CloudBees CD Installed Tools

39 minute read
Tool Name Description

A command-line tool used to manage the CloudBees CD Certificate Authority (CA) and the certificates configured in CloudBees CD Server and CloudBees CD Agent installations.

A command-line tool that can change configuration values for any locally installed CloudBees CD server, web, agent, or repository service. ecconfigure is a more user-friendly mechanism for configuring aspects of CloudBees CD that would otherwise require manual configuration file updates. ecconfigure actually manipulates relevant service configuration files on your behalf.

A "wrapper" program that can be used to start another program from a CloudBees CD job step—the "started" program will run as a daemon process. The CloudBees CD agent uses the facilities of the underlying operating system to make sure the process runs in a separate process group on a UNIX-based system, or outside of the normal "Windows Job" grouping in a Windows system. In either case, the CloudBees CD agent does not treat the process as one it should wait for or one it should try to "kill" if CloudBees CD needs to abort the step.

A driver script with built-in support for SSH. Every major operation can be overridden by defining a Perl function in the Proxy Customization field on the New Proxy Resource panel, available from the Resources page.

When CloudBees CD agents (on platforms other than Linux or Windows) run steps that create log files in a workspace the CloudBees CD web server cannot access (through Linux or Windows agents), use ecremotefilecopy to recreate job logs so they are visible on those CloudBees CD agents, which then enables the web server to retrieve and render those log files.

A command-line tool that imports your CloudBees CD database configuration information into your ZooKeeper server.

A command-line tool that displays information on the running CloudBees CD server cluster from ZooKeeper.

eccert

A command-line tool used to manage the CloudBees CD Certificate Authority (CA) and the certificates configured in CloudBees CD Server and CloudBees CD Agent installations.

Do not use eccert as sudo, which would change the ownership of the configuration files (such as the keystore file) to the root user. These files must be owned by the user who starts the CloudBees CD services.

Usage

eccert [ options ] command [ arg …​ ]

Commands

addTrustedServer crt

Add a server CA certificate to the agent’s keystore.

getCRL

Retrieve the contents of the current certificate revocation list.

initAgent [ --local | --remote ] [ options ]

Initialize the agent keystore with a new public/private key pair. Generates the agent certificate signing request. If run on the server host, the certificate will automatically be signed by the server CA, and the CA certificate and the signed agent certificate are installed in the agent’s keystore. If run on a non-server host, the signing request is left in the agent directory. If CA Cert is provided, the CA certificate is installed in the agent’s keystore.

--local

Use the local server CA to sign the agent certificate.

--remote

Connect to a remote CloudBees CD server to sign the agent certificate.

--force

Replace any existing keystore.

--cname name

Use the specified name as the common name (CN) in the agent certificate subject. This is normally the fully qualified domain name used by clients to connect to the agent.

--altNames entries

Use the specified list of entries (comma or space separated) as the subjectAlternateNames list in the agent certificate. Simple names are interpreted as dns entries. Entries may begin with "dns:" or "ip:" to indicate the type (for example, ` "ip:192.168.0.1"` or "dns:myHost" ). If no entries are specified, then reverse DNS is used to look up the registered names of the host’s IP addresses.

initCA

Initialize the server CA. Creates a new CA key and certificate.

initServer [ options ]

Initialize the server keystore. Creates and signs the server certificate. Installs the CA certificate and the signed server certificate into the server’s keystore.

--force

Replace any existing keystore.

--cname name

Use the specified name as the common name (CN) in the server certificate subject. This is normally the fully qualified domain name used by clients to connect to the server.

--altNames entries

Use the specified list of entries (comma or space separated) as the subjectAlternateNames list in the server certificate. Simple names are interpreted as dns entries. Entries may begin with "dns:" or "ip:" to indicate the type (for example, "ip:192.168.0.1" or "dns:myHost" ). If no entries are specified, then reverse DNS is used to look up the registered names of the host’s IP addresses.

list [ --agent | --server | --index [ --verbose ]

Display certificate information for agent and/or server keystores or the CA certificate index. If no options are specified, both the agent and server keystores are listed.

--agent

List the contents of the agent keystore.

--server

List the contents of the server keystore.

--index

List the contents of the CA issued certificates index.

--verbose

Display additional details.

refreshCRL