Silent installation method for UNIX or macOS agents

3 minute readReferenceAutomationExtensibility

The agent software must be installed on each machine you intend to use with CloudBees CD/RO. An agent is a CloudBees CD/RO component that runs on a machine resource. The agent executes CloudBees CD/RO job steps, monitors step progress, and records job completion information.

This section describes how to install agents and tools silently on UNIX (not Linux or Windows) machines. macOS agent upgrades are not supported on this platform.

You can install agents using any of the following accounts:

  • root

  • Any account with sudo privileges

  • (UNIX or macOS only) Any non-root account without sudo privileges

Silent installation command arguments

The following table lists the available arguments.

Argument Description

-q

Runs the installer in silent mode. The default installation options are used unless you override them on the command line or in an installation configuration file.

--nonRoot

(UNIX or macOS only) Runs the installer using a non-root account without sudo privileges. The agent service will run as the user that performed the installation.

Agents installed by root or using sudo can be upgraded only by root or using sudo. You cannot use --nonRoot to upgrade such agents.

-f

Removes and replaces any existing files in the destination directory. This argument completely removes the directory but does not uninstall the previous version. For details about upgrades, see Upgrade on traditional platforms.

--config

Specifies a file containing installation parameters and values.

Running a silent installation

CloudBees does not recommend running the installer without root or sudo privileges. When run without root or sudo privileges, the installer cannot install the files that provide automatic start for the agent services, so you must configure automatic restart manually.

To run a silent UNIX or macOS agent installation:

  1. Obtain the UNIX or macOS installer file for your agent platform as described in Non-server installation for UNIX agents.

  2. If you are not installing as a non-root user without sudo privileges, log in as root or as a user with sudo privileges.

  3. Run chmod +x ./commander_<OStype>.bin to ensure that the installer is executable.

  4. Run commander_<OStype>.bin -q <arguments> where <OStype> is the agent platform.

    For security, CloudBees recommends not installing an agent on the server host or giving any agents access to the server file system. Doing so may give an agent access to sensitive files such as the server passkey, database configuration, and other system resources allotted to CloudBees CD/RO.

    If the agent is installed on the server host or given access to the server file system, CloudBees strongly recommends using separate users for server and agent services, so it is possible to prevent the agent from accessing sensitive files. Using the same user for both services also gives agents the same access permissions as the server user.

    CloudBees strongly recommends not running agents as sudo or ROOT users in production, or long-lived development and testing environments. Running agents with these privileges poses significant security risks, as they have unlimited ability to execute operations which can be used to access any file on the agent host, or modify the configuration of that host.

    Assign CloudBees CD/RO agent users only the necessary privileges to perform their functions, following the Principle of Least Privilege (PoLP). This helps to prevent permission escalation and data exposure should an agent become compromised.

    For more information on how to mitigate agent security risks, refer to Agent security recommendations.

    For installation using a non-root account without sudo privileges, you must include the --nonRoot argument. Failure to do so causes the following error:

    This installer must be invoked in a root context. ERROR: Install failed. Exiting installer.

Example parameters in an installation configuration file

Following is an example of parameters in a configuration file for silent installation of agents using root or an account with sudo privileges:

ec_INSTALL_TYPE=agent DESTINATION_DIR="/opt" AGENT_USER_TO_RUN_AS="bill jones" AGENT_GROUP_TO_RUN_AS=engineering EC_AGENT_PORT=7800 EC_AGENT_LOCAL_PORT=6800

Following is an example of parameters in a configuration file for silent installation of tools using root or an account with sudo privileges:

ec_INSTALL_TYPE=tools DESTINATION_DIR="/opt" USER_TO_RUN_AS=sally GROUP_TO_RUN_AS=engineering