This section details how to install a custom configuration, which lets you install individual CloudBees CD/RO components such as a CloudBees CD/RO server, built-in database, web server, repository server, or CloudBees CD/RO tools on specific machines. You can also change the default installation settings to accommodate your environment. Review Before You Install CloudBees CD/RO before performing this procedure.
-
If you have not already done so, download the full installer file. To download this version, select your required installer:
-
Windows full installer: 2024.09.0.176472
-
Linux full installer: 2024.09.0.176472
-
A Linux graphical environment is required to run the GUI installer.
-
-
For more details on installers, refer to Install CloudBees CD/RO on traditional platforms.
-
For legacy installer downloads, navigate to CloudBees CD/RO downloads.
-
-
Start the installer:
-
Windows:
On Windows, an Administrator user is required to install CloudBees CD/RO. For more information about required user privileges, refer to Windows services user permissions. -
Navigate to the directory where you downloaded CloudBees CD/RO.
-
Double-click the installer. This starts the installer in the GUI-based installation mode.
-
-
Linux:
-
Enter the following command to make the installer file executable:
CommandCurrent versionchmod +x CloudBeesFlow-x64-<version>
chmod +x CloudBeesFlow-x64-2024.09.0.176472
-
Start the installation:
For more information about required user privileges, refer to Linux services user permissions. -
For root or
sudo
installations:-
Navigate to the directory where you downloaded CloudBees CD/RO.
-
Double-click the installer. This starts the installer in the GUI-based installation mode.
-
-
For non-root/non-
sudo
installations, from the terminal, run:CommandCurrent version./CloudBeesFlow-x64-<version> --nonRoot
./CloudBeesFlow-x64-2024.09.0.176472 --nonRoot
A warning about automatic server start-up with non-root/non-
sudo
installations appears. Select Yes to dismiss the warning.
-
-
-
-
Select Install CloudBees CD/RO with a custom configuration option, and select Next to continue. The Components screen appears. All options are selected by default.
The screen examples in this procedure are from a Windows system. Different options will appear in some windows on a Linux system. -
Clear the check boxes for servers that you do not want to install. For details, see Architecture.
Available options are:
-
Server: Installs a CloudBees CD/RO server.
If you uncheck this check box, the Remote CloudBees CD/RO Server screen appears later (shown below). -
Database: Installs the built-in database. This is not recommended for production systems.
Additionally, the built-in database is not supported in a clustered CloudBees CD/RO configuration.
Clear this check box if you plan to use an external database. If you plan to use MySQL, see Installing the MySQL JDBC driver .
-
Web server: Select this check box if you want to install an Apache web server. If you select this option, an agent is also required on this machine and is therefore automatically installed. For details about why local agents are required on web server machines, see Local agent installation requirement for web server machines .
You should not use these local agents to run jobs. -
Repository: Installs a CloudBees CD/RO repository server. If you select this option, an agent is also installed.
-
Agent: Installs CloudBees CD/RO agent software.
-
Tools: Installs CloudBees CD/RO tools. To install only the CloudBees CD/RO tools, clear all the check boxes. This option does not automatically install a CloudBees CD/RO agent, unlike the other options.
Any combination of the following installation screens will appear depending on which servers you install.
Click Next. The Directories screen appears.
-
-
Click Next to continue, or click Browse to specify different directory locations.
The Ports screen with the default CloudBees CD/RO port values appears if you are installing a CloudBees CD/RO, web, or repository server.
-
Complete the information for the Ports screen, and click Next to continue. You can enter alternate port numbers if you need to specify different port values.
The Web Server URL Configuration screen appears if you are installing a web server.
-
Complete the information for the Web Server URL Configuration screen, and click Next to continue.
-
Host Name: Name that users must enter in their browser to access the CloudBees CD/RO web server.
-
Default UI: Determines whether the Deploy UI or the Automation Platform UI appears when users browse to https://<cloudbees-cdro-server> without appending /flow or /commander respectively to the end of the URL. For example, you can configure CloudBees CD/RO so that it opens the Deploy UI whether you browse to https://ecdevopsserver1 or https://ecdevopsserver1/flow.
You can reconfigure this behavior post-installation by using the ecconfigure
--webDefaultUI
option. For details, see theecconfigure
section in CloudBees CD/RO utility and tools.Click Next. If you unchecked the Server check box above, the Remote CloudBees CD/RO Server screen appears.
-
-
Complete the following information on the Remote CloudBees CD/RO Server screen:
-
Server Host Name: Use this field to enter the name of the CloudBees CD/RO server that will communicate with this web server. If the remote server is using a non-default HTTPS port, you must specify the Server Host Name as
<host>:<port>
. If you do not specify a port, HTTPS port 8443 is assumed (the same as the CloudBees CD/RO server default port). -
CloudBees CD/RO User Name: Use this field to enter the name of a CloudBees CD/RO user on the CloudBees CD/RO server who has sufficient privileges to create a resource. This field defaults to the CloudBees CD/RO-supplied
admin
user. -
Password: Use this field to enter the password for the CloudBees CD/RO user. The default password for the
admin
user ischangeme
. -
Discover the plugins directory: Select this check box if you want the web server machine to have access to the plugins directory. You should allow access to the plugins directory so agents have access to collections of features, third-party integrations, or third-party tools.
The plugins directory on the CloudBees CD/RO server must be shared before the web server machine can use discover to find the directory. For more information, see Universal access to the plugins directory. -
Create a resource: Select this check box if you want to create a resource on the remote CloudBees CD/RO server for the web server you are installing.
-
Trusted: Select this check box to restrict this web server to one CloudBees CD/RO server. The web server will not respond to incoming communication from any other CloudBees CD/RO server. This is useful when you want to create a secure production environment, but generally not needed for test or development systems.
-
Resource name: Use this field to enter the name of the name of the resource to use.
-
Workspace Name: Use this field to enter the name of the workspace you would like to use for the web server.
-
Create a repository: Create an artifact repository on this machine.
-
Repository name: Name of the artifact repository to create.
-
Create in default zone: Select this check box if you want to create the agent in the default zone.
-
Agent Gateway URL: Use this field to enter the URL of the gateway used to communicate with the CloudBees CD/RO server. This field is available for use when the Create in default zone check box is cleared.
-
Zone Name: Use this field to enter the name of the zone used during remote agent and/or remote repository creation. This field is available for use when the Create in default zone check box is cleared.
Click Next to continue. The Server Service Account screen appears if you are installing a CloudBees CD/RO, web, or repository server.
-
-
Complete the information on the Server Service Account screen, and click Next to continue.
-
Windows:
-
User Name: Use this field to enter the name of the user who will run the CloudBees CD/RO server, web server, and repository server services.
-
Password : Use this field to enter the password of the user who will run the CloudBees CD/RO server, web server, and repository server services.
-
Domain: Use this field to enter the domain name information for the user. For example, electric-cloud.com. Leave this field blank if this is a local user.
-
Use the local system account: Select this check box if you want the CloudBees CD/RO server, repository server, and web server services to run as the Windows local system account.
The Windows local system account cannot access network resources such as shared file systems used for plugins or workspaces. Therefore, do not use this option for a clustered server deployment, which requires a shared file system for plugins. This option is typically used only for installing agents on numerous machines, which would otherwise require that you create a new account on each of those machines. -
Use the same account for the agent service: Select this check box if you want the agent on the CloudBees CD/RO server machine to run as the same account.
For security, CloudBees recommends not installing an agent on the server host or giving any agents access to the server file system. Doing so may give an agent access to sensitive files such as the server passkey, database configuration, and other system resources allotted to CloudBees CD/RO.
If the agent is installed on the server host or given access to the server file system, CloudBees strongly recommends using separate users for server and agent services, so it is possible to prevent the agent from accessing sensitive files. Using the same user for both services also gives agents the same access permissions as the server user.
CloudBees strongly recommends not running agents as
sudo
orROOT
users in production, or long-lived development and testing environments. Running agents with these privileges poses significant security risks, as they have unlimited ability to execute operations which can be used to access any file on the agent host, or modify the configuration of that host.Assign CloudBees CD/RO agent users only the necessary privileges to perform their functions, following the Principle of Least Privilege (PoLP). This helps to prevent permission escalation and data exposure should an agent become compromised.
For more information on how to mitigate agent security risks, refer to Agent security recommendations.
-
-
Linux:
-
User Name: Use this field to enter the name of the user who owns the CloudBees CD/RO server, repository server, and web server processes.
-
Group Name: Use this field to enter the name of the group who owns the CloudBees CD/RO server, repository server, and web server processes.
-
Use the same account for the agent service: Select this check box if you want the same user and group to own the agent process on the CloudBees CD/RO server machine.
For security, CloudBees recommends not installing an agent on the server host or giving any agents access to the server file system. Doing so may give an agent access to sensitive files such as the server passkey, database configuration, and other system resources allotted to CloudBees CD/RO.
If the agent is installed on the server host or given access to the server file system, CloudBees strongly recommends using separate users for server and agent services, so it is possible to prevent the agent from accessing sensitive files. Using the same user for both services also gives agents the same access permissions as the server user.
CloudBees strongly recommends not running agents as
sudo
orROOT
users in production, or long-lived development and testing environments. Running agents with these privileges poses significant security risks, as they have unlimited ability to execute operations which can be used to access any file on the agent host, or modify the configuration of that host.Assign CloudBees CD/RO agent users only the necessary privileges to perform their functions, following the Principle of Least Privilege (PoLP). This helps to prevent permission escalation and data exposure should an agent become compromised.
For more information on how to mitigate agent security risks, refer to Agent security recommendations.
The Agent Service Account screen appears if you are installing an agent. An agent is automatically installed on the machine to run jobs if you are installing a web or repository server.
If you selected the Use the same account for the agent service check box on the previous screen, you will not see the fields to supply your agent service account information.
-
-
-
Complete the information on the Agent Service Account screen, and click Next to continue.
-
Windows:
-
User Name: Use this field to enter the name of the user who will run the CloudBees CD/RO agent service.
For security, CloudBees recommends not installing an agent on the server host or giving any agents access to the server file system. Doing so may give an agent access to sensitive files such as the server passkey, database configuration, and other system resources allotted to CloudBees CD/RO.
If the agent is installed on the server host or given access to the server file system, CloudBees strongly recommends using separate users for server and agent services, so it is possible to prevent the agent from accessing sensitive files. Using the same user for both services also gives agents the same access permissions as the server user.
CloudBees strongly recommends not running agents as
sudo
orROOT
users in production, or long-lived development and testing environments. Running agents with these privileges poses significant security risks, as they have unlimited ability to execute operations which can be used to access any file on the agent host, or modify the configuration of that host.Assign CloudBees CD/RO agent users only the necessary privileges to perform their functions, following the Principle of Least Privilege (PoLP). This helps to prevent permission escalation and data exposure should an agent become compromised.
For more information on how to mitigate agent security risks, refer to Agent security recommendations.
-
Password: Use this field to enter the password of the user who will run the CloudBees CD/RO agent service.
-
Domain: Use this field to enter the domain name information for the user. For example, electric-cloud.com. Leave this field blank if this is a local user.
-
Use the local system account: Select this check box if you want the CloudBees CD/RO agent service to run as the local Windows system account.
The local system account does not have access to network shares.
-
-
Linux:
-
User Name: Use this field to enter the name of the user who owns the CloudBees CD/RO agent process.
For security, CloudBees recommends not installing an agent on the server host or giving any agents access to the server file system. Doing so may give an agent access to sensitive files such as the server passkey, database configuration, and other system resources allotted to CloudBees CD/RO.
If the agent is installed on the server host or given access to the server file system, CloudBees strongly recommends using separate users for server and agent services, so it is possible to prevent the agent from accessing sensitive files. Using the same user for both services also gives agents the same access permissions as the server user.
CloudBees strongly recommends not running agents as
sudo
orROOT
users in production, or long-lived development and testing environments. Running agents with these privileges poses significant security risks, as they have unlimited ability to execute operations which can be used to access any file on the agent host, or modify the configuration of that host.Assign CloudBees CD/RO agent users only the necessary privileges to perform their functions, following the Principle of Least Privilege (PoLP). This helps to prevent permission escalation and data exposure should an agent become compromised.
For more information on how to mitigate agent security risks, refer to Agent security recommendations.
-
Group Name: Use this field to enter the name of the group that owns the CloudBees CD/RO agent process.
After you click Next, the Security Settings screen appears.
This screen specifies the list of SSL/TLS protocols that will be allowed for CloudBees CD/RO server, repository server, and agent connections using HTTPS. The possible values are any combination of TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello. You must select at least one protocol for each connection.
The default security configurations are as follows:
-
-
First-time CloudBees CD/RO installations: TLSv1, TLSv1.1, and TLSv1.2 are enabled
-
Existing CloudBees CD/RO installations: TLSv1, TLSv1.1, TLSv1.2, and SSLv2Hello are enabled
The default for upgrades from version 8.5 and newer versions is to inherit the settings from the existing installation being upgraded.
CloudBees recommends removing the
SSL 2.0 Client Hello
orSSLv2Hello
protocol from your security configurations for all components. -
Upgrade agents older that fall into this category for security reasons:
-
Windows, Linux: 6.0.3 or older; 6.2 or older
-
Mac OS: 8.4 or older
-
-
If this warning appears on the Automation Platform UI:
Note: We recommend removing `SSL 2.0 Client Hello` format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.
then enter the following command on the CloudBees CD/RO server:
$ ecconfigure --serverTLSEnabledProtocol=TLSv1.2
-
-
Complete the information in the Security Settings screen, and click Next. The Ready to Install screen appears.
-
Review your installation settings. Use the Back button to modify any information if necessary.
-
(Applicable when the CloudBees CD/RO server is enabled for installation) Review information about usage data. Uncheck the Send usage data checkbox if you do not wish to participate.
CloudBees Software Delivery Automation server has the ability to send information about its use, which helps to make CloudBees Software Delivery Automation better and more intuitive. Telemetry collects anonymized aggregated information and does not collect any identifying information like user names. For privacy reasons, you can turn off the ability to send telemetry data to CloudBees.
The Send usage data option appears for new installations or upgrades from versions that didn’t have the ability to send usage data (v10.0 and earlier). -
Click Next to continue.
The installer displays a status bar to show the progress of the installation, which can take up to fifteen minutes. When the install process is complete, the Install Wizard Complete screen appears.
The CloudBees CD/RO server automatically starts when the installation is complete.
-
-
Select the Launch a web browser to login to CloudBees CD/RO check box if you want the CloudBees CD/RO sign-in screen to open.
Click Finish to close the wizard.
-
For non-root/non-sudo Linux installations, configure autostart for the CloudBees CD/RO services.
For instructions, see Configuring services autostart for non-root/non-sudo Linux installations.
If you opted for installation without the built-in database, you are prompted on the sign-in page to configure an external database during CloudBees CD/RO server startup. See External database configuration for further information.