The advanced graphical user interface installation lets you install individual CloudBees Flow components such as a CloudBees Flow server, built-in database, web server, repository server, or CloudBees Flow tools on specific machines. You can also change the default installation settings to accommodate your environment. Review Before You Install CloudBees Flow before performing this procedure.
-
(Linux only) Enter the following command to make the installer file executable:
chmod +x ./CloudBeesFlow-<version>
-
Do one of the following to start the installation:
-
For Linux with root or
sudo
privileges or for Windows installations, double-click the installer file. -
For Linux non-root/non-
sudo
installations, enter:./CloudBeesFlow-<version> --nonRoot
For this installation type, a warning appears.
-
-
For non-root/non-
sudo
installations, click Yes to dismiss the warning.The screen examples in this procedure are from a Windows system. Different options will appear in some windows on a Linux system. -
Select the Advanced installation option, and then click Next to continue.
-
The Components screen appears. All options are selected by default.
-
Clear the check boxes for servers that you do not want to install. For details, see Architecture .
Available options are: * *Server —Installs a CloudBees Flow server.
+ NOTE: If you uncheck this check box, the Remote CloudBees Flow Server screen appears later (shown below).
-
Database —Installs the built-in database. This is not recommended for production systems. include::ROOT:partial$install-trad/built-in-db.adoc[] Clear this check box if you plan to use an external database. If you plan to use MySQL, see Installing the MySQL JDBC Driver .
-
Web server —Select this check box if you want to install an Apache web server. If you select this option, an agent is also required on this machine and is therefore automatically installed. For details about why local agents are required on web server machines, see Local Agent Installation Requirement for Web Server Machines .
You should not use these local agents to run jobs. -
Repository —Installs a CloudBees Flow repository server. If you select this option, an agent is also installed.
-
Agent —Installs CloudBees Flow agent software.
-
Tools —Installs CloudBees Flow tools. To install only the CloudBees Flow tools, clear all the check boxes. This option does not automatically install a CloudBees Flow agent, unlike the other options.
Any combination of the following installation screens will appear depending on which servers you install.
-
-
Click Next.
-
The Directories screen appears. CloudBees Flow uses the default directories to install files and components.
-
Click Next to continue, or click Browse to specify different directory locations.
The Ports screen with the default CloudBees Flow port values appears if you are installing a CloudBees Flow, web, or repository server.
-
Complete the information for the Ports screen, and click Next to continue. You can enter alternate port numbers if you need to specify different port values.
-
The Web Server URL Configuration screen appears if you are installing a web server.
-
Complete the information for the Web Server URL Configuration screen, and click Next to continue.
-
Host Name —Name that users must enter in their browser to access the CloudBees Flow web server.
-
Default UI —Determines whether the Deploy UI or the Automation Platform UI appears when users browse to https://<cloudbees-flow-server> without appending /flow or /commander respectively to the end of the URL. For example, you can configure CloudBees Flow so that it opens the Deploy UI whether you browse to https://ecdevopsserver1 or https://ecdevopsserver1/flow.
You can reconfigure this behavior post-installation by using the ecconfigure
--webDefaultUI
option. For details, see the “ecconfigure” section in CloudBees Flow Installed Tools.
-
-
If you unchecked the Server check box above, the Remote CloudBees Flow Server screen appears.
-
Complete the following information on the Remote CloudBees Flow Server screen:
-
Server Host Name —Use this field to enter the name of the CloudBees Flow server that will communicate with this web server. If the remote server is using a non-default HTTPS port, you must specify the Server Host Name as
<host>:<port>
. If you do not specify a port, HTTPS port 8443 is assumed (the same as the CloudBees Flow server default port). -
CloudBees Flow User Name —Use this field to enter the name of a CloudBees Flow user on the CloudBees Flow server who has sufficient privileges to create a resource. This field defaults to the CloudBees Flow-supplied
admin
user. -
Password —Use this field to enter the password for the CloudBees Flow user. The default password for the
admin
user ischangeme
. -
Discover the plugins directory —Select this check box if you want the web server machine to have access to the plugins directory. You should allow access to the plugins directory so agents have access to collections of features, third-party integrations, or third-party tools.
The plugins directory on the CloudBees Flow server must be “shared” before the web server machine can use “discover” to find the directory. For more information, see Universal Access to the Plugins Directory . -
Create a resource —Select this check box if you want to create a resource on the remote CloudBees Flow server for the web server you are installing.
-
Trusted —Select this check box to restrict this web server to one CloudBees Flow server. The web server will not respond to incoming communication from any other CloudBees Flow server. This is useful when you want to create a secure production environment, but generally not needed for test or development systems.
-
Resource name —Use this field to enter the name of the name of the resource to use.
-
Workspace Name —Use this field to enter the name of the workspace you would like to use for the web server.
-
Create a repository —Create an artifact repository on this machine.
-
Repository name —Name of the artifact repository to create.
-
Create in default zone —Select this check box if you want to create the agent in the default zone.
-
Agent Gateway URL —Use this field to enter the URL of the gateway used to communicate with the CloudBees Flow server. This field is available for use when the Create in default zone check box is cleared.
-
Zone Name —Use this field to enter the name of the zone used during remote agent and/or remote repository creation. This field is available for use when the Create in default zone check box is cleared.
-
-
Click Next to continue.
-
The Server Service Account screen appears if you are installing a CloudBees Flow, web, or repository server.
-
Complete the information on the Server Service Account screen, and click Next to continue.
-
Windows:
-
User Name —Use this field to enter the name of the user who will run the CloudBees Flow server, web server, and repository server services.
-
Password —Use this field to enter the password of the user who will run the CloudBees Flow server, web server, and repository server services.
-
Domain —Use this field to enter the domain name information for the user. For example, electric-cloud.com. Leave this field blank if this is a local user.
-
Use the local system account —Select this check box if you want the CloudBees Flow server, repository server, and web server services to run as the Windows local system account.
NOTE:
-
The Windows local system account cannot access network resources such as shared file systems used for plugins or workspaces. Therefore, do not use this option for a clustered server deployment, which requires a shared file system for plugins. This option is typically used only for installing agents on numerous machines, which would otherwise require that you create a new account on each of those machines. * *Use the same account for the agent service —Select this check box if you want the agent on the CloudBees Flow server machine to run as the same account.
+ For security reasons in production environments, you might want to use a separate account for the agent service because the server account has permission to read the key file ( include::ROOT:partial$install-trad/passkey-dir.adoc[] ). The key file is used to decrypt passwords stored in CloudBees Flow. Using a different account for the agent service ensures that a process running on the agent cannot gain access to the key file. Linux: User Name —Use this field to enter the name of the user who owns the CloudBees Flow server, repository server, and web server processes. Group Name —Use this field to enter the name of the group who owns the CloudBees Flow server, repository server, and web server processes. Use the same account for the agent service —Select this check box if you want the same user and group to own the agent process on the CloudBees Flow server machine.
+ For security reasons in production environments, you might want to use a separate user and group for the agent service because the server service has permission to read the key file ( include::ROOT:partial$install-trad/passkey-dir.adoc[] ). The key file is used to decrypt passwords stored in CloudBees Flow. Using a different user and group for the agent service ensures that a process running on the agent cannot gain access to the key file.
+ The Agent Service Account screen appears if you are installing an agent. An agent is automatically installed on the machine to run jobs if you are installing a web or repository server.
+ IMPORTANT: If you selected the Use the same account for the agent service check box on the previous screen, you will not see the fields to supply your agent service account information.
-
Complete the information on the Agent Service Account screen, and click Next to continue.
-
Windows:
-
User Name —Use this field to enter the name of the user who will run the CloudBees Flow agent service.
The user that the agent runs as must have permission to write to the
$INSTALL_DIRECTORY/log
directory. -
Password —Use this field to enter the password of the user who will run the CloudBees Flow agent service.
-
Domain —Use this field to enter the domain name information for the user. For example, electric-cloud.com. Leave this field blank if this is a local user.
-
Use the local system account —Select this check box if you want the CloudBees Flow agent service to run as the local Windows system account.
The local system account does not have access to network shares. -
Linux:
-
User Name —Use this field to enter the name of the user who owns the CloudBees Flow agent process.
The user/group that the agent runs as must have permission to write to the
$INSTALL_DIRECTORY/log
directory. If you specifyroot
, click Yes at the confirmation. -
Group Name —Use this field to enter the name of the group that owns the CloudBees Flow agent process.
After you click Next, the Security Settings screen appears.
This screen specifies the list of SSL/TLS protocols that will be allowed for CloudBees Flow server, repository server, and agent connections using HTTPS. The possible values are any combination of TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello. You must select at least one protocol for each connection.
The default security configurations are as follows:
-
First-time CloudBees Flow installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled
-
Existing CloudBees Flow installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled
The default for upgrades from version 8.5 and newer versions is to inherit the settings from the existing installation being upgraded.
To avoid the following warning in the Automation Platform web UI, we recommend removing the
SSL 2.0 Client Hello
orSSLv2Hello
protocol from your security configurations for all components:
-
-
We recommend removing SSL 2.0 Client Hello format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.
|
To safely remove this protocol, enter the following command on the CloudBees Flow server:
$ ecconfigure --serverTLSEnabledProtocol=TLSv1,TLSv1.1,TLSv1.2
When you do this, you would also need to upgrade older agents to the latest version to avoid security risks. You would need to upgrade agents if you are using the following agent versions:
-
Windows, Linux: 6.0.3 or older; 6.2 or older
-
Sun Solaris, HP UX, Mac OS: 8.4 or older
-
Complete the information in the Security Settings screen, and click Next. The Ready to Install screen appears.
-
Review your installation settings. Use the Back button to modify any information if necessary.
-
Click Next to continue.
The installer displays a status bar to show the progress of the installation, which can take up to fifteen minutes. When the install process is complete, the Install Wizard Complete screen appears.
The CloudBees Flow server automatically starts when the installation is complete. -
Select the Launch a web browser to login to CloudBees Flow check box if you want the CloudBees Flow sign in screen to open.
-
Click Finish to close the wizard.
-
For non-root/non-
sudo
Linux installations, configure autostart for the CloudBees Flow services.For instructions, see Configuring Services Autostart for Non-Root/Non-sudo Linux Installations .
-