CloudBees CD Installed Tools

Tool Name Description

Tool Name	Description
eccert	A command-line tool used to manage the CloudBees CD Certificate Authority (CA) and the certificates configured in CloudBees CD Server and CloudBees CD Agent installations.
ecconfigure	A command-line tool that can change configuration values for any locally installed CloudBees CD server, web, agent, or repository service. `ecconfigure` is a more user-friendly mechanism for configuring aspects of CloudBees CD that would otherwise require manual configuration file updates. `ecconfigure` actually manipulates relevant service configuration files on your behalf.
ecdaemon	A "wrapper" program that can be used to start another program from a CloudBees CD job step—the "started" program will run as a daemon process. The CloudBees CD agent uses the facilities of the underlying operating system to make sure the process runs in a separate process group on a UNIX-based system, or outside of the normal "Windows Job" grouping in a Windows system. In either case, the CloudBees CD agent does not treat the process as one it should wait for or one it should try to "kill" if CloudBees CD needs to abort the step.
ecproxy	A driver script with built-in support for SSH. Every major operation can be overridden by defining a Perl function in the Proxy Customization field on the New Proxy Resource panel, available from the Resources page.
ecremotefilecopy	When CloudBees CD agents (on platforms other than Linux or Windows) run steps that create log files in a workspace the CloudBees CD web server cannot access (through Linux or Windows agents), use ecremotefilecopy to recreate job logs so they are visible on those CloudBees CD agents, which then enables the web server to retrieve and render those log files.
ZKConfigTool	A command-line tool that imports your CloudBees CD database configuration information into your ZooKeeper server.
ClusterInfoTool	A command-line tool that displays information on the running CloudBees CD server cluster from ZooKeeper.

A command-line tool used to manage the CloudBees CD Certificate Authority (CA) and the certificates configured in CloudBees CD Server and CloudBees CD Agent installations.

ecconfigure

A command-line tool that can change configuration values for any locally installed CloudBees CD server, web, agent, or repository service. ecconfigure is a more user-friendly mechanism for configuring aspects of CloudBees CD that would otherwise require manual configuration file updates. ecconfigure actually manipulates relevant service configuration files on your behalf.

ecdaemon

A "wrapper" program that can be used to start another program from a CloudBees CD job step—the "started" program will run as a daemon process. The CloudBees CD agent uses the facilities of the underlying operating system to make sure the process runs in a separate process group on a UNIX-based system, or outside of the normal "Windows Job" grouping in a Windows system. In either case, the CloudBees CD agent does not treat the process as one it should wait for or one it should try to "kill" if CloudBees CD needs to abort the step.

ecproxy

A driver script with built-in support for SSH. Every major operation can be overridden by defining a Perl function in the Proxy Customization field on the New Proxy Resource panel, available from the Resources page.

ecremotefilecopy

When CloudBees CD agents (on platforms other than Linux or Windows) run steps that create log files in a workspace the CloudBees CD web server cannot access (through Linux or Windows agents), use ecremotefilecopy to recreate job logs so they are visible on those CloudBees CD agents, which then enables the web server to retrieve and render those log files.

ZKConfigTool

A command-line tool that imports your CloudBees CD database configuration information into your ZooKeeper server.

ClusterInfoTool

A command-line tool that displays information on the running CloudBees CD server cluster from ZooKeeper.

eccert

A command-line tool used to manage the CloudBees CD Certificate Authority (CA) and the certificates configured in CloudBees CD Server and CloudBees CD Agent installations.

Do not use eccert as sudo, which would change the ownership of the configuration files (such as the keystore file) to the root user. These files must be owned by the user who starts the CloudBees CD services.

Usage

eccert [ options ] command [ arg … ]

Commands

addTrustedServer crt

Add a server CA certificate to the agent’s keystore.

getCRL

Retrieve the contents of the current certificate revocation list.

initAgent [ --local | --remote ] [ options ]

Initialize the agent keystore with a new public/private key pair. Generates the agent certificate signing request. If run on the server host, the certificate will automatically be signed by the server CA, and the CA certificate and the signed agent certificate are installed in the agent’s keystore. If run on a non-server host, the signing request is left in the agent directory. If CA Cert is provided, the CA certificate is installed in the agent’s keystore.

--local

Use the local server CA to sign the agent certificate.

--remote

Connect to a remote CloudBees CD server to sign the agent certificate.

--force

Replace any existing keystore.

--cname name

Use the specified name as the common name (CN) in the agent certificate subject. This is normally the fully qualified domain name used by clients to connect to the agent.

--altNames entries

Use the specified list of entries (comma or space separated) as the subjectAlternateNames list in the agent certificate. Simple names are interpreted as dns entries. Entries may begin with "dns:" or "ip:" to indicate the type (for example, ` "ip:192.168.0.1"` or "dns:myHost" ). If no entries are specified, then reverse DNS is used to look up the registered names of the host’s IP addresses.

initCA

Initialize the server CA. Creates a new CA key and certificate.

initServer [ options ]

Initialize the server keystore. Creates and signs the server certificate. Installs the CA certificate and the signed server certificate into the server’s keystore.

--force

Replace any existing keystore.

--cname name

Use the specified name as the common name (CN) in the server certificate subject. This is normally the fully qualified domain name used by clients to connect to the server.

--altNames entries

Use the specified list of entries (comma or space separated) as the subjectAlternateNames list in the server certificate. Simple names are interpreted as dns entries. Entries may begin with "dns:" or "ip:" to indicate the type (for example, "ip:192.168.0.1" or "dns:myHost" ). If no entries are specified, then reverse DNS is used to look up the registered names of the host’s IP addresses.

list [ --agent | --server | --index [ --verbose ]

Display certificate information for agent and/or server keystores or the CA certificate index. If no options are specified, both the agent and server keystores are listed.

--agent

List the contents of the agent keystore.

--server

List the contents of the server keystore.

--index

List the contents of the CA issued certificates index.

--verbose

Display additional details.

refreshCRL

Refresh the certificate revocation list from the CloudBees CD server.

revoke index

Revoke a previously issued certificate by index.

signCertificate csr crt

Sign the certificate signing request provided in file csr and write the signed result to the file crt. The request is rejected by the CA if there is a matching certificate already in the CA database.

updateAgentCertificate crt

Install a previously signed certificate crt into the agent’s keystore.

Server Communication Options

--server host

Address of the CloudBees CD server. Defaults to the value of the COMMANDER_SERVER environment variable. If that does not exist,it defaults to localhost.

--securePort port

HTTPS listener port on the server. Defaults to 8443.

Global Options

--help

Print the Help message.

--version

Print the version message.

Examples

Example 1: Configure an agent to talk to any server (untrusted mode)

This example generates a new self-signed certificate for the agent and recreates the keystore with no trusted authorities.

    $ eccert initAgent -force

    Generating keys
    Generating certificate request
        cname=<myAgent.example.com>
        san=<dns:myAgent.example.com>

Example 2: Configure an agent to accept connections only from a single remote CloudBees CD server

This example generates a new certificate for the agent that is signed by the remove server’s certificate authority and installs the signed certificate and its associated trust chain in the agent’s keystore. After this point, the agent will only accept requests from the specified server and will be used as a trusted resource by the server.

    $ ectool --server myserver login admin pw
    $ eccert --server myserver initAgent -remote

    Generating certificate request
        cname=<myAgent.example.com>
        san=<dns:myAgent.example.com>
    Asking server 'myserver' to sign certificate
    Importing 'CA:myserver.example.com' certificate
    Importing 'jetty' certificate

Example 3: Configure a CloudBees CD server with additional host names in the certificate

This example regenerates the CloudBees CD Server Certificate, the specified common name, and alternate subject names to allow trusted connections with multiple external dns names.

    $ eccert initServer --force --cname "myServer.example.com" --altNames "myServer,server2.example.com"

    Generating keys
    Generating certificate request
        cname=<myserver.example.com>
        san=<dns:myserver,dns:server2.example.com>
    Signing server certificate
    Importing 'CA:myserver.example.com' certificate
    Importing 'jetty' certificate

ecconfigure

A command-line tool for changing values in configuration files for any locally-installed CloudBees CD server, web server, repository server, or agent. ecconfigure is an easier way to configure CloudBees CD settings than manually editing configuration files.

ecconfigure Command Syntax

ecconfigure [<options>]

Agent Configuration Options

Option Description

Option	Description
--agentAcceptQueueSize=max	The maximum number of pending connections the agent will queue up.
--agentArtifactCache=path	The directory containing cached artifactVersions.
--agentCaFile=path	A single file containing multiple CA certificates.
--agentCaPath=path	A directory containing a file for every CA, where each file’s name is the CA subject name hash value.
--agentCertFile=path	Location of the certificate file used by the agent to support SSL connections from the server.
--agentCrlFile=relativepath	Relative path of the file containing the agent’s certificate revocation list for SSL.
--agentDomainName=domain	The domain name that the agent uses for fully-qualified names.
--agentDuplicateDetectionListSize=size	The size of the list of recently seen requests used in duplicate request detection.
--agentEnableProxySettings=<1\|0>	Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --agentProxyHost and --agentProxyPort must be specified.
--agentIdleConnectionTimeout=milliseconds	Idle connection timeout, in milliseconds.
--agentIdleOutboundConnectionTimeout=seconds	Idle time after which an outbound connection is closed, in seconds.
--agentIdlePostRunnerTimeout=seconds	Idle time after which a PostRunner thread is terminated, in seconds.
--agentIdleServerRequestWorkerTimeout=seconds	Idle time after which a ServerRequestWorker thread is terminated, in seconds
--agentIdleWorkerTimeout=seconds	Idle time after which a Worker thread is terminated, in seconds.
--agentInitMemory=percent	Initial java heap size as a percentage of the total system memory.
--agentInitMemoryMB=size	Initial java heap size in MB.
--agentKeyFile=path	Location of the key file used by the agent to support SSL connections from the server.
--agentKeystore=path	Location of the keystore file used by the agent to support SSL connections from the server.
--agentKeystorePassword=password	Password used to access the agent’s keystore.
--agentLoadProfile=<true\|yes\|1\|false\|no\|0>	Enable (1) or disable (0) loading the impersonated user’s profile for impersonation steps if on Windows.
--agentLocalPort=port	Port used by the Commander agent for http communication on the localhost network interface.
--agentLogFile=path	Path where the C++ agent log file should be written.
--agentLogLevel=<TRACE\|DEBUG\|INFO\|WARN\|ERROR>	Logging level used by the C++ portion of the agent.
--agentLogMaxFiles=max	Maximum number of log files the C++ agent will accrue.
--agentLogMaxSize=max	Maximum size of each log file from the C++ agent. The value may be suffixed with a unit (MB, KB, B). Without a unit, the value is interpreted as bytes.
--agentMaxConnections=max	Maximum number of network connections for the agent.
--agentMaxConnectionsPerRoute=max	Maximum number of network connections per route for the agent.
--agentMaxHttpThreads=max	Maximum number of threads for handling inbound requests.
--agentMaxLoggedMessageLength=max	Maximum message length, used when logging requests/ responses to/from the CloudBees CD server.
--agentMaxMemory=percent	Maximum java heap size as a percentage of the total system memory.
--agentMaxMemoryMB=size	Maximum java heap size in MB.
--agentNoProxyHosts=hosts	Comma delimited list of hosts that should be reached directly, bypassing the proxy server.
--agentOutboundConnectTimeout=milliseconds	Timeout for the agent establishing outbound connections, in milliseconds.
--agentOutboundRequestInitialRetryInterval=seconds	Initial delay between retries for sending outbound requests to a server, in seconds.
--agentOutboundRequestMaxRetryInterval=seconds	Maximum delay between retries for sending outbound requests to a server, in seconds.
--agentOutboundRequestTimeout=hours	Timeout after which the agent gives up trying to send a request to a server, in hours.
--agentPluginsDirectory=path	The path used by the agent to get to the plugins directory of the CloudBees CD server where its resource definition lies.
--agentPort=port	Port used by the Commander agent for https communication on any network interface.
--agentProto=<http\|https>	Protocol used internally by the agent.
--agentProtocol=<http\|https>	Protocol used by the agent.
--agentProxyHost=host	The IP address of the proxy server.
--agentProxyPort=port	The port of the proxy server.
--agentServerConnectTimeout=seconds	Socket connection timeout for outbound requests to a server, in seconds.
--agentServerReadTimeout=seconds	Socket read timeout for responses from a server, in seconds.
--agentServerSessionsFile=relativepath	Relative path to the persisted server sessions file.
--agentTLSEnabledProtocol < protocols >	Comma-delimited list of SSL/TLS protocols that will be allowed for agent connections using HTTPS. The possible values are any combination of `TLSv1`, `TLSv1.1`, `TLSv1.2`, and `SSLv2Hello`. The default security configurations are as follows: First-time CloudBees CD installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled Existing CloudBees CD installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled We recommend removing the `SSL 2.0 Client Hello` or `SSLv2Hello` protocol from your security configurations for all components. When you do this, you would also need to upgrade older agents to the latest version to avoid security risks. You would need to upgrade agents if you are using the following agent versions: Windows: 6.0.3 or older Linux: 6.2 or older Sun Solaris, HP UX, Mac OS: 8.4 or older
--agentUnixShellPattern=pattern	Windows-only: ordinarily, the agent creates script-files with CRLF line termination. But some shells on Windows require script files to be LF line-terminated, like Unix. This option sets a regular expression pattern for such shells. Defaults to a pattern that matches sh and bash, which in modern versions of Cygwin require LF-terminated script files.
--agentVerifyPeer=<true\|yes\|1\|false\|no\|0>	Enable (1) or disable (0) verifying the certificate presented by the CloudBees CD server when it connects.
--agentWrapperConsoleFormat=format	Format of output for the agent wrapper console.
--agentWrapperEcwrapperWriteMaxAttempts=max	Workspace write maximum attempts count
--agentWrapperEcwrapperWriteRetryInterval=milliseconds	Workspace write interval between two attempts, in milliseconds.
--agentWrapperJavaAdditional=nnnnn=value	Set a custom line of the form wrapper.java.additional.nnnnn=value in the agent’s wrapper.conf file. nnnnn must be an integer >= 10000.
--agentWrapperJavaClasspath=n=path	The Java classpath. n must be an integer >= 1.
--agentWrapperJavaLibraryPath=n=path	The Java Library Path (location of Wrapper.DLL or libwrapper.so). n must be an integer >= 1.
--agentWrapperLogfile=path	Log file to use for agent wrapper output logging.
--agentWrapperLogfileFormat=format	Format of output for the agent wrapper log file.
--agentWrapperLogfileLoglevel=loglevel	Log Level for agent wrapper log file output.
--agentWrapperLogfileMaxsize=size	Maximum size that the log file will be allowed to grow to before the log is rolled. Size is specified in bytes, kilobytes with a 'k' suffix, or megabytes with an 'm' suffix.
--agentWrapperLogfileMaxfiles=max	Maximum number of rolled log files which will be allowed before old files are deleted.
--agentWrapperNtserviceDependency=n=service	NT service dependencies. Add dependencies as needed starting from 1. n must be an integer >= 1.
--agentWrapperNtserviceStarttype=<AUTO_START\|DEMAND_START>	Mode in which the NT service is installed.
--agentWrapperNtserviceInteractive=<true\|false>	Whether to allow the NT service to interact with the desktop.
--agentWrapperPingInterval=seconds	Java virtual machine-wrapper heartbeat interval, in seconds.
--agentWrapperPingTimeout=seconds	Java virtual machine-wrapper heartbeat timeout, in seconds.
--agentWrapperRequestThreadDumpOnFailedJvmExit=<true\|false>	Whether to try to get a thread dump if the Java virtual machine doesn’t exit cleanly.
--agentWrapperShutdownTimeout=seconds	The wrapper’s shutdown timeout, in seconds.
--agentWrapperStartupTimeout=seconds	The wrapper’s startup timeout, in seconds.
--agentWrapperSuccessfulInvocationTime=seconds	The amount of time the agent has to be up before the wrapper considers it a 'successful' invocation. If there are 5 or more consecutive failed invocations, the wrapper will no longer start up the agent.
--agentWrapperSyslogLoglevel=loglevel	Log Level for sys/event agent wrapper log output.

--agentAcceptQueueSize=max

The maximum number of pending connections the agent will queue up.

--agentArtifactCache=path

The directory containing cached artifactVersions.

--agentCaFile=path

A single file containing multiple CA certificates.

--agentCaPath=path

A directory containing a file for every CA, where each file’s name is the CA subject name hash value.

--agentCertFile=path

Location of the certificate file used by the agent to support SSL connections from the server.

--agentCrlFile=relativepath

Relative path of the file containing the agent’s certificate revocation list for SSL.

--agentDomainName=domain

The domain name that the agent uses for fully-qualified names.

--agentDuplicateDetectionListSize=size

The size of the list of recently seen requests used in duplicate request detection.

--agentEnableProxySettings=<1|0>

Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --agentProxyHost and --agentProxyPort must be specified.

--agentIdleConnectionTimeout=milliseconds

Idle connection timeout, in milliseconds.

--agentIdleOutboundConnectionTimeout=seconds

Idle time after which an outbound connection is closed, in seconds.

--agentIdlePostRunnerTimeout=seconds

Idle time after which a PostRunner thread is terminated, in seconds.

--agentIdleServerRequestWorkerTimeout=seconds

Idle time after which a ServerRequestWorker thread is terminated, in seconds

--agentIdleWorkerTimeout=seconds

Idle time after which a Worker thread is terminated, in seconds.

--agentInitMemory=percent

Initial java heap size as a percentage of the total system memory.

--agentInitMemoryMB=size

Initial java heap size in MB.

--agentKeyFile=path

Location of the key file used by the agent to support SSL connections from the server.

--agentKeystore=path

Location of the keystore file used by the agent to support SSL connections from the server.

--agentKeystorePassword=password

Password used to access the agent’s keystore.

--agentLoadProfile=<true|yes|1|false|no|0>

Enable (1) or disable (0) loading the impersonated user’s profile for impersonation steps if on Windows.

--agentLocalPort=port

Port used by the Commander agent for http communication on the localhost network interface.

--agentLogFile=path

Path where the C++ agent log file should be written.

--agentLogLevel=<TRACE|DEBUG|INFO|WARN|ERROR>

Logging level used by the C++ portion of the agent.

--agentLogMaxFiles=max

Maximum number of log files the C++ agent will accrue.

--agentLogMaxSize=max

Maximum size of each log file from the C++ agent. The value may be suffixed with a unit (MB, KB, B). Without a unit, the value is interpreted as bytes.

--agentMaxConnections=max

Maximum number of network connections for the agent.

--agentMaxConnectionsPerRoute=max

Maximum number of network connections per route for the agent.

--agentMaxHttpThreads=max

Maximum number of threads for handling inbound requests.

--agentMaxLoggedMessageLength=max

Maximum message length, used when logging requests/ responses to/from the CloudBees CD server.

--agentMaxMemory=percent

Maximum java heap size as a percentage of the total system memory.

--agentMaxMemoryMB=size

Maximum java heap size in MB.

--agentNoProxyHosts=hosts

Comma delimited list of hosts that should be reached directly, bypassing the proxy server.

--agentOutboundConnectTimeout=milliseconds

Timeout for the agent establishing outbound connections, in milliseconds.

--agentOutboundRequestInitialRetryInterval=seconds

Initial delay between retries for sending outbound requests to a server, in seconds.

--agentOutboundRequestMaxRetryInterval=seconds

Maximum delay between retries for sending outbound requests to a server, in seconds.

--agentOutboundRequestTimeout=hours

Timeout after which the agent gives up trying to send a request to a server, in hours.

--agentPluginsDirectory=path

The path used by the agent to get to the plugins directory of the CloudBees CD server where its resource definition lies.

--agentPort=port

Port used by the Commander agent for https communication on any network interface.

--agentProto=<http|https>

Protocol used internally by the agent.

--agentProtocol=<http|https>

Protocol used by the agent.

--agentProxyHost=host

The IP address of the proxy server.

--agentProxyPort=port

The port of the proxy server.

--agentServerConnectTimeout=seconds

Socket connection timeout for outbound requests to a server, in seconds.

--agentServerReadTimeout=seconds

Socket read timeout for responses from a server, in seconds.

--agentServerSessionsFile=relativepath

Relative path to the persisted server sessions file.

--agentTLSEnabledProtocol < protocols >

Comma-delimited list of SSL/TLS protocols that will be allowed for agent connections using HTTPS. The possible values are any combination of TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello.

The default security configurations are as follows:

First-time CloudBees CD installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled
Existing CloudBees CD installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled

We recommend removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations for all components. When you do this, you would also need to upgrade older agents to the latest version to avoid security risks. You would need to upgrade agents if you are using the following agent versions:

Windows: 6.0.3 or older
Linux: 6.2 or older
Sun Solaris, HP UX, Mac OS: 8.4 or older

--agentUnixShellPattern=pattern

Windows-only: ordinarily, the agent creates script-files with CRLF line termination. But some shells on Windows require script files to be LF line-terminated, like Unix. This option sets a regular expression pattern for such shells. Defaults to a pattern that matches sh and bash, which in modern versions of Cygwin require LF-terminated script files.

--agentVerifyPeer=<true|yes|1|false|no|0>

Enable (1) or disable (0) verifying the certificate presented by the CloudBees CD server when it connects.

--agentWrapperConsoleFormat=format

Format of output for the agent wrapper console.

--agentWrapperEcwrapperWriteMaxAttempts=max

Workspace write maximum attempts count

--agentWrapperEcwrapperWriteRetryInterval=milliseconds

Workspace write interval between two attempts, in milliseconds.

--agentWrapperJavaAdditional=nnnnn=value

Set a custom line of the form wrapper.java.additional.nnnnn=value in the agent’s wrapper.conf file. nnnnn must be an integer >= 10000.

--agentWrapperJavaClasspath=n=path

The Java classpath. n must be an integer >= 1.

--agentWrapperJavaLibraryPath=n=path

The Java Library Path (location of Wrapper.DLL or libwrapper.so). n must be an integer >= 1.

--agentWrapperLogfile=path

Log file to use for agent wrapper output logging.

--agentWrapperLogfileFormat=format

Format of output for the agent wrapper log file.

--agentWrapperLogfileLoglevel=loglevel

Log Level for agent wrapper log file output.

--agentWrapperLogfileMaxsize=size

Maximum size that the log file will be allowed to grow to before the log is rolled. Size is specified in bytes, kilobytes with a 'k' suffix, or megabytes with an 'm' suffix.

--agentWrapperLogfileMaxfiles=max

Maximum number of rolled log files which will be allowed before old files are deleted.

--agentWrapperNtserviceDependency=n=service

NT service dependencies. Add dependencies as needed starting from 1. n must be an integer >= 1.

--agentWrapperNtserviceStarttype=<AUTO_START|DEMAND_START>

Mode in which the NT service is installed.

--agentWrapperNtserviceInteractive=<true|false>

Whether to allow the NT service to interact with the desktop.

--agentWrapperPingInterval=seconds

Java virtual machine-wrapper heartbeat interval, in seconds.

--agentWrapperPingTimeout=seconds

Java virtual machine-wrapper heartbeat timeout, in seconds.

--agentWrapperRequestThreadDumpOnFailedJvmExit=<true|false>

Whether to try to get a thread dump if the Java virtual machine doesn’t exit cleanly.

--agentWrapperShutdownTimeout=seconds

The wrapper’s shutdown timeout, in seconds.

--agentWrapperStartupTimeout=seconds

The wrapper’s startup timeout, in seconds.

--agentWrapperSuccessfulInvocationTime=seconds

The amount of time the agent has to be up before the wrapper considers it a 'successful' invocation. If there are 5 or more consecutive failed invocations, the wrapper will no longer start up the agent.

--agentWrapperSyslogLoglevel=loglevel

Log Level for sys/event agent wrapper log output.

Web Server Configuration Options

Option Description

--skipServiceRestart

Disable the attempt to restart the web server. The CloudBees CD web server can only be started with sudo access. Therefore, you must use sudo to restart it manually afterward or use the --skipServiceRestart option to disable the restart attempt.

--webHostName=host

The host name of the current machine in the form that users will typically use in their browser to access the web server.

--webHttpPort=port

The HTTP port of the web server.

--webHttpsPort=port

The HTTPS port of the web server.

--webTargetHostName=host

The host name of the CloudBees CD server to which the web server points.

This argument modifies the CloudBees CD web server configuration and therefore also attempts to restart the CloudBees CD web server. If you used the ecconfigure command without sudo as recommended, the commanderApache service will not start and produces an error. Therefore, you must restart it manually afterward using sudo. You can also use the --skipServiceRestart argument to avoid the ecconfigure command’s restart attempt and the error message.

--webTargetHttpPort=port

The HTTP port of the CloudBees CD server to which the web server points.

--webTargetHttpsPort=port

The HTTPS port of the CloudBees CD server to which the web server points.

--webTimeZone=timezone

The Olson TimeZone format (example: America/Los Angeles) for the php web server.

--webPluginsDirectory=path

The path used by the web server to get to the plugins directory of the CloudBees CD server to which it points.

You must have root privileges to use this option.

--webProxyUrl=url

The IP address and port of the proxy server in the following format. https://<IP_ADDRESS_PROXY>:<PROXY_PORT>

--webServicePrincipalName=name

The Kerberos Service Principal Name that will be used to authorize users. This command changes the KrbServiceName HTTP setting in the DATA_DIR/apache/conf/extra/auth-kerberos.conf file.

--webNoProxyHosts=hosts

Comma delimited list of hosts that should be reached directly, bypassing the proxy server.

--webEnableKerberosConstrainedDelegation=<true|false>

Enable ( true ) or disable ( false ) support for constrained delegation authorization when using the Kerberos SSO protocol. This parameter manages the KrbConstrainedDelegation setting in DATA_DIR/apache/conf/extra/auth-kerberos.conf.

--webEnableKrb5Trace=<1|0>

Enable (1) or disable (0) additional Kerberos protocol logging for the web server. This parameter manages the webEnableKrb5Trace setting in DATA_DIR/apache/conf/extra/auth-kerberos.conf.

--webEnableProxySettings=<1|0>

Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --webProxyUrl must be specified.

--webEnableSsoKerberos =<true|false>

Enable ( true ) or disable ( false ) authentication using the Kerberos SSO protocol. This command changes the $config["ssoEnabledKerberos"] variable in the INSTALL_DIR/apache/htdocs/commander/config.php file.

--webDisableHttpsRedirection=<1|0>

Disable (1) or enable (0) HTTP → HTTPS web redirection by the web server.

--webCsrfProtection=<true|false>

Enable (true) or disable (false) Cross-Site Request Forgery protection on the web server.

CloudBees CD Server Configuration Options

Option Description

--serverAcceptQueueSize=max

The maximum number of pending connections the CloudBees CD server will queue up.

--serverBatchDbRequestsOverride=<1|0|auto>

Enable (1), disable (0) or let the server decide (auto) for using db request batching.

--serverBindIp=<ip or hostname>

The IP address or host name the CloudBees CD server listen to.

--serverCertFile=relativepath

Relative path of the certificate file used by the CloudBees CD server to support SSL connections.

--serverChangeTrackingHardMaxRecords=number

The maximum number of records for change tracking

--serverCommanderPort=port

The HTTP port of the server.

--serverCommanderHttpsPort=port

The HTTPS port of the server.

--serverCriticalServicesMonitoringEnabled=<true|false>

Enable (true) or disable (false) monitoring for the critical services.

--serverCriticalServicesMonitoringFrequency=seconds

The interval between the critical services checks and the disk space checks, seconds.

--serverCrlFile=relativepath

Relative path of the file containing the CloudBees CD server’s certificate revocation list for SSL.

--serverDatabaseName=name

The name of the database the CloudBees CD server uses for its operation.

--serverDatabaseUsername=name

The user name for the database the CloudBees CD server uses for its operation.

--serverFileTransferPort=port

The file transfer port of the server.

--serverForceEnableAdmin=<1|0>

Set to '1' or '0' to override the current value of the 'enableAdminUser' CloudBees CD server setting.

--serverName=host

The name the CloudBees CD server, usually its fully-qualified domain name, or for a cluster the fully-qualified domain name of the load balancer.

--serverHttpPort=port

The HTTP port of the server, default value 8000.

--serverHttpsPort=port

The HTTPS port of the server, default value 8443.

--serverIgnoreServerMismatch=<1|0>

Enable (1) or disable (0) ignoring the CloudBees CD server host name mismatch.

--serverInitMemory=percent

Initial java heap size as a percentage of the total system memory.

--serverMaxMemory=percent

Maximum java heap size as a percentage of the total system memory.

--serverInitMemoryMB=size

Initial java heap size in MB.

--serverMaxMemoryMB=size

Maximum java heap size in MB.

--serverMaxThreadsApi=max

The size for the API thread pool. '0' means let the CloudBees CD server decide.

--serverKeyFile=relativepath

Relative path of the CA key file used by the CloudBees CD server to support SSL connections.

--serverKeystore=path

Relative location of the keystore file used by the CloudBees CD server to support SSL connections.

--serverKeystorePassword=password

Password used to access the CloudBees CD server’s keystore.

--serverLogClusterConnectionProblems=<true|false>

Enable (true) or disable (false) additional logging for the connection problems in the cluster environment.

--serverMaxThreadsDispatch=max

The size for the dispatch thread pool. '0' means let the CloudBees CD server decide.

--serverMaxThreadsHttp=max

The size for the HTTP thread pool. '0' means let the CloudBees CD server decide.

--serverMaxThreadsQuartz=max

The size for the quartz thread pool. '0' means let the CloudBees CD server decide.

--serverMaxThreadsWorkflow=max

The size for the workflow thread pool. '0' means let the CloudBees CD server decide.

--serverMonitoringEnabledDataDirectory=<true|false>

Enable (true) or disable (false) disk space monitoring for the data directory.

--serverMonitoringEnabledLogDirectory=<true|false>

Enable (true) or disable (false) disk space monitoring for the log directory.

--serverMonitoringEnabledMqDirectory=<true|false>

Enable (true) or disable (false) disk space monitoring for the message broker data directory.

--serverMqDataDirectory=path

The directory the CloudBees CD server uses to store message broker data.

In a clustered deployment, this setting will not exactly match the actual directory name but will have a suffix.

--serverMqDiskSpaceLimitHard=size

The limit of the free disk space when CloudBees CD server will be switched in bootstrap mode, in MB.

--serverMqDiskSpaceLimitSoft=size

The limit of the free disk space when CloudBees CD server will start to log warnings, in MB.

--serverMqDiskSpaceMonitoringEnabled=<true|false>

Enable (true) or disable (false) disk space monitoring for the message broker data storage.

--serverMqDiskSpaceMonitoringInClusterOnly=<true|false>

Enable (true) or disable (false) disk space monitoring for the message broker data storage only in cluster environment.

--serverNestedLdapGroupsMaxDepthLimit=max

Maximum allowed depth limit of nested LDAP groups

--serverPasskeyFile=path

Path to the server’s passkey file.

--serverProxyHost=host

The IP address of the proxy server.

--serverProxyPort=port

The port of the proxy server.

--serverNoProxyHosts=hosts

Comma delimited list of hosts that should be reached directly, bypassing the proxy server.

--serverEnableProxySettings=<1|0>

Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --serverProxyHost and --serverProxyPort must be specified.

--serverPreserveSessions=<1|0>

Enable (1) or disable (0) preserving sessions even if there is the CloudBees CD server hostname mismatch.

--serverRestPort=port

The port for the REST documentation

--serverRestProtocol=<http|https>

The transfer protocol for the REST documentation.

--serverServicePrincipalName=name

The Kerberos Service Principal Name that will be used to authorize users. This command changes wrapper.java.additional.950 in the DATA_DIR/conf/wrapper.conf file.

--serverStatsdHost=host

The host of the statsd server the CloudBees CD server uses to send data.

--serverStatsdPort=port

The port of the statsd server the CloudBees CD server uses to send data.

--serverStatsdPrefix=string

The prefix the CloudBees CD server uses in the data to the statsd server.

--serverStatsdIncludeHostname=<true|false>

Enable (true) or disable (false) inclusion of the CloudBees CD server host to the prefix of the data sent to the statsd server.

--serverTLSEnabledProtocol < protocols >

Comma-delimited list of cryptographic protocols that will be allowed for CloudBees CD server connections using HTTPS. The possible values are any combination of TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello.

The default security configurations are as follows:

First-time CloudBees CD installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled
Existing CloudBees CD installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled

Windows: 6.0.3 or older
Linux: 6.2 or older
Sun Solaris, HP UX, Mac OS: 8.4 or older

--serverZooKeeperConnection=host:port[,host:port,host:port[,host:port,host:port]]

Comma-separated list of host IP/FQDN and ports for the ZooKeeper servers for a clustered configuration.

--serverExhibitorConnection=host[:port][,host,host[,host,host]]

Comma-separated list of host IP/FQDN for the Exhibitor servers for a clustered configuration, if you are using Exhibitor. To use a port number other than 80, add the port number after the first host IP/FQDN: the same port number will be used for all hosts.

--serverEnableClusteredMode=<1|0>

Enable (1) or disable (0) the clustered configuration. If enabling for the first time, --serverZooKeeperConnection must be specified.

--serverWrapperConsoleFormat=format

Format of output for the CloudBees CD server wrapper console.

--serverWrapperJavaClasspath=n=path

The Java classpath. n must be an integer >= 1.

--serverWrapperJavaLibraryPath=n=path

The Java Library Path (location of Wrapper.DLL or libwrapper.so). n must be an integer >= 1.

--serverWrapperLogfile=path

Log file to use for the CloudBees CD server wrapper output logging.

--serverWrapperLogfileFormat=format

Format of output for the CloudBees CD server wrapper log file.

--serverWrapperLogfileLoglevel=loglevel

Log level for the CloudBees CD server wrapper log file output.

--serverWrapperLogfileMaxfiles=max

Maximum number of rolled log files which will be allowed before old files are deleted.

--serverWrapperLogfileMaxsize=size

Maximum size that the log file will be allowed to grow to before the log is rolled. Size is specified in bytes, kilobytes with a 'k' suffix, or megabytes with an 'm' suffix.

--serverWrapperPingInterval=seconds

Java virtual machine-wrapper heartbeat interval, in seconds.

--serverWrapperPingTimeout=seconds

Java virtual machine-wrapper heartbeat timeout, in seconds.

--serverWrapperRequestThreadDumpOnFailedJvmExit=<true|false>

Whether to try to get a thread dump if the Java virtual machine doesn’t exit cleanly.

--serverWrapperStartupTimeout=seconds

The wrapper’s startup timeout, in seconds.

--serverWrapperShutdownTimeout=seconds

The wrapper’s shutdown timeout, in seconds.

--serverWrapperSuccessfulInvocationTime=seconds

The amount of time the CloudBees CD server has to be up before the wrapper considers it a 'successful' invocation. If there are 5 or more consecutive failed invocations, the wrapper will no longer start up the CloudBees CD server.

--serverWrapperSyslogLoglevel=loglevel

Log level for sys/event CloudBees CD server wrapper log output.

--serverXmlReaderStripWhitespaceText=<true|false>

Enable (true) or disable (false) the clipping of the values of the UI-form parameters that contain only spaces.

--wrapperJavaAdditional=nnnnn=value

Set a line wrapper.java.additional=value in the server’s wrapper.conf file. nnnnn must be an integer >= 10000.

Built-In (Default) Database Configuration Options

Option Description

Option	Description
--databaseEnableService=<1\|0>	Enable (1) or disable (0) the built-in database service.
--databaseMemoryBufferSize=size	Size of the database memory buffer. The value can be suffixed with a unit (K, M, or G). Without a unit, the value is interpreted as bytes. The default size is 256 MB.
--databasePassword=password	Password used to access the database. The default password is `changeme`.
--databasePort=port	Port used by the database. The default port is 8900.

--databaseEnableService=<1|0>

Enable (1) or disable (0) the built-in database service.

--databaseMemoryBufferSize=size

Size of the database memory buffer. The value can be suffixed with a unit (K, M, or G). Without a unit, the value is interpreted as bytes. The default size is 256 MB.

--databasePassword=password

Password used to access the database. The default password is changeme.

--databasePort=port

Port used by the database. The default port is 8900.

Repository Server Configuration Options

Option Description

Option	Description
--repositoryAcceptQueueSize=max	The maximum number of pending connections the repository server will queue up.
--repositoryAgentUrl=url	The agent URL to use for proxying server requests
--repositoryPort	The repository server port.
--repositoryIdleConnectionTimeout=milliseconds	The idle connection timeout, in milliseconds.
--repositoryKeystore=path	Location of the keystore file used by the repository server to support SSL connections from the CloudBees CD server.
--repositoryKeystorePassword=password	Password used to access the repository server’s keystore.
--repositoryMaxConnections=max	The maximum number of total connections.
--repositoryMaxConnectionsPerRoute=max	The maximum number of connections to one machine.
--repositoryInitMemory=percent	Initial java heap size as a percentage of the total system memory.
--repositoryMaxMemory=percent	Maximum java heap size as a percentage of the total system memory.
--repositoryInitMemoryMB=size	Initial java heap size in MB.
--repositoryMaxMemoryMB=size	Maximum java heap size in MB.
--repositoryMaxHttpThreads=max	The maximum number of threads for handling inbound requests.
--repositoryStorageDirectory=path	Path to the repository backing store. The artifact repository will use this directory to store artifacts. NOTE: `path` cannot be a mapped drive path. For example, `c:/repository-data` is not allowed and will cause artifact publishing to fail. You must use a UNC path such as `//10.0.109.72/repo_share/repository-data`.
--repositoryTargetHostName=host	The host name of the CloudBees CD server to which the repository server points.
--repositoryTargetHttpPort=port	The HTTP port of the CloudBees CD server to which the repository server points.
--repositoryTargetHttpsPort=port	The HTTPS port of the CloudBees CD server to which the repository server points.
--repositoryTargetProtocol=<http\|https>	The protocol that the repository server uses to talk to the CloudBees CD server.
--repositoryTLSEnabledProtocol < protocols >	Comma-delimited list of cryptographic protocols that will be allowed for CloudBees CD repository server connections using HTTPS. The possible values are any combination of `TLSv1`, `TLSv1.1`, `TLSv1.2`, and `SSLv2Hello`. The default security configurations are as follows: First-time CloudBees CD installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled Existing CloudBees CD installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled We recommend removing the `SSL 2.0 Client Hello` or `SSLv2Hello` protocol from your security configurations for all components. When you do this, you would also need to upgrade older agents to the latest version to avoid security risks. You would need to upgrade agents if you are using the following agent versions: Windows: 6.0.3 or older Linux: 6.2 or older Sun Solaris, HP UX, Mac OS: 8.4 or older
--repositoryProtocol	The protocol that the repository server uses to talk to client applications.
--repositoryProxyHost=host	The IP address of the proxy server.
--repositoryProxyPort=port	The port of the proxy server.
--repositoryNoProxyHosts=hosts	Comma delimited list of hosts that should be reached directly, bypassing the proxy server.
--repositoryEnableProxySettings=<1\|0>	Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --repositoryProxyHost and --repositoryProxyPort must be specified.
--repositoryValidateFromDisk=<1\|0>	Enable (1) or disable (0) disk validation.
--repositoryWrapperConsoleFormat=format	Format of output for the repository server wrapper console.
--repositoryWrapperJavaClasspath=n=path	The Java classpath. n must be an integer >= 1.
--repositoryWrapperJavaLibraryPath=n=path	The Java Library Path (location of Wrapper.DLL or libwrapper.so). n must be an integer >= 1.
--repositoryWrapperLogfile=path	Log file to use for the repository server wrapper output logging.
--repositoryWrapperLogfileFormat=format	Format of output for the repository server wrapper log file.
--repositoryWrapperLogfileLoglevel=loglevel	Log level for the repository server wrapper log file output.
--repositoryWrapperLogfileMaxfiles=max	Maximum number of rolled log files which will be allowed before old files are deleted.
--repositoryWrapperLogfileMaxsize=size	Maximum size that the log file will be allowed to grow to before the log is rolled. Size is specified in bytes, kilobytes with a 'k' suffix, or megabytes with an 'm' suffix.
--repositoryWrapperPingInterval=seconds	Java virtual machine-wrapper heartbeat interval, in seconds.
--repositoryWrapperPingTimeout=seconds	Java virtual machine-wrapper heartbeat timeout, in seconds.
--repositoryWrapperRequestThreadDumpOnFailedJvmExit=<true\|false>	Whether to try to get a thread dump if the Java virtual machine doesn’t exit cleanly.
--repositoryWrapperStartupTimeout=seconds	The wrapper’s startup timeout, in seconds.
--repositoryWrapperShutdownTimeout=seconds	The wrapper’s shutdown timeout, in seconds.
--repositoryWrapperSuccessfulInvocationTime=seconds	The amount of time the repository server has to be up before the wrapper considers it a 'successful' invocation. If there are 5 or more consecutive failed invocations, the wrapper will no longer start up the repository server.
--repositoryWrapperSyslogLoglevel=loglevel	Log level for sys/event repository server wrapper log output.

--repositoryAcceptQueueSize=max

The maximum number of pending connections the repository server will queue up.

--repositoryAgentUrl=url

The agent URL to use for proxying server requests

--repositoryPort

The repository server port.

--repositoryIdleConnectionTimeout=milliseconds

The idle connection timeout, in milliseconds.

--repositoryKeystore=path

Location of the keystore file used by the repository server to support SSL connections from the CloudBees CD server.

--repositoryKeystorePassword=password

Password used to access the repository server’s keystore.

--repositoryMaxConnections=max

The maximum number of total connections.

--repositoryMaxConnectionsPerRoute=max

The maximum number of connections to one machine.

--repositoryInitMemory=percent

Initial java heap size as a percentage of the total system memory.

--repositoryMaxMemory=percent

Maximum java heap size as a percentage of the total system memory.

--repositoryInitMemoryMB=size

Initial java heap size in MB.

--repositoryMaxMemoryMB=size

Maximum java heap size in MB.

--repositoryMaxHttpThreads=max

The maximum number of threads for handling inbound requests.

--repositoryStorageDirectory=path

Path to the repository backing store. The artifact repository will use this directory to store artifacts.

NOTE:

path cannot be a mapped drive path. For example, c:/repository-data is not allowed and will cause artifact publishing to fail. You must use a UNC path such as //10.0.109.72/repo_share/repository-data.

--repositoryTargetHostName=host

The host name of the CloudBees CD server to which the repository server points.

--repositoryTargetHttpPort=port

The HTTP port of the CloudBees CD server to which the repository server points.

--repositoryTargetHttpsPort=port

The HTTPS port of the CloudBees CD server to which the repository server points.

--repositoryTargetProtocol=<http|https>

The protocol that the repository server uses to talk to the CloudBees CD server.

--repositoryTLSEnabledProtocol < protocols >

Comma-delimited list of cryptographic protocols that will be allowed for CloudBees CD repository server connections using HTTPS. The possible values are any combination of TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello.

The default security configurations are as follows:

First-time CloudBees CD installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled
Existing CloudBees CD installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled

Windows: 6.0.3 or older
Linux: 6.2 or older
Sun Solaris, HP UX, Mac OS: 8.4 or older

--repositoryProtocol

The protocol that the repository server uses to talk to client applications.

--repositoryProxyHost=host

The IP address of the proxy server.

--repositoryProxyPort=port

The port of the proxy server.

--repositoryNoProxyHosts=hosts

Comma delimited list of hosts that should be reached directly, bypassing the proxy server.

--repositoryEnableProxySettings=<1|0>

Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --repositoryProxyHost and --repositoryProxyPort must be specified.

--repositoryValidateFromDisk=<1|0>

Enable (1) or disable (0) disk validation.

--repositoryWrapperConsoleFormat=format

Format of output for the repository server wrapper console.

--repositoryWrapperJavaClasspath=n=path

The Java classpath. n must be an integer >= 1.

--repositoryWrapperJavaLibraryPath=n=path

The Java Library Path (location of Wrapper.DLL or libwrapper.so). n must be an integer >= 1.

--repositoryWrapperLogfile=path

Log file to use for the repository server wrapper output logging.

--repositoryWrapperLogfileFormat=format

Format of output for the repository server wrapper log file.

--repositoryWrapperLogfileLoglevel=loglevel

Log level for the repository server wrapper log file output.

--repositoryWrapperLogfileMaxfiles=max

Maximum number of rolled log files which will be allowed before old files are deleted.

--repositoryWrapperLogfileMaxsize=size

Maximum size that the log file will be allowed to grow to before the log is rolled. Size is specified in bytes, kilobytes with a 'k' suffix, or megabytes with an 'm' suffix.

--repositoryWrapperPingInterval=seconds

Java virtual machine-wrapper heartbeat interval, in seconds.

--repositoryWrapperPingTimeout=seconds

Java virtual machine-wrapper heartbeat timeout, in seconds.

--repositoryWrapperRequestThreadDumpOnFailedJvmExit=<true|false>

Whether to try to get a thread dump if the Java virtual machine doesn’t exit cleanly.

--repositoryWrapperStartupTimeout=seconds

The wrapper’s startup timeout, in seconds.

--repositoryWrapperShutdownTimeout=seconds

The wrapper’s shutdown timeout, in seconds.

--repositoryWrapperSuccessfulInvocationTime=seconds

The amount of time the repository server has to be up before the wrapper considers it a 'successful' invocation. If there are 5 or more consecutive failed invocations, the wrapper will no longer start up the repository server.

--repositoryWrapperSyslogLoglevel=loglevel

Log level for sys/event repository server wrapper log output.

General Configuration Options

Option	Description
-v,--version	Display version information.
-h,--help	Display this information.

Option

Description

-v,--version

Display version information.

-h,--help

Display this information.

Commander Agent Configuration Options:

--agentAcceptQueueSize=max

The maximum number of pending connections the agent will queue up.

--agentArtifactCache=path

The directory containing cached artifactVersions.

--agentCaFile=path

A single file containing multiple CA certificates.

--agentCaPath=path

A directory containing a file for every CA, where each file’s name is the CA subject name hash value.

--agentCertFile=path

Location of the certificate file used by the agent to support SSL connections from the server.

--agentCrlFile=relativepath

Relative path of the file containing the agent’s certificate revocation list for SSL.

--agentDomainName=domain

The domain name that the agent uses for fully-qualified names.

--agentDuplicateDetectionListSize=size

The size of the list of recently seen requests used in duplicate request detection.

--agentEnableProxySettings=<1|0>

Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --agentProxyHost and --agentProxyPort must be specified.

--agentIdleConnectionTimeout=milliseconds

Idle connection timeout, in milliseconds.

--agentIdleOutboundConnectionTimeout=seconds

Idle time after which an outbound connection is closed, in seconds.

--agentIdlePostRunnerTimeout=seconds

Idle time after which a PostRunner thread is terminated, in seconds.

--agentIdleServerRequestWorkerTimeout=seconds

Idle time after which a ServerRequestWorker thread is terminated, in seconds

--agentIdleWorkerTimeout=seconds

Idle time after which a Worker thread is terminated, in seconds.

--agentInitMemory=percent

Initial java heap size as a percentage of the total system memory.

--agentInitMemoryMB=size

Initial java heap size in MB.

--agentKeyFile=path

Location of the key file used by the agent to support SSL connections from the server.

--agentKeystore=path

Location of the keystore file used by the agent to su