees Analytics v10.2.0 and above. The installer exits with an error and an appropriate message when such an update is attempted. If you need to upgrade CloudBees Analytics v9.0.1 and below, you must first upgrade to a version between 9.1.0 and 10.1.0, or 9.0.2 and above. After that, you can upgrade CloudBees Analytics to v10.3.0 or higher. [NMB-31030]
-
For previous CloudBees Analytics upgrades from v9.0.1 and below: CloudBees Analytics data may contain obsolete indexes that are incompatible with CloudBees Analytics v10.2.0 and above. To work correctly, it is necessary to re-index these indexes before an upgrade. The installer prompts you to do this before upgrading.
-
In console mode and UI mode, the installer displays the following prompt if outdated indexes are detected:
One or more Elasticsearch indexes were created in an obsolete version of Elasticsearch. These indexes must be re-indexed for the upgrade to be successful. Do you want to start the reindexation? [n/Y]
After an affirmative answer, the installer automatically reindexes and continues the upgrade.
-
In silent mode, the installer reindexes automatically.
-
-
Backing up and restoring custom settings
The CloudBees Analytics installer overwrites the
elasticsearch.yml
configuration file with a new file. This file includes aCustom Settings
section, which lets you add Elasticsearch settings not managed by the CloudBees Analytics server without being lost during an upgrade. The installer preserves the settings in theCustom Settings
section. [NMB-25850] -
Upgrading CloudBees Analytics clusters
The principle of forming a cluster in CloudBees Analytics has changed in v10.2 due to the update of Elasticsearch v7.10.2. In this regard, an additional action is required to upgrade to CloudBees Analytics v10.2 or later:
When updating the first master node, you must explicitly specify that it is the first node to be updated. If this action is not performed, any cluster that is being updated is placed out of service.
All installers have been instrumented to accommodate this change. Refer to Upgrade the CloudBees Analytics server for more details. [BEE-2717]
-
CloudBees Analytics server configuration notes
For a production environment, CloudBees recommends that you install the CloudBees Analytics server on a system separate from systems running other CloudBees CD/RO components (such as the CloudBees CD/RO server, web server, repository server, or agent). If you must install it on the same system (such as for testing or other non-production or trial basis situations), refer to CloudBees Analytics server with other components for details.
If your CloudBees Analytics server is configured with multiple nodes in a Kubernetes environment, you must pre-generate your certificates. For more information, refer to Install CloudBees CD/RO within Kubernetes.
Configuration notes
- Performing a full import
-
During a full import, the import operation might hang in the following scenarios. To import successfully into CloudBees CD/RO 8.0 and newer versions, perform the appropriate workarounds [CEV-15447, CEV-11873]:
-
A manual process step in a process has formal parameters. The workaround is to remove the entry related to the property sheet for the job step that is associated with the manual process step.
-
In the exported XML file from an earlier release, two pipelines are in different projects, and both pipelines have no gate tasks. The flow associated with the pipeline is duplicated under both projects. The workaround is to remove the flow element under the projects.
-
- Limitations
-
When an application is cloned from one project (the original project) to another (the destination project), the tier maps for the application point to the environments with the same names in the destination project. To deploy the application to the environments in the original project, you must first create tier maps connecting the application to those environments.
Known issues
BEE-14581 |
The MeanLeadTime report does not work correctly when Elasticsearch has pipeline runs but no release runs. |
||
BEE-14933 |
The UI does not allow the transfer of artifacts across zones. |
||
BEE-17259 |
When a custom data retention policy schedule is set to run once, the data is not purged after archiving. To purge data after archiving, use a repeat schedule or the global data retention setting. |
||
BEE-20536 |
When using Postgres with change tracking enabled, EcAuditStrategy errors may appear in the server log. This is a known issue, but is not expected to affect system performance. |
||
BEE-27713 |
Events that originate from the default CloudBees CI create default configurations. URLs for these new controllers are not Jenkins configured URLs and cause 401 errors. |
||
BEE-28886 |
You may experience SSO sign-in issues when using Kerberos due to a Microsoft known issue. |
||
BEE-29494 |
When a process step that is not manual is modified to be manual after the process runs but before the associated job step evaluated, the step hangs and adds a |
||
BEE-30080 |
|
||
BEE-32234 |
The order that |
||
BEE-33629 |
When using As a workaround, you can run |
||
BEE-33695 |
The following
If you regenerate DSL from this imported DSL, it may contain unexpected errors. As a workaround, you can specifically specify error handling options within your DSL. |
||
BEE-33696 |
The As a workaround, you can specifically specify |
||
BEE-35136 |
On Windows agents, Export DSL fails to export objects that end in spaces. |
||
BEE-35668 |
Serial group tasks are not retried if the first manual group task fails after pipeline run was restarted. |
||
BEE-35885 |
In 2023.06.0, an issue was introduced that causes newly configured CloudBees CI controllers to fail to register and display within dashboards. This issue also applies to new manually configured CloudBees CI controllers. When debugging the controller log, the following error is returned:
There is no known workaround for this issue. A patch release is planned to address this issue. |
||
BEE-36804 |
The order that |
||
CDRO-257 |
When updating from v10.2 or earlier to v10.3 or later, your upgrade may fail and break database consistency if legacy services or containers exist in your system. Additionally, even if the upgrade completes successfully with legacy services or containers present, it may still be impossible to run the As a workaround, before upgrading from v10.2 and earlier, delete all legacy services and containers, and then perform the upgrade. When upgrading a clustered deployment of CloudBees CD/RO, before running the installer to upgrade, delete the contents inside the |
||
NMB-24734 |
|
||
NMB-24949 |
When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error: |
||
NMB-26021 |
Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or |
||
NMB-26962 |
(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions. |
||
NMB-28135 |
The Microsoft Edge browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Edge is not recommended for sign-in via SAML 2.0. |
||
NMB-29486 |
The LANG environment variable must be set to |
||
CEV-12363 |
Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration. |
||
CEV-12429 |
The stage inclusion status in the Release Dashboard changes color after a stage is renamed. |
||
CEV-15122 |
If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses "retry on error" error handling. The job eventually completes with an error. |
||
CEV-15829 |
The retry count for group tasks or rules using "automated retry on error" is missing from the Pipeline runtime page. |
||
CEV-16245 |
Multiple mapped environments with the same name from different projects are not supported in email notifications. |
||
CEV-16250 |
A project import might not include the path-to-production view. |
||
CEV-18531 |
All subreleases of a release must appear before the release in the DSL for the release-to-subrelease link to be created. |
||
CEV-19239 CEV-19259 |
The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor. |
||
CEV-21426 |
If Release Command Center was set up for JIRA for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping |
||
CEV-23624 |
Approval by email on manual tasks should not expect parameters. |
||
CEV-25150 |
If you use the |
||
CEV-26700 |
SSO does not work unless PHP configuration is changed due to a security-related request. Workaround: Change |
||
CEV-28704 |
CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them. |
||
CEV-28779 |
Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to |
||
N/A |
You can revert changes only for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.
|
||
N/A |
Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server and the network latency between the servers. Make sure that your directory provider can handle the additional load for supporting nested group hierarchy traversal. |
||
N/A |
System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking. |