Installation on Kubernetes (PREVIEW)
Introduction
Special-case installations
Installer options
Server topology best practices
Pre-installation checklist
Default installation directories
IntroductionExpress serverAdvanced serverExpress agentExpress Agent-onlyAdvanced Agent-onlyDevOps Insight Server
IntroductionExpress serverAdvanced serverExpress AgentExpress Agent-only (standalone)Advanced Agent-only (standalone)DevOps Insight server installation
IntroductionSilent install overviewSilent install argumentsLinux installation examplesWindows installation examplesLinux repository server installation exampleWindows repository server installation exampleWindows or Linux DevOps Insight server installation example
IntroductionUNIX agent interactive command-lineUNIX agent unattended
IntroductionPrerequisitesPermissionsInstalling via the web interfaceInstalling via the API
Moving the artifact repository in Linux
Moving the artifact repository in Windows
Connecting Flow to a Microsoft SQL server
Installing the MySQL JDBC driver
IntroductionUninstalling CloudBees Flow on Linux, Unix, or macOSUninstalling CloudBees Flow on WindowsUninstalling the CloudBees Flow DevOps Insight Server on LinuxUninstalling the CloudBees Flow DevOps Insight Server on Windows
Signing in to Flow
IntroductionThe Default Zone and Gateways to Remote ZonesApplying an Enterprise License KeyExternal Database ConfigurationConfiguring CloudBees Flow to Use an Alternate DatabaseConfiguring Server and Agent Services Autostart for Non-Root/Non-sudo Linux InstallationsUniversal Access to the Plugins DirectoryConfiguring Single Sign-OnEnvironment Proxy Server ConfigurationIncreasing File Descriptors on LinuxAdjusting Swappiness on LinuxSetting Variables on Windows Agent MachinesConfiguring Kibana to Work With DevOps Insight
IntroductionArchitecture of a CloudBees Flow ClusterResource, agent, and procedure considerationsSoftware for clusteringDependencies for clusteringConfiguring clusteringSeparating agents from flow serversPreparing your cluster resourcesInstalling and configuring a load balancerInstalling zooKeeperConfiguring a multi-zookeeper clusterInstalling Flow softwareConfiguring repository serversConfiguring machines to operate in clustered modeRunning a cluster in single-server modeAdding the configuration to zookeeperUploading configuration files to zookeeperGetting Information on the Flow server cluster from zookeeperAdding a node to an existing clusterConfiguring web server propertiesConfiguring repository server propertiesConfiguring Flow agentsConfiguring the cluster workspaceConfiguring Flow repositoriesAdding trusted agents to clustersVerifying Flow servicesAccessing Flow with clusteringHealth check for the Flow clusterAdditional Ways to improve a clusterInstalling the DevOps Insight server in cluster modeDisaster recovery
IntroductionCloudBees Flow server backupsRestoring a Flow ServerSwitching to an alternate databaseSwitching to the built-in databaseMaintaining DevOps Insight server dataApache web server or agent certificatesUsing chkconfigStarting and stopping servers and agents manuallyCollecting Flow logsWeb interface online help system
IntroductionCloudBees Flow ArchitectureRoadmap to CloudBees FlowPlugins and Cloudbees Field-Contributed SolutionsGuided Tutorials
IntroductionSigning in to CloudBees FlowHome PagePersonasAccess ControlMy Work DashboardObject List LayoutObject SchedulesPaginationSearching and FilteringHierarchy MenuProperty BrowserProjects in CloudBees FlowObject Tags
IntroductionApplications and ProcessesEnvironmentsCreating or Editing a Project in the Deploy Web UIParametersMaster ComponentsMaster Component ExamplesMaster Components List UIArtifact StagingRollbackManaging Application or Microservice DependenciesManual Steps and TasksProcess BranchingProperty Reference Use CaseSnapshotsInventory TrackingEnvironment InventoryMicroservice Deployment Using ContainersDeployment PackagesDeployment StrategiesDeployment ExamplesAutomated Environment DiscoveryEnvironment ReservationsFull-Stack Dependency ViewConfiguration Drift
IntroductionGuidelines for Modeling and Deploying Applications in CloudBees FlowExamples: Modeling and Deploying ApplicationsExample: Manual Step with Runtime ParametersAttaching Credentials to Application and Component ProcessesPlugin Process StepsAdding Process Steps
IntroductionModeling Dynamic EnvironmentsDeploying Applications with Provisioned Cloud ResourcesRetiring Dynamic EnvironmentsDynamic Environment Example with Amazon and ChefDeveloper Task: Creating Custom Plugins
IntroductionPipeline stages and gatesPipeline access controlPipeline tasksEntry and exit gatesPipeline conditionsPipeline start and end stages and stage skippingWait dependenciesEvent-based triggers Pipeline UI
IntroductionDefining gate approvalsPipeline objects and conditionsPipeline stage summaryCredentials in pipelinesRunning pipelinesViewing pipeline runsTroubleshooting pipelines
IntroductionExample: Creating a manual task in a pipelineExample: plugin pipeline tasksExample: integrating test automation in release pipelinesExample: leveraging test data management and service virtualization in release pipelines
IntroductionRelease ConceptsRelease Planning, Scheduling, and TrackingRelease and Environment Reservations CalendarVisibility and Status of Release PipelinesRelease DefinitionRelease DashboardPlanned Versus Actual ViewPath to Production ViewRelease SummaryRunning and Ending Releases
Data Retention
IntroductionPerformance consequences of change trackingEstimating database growthBest practices for change trackingConfiguring change trackingSearching the change historyViewing the change historyModifying what you see in the change historyReverting changes to a tracked object and its tracked contentsExporting a previous state of a tracked object and its tracked contents
Self-Service Catalogs
IntroductionSetting Email NotificationsSelecting and Editing Email Messages for Application or Microservice Processes
Plugin list
Introduction
Build-Test Automation
IntroductionScenario 1 - Creating a simple procedureScenario 2 - Creating a procedure that uses an SCMScenario 3 - Notification, scheduling, and reportingScenario 4 - Multi-agent build and test
IntroductionAutomation Platform Home PageCustomizing the Automation Platform UIConfiguring CloudBees FlowUsing Cloudbees Flow in Your EnvironmentCloudBees Flow Installed Tools
IntroductionAccess ControlDefining entriesPrivileges - create new or edit existing privilegesArtifactsArtifact detailsCreate new or edit existing artifactArtifact versionsArtifact version detailsEdit an existing artifact versionRepositoriesCreate new or edit existing repositoriesEmail configurationsCreate new or edit existing email configurationsEmail NotifiersProcedure DetailsCreate new or edit existing procedureCreate new or edit existing stepPublish Artifact Version stepRetrieve Artifact Version stepSend Email stepNew Extract Preflight Sources stepParameter - create new or edit existing parameterProjectsCreate new or edit existing projectProject DetailsRun ProcedureCreate new or edit existing scheduleCreate new or edit existing credentialProperty - create new or edit existing propertyNested Property SheetReportsCreate a new reportSearching and FilteringSearch ResultsSource Control ConfigurationsCreate new or edit existing configurationsUsersUsers and GroupsCreate new or edit existing local userUser DetailsEdit User SettingsGroupsCreate new or edit existing groupGroup DetailsDirectory ProvidersCreate new or edit existing directory providersSingle Sign-OnTest Directory ProviderWorkflowsWorkflow Definition - create new or edit exiting workflow definitionWorkflow Definition DetailsRun WorkflowWorkflow DetailsWorkflow LogTransition WorkflowWorkspacesWorkspace - create new or edit existing workspaceWorkspace fileDatabase ConfigurationDefect Tracking ConfigurationsDefect Tracking - create new or edit existing configurationDefect Tracking ReportsEvent LogHome PageJob ConfigurationShortcutsJobs Quick ViewNew ReportJobsJob Step DetailsLicensesView LicenseImport LicensePlugin ManagerResources/PoolsResource PoolsResource Pool - create new or edit existing poolResource Pool DetailsZonesGatewaysServerSettings - edit existing property settings
IntroductionAccess ControlArtifact ManagementAuthenticating Users for LDAP and Active DirectoryAuto-DiscoveryDefect TrackingElectricSentryJob Step Execution EnvironmentPreflight BuildsPropertiesPostprocessorsReportsWorkflow OverviewWorkspaces and Disk Space Management
IntroductionAdding a Link to a JobCalling a SubprocedureChecking the Outcome of Preceding StepsConditional ExecutionCustom Parameter LayoutsEmail NotificationsExecuting Tasks on All Resources in a PoolFactory ProceduresPostp ExtensionPublishing and Retrieving an ArtifactReserving a Resource for the Job Step DurationRunning Steps in ParallelStep Timeouts and Steps That Always RunStoring and Retrieving Properties in a JobWorking with Properties Stored in a Procedure
Using Special Characters in Object Names

CloudBees Flow Installed Tools

35 minute read
Tool Name Description

eccert

A command-line tool used to manage the CloudBees Flow Certificate Authority (CA) and the certificates configured in CloudBees Flow Server and CloudBees Flow Agent installations.

ecconfigure

A command-line tool that can change configuration values for any locally installed CloudBees Flow server, web, agent, or repository service. ecconfigure is a more user-friendly mechanism for configuring aspects of CloudBees Flow that would otherwise require manual configuration file updates. ecconfigure actually manipulates relevant service configuration files on your behalf.

ecdaemon

A "wrapper" program that can be used to start another program from a CloudBees Flow job step—the "started" program will run as a daemon process. The CloudBees Flow agent uses the facilities of the underlying operating system to make sure the process runs in a separate process group on a UNIX-based system, or outside of the normal "Windows Job" grouping in a Windows system. In either case, the CloudBees Flow agent does not treat the process as one it should wait for or one it should try to "kill" if CloudBees Flow needs to abort the step.

ecproxy

A driver script with built-in support for SSH. Every major operation can be overridden by defining a Perl function in the Proxy Customization field on the New Proxy Resource panel, available from the Resources page.

ecremotefilecopy

When CloudBees Flow agents (on platforms other than Linux or Windows) run steps that create log files in a workspace the CloudBees Flow web server cannot access (through Linux or Windows agents), use ecremotefilecopy to recreate job logs so they are visible on those CloudBees Flow agents, which then enables the web server to retrieve and render those log files.

ZKConfigTool

A command-line tool that imports your CloudBees Flow database configuration information into your ZooKeeper server.

ClusterInfoTool

A command-line tool that displays information on the running CloudBees Flow server cluster from ZooKeeper.

eccert

A command-line tool used to manage the CloudBees Flow Certificate Authority (CA) and the certificates configured in CloudBees Flow Server and CloudBees Flow Agent installations.

Do not use eccert as sudo, which would change the ownership of the configuration files (such as the keystore file) to the root user. These files must be owned by the user who starts the CloudBees Flow services.

Usage

eccert [ options ] command [ arg …​ ]

Commands

addTrustedServer crt

Add a server CA certificate to the agent’s keystore.

getCRL

Retrieve the contents of the current certificate revocation list.

initAgent [ --local | --remote ] [ options ]

Initialize the agent keystore with a new public/private key pair. Generates the agent certificate signing request. If run on the server host, the certificate will automatically be signed by the server CA, and the CA certificate and the signed agent certificate are installed in the agent’s keystore. If run on a non-server host, the signing request is left in the agent directory. If CA Cert is provided, the CA certificate is installed in the agent’s keystore.

--local

Use the local server CA to sign the agent certificate.

--remote

Connect to a remote CloudBees Flow server to sign the agent certificate.

--force

Replace any existing keystore.

--cname name

Use the specified name as the common name (CN) in the agent certificate subject. This is normally the fully qualified domain name used by clients to connect to the agent.

--altNames entries

Use the specified list of entries (comma or space separated) as the subjectAlternateNames list in the agent certificate. Simple names are interpreted as dns entries. Entries may begin with "dns:" or "ip:" to indicate the type (for example, ` "ip:192.168.0.1"` or "dns:myHost" ). If no entries are specified, then reverse DNS is used to look up the registered names of the host’s IP addresses.

initCA

Initialize the server CA. Creates a new CA key and certificate.

initServer [ options ]

Initialize the server keystore. Creates and signs the server certificate. Installs the CA certificate and the signed server certificate into the server’s keystore.

--force

Replace any existing keystore.

--cname name

Use the specified name as the common name (CN) in the server certificate subject. This is normally the fully qualified domain name used by clients to connect to the server.

--altNames entries

Use the specified list of entries (comma or space separated) as the subjectAlternateNames list in the server certificate. Simple names are interpreted as dns entries. Entries may begin with "dns:" or "ip:" to indicate the type (for example, "ip:192.168.0.1" or "dns:myHost" ). If no entries are specified, then reverse DNS is used to look up the registered names of the host’s IP addresses.

list [ --agent | --server | --index [ --verbose ]

Display certificate information for agent and/or server keystores or the CA certificate index. If no options are specified, both the agent and server keystores are listed.

--agent

List the contents of the agent keystore.

--server

List the contents of the server keystore.

--index

List the contents of the CA issued certificates index.

--verbose

Display additional details.

refreshCRL

Refresh the certificate revocation list from the CloudBees Flow server.

revoke index

Revoke a previously issued certificate by index.

signCertificate csr crt

Sign the certificate signing request provided in file csr and write the signed result to the file crt. The request is rejected by the CA if there is a matching certificate already in the CA database.

updateAgentCertificate crt

Install a previously signed certificate crt into the agent’s keystore.

Server Communication Options

--server host

Address of the CloudBees Flow server. Defaults to the value of the COMMANDER_SERVER environment variable. If that does not exist,it defaults to localhost.

 
--securePort port

HTTPS listener port on the server. Defaults to 8443.

Global Options

--help

Print the Help message.

 
--version

Print the version message.

Examples

Example 1: Configure an agent to talk to any server (untrusted mode)

This example generates a new self-signed certificate for the agent and recreates the keystore with no trusted authorities.

    $ eccert initAgent -force
    Generating keys
    Generating certificate request
        cname=<myAgent.example.com
        san=<dns:myAgent.example.com

Example 2: Configure an agent to accept connections only from a single remote CloudBees Flow server

This example generates a new certificate for the agent that is signed by the remove server’s certificate authority and installs the signed certificate and its associated trust chain in the agent’s keystore. After this point, the agent will only accept requests from the specified server and will be used as a trusted resource by the server.

    $ ectool --server myserver login admin pw
    $ eccert --server myserver initAgent -remote
    Generating certificate request
        cname=<myAgent.example.com
        san=<dns:myAgent.example.com
    Asking server 'myserver' to sign certificate
    Importing 'CA:myserver.example.com' certificate
    Importing 'jetty' certificate

Example 3: Configure a CloudBees Flow server with additional host names in the certificate

This example regenerates the CloudBees Flow Server Certificate, the specified common name, and alternate subject names to allow trusted connections with multiple external dns names.

    $ eccert initServer --force --cname "myServer.example.com" --altNames "myServer,server2.example.com"
    Generating keys
    Generating certificate request
        cname=<myserver.example.com
        san=<dns:myserver,dns:server2.example.com
    Signing server certificate
    Importing 'CA:myserver.example.com' certificate
    Importing 'jetty' certificate

ecconfigure

A command-line tool for changing values in configuration files for any locally-installed CloudBees Flow server, web server, repository server, or agent. ecconfigure is an easier way to configure CloudBees Flow settings than manually editing configuration files.

ecconfigure Command Syntax

ecconfigure [<options>]

Agent Configuration Options

Option Description

--agentAcceptQueueSize=max

The maximum number of pending connections the agent will queue up.

--agentArtifactCache=path

The directory containing cached artifactVersions.

--agentCaFile=path

A single file containing multiple CA certificates.

--agentCaPath=path

A directory containing a file for every CA, where each file’s name is the CA subject name hash value.

--agentCertFile=path

Location of the certificate file used by the agent to support SSL connections from the server.

--agentCrlFile=relativepath

Relative path of the file containing the agent’s certificate revocation list for SSL.

--agentDomainName=domain

The domain name that the agent uses for fully-qualified names.

--agentDuplicateDetectionListSize=size

The size of the list of recently seen requests used in duplicate request detection.

--agentEnableProxySettings=<1|0>

Enable (1) or disable (0) the proxy server configuration. If enabling for the first time, --agentProxyHost and --agentProxyPort must be specified.

--agentIdleConnectionTimeout=milliseconds

Idle connection timeout, in milliseconds.

--agentIdleOutboundConnectionTimeout=seconds

Idle time after which an outbound connection is closed, in seconds.

--agentIdlePostRunnerTimeout=seconds

Idle time after which a PostRunner thread is terminated, in seconds.

--agentIdleServerRequestWorkerTimeout=seconds

Idle time after which a ServerRequestWorker thread is terminated, in seconds

--agentIdleWorkerTimeout=seconds

Idle time after which a Worker thread is terminated, in seconds.

--agentInitMemory=percent

Initial java heap size as a percentage of the total system memory.

--agentInitMemoryMB=size

Initial java heap size in MB.

--agentKeyFile=path

Location of the key file used by the agent to support SSL connections from the server.

--agentKeystore=path

Location of the keystore file used by the agent to support SSL connections from the server.

--agentKeystorePassword=password

Password used to access the agent’s keystore.

--agentLoadProfile=<true|yes|1|false|no|0>

Enable (1) or disable (0) loading the impersonated user’s profile for impersonation steps if on Windows.

--agentLocalPort=port

Port used by the Commander agent for http communication on the localhost network interface.

--agentLogFile=path

Path where the C++ agent log file should be written.

--agentLogLevel=<TRACE|DEBUG|INFO|WARN|ERROR>

Logging level used by the C++ portion of the agent.

--agentLogMaxFiles=max

Maximum number of log files the C++ agent will accrue.

--agentLogMaxSize=max

Maximum size of each log file from the C++ agent. The value may be suffixed with a unit (MB, KB, B). Without a unit, the value is interpreted as bytes.

--agentMaxConnections=max

Maximum number of network connections for the agent.

--agentMaxConnectionsPerRoute=max

Maximum number of network connections per route for the agent.

--agentMaxHttpThreads=max

Maximum number of threads for handling inbound requests.

--agentMaxLoggedMessageLength=max

Maximum message length, used when logging requests/ responses to/from the CloudBees Flow server.

--agentMaxMemory=percent

Maximum java heap size as a percentage of the total system memory.

--agentMaxMemoryMB=size

Maximum java heap size in MB.

--agentNoProxyHosts=hosts

Comma delimited list of hosts that should be reached directly, bypassing the proxy server.

--agentOutboundConnectTimeout=milliseconds

Timeout for the agent establishing outbound connections, in milliseconds.

--agentOutboundRequestInitialRetryInterval=seconds

Initial delay between retries for sending outbound requests to a server, in seconds.

--agentOutboundRequestMaxRetryInterval=seconds

Maximum delay between retries for sending outbound requests to a server, in seconds.

--agentOutboundRequestTimeout=hours

Timeout after which the agent gives up trying to send a request to a server, in hours.

--agentPluginsDirectory=path

The path used by the agent to get to the plugins directory of the CloudBees Flow server where its resource definition lies.

--agentPort=port

Port used by the Commander agent for https communication on any network interface.

--agentProto=<http|https>

Protocol used internally by the agent.

--agentProtocol=<http|https>

Protocol used by the agent.

--agentProxyHost=host

The IP address of the proxy server.

--agentProxyPort=port

The port of the proxy server.

--agentServerConnectTimeout=seconds

Socket connection timeout for outbound requests to a server, in seconds.

--agentServerReadTimeout=seconds

Socket read timeout for responses from a server, in seconds.

--agentServerSessionsFile=relativepath

Relative path to the persisted server sessions file.

--agentTLSEnabledProtocol < protocols >

Comma-delimited list of SSL/TLS protocols that will be allowed for agent connections using HTTPS. The possible values are any combination of TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello.

The default security configurations are as follows:

  • First-time CloudBees Flow installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled

  • Existing CloudBees Flow installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled

We recommend removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations for all components. When you do this, you would also need to upgrade older agents to the latest version to avoid security risks. You would need to upgrade agents if you are using the following agent versions:

  • Windows: 6.0.3 or older

  • Linux: 6.2 or older

  • Sun Solaris, HP UX, Mac OS: 8.4 or older

--agentUnixShellPattern=pattern

Windows-only: ordinarily, the agent creates script-files with CRLF line termination. But some shells on Windows require script files to be LF line-terminated, like Unix. This option sets a regular expression pattern for such shells. Defaults to a pattern that matches sh and