Introduction
Introduction
IntroductionInstall CloudBees CD/RO within KubernetesConfigure Helm chartsKubernetes platform-specific configurationsKubernetes configuration optionsConfigure IP protocols for Helm chart componentsConfigure GitOps with Helm chartsVerify Helm chartsCreate custom Docker imagesVerify Docker images
IntroductionInstallation user requirementsInstallation typesDefault installation directoriesVerify installation binariesAgent security recommendations
IntroductionInstall a default configurationInstall a custom configurationRun an express agent GUI installationRun an express GUI installation (agent-only installer)Run an advanced GUI installation (agent-only installer)Install CloudBees Analytics
IntroductionRun an express server command-line installationRun an advanced command-line installationRun an express agent command-line installationExpress agent command-line installation (agent-only installer)Advanced command-line installation (agent-only installer)Install the CloudBees Analytics server with the interactive command-line installer
IntroductionRun a silent installationSilent installation argumentsLinux silent installation examplesWindows silent installation examplesCloudBees Analytics server unattended installation
IntroductionUNIX agent interactive command-line installationSilent installation method for UNIX or macOS agents
IntroductionPrerequisitesPermissions to install or upgrade remote agentsInstall remote agents using the web interfaceInstall via the API
CloudBees Tools installation
Move the artifact repository in LinuxMove the artifact repository in Windows
Connect CloudBees CD/RO to a Microsoft SQL server
Install the MySQL JDBC connector
IntroductionUninstall CloudBees CD/RO on Linux, Unix, or macOSUninstall on WindowUninstall the CloudBees Analytics server on LinuxUninstall the CloudBees Analytics server on Windows
IntroductionZones and gatewaysConfigure custom CAs and CRLs in non-clustered environmentsConfigure custom CAs and CRLs in clustered environmentsConfigure agent environment variablesLicensesCreate and manage usersEdit user settingsCreate and manage groupsPersonasConfigure an external databaseConfigure CloudBees CD/RO to use an alternate databaseInstall services for non-root/non-sudo Linux installationsConfigure autostart for non-root/non-sudo Linux installationsConfigure universal access to the plugins directoryConfigure an environment proxy serverSystem health monitoringIncrease file descriptors on Linux and Linux Docker containersAdjust swappiness on LinuxSet variables on Windows agent machinesServer propertiesServer settingsSource code synchronization
IntroductionConfigure initial events for Workload InsightsConfigure OpenSearch Dashboards to work with CloudBees Analytics
IntroductionArchitecture of a CloudBees CD/RO clusterResource, agent, and procedure considerationsSoftware for clusteringDependencies for clusteringConfigure clusteringSeparate agents from CloudBees CD/RO serversPrepare your cluster resourcesInstall and configure a load balancerInstall ZooKeeperConfigure a multi-ZooKeeper clusterInstall CloudBees CD/RO softwareConfigure repository serversConfigure machines to operate in clustered modeRun a cluster in single-server modeAdd the configuration to ZooKeeperUpload configuration files to ZooKeeperGet cluster information from ZooKeeperAdd a node to an existing clusterConfigure web server propertiesConfigure repository server propertiesConfigure CloudBees CD/RO agentsConfigure the cluster workspaceConfigure CloudBees CD/RO repositoriesAdd trusted agents to clustersVerify CloudBees CD/RO servicesAccess CloudBees CD/RO with clusteringHealth check for the CloudBees CD/RO clusterAdditional ways to improve a clusterInstall the CloudBees Analytics server in cluster modeUse self-signed certificates in CloudBees CD/RO on KubernetesConfigure Disaster Recovery and recover from a disaster
Sign in to CloudBees CD/ROAccess the Home pageMy work dashboardGuided tutorialsLearn about the object modelSearch and filter
IntroductionIntrinsic properties listed by object typeReserved words in CloudBees CD/ROObject types in CloudBees CD/ROSpecial characters in CloudBees CD/RO object namesContext-relative shortcuts to property pathsProperty error codesConfigure properties or property sheetsProperty BrowserProperty reference use case
IntroductionResource poolsCreate or edit resource pools
IntroductionView workspacesCreate or edit workspacesWorkspace file
IntroductionCreate a projectSchedules
IntroductionPipeline stages and gatesPipeline access controlPipeline tasksUse the CloudBees CD/RO API to define tasksDefine manual tasksEntry and exit gatesPipeline conditionsPipeline start and end stages and stage skippingWait dependenciesNative CI integrationPipeline UIAuthor and run pipelinesDefine stage gate rulesPipeline objects and conditionsPipeline stage summaryCredentials in pipelinesRun pipelinesView pipeline runsExample: Create a manual task in a pipelineExample: Plugin pipeline tasksExample: Integrate test automation in release pipelinesExample: Leverage test data management and service virtualization in release pipelines
IntroductionRelease planning, scheduling, and trackingRelease and environment reservations calendarVisibility and status of release pipelinesRelease definitionDeploy with Argo RolloutsRelease dashboardPlanned versus actual view for pipeline statusPath to production viewRelease summaryRun and end releases
Introduction
IntroductionManage procedure runsProcedure run detailsUsing CloudBees CD/RO in your environmentJob step executionPostprocessors: Collecting data for reports
IntroductionWorkflow listsCreate or edit workflow definitionsWorkflow definition detailsRun workflowWorkflow detailsWorkflow LogTransition workflow
Introduction
IntroductionCreate and manage applicationsApplication process run detailsCreate application processesAdd process stepsProcess branchingConfigure plugin process stepsDefine manual stepsExample: Manual step with runtime parametersAttach credentials to processesFull-stack dependency viewApplication deployment optionsConfiguration drift
IntroductionMaster component examplesMaster components list
Introduction
IntroductionStage artifactsCapture snapshotsApplication rollbackManage dependencies
IntroductionCreate environmentsDefine environment tier mapsInventory trackingEnvironment inventoryGlobal environment inventoryEnvironment reservationsLock environmentsModel dynamic environmentsAutomated environment discoveryCreate a deployment task to trigger third-party toolsGenerate a deployment packageExample: Dynamic environment with Amazon and ChefExample: Deploy and troubleshoot applicationsExample: Deploy applications with provisioned cloud resourcesExample: Implement deployment strategies
IntroductionArtifactsArtifact versionsRepositories
Create object tagsCreate object schedules
IntroductionConfigure webhook triggersConfigure polling triggers
IntroductionConfigure email notificationsSelect and edit email messages for application or microservice processes
Introduction
IntroductionInstall CloudBees CD/RO pluginsCreate plugin configurationsManage pluginsCreate pluginsManage the plugin catalog

System access control objects

3 minute readAutomation

There are special system objects that contain access control lists (ACLs) related to the overall CloudBees CD/RO system administration. These ACLs are available from the Administration  System access control page.

You can use the search field to quickly locate object categories and descriptions.

The system objects are:

Table 1. CloudBees CD/RO system access control objects
System access control object Description

Administration

  • The Read permission allows access to the getStatus, getDatabaseConfiguration[s], getEmailConfig[s], and export (global) API functions.

  • The Modify permission allows access to the shutdown, setDatabaseConfiguration, createEmailConfig, deleteEmailConfig, modifyEmailConfig, and import (global) API functions.

  • For change tracking, the Read, Modify, and Execute permissions allow you to revert changes to a tracked object and its tracked contents in the UI or access the revert API function.

Artifact connectors

The Modify permission allows access to the createArchiveConnector, deleteArchiveConnector, getArchiveConnector, getArchiveConnectors, and modifyArchiveConnector API functions.

Artifacts

  • The Read permission allows access to the getArtifact API functions.

  • The Modify permissions allows access to createArtifact and deleteArtifact API functions.

CI Configurations

  • The Read permission allows access to the getCIConfiguration[s] API function.

  • The Modify permission allows access to the createCIConfiguration, modifyCIConfiguration, and deleteCIConfiguration API functions.

Data Retention Policies

The Modify permission allows access to the createDataRetentionPolicy, deleteDataRetentionPolicy, getDataRetentionPolicy, getDataRetentionPolicies, and modifyDataRetentionPolicy API functions.

DevOps Insight Server Configuration

The Modify permission allows access to the DevOps Insight Server Configuration settings.

Directory

  • The Read permission allows access to the getUsers, getGroups, and getDirectoryProviders API functions.

  • The Modify permission allows access to the createUser, createGroup, deleteUser, deleteGroup, createDirectoryProvider, modifyDirectoryProvider, deleteDirectoryProvider, testDirectoryProvider, and moveDirectoryProvider API functions.

DSL Client Files

The Execute permission allows access to the /queue/dsl.clientFiles queue, to store client files for evalDsl API functions.

Email Configurations

The Modify permission allows access to the createEmailConfig and deleteEmailConfig API functions.

Force Abort

The Execute permission allows access to the --force flag on the abortJob API function. By default, the ACL is created with the Everyone: Execute permission in addition to inheriting from the server. To force a job to abort, the user must have the Execute permission on the job and on the forceAbort ACL.

Licensing

  • The Read permission allows access to the getLicense[s] API functions.

  • The Modify permission allows access to the importLicenseData and deleteLicense API functions.

  • The Execute permission allows access to the getAdminLicense API function.

Logging

The Modify permission allows access to the logMessage API function.

Personas

The Modify permission allows access to the personas API functions.

Plugins

The Modify permission allows access to the createPlugin, deletePlugin, installPlugin, promotePlugin, and uninstallPlugin API functions.

  • The modifyPlugin API function requires the Modify permission on the target plugin.

  • The getPlugin API function requires the Read permission on the target plugin.

Priority

The Execute permission allows the user who launches a procedure using the runProcedure API function to raise the priority of the job.

Projects

The Modify permission allows access to the createProject and deleteProject API functions.

Report Object Types

The Modify permission allows access to the createReportObjectType, deleteReportObjectType, getReportObjectType, getReportObjectTypes, and modifyReportObjectType API functions.

Repositories

  • The Read permission allows access to the getRepository API function.

  • The Modify permission allows access to the createRepository, deleteRepository, modifyRepository, and moveRepository API functions.

Resources

The Modify permission allows access to the createReource and deleteResource API functions.

Search Filters

The Execute permission allows access to the SearchFilters settings.

Session

The Execute permission allows access to the login API function.

SSO Configuration

The Modify permission allows access to the Kerberos configuration settings.

Tags

The Execute permission allows access to the tags API function.

Workspaces

The Modify permission allows access to the createWorkspace and deleteWorkspace API functions.

Zone and gateways

The Modify permission allows access to the createZone and deleteZone API functions. It also allows access to the deleteResource API function when the resource belongs to a gateway.

To move a resource from one zone to another using the modifyResource API function, you must have Modify privileges on both the old and new zones and also on the resource you want to move.

Server access control

Server access control is a CloudBees CD/RO system top-level object. Every other object in the system is contained in the server object and inherits access control information from the server object unless inheritance is broken. Select Server access control to open the page to view and set privileges.

Introduction
View and change access control privileges on objects